fix: use updateUserProfile instead of updateUser in WeChat login to prevent role deletion

The /weixinLogin endpoint was calling userService.updateUser() which internally
deletes all sys_user_role entries and re-inserts from the user object (which has
no roleIds). This caused user roles to be wiped on every WeChat login, breaking
all permission checks including promotion functionality.

Changed to updateUserProfile() which only updates user fields without touching
role associations.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
renjianbo
2026-06-11 00:44:47 +08:00
parent 491f6870aa
commit 7562a5f20c

View File

@@ -82,6 +82,7 @@ public class SysLoginController
data.put("headimage", user.getAvatar() != null ? user.getAvatar() : "");
data.put("leijijine", user.getLeijijine() != null ? user.getLeijijine() : "0");
data.put("yue", user.getYue() != null ? user.getYue() : "0");
data.put("userType", user.getUserType() != null ? user.getUserType() : "B");
// 查询本月收入和本月接单
try {
java.util.Map<String, Object> stats = rlzOrderService.getCaregiverMonthlyStats(user.getUserId());
@@ -189,10 +190,18 @@ public class SysLoginController
List<SysMenu> menus = menuService.selectMenuTreeByUserId(userId);
return AjaxResult.success(menuService.buildMenus(menus));
}
//获取微信token接口
public String getWeixinToken() {
//微信获取token (secret 优先从环境变量 WX_SECRET 读取)
private static final String WX_APP_ID = "wx2d5ca40a16ebd1b3";
private static final String WX_SECRET = getWxSecret();
private static String getWxSecret() {
String v = System.getenv("WX_SECRET");
return (v != null && !v.isEmpty()) ? v : "8620565aa4e6cf990b94a4517a133711";
}
public String getWeixinToken() {
String requestUrl = "https://api.weixin.qq.com/cgi-bin/token";
String requestUrlParam ="appid=wx2d5ca40a16ebd1b3&secret=8620565aa4e6cf990b94a4517a133711&grant_type=client_credential";
String requestUrlParam ="appid=" + WX_APP_ID + "&secret=" + WX_SECRET + "&grant_type=client_credential";
//发送post请求读取调用微信接口获取openid用户唯一标识
JSONObject res=JSON.parseObject(HttpUtils.sendGet(requestUrl,requestUrlParam));
String access_token=res.get("access_token").toString();
@@ -214,7 +223,7 @@ public class SysLoginController
if(list1.size()>0){
thisUser=list1.get(0);
thisUser.setOpenid(openid);
userService.updateUser(thisUser);
userService.updateUserProfile(thisUser);
}else {
user.setPassword(SecurityUtils.encryptPassword("123456"));
user.setUserName(phoneNumber);
@@ -237,10 +246,9 @@ public class SysLoginController
return ajax;
}
//微信登录接口
public JSONObject getSessionKeyOrOpenId(String code) {
public JSONObject getSessionKeyOrOpenId(String code) {
String requestUrl = "https://api.weixin.qq.com/sns/jscode2session";
String requestUrlParam ="appid=wx2d5ca40a16ebd1b3&secret=8620565aa4e6cf990b94a4517a133711&grant_type=authorization_code&js_code="+code;
String requestUrlParam ="appid=" + WX_APP_ID + "&secret=" + WX_SECRET + "&grant_type=authorization_code&js_code="+code;
//发送post请求读取调用微信接口获取openid用户唯一标识
JSONObject res = JSON.parseObject(HttpUtils.sendPost(requestUrl,requestUrlParam));
return res;