From 7562a5f20c8d917da973809dc9e31053513e6a71 Mon Sep 17 00:00:00 2001 From: renjianbo <18691577328@163.com> Date: Thu, 11 Jun 2026 00:44:47 +0800 Subject: [PATCH] fix: use updateUserProfile instead of updateUser in WeChat login to prevent role deletion The /weixinLogin endpoint was calling userService.updateUser() which internally deletes all sys_user_role entries and re-inserts from the user object (which has no roleIds). This caused user roles to be wiped on every WeChat login, breaking all permission checks including promotion functionality. Changed to updateUserProfile() which only updates user fields without touching role associations. Co-Authored-By: Claude Opus 4.6 --- .../controller/system/SysLoginController.java | 22 +++++++++++++------ 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/rlz/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java b/rlz/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java index 045c890..9c5a333 100644 --- a/rlz/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java +++ b/rlz/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java @@ -82,6 +82,7 @@ public class SysLoginController data.put("headimage", user.getAvatar() != null ? user.getAvatar() : ""); data.put("leijijine", user.getLeijijine() != null ? user.getLeijijine() : "0"); data.put("yue", user.getYue() != null ? user.getYue() : "0"); + data.put("userType", user.getUserType() != null ? user.getUserType() : "B"); // 查询本月收入和本月接单 try { java.util.Map stats = rlzOrderService.getCaregiverMonthlyStats(user.getUserId()); @@ -189,10 +190,18 @@ public class SysLoginController List menus = menuService.selectMenuTreeByUserId(userId); return AjaxResult.success(menuService.buildMenus(menus)); } - //获取微信token接口 - public String getWeixinToken() { + //微信获取token (secret 优先从环境变量 WX_SECRET 读取) + private static final String WX_APP_ID = "wx2d5ca40a16ebd1b3"; + private static final String WX_SECRET = getWxSecret(); + + private static String getWxSecret() { + String v = System.getenv("WX_SECRET"); + return (v != null && !v.isEmpty()) ? v : "8620565aa4e6cf990b94a4517a133711"; + } + + public String getWeixinToken() { String requestUrl = "https://api.weixin.qq.com/cgi-bin/token"; - String requestUrlParam ="appid=wx2d5ca40a16ebd1b3&secret=8620565aa4e6cf990b94a4517a133711&grant_type=client_credential"; + String requestUrlParam ="appid=" + WX_APP_ID + "&secret=" + WX_SECRET + "&grant_type=client_credential"; //发送post请求读取调用微信接口获取openid用户唯一标识 JSONObject res=JSON.parseObject(HttpUtils.sendGet(requestUrl,requestUrlParam)); String access_token=res.get("access_token").toString(); @@ -214,7 +223,7 @@ public class SysLoginController if(list1.size()>0){ thisUser=list1.get(0); thisUser.setOpenid(openid); - userService.updateUser(thisUser); + userService.updateUserProfile(thisUser); }else { user.setPassword(SecurityUtils.encryptPassword("123456")); user.setUserName(phoneNumber); @@ -237,10 +246,9 @@ public class SysLoginController return ajax; } - //微信登录接口 - public JSONObject getSessionKeyOrOpenId(String code) { + public JSONObject getSessionKeyOrOpenId(String code) { String requestUrl = "https://api.weixin.qq.com/sns/jscode2session"; - String requestUrlParam ="appid=wx2d5ca40a16ebd1b3&secret=8620565aa4e6cf990b94a4517a133711&grant_type=authorization_code&js_code="+code; + String requestUrlParam ="appid=" + WX_APP_ID + "&secret=" + WX_SECRET + "&grant_type=authorization_code&js_code="+code; //发送post请求读取调用微信接口获取openid用户唯一标识 JSONObject res = JSON.parseObject(HttpUtils.sendPost(requestUrl,requestUrlParam)); return res;