aidlab/aida_back
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUGFIX:编辑子账号邮箱时积分回流策略有漏洞

Browse Source
This commit is contained in:
xupei
2025-08-27 11:41:07 +08:00
parent c3cbb61c16
commit ee551a0be2
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/com/ai/da/controller/AccountController.java
View File

@@ -302,7 +302,7 @@ public class AccountController {
@ApiOperation(value = "子账号删除") @ApiOperation(value = "子账号删除")
public Response<Boolean> deleteSubAccount(@Valid @RequestBody AddSubAccountDTO addSubAccountDTO) { public Response<Boolean> deleteSubAccount(@Valid @RequestBody AddSubAccountDTO addSubAccountDTO) {
// return Response.success(accountService.deleteSubAccount(addSubAccountDTO)); // return Response.success(accountService.deleteSubAccount(addSubAccountDTO));
accountService.removeSubAccount(addSubAccountDTO, true); accountService.removeSubAccount(addSubAccountDTO);
return Response.success(); return Response.success();
} }

2
src/main/java/com/ai/da/service/AccountService.java
View File

@@ -205,7 +205,7 @@ public interface AccountService extends IService<Account> {
Boolean deleteSubAccount(AddSubAccountDTO addSubAccountDTO); Boolean deleteSubAccount(AddSubAccountDTO addSubAccountDTO);
void removeSubAccount(AddSubAccountDTO addSubAccountDTO, boolean returnCredits); void removeSubAccount(AddSubAccountDTO addSubAccountDTO);
PageBaseResponse<Account> subAccountList(SubAccountPageDTO subAccountPageDTO); PageBaseResponse<Account> subAccountList(SubAccountPageDTO subAccountPageDTO);

8
src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
View File

@@ -2547,7 +2547,7 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
// BigDecimal creditsUsage = exAccountInfo.getCreditsUsage(); // BigDecimal creditsUsage = exAccountInfo.getCreditsUsage();
addSubAccountDTO.setCreditsUsage(exAccountInfo.getCreditsUsage()); addSubAccountDTO.setCreditsUsage(exAccountInfo.getCreditsUsage());
// 这里移除原账号,但是积分不回流,机构分配的积分会由下一个账号继续持有(包括积分上限和已使用的积分都保持不变) // 这里移除原账号,但是积分不回流,机构分配的积分会由下一个账号继续持有(包括积分上限和已使用的积分都保持不变)
removeSubAccount(new AddSubAccountDTO(Collections.singletonList(addSubAccountDTO.getId())), false); removeSubAccount(new AddSubAccountDTO(Collections.singletonList(addSubAccountDTO.getId())));
// 移入新子账号(可能是移入,也可能是新增) // 移入新子账号(可能是移入,也可能是新增)
createSubAccount(addSubAccountDTO, adminAcc, subUserRole); createSubAccount(addSubAccountDTO, adminAcc, subUserRole);
} else { } else {
@@ -2632,7 +2632,7 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
return Boolean.TRUE; return Boolean.TRUE;
} }
public void removeSubAccount(AddSubAccountDTO addSubAccountDTO, boolean returnCredits) { public void removeSubAccount(AddSubAccountDTO addSubAccountDTO) {
Long adminAccId = UserContext.getUserHolder().getId(); Long adminAccId = UserContext.getUserHolder().getId();
Account adminAcc = baseMapper.selectById(adminAccId); Account adminAcc = baseMapper.selectById(adminAccId);
if (Objects.isNull(adminAcc) || (adminAcc.getSystemUser() != 5 && adminAcc.getSystemUser() != 7)) { if (Objects.isNull(adminAcc) || (adminAcc.getSystemUser() != 5 && adminAcc.getSystemUser() != 7)) {
@@ -2667,8 +2667,8 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
log.warn("需要移除账号 {}: {} 不属于当前管理员 {}: {}", id, account.getUserEmail(), adminAccId, adminAcc.getUserEmail()); log.warn("需要移除账号 {}: {} 不属于当前管理员 {}: {}", id, account.getUserEmail(), adminAccId, adminAcc.getUserEmail());
} }
} }
// 是否需要将积分回流 // 将积分回流
if (returnCredits && unusedCreditsTotal.compareTo(BigDecimal.ZERO) != 0){ if (unusedCreditsTotal.compareTo(BigDecimal.ZERO) != 0){
BigDecimal subtracted = adminAcc.getCreditsUsage().subtract(unusedCreditsTotal); BigDecimal subtracted = adminAcc.getCreditsUsage().subtract(unusedCreditsTotal);
adminAcc.setCreditsUsage(subtracted.compareTo(BigDecimal.ZERO) < 0 ? BigDecimal.ZERO : subtracted); adminAcc.setCreditsUsage(subtracted.compareTo(BigDecimal.ZERO) < 0 ? BigDecimal.ZERO : subtracted);
adminAcc.setCredits(adminAcc.getCreditsUsageLimit().subtract(adminAcc.getCreditsUsage())); adminAcc.setCredits(adminAcc.getCreditsUsageLimit().subtract(adminAcc.getCreditsUsage()));