BUGFIX:编辑子账号邮箱时积分回流策略有漏洞

2025-08-27 11:41:07 +08:00
parent c3cbb61c16
commit ee551a0be2
3 changed files with 6 additions and 6 deletions
--- a/src/main/java/com/ai/da/controller/AccountController.java
+++ b/src/main/java/com/ai/da/controller/AccountController.java
@@ -302,7 +302,7 @@ public class AccountController {
    @ApiOperation(value = "子账号删除")
    public Response<Boolean> deleteSubAccount(@Valid @RequestBody AddSubAccountDTO addSubAccountDTO) {
 //        return Response.success(accountService.deleteSubAccount(addSubAccountDTO));
-        accountService.removeSubAccount(addSubAccountDTO, true);
+        accountService.removeSubAccount(addSubAccountDTO);
        return Response.success();
    }

--- a/src/main/java/com/ai/da/service/AccountService.java
+++ b/src/main/java/com/ai/da/service/AccountService.java
@@ -205,7 +205,7 @@ public interface AccountService extends IService<Account> {

    Boolean deleteSubAccount(AddSubAccountDTO addSubAccountDTO);

-    void removeSubAccount(AddSubAccountDTO addSubAccountDTO, boolean returnCredits);
+    void removeSubAccount(AddSubAccountDTO addSubAccountDTO);

    PageBaseResponse<Account> subAccountList(SubAccountPageDTO subAccountPageDTO);

--- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
+++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
@@ -2547,7 +2547,7 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
 //            BigDecimal creditsUsage = exAccountInfo.getCreditsUsage();
            addSubAccountDTO.setCreditsUsage(exAccountInfo.getCreditsUsage());
            // 这里移除原账号，但是积分不回流，机构分配的积分会由下一个账号继续持有（包括积分上限和已使用的积分都保持不变）
-            removeSubAccount(new AddSubAccountDTO(Collections.singletonList(addSubAccountDTO.getId())), false);
+            removeSubAccount(new AddSubAccountDTO(Collections.singletonList(addSubAccountDTO.getId())));
            // 移入新子账号（可能是移入，也可能是新增）
            createSubAccount(addSubAccountDTO, adminAcc, subUserRole);
        } else {
@@ -2632,7 +2632,7 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
        return Boolean.TRUE;
    }

-    public void removeSubAccount(AddSubAccountDTO addSubAccountDTO, boolean returnCredits) {
+    public void removeSubAccount(AddSubAccountDTO addSubAccountDTO) {
        Long adminAccId = UserContext.getUserHolder().getId();
        Account adminAcc = baseMapper.selectById(adminAccId);
        if (Objects.isNull(adminAcc) || (adminAcc.getSystemUser() != 5 && adminAcc.getSystemUser() != 7)) {
@@ -2667,8 +2667,8 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
                log.warn("需要移除账号 {}: {} 不属于当前管理员 {}: {}", id, account.getUserEmail(), adminAccId, adminAcc.getUserEmail());
            }
        }
-        // 是否需要将积分回流
-        if (returnCredits && unusedCreditsTotal.compareTo(BigDecimal.ZERO) != 0){
+        // 将积分回流
+        if (unusedCreditsTotal.compareTo(BigDecimal.ZERO) != 0){
            BigDecimal subtracted = adminAcc.getCreditsUsage().subtract(unusedCreditsTotal);
            adminAcc.setCreditsUsage(subtracted.compareTo(BigDecimal.ZERO) < 0 ? BigDecimal.ZERO : subtracted);
            adminAcc.setCredits(adminAcc.getCreditsUsageLimit().subtract(adminAcc.getCreditsUsage()));