diff --git a/src/main/java/bookstore/action/AdminUserAction.java b/src/main/java/bookstore/action/AdminUserAction.java index 8b074aa..d595372 100644 --- a/src/main/java/bookstore/action/AdminUserAction.java +++ b/src/main/java/bookstore/action/AdminUserAction.java @@ -19,18 +19,18 @@ public class AdminUserAction extends BaseAction { private String password; private String passwordConfirm; private String nickname; - private String avatar; + private String avatar; private String balance; private String role; private String addresses; - + private Object retJson; - + private AppService appService; - + // Getters and setters - + public String getId() { return StringUtil.replaceNull(id); } @@ -118,17 +118,16 @@ public AppService getAppService() { public void setAppService(AppService appService) { this.appService = appService; } - - + // Actions - + public String allUsersView() throws Exception { User user = (User) session().getAttribute("user"); if (user == null) return LOGIN; if (!user.isAdmin()) return "forbidden"; - + setPageTitle("网上书店管理系统 - 用户管理"); setViewProfile(); return SUCCESS; @@ -144,11 +143,11 @@ public String getAllUsers() throws Exception { retJson = new FailureMessage("禁止访问"); return "forbidden"; } - + retJson = appService.getAllUsers(); return SUCCESS; } - + public String getUserDetail() throws Exception { User user = (User) session().getAttribute("user"); if (user == null) { @@ -159,23 +158,23 @@ public String getUserDetail() throws Exception { retJson = new FailureMessage("禁止访问"); return "forbidden"; } - + Validator vd = new Validator(getId(), "编号"); if (!vd.validateNotEmpty() || !vd.validatePositiveInt()) { retJson = vd.getFailureMessage(); return ERROR; } - + UserDetail userDetail = appService.getUserDetailById(Integer.parseInt(getId()), true); if (userDetail == null) { retJson = new FailureMessage("该用户编号不存在。"); return NONE; } - + retJson = userDetail; return SUCCESS; } - + public String addUser() throws Exception { User currentUser = (User) session().getAttribute("user"); if (currentUser == null) { @@ -186,9 +185,10 @@ public String addUser() throws Exception { retJson = new FailureMessage("禁止访问"); return "forbidden"; } - + Validator vd = new Validator(getUsername(), "用户名"); - if (!vd.validateNotEmpty() || !vd.validatePattern("^[-_0-9a-zA-Z]{5,}$", "用户名只能由字母、数字、破折号(-)和下划线(_)组成,且最小长度为 5 个字符。")) { + if (!vd.validateNotEmpty() + || !vd.validatePattern("^[-_0-9a-zA-Z]{5,}$", "用户名只能由字母、数字、破折号(-)和下划线(_)组成,且最小长度为 5 个字符。")) { retJson = vd.getFailureMessage(); return ERROR; } @@ -221,14 +221,14 @@ public String addUser() throws Exception { retJson = vd.getFailureMessage(); return ERROR; } - + if (appService.usernameExists(getUsername())) { retJson = new FailureMessage("用户名 " + getUsername() + " 已经存在。"); return ERROR; } - - retJson = new SuccessMessage(appService.addUser(getUsername(), getPassword(), getNickname(), - getAvatar(), getBalance(), getRole())); + + retJson = new SuccessMessage( + appService.addUser(getUsername(), getPassword(), getNickname(), getAvatar(), getBalance(), getRole())); return SUCCESS; } @@ -242,14 +242,15 @@ public String updateUser() throws Exception { retJson = new FailureMessage("禁止访问"); return "forbidden"; } - + Validator vd = new Validator(getId(), "编号"); if (!vd.validateNotEmpty() || !vd.validatePositiveInt()) { retJson = vd.getFailureMessage(); return ERROR; } vd = new Validator(getUsername(), "用户名"); - if (!vd.validateNotEmpty() || !vd.validatePattern("^[-_0-9a-zA-Z]{5,}$", "用户名只能由字母、数字、破折号(-)和下划线(_)组成,且最小长度为 5 个字符。")) { + if (!vd.validateNotEmpty() + || !vd.validatePattern("^[-_0-9a-zA-Z]{5,}$", "用户名只能由字母、数字、破折号(-)和下划线(_)组成,且最小长度为 5 个字符。")) { retJson = vd.getFailureMessage(); return ERROR; } @@ -279,24 +280,29 @@ public String updateUser() throws Exception { retJson = vd.getFailureMessage(); return ERROR; } - + User user = appService.getUserById(Integer.parseInt(getId())); if (user == null) { retJson = new FailureMessage("该用户编号不存在。"); return NONE; } - + + if (user.getId() == currentUser.getId() && getRole().equals("0")) { + retJson = new FailureMessage("禁止更改当前用户权限。"); + return "forbidden"; + } + if (!getUsername().equals(user.getUsername()) && appService.usernameExists(getUsername())) { retJson = new FailureMessage("用户名 " + getUsername() + " 已经存在。"); return ERROR; } - + appService.updateUser(user, getUsername(), getPassword(), getNickname(), getAvatar(), getBalance(), getRole()); - + retJson = new SuccessMessage(); return SUCCESS; } - + public String deleteUser() throws Exception { User currentUser = (User) session().getAttribute("user"); if (currentUser == null) { @@ -313,19 +319,24 @@ public String deleteUser() throws Exception { retJson = vd.getFailureMessage(); return ERROR; } - + User user = appService.getUserById(Integer.parseInt(getId())); if (user == null) { retJson = new FailureMessage("该用户编号不存在。"); return NONE; } - + + if (user.getId() == currentUser.getId()) { + retJson = new FailureMessage("禁止删除当前用户。"); + return "forbidden"; + } + appService.deleteUser(user); - + retJson = new SuccessMessage(); return SUCCESS; } - + public String getAddress() throws Exception { User currentUser = (User) session().getAttribute("user"); if (currentUser == null) { @@ -336,19 +347,19 @@ public String getAddress() throws Exception { retJson = new FailureMessage("禁止访问"); return "forbidden"; } - + Validator vd = new Validator(getId(), "编号"); if (!vd.validateNotEmpty() || !vd.validatePositiveInt()) { retJson = vd.getFailureMessage(); return ERROR; } - + int userId = Integer.parseInt(getId()); if (appService.getUserById(userId) == null) { retJson = new FailureMessage("该用户编号不存在。"); return NONE; } - + try { retJson = appService.getUserAddress(userId); return SUCCESS; @@ -357,7 +368,7 @@ public String getAddress() throws Exception { return ERROR; } } - + public String updateAddress() throws Exception { User currentUser = (User) session().getAttribute("user"); if (currentUser == null) { @@ -368,19 +379,19 @@ public String updateAddress() throws Exception { retJson = new FailureMessage("禁止访问"); return "forbidden"; } - + Validator vd = new Validator(getId(), "编号"); if (!vd.validateNotEmpty() || !vd.validatePositiveInt()) { retJson = vd.getFailureMessage(); return ERROR; } - + int userId = Integer.parseInt(getId()); if (appService.getUserById(userId) == null) { retJson = new FailureMessage("该用户编号不存在。"); return NONE; } - + List addressArray = StringUtil.JSONStringArrayParse(addresses); if (addressArray == null) { retJson = new FailureMessage("收货地址数组格式不正确"); @@ -388,7 +399,7 @@ public String updateAddress() throws Exception { } appService.updateUserAddress(userId, addressArray); - + retJson = new SuccessMessage(); return SUCCESS; } diff --git a/src/main/java/bookstore/action/UploadImageAction.java b/src/main/java/bookstore/action/UploadImageAction.java index e0c4b14..09b498e 100644 --- a/src/main/java/bookstore/action/UploadImageAction.java +++ b/src/main/java/bookstore/action/UploadImageAction.java @@ -1,6 +1,9 @@ package bookstore.action; import java.io.File; +import java.util.Arrays; +import java.util.List; + import org.apache.commons.io.FilenameUtils; import bookstore.model.result.FailureMessage; @@ -8,28 +11,28 @@ import bookstore.service.AppService; public class UploadImageAction extends BaseAction { - + private static final long serialVersionUID = 1L; - + private File file; private String filename; - + private final static String uploadPath = "img/upload/"; - + private Object retJson; - + private AppService appService; - + // Getters and setters public void setImage(File file) { - this.file = file; + this.file = file; } - + public void setImageFileName(String filename) { this.filename = filename; - } - + } + public Object getRetJson() { return retJson; } @@ -37,7 +40,7 @@ public Object getRetJson() { public void setRetJson(Object retJson) { this.retJson = retJson; } - + public AppService getAppService() { return appService; } @@ -45,27 +48,33 @@ public AppService getAppService() { public void setAppService(AppService appService) { this.appService = appService; } - + // Actions public String execute() { - + if (session().getAttribute("user") == null) { retJson = new FailureMessage("请先登录"); return LOGIN; } - + + List allowedExtensions = Arrays.asList(".jpg", ".jpeg", ".png", ".bmp", ".gif"); + if (allowedExtensions.indexOf(FilenameUtils.getExtension(filename)) == -1) { + retJson = new FailureMessage("上传失败!仅支持 JPG、PNG、BMP、GIF 图片格式!"); + return ERROR; + } + String newFilename = appService.uploadImage(FilenameUtils.concat(application().getRealPath("/"), uploadPath), file, filename); - + if (newFilename.isEmpty()) { retJson = new FailureMessage("上传失败!请检查文件大小和格式。"); return ERROR; } - + retJson = new SuccessMessage(newFilename); return SUCCESS; - + } } diff --git a/src/main/resources/struts.xml b/src/main/resources/struts.xml index b2624c4..19eec3b 100644 --- a/src/main/resources/struts.xml +++ b/src/main/resources/struts.xml @@ -5,7 +5,7 @@ "http://struts.apache.org/dtds/struts-2.3.dtd"> - + diff --git a/src/main/webapp/WEB-INF/jsp/error/401.jsp b/src/main/webapp/WEB-INF/jsp/error/401.jsp index 9a914f2..6c7a158 100644 --- a/src/main/webapp/WEB-INF/jsp/error/401.jsp +++ b/src/main/webapp/WEB-INF/jsp/error/401.jsp @@ -1,10 +1,11 @@ <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> +<%@ taglib prefix="s" uri="/struts-tags" %> <% response.setStatus(401); %> - Unauthorized. + 请先登录 @@ -43,7 +44,8 @@
-
Unauthorized.
+
请先登录!
+ ">回到首页
diff --git a/src/main/webapp/WEB-INF/jsp/error/403.jsp b/src/main/webapp/WEB-INF/jsp/error/403.jsp index b0ee2a8..e996104 100644 --- a/src/main/webapp/WEB-INF/jsp/error/403.jsp +++ b/src/main/webapp/WEB-INF/jsp/error/403.jsp @@ -1,10 +1,11 @@ <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> +<%@ taglib prefix="s" uri="/struts-tags" %> <% response.setStatus(403); %> - Forbidden. + 禁止访问 @@ -43,7 +44,8 @@
-
Forbidden.
+
禁止访问!
+ ">回到首页
diff --git a/src/main/webapp/WEB-INF/jsp/error/404.jsp b/src/main/webapp/WEB-INF/jsp/error/404.jsp index c40ee51..db7f7f4 100644 --- a/src/main/webapp/WEB-INF/jsp/error/404.jsp +++ b/src/main/webapp/WEB-INF/jsp/error/404.jsp @@ -1,10 +1,11 @@ <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %> +<%@ taglib prefix="s" uri="/struts-tags" %> <% response.setStatus(404); %> - Page Not Found. + 页面不存在 @@ -43,7 +44,8 @@
-
Page Not Found.
+
页面不存在!
+ ">回到首页