渗透测试bug修改

hcp-core/src/main/java/com/yingyangfly/core/aspect/LogOperAspect.java

@@ -96,19 +96,25 @@ public class LogOperAspect {
             HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
             SysOperLog operLog = new SysOperLog();
             if (OperatorType.MANAGE.equals(controllerLog.operatorType())) {
+                // 后台
                 // 获取当前的用户
                 CurrentLoginUser currentLoginUser = tokenUtil.getCurrentUser();
                 if (currentLoginUser != null)
                 {
                     operLog.setOperName(currentLoginUser.getUsername());
-                    operLog.setOperUserId(currentLoginUser.getUserId());
+                    if (controllerLog.title().equals("获取登录人信息")){
+                        operLog.setOperUserName(currentLoginUser.getMobile());
+                    }else {
+                        operLog.setOperUserName(Sm4Util.encrypt(currentLoginUser.getMobile()));
+                    }
                 }
             }else {
+                // app
                 AppCurrentLoginUser appCurrentLoginUser = tokenUtil.getAppCurrentLoginUser();
                 if (appCurrentLoginUser != null)
                 {
                     operLog.setOperName(appCurrentLoginUser.getName());
-                    operLog.setOperUserId(appCurrentLoginUser.getId());
+                    operLog.setOperUserName(Sm4Util.encrypt(appCurrentLoginUser.getMobile()));
                 }
             }
 

hcp-core/src/main/java/com/yingyangfly/core/domain/SysOperLog.java

@@ -26,9 +26,9 @@ public class SysOperLog {
     /**
      * 用户Id
      */
-    @JsonSerialize(using = ToStringSerializer.class)
-    @ExcelProperty("用户Id")
-    private Long operUserId;
+    @JsonSerialize(using = LogSm4JacksonSerialize.class)
+    @ExcelProperty("用户名")
+    private String operUserName;
 
     /**
      * 操作模块

hcp-core/src/main/java/com/yingyangfly/core/security/filter/JwtAuthenticationFilter.java

@@ -50,6 +50,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
         String authHeader = request.getHeader(jwtUtil.getJwtProperties().getTokenHeader());
+        String authToken = tokenUtil.getAuthToken(authHeader);
+        String username = jwtUtil.getUserNameFromToken(authToken);
+        if(tokenUtil.getAuthentication() != null || StringUtils.isBlank(username)){
+            chain.doFilter(request, response);
+            return;
+        }
         String authTimestamp = request.getHeader("timestamp");
         String sign = request.getHeader("sign");
         String contextPath = request.getServletPath();
@@ -58,6 +64,12 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
                 handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
                 return;
             }
+            String signKey = "hcp:sign:"+sign;
+            String redisSign = redisClient.get(signKey,"");
+            if (StringUtils.isNotEmpty(redisSign)){
+                handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
+                return;
+            }
             Long timestamp = Long.parseLong(authTimestamp);
             timestamp += 60000;
             Long currentTimeMillis = System.currentTimeMillis();
@@ -76,12 +88,7 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
                 handleUnauthorized(response,HttpServletResponse.SC_INTERNAL_SERVER_ERROR,"无效的请求");
                 return;
             }
-        }
-        String authToken = tokenUtil.getAuthToken(authHeader);
-        String username = jwtUtil.getUserNameFromToken(authToken);
-        if(tokenUtil.getAuthentication() != null || StringUtils.isBlank(username)){
-            chain.doFilter(request, response);
-            return;
+            redisClient.set(signKey,"",60);
         }
         // 获取请求来源 （app获取pc端）
         String requestSource = jwtUtil.getRequestSourceFromToken(authToken);

hcp-core/src/main/java/com/yingyangfly/core/service/impl/GameTaskServiceImpl.java

@@ -363,7 +363,7 @@ public class GameTaskServiceImpl extends ServiceImpl<GameTaskMapper, GameTask> i
         String userId = m.get("userId");
         String date = m.get("time");
         QueryWrapper<MentalEnergyDetailRecord> yesterdayWrapper = new QueryWrapper();
-        yesterdayWrapper.select(" sum(mental_energy_val) as mentalEnergyVal  ");
+        yesterdayWrapper.select("COALESCE(SUM(mental_energy_val), 0) as mentalEnergyVal");
         yesterdayWrapper.eq("user_id", userId);
         yesterdayWrapper.lt("create_time", date + " 23:59:59");
         yesterdayWrapper.orderByDesc("mental_energy_val");
@@ -380,7 +380,6 @@ public class GameTaskServiceImpl extends ServiceImpl<GameTaskMapper, GameTask> i
             Map<String, Object> result = reviewTaskDto.getResult();
             reviewScore += (Integer) result.get("reviewScore");
         }
-
         //如果查询出来的脑力值记录为空的话，查询用户测评的脑力值
         if(CollectionUtil.isEmpty(gamePlayRecordMap)){
 
@@ -393,7 +392,7 @@ public class GameTaskServiceImpl extends ServiceImpl<GameTaskMapper, GameTask> i
 
         //获取今天之前的数据
         QueryWrapper<MentalEnergyDetailRecord> todayWrapper = new QueryWrapper();
-        todayWrapper.select("  sum(mental_energy_val)  as mentalEnergyVal  ");
+        todayWrapper.select("  COALESCE(SUM(mental_energy_val), 0)  as mentalEnergyVal  ");
         todayWrapper.eq("user_id", userId);
         todayWrapper.lt("create_time", date + " 23:59:59");
 //        todayWrapper.orderByDesc("mental_energy_val");

hcp-core/src/main/java/com/yingyangfly/core/service/impl/SysOperLogServiceImpl.java

@@ -51,6 +51,8 @@ public class SysOperLogServiceImpl extends ServiceImpl<SysOperLogMapper, SysOper
             queryWrapper.eq(SysOperLog::getStatus,sysOperLogDto.getStatus());
         }
         queryWrapper.orderByDesc(SysOperLog::getOperTime);
-        return baseMapper.selectList(queryWrapper);
+        Page<SysOperLog> page = new Page<>(sysOperLogDto.getPage(), sysOperLogDto.getLimit());
+        Page<SysOperLog> sysOperLogPage = baseMapper.selectPage(page, queryWrapper);
+        return sysOperLogPage.getRecords();
     }
 }

hcp-core/src/main/java/com/yingyangfly/core/vo/SysOperLogVo.java

@@ -1,7 +1,9 @@
 package com.yingyangfly.core.vo;
 
+import com.alibaba.excel.annotation.ExcelProperty;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.yingyangfly.core.util.LogSm4JacksonSerialize;
+import com.yingyangfly.core.util.Sm4JacksonSerialize;
 import lombok.Data;
 
 import java.util.Date;
@@ -17,7 +19,8 @@ public class SysOperLogVo {
     /**
      * 用户id
      */
-    private Long operUserId;
+    @JsonSerialize(using = LogSm4JacksonSerialize.class)
+    private String operUserName;
 
 
     /**
@@ -25,6 +28,11 @@ public class SysOperLogVo {
      */
     private String title;
 
+    /**
+     *  请求参数
+     */
+    private String operParam;
+
     /**
      * 操作状态（0正常，1异常）
      */

hcp-platform/src/main/java/com/yingyangfly/platform/controller/DepartmentController.java

@@ -73,9 +73,9 @@ public class DepartmentController {
 
 
     /**
-     * 新增或者编辑
+     * 新增
      */
-    @Log(title = "新增或编辑科室")
+    @Log(title = "新增科室")
     @PreAuthorize("@SSPermissionChecker.hasPermission('department_save')")
     @PostMapping("/save")
     @TraceLog
@@ -84,4 +84,15 @@ public class DepartmentController {
     }
 
 
+    /**
+     * 编辑
+     */
+    @Log(title = "编辑科室")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('department_save')")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody Department department)  {
+        return departmentService.saveDepartment(department);
+    }
+
 }

hcp-platform/src/main/java/com/yingyangfly/platform/controller/DoctorController.java

@@ -38,9 +38,9 @@ public class DoctorController {
     SysUserService sysUserService;
 
 
-    @Log(title = "保存或编辑医师信息")
+    @Log(title = "保存医师信息")
     @PreAuthorize("@SSPermissionChecker.hasPermission('physician_save')")
-    @ApiOperation("保存或修改")
+    @ApiOperation("新增")
     @PostMapping("/save")
     @TraceLog
     public ResultResponse save(@RequestBody SysUser user){
@@ -54,6 +54,25 @@ public class DoctorController {
         sysUserService.saveSysUser(user);
         return ResultResponse.success();
     }
+
+    @Log(title = "编辑医师信息")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('physician_save')")
+    @ApiOperation("修改")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody SysUser user){
+        if (ObjectUtils.isNotNull(user.getPassword())) {
+            boolean strongPassword = PasswordValidator.isStrongPassword(user.getPassword());
+            if (!strongPassword){
+                return ResultResponse.fail("用户密码长度必须大于8位数小于20位数且包含大小写字母，数字，特殊字符(!@#$%^&*)");
+            }
+        }
+        user.setRoleCodes("doctor");
+        sysUserService.saveSysUser(user);
+        return ResultResponse.success();
+    }
+
+
     @Log(title = "查找医师列表")
     @PreAuthorize("@SSPermissionChecker.hasPermission('physician')")
     @ApiOperation("列表")

hcp-platform/src/main/java/com/yingyangfly/platform/controller/EquipmentController.java

@@ -71,15 +71,31 @@ public class EquipmentController {
      * @param equipment 实体对象
      * @return 新增或修改结果
      */
-    @Log(title = "新增或修改设备")
+    @Log(title = "新增设备")
     @PreAuthorize("@SSPermissionChecker.hasPermission('equipment_save')")
     @PostMapping("/save")
-    @ApiOperation("新增或修改")
+    @ApiOperation("新增")
     @TraceLog
     public ResultResponse<Boolean> save(@RequestBody Equipment equipment) {
         equipmentService.saveEquipment(equipment);
         return ResultResponse.success();
     }
+
+    /**
+     * 新增或修改数据
+     * @param equipment 实体对象
+     * @return 新增或修改结果
+     */
+    @Log(title = "修改设备")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('equipment_save')")
+    @PostMapping("/edit")
+    @ApiOperation("修改")
+    @TraceLog
+    public ResultResponse<Boolean> edit(@RequestBody Equipment equipment) {
+        equipmentService.saveEquipment(equipment);
+        return ResultResponse.success();
+    }
+
     /**
      * 删除
      * @param id 主键

hcp-platform/src/main/java/com/yingyangfly/platform/controller/GameController.java

@@ -99,14 +99,31 @@ public class GameController {
      * @param game 实体对象
      * @return 新增或修改结果
      */
-    @Log(title = "新增或修改游戏")
+    @Log(title = "新增游戏")
     @PreAuthorize("@SSPermissionChecker.hasPermission('game_save')")
     @PostMapping("/save")
-    @ApiOperation("新增或修改")
+    @ApiOperation("新增")
     @TraceLog
     public ResultResponse<Boolean> save(@RequestBody Game game) {
         return ResultResponse.success(gameService.saveGame(game));
     }
+
+    /**
+     * 新增或修改数据
+     * @param game 实体对象
+     * @return 新增或修改结果
+     */
+    @Log(title = "修改游戏")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('game_save')")
+    @PostMapping("/edit")
+    @ApiOperation("修改")
+    @TraceLog
+    public ResultResponse<Boolean> edit(@RequestBody Game game) {
+        return ResultResponse.success(gameService.saveGame(game));
+    }
+
+
+
     /**
      * 删除
      * @param dto 主键

hcp-platform/src/main/java/com/yingyangfly/platform/controller/GameRecommendRuleController.java

@@ -69,15 +69,25 @@ public class GameRecommendRuleController{
      * @param gameRecommendRule 实体对象
      * @return 新增或修改结果
      */
-    @Log(title = "新增或修改游戏推荐规则")
+    @Log(title = "新增游戏推荐规则")
     @PreAuthorize("@SSPermissionChecker.hasPermission('game_rule_save')")
     @PostMapping("/save")
-    @ApiOperation("新增或修改")
+    @ApiOperation("新增")
     @TraceLog
     public ResultResponse<Boolean> save(@RequestBody GameRecommendRule gameRecommendRule) {
         return ResultResponse.success(gameRecommendRuleService.saveGameRecommendRule(gameRecommendRule));
     }
 
+    @Log(title = "修改游戏推荐规则")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('game_rule_save')")
+    @PostMapping("/edit")
+    @ApiOperation("修改")
+    @TraceLog
+    public ResultResponse<Boolean> edit(@RequestBody GameRecommendRule gameRecommendRule) {
+        return ResultResponse.success(gameRecommendRuleService.saveGameRecommendRule(gameRecommendRule));
+    }
+
+
     /**
      * 删除数据
      * @param dto 主键

hcp-platform/src/main/java/com/yingyangfly/platform/controller/GameVoiceController.java

@@ -69,10 +69,10 @@ public class GameVoiceController{
      * @param gameVoice 实体对象
      * @return 新增或修改结果
      */
-    @Log(title = "新增或修改游戏声音")
+    @Log(title = "新增游戏声音")
     @PreAuthorize("@SSPermissionChecker.hasPermission('gameVideo_save')")
     @PostMapping("/save")
-    @ApiOperation("新增或修改")
+    @ApiOperation("新增")
     public ResultResponse<Boolean> save(@RequestBody GameVoice gameVoice) {
 
         CurrentLoginUser currentUser = tokenUtil.getCurrentUser();
@@ -90,6 +90,34 @@ public class GameVoiceController{
         return ResultResponse.success();
     }
 
+
+    /**
+     * 新增或修改数据
+     * @param gameVoice 实体对象
+     * @return 新增或修改结果
+     */
+    @Log(title = "修改游戏声音")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('gameVideo_save')")
+    @PostMapping("/edit")
+    @ApiOperation("修改")
+    public ResultResponse<Boolean> edit(@RequestBody GameVoice gameVoice) {
+
+        CurrentLoginUser currentUser = tokenUtil.getCurrentUser();
+        if(gameVoice.getId() == null){
+            gameVoice.setCreateTime(new Date());
+            gameVoice.setOrgCode(currentUser.getOrgCode());
+            gameVoice.setOrgName(currentUser.getOrgName());
+            gameVoice.setUpdateTime(new Date());
+            gameVoiceService.save(gameVoice);
+        }else{
+            gameVoice.setUpdateTime(new Date());
+            gameVoiceService.updateById(gameVoice);
+        }
+        redisClient.delHSet("hcp:game-voice", currentUser.getOrgCode());
+        return ResultResponse.success();
+    }
+
+
     /**
      * 删除数据
      * @param id 主键

hcp-platform/src/main/java/com/yingyangfly/platform/controller/LearningPackageController.java

@@ -43,9 +43,9 @@ public class LearningPackageController {
     }
 
     /**
-     * 修改
+     * 新增
      */
-    @Log(title = "修改套餐信息")
+    @Log(title = "新增套餐信息")
     @PreAuthorize("@SSPermissionChecker.hasPermission('learn_package_save')")
     @PostMapping("/save")
     @TraceLog
@@ -54,6 +54,19 @@ public class LearningPackageController {
         return ResultResponse.success();
     }
 
+
+    /**
+     * 修改
+     */
+    @Log(title = "修改套餐信息")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('learn_package_save')")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody LearningPackage learningPackage) {
+        learnPackageService.save(learningPackage);
+        return ResultResponse.success();
+    }
+
     /**
      * 删除
      */

hcp-platform/src/main/java/com/yingyangfly/platform/controller/OrgMerchantController.java

@@ -38,7 +38,7 @@ public class OrgMerchantController {
         Map<String,Object> map = orgMerchantService.selectList(orgMerchant);
         return ResultResponse.success(map);
     }
-    @Log(title = "新增或修改支付信息")
+    @Log(title = "新增支付信息")
     @PostMapping("/save")
     @TraceLog
     public ResultResponse save(@RequestBody List<OrgMerchant> orgMerchants){
@@ -46,6 +46,15 @@ public class OrgMerchantController {
         return ResultResponse.success();
     }
 
+
+    @Log(title = "修改支付信息")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody List<OrgMerchant> orgMerchants){
+        orgMerchantService.saveOrgMerchant(orgMerchants);
+        return ResultResponse.success();
+    }
+
     @Log(title = "删除支付信息")
     @PostMapping("/del")
     @TraceLog

hcp-platform/src/main/java/com/yingyangfly/platform/controller/PatientController.java

@@ -52,13 +52,20 @@ public class PatientController {
     @Autowired
     private TokenUtil tokenUtil;
 
-    @Log(title = "新增患者")
+    @Log(title = "新增患者信息")
     @PostMapping("/save")
     @TraceLog
     public ResultResponse save(@RequestBody AppUser appUser){
         return appUserService.saveAppUser(appUser);
     }
 
+    @Log(title = "修改患者")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody AppUser appUser){
+        return appUserService.saveAppUser(appUser);
+    }
+
     @Log(title = "获取支付参数")
     @PostMapping("/findPayParam")
     @TraceLog

hcp-platform/src/main/java/com/yingyangfly/platform/controller/TherapistsController.java

@@ -36,9 +36,9 @@ public class TherapistsController {
     @Autowired
     SysUserService sysUserService;
 
-    @Log(title = "新增或修改康复师")
+    @Log(title = "新增康复师信息")
     @PreAuthorize("@SSPermissionChecker.hasPermission('therapists_save')")
-    @ApiOperation("保存或修改")
+    @ApiOperation("新增")
     @PostMapping("/save")
     @TraceLog
     public ResultResponse save(@RequestBody SysUser user){
@@ -53,6 +53,24 @@ public class TherapistsController {
         return ResultResponse.success();
     }
 
+
+    @Log(title = "修改康复师信息")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('therapists_save')")
+    @ApiOperation("修改")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody SysUser user){
+        if (ObjectUtils.isNotNull(user.getPassword())){
+            boolean strongPassword = PasswordValidator.isStrongPassword(user.getPassword());
+            if (!strongPassword){
+                return ResultResponse.fail("用户密码长度必须大于8位数小于20位数且包含大小写字母，数字，特殊字符(!@#$%^&*)");
+            }
+        }
+        user.setRoleCodes("therapists");
+        sysUserService.saveSysUser(user);
+        return ResultResponse.success();
+    }
+
     @Log(title = "康复师列表")
     @PreAuthorize("@SSPermissionChecker.hasPermission('therapists_list')")
     @ApiOperation("列表")

hcp-platform/src/main/java/com/yingyangfly/platform/sys/controller/AppUserHeadController.java

@@ -49,7 +49,7 @@ public class AppUserHeadController {
      * @param appUserHead
      * @return
      */
-    @Log(title = "新增或编辑随机头像")
+    @Log(title = "新增随机头像")
     @PreAuthorize("@SSPermissionChecker.hasPermission('patientAvatar_save')")
     @PostMapping("/save")
     @TraceLog
@@ -58,6 +58,20 @@ public class AppUserHeadController {
         return ResultResponse.success();
     }
 
+    /**
+     * 修改编辑
+     * @param appUserHead
+     * @return
+     */
+    @Log(title = "编辑随机头像")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('patientAvatar_save')")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody AppUserHead appUserHead){
+        appUserHeadService.saveAppUserHead(appUserHead);
+        return ResultResponse.success();
+    }
+
     /**
      * sahnu
      * @param id

hcp-platform/src/main/java/com/yingyangfly/platform/sys/controller/SysMenuController.java

@@ -40,9 +40,9 @@ public class SysMenuController {
     }
 
     /**
-     * 新增或者修改
+     * 新增
      */
-    @Log(title = "新增或修改菜单")
+    @Log(title = "新增菜单")
     @PreAuthorize("@SSPermissionChecker.hasPermission('menu_add')")
     @PostMapping("/save")
     @TraceLog
@@ -51,6 +51,18 @@ public class SysMenuController {
         return sysMenuService.saveSysMenu(sysMenu);
     }
 
+    /**
+     * 新增或者修改
+     */
+    @Log(title = "修改菜单")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('menu_add')")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@Validated @RequestBody SysMenu sysMenu) {
+
+        return sysMenuService.saveSysMenu(sysMenu);
+    }
+
     @Log(title = "判断菜单是否存在")
     @PostMapping("/isExist")
     @TraceLog

hcp-platform/src/main/java/com/yingyangfly/platform/sys/controller/SysOrgController.java

@@ -57,17 +57,29 @@ public class SysOrgController
 
 
     /**
-     * 新增或者修改机构
+     * 新增机构
      */
-    @Log(title = "新增或修改机构信息")
+    @Log(title = "新增机构信息")
     @PreAuthorize("SSPermissionChecker.hasPermission('org_add')")
     @PostMapping("/save")
-    @TraceLog(methedDesn="保存或修改机构")
+    @TraceLog(methedDesn="保存机构")
     public ResultResponse save(@Validated @RequestBody  SysOrg org)
     {
         return sysOrgService.saveSysOrg(org);
     }
 
+    /**
+     * 修改机构
+     */
+    @Log(title = "修改机构信息")
+    @PreAuthorize("SSPermissionChecker.hasPermission('org_add')")
+    @PostMapping("/edit")
+    @TraceLog(methedDesn="修改机构")
+    public ResultResponse edit(@Validated @RequestBody  SysOrg org)
+    {
+        return sysOrgService.saveSysOrg(org);
+    }
+
 
     @Log(title = "判断机构信息是否存在")
     @PostMapping("/isExist")

hcp-platform/src/main/java/com/yingyangfly/platform/sys/controller/SysRoleController.java

@@ -57,9 +57,9 @@ public class SysRoleController
 
 
     /**
-     * 新增或者修改
+     * 新增
      */
-    @Log(title = "新增或修改角色")
+    @Log(title = "新增角色")
     @PreAuthorize("@SSPermissionChecker.hasPermission('role_add')")
     @PostMapping("/save")
     @TraceLog
@@ -68,6 +68,19 @@ public class SysRoleController
        return sysRoleService.saveSysRole(sysRole);
     }
 
+
+    /**
+     * 修改
+     */
+    @Log(title = "修改角色")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('role_add')")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody SysRole sysRole)
+    {
+        return sysRoleService.saveSysRole(sysRole);
+    }
+
     /**
      * 判断code是否重复
      */

hcp-platform/src/main/java/com/yingyangfly/platform/sys/controller/SysUserController.java

@@ -50,9 +50,9 @@ public class SysUserController {
     }
 
     /**
-     * 新增或者修改
+     * 新增
      */
-    @Log(title = "新增或修改用户")
+    @Log(title = "新增用户")
     @PreAuthorize("@SSPermissionChecker.hasPermission('user_add')")
     @PostMapping("/save")
     @TraceLog
@@ -64,6 +64,21 @@ public class SysUserController {
         return ResultResponse.success(token);
     }
 
+    /**
+     * 修改
+     */
+    @Log(title = "修改用户")
+    @PreAuthorize("@SSPermissionChecker.hasPermission('user_add')")
+    @PostMapping("/edit")
+    @TraceLog
+    public ResultResponse edit(@RequestBody SysUser sysUser) {
+        if (ObjectUtils.isNotNull(sysUser.getPassword())) {
+            sysUser.setPassword(CryptoUtil.decrypt(sysUser.getPassword()));
+        }
+        String token = sysUserService.saveSysUser(sysUser);
+        return ResultResponse.success(token);
+    }
+
     /**
      * 删除
      *