From 29a0abce7031a028803b7d2bc3edaaa4aecc8abd Mon Sep 17 00:00:00 2001
From: yy <2@2.com>
Date: Mon, 3 Jun 2024 09:05:20 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=80=E6=9C=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...sourceOwnerBaseAuthenticationProvider.java |   6 +-
 .../admin/controller/SysUserController.java   |  32 +-
 .../service/impl/SysUserServiceImpl.java      |  34 +-
 .../rax/vital/handler/mysql/ChatHandler.java  |  45 +-
 .../vital/handler/mysql/MedicineHandler.java  |  44 +-
 .../service/impl/ChatServiceImpl.java         |  34 +-
 .../main/resources/mapper/SysUserMapper.xml   | 390 +++++++++---------
 7 files changed, 327 insertions(+), 258 deletions(-)

diff --git a/auth/src/main/java/com/rax/auth/support/base/OAuth2ResourceOwnerBaseAuthenticationProvider.java b/auth/src/main/java/com/rax/auth/support/base/OAuth2ResourceOwnerBaseAuthenticationProvider.java
index 0bf8021..9343dcb 100644
--- a/auth/src/main/java/com/rax/auth/support/base/OAuth2ResourceOwnerBaseAuthenticationProvider.java
+++ b/auth/src/main/java/com/rax/auth/support/base/OAuth2ResourceOwnerBaseAuthenticationProvider.java
@@ -224,7 +224,7 @@ public abstract class OAuth2ResourceOwnerBaseAuthenticationProvider<T extends OA
 
 			OAuth2Authorization authorization = authorizationBuilder.build();
 
-			checkIsLogin(authorization);
+//			checkIsLogin(authorization);
 
 			this.authorizationService.save(authorization);
 
@@ -305,7 +305,7 @@ public abstract class OAuth2ResourceOwnerBaseAuthenticationProvider<T extends OA
 	/**
 	 * 新登录用户会把老登录用户给踢下线
 	 */
-	private void checkIsLogin(OAuth2Authorization authorization) {
+	/*private void checkIsLogin(OAuth2Authorization authorization) {
 		String username = Base64.encode(authorization.getPrincipalName());
 		RedisTemplate<String, String> redisTemplate = SpringContextHolder.getBean(RedisTemplate.class);
 		String previousAccessToken = redisTemplate.opsForValue().get(LOGGED_IN + username + "::a::");
@@ -321,6 +321,6 @@ public abstract class OAuth2ResourceOwnerBaseAuthenticationProvider<T extends OA
 			String refreshToken = authorization.getRefreshToken().getToken().getTokenValue();
 			redisTemplate.opsForValue().set(LOGGED_IN + username + "::c::", refreshToken, clientDetailsById.getData().getRefreshTokenValidity(), TimeUnit.SECONDS);
 		}
-	}
+	}*/
 
 }
diff --git a/upms/upms-biz/src/main/java/com/rax/admin/controller/SysUserController.java b/upms/upms-biz/src/main/java/com/rax/admin/controller/SysUserController.java
index 1f95eac..e0b4814 100644
--- a/upms/upms-biz/src/main/java/com/rax/admin/controller/SysUserController.java
+++ b/upms/upms-biz/src/main/java/com/rax/admin/controller/SysUserController.java
@@ -34,6 +34,7 @@ import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
+import java.util.regex.Pattern;
 
 /**
  * @author lengleng
@@ -54,6 +55,10 @@ public class SysUserController {
 
 	private final SysHospitalService sysHospitalService;
 
+	private final static String PASSWD_PATTERN = "^[a-zA-Z0-9]{8,16}$";
+
+	private final static String ACCOUNT_PATTERN = "^[a-zA-Z0-9]{2,16}$";
+
 	/**
 	 * 获取指定用户全部信息
 	 *
@@ -157,6 +162,15 @@ public class SysUserController {
 	@PostMapping
 	@PreAuthorize("@pms.hasPermission('sys_user_add')")
 	public R user(@RequestBody UserDTO userDto) {
+		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getPassword());
+		if (!matches) {
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
+		}
+
+		boolean accountMatches = Pattern.matches(ACCOUNT_PATTERN, userDto.getUsername());
+		if (!accountMatches) {
+			return R.failed("用户名至少2~16位字母或数字（区分大小写）");
+		}
 		return R.ok(userService.saveUser(userDto));
 	}
 
@@ -186,7 +200,22 @@ public class SysUserController {
 	@PostMapping("/page")
 	public R getUserPage(Page page, UserDTO userDTO) {
 		String hospitalId = sysHospitalService.getCurrentHospital();
-		userDTO.setHospitalId(Long.valueOf(hospitalId));
+		if (StringUtils.hasText(hospitalId) && !"null".equals(hospitalId)) {
+			userDTO.setHospitalId(Long.valueOf(hospitalId));
+		} else {
+			RaxUser raxUser = (RaxUser) SecurityUtils.getAuthentication().getPrincipal();
+			List<SysRole> rolesByUserId = roleService.findRolesByUserId(raxUser.getId());
+			boolean isAdmin = false;
+			for (SysRole role: rolesByUserId) {
+				if (ADMIN_ROLE_CODE.equals(role.getRoleCode())) {
+					isAdmin = true;
+					break;
+				}
+			}
+			if (!isAdmin) {
+				return R.ok(new Page<>());
+			}
+		}
 		return R.ok(userService.getUsersWithRolePage(page, userDTO));
 	}
 
@@ -196,6 +225,7 @@ public class SysUserController {
 	 * @return 用户集合
 	 */
 	@PostMapping("/list")
+	@PreAuthorize("@pms.hasPermission('sys_user_list')")
 	public R getUserPage(Page page, String name) {
 		return R.ok(userService.getUsersPage(page, name));
 	}
diff --git a/upms/upms-biz/src/main/java/com/rax/admin/service/impl/SysUserServiceImpl.java b/upms/upms-biz/src/main/java/com/rax/admin/service/impl/SysUserServiceImpl.java
index 2e9a830..ab9450e 100644
--- a/upms/upms-biz/src/main/java/com/rax/admin/service/impl/SysUserServiceImpl.java
+++ b/upms/upms-biz/src/main/java/com/rax/admin/service/impl/SysUserServiceImpl.java
@@ -74,7 +74,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
 	private final RedisTemplate redisTemplate;
 
-	private final static String PASSWD_PATTERN = "^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[^\\da-zA-Z\\s]).{9,15}$";
+	private final static String PASSWD_PATTERN = "^[a-zA-Z0-9]{8,16}$";
+
+	private final static String ACCOUNT_PATTERN = "^[a-zA-Z0-9]{2,16}$";
 
 	private final SysUserMapper userMapper;
 
@@ -94,7 +96,10 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		sysUser.setDelFlag(CommonConstants.STATUS_NORMAL);
 		sysUser.setCreateBy(userDto.getUsername());
 		sysUser.setPassword(ENCODER.encode(userDto.getPassword()));
-		sysUser.setHospitalId(Long.valueOf(sysHospitalService.getCurrentHospital()));
+		String hosptital = sysHospitalService.getCurrentHospital();
+		if (StringUtils.hasText(hosptital) && !"null".equals(hosptital)) {
+			sysUser.setHospitalId(Long.valueOf(hosptital));
+		}
 		baseMapper.insert(sysUser);
 		// 保存用户岗位信息
 		Optional.ofNullable(userDto.getPost()).ifPresent(posts -> {
@@ -412,6 +417,18 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		} else {
 			return R.failed("验证码已失效");
 		}
+
+		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getPassword());
+		if (!matches) {
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
+		}
+
+		boolean accountMatches = Pattern.matches(ACCOUNT_PATTERN, userDto.getUsername());
+		if (!accountMatches) {
+			return R.failed("用户名至少2~16位字母或数字（区分大小写）");
+		}
+
+
 		// 判断用户名是否存在
 		SysUser sysUser = this.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, userDto.getUsername()));
 		if (sysUser != null) {
@@ -459,6 +476,13 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		if (StrUtil.isEmpty(userDto.getNewpassword1())) {
 			return R.failed("新密码不能为空");
 		}
+
+		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getNewpassword1());
+		if (!matches) {
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
+		}
+
+
 		String password = ENCODER.encode(userDto.getNewpassword1());
 
 		this.update(Wrappers.<SysUser>lambdaUpdate()
@@ -494,9 +518,11 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
 		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getPassword());
 		if (!matches) {
-			return R.failed("密码至少包含字母、数字、特殊字符，不少于9位，最多15位");
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
 		}
-
+		Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+		// 立即删除
+		cache.evictIfPresent(userDto.getUsername());
 		String password = ENCODER.encode(userDto.getPassword());
 		this.update(Wrappers.<SysUser>lambdaUpdate()
 				.set(SysUser::getPassword, password)
diff --git a/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/ChatHandler.java b/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/ChatHandler.java
index 2623c81..d3f3072 100644
--- a/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/ChatHandler.java
+++ b/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/ChatHandler.java
@@ -14,6 +14,9 @@ import java.util.Map;
 import java.util.Timer;
 import java.util.TimerTask;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
 
 public class ChatHandler implements WebSocketHandler {
 	@Resource
@@ -22,7 +25,7 @@ public class ChatHandler implements WebSocketHandler {
 	@Resource
 	private ChatService chatService;
 
-	private Map<String, TimerTask> timerTaskMap = new ConcurrentHashMap();
+	private Map<String, ScheduledExecutorService> timerTaskMap = new ConcurrentHashMap();
 
 	@Override
 	public void afterConnectionEstablished(WebSocketSession session) throws Exception {
@@ -73,34 +76,30 @@ public class ChatHandler implements WebSocketHandler {
 
 	private void startHeartbeat(WebSocketSession session) {
 		if (!timerTaskMap.containsKey(session.getId())) {
-			TimerTask timerTask = new TimerTask() {
-				@Override
-				public void run() {
-					try {
-						if (session.isOpen()) {
-							JSONObject jsonObject = new JSONObject();
-							jsonObject.put("msgType", "heartbeat");
-							session.sendMessage(new TextMessage(jsonObject.toJSONString().getBytes()));
-						} else {
-							stopHeartbeat(session);
-							chatService.stopTask(session.getId());
-							session.close();
-						}
-					} catch (Exception e) {
-						e.printStackTrace();
+			ScheduledExecutorService heartbeatExecutor = Executors.newScheduledThreadPool(1);
+			heartbeatExecutor.scheduleAtFixedRate(() -> {
+				try {
+					if (session.isOpen()) {
+						JSONObject jsonObject = new JSONObject();
+						jsonObject.put("msgType", "heartbeat");
+						session.sendMessage(new TextMessage(jsonObject.toJSONString().getBytes()));
+					} else {
 						stopHeartbeat(session);
+						chatService.stopTask(session.getId());
+						session.close();
 					}
+				} catch (Exception e) {
+					e.printStackTrace();
+					stopHeartbeat(session);
 				}
-			};
-			// 定时任务，设置1秒
-			Timer timer = new Timer();
-			timer.schedule(timerTask, 0, 1000);
-			timerTaskMap.put(session.getId(), timerTask);
+			}, 0, 10, TimeUnit.SECONDS);
+			timerTaskMap.put(session.getId(), heartbeatExecutor);
 		}
 	}
 
 	private void stopHeartbeat(WebSocketSession session) {
-		TimerTask timerTask = timerTaskMap.get(session.getId());
-		timerTask.cancel();
+		ScheduledExecutorService heartbeatExecutor = timerTaskMap.get(session.getId());
+		heartbeatExecutor.shutdownNow();
 	}
+
 }
diff --git a/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/MedicineHandler.java b/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/MedicineHandler.java
index e6426eb..fc05935 100644
--- a/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/MedicineHandler.java
+++ b/upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/MedicineHandler.java
@@ -24,7 +24,9 @@ public class MedicineHandler implements WebSocketHandler {
 	@Resource
 	private OAuth2AuthorizationService authorizationService;
 
-	private Map<String, TimerTask> timerTaskMap = new ConcurrentHashMap();
+//	private Map<String, TimerTask> timerTaskMap = new ConcurrentHashMap();
+
+	private Map<String, ScheduledExecutorService> timerTaskMap = new ConcurrentHashMap();
 
 	@Override
 	public void afterConnectionEstablished(WebSocketSession session) {
@@ -71,34 +73,30 @@ public class MedicineHandler implements WebSocketHandler {
 
 	private void startHeartbeat(WebSocketSession session) {
 		if (!timerTaskMap.containsKey(session.getId())) {
-			TimerTask timerTask = new TimerTask() {
-				@Override
-				public void run() {
-					try {
-						if (session.isOpen()) {
-							JSONObject jsonObject = new JSONObject();
-							jsonObject.put("msgType", "heartbeat");
-							session.sendMessage(new TextMessage(jsonObject.toJSONString().getBytes()));
-						} else {
-							session.close();
-							stopHeartbeat(session);
-							vitalSignTimerWS.stopTimerTask(session.getId());
-						}
-					} catch (Exception e) {
-						e.printStackTrace();
+			ScheduledExecutorService heartbeatExecutor = Executors.newScheduledThreadPool(1);
+			heartbeatExecutor.scheduleAtFixedRate(() -> {
+				try {
+					if (session.isOpen()) {
+						JSONObject jsonObject = new JSONObject();
+						jsonObject.put("msgType", "heartbeat");
+						session.sendMessage(new TextMessage(jsonObject.toJSONString().getBytes()));
+					} else {
+						session.close();
 						stopHeartbeat(session);
+						vitalSignTimerWS.stopTimerTask(session.getId());
 					}
+				} catch (Exception e) {
+					e.printStackTrace();
+					stopHeartbeat(session);
 				}
-			};
-			// 定时任务，设置1秒
-			Timer timer = new Timer();
-			timer.schedule(timerTask, 0, 1000);
-			timerTaskMap.put(session.getId(), timerTask);
+			}, 0, 10, TimeUnit.SECONDS);
+			timerTaskMap.put(session.getId(), heartbeatExecutor);
 		}
 	}
 
 	private void stopHeartbeat(WebSocketSession session) {
-		TimerTask timerTask = timerTaskMap.get(session.getId());
-		timerTask.cancel();
+		ScheduledExecutorService heartbeatExecutor = timerTaskMap.get(session.getId());
+		heartbeatExecutor.shutdownNow();
 	}
+
 }
diff --git a/upms/upms-biz/src/main/java/com/rax/vital/medicine/service/impl/ChatServiceImpl.java b/upms/upms-biz/src/main/java/com/rax/vital/medicine/service/impl/ChatServiceImpl.java
index 58add7e..7a7f207 100644
--- a/upms/upms-biz/src/main/java/com/rax/vital/medicine/service/impl/ChatServiceImpl.java
+++ b/upms/upms-biz/src/main/java/com/rax/vital/medicine/service/impl/ChatServiceImpl.java
@@ -22,10 +22,7 @@ import org.springframework.web.socket.TextMessage;
 import org.springframework.web.socket.WebSocketSession;
 
 import java.io.IOException;
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.SQLException;
-import java.sql.Statement;
+import java.sql.*;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
@@ -178,6 +175,27 @@ public class ChatServiceImpl implements ChatService {
 						sessionMap.put(session.getId(), session);
 					}
 				}
+
+				String sql = "select content, create_time \"creatTime\", create_user \"createUser\", create_name \"createName\" from t_chat where deleted = 0 and revoked = 0 order by create_time asc ";
+				Connection connection = dataSource.getConnection();
+				try {
+					Statement statement = connection.createStatement();
+					ResultSet resultSet = statement.executeQuery(sql);
+					while (resultSet.next()) {
+						Map map = new HashMap();
+						map.put("content", resultSet.getString("content"));
+						map.put("creatTime", resultSet.getString("creatTime"));
+						map.put("createUser", resultSet.getString("createUser"));
+						map.put("createName", resultSet.getString("createName"));
+						history.add(map);
+					}
+					JSONObject param = new JSONObject();
+					param.put("history", history);
+					param.put("msgType", "msg");
+					session.sendMessage(new TextMessage(param.toJSONString().getBytes()));
+				} catch (Exception e) {
+					e.printStackTrace();
+				}
 			} else {
 				JSONObject jsonObject = new JSONObject();
 				jsonObject.put("status", 1);
@@ -193,10 +211,10 @@ public class ChatServiceImpl implements ChatService {
 			}
 		}
 
-		SysUser sysUser = SysUserService.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, username));
-
 		if (StringUtils.hasText(msg)) {
 			JSONObject param = new JSONObject();
+			SysUser sysUser = SysUserService.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, username));
+
 			Connection connection = dataSource.getConnection();
 			try {
 				Statement statement = connection.createStatement();
@@ -238,8 +256,8 @@ public class ChatServiceImpl implements ChatService {
 				e.printStackTrace();
 			}
 
-			Map<String, WebSocketSession> sessionMap = databaseSessionMap.get(databaseName);
-			for (Map.Entry<String, WebSocketSession> entry : sessionMap.entrySet()) {
+			Map<String, WebSocketSession> sessionMap1 = databaseSessionMap.get(databaseName);
+			for (Map.Entry<String, WebSocketSession> entry : sessionMap1.entrySet()) {
 				WebSocketSession value = entry.getValue();
 				try {
 					value.sendMessage(new TextMessage(param.toJSONString().getBytes()));
diff --git a/upms/upms-biz/src/main/resources/mapper/SysUserMapper.xml b/upms/upms-biz/src/main/resources/mapper/SysUserMapper.xml
index 2360a3a..43216ce 100644
--- a/upms/upms-biz/src/main/resources/mapper/SysUserMapper.xml
+++ b/upms/upms-biz/src/main/resources/mapper/SysUserMapper.xml
@@ -1,148 +1,34 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="com.rax.admin.mapper.SysUserMapper">
-    <!-- 通用查询映射结果 -->
-    <resultMap id="baseResultMap" type="com.rax.admin.api.vo.UserVO">
-        <id column="user_id" property="userId"/>
-        <result column="username" property="username"/>
-        <result column="password" property="password"/>
-        <result column="salt" property="salt"/>
-        <result column="phone" property="phone"/>
-        <result column="avatar" property="avatar"/>
-        <result column="wx_openid" property="wxOpenid"/>
-        <result column="qq_openid" property="qqOpenid"/>
-        <result column="ucreate_time" property="createTime"/>
-        <result column="uupdate_time" property="updateTime"/>
-        <result column="lock_flag" property="lockFlag"/>
-        <result column="del_flag" property="delFlag"/>
-        <result column="dept_id" property="deptId"/>
-        <result column="dept_name" property="deptName"/>
-        <result column="nickname" property="nickname"/>
-        <result column="name" property="name"/>
-        <result column="email" property="email"/>
-        <collection property="roleList" ofType="com.rax.admin.api.entity.SysRole"
-                    select="com.rax.admin.mapper.SysRoleMapper.listRolesByUserId" column="user_id">
-        </collection>
-        <collection property="postList" ofType="com.rax.admin.api.entity.SysPost"
-                    select="com.rax.admin.mapper.SysPostMapper.listPostsByUserId" column="user_id">
-        </collection>
-    </resultMap>
+	<!-- 通用查询映射结果 -->
+	<resultMap id="baseResultMap" type="com.rax.admin.api.vo.UserVO">
+		<id column="user_id" property="userId"/>
+		<result column="username" property="username"/>
+		<result column="password" property="password"/>
+		<result column="salt" property="salt"/>
+		<result column="phone" property="phone"/>
+		<result column="avatar" property="avatar"/>
+		<result column="wx_openid" property="wxOpenid"/>
+		<result column="qq_openid" property="qqOpenid"/>
+		<result column="ucreate_time" property="createTime"/>
+		<result column="uupdate_time" property="updateTime"/>
+		<result column="lock_flag" property="lockFlag"/>
+		<result column="del_flag" property="delFlag"/>
+		<result column="dept_id" property="deptId"/>
+		<result column="dept_name" property="deptName"/>
+		<result column="nickname" property="nickname"/>
+		<result column="name" property="name"/>
+		<result column="email" property="email"/>
+		<collection property="roleList" ofType="com.rax.admin.api.entity.SysRole"
+					select="com.rax.admin.mapper.SysRoleMapper.listRolesByUserId" column="user_id">
+		</collection>
+		<collection property="postList" ofType="com.rax.admin.api.entity.SysPost"
+					select="com.rax.admin.mapper.SysPostMapper.listPostsByUserId" column="user_id">
+		</collection>
+	</resultMap>
 
-    <sql id="userRoleSql">
-        u.user_id,
-        u.username,
-        u.password,
-        u.salt,
-        u.phone,
-        u.avatar,
-        u.wx_openid,
-        u.qq_openid,
-        u.dept_id,
-        u.del_flag,
-        u.lock_flag,
-        u.create_by,
-        u.create_time  ucreate_time,
-        u.update_time  uupdate_time,
-        r.role_id,
-        r.role_name,
-        r.role_code,
-        r.role_desc,
-        r.create_time  rcreate_time,
-        r.update_time  rupdate_time
-    </sql>
-
-    <sql id="userRoleDeptSql">
-        u.user_id,
-        u.username,
-        u.password,
-        u.salt,
-        u.phone,
-        u.avatar,
-        u.wx_openid,
-        u.qq_openid,
-        u.del_flag,
-        u.lock_flag,
-        u.nickname,
-        u.name,
-        u.email,
-        u.create_by,
-        u.create_time  ucreate_time,
-        u.update_time  uupdate_time,
-        d.name  dept_name,
-        d.dept_id
-    </sql>
-
-    <select id="getUserVoByUsername" resultMap="baseResultMap">
-        SELECT
-        <include refid="userRoleSql"/>
-        FROM
-        sys_user u
-        LEFT JOIN sys_user_role urole ON urole.user_id = u.user_id
-        LEFT JOIN sys_role r ON r.role_id = urole.role_id and r.del_flag = '0'
-        WHERE u.username = #{username} and u.del_flag = '0'
-    </select>
-
-    <select id="getUserVoById" resultMap="baseResultMap">
-        SELECT
-        <include refid="userRoleDeptSql"/>
-        FROM
-        sys_user u
-        LEFT JOIN sys_dept d ON d.dept_id = u.dept_id and d.del_flag = '0'
-        WHERE
-        u.user_id = #{id} and u.del_flag = '0'
-    </select>
-
-    <select id="getUserVosPage" resultMap="baseResultMap">
-        SELECT
-        u.user_id,
-        u.username,
-        u.password,
-        u.salt,
-        u.phone,
-        u.avatar,
-        u.wx_openid,
-        u.qq_openid,
-        u.dept_id,
-        u.create_by,
-        u.create_time ucreate_time,
-        u.update_time uupdate_time,
-        u.del_flag,
-        u.lock_flag,
-        u.nickname,
-        u.name,
-        u.email,
-        d.name dept_name
-        FROM
-        sys_user u
-        LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
-        <where>
-            u.del_flag = '0'
-			and
-			u.hospital_id = #{query.hospitalId}
-			<if test="query.name != null and query.name != ''">
-				<bind name="nameLike" value="'%' + query.name + '%'"/>
-				AND u.name LIKE #{nameLike}
-			</if>
-            <if test="query.username != null and query.username != ''">
-                <bind name="usernameLike" value="'%'+query.username+'%'"/>
-                AND u.username LIKE #{usernameLike}
-            </if>
-            <if test="query.deptId != null and query.deptId != ''">
-                AND u.dept_id = #{query.deptId}
-            </if>
-            <if test="query.phone != null and query.phone != ''">
-                <bind name="phoneLike" value="'%'+query.phone+'%'"/>
-                AND u.phone LIKE #{phoneLike}
-            </if>
-        </where>
-
-        <if test="_databaseId != 'mssql'">
-            ORDER BY u.create_time DESC
-        </if>
-    </select>
-
-	<select id="getUsersPage" resultMap="baseResultMap">
-		SELECT
+	<sql id="userRoleSql">
 		u.user_id,
 		u.username,
 		u.password,
@@ -152,20 +38,130 @@
 		u.wx_openid,
 		u.qq_openid,
 		u.dept_id,
+		u.del_flag,
+		u.lock_flag,
 		u.create_by,
 		u.create_time ucreate_time,
 		u.update_time uupdate_time,
+		r.role_id,
+		r.role_name,
+		r.role_code,
+		r.role_desc,
+		r.create_time rcreate_time,
+		r.update_time rupdate_time
+	</sql>
+
+	<sql id="userRoleDeptSql">
+		u.user_id,
+		u.username,
+		u.password,
+		u.salt,
+		u.phone,
+		u.avatar,
+		u.wx_openid,
+		u.qq_openid,
 		u.del_flag,
 		u.lock_flag,
 		u.nickname,
 		u.name,
 		u.email,
-		d.name dept_name
-		FROM
-		sys_user u
-		LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
+		u.create_by,
+		u.create_time ucreate_time,
+		u.update_time uupdate_time,
+		d.name        dept_name,
+		d.dept_id
+	</sql>
+
+	<select id="getUserVoByUsername" resultMap="baseResultMap">
+		SELECT
+		<include refid="userRoleSql"/>
+		FROM sys_user u
+				 LEFT JOIN sys_user_role urole ON urole.user_id = u.user_id
+				 LEFT JOIN sys_role r ON r.role_id = urole.role_id and r.del_flag = '0'
+		WHERE u.username = #{username}
+		  and u.del_flag = '0'
+	</select>
+
+	<select id="getUserVoById" resultMap="baseResultMap">
+		SELECT
+		<include refid="userRoleDeptSql"/>
+		FROM sys_user u
+				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id and d.del_flag = '0'
+		WHERE u.user_id = #{id}
+		  and u.del_flag = '0'
+	</select>
+
+	<select id="getUserVosPage" resultMap="baseResultMap">
+		SELECT u.user_id,
+			   u.username,
+			   u.password,
+			   u.salt,
+			   u.phone,
+			   u.avatar,
+			   u.wx_openid,
+			   u.qq_openid,
+			   u.dept_id,
+			   u.create_by,
+			   u.create_time ucreate_time,
+			   u.update_time uupdate_time,
+			   u.del_flag,
+			   u.lock_flag,
+			   u.nickname,
+			   u.name,
+			   u.email,
+			   d.name        dept_name
+		FROM sys_user u
+				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
 		<where>
-			u.del_flag = '0'
+			u.del_flag = '0' and u.user_id != '1'
+			<if test="query.hospitalId != null and query.hospitalId != ''">
+				and u.hospital_id = #{query.hospitalId}
+			</if>
+			<if test="query.name != null and query.name != ''">
+				<bind name="nameLike" value="'%' + query.name + '%'"/>
+				AND u.name LIKE #{nameLike}
+			</if>
+			<if test="query.username != null and query.username != ''">
+				<bind name="usernameLike" value="'%' + query.username + '%'"/>
+				AND u.username LIKE #{usernameLike}
+			</if>
+			<if test="query.deptId != null and query.deptId != ''">
+				AND u.dept_id = #{query.deptId}
+			</if>
+			<if test="query.phone != null and query.phone != ''">
+				<bind name="phoneLike" value="'%' + query.phone + '%'"/>
+				AND u.phone LIKE #{phoneLike}
+			</if>
+		</where>
+
+		<if test="_databaseId != 'mssql'">
+			ORDER BY u.create_time DESC
+		</if>
+	</select>
+
+	<select id="getUsersPage" resultMap="baseResultMap">
+		SELECT u.user_id,
+			   u.username,
+			   u.password,
+			   u.salt,
+			   u.phone,
+			   u.avatar,
+			   u.wx_openid,
+			   u.qq_openid,
+			   u.dept_id,
+			   u.create_by,
+			   u.create_time ucreate_time,
+			   u.update_time uupdate_time,
+			   u.del_flag,
+			   u.lock_flag,
+			   u.nickname,
+			   u.name,
+			   u.email,
+			   d.name        dept_name
+		FROM sys_user u
+				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
+		<where>
+			u.del_flag = '0' and u.user_id != '1'
 			<if test="name != null and name != ''">
 				<bind name="nameLike" value="'%' + name + '%'"/>
 				AND u.name LIKE #{nameLike}
@@ -175,53 +171,54 @@
 		ORDER BY u.create_time DESC
 	</select>
 
-    <select id="selectVoList" resultMap="baseResultMap">
-        SELECT
-        u.user_id,
-        u.username,
-        u.password,
-        u.salt,
-        u.phone,
-        u.avatar,
-        u.wx_openid,
-        u.qq_openid,
-        u.dept_id,
-        u.create_by,
-        u.create_time ucreate_time,
-        u.update_time uupdate_time,
-        u.del_flag,
-        u.lock_flag,
-        u.nickname,
-        u.name,
-        u.email,
-        d.name dept_name
-        FROM
-        sys_user u
-        LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
-        <where>
-            u.del_flag = '0'
-            <if test="query.username != null and query.username != ''">
-                <bind name="usernameLike" value="'%'+query.username+'%'"/>
-                AND u.username LIKE #{usernameLike}
-            </if>
-            <if test="query.deptId != null and query.deptId != ''">
-                AND u.dept_id = #{query.deptId}
-            </if>
-        </where>
+	<select id="selectVoList" resultMap="baseResultMap">
+		SELECT u.user_id,
+			   u.username,
+			   u.password,
+			   u.salt,
+			   u.phone,
+			   u.avatar,
+			   u.wx_openid,
+			   u.qq_openid,
+			   u.dept_id,
+			   u.create_by,
+			   u.create_time ucreate_time,
+			   u.update_time uupdate_time,
+			   u.del_flag,
+			   u.lock_flag,
+			   u.nickname,
+			   u.name,
+			   u.email,
+			   d.name        dept_name
+		FROM sys_user u
+				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
+		<where>
+			u.del_flag = '0'
+			<if test="query.username != null and query.username != ''">
+				<bind name="usernameLike" value="'%' + query.username + '%'"/>
+				AND u.username LIKE #{usernameLike}
+			</if>
+			<if test="query.deptId != null and query.deptId != ''">
+				AND u.dept_id = #{query.deptId}
+			</if>
+		</where>
 
-        <if test="_databaseId != 'mssql'">
-            ORDER BY u.create_time DESC
-        </if>
-    </select>
+		<if test="_databaseId != 'mssql'">
+			ORDER BY u.create_time DESC
+		</if>
+	</select>
 
 	<select id="getUserListByHospital" resultType="map">
 		SELECT user_id "id", name, hospital_id "hospitalId", phone
 		FROM sys_user
-		WHERE del_flag = 0 AND hospital_id = #{hospitalId} ORDER BY create_time DESC;
+		WHERE del_flag = 0
+		  AND hospital_id = #{hospitalId}
+		ORDER BY create_time DESC;
 	</select>
 
 	<update id="deleteByIds">
-		update sys_user set del_flag = 1
+		update sys_user
+		set del_flag = 1
 		where
 		<if test="ids != null and ids.length != 0">
 			<foreach item="item" index="index" collection="ids"
@@ -232,25 +229,26 @@
 	</update>
 
 	<select id="getUserCount" resultType="long">
-        select count(*)
-        from sys_user
-        where del_flag = 0
-    </select>
+		select count(*)
+		from sys_user
+		where del_flag = 0 and user_id != '1'
+	</select>
 
 	<select id="getUserCountSlot" resultType="long">
 		select count(*)
 		from sys_user
-		where del_flag = 0 and create_time <![CDATA[ >= ]]> #{start} and create_time <![CDATA[ <= ]]> #{end}
+		where del_flag = 0 and user_id != '1'
+		  and create_time <![CDATA[ >= ]]> #{start}
+		  and create_time <![CDATA[ <= ]]> #{end}
 	</select>
 
 	<select id="getCountByDate" resultType="map">
-		select DATE_FORMAT(create_time, '%Y-%m-%d') "date", count(*) "count" from sys_user
-		where
-		del_flag = 0
-		and create_time <![CDATA[ >= ]]> #{startTime}
-		and create_time <![CDATA[ <= ]]> #{endTime}
+		select DATE_FORMAT(create_time, '%Y-%m-%d') "date", count(*) "count"
+		from sys_user
+		where del_flag = 0 and user_id != 1
+		  and create_time <![CDATA[ >= ]]> #{startTime}
+		  and create_time <![CDATA[ <= ]]> #{endTime}
 		GROUP BY DATE_FORMAT(create_time, '%Y-%m-%d')
 		ORDER BY DATE_FORMAT(create_time, '%Y-%m-%d') asc;
 	</select>
-
 </mapper>