ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysRoleController.java
@@ -1,19 +1,14 @@ package org.dromara.system.controller.system; import cn.dev33.satoken.annotation.SaCheckPermission; import cn.dev33.satoken.exception.NotLoginException; import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.collection.CollUtil; import org.dromara.common.core.constant.GlobalConstants; import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import org.dromara.common.core.domain.R; import org.dromara.common.core.domain.model.LoginUser; import org.dromara.common.core.utils.StringUtils; import org.dromara.common.excel.utils.ExcelUtil; import org.dromara.common.log.annotation.Log; import org.dromara.common.log.enums.BusinessType; import org.dromara.common.mybatis.core.page.PageQuery; import org.dromara.common.mybatis.core.page.TableDataInfo; import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.common.web.core.BaseController; import org.dromara.system.domain.SysUserRole; import org.dromara.system.domain.bo.SysDeptBo; @@ -25,8 +20,6 @@ import org.dromara.system.service.ISysDeptService; import org.dromara.system.service.ISysRoleService; import org.dromara.system.service.ISysUserService; import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -102,7 +95,7 @@ @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping public R<Void> edit(@Validated @RequestBody SysRoleBo role) { roleService.checkRoleAllowed(role.getRoleId()); roleService.checkRoleAllowed(role); roleService.checkRoleDataScope(role.getRoleId()); if (!roleService.checkRoleNameUnique(role)) { return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); @@ -124,7 +117,7 @@ @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping("/dataScope") public R<Void> dataScope(@RequestBody SysRoleBo role) { roleService.checkRoleAllowed(role.getRoleId()); roleService.checkRoleAllowed(role); roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.authDataScope(role)); } @@ -136,7 +129,7 @@ @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping("/changeStatus") public R<Void> changeStatus(@RequestBody SysRoleBo role) { roleService.checkRoleAllowed(role.getRoleId()); roleService.checkRoleAllowed(role); roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus())); } ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysRoleService.java
@@ -85,9 +85,9 @@ /** * 校验角色是否允许操作 * * @param roleId 角色ID * @param role 角色信息 */ void checkRoleAllowed(Long roleId); void checkRoleAllowed(SysRoleBo role); /** * 校验角色是否有数据权限 ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
@@ -2,6 +2,7 @@ import cn.dev33.satoken.exception.NotLoginException; import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.util.ObjectUtil; import com.baomidou.mybatisplus.core.conditions.Wrapper; @@ -10,6 +11,8 @@ import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import lombok.RequiredArgsConstructor; import org.dromara.common.core.constant.TenantConstants; import org.dromara.common.core.constant.UserConstants; import org.dromara.common.core.domain.model.LoginUser; import org.dromara.common.core.exception.ServiceException; @@ -30,7 +33,6 @@ import org.dromara.system.mapper.SysRoleMenuMapper; import org.dromara.system.mapper.SysUserRoleMapper; import org.dromara.system.service.ISysRoleService; import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -183,12 +185,28 @@ /** * 校验角色是否允许操作 * * @param roleId 角色ID * @param role 角色信息 */ @Override public void checkRoleAllowed(Long roleId) { if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) { public void checkRoleAllowed(SysRoleBo role) { if (ObjectUtil.isNotNull(role.getRoleId()) && LoginHelper.isSuperAdmin(role.getRoleId())) { throw new ServiceException("不允许操作超级管理员角色"); } // 新增不允许使用 管理员标识符 if (ObjectUtil.isNull(role.getRoleId()) && StringUtils.equalsAny(role.getRoleKey(), TenantConstants.SUPER_ADMIN_ROLE_KEY, TenantConstants.TENANT_ADMIN_ROLE_KEY)) { throw new ServiceException("不允许使用系统内置管理员角色标识符!"); } // 修改不允许修改 管理员标识符 if (ObjectUtil.isNotNull(role.getRoleId())) { SysRole sysRole = baseMapper.selectById(role.getRoleId()); // 如果标识符不相等 判断为修改了管理员标识符 if (!StringUtils.equals(sysRole.getRoleKey(), role.getRoleKey()) && StringUtils.equalsAny(sysRole.getRoleKey(), TenantConstants.SUPER_ADMIN_ROLE_KEY, TenantConstants.TENANT_ADMIN_ROLE_KEY)) { throw new ServiceException("不允许修改系统内置管理员角色标识符!"); } } } @@ -357,9 +375,9 @@ @Transactional(rollbackFor = Exception.class) public int deleteRoleByIds(Long[] roleIds) { for (Long roleId : roleIds) { checkRoleAllowed(roleId); checkRoleDataScope(roleId); SysRole role = baseMapper.selectById(roleId); checkRoleAllowed(BeanUtil.toBean(role, SysRoleBo.class)); checkRoleDataScope(roleId); if (countUserRoleByRoleId(roleId) > 0) { throw new ServiceException(String.format("%1$s已分配,不能删除", role.getRoleName())); }
