From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java | 92 +++++++++++++++++++++++++++++++++++++---------
1 files changed, 74 insertions(+), 18 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
index c4205eb..9b8b0ec 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
@@ -2,6 +2,7 @@
import cn.dev33.satoken.exception.NotLoginException;
import cn.dev33.satoken.stp.StpUtil;
+import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
@@ -10,6 +11,8 @@
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import lombok.RequiredArgsConstructor;
+import org.dromara.common.core.constant.TenantConstants;
import org.dromara.common.core.constant.UserConstants;
import org.dromara.common.core.domain.model.LoginUser;
import org.dromara.common.core.exception.ServiceException;
@@ -30,7 +33,6 @@
import org.dromara.system.mapper.SysRoleMenuMapper;
import org.dromara.system.mapper.SysUserRoleMapper;
import org.dromara.system.service.ISysRoleService;
-import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -77,7 +79,7 @@
.like(StringUtils.isNotBlank(bo.getRoleKey()), "r.role_key", bo.getRoleKey())
.between(params.get("beginTime") != null && params.get("endTime") != null,
"r.create_time", params.get("beginTime"), params.get("endTime"))
- .orderByAsc("r.role_sort").orderByAsc("r.create_time");;
+ .orderByAsc("r.role_sort").orderByAsc("r.create_time");
return wrapper;
}
@@ -89,14 +91,24 @@
*/
@Override
public List<SysRoleVo> selectRolesByUserId(Long userId) {
- List<SysRoleVo> userRoles = baseMapper.selectRolePermissionByUserId(userId);
+ return baseMapper.selectRolesByUserId(userId);
+ }
+
+ /**
+ * 鏍规嵁鐢ㄦ埛ID鏌ヨ瑙掕壊鍒楄〃(鍖呭惈琚巿鏉冪姸鎬�)
+ *
+ * @param userId 鐢ㄦ埛ID
+ * @return 瑙掕壊鍒楄〃
+ */
+ @Override
+ public List<SysRoleVo> selectRolesAuthByUserId(Long userId) {
+ List<SysRoleVo> userRoles = baseMapper.selectRolesByUserId(userId);
List<SysRoleVo> roles = selectRoleAll();
+ // 浣跨敤HashSet鎻愰珮鏌ユ壘鏁堢巼
+ Set<Long> userRoleIds = StreamUtils.toSet(userRoles, SysRoleVo::getRoleId);
for (SysRoleVo role : roles) {
- for (SysRoleVo userRole : userRoles) {
- if (role.getRoleId().longValue() == userRole.getRoleId().longValue()) {
- role.setFlag(true);
- break;
- }
+ if (userRoleIds.contains(role.getRoleId())) {
+ role.setFlag(true);
}
}
return roles;
@@ -110,7 +122,7 @@
*/
@Override
public Set<String> selectRolePermissionByUserId(Long userId) {
- List<SysRoleVo> perms = baseMapper.selectRolePermissionByUserId(userId);
+ List<SysRoleVo> perms = baseMapper.selectRolesByUserId(userId);
Set<String> permsSet = new HashSet<>();
for (SysRoleVo perm : perms) {
if (ObjectUtil.isNotNull(perm)) {
@@ -138,7 +150,8 @@
*/
@Override
public List<Long> selectRoleListByUserId(Long userId) {
- return baseMapper.selectRoleListByUserId(userId);
+ List<SysRoleVo> list = baseMapper.selectRolesByUserId(userId);
+ return StreamUtils.toList(list, SysRoleVo::getRoleId);
}
/**
@@ -150,6 +163,19 @@
@Override
public SysRoleVo selectRoleById(Long roleId) {
return baseMapper.selectRoleById(roleId);
+ }
+
+ /**
+ * 閫氳繃瑙掕壊ID涓叉煡璇㈣鑹�
+ *
+ * @param roleIds 瑙掕壊ID涓�
+ * @return 瑙掕壊鍒楄〃淇℃伅
+ */
+ @Override
+ public List<SysRoleVo> selectRoleByIds(List<Long> roleIds) {
+ return baseMapper.selectRoleList(new QueryWrapper<SysRole>()
+ .eq("r.status", UserConstants.ROLE_NORMAL)
+ .in(CollUtil.isNotEmpty(roleIds), "r.role_id", roleIds));
}
/**
@@ -183,12 +209,30 @@
/**
* 鏍¢獙瑙掕壊鏄惁鍏佽鎿嶄綔
*
- * @param roleId 瑙掕壊ID
+ * @param role 瑙掕壊淇℃伅
*/
@Override
- public void checkRoleAllowed(Long roleId) {
- if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) {
+ public void checkRoleAllowed(SysRoleBo role) {
+ if (ObjectUtil.isNotNull(role.getRoleId()) && LoginHelper.isSuperAdmin(role.getRoleId())) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳瑙掕壊");
+ }
+ String[] keys = new String[]{TenantConstants.SUPER_ADMIN_ROLE_KEY, TenantConstants.TENANT_ADMIN_ROLE_KEY};
+ // 鏂板涓嶅厑璁镐娇鐢� 绠$悊鍛樻爣璇嗙
+ if (ObjectUtil.isNull(role.getRoleId())
+ && StringUtils.equalsAny(role.getRoleKey(), keys)) {
+ throw new ServiceException("涓嶅厑璁镐娇鐢ㄧ郴缁熷唴缃鐞嗗憳瑙掕壊鏍囪瘑绗�!");
+ }
+ // 淇敼涓嶅厑璁镐慨鏀� 绠$悊鍛樻爣璇嗙
+ if (ObjectUtil.isNotNull(role.getRoleId())) {
+ SysRole sysRole = baseMapper.selectById(role.getRoleId());
+ // 濡傛灉鏍囪瘑绗︿笉鐩哥瓑 鍒ゆ柇涓轰慨鏀逛簡绠$悊鍛樻爣璇嗙
+ if (!StringUtils.equals(sysRole.getRoleKey(), role.getRoleKey())) {
+ if (StringUtils.equalsAny(sysRole.getRoleKey(), keys)) {
+ throw new ServiceException("涓嶅厑璁镐慨鏀圭郴缁熷唴缃鐞嗗憳瑙掕壊鏍囪瘑绗�!");
+ } else if (StringUtils.equalsAny(role.getRoleKey(), keys)) {
+ throw new ServiceException("涓嶅厑璁镐娇鐢ㄧ郴缁熷唴缃鐞嗗憳瑙掕壊鏍囪瘑绗�!");
+ }
+ }
}
}
@@ -249,6 +293,10 @@
@Transactional(rollbackFor = Exception.class)
public int updateRole(SysRoleBo bo) {
SysRole role = MapstructUtils.convert(bo, SysRole.class);
+
+ if (UserConstants.ROLE_DISABLE.equals(role.getStatus()) && this.countUserRoleByRoleId(role.getRoleId()) > 0) {
+ throw new ServiceException("瑙掕壊宸插垎閰嶏紝涓嶈兘绂佺敤!");
+ }
// 淇敼瑙掕壊淇℃伅
baseMapper.updateById(role);
// 鍒犻櫎瑙掕壊涓庤彍鍗曞叧鑱�
@@ -265,6 +313,9 @@
*/
@Override
public int updateRoleStatus(Long roleId, String status) {
+ if (UserConstants.ROLE_DISABLE.equals(status) && this.countUserRoleByRoleId(roleId) > 0) {
+ throw new ServiceException("瑙掕壊宸插垎閰嶏紝涓嶈兘绂佺敤!");
+ }
return baseMapper.update(null,
new LambdaUpdateWrapper<SysRole>()
.set(SysRole::getStatus, status)
@@ -357,11 +408,11 @@
@Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(Long[] roleIds) {
for (Long roleId : roleIds) {
- checkRoleAllowed(roleId);
- checkRoleDataScope(roleId);
SysRole role = baseMapper.selectById(roleId);
+ checkRoleAllowed(BeanUtil.toBean(role, SysRoleBo.class));
+ checkRoleDataScope(roleId);
if (countUserRoleByRoleId(roleId) > 0) {
- throw new ServiceException(String.format("%1$s宸插垎閰�,涓嶈兘鍒犻櫎", role.getRoleName()));
+ throw new ServiceException(String.format("%1$s宸插垎閰嶏紝涓嶈兘鍒犻櫎!", role.getRoleName()));
}
}
List<Long> ids = Arrays.asList(roleIds);
@@ -369,7 +420,7 @@
roleMenuMapper.delete(new LambdaQueryWrapper<SysRoleMenu>().in(SysRoleMenu::getRoleId, ids));
// 鍒犻櫎瑙掕壊涓庨儴闂ㄥ叧鑱�
roleDeptMapper.delete(new LambdaQueryWrapper<SysRoleDept>().in(SysRoleDept::getRoleId, ids));
- return baseMapper.deleteBatchIds(ids);
+ return baseMapper.deleteByIds(ids);
}
/**
@@ -435,6 +486,11 @@
@Override
public void cleanOnlineUserByRole(Long roleId) {
+ // 濡傛灉瑙掕壊鏈粦瀹氱敤鎴� 鐩存帴杩斿洖
+ Long num = userRoleMapper.selectCount(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getRoleId, roleId));
+ if (num == 0) {
+ return;
+ }
List<String> keys = StpUtil.searchTokenValue("", 0, -1, false);
if (CollUtil.isEmpty(keys)) {
return;
@@ -443,7 +499,7 @@
keys.parallelStream().forEach(key -> {
String token = StringUtils.substringAfterLast(key, ":");
// 濡傛灉宸茬粡杩囨湡鍒欒烦杩�
- if (StpUtil.stpLogic.getTokenActivityTimeoutByToken(token) < -1) {
+ if (StpUtil.stpLogic.getTokenActiveTimeoutByToken(token) < -1) {
return;
}
LoginUser loginUser = LoginHelper.getLoginUser(token);
--
Gitblit v1.9.3