From 0b852faf00776601e7ecd6c4d57f4f75ce70caff Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期六, 29 一月 2022 09:23:11 +0800
Subject: [PATCH] Merge remote-tracking branch 'ruoyi-vue/master' into dev

---
 ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
index a8f6256..ceae510 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -111,7 +111,7 @@
         List<SysRole> roles = roleService.selectRoleAll();
         ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
         ajax.put("posts", postService.selectPostAll());
-        if (StringUtils.isNotNull(userId)) {
+        if (ObjectUtil.isNotNull(userId)) {
             SysUser sysUser = userService.selectUserById(userId);
             ajax.put("user", sysUser);
             ajax.put("postIds", postService.selectPostListByUserId(userId));
@@ -150,6 +150,7 @@
     @PutMapping
     public AjaxResult<Void> edit(@Validated @RequestBody SysUser user) {
         userService.checkUserAllowed(user);
+        userService.checkUserDataScope(user.getUserId());
         if (StringUtils.isNotEmpty(user.getPhonenumber())
             && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
             return AjaxResult.error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
@@ -183,6 +184,7 @@
     @PutMapping("/resetPwd")
     public AjaxResult<Void> resetPwd(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
+        userService.checkUserDataScope(user.getUserId());
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         return toAjax(userService.resetPwd(user));
     }
@@ -196,6 +198,7 @@
     @PutMapping("/changeStatus")
     public AjaxResult<Void> changeStatus(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
+        userService.checkUserDataScope(user.getUserId());
         return toAjax(userService.updateUserStatus(user));
     }
 
@@ -226,6 +229,7 @@
     @Log(title = "鐢ㄦ埛绠＄悊", businessType = BusinessType.GRANT)
     @PutMapping("/authRole")
     public AjaxResult<Void> insertAuthRole(Long userId, Long[] roleIds) {
+        userService.checkUserDataScope(userId);
         userService.insertUserAuth(userId, roleIds);
         return success();
     }

--
Gitblit v1.9.3