From 146c268dff91432c368d610e7fdea9a3a75fdba8 Mon Sep 17 00:00:00 2001
From: 丶Stone <244251889@qq.com>
Date: 星期三, 30 八月 2023 21:35:57 +0800
Subject: [PATCH] !416 fix 修复可能会存在的越权行为 * fix 修复可能会存在的越权行为

---
 ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java |   22 ++++++++++++++++++++++
 1 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
index 0a13a50..19db097 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
@@ -27,6 +27,7 @@
 import org.dromara.system.domain.SysUserPost;
 import org.dromara.system.domain.SysUserRole;
 import org.dromara.system.domain.bo.SysUserBo;
+import org.dromara.system.domain.vo.SysDeptVo;
 import org.dromara.system.domain.vo.SysPostVo;
 import org.dromara.system.domain.vo.SysRoleVo;
 import org.dromara.system.domain.vo.SysUserVo;
@@ -265,6 +266,25 @@
     }
 
     /**
+     * 鏍￠獙閮ㄩ棬鏄惁鏈夋暟鎹潈闄�
+     *
+     * @param deptId 閮ㄩ棬id
+     */
+    @Override
+    public void checkDeptDataScope(Long deptId) {
+        if (ObjectUtil.isNull(deptId)) {
+            return;
+        }
+        if (LoginHelper.isSuperAdmin()) {
+            return;
+        }
+        SysDeptVo dept = deptMapper.selectDeptById(deptId);
+        if (ObjectUtil.isNull(dept)) {
+            throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
+        }
+    }
+
+    /**
      * 鏂板淇濆瓨鐢ㄦ埛淇℃伅
      *
      * @param user 鐢ㄦ埛淇℃伅
@@ -273,6 +293,7 @@
     @Override
     @Transactional(rollbackFor = Exception.class)
     public int insertUser(SysUserBo user) {
+        this.checkDeptDataScope(user.getDeptId());
         SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
         // 鏂板鐢ㄦ埛淇℃伅
         int rows = baseMapper.insert(sysUser);
@@ -308,6 +329,7 @@
     @Override
     @Transactional(rollbackFor = Exception.class)
     public int updateUser(SysUserBo user) {
+        this.checkDeptDataScope(user.getDeptId());
         // 鏂板鐢ㄦ埛涓庤鑹茬鐞�
         insertUserRole(user, true);
         // 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�

--
Gitblit v1.9.3