From 146c268dff91432c368d610e7fdea9a3a75fdba8 Mon Sep 17 00:00:00 2001
From: 丶Stone <244251889@qq.com>
Date: 星期三, 30 八月 2023 21:35:57 +0800
Subject: [PATCH] !416 fix 修复可能会存在的越权行为 * fix 修复可能会存在的越权行为
---
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java | 39 ++++++++++++++++++++++++++++++++++++---
1 files changed, 36 insertions(+), 3 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
index 57d562f..19db097 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
@@ -27,6 +27,7 @@
import org.dromara.system.domain.SysUserPost;
import org.dromara.system.domain.SysUserRole;
import org.dromara.system.domain.bo.SysUserBo;
+import org.dromara.system.domain.vo.SysDeptVo;
import org.dromara.system.domain.vo.SysPostVo;
import org.dromara.system.domain.vo.SysRoleVo;
import org.dromara.system.domain.vo.SysUserVo;
@@ -265,6 +266,25 @@
}
/**
+ * 鏍¢獙閮ㄩ棬鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param deptId 閮ㄩ棬id
+ */
+ @Override
+ public void checkDeptDataScope(Long deptId) {
+ if (ObjectUtil.isNull(deptId)) {
+ return;
+ }
+ if (LoginHelper.isSuperAdmin()) {
+ return;
+ }
+ SysDeptVo dept = deptMapper.selectDeptById(deptId);
+ if (ObjectUtil.isNull(dept)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
+ }
+ }
+
+ /**
* 鏂板淇濆瓨鐢ㄦ埛淇℃伅
*
* @param user 鐢ㄦ埛淇℃伅
@@ -273,6 +293,7 @@
@Override
@Transactional(rollbackFor = Exception.class)
public int insertUser(SysUserBo user) {
+ this.checkDeptDataScope(user.getDeptId());
SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
// 鏂板鐢ㄦ埛淇℃伅
int rows = baseMapper.insert(sysUser);
@@ -308,6 +329,7 @@
@Override
@Transactional(rollbackFor = Exception.class)
public int updateUser(SysUserBo user) {
+ this.checkDeptDataScope(user.getDeptId());
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
insertUserRole(user, true);
// 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�
@@ -330,9 +352,7 @@
@Override
@Transactional(rollbackFor = Exception.class)
public void insertUserAuth(Long userId, Long[] roleIds) {
- userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
- .eq(SysUserRole::getUserId, userId));
- insertUserRole(userId, roleIds, false);
+ insertUserRole(userId, roleIds, true);
}
/**
@@ -515,6 +535,19 @@
return flag;
}
+ /**
+ * 閫氳繃閮ㄩ棬id鏌ヨ褰撳墠閮ㄩ棬鎵�鏈夌敤鎴�
+ *
+ * @param deptId
+ * @return
+ */
+ @Override
+ public List<SysUserVo> selectUserListByDept(Long deptId) {
+ LambdaQueryWrapper<SysUser> lqw = Wrappers.lambdaQuery();
+ lqw.eq(SysUser::getDeptId, deptId);
+ return baseMapper.selectVoList(lqw);
+ }
+
@Cacheable(cacheNames = CacheNames.SYS_USER_NAME, key = "#userId")
@Override
public String selectUserNameById(Long userId) {
--
Gitblit v1.9.3