From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java | 106 +++++++++++++++++++++++++++--------------------------
1 files changed, 54 insertions(+), 52 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
index a8dcdb4..2140a77 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@@ -5,11 +5,12 @@
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.core.toolkit.StringUtils;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.core.constant.UserConstants;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
+import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
@@ -18,6 +19,8 @@
import com.ruoyi.system.domain.SysRoleDept;
import com.ruoyi.system.domain.SysRoleMenu;
import com.ruoyi.system.domain.SysUserRole;
+import com.ruoyi.system.domain.bo.SysRoleBo;
+import com.ruoyi.system.domain.vo.SysRoleVo;
import com.ruoyi.system.mapper.SysRoleDeptMapper;
import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.mapper.SysRoleMenuMapper;
@@ -44,8 +47,8 @@
private final SysRoleDeptMapper roleDeptMapper;
@Override
- public TableDataInfo<SysRole> selectPageRoleList(SysRole role, PageQuery pageQuery) {
- Page<SysRole> page = baseMapper.selectPageRoleList(pageQuery.build(), this.buildQueryWrapper(role));
+ public TableDataInfo<SysRoleVo> selectPageRoleList(SysRoleBo role, PageQuery pageQuery) {
+ Page<SysRoleVo> page = baseMapper.selectPageRoleList(pageQuery.build(), this.buildQueryWrapper(role));
return TableDataInfo.build(page);
}
@@ -56,18 +59,18 @@
* @return 瑙掕壊鏁版嵁闆嗗悎淇℃伅
*/
@Override
- public List<SysRole> selectRoleList(SysRole role) {
+ public List<SysRoleVo> selectRoleList(SysRoleBo role) {
return baseMapper.selectRoleList(this.buildQueryWrapper(role));
}
- private Wrapper<SysRole> buildQueryWrapper(SysRole role) {
- Map<String, Object> params = role.getParams();
+ private Wrapper<SysRole> buildQueryWrapper(SysRoleBo bo) {
+ Map<String, Object> params = bo.getParams();
QueryWrapper<SysRole> wrapper = Wrappers.query();
wrapper.eq("r.del_flag", UserConstants.ROLE_NORMAL)
- .eq(ObjectUtil.isNotNull(role.getRoleId()), "r.role_id", role.getRoleId())
- .like(StringUtils.isNotBlank(role.getRoleName()), "r.role_name", role.getRoleName())
- .eq(StringUtils.isNotBlank(role.getStatus()), "r.status", role.getStatus())
- .like(StringUtils.isNotBlank(role.getRoleKey()), "r.role_key", role.getRoleKey())
+ .eq(ObjectUtil.isNotNull(bo.getRoleId()), "r.role_id", bo.getRoleId())
+ .like(StringUtils.isNotBlank(bo.getRoleName()), "r.role_name", bo.getRoleName())
+ .eq(StringUtils.isNotBlank(bo.getStatus()), "r.status", bo.getStatus())
+ .like(StringUtils.isNotBlank(bo.getRoleKey()), "r.role_key", bo.getRoleKey())
.between(params.get("beginTime") != null && params.get("endTime") != null,
"r.create_time", params.get("beginTime"), params.get("endTime"))
.orderByAsc("r.role_sort");
@@ -81,11 +84,11 @@
* @return 瑙掕壊鍒楄〃
*/
@Override
- public List<SysRole> selectRolesByUserId(Long userId) {
- List<SysRole> userRoles = baseMapper.selectRolePermissionByUserId(userId);
- List<SysRole> roles = selectRoleAll();
- for (SysRole role : roles) {
- for (SysRole userRole : userRoles) {
+ public List<SysRoleVo> selectRolesByUserId(Long userId) {
+ List<SysRoleVo> userRoles = baseMapper.selectRolePermissionByUserId(userId);
+ List<SysRoleVo> roles = selectRoleAll();
+ for (SysRoleVo role : roles) {
+ for (SysRoleVo userRole : userRoles) {
if (role.getRoleId().longValue() == userRole.getRoleId().longValue()) {
role.setFlag(true);
break;
@@ -103,11 +106,11 @@
*/
@Override
public Set<String> selectRolePermissionByUserId(Long userId) {
- List<SysRole> perms = baseMapper.selectRolePermissionByUserId(userId);
+ List<SysRoleVo> perms = baseMapper.selectRolePermissionByUserId(userId);
Set<String> permsSet = new HashSet<>();
- for (SysRole perm : perms) {
+ for (SysRoleVo perm : perms) {
if (ObjectUtil.isNotNull(perm)) {
- permsSet.addAll(Arrays.asList(perm.getRoleKey().trim().split(",")));
+ permsSet.addAll(StringUtils.splitList(perm.getRoleKey().trim()));
}
}
return permsSet;
@@ -119,8 +122,8 @@
* @return 瑙掕壊鍒楄〃
*/
@Override
- public List<SysRole> selectRoleAll() {
- return this.selectRoleList(new SysRole());
+ public List<SysRoleVo> selectRoleAll() {
+ return this.selectRoleList(new SysRoleBo());
}
/**
@@ -141,8 +144,8 @@
* @return 瑙掕壊瀵硅薄淇℃伅
*/
@Override
- public SysRole selectRoleById(Long roleId) {
- return baseMapper.selectById(roleId);
+ public SysRoleVo selectRoleById(Long roleId) {
+ return baseMapper.selectVoById(roleId);
}
/**
@@ -152,14 +155,11 @@
* @return 缁撴灉
*/
@Override
- public String checkRoleNameUnique(SysRole role) {
+ public boolean checkRoleNameUnique(SysRoleBo role) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysRole>()
.eq(SysRole::getRoleName, role.getRoleName())
.ne(ObjectUtil.isNotNull(role.getRoleId()), SysRole::getRoleId, role.getRoleId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -169,14 +169,11 @@
* @return 缁撴灉
*/
@Override
- public String checkRoleKeyUnique(SysRole role) {
+ public boolean checkRoleKeyUnique(SysRoleBo role) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysRole>()
.eq(SysRole::getRoleKey, role.getRoleKey())
.ne(ObjectUtil.isNotNull(role.getRoleId()), SysRole::getRoleId, role.getRoleId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -185,8 +182,8 @@
* @param role 瑙掕壊淇℃伅
*/
@Override
- public void checkRoleAllowed(SysRole role) {
- if (ObjectUtil.isNotNull(role.getRoleId()) && role.isAdmin()) {
+ public void checkRoleAllowed(SysRoleBo role) {
+ if (ObjectUtil.isNotNull(role.getRoleId()) && role.isSuperAdmin()) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳瑙掕壊");
}
}
@@ -198,10 +195,10 @@
*/
@Override
public void checkRoleDataScope(Long roleId) {
- if (!LoginHelper.isAdmin()) {
- SysRole role = new SysRole();
+ if (!LoginHelper.isSuperAdmin()) {
+ SysRoleBo role = new SysRoleBo();
role.setRoleId(roleId);
- List<SysRole> roles = this.selectRoleList(role);
+ List<SysRoleVo> roles = this.selectRoleList(role);
if (CollUtil.isEmpty(roles)) {
throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
}
@@ -222,59 +219,64 @@
/**
* 鏂板淇濆瓨瑙掕壊淇℃伅
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int insertRole(SysRole role) {
+ public int insertRole(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
// 鏂板瑙掕壊淇℃伅
baseMapper.insert(role);
- return insertRoleMenu(role);
+ bo.setRoleId(role.getRoleId());
+ return insertRoleMenu(bo);
}
/**
* 淇敼淇濆瓨瑙掕壊淇℃伅
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int updateRole(SysRole role) {
+ public int updateRole(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
// 淇敼瑙掕壊淇℃伅
baseMapper.updateById(role);
// 鍒犻櫎瑙掕壊涓庤彍鍗曞叧鑱�
roleMenuMapper.delete(new LambdaQueryWrapper<SysRoleMenu>().eq(SysRoleMenu::getRoleId, role.getRoleId()));
- return insertRoleMenu(role);
+ return insertRoleMenu(bo);
}
/**
* 淇敼瑙掕壊鐘舵��
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
- public int updateRoleStatus(SysRole role) {
+ public int updateRoleStatus(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
return baseMapper.updateById(role);
}
/**
* 淇敼鏁版嵁鏉冮檺淇℃伅
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int authDataScope(SysRole role) {
+ public int authDataScope(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
// 淇敼瑙掕壊淇℃伅
baseMapper.updateById(role);
// 鍒犻櫎瑙掕壊涓庨儴闂ㄥ叧鑱�
roleDeptMapper.delete(new LambdaQueryWrapper<SysRoleDept>().eq(SysRoleDept::getRoleId, role.getRoleId()));
// 鏂板瑙掕壊鍜岄儴闂ㄤ俊鎭紙鏁版嵁鏉冮檺锛�
- return insertRoleDept(role);
+ return insertRoleDept(bo);
}
/**
@@ -282,7 +284,7 @@
*
* @param role 瑙掕壊瀵硅薄
*/
- public int insertRoleMenu(SysRole role) {
+ public int insertRoleMenu(SysRoleBo role) {
int rows = 1;
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
List<SysRoleMenu> list = new ArrayList<SysRoleMenu>();
@@ -303,7 +305,7 @@
*
* @param role 瑙掕壊瀵硅薄
*/
- public int insertRoleDept(SysRole role) {
+ public int insertRoleDept(SysRoleBo role) {
int rows = 1;
// 鏂板瑙掕壊涓庨儴闂紙鏁版嵁鏉冮檺锛夌鐞�
List<SysRoleDept> list = new ArrayList<SysRoleDept>();
@@ -345,9 +347,9 @@
@Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(Long[] roleIds) {
for (Long roleId : roleIds) {
- checkRoleAllowed(new SysRole(roleId));
+ checkRoleAllowed(new SysRoleBo(roleId));
checkRoleDataScope(roleId);
- SysRole role = selectRoleById(roleId);
+ SysRole role = baseMapper.selectById(roleId);
if (countUserRoleByRoleId(roleId) > 0) {
throw new ServiceException(String.format("%1$s宸插垎閰�,涓嶈兘鍒犻櫎", role.getRoleName()));
}
--
Gitblit v1.9.3