From cdb509a4fa10bf32fd1341e04dee7c9c9c7f8c20 Mon Sep 17 00:00:00 2001
From: jenn <244251889@qq.com>
Date: 星期五, 10 三月 2023 21:15:54 +0800
Subject: [PATCH] fix 修复用户相关更新操作会越权的问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysDeptController.java | 31 ++++++++++++++++---------------
1 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysDeptController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysDeptController.java
index 9abed98..6caf0df 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysDeptController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysDeptController.java
@@ -1,14 +1,15 @@
package com.ruoyi.system.controller.system;
import cn.dev33.satoken.annotation.SaCheckPermission;
-import cn.hutool.core.util.ArrayUtil;
-import com.ruoyi.common.log.annotation.Log;
+import cn.hutool.core.convert.Convert;
import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.web.core.BaseController;
import com.ruoyi.common.core.domain.R;
-import com.ruoyi.system.domain.SysDept;
-import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.log.annotation.Log;
+import com.ruoyi.common.log.enums.BusinessType;
+import com.ruoyi.common.web.core.BaseController;
+import com.ruoyi.system.domain.bo.SysDeptBo;
+import com.ruoyi.system.domain.vo.SysDeptVo;
import com.ruoyi.system.service.ISysDeptService;
import lombok.RequiredArgsConstructor;
import org.springframework.validation.annotation.Validated;
@@ -34,8 +35,8 @@
*/
@SaCheckPermission("system:dept:list")
@GetMapping("/list")
- public R<List<SysDept>> list(SysDept dept) {
- List<SysDept> depts = deptService.selectDeptList(dept);
+ public R<List<SysDeptVo>> list(SysDeptBo dept) {
+ List<SysDeptVo> depts = deptService.selectDeptList(dept);
return R.ok(depts);
}
@@ -46,10 +47,10 @@
*/
@SaCheckPermission("system:dept:list")
@GetMapping("/list/exclude/{deptId}")
- public R<List<SysDept>> excludeChild(@PathVariable(value = "deptId", required = false) Long deptId) {
- List<SysDept> depts = deptService.selectDeptList(new SysDept());
+ public R<List<SysDeptVo>> excludeChild(@PathVariable(value = "deptId", required = false) Long deptId) {
+ List<SysDeptVo> depts = deptService.selectDeptList(new SysDeptBo());
depts.removeIf(d -> d.getDeptId().equals(deptId)
- || ArrayUtil.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
+ || StringUtils.splitList(d.getAncestors()).contains(Convert.toStr(deptId)));
return R.ok(depts);
}
@@ -60,7 +61,7 @@
*/
@SaCheckPermission("system:dept:query")
@GetMapping(value = "/{deptId}")
- public R<SysDept> getInfo(@PathVariable Long deptId) {
+ public R<SysDeptVo> getInfo(@PathVariable Long deptId) {
deptService.checkDeptDataScope(deptId);
return R.ok(deptService.selectDeptById(deptId));
}
@@ -71,8 +72,8 @@
@SaCheckPermission("system:dept:add")
@Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.INSERT)
@PostMapping
- public R<Void> add(@Validated @RequestBody SysDept dept) {
- if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept))) {
+ public R<Void> add(@Validated @RequestBody SysDeptBo dept) {
+ if (!deptService.checkDeptNameUnique(dept)) {
return R.fail("鏂板閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛岄儴闂ㄥ悕绉板凡瀛樺湪");
}
return toAjax(deptService.insertDept(dept));
@@ -84,10 +85,10 @@
@SaCheckPermission("system:dept:edit")
@Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.UPDATE)
@PutMapping
- public R<Void> edit(@Validated @RequestBody SysDept dept) {
+ public R<Void> edit(@Validated @RequestBody SysDeptBo dept) {
Long deptId = dept.getDeptId();
deptService.checkDeptDataScope(deptId);
- if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept))) {
+ if (!deptService.checkDeptNameUnique(dept)) {
return R.fail("淇敼閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛岄儴闂ㄥ悕绉板凡瀛樺湪");
} else if (dept.getParentId().equals(deptId)) {
return R.fail("淇敼閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛屼笂绾ч儴闂ㄤ笉鑳芥槸鑷繁");
--
Gitblit v1.9.3