From f0a9768d8e7ee39e4e6b2e1646e8585504095ea3 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期六, 11 三月 2023 01:32:38 +0800
Subject: [PATCH] update 优化 重构系统业务数据权限 避免可能存在的越权风险
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java | 32 +++--
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java | 9 +
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml | 4
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml | 5 +
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java | 43 +++++---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java | 10 +-
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java | 10 -
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java | 6 +
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java | 13 +-
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java | 5 +
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java | 124 ++++++++++++------------
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java | 2
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java | 7 +
13 files changed, 151 insertions(+), 119 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
index 96400f6..4ef7c36 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
@@ -22,7 +22,6 @@
import com.ruoyi.system.domain.vo.SysRoleVo;
import com.ruoyi.system.domain.vo.SysUserVo;
import com.ruoyi.system.service.ISysDeptService;
-import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
import jakarta.servlet.http.HttpServletResponse;
@@ -46,7 +45,6 @@
private final ISysRoleService roleService;
private final ISysUserService userService;
private final ISysDeptService deptService;
- private final ISysPermissionService permissionService;
/**
* 鑾峰彇瑙掕壊淇℃伅鍒楄〃
@@ -103,7 +101,7 @@
@Log(title = "瑙掕壊绠$悊", businessType = BusinessType.UPDATE)
@PutMapping
public R<Void> edit(@Validated @RequestBody SysRoleBo role) {
- roleService.checkRoleAllowed(role);
+ roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId());
if (!roleService.checkRoleNameUnique(role)) {
return R.fail("淇敼瑙掕壊'" + role.getRoleName() + "'澶辫触锛岃鑹插悕绉板凡瀛樺湪");
@@ -143,7 +141,7 @@
@Log(title = "瑙掕壊绠$悊", businessType = BusinessType.UPDATE)
@PutMapping("/dataScope")
public R<Void> dataScope(@RequestBody SysRoleBo role) {
- roleService.checkRoleAllowed(role);
+ roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId());
return toAjax(roleService.authDataScope(role));
}
@@ -155,9 +153,9 @@
@Log(title = "瑙掕壊绠$悊", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus")
public R<Void> changeStatus(@RequestBody SysRoleBo role) {
- roleService.checkRoleAllowed(role);
+ roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId());
- return toAjax(roleService.updateRoleStatus(role));
+ return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus()));
}
/**
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
index bc067a5..b071853 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
@@ -145,7 +145,7 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.UPDATE)
@PutMapping
public R<Void> edit(@Validated @RequestBody SysUserBo user) {
- userService.checkUserAllowed(user);
+ userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
if (!userService.checkUserNameUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
@@ -179,10 +179,10 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.UPDATE)
@PutMapping("/resetPwd")
public R<Void> resetPwd(@RequestBody SysUserBo user) {
- userService.checkUserAllowed(user);
+ userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
user.setPassword(BCrypt.hashpw(user.getPassword()));
- return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword()));
+ return toAjax(userService.resetUserPwd(user.getUserId(), user.getPassword()));
}
/**
@@ -192,9 +192,9 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus")
public R<Void> changeStatus(@RequestBody SysUserBo user) {
- userService.checkUserAllowed(user);
+ userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
- return toAjax(userService.updateUserStatus(user));
+ return toAjax(userService.updateUserStatus(user.getUserId(), user.getStatus()));
}
/**
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
index b201e3d..f442317 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
@@ -67,7 +67,7 @@
SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
user.setUserId(userId);
ValidatorUtils.validate(user);
- userService.checkUserAllowed(user);
+ userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
user.setUpdateBy(operUserId);
userService.updateUser(user);
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java
index 3d08382..d6ac989 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java
@@ -29,6 +29,11 @@
})
List<SysDeptVo> selectDeptList(@Param(Constants.WRAPPER) Wrapper<SysDept> queryWrapper);
+ @DataPermission({
+ @DataColumn(key = "deptName", value = "dept_id")
+ })
+ SysDeptVo selectDeptById(Long deptId);
+
/**
* 鏍规嵁瑙掕壊ID鏌ヨ閮ㄩ棬鏍戜俊鎭�
*
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java
index c6d0ad4..2d8a37f 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java
@@ -5,8 +5,8 @@
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.mybatis.annotation.DataColumn;
import com.ruoyi.common.mybatis.annotation.DataPermission;
-import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus;
+import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.vo.SysRoleVo;
import org.apache.ibatis.annotations.Param;
@@ -35,6 +35,11 @@
})
List<SysRoleVo> selectRoleList(@Param(Constants.WRAPPER) Wrapper<SysRole> queryWrapper);
+ @DataPermission({
+ @DataColumn(key = "deptName", value = "d.dept_id")
+ })
+ SysRoleVo selectRoleById(Long roleId);
+
/**
* 鏍规嵁鐢ㄦ埛ID鏌ヨ瑙掕壊
*
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
index 19df29b..4d46619 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
@@ -104,6 +104,10 @@
* @param userId 鐢ㄦ埛ID
* @return 鐢ㄦ埛瀵硅薄淇℃伅
*/
+ @DataPermission({
+ @DataColumn(key = "deptName", value = "d.dept_id"),
+ @DataColumn(key = "userName", value = "u.user_id")
+ })
SysUserVo selectUserById(Long userId);
@Override
@@ -111,7 +115,7 @@
@DataColumn(key = "deptName", value = "dept_id"),
@DataColumn(key = "userName", value = "user_id")
})
- int update(@Param(Constants.ENTITY) SysUser user,@Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
+ int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
@Override
@DataPermission({
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
index 2e6dcfe..0f852fe 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
@@ -85,9 +85,9 @@
/**
* 鏍¢獙瑙掕壊鏄惁鍏佽鎿嶄綔
*
- * @param role 瑙掕壊淇℃伅
+ * @param roleId 瑙掕壊ID
*/
- void checkRoleAllowed(SysRoleBo role);
+ void checkRoleAllowed(Long roleId);
/**
* 鏍¢獙瑙掕壊鏄惁鏈夋暟鎹潈闄�
@@ -123,10 +123,11 @@
/**
* 淇敼瑙掕壊鐘舵��
*
- * @param bo 瑙掕壊淇℃伅
+ * @param roleId 瑙掕壊ID
+ * @param status 瑙掕壊鐘舵��
* @return 缁撴灉
*/
- int updateRoleStatus(SysRoleBo bo);
+ int updateRoleStatus(Long roleId, String status);
/**
* 淇敼鏁版嵁鏉冮檺淇℃伅
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
index b39a473..ed1afdd 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
@@ -108,9 +108,9 @@
/**
* 鏍¢獙鐢ㄦ埛鏄惁鍏佽鎿嶄綔
*
- * @param user 鐢ㄦ埛淇℃伅
+ * @param userId 鐢ㄦ埛ID
*/
- void checkUserAllowed(SysUserBo user);
+ void checkUserAllowed(Long userId);
/**
* 鏍¢獙鐢ㄦ埛鏄惁鏈夋暟鎹潈闄�
@@ -154,10 +154,11 @@
/**
* 淇敼鐢ㄦ埛鐘舵��
*
- * @param user 鐢ㄦ埛淇℃伅
+ * @param userId 鐢ㄦ埛ID
+ * @param status 甯愬彿鐘舵��
* @return 缁撴灉
*/
- int updateUserStatus(SysUserBo user);
+ int updateUserStatus(Long userId, String status);
/**
* 淇敼鐢ㄦ埛鍩烘湰淇℃伅
@@ -171,7 +172,7 @@
* 淇敼鐢ㄦ埛澶村儚
*
* @param userId 鐢ㄦ埛ID
- * @param avatar 澶村儚鍦板潃
+ * @param avatar 澶村儚鍦板潃
* @return 缁撴灉
*/
boolean updateUserAvatar(Long userId, Long avatar);
@@ -179,7 +180,7 @@
/**
* 閲嶇疆鐢ㄦ埛瀵嗙爜
*
- * @param userId 鐢ㄦ埛ID
+ * @param userId 鐢ㄦ埛ID
* @param password 瀵嗙爜
* @return 缁撴灉
*/
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
index 04ff3f5..4a0722a 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
@@ -212,13 +212,15 @@
*/
@Override
public void checkDeptDataScope(Long deptId) {
- if (!LoginHelper.isSuperAdmin()) {
- SysDeptBo dept = new SysDeptBo();
- dept.setDeptId(deptId);
- List<SysDeptVo> depts = this.selectDeptList(dept);
- if (CollUtil.isEmpty(depts)) {
- throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
- }
+ if (ObjectUtil.isNull(deptId)) {
+ return;
+ }
+ if (LoginHelper.isSuperAdmin()) {
+ return;
+ }
+ SysDeptVo dept = baseMapper.selectDeptById(deptId);
+ if (ObjectUtil.isNull(dept)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
}
}
@@ -250,13 +252,17 @@
@Override
public int updateDept(SysDeptBo bo) {
SysDept dept = MapstructUtils.convert(bo, SysDept.class);
- SysDept newParentDept = baseMapper.selectById(dept.getParentId());
SysDept oldDept = baseMapper.selectById(dept.getDeptId());
- if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
- String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
- String oldAncestors = oldDept.getAncestors();
- dept.setAncestors(newAncestors);
- updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
+ if (!oldDept.getParentId().equals(dept.getParentId())) {
+ // 濡傛灉鏄柊鐖堕儴闂� 鍒欐牎楠屾槸鍚﹀叿鏈夋柊鐖堕儴闂ㄦ潈闄� 閬垮厤瓒婃潈
+ this.checkDeptDataScope(dept.getParentId());
+ SysDept newParentDept = baseMapper.selectById(dept.getParentId());
+ if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
+ String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
+ String oldAncestors = oldDept.getAncestors();
+ dept.setAncestors(newAncestors);
+ updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
+ }
}
int result = baseMapper.updateById(dept);
if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors())
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
index 2140a77..40c269e 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@@ -5,17 +5,18 @@
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.core.constant.UserConstants;
+import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.mybatis.core.page.PageQuery;
-import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
-import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.satoken.utils.LoginHelper;
+import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.SysRoleDept;
import com.ruoyi.system.domain.SysRoleMenu;
import com.ruoyi.system.domain.SysUserRole;
@@ -145,7 +146,7 @@
*/
@Override
public SysRoleVo selectRoleById(Long roleId) {
- return baseMapper.selectVoById(roleId);
+ return baseMapper.selectRoleById(roleId);
}
/**
@@ -179,11 +180,11 @@
/**
* 鏍¢獙瑙掕壊鏄惁鍏佽鎿嶄綔
*
- * @param role 瑙掕壊淇℃伅
+ * @param roleId 瑙掕壊ID
*/
@Override
- public void checkRoleAllowed(SysRoleBo role) {
- if (ObjectUtil.isNotNull(role.getRoleId()) && role.isSuperAdmin()) {
+ public void checkRoleAllowed(Long roleId) {
+ if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳瑙掕壊");
}
}
@@ -195,14 +196,17 @@
*/
@Override
public void checkRoleDataScope(Long roleId) {
- if (!LoginHelper.isSuperAdmin()) {
- SysRoleBo role = new SysRoleBo();
- role.setRoleId(roleId);
- List<SysRoleVo> roles = this.selectRoleList(role);
- if (CollUtil.isEmpty(roles)) {
- throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
- }
+ if (ObjectUtil.isNull(roleId)) {
+ return;
}
+ if (LoginHelper.isSuperAdmin()) {
+ return;
+ }
+ List<SysRoleVo> roles = this.selectRoleList(new SysRoleBo(roleId));
+ if (CollUtil.isEmpty(roles)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
+ }
+
}
/**
@@ -252,13 +256,16 @@
/**
* 淇敼瑙掕壊鐘舵��
*
- * @param bo 瑙掕壊淇℃伅
+ * @param roleId 瑙掕壊ID
+ * @param status 瑙掕壊鐘舵��
* @return 缁撴灉
*/
@Override
- public int updateRoleStatus(SysRoleBo bo) {
- SysRole role = MapstructUtils.convert(bo, SysRole.class);
- return baseMapper.updateById(role);
+ public int updateRoleStatus(Long roleId, String status) {
+ return baseMapper.update(null,
+ new LambdaUpdateWrapper<SysRole>()
+ .set(SysRole::getStatus, status)
+ .eq(SysRole::getRoleId, roleId));
}
/**
@@ -347,7 +354,7 @@
@Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(Long[] roleIds) {
for (Long roleId : roleIds) {
- checkRoleAllowed(new SysRoleBo(roleId));
+ checkRoleAllowed(roleId);
checkRoleDataScope(roleId);
SysRole role = baseMapper.selectById(roleId);
if (countUserRoleByRoleId(roleId) > 0) {
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
index ea9cf94..5c69b77 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -36,10 +36,8 @@
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
-import java.util.Arrays;
import java.util.List;
import java.util.Map;
-import java.util.stream.Collectors;
/**
* 鐢ㄦ埛 涓氬姟灞傚鐞�
@@ -239,11 +237,11 @@
/**
* 鏍¢獙鐢ㄦ埛鏄惁鍏佽鎿嶄綔
*
- * @param user 鐢ㄦ埛淇℃伅
+ * @param userId 鐢ㄦ埛ID
*/
@Override
- public void checkUserAllowed(SysUserBo user) {
- if (ObjectUtil.isNotNull(user.getUserId()) && user.isSuperAdmin()) {
+ public void checkUserAllowed(Long userId) {
+ if (ObjectUtil.isNotNull(userId) && LoginHelper.isSuperAdmin(userId)) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳鐢ㄦ埛");
}
}
@@ -255,13 +253,14 @@
*/
@Override
public void checkUserDataScope(Long userId) {
- if (!LoginHelper.isSuperAdmin()) {
- SysUserBo user = new SysUserBo();
- user.setUserId(userId);
- List<SysUserVo> users = this.selectUserList(user);
- if (CollUtil.isEmpty(users)) {
- throw new ServiceException("娌℃湁鏉冮檺璁块棶鐢ㄦ埛鏁版嵁锛�");
- }
+ if (ObjectUtil.isNull(userId)) {
+ return;
+ }
+ if (LoginHelper.isSuperAdmin()) {
+ return;
+ }
+ if (ObjectUtil.isNull(baseMapper.selectUserById(userId))) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶鐢ㄦ埛鏁版嵁锛�");
}
}
@@ -279,9 +278,9 @@
int rows = baseMapper.insert(sysUser);
user.setUserId(sysUser.getUserId());
// 鏂板鐢ㄦ埛宀椾綅鍏宠仈
- insertUserPost(user);
+ insertUserPost(user, false);
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
- insertUserRole(user);
+ insertUserRole(user, false);
return rows;
}
@@ -309,20 +308,15 @@
@Override
@Transactional(rollbackFor = Exception.class)
public int updateUser(SysUserBo user) {
- Long userId = user.getUserId();
- // 鍒犻櫎鐢ㄦ埛涓庤鑹插叧鑱�
- userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
- insertUserRole(user);
- // 鍒犻櫎鐢ㄦ埛涓庡矖浣嶅叧鑱�
- userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
+ insertUserRole(user, true);
// 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�
- insertUserPost(user);
+ insertUserPost(user, true);
SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
- //闃叉閿欒鏇存柊鍚庡鑷寸殑鏁版嵁璇垹闄�
+ // 闃叉閿欒鏇存柊鍚庡鑷寸殑鏁版嵁璇垹闄�
int flag = baseMapper.updateById(sysUser);
- if (flag <= 0){
- throw new ServiceException("淇敼鐢ㄦ埛"+user.getUserName()+"淇℃伅澶辫触");
+ if (flag < 1) {
+ throw new ServiceException("淇敼鐢ㄦ埛" + user.getUserName() + "淇℃伅澶辫触");
}
return flag;
}
@@ -338,21 +332,22 @@
public void insertUserAuth(Long userId, Long[] roleIds) {
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
.eq(SysUserRole::getUserId, userId));
- insertUserRole(userId, roleIds);
+ insertUserRole(userId, roleIds, false);
}
/**
* 淇敼鐢ㄦ埛鐘舵��
*
- * @param user 鐢ㄦ埛淇℃伅
+ * @param userId 鐢ㄦ埛ID
+ * @param status 甯愬彿鐘舵��
* @return 缁撴灉
*/
@Override
- public int updateUserStatus(SysUserBo user) {
+ public int updateUserStatus(Long userId, String status) {
return baseMapper.update(null,
new LambdaUpdateWrapper<SysUser>()
- .set(SysUser::getStatus, user.getStatus())
- .eq(SysUser::getUserId, user.getUserId()));
+ .set(SysUser::getStatus, status)
+ .eq(SysUser::getUserId, userId));
}
/**
@@ -376,7 +371,7 @@
* 淇敼鐢ㄦ埛澶村儚
*
* @param userId 鐢ㄦ埛ID
- * @param avatar 澶村儚鍦板潃
+ * @param avatar 澶村儚鍦板潃
* @return 缁撴灉
*/
@Override
@@ -390,7 +385,7 @@
/**
* 閲嶇疆鐢ㄦ埛瀵嗙爜
*
- * @param userId 鐢ㄦ埛ID
+ * @param userId 鐢ㄦ埛ID
* @param password 瀵嗙爜
* @return 缁撴灉
*/
@@ -405,34 +400,29 @@
/**
* 鏂板鐢ㄦ埛瑙掕壊淇℃伅
*
- * @param user 鐢ㄦ埛瀵硅薄
+ * @param user 鐢ㄦ埛瀵硅薄
+ * @param clear 娓呴櫎宸插瓨鍦ㄧ殑鍏宠仈鏁版嵁
*/
- public void insertUserRole(SysUserBo user) {
- this.insertUserRole(user.getUserId(), user.getRoleIds());
+ public void insertUserRole(SysUserBo user, boolean clear) {
+ this.insertUserRole(user.getUserId(), user.getRoleIds(), clear);
}
/**
* 鏂板鐢ㄦ埛宀椾綅淇℃伅
*
- * @param user 鐢ㄦ埛瀵硅薄
+ * @param user 鐢ㄦ埛瀵硅薄
+ * @param clear 娓呴櫎宸插瓨鍦ㄧ殑鍏宠仈鏁版嵁
*/
- public void insertUserPost(SysUserBo user) {
+ public void insertUserPost(SysUserBo user, boolean clear) {
Long[] posts = user.getPostIds();
if (ArrayUtil.isNotEmpty(posts)) {
- //鍒ゆ柇鏄惁鍏锋湁姝よ鑹茬殑宀椾綅鏉冮檺
- List<Long> postList = postMapper.selectPostListByUserId(LoginHelper.getUserId());
- if (postList.isEmpty()){
- throw new ServiceException("鎮ㄤ笉鍏锋湁鎿嶄綔宀椾綅鐨勬潈闄�");
- }
- List<Long> postIdList = Arrays.asList(posts);
- List<Long> canDoPostList = postIdList.stream()
- .filter(postList::contains)
- .collect(Collectors.toList());
- if (canDoPostList.isEmpty()){
- throw new ServiceException("鎮ㄤ笉鍏锋湁鎿嶄綔褰撳墠宀椾綅鐨勬潈闄�");
+ Long userId = LoginHelper.getUserId();
+ if (clear) {
+ // 鍒犻櫎鐢ㄦ埛涓庡矖浣嶅叧鑱�
+ userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
}
// 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�
- List<SysUserPost> list = StreamUtils.toList(canDoPostList, postId -> {
+ List<SysUserPost> list = StreamUtils.toList(List.of(posts), postId -> {
SysUserPost up = new SysUserPost();
up.setUserId(user.getUserId());
up.setPostId(postId);
@@ -447,20 +437,26 @@
*
* @param userId 鐢ㄦ埛ID
* @param roleIds 瑙掕壊缁�
+ * @param clear 娓呴櫎宸插瓨鍦ㄧ殑鍏宠仈鏁版嵁
*/
- public void insertUserRole(Long userId, Long[] roleIds) {
+ public void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
if (ArrayUtil.isNotEmpty(roleIds)) {
- //鍒ゆ柇鏄惁鍏锋湁姝よ鑹茬殑鎿嶄綔鏉冮檺
- List<Long> roleList = roleMapper.selectRoleListByUserId(LoginHelper.getUserId());
- if (roleList.isEmpty()){
- throw new ServiceException("鎮ㄤ笉鍏锋湁鎿嶄綔瑙掕壊鐨勬潈闄�");
+ // 鍒ゆ柇鏄惁鍏锋湁姝よ鑹茬殑鎿嶄綔鏉冮檺
+ List<SysRoleVo> roles = roleMapper.selectRoleList(new LambdaQueryWrapper<>());
+ if (CollUtil.isEmpty(roles)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鐨勬暟鎹�");
}
- List<Long> roleIdList = Arrays.asList(roleIds);
- List<Long> canDoRoleList = roleIdList.stream()
- .filter(roleList::contains)
- .collect(Collectors.toList());
- if (canDoRoleList.isEmpty()){
- throw new ServiceException("鎮ㄤ笉鍏锋湁鎿嶄綔褰撳墠瑙掕壊鐨勬潈闄�");
+ List<Long> roleList = StreamUtils.toList(roles, SysRoleVo::getRoleId);
+ if (!LoginHelper.isSuperAdmin(userId)) {
+ roleList.remove(UserConstants.SUPER_ADMIN_ID);
+ }
+ List<Long> canDoRoleList = StreamUtils.filter(List.of(roleIds), roleList::contains);
+ if (CollUtil.isEmpty(canDoRoleList)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鐨勬暟鎹�");
+ }
+ if (clear) {
+ // 鍒犻櫎鐢ㄦ埛涓庤鑹插叧鑱�
+ userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
}
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
List<SysUserRole> list = StreamUtils.toList(canDoRoleList, roleId -> {
@@ -488,8 +484,8 @@
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
// 闃叉鏇存柊澶辫触瀵艰嚧鐨勬暟鎹垹闄�
int flag = baseMapper.deleteById(userId);
- if (flag <= 0){
- throw new ServiceException("鍒犻櫎鐢ㄦ埛鍙戠敓寮傚父");
+ if (flag < 1) {
+ throw new ServiceException("鍒犻櫎鐢ㄦ埛澶辫触!");
}
return flag;
}
@@ -504,7 +500,7 @@
@Transactional(rollbackFor = Exception.class)
public int deleteUserByIds(Long[] userIds) {
for (Long userId : userIds) {
- checkUserAllowed(new SysUserBo(userId));
+ checkUserAllowed(userId);
checkUserDataScope(userId);
}
List<Long> ids = List.of(userIds);
@@ -514,8 +510,8 @@
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().in(SysUserPost::getUserId, ids));
// 闃叉鏇存柊澶辫触瀵艰嚧鐨勬暟鎹垹闄�
int flag = baseMapper.deleteBatchIds(ids);
- if (flag <= 0){
- throw new ServiceException("鍒犻櫎鐢ㄦ埛鍙戠敓寮傚父");
+ if (flag < 1) {
+ throw new ServiceException("鍒犻櫎鐢ㄦ埛澶辫触!");
}
return flag;
}
diff --git a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
index 80aa428..131c8a3 100644
--- a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
+++ b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
@@ -11,6 +11,10 @@
select * from sys_dept ${ew.getCustomSqlSegment}
</select>
+ <select id="selectDeptById" resultMap="SysDeptResult">
+ select * from sys_dept where del_flag = '0' and dept_id = #{deptId}
+ </select>
+
<select id="selectDeptListByRoleId" resultType="Long">
select d.dept_id
from sys_dept d
diff --git a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
index ba2eca9..388fe91 100644
--- a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
+++ b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
@@ -53,4 +53,9 @@
WHERE r.del_flag = '0' and u.user_name = #{userName}
</select>
+ <select id="selectRoleById" resultMap="SysRoleResult">
+ <include refid="selectRoleVo"/>
+ WHERE r.del_flag = '0' and r.role_id = #{roleId}
+ </select>
+
</mapper>
--
Gitblit v1.9.3