From f0a9768d8e7ee39e4e6b2e1646e8585504095ea3 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期六, 11 三月 2023 01:32:38 +0800
Subject: [PATCH] update 优化 重构系统业务数据权限 避免可能存在的越权风险

---
 ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java |   41 ++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 40 insertions(+), 1 deletions(-)

diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
index 9ea7762..4d46619 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
@@ -1,12 +1,13 @@
 package com.ruoyi.system.mapper;
 
+import com.baomidou.mybatisplus.annotation.InterceptorIgnore;
 import com.baomidou.mybatisplus.core.conditions.Wrapper;
 import com.baomidou.mybatisplus.core.toolkit.Constants;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.ruoyi.common.mybatis.annotation.DataColumn;
 import com.ruoyi.common.mybatis.annotation.DataPermission;
-import com.ruoyi.system.domain.SysUser;
 import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus;
+import com.ruoyi.system.domain.SysUser;
 import com.ruoyi.system.domain.vo.SysUserVo;
 import org.apache.ibatis.annotations.Param;
 
@@ -78,11 +79,49 @@
     SysUserVo selectUserByPhonenumber(String phonenumber);
 
     /**
+     * 閫氳繃鐢ㄦ埛鍚嶆煡璇㈢敤鎴�(涓嶈蛋绉熸埛鎻掍欢)
+     *
+     * @param userName 鐢ㄦ埛鍚�
+     * @param tenantId 绉熸埛id
+     * @return 鐢ㄦ埛瀵硅薄淇℃伅
+     */
+    @InterceptorIgnore(tenantLine = "true")
+    SysUserVo selectTenantUserByUserName(String userName, String tenantId);
+
+    /**
+     * 閫氳繃鎵嬫満鍙锋煡璇㈢敤鎴�(涓嶈蛋绉熸埛鎻掍欢)
+     *
+     * @param phonenumber 鎵嬫満鍙�
+     * @param tenantId    绉熸埛id
+     * @return 鐢ㄦ埛瀵硅薄淇℃伅
+     */
+    @InterceptorIgnore(tenantLine = "true")
+    SysUserVo selectTenantUserByPhonenumber(String phonenumber, String tenantId);
+
+    /**
      * 閫氳繃鐢ㄦ埛ID鏌ヨ鐢ㄦ埛
      *
      * @param userId 鐢ㄦ埛ID
      * @return 鐢ㄦ埛瀵硅薄淇℃伅
      */
+    @DataPermission({
+        @DataColumn(key = "deptName", value = "d.dept_id"),
+        @DataColumn(key = "userName", value = "u.user_id")
+    })
     SysUserVo selectUserById(Long userId);
 
+    @Override
+    @DataPermission({
+        @DataColumn(key = "deptName", value = "dept_id"),
+        @DataColumn(key = "userName", value = "user_id")
+    })
+    int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
+
+    @Override
+    @DataPermission({
+        @DataColumn(key = "deptName", value = "dept_id"),
+        @DataColumn(key = "userName", value = "user_id")
+    })
+    int updateById(@Param(Constants.ENTITY) SysUser user);
+
 }

--
Gitblit v1.9.3