From f0a9768d8e7ee39e4e6b2e1646e8585504095ea3 Mon Sep 17 00:00:00 2001 From: 疯狂的狮子Li <15040126243@163.com> Date: 星期六, 11 三月 2023 01:32:38 +0800 Subject: [PATCH] update 优化 重构系统业务数据权限 避免可能存在的越权风险 --- ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java | 41 ++++++++++++++++++++++++++++++++++++++++- 1 files changed, 40 insertions(+), 1 deletions(-) diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java index 9ea7762..4d46619 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java @@ -1,12 +1,13 @@ package com.ruoyi.system.mapper; +import com.baomidou.mybatisplus.annotation.InterceptorIgnore; import com.baomidou.mybatisplus.core.conditions.Wrapper; import com.baomidou.mybatisplus.core.toolkit.Constants; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.ruoyi.common.mybatis.annotation.DataColumn; import com.ruoyi.common.mybatis.annotation.DataPermission; -import com.ruoyi.system.domain.SysUser; import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus; +import com.ruoyi.system.domain.SysUser; import com.ruoyi.system.domain.vo.SysUserVo; import org.apache.ibatis.annotations.Param; @@ -78,11 +79,49 @@ SysUserVo selectUserByPhonenumber(String phonenumber); /** + * 閫氳繃鐢ㄦ埛鍚嶆煡璇㈢敤鎴�(涓嶈蛋绉熸埛鎻掍欢) + * + * @param userName 鐢ㄦ埛鍚� + * @param tenantId 绉熸埛id + * @return 鐢ㄦ埛瀵硅薄淇℃伅 + */ + @InterceptorIgnore(tenantLine = "true") + SysUserVo selectTenantUserByUserName(String userName, String tenantId); + + /** + * 閫氳繃鎵嬫満鍙锋煡璇㈢敤鎴�(涓嶈蛋绉熸埛鎻掍欢) + * + * @param phonenumber 鎵嬫満鍙� + * @param tenantId 绉熸埛id + * @return 鐢ㄦ埛瀵硅薄淇℃伅 + */ + @InterceptorIgnore(tenantLine = "true") + SysUserVo selectTenantUserByPhonenumber(String phonenumber, String tenantId); + + /** * 閫氳繃鐢ㄦ埛ID鏌ヨ鐢ㄦ埛 * * @param userId 鐢ㄦ埛ID * @return 鐢ㄦ埛瀵硅薄淇℃伅 */ + @DataPermission({ + @DataColumn(key = "deptName", value = "d.dept_id"), + @DataColumn(key = "userName", value = "u.user_id") + }) SysUserVo selectUserById(Long userId); + @Override + @DataPermission({ + @DataColumn(key = "deptName", value = "dept_id"), + @DataColumn(key = "userName", value = "user_id") + }) + int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper); + + @Override + @DataPermission({ + @DataColumn(key = "deptName", value = "dept_id"), + @DataColumn(key = "userName", value = "user_id") + }) + int updateById(@Param(Constants.ENTITY) SysUser user); + } -- Gitblit v1.9.3