From f0a9768d8e7ee39e4e6b2e1646e8585504095ea3 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期六, 11 三月 2023 01:32:38 +0800
Subject: [PATCH] update 优化 重构系统业务数据权限 避免可能存在的越权风险
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java | 59 ++++++++++++++++++++++++++++++++---------------------------
1 files changed, 32 insertions(+), 27 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
index 453d98f..4a0722a 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
@@ -1,6 +1,5 @@
package com.ruoyi.system.service.impl;
-import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.lang.tree.Tree;
@@ -12,6 +11,7 @@
import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.core.service.DeptService;
+import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.SpringUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.core.utils.TreeBuildUtils;
@@ -64,12 +64,11 @@
/**
* 鏌ヨ閮ㄩ棬鏍戠粨鏋勪俊鎭�
*
- * @param dept 閮ㄩ棬淇℃伅
+ * @param bo 閮ㄩ棬淇℃伅
* @return 閮ㄩ棬鏍戜俊鎭泦鍚�
*/
@Override
- public List<Tree<Long>> selectDeptTreeList(SysDept dept) {
- SysDeptBo bo = BeanUtil.toBean(dept, SysDeptBo.class);
+ public List<Tree<Long>> selectDeptTreeList(SysDeptBo bo) {
LambdaQueryWrapper<SysDept> lqw = buildQueryWrapper(bo);
List<SysDept> depts = baseMapper.selectList(lqw);
return buildDeptTreeSelect(depts);
@@ -127,6 +126,9 @@
@Override
public SysDeptVo selectDeptById(Long deptId) {
SysDeptVo dept = baseMapper.selectVoById(deptId);
+ if (ObjectUtil.isNull(dept)) {
+ return null;
+ }
SysDeptVo parentDept = baseMapper.selectVoOne(new LambdaQueryWrapper<SysDept>()
.select(SysDept::getDeptName).eq(SysDept::getDeptId, dept.getParentId()));
dept.setParentName(ObjectUtil.isNotNull(parentDept) ? parentDept.getDeptName() : null);
@@ -142,13 +144,13 @@
@Override
public String selectDeptNameByIds(String deptIds) {
List<String> list = new ArrayList<>();
- for (Long id : Arrays.stream(deptIds.split(",")).map(Long::parseLong).toList()) {
+ for (Long id : StringUtils.splitTo(deptIds, Convert::toLong)) {
SysDeptVo vo = SpringUtils.getAopProxy(this).selectDeptById(id);
if (ObjectUtil.isNotNull(vo)) {
list.add(vo.getDeptName());
}
}
- return String.join(",", list);
+ return String.join(StringUtils.SEPARATOR, list);
}
/**
@@ -195,15 +197,12 @@
* @return 缁撴灉
*/
@Override
- public String checkDeptNameUnique(SysDeptBo dept) {
+ public boolean checkDeptNameUnique(SysDeptBo dept) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysDept>()
.eq(SysDept::getDeptName, dept.getDeptName())
.eq(SysDept::getParentId, dept.getParentId())
.ne(ObjectUtil.isNotNull(dept.getDeptId()), SysDept::getDeptId, dept.getDeptId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -213,13 +212,15 @@
*/
@Override
public void checkDeptDataScope(Long deptId) {
- if (!LoginHelper.isAdmin()) {
- SysDeptBo dept = new SysDeptBo();
- dept.setDeptId(deptId);
- List<SysDeptVo> depts = this.selectDeptList(dept);
- if (CollUtil.isEmpty(depts)) {
- throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
- }
+ if (ObjectUtil.isNull(deptId)) {
+ return;
+ }
+ if (LoginHelper.isSuperAdmin()) {
+ return;
+ }
+ SysDeptVo dept = baseMapper.selectDeptById(deptId);
+ if (ObjectUtil.isNull(dept)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
}
}
@@ -236,8 +237,8 @@
if (!UserConstants.DEPT_NORMAL.equals(info.getStatus())) {
throw new ServiceException("閮ㄩ棬鍋滅敤锛屼笉鍏佽鏂板");
}
- SysDept dept = BeanUtil.toBean(bo, SysDept.class);
- dept.setAncestors(info.getAncestors() + "," + dept.getParentId());
+ SysDept dept = MapstructUtils.convert(bo, SysDept.class);
+ dept.setAncestors(info.getAncestors() + StringUtils.SEPARATOR + dept.getParentId());
return baseMapper.insert(dept);
}
@@ -250,14 +251,18 @@
@CacheEvict(cacheNames = CacheNames.SYS_DEPT, key = "#bo.deptId")
@Override
public int updateDept(SysDeptBo bo) {
- SysDept dept = BeanUtil.toBean(bo, SysDept.class);
- SysDept newParentDept = baseMapper.selectById(dept.getParentId());
+ SysDept dept = MapstructUtils.convert(bo, SysDept.class);
SysDept oldDept = baseMapper.selectById(dept.getDeptId());
- if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
- String newAncestors = newParentDept.getAncestors() + "," + newParentDept.getDeptId();
- String oldAncestors = oldDept.getAncestors();
- dept.setAncestors(newAncestors);
- updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
+ if (!oldDept.getParentId().equals(dept.getParentId())) {
+ // 濡傛灉鏄柊鐖堕儴闂� 鍒欐牎楠屾槸鍚﹀叿鏈夋柊鐖堕儴闂ㄦ潈闄� 閬垮厤瓒婃潈
+ this.checkDeptDataScope(dept.getParentId());
+ SysDept newParentDept = baseMapper.selectById(dept.getParentId());
+ if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
+ String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
+ String oldAncestors = oldDept.getAncestors();
+ dept.setAncestors(newAncestors);
+ updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
+ }
}
int result = baseMapper.updateById(dept);
if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors())
--
Gitblit v1.9.3