From f0a9768d8e7ee39e4e6b2e1646e8585504095ea3 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期六, 11 三月 2023 01:32:38 +0800
Subject: [PATCH] update 优化 重构系统业务数据权限 避免可能存在的越权风险
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java | 133 +++++++++++++++++++++++--------------------
1 files changed, 71 insertions(+), 62 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
index a8dcdb4..40c269e 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@@ -5,19 +5,23 @@
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.core.toolkit.StringUtils;
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.core.constant.UserConstants;
-import com.ruoyi.common.core.utils.StreamUtils;
-import com.ruoyi.common.mybatis.core.page.PageQuery;
-import com.ruoyi.system.domain.SysRole;
-import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.core.exception.ServiceException;
+import com.ruoyi.common.core.utils.MapstructUtils;
+import com.ruoyi.common.core.utils.StreamUtils;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.mybatis.core.page.PageQuery;
+import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.satoken.utils.LoginHelper;
+import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.SysRoleDept;
import com.ruoyi.system.domain.SysRoleMenu;
import com.ruoyi.system.domain.SysUserRole;
+import com.ruoyi.system.domain.bo.SysRoleBo;
+import com.ruoyi.system.domain.vo.SysRoleVo;
import com.ruoyi.system.mapper.SysRoleDeptMapper;
import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.mapper.SysRoleMenuMapper;
@@ -44,8 +48,8 @@
private final SysRoleDeptMapper roleDeptMapper;
@Override
- public TableDataInfo<SysRole> selectPageRoleList(SysRole role, PageQuery pageQuery) {
- Page<SysRole> page = baseMapper.selectPageRoleList(pageQuery.build(), this.buildQueryWrapper(role));
+ public TableDataInfo<SysRoleVo> selectPageRoleList(SysRoleBo role, PageQuery pageQuery) {
+ Page<SysRoleVo> page = baseMapper.selectPageRoleList(pageQuery.build(), this.buildQueryWrapper(role));
return TableDataInfo.build(page);
}
@@ -56,18 +60,18 @@
* @return 瑙掕壊鏁版嵁闆嗗悎淇℃伅
*/
@Override
- public List<SysRole> selectRoleList(SysRole role) {
+ public List<SysRoleVo> selectRoleList(SysRoleBo role) {
return baseMapper.selectRoleList(this.buildQueryWrapper(role));
}
- private Wrapper<SysRole> buildQueryWrapper(SysRole role) {
- Map<String, Object> params = role.getParams();
+ private Wrapper<SysRole> buildQueryWrapper(SysRoleBo bo) {
+ Map<String, Object> params = bo.getParams();
QueryWrapper<SysRole> wrapper = Wrappers.query();
wrapper.eq("r.del_flag", UserConstants.ROLE_NORMAL)
- .eq(ObjectUtil.isNotNull(role.getRoleId()), "r.role_id", role.getRoleId())
- .like(StringUtils.isNotBlank(role.getRoleName()), "r.role_name", role.getRoleName())
- .eq(StringUtils.isNotBlank(role.getStatus()), "r.status", role.getStatus())
- .like(StringUtils.isNotBlank(role.getRoleKey()), "r.role_key", role.getRoleKey())
+ .eq(ObjectUtil.isNotNull(bo.getRoleId()), "r.role_id", bo.getRoleId())
+ .like(StringUtils.isNotBlank(bo.getRoleName()), "r.role_name", bo.getRoleName())
+ .eq(StringUtils.isNotBlank(bo.getStatus()), "r.status", bo.getStatus())
+ .like(StringUtils.isNotBlank(bo.getRoleKey()), "r.role_key", bo.getRoleKey())
.between(params.get("beginTime") != null && params.get("endTime") != null,
"r.create_time", params.get("beginTime"), params.get("endTime"))
.orderByAsc("r.role_sort");
@@ -81,11 +85,11 @@
* @return 瑙掕壊鍒楄〃
*/
@Override
- public List<SysRole> selectRolesByUserId(Long userId) {
- List<SysRole> userRoles = baseMapper.selectRolePermissionByUserId(userId);
- List<SysRole> roles = selectRoleAll();
- for (SysRole role : roles) {
- for (SysRole userRole : userRoles) {
+ public List<SysRoleVo> selectRolesByUserId(Long userId) {
+ List<SysRoleVo> userRoles = baseMapper.selectRolePermissionByUserId(userId);
+ List<SysRoleVo> roles = selectRoleAll();
+ for (SysRoleVo role : roles) {
+ for (SysRoleVo userRole : userRoles) {
if (role.getRoleId().longValue() == userRole.getRoleId().longValue()) {
role.setFlag(true);
break;
@@ -103,11 +107,11 @@
*/
@Override
public Set<String> selectRolePermissionByUserId(Long userId) {
- List<SysRole> perms = baseMapper.selectRolePermissionByUserId(userId);
+ List<SysRoleVo> perms = baseMapper.selectRolePermissionByUserId(userId);
Set<String> permsSet = new HashSet<>();
- for (SysRole perm : perms) {
+ for (SysRoleVo perm : perms) {
if (ObjectUtil.isNotNull(perm)) {
- permsSet.addAll(Arrays.asList(perm.getRoleKey().trim().split(",")));
+ permsSet.addAll(StringUtils.splitList(perm.getRoleKey().trim()));
}
}
return permsSet;
@@ -119,8 +123,8 @@
* @return 瑙掕壊鍒楄〃
*/
@Override
- public List<SysRole> selectRoleAll() {
- return this.selectRoleList(new SysRole());
+ public List<SysRoleVo> selectRoleAll() {
+ return this.selectRoleList(new SysRoleBo());
}
/**
@@ -141,8 +145,8 @@
* @return 瑙掕壊瀵硅薄淇℃伅
*/
@Override
- public SysRole selectRoleById(Long roleId) {
- return baseMapper.selectById(roleId);
+ public SysRoleVo selectRoleById(Long roleId) {
+ return baseMapper.selectRoleById(roleId);
}
/**
@@ -152,14 +156,11 @@
* @return 缁撴灉
*/
@Override
- public String checkRoleNameUnique(SysRole role) {
+ public boolean checkRoleNameUnique(SysRoleBo role) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysRole>()
.eq(SysRole::getRoleName, role.getRoleName())
.ne(ObjectUtil.isNotNull(role.getRoleId()), SysRole::getRoleId, role.getRoleId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
@@ -169,24 +170,21 @@
* @return 缁撴灉
*/
@Override
- public String checkRoleKeyUnique(SysRole role) {
+ public boolean checkRoleKeyUnique(SysRoleBo role) {
boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysRole>()
.eq(SysRole::getRoleKey, role.getRoleKey())
.ne(ObjectUtil.isNotNull(role.getRoleId()), SysRole::getRoleId, role.getRoleId()));
- if (exist) {
- return UserConstants.NOT_UNIQUE;
- }
- return UserConstants.UNIQUE;
+ return !exist;
}
/**
* 鏍¢獙瑙掕壊鏄惁鍏佽鎿嶄綔
*
- * @param role 瑙掕壊淇℃伅
+ * @param roleId 瑙掕壊ID
*/
@Override
- public void checkRoleAllowed(SysRole role) {
- if (ObjectUtil.isNotNull(role.getRoleId()) && role.isAdmin()) {
+ public void checkRoleAllowed(Long roleId) {
+ if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳瑙掕壊");
}
}
@@ -198,14 +196,17 @@
*/
@Override
public void checkRoleDataScope(Long roleId) {
- if (!LoginHelper.isAdmin()) {
- SysRole role = new SysRole();
- role.setRoleId(roleId);
- List<SysRole> roles = this.selectRoleList(role);
- if (CollUtil.isEmpty(roles)) {
- throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
- }
+ if (ObjectUtil.isNull(roleId)) {
+ return;
}
+ if (LoginHelper.isSuperAdmin()) {
+ return;
+ }
+ List<SysRoleVo> roles = this.selectRoleList(new SysRoleBo(roleId));
+ if (CollUtil.isEmpty(roles)) {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
+ }
+
}
/**
@@ -222,59 +223,67 @@
/**
* 鏂板淇濆瓨瑙掕壊淇℃伅
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int insertRole(SysRole role) {
+ public int insertRole(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
// 鏂板瑙掕壊淇℃伅
baseMapper.insert(role);
- return insertRoleMenu(role);
+ bo.setRoleId(role.getRoleId());
+ return insertRoleMenu(bo);
}
/**
* 淇敼淇濆瓨瑙掕壊淇℃伅
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int updateRole(SysRole role) {
+ public int updateRole(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
// 淇敼瑙掕壊淇℃伅
baseMapper.updateById(role);
// 鍒犻櫎瑙掕壊涓庤彍鍗曞叧鑱�
roleMenuMapper.delete(new LambdaQueryWrapper<SysRoleMenu>().eq(SysRoleMenu::getRoleId, role.getRoleId()));
- return insertRoleMenu(role);
+ return insertRoleMenu(bo);
}
/**
* 淇敼瑙掕壊鐘舵��
*
- * @param role 瑙掕壊淇℃伅
+ * @param roleId 瑙掕壊ID
+ * @param status 瑙掕壊鐘舵��
* @return 缁撴灉
*/
@Override
- public int updateRoleStatus(SysRole role) {
- return baseMapper.updateById(role);
+ public int updateRoleStatus(Long roleId, String status) {
+ return baseMapper.update(null,
+ new LambdaUpdateWrapper<SysRole>()
+ .set(SysRole::getStatus, status)
+ .eq(SysRole::getRoleId, roleId));
}
/**
* 淇敼鏁版嵁鏉冮檺淇℃伅
*
- * @param role 瑙掕壊淇℃伅
+ * @param bo 瑙掕壊淇℃伅
* @return 缁撴灉
*/
@Override
@Transactional(rollbackFor = Exception.class)
- public int authDataScope(SysRole role) {
+ public int authDataScope(SysRoleBo bo) {
+ SysRole role = MapstructUtils.convert(bo, SysRole.class);
// 淇敼瑙掕壊淇℃伅
baseMapper.updateById(role);
// 鍒犻櫎瑙掕壊涓庨儴闂ㄥ叧鑱�
roleDeptMapper.delete(new LambdaQueryWrapper<SysRoleDept>().eq(SysRoleDept::getRoleId, role.getRoleId()));
// 鏂板瑙掕壊鍜岄儴闂ㄤ俊鎭紙鏁版嵁鏉冮檺锛�
- return insertRoleDept(role);
+ return insertRoleDept(bo);
}
/**
@@ -282,7 +291,7 @@
*
* @param role 瑙掕壊瀵硅薄
*/
- public int insertRoleMenu(SysRole role) {
+ public int insertRoleMenu(SysRoleBo role) {
int rows = 1;
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
List<SysRoleMenu> list = new ArrayList<SysRoleMenu>();
@@ -303,7 +312,7 @@
*
* @param role 瑙掕壊瀵硅薄
*/
- public int insertRoleDept(SysRole role) {
+ public int insertRoleDept(SysRoleBo role) {
int rows = 1;
// 鏂板瑙掕壊涓庨儴闂紙鏁版嵁鏉冮檺锛夌鐞�
List<SysRoleDept> list = new ArrayList<SysRoleDept>();
@@ -345,9 +354,9 @@
@Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(Long[] roleIds) {
for (Long roleId : roleIds) {
- checkRoleAllowed(new SysRole(roleId));
+ checkRoleAllowed(roleId);
checkRoleDataScope(roleId);
- SysRole role = selectRoleById(roleId);
+ SysRole role = baseMapper.selectById(roleId);
if (countUserRoleByRoleId(roleId) > 0) {
throw new ServiceException(String.format("%1$s宸插垎閰�,涓嶈兘鍒犻櫎", role.getRoleName()));
}
--
Gitblit v1.9.3