From aadb7a41cb4c69177a0251c251813070f7f97cd5 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 22 八月 2022 10:24:20 +0800
Subject: [PATCH] 优化Context信息,防止泄漏问题
---
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java | 37 ++++++++-----------------------------
1 files changed, 8 insertions(+), 29 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
index 60bd1a5..9262549 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
@@ -20,7 +20,6 @@
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.enums.BusinessType;
-import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.service.ISysDeptService;
@@ -75,30 +74,8 @@
@GetMapping(value = "/{deptId}")
public AjaxResult getInfo(@PathVariable Long deptId)
{
+ deptService.checkDeptDataScope(deptId);
return AjaxResult.success(deptService.selectDeptById(deptId));
- }
-
- /**
- * 获取部门下拉树列表
- */
- @GetMapping("/treeselect")
- public AjaxResult treeselect(SysDept dept)
- {
- List<SysDept> depts = deptService.selectDeptList(dept);
- return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
- }
-
- /**
- * 加载对应角色部门列表树
- */
- @GetMapping(value = "/roleDeptTreeselect/{roleId}")
- public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
- {
- List<SysDept> depts = deptService.selectDeptList(new SysDept());
- AjaxResult ajax = AjaxResult.success();
- ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
- ajax.put("depts", deptService.buildDeptTreeSelect(depts));
- return ajax;
}
/**
@@ -113,7 +90,7 @@
{
return AjaxResult.error("新增部门'" + dept.getDeptName() + "'失败,部门名称已存在");
}
- dept.setCreateBy(SecurityUtils.getUsername());
+ dept.setCreateBy(getUsername());
return toAjax(deptService.insertDept(dept));
}
@@ -125,20 +102,21 @@
@PutMapping
public AjaxResult edit(@Validated @RequestBody SysDept dept)
{
+ Long deptId = dept.getDeptId();
+ deptService.checkDeptDataScope(deptId);
if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
{
return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,部门名称已存在");
}
- else if (dept.getParentId().equals(dept.getDeptId()))
+ else if (dept.getParentId().equals(deptId))
{
return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,上级部门不能是自己");
}
- else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus())
- && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0)
+ else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) && deptService.selectNormalChildrenDeptById(deptId) > 0)
{
return AjaxResult.error("该部门包含未停用的子部门!");
}
- dept.setUpdateBy(SecurityUtils.getUsername());
+ dept.setUpdateBy(getUsername());
return toAjax(deptService.updateDept(dept));
}
@@ -158,6 +136,7 @@
{
return AjaxResult.error("部门存在用户,不允许删除");
}
+ deptService.checkDeptDataScope(deptId);
return toAjax(deptService.deleteDeptById(deptId));
}
}
--
Gitblit v1.9.2