From f46b1bbebd55e2eb55943ca9354959c36563c4e5 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 29 五月 2024 14:48:03 +0800
Subject: [PATCH] 限制用户操作数据权限范围
---
ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java | 4 ++--
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java | 8 +++++++-
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java | 2 +-
ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java | 2 +-
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java | 5 +++++
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java | 17 ++++++++++-------
6 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
index dc29d49..24aafae 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -124,6 +124,8 @@
@PostMapping
public AjaxResult add(@Validated @RequestBody SysUser user)
{
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
if (!userService.checkUserNameUnique(user))
{
return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在");
@@ -151,6 +153,8 @@
{
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
if (!userService.checkUserNameUnique(user))
{
return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
@@ -235,6 +239,7 @@
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
{
userService.checkUserDataScope(userId);
+ roleService.checkRoleDataScope(roleIds);
userService.insertUserAuth(userId, roleIds);
return success();
}
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java b/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
index 4e04642..c33d912 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java
@@ -22,7 +22,7 @@
private static final long serialVersionUID = 1L;
/** 用户ID */
- @Excel(name = "用户序号", cellType = ColumnType.NUMERIC, prompt = "用户编号")
+ @Excel(name = "用户序号", type = Type.EXPORT, cellType = ColumnType.NUMERIC, prompt = "用户编号")
private Long userId;
/** 部门ID */
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
index ba79ed5..5df679a 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
@@ -85,9 +85,9 @@
/**
* 校验角色是否有数据权限
*
- * @param roleId 角色id
+ * @param roleIds 角色id
*/
- public void checkRoleDataScope(Long roleId);
+ public void checkRoleDataScope(Long... roleIds);
/**
* 通过角色ID查询角色使用数量
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
index c5f3ce6..3ebcbd2 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
@@ -190,7 +190,7 @@
@Override
public void checkDeptDataScope(Long deptId)
{
- if (!SysUser.isAdmin(SecurityUtils.getUserId()))
+ if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
{
SysDept dept = new SysDept();
dept.setDeptId(deptId);
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
index 5e0a02d..81e1f8c 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@@ -192,19 +192,22 @@
/**
* 校验角色是否有数据权限
*
- * @param roleId 角色id
+ * @param roleIds 角色id
*/
@Override
- public void checkRoleDataScope(Long roleId)
+ public void checkRoleDataScope(Long... roleIds)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
{
- SysRole role = new SysRole();
- role.setRoleId(roleId);
- List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
- if (StringUtils.isEmpty(roles))
+ for (Long roleId : roleIds)
{
- throw new ServiceException("没有权限访问角色数据!");
+ SysRole role = new SysRole();
+ role.setRoleId(roleId);
+ List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
+ if (StringUtils.isEmpty(roles))
+ {
+ throw new ServiceException("没有权限访问角色数据!");
+ }
}
}
}
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
index 09f3fb9..3f4dba2 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -28,6 +28,7 @@
import com.ruoyi.system.mapper.SysUserPostMapper;
import com.ruoyi.system.mapper.SysUserRoleMapper;
import com.ruoyi.system.service.ISysConfigService;
+import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysUserService;
/**
@@ -57,6 +58,9 @@
@Autowired
private ISysConfigService configService;
+
+ @Autowired
+ private ISysDeptService deptService;
@Autowired
protected Validator validator;
@@ -489,7 +493,6 @@
int failureNum = 0;
StringBuilder successMsg = new StringBuilder();
StringBuilder failureMsg = new StringBuilder();
- String password = configService.selectConfigByKey("sys.user.initPassword");
for (SysUser user : userList)
{
try
@@ -499,6 +502,8 @@
if (StringUtils.isNull(u))
{
BeanValidators.validateWithException(validator, user);
+ deptService.checkDeptDataScope(user.getDeptId());
+ String password = configService.selectConfigByKey("sys.user.initPassword");
user.setPassword(SecurityUtils.encryptPassword(password));
user.setCreateBy(operName);
userMapper.insertUser(user);
@@ -510,6 +515,7 @@
BeanValidators.validateWithException(validator, user);
checkUserAllowed(u);
checkUserDataScope(u.getUserId());
+ deptService.checkDeptDataScope(user.getDeptId());
user.setUserId(u.getUserId());
user.setUpdateBy(operName);
userMapper.updateUser(user);
--
Gitblit v1.9.2