From f46b1bbebd55e2eb55943ca9354959c36563c4e5 Mon Sep 17 00:00:00 2001 From: RuoYi <yzz_ivy@163.com> Date: 星期三, 29 五月 2024 14:48:03 +0800 Subject: [PATCH] 限制用户操作数据权限范围 --- ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java index dc29d49..24aafae 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java @@ -124,6 +124,8 @@ @PostMapping public AjaxResult add(@Validated @RequestBody SysUser user) { + deptService.checkDeptDataScope(user.getDeptId()); + roleService.checkRoleDataScope(user.getRoleIds()); if (!userService.checkUserNameUnique(user)) { return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -151,6 +153,8 @@ { userService.checkUserAllowed(user); userService.checkUserDataScope(user.getUserId()); + deptService.checkDeptDataScope(user.getDeptId()); + roleService.checkRoleDataScope(user.getRoleIds()); if (!userService.checkUserNameUnique(user)) { return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -235,6 +239,7 @@ public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { userService.checkUserDataScope(userId); + roleService.checkRoleDataScope(roleIds); userService.insertUserAuth(userId, roleIds); return success(); } -- Gitblit v1.9.2