From f46b1bbebd55e2eb55943ca9354959c36563c4e5 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 29 五月 2024 14:48:03 +0800
Subject: [PATCH] 限制用户操作数据权限范围
---
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java | 86 ++++++++++++++++++++++++++++++++++++++++---
1 files changed, 80 insertions(+), 6 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
index 409baf0..81e1f8c 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@@ -11,11 +11,14 @@
import com.ruoyi.common.annotation.DataScope;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysRole;
-import com.ruoyi.common.exception.CustomException;
+import com.ruoyi.common.core.domain.entity.SysUser;
+import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.SysRoleDept;
import com.ruoyi.system.domain.SysRoleMenu;
+import com.ruoyi.system.domain.SysUserRole;
import com.ruoyi.system.mapper.SysRoleDeptMapper;
import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.mapper.SysRoleMenuMapper;
@@ -119,7 +122,7 @@
* @return 选中角色ID列表
*/
@Override
- public List<Integer> selectRoleListByUserId(Long userId)
+ public List<Long> selectRoleListByUserId(Long userId)
{
return roleMapper.selectRoleListByUserId(userId);
}
@@ -143,7 +146,7 @@
* @return 结果
*/
@Override
- public String checkRoleNameUnique(SysRole role)
+ public boolean checkRoleNameUnique(SysRole role)
{
Long roleId = StringUtils.isNull(role.getRoleId()) ? -1L : role.getRoleId();
SysRole info = roleMapper.checkRoleNameUnique(role.getRoleName());
@@ -161,7 +164,7 @@
* @return 结果
*/
@Override
- public String checkRoleKeyUnique(SysRole role)
+ public boolean checkRoleKeyUnique(SysRole role)
{
Long roleId = StringUtils.isNull(role.getRoleId()) ? -1L : role.getRoleId();
SysRole info = roleMapper.checkRoleKeyUnique(role.getRoleKey());
@@ -182,7 +185,30 @@
{
if (StringUtils.isNotNull(role.getRoleId()) && role.isAdmin())
{
- throw new CustomException("不允许操作超级管理员角色");
+ throw new ServiceException("不允许操作超级管理员角色");
+ }
+ }
+
+ /**
+ * 校验角色是否有数据权限
+ *
+ * @param roleIds 角色id
+ */
+ @Override
+ public void checkRoleDataScope(Long... roleIds)
+ {
+ if (!SysUser.isAdmin(SecurityUtils.getUserId()))
+ {
+ for (Long roleId : roleIds)
+ {
+ SysRole role = new SysRole();
+ role.setRoleId(roleId);
+ List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
+ if (StringUtils.isEmpty(roles))
+ {
+ throw new ServiceException("没有权限访问角色数据!");
+ }
+ }
}
}
@@ -338,10 +364,11 @@
for (Long roleId : roleIds)
{
checkRoleAllowed(new SysRole(roleId));
+ checkRoleDataScope(roleId);
SysRole role = selectRoleById(roleId);
if (countUserRoleByRoleId(roleId) > 0)
{
- throw new CustomException(String.format("%1$s已分配,不能删除", role.getRoleName()));
+ throw new ServiceException(String.format("%1$s已分配,不能删除", role.getRoleName()));
}
}
// 删除角色与菜单关联
@@ -350,4 +377,51 @@
roleDeptMapper.deleteRoleDept(roleIds);
return roleMapper.deleteRoleByIds(roleIds);
}
+
+ /**
+ * 取消授权用户角色
+ *
+ * @param userRole 用户和角色关联信息
+ * @return 结果
+ */
+ @Override
+ public int deleteAuthUser(SysUserRole userRole)
+ {
+ return userRoleMapper.deleteUserRoleInfo(userRole);
+ }
+
+ /**
+ * 批量取消授权用户角色
+ *
+ * @param roleId 角色ID
+ * @param userIds 需要取消授权的用户数据ID
+ * @return 结果
+ */
+ @Override
+ public int deleteAuthUsers(Long roleId, Long[] userIds)
+ {
+ return userRoleMapper.deleteUserRoleInfos(roleId, userIds);
+ }
+
+ /**
+ * 批量选择授权用户角色
+ *
+ * @param roleId 角色ID
+ * @param userIds 需要授权的用户数据ID
+ * @return 结果
+ */
+ @Override
+ public int insertAuthUsers(Long roleId, Long[] userIds)
+ {
+ // 新增用户与角色管理
+ List<SysUserRole> list = new ArrayList<SysUserRole>();
+ for (Long userId : userIds)
+ {
+ SysUserRole ur = new SysUserRole();
+ ur.setUserId(userId);
+ ur.setRoleId(roleId);
+ list.add(ur);
+ }
+ return userRoleMapper.batchUserRole(list);
+ }
}
--
Gitblit v1.9.2