用户访问控制时校验数据权限，防止越权

RuoYi

2022-01-27 b49cdbbc9516352d1f4511e4223fa9d089b057b9

 src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java

@@ -3,6 +3,7 @@
import java.util.ArrayList;

import java.util.List;

import java.util.stream.Collectors;

import javax.validation.Validator;

import org.slf4j.Logger;

import org.slf4j.LoggerFactory;

import org.springframework.beans.factory.annotation.Autowired;

@@ -13,6 +14,7 @@
import com.ruoyi.common.exception.ServiceException;

import com.ruoyi.common.utils.SecurityUtils;

import com.ruoyi.common.utils.StringUtils;

import com.ruoyi.common.utils.bean.BeanValidators;

import com.ruoyi.common.utils.spring.SpringUtils;

import com.ruoyi.framework.aspectj.lang.annotation.DataScope;

import com.ruoyi.project.system.domain.SysPost;

@@ -55,6 +57,9 @@


    @Autowired

    private ISysConfigService configService;



    @Autowired

    protected Validator validator;



    /**

     * 根据条件分页查询用户列表

@@ -477,6 +482,7 @@
        for (Long userId : userIds)

        {

            checkUserAllowed(new SysUser(userId));

            checkUserDataScope(userId);

        }

        // 删除用户与角色关联

        userRoleMapper.deleteUserRole(userIds);

@@ -513,6 +519,7 @@
                SysUser u = userMapper.selectUserByUserName(user.getUserName());

                if (StringUtils.isNull(u))

                {

                    BeanValidators.validateWithException(validator, user);

                    user.setPassword(SecurityUtils.encryptPassword(password));

                    user.setCreateBy(operName);

                    this.insertUser(user);

@@ -521,6 +528,7 @@
                }

                else if (isUpdateSupport)

                {

                    BeanValidators.validateWithException(validator, user);

                    user.setUpdateBy(operName);

                    this.updateUser(user);

                    successNum++;