src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -124,6 +124,8 @@ @PostMapping public AjaxResult add(@Validated @RequestBody SysUser user) { deptService.checkDeptDataScope(user.getDeptId()); roleService.checkRoleDataScope(user.getRoleIds()); if (!userService.checkUserNameUnique(user)) { return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -151,6 +153,8 @@ { userService.checkUserAllowed(user); userService.checkUserDataScope(user.getUserId()); deptService.checkDeptDataScope(user.getDeptId()); roleService.checkRoleDataScope(user.getRoleIds()); if (!userService.checkUserNameUnique(user)) { return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -235,6 +239,7 @@ public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { userService.checkUserDataScope(userId); roleService.checkRoleDataScope(roleIds); userService.insertUserAuth(userId, roleIds); return success(); } src/main/java/com/ruoyi/project/system/domain/SysUser.java
@@ -22,7 +22,7 @@ private static final long serialVersionUID = 1L; /** 用户ID */ @Excel(name = "用户序号", cellType = ColumnType.NUMERIC, prompt = "用户编号") @Excel(name = "用户序号", type = Type.EXPORT, cellType = ColumnType.NUMERIC, prompt = "用户编号") private Long userId; /** 部门ID */ src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
@@ -85,9 +85,9 @@ /** * 校验角色是否有数据权限 * * @param roleId 角色id * @param roleIds 角色id */ public void checkRoleDataScope(Long roleId); public void checkRoleDataScope(Long... roleIds); /** * 通过角色ID查询角色使用数量 src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
@@ -190,7 +190,7 @@ @Override public void checkDeptDataScope(Long deptId) { if (!SysUser.isAdmin(SecurityUtils.getUserId())) if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId)) { SysDept dept = new SysDept(); dept.setDeptId(deptId); src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
@@ -192,19 +192,22 @@ /** * 校验角色是否有数据权限 * * @param roleId 角色id * @param roleIds 角色id */ @Override public void checkRoleDataScope(Long roleId) public void checkRoleDataScope(Long... roleIds) { if (!SysUser.isAdmin(SecurityUtils.getUserId())) { SysRole role = new SysRole(); role.setRoleId(roleId); List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role); if (StringUtils.isEmpty(roles)) for (Long roleId : roleIds) { throw new ServiceException("没有权限访问角色数据!"); SysRole role = new SysRole(); role.setRoleId(roleId); List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role); if (StringUtils.isEmpty(roles)) { throw new ServiceException("没有权限访问角色数据!"); } } } } src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
@@ -28,6 +28,7 @@ import com.ruoyi.project.system.mapper.SysUserPostMapper; import com.ruoyi.project.system.mapper.SysUserRoleMapper; import com.ruoyi.project.system.service.ISysConfigService; import com.ruoyi.project.system.service.ISysDeptService; import com.ruoyi.project.system.service.ISysUserService; /** @@ -57,6 +58,9 @@ @Autowired private ISysConfigService configService; @Autowired private ISysDeptService deptService; @Autowired protected Validator validator; @@ -489,7 +493,6 @@ int failureNum = 0; StringBuilder successMsg = new StringBuilder(); StringBuilder failureMsg = new StringBuilder(); String password = configService.selectConfigByKey("sys.user.initPassword"); for (SysUser user : userList) { try @@ -499,6 +502,8 @@ if (StringUtils.isNull(u)) { BeanValidators.validateWithException(validator, user); deptService.checkDeptDataScope(user.getDeptId()); String password = configService.selectConfigByKey("sys.user.initPassword"); user.setPassword(SecurityUtils.encryptPassword(password)); user.setCreateBy(operName); userMapper.insertUser(user); @@ -510,6 +515,7 @@ BeanValidators.validateWithException(validator, user); checkUserAllowed(u); checkUserDataScope(u.getUserId()); deptService.checkDeptDataScope(user.getDeptId()); user.setUserId(u.getUserId()); user.setUpdateBy(operName); userMapper.updateUser(user);
