From 4b699cd34c729f36a6ad4bb9ddcc0520c4bf3e61 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 29 五月 2024 14:39:46 +0800
Subject: [PATCH] 限制用户操作数据权限范围
---
src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java | 8 +++++++-
src/main/java/com/ruoyi/project/system/controller/SysUserController.java | 5 +++++
src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java | 2 +-
src/main/java/com/ruoyi/project/system/service/ISysRoleService.java | 4 ++--
src/main/java/com/ruoyi/project/system/domain/SysUser.java | 2 +-
src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java | 17 ++++++++++-------
6 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index 19c100e..ca5d2d2 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -124,6 +124,8 @@
@PostMapping
public AjaxResult add(@Validated @RequestBody SysUser user)
{
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
if (!userService.checkUserNameUnique(user))
{
return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
@@ -151,6 +153,8 @@
{
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
if (!userService.checkUserNameUnique(user))
{
return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
@@ -235,6 +239,7 @@
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
{
userService.checkUserDataScope(userId);
+ roleService.checkRoleDataScope(roleIds);
userService.insertUserAuth(userId, roleIds);
return success();
}
diff --git a/src/main/java/com/ruoyi/project/system/domain/SysUser.java b/src/main/java/com/ruoyi/project/system/domain/SysUser.java
index 9bfabde..c9735d8 100644
--- a/src/main/java/com/ruoyi/project/system/domain/SysUser.java
+++ b/src/main/java/com/ruoyi/project/system/domain/SysUser.java
@@ -22,7 +22,7 @@
private static final long serialVersionUID = 1L;
/** 鐢ㄦ埛ID */
- @Excel(name = "鐢ㄦ埛搴忓彿", cellType = ColumnType.NUMERIC, prompt = "鐢ㄦ埛缂栧彿")
+ @Excel(name = "鐢ㄦ埛搴忓彿", type = Type.EXPORT, cellType = ColumnType.NUMERIC, prompt = "鐢ㄦ埛缂栧彿")
private Long userId;
/** 閮ㄩ棬ID */
diff --git a/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java b/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
index 8bf0f4f..98367ef 100644
--- a/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
+++ b/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
@@ -85,9 +85,9 @@
/**
* 鏍¢獙瑙掕壊鏄惁鏈夋暟鎹潈闄�
*
- * @param roleId 瑙掕壊id
+ * @param roleIds 瑙掕壊id
*/
- public void checkRoleDataScope(Long roleId);
+ public void checkRoleDataScope(Long... roleIds);
/**
* 閫氳繃瑙掕壊ID鏌ヨ瑙掕壊浣跨敤鏁伴噺
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
index b578017..a96a5ae 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
@@ -190,7 +190,7 @@
@Override
public void checkDeptDataScope(Long deptId)
{
- if (!SysUser.isAdmin(SecurityUtils.getUserId()))
+ if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
{
SysDept dept = new SysDept();
dept.setDeptId(deptId);
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
index f8e5390..1fe2055 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
@@ -192,19 +192,22 @@
/**
* 鏍¢獙瑙掕壊鏄惁鏈夋暟鎹潈闄�
*
- * @param roleId 瑙掕壊id
+ * @param roleIds 瑙掕壊id
*/
@Override
- public void checkRoleDataScope(Long roleId)
+ public void checkRoleDataScope(Long... roleIds)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
{
- SysRole role = new SysRole();
- role.setRoleId(roleId);
- List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
- if (StringUtils.isEmpty(roles))
+ for (Long roleId : roleIds)
{
- throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
+ SysRole role = new SysRole();
+ role.setRoleId(roleId);
+ List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
+ if (StringUtils.isEmpty(roles))
+ {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
+ }
}
}
}
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
index a7bf99b..fcb1784 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
@@ -28,6 +28,7 @@
import com.ruoyi.project.system.mapper.SysUserPostMapper;
import com.ruoyi.project.system.mapper.SysUserRoleMapper;
import com.ruoyi.project.system.service.ISysConfigService;
+import com.ruoyi.project.system.service.ISysDeptService;
import com.ruoyi.project.system.service.ISysUserService;
/**
@@ -57,6 +58,9 @@
@Autowired
private ISysConfigService configService;
+
+ @Autowired
+ private ISysDeptService deptService;
@Autowired
protected Validator validator;
@@ -489,7 +493,6 @@
int failureNum = 0;
StringBuilder successMsg = new StringBuilder();
StringBuilder failureMsg = new StringBuilder();
- String password = configService.selectConfigByKey("sys.user.initPassword");
for (SysUser user : userList)
{
try
@@ -499,6 +502,8 @@
if (StringUtils.isNull(u))
{
BeanValidators.validateWithException(validator, user);
+ deptService.checkDeptDataScope(user.getDeptId());
+ String password = configService.selectConfigByKey("sys.user.initPassword");
user.setPassword(SecurityUtils.encryptPassword(password));
user.setCreateBy(operName);
userMapper.insertUser(user);
@@ -510,6 +515,7 @@
BeanValidators.validateWithException(validator, user);
checkUserAllowed(u);
checkUserDataScope(u.getUserId());
+ deptService.checkDeptDataScope(user.getDeptId());
user.setUserId(u.getUserId());
user.setUpdateBy(operName);
userMapper.updateUser(user);
--
Gitblit v1.9.3