From 4b699cd34c729f36a6ad4bb9ddcc0520c4bf3e61 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 29 五月 2024 14:39:46 +0800
Subject: [PATCH] 限制用户操作数据权限范围
---
src/main/java/com/ruoyi/project/system/controller/SysUserController.java | 75 +++++++++++++++++++++++++------------
1 files changed, 50 insertions(+), 25 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index 1afff5a..ca5d2d2 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -2,6 +2,7 @@
import java.util.List;
import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -15,7 +16,6 @@
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
-import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
@@ -24,8 +24,10 @@
import com.ruoyi.framework.web.controller.BaseController;
import com.ruoyi.framework.web.domain.AjaxResult;
import com.ruoyi.framework.web.page.TableDataInfo;
+import com.ruoyi.project.system.domain.SysDept;
import com.ruoyi.project.system.domain.SysRole;
import com.ruoyi.project.system.domain.SysUser;
+import com.ruoyi.project.system.service.ISysDeptService;
import com.ruoyi.project.system.service.ISysPostService;
import com.ruoyi.project.system.service.ISysRoleService;
import com.ruoyi.project.system.service.ISysUserService;
@@ -46,6 +48,9 @@
private ISysRoleService roleService;
@Autowired
+ private ISysDeptService deptService;
+
+ @Autowired
private ISysPostService postService;
/**
@@ -62,12 +67,12 @@
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.EXPORT)
@PreAuthorize("@ss.hasPermi('system:user:export')")
- @GetMapping("/export")
- public AjaxResult export(SysUser user)
+ @PostMapping("/export")
+ public void export(HttpServletResponse response, SysUser user)
{
List<SysUser> list = userService.selectUserList(user);
ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
- return util.exportExcel(list, "鐢ㄦ埛鏁版嵁");
+ util.exportExcel(response, list, "鐢ㄦ埛鏁版嵁");
}
@Log(title = "鐢ㄦ埛绠$悊", businessType = BusinessType.IMPORT)
@@ -79,14 +84,14 @@
List<SysUser> userList = util.importExcel(file.getInputStream());
String operName = getUsername();
String message = userService.importUser(userList, updateSupport, operName);
- return AjaxResult.success(message);
+ return success(message);
}
- @GetMapping("/importTemplate")
- public AjaxResult importTemplate()
+ @PostMapping("/importTemplate")
+ public void importTemplate(HttpServletResponse response)
{
ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);
- return util.importTemplateExcel("鐢ㄦ埛鏁版嵁");
+ util.importTemplateExcel(response, "鐢ㄦ埛鏁版嵁");
}
/**
@@ -103,9 +108,10 @@
ajax.put("posts", postService.selectPostAll());
if (StringUtils.isNotNull(userId))
{
- ajax.put(AjaxResult.DATA_TAG, userService.selectUserById(userId));
+ SysUser sysUser = userService.selectUserById(userId);
+ ajax.put(AjaxResult.DATA_TAG, sysUser);
ajax.put("postIds", postService.selectPostListByUserId(userId));
- ajax.put("roleIds", roleService.selectRoleListByUserId(userId));
+ ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList()));
}
return ajax;
}
@@ -118,19 +124,19 @@
@PostMapping
public AjaxResult add(@Validated @RequestBody SysUser user)
{
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName())))
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
+ if (!userService.checkUserNameUnique(user))
{
- return AjaxResult.error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
+ return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
}
- else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
+ else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user))
{
- return AjaxResult.error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
+ return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
}
- else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user)))
+ else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user))
{
- return AjaxResult.error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
+ return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
user.setCreateBy(getUsername());
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
@@ -146,15 +152,20 @@
public AjaxResult edit(@Validated @RequestBody SysUser user)
{
userService.checkUserAllowed(user);
- if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
+ userService.checkUserDataScope(user.getUserId());
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
+ if (!userService.checkUserNameUnique(user))
{
- return AjaxResult.error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
+ return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
}
- else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user)))
+ else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user))
{
- return AjaxResult.error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
+ return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
+ }
+ else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user))
+ {
+ return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
user.setUpdateBy(getUsername());
return toAjax(userService.updateUser(user));
@@ -184,6 +195,7 @@
public AjaxResult resetPwd(@RequestBody SysUser user)
{
userService.checkUserAllowed(user);
+ userService.checkUserDataScope(user.getUserId());
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
user.setUpdateBy(getUsername());
return toAjax(userService.resetPwd(user));
@@ -198,6 +210,7 @@
public AjaxResult changeStatus(@RequestBody SysUser user)
{
userService.checkUserAllowed(user);
+ userService.checkUserDataScope(user.getUserId());
user.setUpdateBy(getUsername());
return toAjax(userService.updateUserStatus(user));
}
@@ -225,7 +238,19 @@
@PutMapping("/authRole")
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
{
+ userService.checkUserDataScope(userId);
+ roleService.checkRoleDataScope(roleIds);
userService.insertUserAuth(userId, roleIds);
return success();
}
-}
\ No newline at end of file
+
+ /**
+ * 鑾峰彇閮ㄩ棬鏍戝垪琛�
+ */
+ @PreAuthorize("@ss.hasPermi('system:user:list')")
+ @GetMapping("/deptTree")
+ public AjaxResult deptTree(SysDept dept)
+ {
+ return success(deptService.selectDeptTreeList(dept));
+ }
+}
--
Gitblit v1.9.3