From 632b959324ddaa754b8c7aa88f38ec3c994e60f5 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 05 十一月 2024 16:21:15 +0800
Subject: [PATCH] 优化无用户编号不校验数据权限
---
src/main/java/com/ruoyi/project/system/controller/SysUserController.java | 46 +++++++++++++++++++++++++---------------------
1 files changed, 25 insertions(+), 21 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index e21fadf..a3fc083 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -16,7 +16,6 @@
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
-import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
@@ -85,7 +84,7 @@
List<SysUser> userList = util.importExcel(file.getInputStream());
String operName = getUsername();
String message = userService.importUser(userList, updateSupport, operName);
- return AjaxResult.success(message);
+ return success(message);
}
@PostMapping("/importTemplate")
@@ -102,18 +101,18 @@
@GetMapping(value = { "/", "/{userId}" })
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
{
- userService.checkUserDataScope(userId);
AjaxResult ajax = AjaxResult.success();
- List<SysRole> roles = roleService.selectRoleAll();
- ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
- ajax.put("posts", postService.selectPostAll());
if (StringUtils.isNotNull(userId))
{
+ userService.checkUserDataScope(userId);
SysUser sysUser = userService.selectUserById(userId);
ajax.put(AjaxResult.DATA_TAG, sysUser);
ajax.put("postIds", postService.selectPostListByUserId(userId));
ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList()));
}
+ List<SysRole> roles = roleService.selectRoleAll();
+ ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
+ ajax.put("posts", postService.selectPostAll());
return ajax;
}
@@ -125,19 +124,19 @@
@PostMapping
public AjaxResult add(@Validated @RequestBody SysUser user)
{
- if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(user.getUserName())))
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
+ if (!userService.checkUserNameUnique(user))
{
- return AjaxResult.error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
+ return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
}
- else if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
+ else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user))
{
- return AjaxResult.error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
+ return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
}
- else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user)))
+ else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user))
{
- return AjaxResult.error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
+ return error("鏂板鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
user.setCreateBy(getUsername());
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
@@ -154,15 +153,19 @@
{
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
+ deptService.checkDeptDataScope(user.getDeptId());
+ roleService.checkRoleDataScope(user.getRoleIds());
+ if (!userService.checkUserNameUnique(user))
{
- return AjaxResult.error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
+ return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岀櫥褰曡处鍙峰凡瀛樺湪");
}
- else if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user)))
+ else if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user))
{
- return AjaxResult.error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
+ return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
+ }
+ else if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user))
+ {
+ return error("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
user.setUpdateBy(getUsername());
return toAjax(userService.updateUser(user));
@@ -236,6 +239,7 @@
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
{
userService.checkUserDataScope(userId);
+ roleService.checkRoleDataScope(roleIds);
userService.insertUserAuth(userId, roleIds);
return success();
}
@@ -247,6 +251,6 @@
@GetMapping("/deptTree")
public AjaxResult deptTree(SysDept dept)
{
- return AjaxResult.success(deptService.selectDeptTreeList(dept));
+ return success(deptService.selectDeptTreeList(dept));
}
}
--
Gitblit v1.9.3