From 8d6a2305324438726e7c009c6249aa7aa1319e5f Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期一, 22 八月 2022 10:24:30 +0800
Subject: [PATCH] 优化Context信息,防止泄漏问题
---
src/main/java/com/ruoyi/project/system/controller/SysUserController.java | 26 +++++++++++++++++++++++---
1 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index 18de675..e21fadf 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -25,8 +25,10 @@
import com.ruoyi.framework.web.controller.BaseController;
import com.ruoyi.framework.web.domain.AjaxResult;
import com.ruoyi.framework.web.page.TableDataInfo;
+import com.ruoyi.project.system.domain.SysDept;
import com.ruoyi.project.system.domain.SysRole;
import com.ruoyi.project.system.domain.SysUser;
+import com.ruoyi.project.system.service.ISysDeptService;
import com.ruoyi.project.system.service.ISysPostService;
import com.ruoyi.project.system.service.ISysRoleService;
import com.ruoyi.project.system.service.ISysUserService;
@@ -45,6 +47,9 @@
@Autowired
private ISysRoleService roleService;
+
+ @Autowired
+ private ISysDeptService deptService;
@Autowired
private ISysPostService postService;
@@ -104,9 +109,10 @@
ajax.put("posts", postService.selectPostAll());
if (StringUtils.isNotNull(userId))
{
- ajax.put(AjaxResult.DATA_TAG, userService.selectUserById(userId));
+ SysUser sysUser = userService.selectUserById(userId);
+ ajax.put(AjaxResult.DATA_TAG, sysUser);
ajax.put("postIds", postService.selectPostListByUserId(userId));
- ajax.put("roleIds", roleService.selectRoleListByUserId(userId));
+ ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList()));
}
return ajax;
}
@@ -147,6 +153,7 @@
public AjaxResult edit(@Validated @RequestBody SysUser user)
{
userService.checkUserAllowed(user);
+ userService.checkUserDataScope(user.getUserId());
if (StringUtils.isNotEmpty(user.getPhonenumber())
&& UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
{
@@ -185,6 +192,7 @@
public AjaxResult resetPwd(@RequestBody SysUser user)
{
userService.checkUserAllowed(user);
+ userService.checkUserDataScope(user.getUserId());
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
user.setUpdateBy(getUsername());
return toAjax(userService.resetPwd(user));
@@ -199,6 +207,7 @@
public AjaxResult changeStatus(@RequestBody SysUser user)
{
userService.checkUserAllowed(user);
+ userService.checkUserDataScope(user.getUserId());
user.setUpdateBy(getUsername());
return toAjax(userService.updateUserStatus(user));
}
@@ -226,7 +235,18 @@
@PutMapping("/authRole")
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
{
+ userService.checkUserDataScope(userId);
userService.insertUserAuth(userId, roleIds);
return success();
}
-}
\ No newline at end of file
+
+ /**
+ * 鑾峰彇閮ㄩ棬鏍戝垪琛�
+ */
+ @PreAuthorize("@ss.hasPermi('system:user:list')")
+ @GetMapping("/deptTree")
+ public AjaxResult deptTree(SysDept dept)
+ {
+ return AjaxResult.success(deptService.selectDeptTreeList(dept));
+ }
+}
--
Gitblit v1.9.3