From a195a18959d20590b65d6c34c5622de0b2e6839f Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期二, 24 八月 2021 15:58:47 +0800
Subject: [PATCH] 修改时检查用户数据权限范围
---
src/main/java/com/ruoyi/project/system/service/ISysDeptService.java | 7 +++
src/main/java/com/ruoyi/project/system/service/ISysUserService.java | 7 +++
src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java | 21 ++++++++++
src/main/java/com/ruoyi/project/system/controller/SysUserController.java | 1
src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java | 23 +++++++++++
src/main/java/com/ruoyi/project/system/service/ISysRoleService.java | 7 +++
src/main/java/com/ruoyi/project/system/controller/SysRoleController.java | 1
src/main/java/com/ruoyi/project/system/controller/SysDeptController.java | 1
src/main/resources/mybatis/system/SysUserMapper.xml | 3 +
src/main/resources/mybatis/system/SysRoleMapper.xml | 3 +
src/main/resources/mybatis/system/SysDeptMapper.xml | 3 +
src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java | 22 +++++++++++
12 files changed, 99 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java b/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java
index 7b2668d..0f4b0a6 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java
@@ -74,6 +74,7 @@
@GetMapping(value = "/{deptId}")
public AjaxResult getInfo(@PathVariable Long deptId)
{
+ deptService.checkDeptDataScope(deptId);
return AjaxResult.success(deptService.selectDeptById(deptId));
}
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java
index 6631532..49ae1bc 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java
@@ -76,6 +76,7 @@
@GetMapping(value = "/{roleId}")
public AjaxResult getInfo(@PathVariable Long roleId)
{
+ roleService.checkRoleDataScope(roleId);
return AjaxResult.success(roleService.selectRoleById(roleId));
}
diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
index cb4ed90..1afff5a 100644
--- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
+++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java
@@ -96,6 +96,7 @@
@GetMapping(value = { "/", "/{userId}" })
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
{
+ userService.checkUserDataScope(userId);
AjaxResult ajax = AjaxResult.success();
List<SysRole> roles = roleService.selectRoleAll();
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
diff --git a/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java b/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java
index 5f59b8a..075d3cd 100644
--- a/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java
+++ b/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java
@@ -84,6 +84,13 @@
public String checkDeptNameUnique(SysDept dept);
/**
+ * 鏍¢獙閮ㄩ棬鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param deptId 閮ㄩ棬id
+ */
+ public void checkDeptDataScope(Long deptId);
+
+ /**
* 鏂板淇濆瓨閮ㄩ棬淇℃伅
*
* @param dept 閮ㄩ棬淇℃伅
diff --git a/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java b/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
index d33a4fb..05182ff 100644
--- a/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
+++ b/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java
@@ -83,6 +83,13 @@
public void checkRoleAllowed(SysRole role);
/**
+ * 鏍¢獙瑙掕壊鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param roleId 瑙掕壊id
+ */
+ public void checkRoleDataScope(Long roleId);
+
+ /**
* 閫氳繃瑙掕壊ID鏌ヨ瑙掕壊浣跨敤鏁伴噺
*
* @param roleId 瑙掕壊ID
diff --git a/src/main/java/com/ruoyi/project/system/service/ISysUserService.java b/src/main/java/com/ruoyi/project/system/service/ISysUserService.java
index 4206286..43be9a6 100644
--- a/src/main/java/com/ruoyi/project/system/service/ISysUserService.java
+++ b/src/main/java/com/ruoyi/project/system/service/ISysUserService.java
@@ -98,6 +98,13 @@
public void checkUserAllowed(SysUser user);
/**
+ * 鏍¢獙鐢ㄦ埛鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param userId 鐢ㄦ埛id
+ */
+ public void checkUserDataScope(Long userId);
+
+ /**
* 鏂板鐢ㄦ埛淇℃伅
*
* @param user 鐢ㄦ埛淇℃伅
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
index aae3800..0cc2c3f 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java
@@ -9,11 +9,14 @@
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.aspectj.lang.annotation.DataScope;
import com.ruoyi.framework.web.domain.TreeSelect;
import com.ruoyi.project.system.domain.SysDept;
import com.ruoyi.project.system.domain.SysRole;
+import com.ruoyi.project.system.domain.SysUser;
import com.ruoyi.project.system.mapper.SysDeptMapper;
import com.ruoyi.project.system.mapper.SysRoleMapper;
import com.ruoyi.project.system.service.ISysDeptService;
@@ -172,6 +175,26 @@
}
/**
+ * 鏍¢獙閮ㄩ棬鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param deptId 閮ㄩ棬id
+ */
+ @Override
+ public void checkDeptDataScope(Long deptId)
+ {
+ if (!SysUser.isAdmin(SecurityUtils.getUserId()))
+ {
+ SysDept dept = new SysDept();
+ dept.setDeptId(deptId);
+ List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
+ if (StringUtils.isEmpty(depts))
+ {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
+ }
+ }
+ }
+
+ /**
* 鏂板淇濆瓨閮ㄩ棬淇℃伅
*
* @param dept 閮ㄩ棬淇℃伅
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
index faa92ad..54cd6a0 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java
@@ -10,12 +10,14 @@
import org.springframework.transaction.annotation.Transactional;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.aspectj.lang.annotation.DataScope;
import com.ruoyi.project.system.domain.SysRole;
import com.ruoyi.project.system.domain.SysRoleDept;
import com.ruoyi.project.system.domain.SysRoleMenu;
+import com.ruoyi.project.system.domain.SysUser;
import com.ruoyi.project.system.domain.SysUserRole;
import com.ruoyi.project.system.mapper.SysRoleDeptMapper;
import com.ruoyi.project.system.mapper.SysRoleMapper;
@@ -188,6 +190,26 @@
}
/**
+ * 鏍¢獙瑙掕壊鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param roleId 瑙掕壊id
+ */
+ @Override
+ public void checkRoleDataScope(Long roleId)
+ {
+ if (!SysUser.isAdmin(SecurityUtils.getUserId()))
+ {
+ SysRole role = new SysRole();
+ role.setRoleId(roleId);
+ List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
+ if (StringUtils.isEmpty(roles))
+ {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶瑙掕壊鏁版嵁锛�");
+ }
+ }
+ }
+
+ /**
* 閫氳繃瑙掕壊ID鏌ヨ瑙掕壊浣跨敤鏁伴噺
*
* @param roleId 瑙掕壊ID
diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
index 9f6583d..8a7c3e2 100644
--- a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
+++ b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java
@@ -11,6 +11,7 @@
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.framework.aspectj.lang.annotation.DataScope;
import com.ruoyi.project.system.domain.SysPost;
import com.ruoyi.project.system.domain.SysRole;
@@ -228,6 +229,26 @@
}
/**
+ * 鏍¢獙鐢ㄦ埛鏄惁鏈夋暟鎹潈闄�
+ *
+ * @param userId 鐢ㄦ埛id
+ */
+ @Override
+ public void checkUserDataScope(Long userId)
+ {
+ if (!SysUser.isAdmin(SecurityUtils.getUserId()))
+ {
+ SysUser user = new SysUser();
+ user.setUserId(userId);
+ List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
+ if (StringUtils.isEmpty(users))
+ {
+ throw new ServiceException("娌℃湁鏉冮檺璁块棶鐢ㄦ埛鏁版嵁锛�");
+ }
+ }
+ }
+
+ /**
* 鏂板淇濆瓨鐢ㄦ埛淇℃伅
*
* @param user 鐢ㄦ埛淇℃伅
diff --git a/src/main/resources/mybatis/system/SysDeptMapper.xml b/src/main/resources/mybatis/system/SysDeptMapper.xml
index 9cbfb92..7a0da74 100644
--- a/src/main/resources/mybatis/system/SysDeptMapper.xml
+++ b/src/main/resources/mybatis/system/SysDeptMapper.xml
@@ -30,6 +30,9 @@
<select id="selectDeptList" parameterType="SysDept" resultMap="SysDeptResult">
<include refid="selectDeptVo"/>
where d.del_flag = '0'
+ <if test="deptId != null and deptId != 0">
+ AND dept_id = #{deptId}
+ </if>
<if test="parentId != null and parentId != 0">
AND parent_id = #{parentId}
</if>
diff --git a/src/main/resources/mybatis/system/SysRoleMapper.xml b/src/main/resources/mybatis/system/SysRoleMapper.xml
index 2e96e2d..183cb0b 100644
--- a/src/main/resources/mybatis/system/SysRoleMapper.xml
+++ b/src/main/resources/mybatis/system/SysRoleMapper.xml
@@ -33,6 +33,9 @@
<select id="selectRoleList" parameterType="SysRole" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
where r.del_flag = '0'
+ <if test="roleId != null and roleId != 0">
+ AND r.role_id = #{roleId}
+ </if>
<if test="roleName != null and roleName != ''">
AND r.role_name like concat('%', #{roleName}, '%')
</if>
diff --git a/src/main/resources/mybatis/system/SysUserMapper.xml b/src/main/resources/mybatis/system/SysUserMapper.xml
index 05ff721..80af996 100644
--- a/src/main/resources/mybatis/system/SysUserMapper.xml
+++ b/src/main/resources/mybatis/system/SysUserMapper.xml
@@ -59,6 +59,9 @@
select u.user_id, u.dept_id, u.nick_name, u.user_name, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, d.dept_name, d.leader from sys_user u
left join sys_dept d on u.dept_id = d.dept_id
where u.del_flag = '0'
+ <if test="userId != null and userId != 0">
+ AND u.user_id = #{userId}
+ </if>
<if test="userName != null and userName != ''">
AND u.user_name like concat('%', #{userName}, '%')
</if>
--
Gitblit v1.9.3