From ed19109e80a10fd4def53bae13a59f8a917c8fa1 Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 28 九月 2022 16:49:21 +0800
Subject: [PATCH] 导入更新用户数据前校验数据权限
---
src/main/java/com/ruoyi/framework/security/service/PermissionService.java | 19 +++++++++----------
1 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/src/main/java/com/ruoyi/framework/security/service/PermissionService.java b/src/main/java/com/ruoyi/framework/security/service/PermissionService.java
index c0b40a6..a9f3c30 100644
--- a/src/main/java/com/ruoyi/framework/security/service/PermissionService.java
+++ b/src/main/java/com/ruoyi/framework/security/service/PermissionService.java
@@ -1,12 +1,12 @@
package com.ruoyi.framework.security.service;
import java.util.Set;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
-import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.security.LoginUser;
+import com.ruoyi.framework.security.context.PermissionContextHolder;
import com.ruoyi.project.system.domain.SysRole;
/**
@@ -27,9 +27,6 @@
private static final String PERMISSION_DELIMETER = ",";
- @Autowired
- private TokenService tokenService;
-
/**
* 楠岃瘉鐢ㄦ埛鏄惁鍏峰鏌愭潈闄�
*
@@ -42,11 +39,12 @@
{
return false;
}
- LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions()))
{
return false;
}
+ PermissionContextHolder.setContext(permission);
return hasPermissions(loginUser.getPermissions(), permission);
}
@@ -73,11 +71,12 @@
{
return false;
}
- LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions()))
{
return false;
}
+ PermissionContextHolder.setContext(permissions);
Set<String> authorities = loginUser.getPermissions();
for (String permission : permissions.split(PERMISSION_DELIMETER))
{
@@ -101,7 +100,7 @@
{
return false;
}
- LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles()))
{
return false;
@@ -109,7 +108,7 @@
for (SysRole sysRole : loginUser.getUser().getRoles())
{
String roleKey = sysRole.getRoleKey();
- if (SUPER_ADMIN.contains(roleKey) || roleKey.contains(StringUtils.trim(role)))
+ if (SUPER_ADMIN.equals(roleKey) || roleKey.equals(StringUtils.trim(role)))
{
return true;
}
@@ -140,7 +139,7 @@
{
return false;
}
- LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+ LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles()))
{
return false;
--
Gitblit v1.9.3