欧阳子桐 / RuoYi · 提交

转到一个项目

作者 RuoYi
提交 f46b1bbebd55e2eb55943ca9354959c36563c4e5 1 个父辈 e5f30b1a

限制用户操作数据权限范围

内嵌 并排对比
正在显示 6 个修改的文件 包含 26 行增加12 行删除
@@ -124,6 +124,8 @@ public class SysUserController extends BaseController @@ -124,6 +124,8 @@ public class SysUserController extends BaseController
124 @PostMapping 124 @PostMapping
125 public AjaxResult add(@Validated @RequestBody SysUser user) 125 public AjaxResult add(@Validated @RequestBody SysUser user)
126 { 126 {
  127 + deptService.checkDeptDataScope(user.getDeptId());
  128 + roleService.checkRoleDataScope(user.getRoleIds());
127 if (!userService.checkUserNameUnique(user)) 129 if (!userService.checkUserNameUnique(user))
128 { 130 {
129 return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在"); 131 return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在");
@@ -151,6 +153,8 @@ public class SysUserController extends BaseController @@ -151,6 +153,8 @@ public class SysUserController extends BaseController
151 { 153 {
152 userService.checkUserAllowed(user); 154 userService.checkUserAllowed(user);
153 userService.checkUserDataScope(user.getUserId()); 155 userService.checkUserDataScope(user.getUserId());
  156 + deptService.checkDeptDataScope(user.getDeptId());
  157 + roleService.checkRoleDataScope(user.getRoleIds());
154 if (!userService.checkUserNameUnique(user)) 158 if (!userService.checkUserNameUnique(user))
155 { 159 {
156 return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在"); 160 return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
@@ -235,6 +239,7 @@ public class SysUserController extends BaseController @@ -235,6 +239,7 @@ public class SysUserController extends BaseController
235 public AjaxResult insertAuthRole(Long userId, Long[] roleIds) 239 public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
236 { 240 {
237 userService.checkUserDataScope(userId); 241 userService.checkUserDataScope(userId);
  242 + roleService.checkRoleDataScope(roleIds);
238 userService.insertUserAuth(userId, roleIds); 243 userService.insertUserAuth(userId, roleIds);
239 return success(); 244 return success();
240 } 245 }
@@ -22,7 +22,7 @@ public class SysUser extends BaseEntity @@ -22,7 +22,7 @@ public class SysUser extends BaseEntity
22 private static final long serialVersionUID = 1L; 22 private static final long serialVersionUID = 1L;
23 23
24 /** 用户ID */ 24 /** 用户ID */
25 - @Excel(name = "用户序号", cellType = ColumnType.NUMERIC, prompt = "用户编号") 25 + @Excel(name = "用户序号", type = Type.EXPORT, cellType = ColumnType.NUMERIC, prompt = "用户编号")
26 private Long userId; 26 private Long userId;
27 27
28 /** 部门ID */ 28 /** 部门ID */
@@ -85,9 +85,9 @@ public interface ISysRoleService @@ -85,9 +85,9 @@ public interface ISysRoleService
85 /** 85 /**
86 * 校验角色是否有数据权限 86 * 校验角色是否有数据权限
87 * 87 *
88 - * @param roleId 角色id 88 + * @param roleIds 角色id
89 */ 89 */
90 - public void checkRoleDataScope(Long roleId); 90 + public void checkRoleDataScope(Long... roleIds);
91 91
92 /** 92 /**
93 * 通过角色ID查询角色使用数量 93 * 通过角色ID查询角色使用数量
@@ -190,7 +190,7 @@ public class SysDeptServiceImpl implements ISysDeptService @@ -190,7 +190,7 @@ public class SysDeptServiceImpl implements ISysDeptService
190 @Override 190 @Override
191 public void checkDeptDataScope(Long deptId) 191 public void checkDeptDataScope(Long deptId)
192 { 192 {
193 - if (!SysUser.isAdmin(SecurityUtils.getUserId())) 193 + if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
194 { 194 {
195 SysDept dept = new SysDept(); 195 SysDept dept = new SysDept();
196 dept.setDeptId(deptId); 196 dept.setDeptId(deptId);
@@ -192,19 +192,22 @@ public class SysRoleServiceImpl implements ISysRoleService @@ -192,19 +192,22 @@ public class SysRoleServiceImpl implements ISysRoleService
192 /** 192 /**
193 * 校验角色是否有数据权限 193 * 校验角色是否有数据权限
194 * 194 *
195 - * @param roleId 角色id 195 + * @param roleIds 角色id
196 */ 196 */
197 @Override 197 @Override
198 - public void checkRoleDataScope(Long roleId) 198 + public void checkRoleDataScope(Long... roleIds)
199 { 199 {
200 if (!SysUser.isAdmin(SecurityUtils.getUserId())) 200 if (!SysUser.isAdmin(SecurityUtils.getUserId()))
201 { 201 {
202 - SysRole role = new SysRole();  
203 - role.setRoleId(roleId);  
204 - List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);  
205 - if (StringUtils.isEmpty(roles)) 202 + for (Long roleId : roleIds)
206 { 203 {
207 - throw new ServiceException("没有权限访问角色数据!"); 204 + SysRole role = new SysRole();
  205 + role.setRoleId(roleId);
  206 + List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
  207 + if (StringUtils.isEmpty(roles))
  208 + {
  209 + throw new ServiceException("没有权限访问角色数据!");
  210 + }
208 } 211 }
209 } 212 }
210 } 213 }
@@ -28,6 +28,7 @@ import com.ruoyi.system.mapper.SysUserMapper; @@ -28,6 +28,7 @@ import com.ruoyi.system.mapper.SysUserMapper;
28 import com.ruoyi.system.mapper.SysUserPostMapper; 28 import com.ruoyi.system.mapper.SysUserPostMapper;
29 import com.ruoyi.system.mapper.SysUserRoleMapper; 29 import com.ruoyi.system.mapper.SysUserRoleMapper;
30 import com.ruoyi.system.service.ISysConfigService; 30 import com.ruoyi.system.service.ISysConfigService;
  31 +import com.ruoyi.system.service.ISysDeptService;
31 import com.ruoyi.system.service.ISysUserService; 32 import com.ruoyi.system.service.ISysUserService;
32 33
33 /** 34 /**
@@ -59,6 +60,9 @@ public class SysUserServiceImpl implements ISysUserService @@ -59,6 +60,9 @@ public class SysUserServiceImpl implements ISysUserService
59 private ISysConfigService configService; 60 private ISysConfigService configService;
60 61
61 @Autowired 62 @Autowired
  63 + private ISysDeptService deptService;
  64 +
  65 + @Autowired
62 protected Validator validator; 66 protected Validator validator;
63 67
64 /** 68 /**
@@ -489,7 +493,6 @@ public class SysUserServiceImpl implements ISysUserService @@ -489,7 +493,6 @@ public class SysUserServiceImpl implements ISysUserService
489 int failureNum = 0; 493 int failureNum = 0;
490 StringBuilder successMsg = new StringBuilder(); 494 StringBuilder successMsg = new StringBuilder();
491 StringBuilder failureMsg = new StringBuilder(); 495 StringBuilder failureMsg = new StringBuilder();
492 - String password = configService.selectConfigByKey("sys.user.initPassword");  
493 for (SysUser user : userList) 496 for (SysUser user : userList)
494 { 497 {
495 try 498 try
@@ -499,6 +502,8 @@ public class SysUserServiceImpl implements ISysUserService @@ -499,6 +502,8 @@ public class SysUserServiceImpl implements ISysUserService
499 if (StringUtils.isNull(u)) 502 if (StringUtils.isNull(u))
500 { 503 {
501 BeanValidators.validateWithException(validator, user); 504 BeanValidators.validateWithException(validator, user);
  505 + deptService.checkDeptDataScope(user.getDeptId());
  506 + String password = configService.selectConfigByKey("sys.user.initPassword");
502 user.setPassword(SecurityUtils.encryptPassword(password)); 507 user.setPassword(SecurityUtils.encryptPassword(password));
503 user.setCreateBy(operName); 508 user.setCreateBy(operName);
504 userMapper.insertUser(user); 509 userMapper.insertUser(user);
@@ -510,6 +515,7 @@ public class SysUserServiceImpl implements ISysUserService @@ -510,6 +515,7 @@ public class SysUserServiceImpl implements ISysUserService
510 BeanValidators.validateWithException(validator, user); 515 BeanValidators.validateWithException(validator, user);
511 checkUserAllowed(u); 516 checkUserAllowed(u);
512 checkUserDataScope(u.getUserId()); 517 checkUserDataScope(u.getUserId());
  518 + deptService.checkDeptDataScope(user.getDeptId());
513 user.setUserId(u.getUserId()); 519 user.setUserId(u.getUserId());
514 user.setUpdateBy(operName); 520 user.setUpdateBy(operName);
515 userMapper.updateUser(user); 521 userMapper.updateUser(user);