update 优化校验角色是否有数据权限

2025-11-04 16:23:42 +08:00 · 2025-07-04 18:52:29 +08:00
parent f3c4c02d73
commit a7cddc8d40
2 changed files with 20 additions and 7 deletions
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysRoleMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysRoleMapper.java
@@ -1,13 +1,16 @@
 package org.dromara.system.mapper;

+import cn.hutool.core.collection.CollUtil;
 import com.baomidou.mybatisplus.core.conditions.Wrapper;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Constants;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.apache.ibatis.annotations.Param;
+import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.mybatis.annotation.DataColumn;
 import org.dromara.common.mybatis.annotation.DataPermission;
 import org.dromara.common.mybatis.core.mapper.BaseMapperPlus;
+import org.dromara.common.satoken.utils.LoginHelper;
 import org.dromara.system.domain.SysRole;
 import org.dromara.system.domain.vo.SysRoleVo;

@@ -75,6 +78,21 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
        return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
    }

+    /**
+     * 校验角色是否有数据权限
+     *
+     * @param roleIds 角色ID列表（支持传单个ID）
+     */
+    default void checkRoleDataScope(List<Long> roleIds) {
+        if (CollUtil.isEmpty(roleIds) || LoginHelper.isSuperAdmin()) {
+            return;
+        }
+        long count = this.selectRoleCount(roleIds);
+        if (count != roleIds.size()) {
+            throw new ServiceException("没有权限访问部分角色数据！");
+        }
+    }
+
    /**
     * 根据角色ID查询角色信息
     *
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
@@ -254,12 +254,7 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
        if (ObjectUtil.isNull(roleId)) {
            return;
        }
-        if (LoginHelper.isSuperAdmin()) {
-            return;
-        }
-        if (baseMapper.selectRoleCount(Collections.singletonList(roleId)) == 0) {
-            throw new ServiceException("没有权限访问角色数据！");
-        }
+        baseMapper.checkRoleDataScope(Collections.singletonList(roleId));
    }

    /**
@@ -417,9 +412,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
    @Transactional(rollbackFor = Exception.class)
    public int deleteRoleByIds(List<Long> roleIds) {
        List<SysRole> roles = baseMapper.selectByIds(roleIds);
+        baseMapper.checkRoleDataScope(roleIds);
        for (SysRole role : roles) {
            checkRoleAllowed(BeanUtil.toBean(role, SysRoleBo.class));
-            checkRoleDataScope(role.getRoleId());
            if (countUserRoleByRoleId(role.getRoleId()) > 0) {
                throw new ServiceException(String.format("%1$s已分配，不能删除!", role.getRoleName()));
            }