mirror of
https://github.com/dromara/RuoYi-Vue-Plus.git
synced 2025-11-04 16:23:42 +08:00
update 优化 重构系统业务数据权限 避免可能存在的越权风险
This commit is contained in:
疯狂的狮子Li
@@ -22,7 +22,6 @@ import com.ruoyi.system.domain.vo.DeptTreeSelectVo;
|
||||
import com.ruoyi.system.domain.vo.SysRoleVo;
|
||||
import com.ruoyi.system.domain.vo.SysUserVo;
|
||||
import com.ruoyi.system.service.ISysDeptService;
|
||||
import com.ruoyi.system.service.ISysPermissionService;
|
||||
import com.ruoyi.system.service.ISysRoleService;
|
||||
import com.ruoyi.system.service.ISysUserService;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
@@ -46,7 +45,6 @@ public class SysRoleController extends BaseController {
|
||||
private final ISysRoleService roleService;
|
||||
private final ISysUserService userService;
|
||||
private final ISysDeptService deptService;
|
||||
private final ISysPermissionService permissionService;
|
||||
|
||||
/**
|
||||
* 获取角色信息列表
|
||||
@@ -103,7 +101,7 @@ public class SysRoleController extends BaseController {
|
||||
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping
|
||||
public R<Void> edit(@Validated @RequestBody SysRoleBo role) {
|
||||
roleService.checkRoleAllowed(role);
|
||||
roleService.checkRoleAllowed(role.getRoleId());
|
||||
roleService.checkRoleDataScope(role.getRoleId());
|
||||
if (!roleService.checkRoleNameUnique(role)) {
|
||||
return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在");
|
||||
@@ -143,7 +141,7 @@ public class SysRoleController extends BaseController {
|
||||
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping("/dataScope")
|
||||
public R<Void> dataScope(@RequestBody SysRoleBo role) {
|
||||
roleService.checkRoleAllowed(role);
|
||||
roleService.checkRoleAllowed(role.getRoleId());
|
||||
roleService.checkRoleDataScope(role.getRoleId());
|
||||
return toAjax(roleService.authDataScope(role));
|
||||
}
|
||||
@@ -155,9 +153,9 @@ public class SysRoleController extends BaseController {
|
||||
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping("/changeStatus")
|
||||
public R<Void> changeStatus(@RequestBody SysRoleBo role) {
|
||||
roleService.checkRoleAllowed(role);
|
||||
roleService.checkRoleAllowed(role.getRoleId());
|
||||
roleService.checkRoleDataScope(role.getRoleId());
|
||||
return toAjax(roleService.updateRoleStatus(role));
|
||||
return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus()));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -145,7 +145,7 @@ public class SysUserController extends BaseController {
|
||||
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping
|
||||
public R<Void> edit(@Validated @RequestBody SysUserBo user) {
|
||||
userService.checkUserAllowed(user);
|
||||
userService.checkUserAllowed(user.getUserId());
|
||||
userService.checkUserDataScope(user.getUserId());
|
||||
if (!userService.checkUserNameUnique(user)) {
|
||||
return R.fail("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
|
||||
@@ -179,10 +179,10 @@ public class SysUserController extends BaseController {
|
||||
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping("/resetPwd")
|
||||
public R<Void> resetPwd(@RequestBody SysUserBo user) {
|
||||
userService.checkUserAllowed(user);
|
||||
userService.checkUserAllowed(user.getUserId());
|
||||
userService.checkUserDataScope(user.getUserId());
|
||||
user.setPassword(BCrypt.hashpw(user.getPassword()));
|
||||
return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword()));
|
||||
return toAjax(userService.resetUserPwd(user.getUserId(), user.getPassword()));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -192,9 +192,9 @@ public class SysUserController extends BaseController {
|
||||
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping("/changeStatus")
|
||||
public R<Void> changeStatus(@RequestBody SysUserBo user) {
|
||||
userService.checkUserAllowed(user);
|
||||
userService.checkUserAllowed(user.getUserId());
|
||||
userService.checkUserDataScope(user.getUserId());
|
||||
return toAjax(userService.updateUserStatus(user));
|
||||
return toAjax(userService.updateUserStatus(user.getUserId(), user.getStatus()));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -67,7 +67,7 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
|
||||
SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
|
||||
user.setUserId(userId);
|
||||
ValidatorUtils.validate(user);
|
||||
userService.checkUserAllowed(user);
|
||||
userService.checkUserAllowed(user.getUserId());
|
||||
userService.checkUserDataScope(user.getUserId());
|
||||
user.setUpdateBy(operUserId);
|
||||
userService.updateUser(user);
|
||||
|
||||
@@ -29,6 +29,11 @@ public interface SysDeptMapper extends BaseMapperPlus<SysDeptMapper, SysDept, Sy
|
||||
})
|
||||
List<SysDeptVo> selectDeptList(@Param(Constants.WRAPPER) Wrapper<SysDept> queryWrapper);
|
||||
|
||||
@DataPermission({
|
||||
@DataColumn(key = "deptName", value = "dept_id")
|
||||
})
|
||||
SysDeptVo selectDeptById(Long deptId);
|
||||
|
||||
/**
|
||||
* 根据角色ID查询部门树信息
|
||||
*
|
||||
|
||||
@@ -5,8 +5,8 @@ import com.baomidou.mybatisplus.core.toolkit.Constants;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import com.ruoyi.common.mybatis.annotation.DataColumn;
|
||||
import com.ruoyi.common.mybatis.annotation.DataPermission;
|
||||
import com.ruoyi.system.domain.SysRole;
|
||||
import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus;
|
||||
import com.ruoyi.system.domain.SysRole;
|
||||
import com.ruoyi.system.domain.vo.SysRoleVo;
|
||||
import org.apache.ibatis.annotations.Param;
|
||||
|
||||
@@ -35,6 +35,11 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRoleMapper, SysRole, Sy
|
||||
})
|
||||
List<SysRoleVo> selectRoleList(@Param(Constants.WRAPPER) Wrapper<SysRole> queryWrapper);
|
||||
|
||||
@DataPermission({
|
||||
@DataColumn(key = "deptName", value = "d.dept_id")
|
||||
})
|
||||
SysRoleVo selectRoleById(Long roleId);
|
||||
|
||||
/**
|
||||
* 根据用户ID查询角色
|
||||
*
|
||||
|
||||
@@ -104,6 +104,10 @@ public interface SysUserMapper extends BaseMapperPlus<SysUserMapper, SysUser, Sy
|
||||
* @param userId 用户ID
|
||||
* @return 用户对象信息
|
||||
*/
|
||||
@DataPermission({
|
||||
@DataColumn(key = "deptName", value = "d.dept_id"),
|
||||
@DataColumn(key = "userName", value = "u.user_id")
|
||||
})
|
||||
SysUserVo selectUserById(Long userId);
|
||||
|
||||
@Override
|
||||
@@ -111,7 +115,7 @@ public interface SysUserMapper extends BaseMapperPlus<SysUserMapper, SysUser, Sy
|
||||
@DataColumn(key = "deptName", value = "dept_id"),
|
||||
@DataColumn(key = "userName", value = "user_id")
|
||||
})
|
||||
int update(@Param(Constants.ENTITY) SysUser user,@Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
|
||||
int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
|
||||
|
||||
@Override
|
||||
@DataPermission({
|
||||
|
||||
@@ -85,9 +85,9 @@ public interface ISysRoleService {
|
||||
/**
|
||||
* 校验角色是否允许操作
|
||||
*
|
||||
* @param role 角色信息
|
||||
* @param roleId 角色ID
|
||||
*/
|
||||
void checkRoleAllowed(SysRoleBo role);
|
||||
void checkRoleAllowed(Long roleId);
|
||||
|
||||
/**
|
||||
* 校验角色是否有数据权限
|
||||
@@ -123,10 +123,11 @@ public interface ISysRoleService {
|
||||
/**
|
||||
* 修改角色状态
|
||||
*
|
||||
* @param bo 角色信息
|
||||
* @param roleId 角色ID
|
||||
* @param status 角色状态
|
||||
* @return 结果
|
||||
*/
|
||||
int updateRoleStatus(SysRoleBo bo);
|
||||
int updateRoleStatus(Long roleId, String status);
|
||||
|
||||
/**
|
||||
* 修改数据权限信息
|
||||
|
||||
@@ -108,9 +108,9 @@ public interface ISysUserService {
|
||||
/**
|
||||
* 校验用户是否允许操作
|
||||
*
|
||||
* @param user 用户信息
|
||||
* @param userId 用户ID
|
||||
*/
|
||||
void checkUserAllowed(SysUserBo user);
|
||||
void checkUserAllowed(Long userId);
|
||||
|
||||
/**
|
||||
* 校验用户是否有数据权限
|
||||
@@ -154,10 +154,11 @@ public interface ISysUserService {
|
||||
/**
|
||||
* 修改用户状态
|
||||
*
|
||||
* @param user 用户信息
|
||||
* @param userId 用户ID
|
||||
* @param status 帐号状态
|
||||
* @return 结果
|
||||
*/
|
||||
int updateUserStatus(SysUserBo user);
|
||||
int updateUserStatus(Long userId, String status);
|
||||
|
||||
/**
|
||||
* 修改用户基本信息
|
||||
|
||||
@@ -212,13 +212,15 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService {
|
||||
*/
|
||||
@Override
|
||||
public void checkDeptDataScope(Long deptId) {
|
||||
if (!LoginHelper.isSuperAdmin()) {
|
||||
SysDeptBo dept = new SysDeptBo();
|
||||
dept.setDeptId(deptId);
|
||||
List<SysDeptVo> depts = this.selectDeptList(dept);
|
||||
if (CollUtil.isEmpty(depts)) {
|
||||
throw new ServiceException("没有权限访问部门数据!");
|
||||
if (ObjectUtil.isNull(deptId)) {
|
||||
return;
|
||||
}
|
||||
if (LoginHelper.isSuperAdmin()) {
|
||||
return;
|
||||
}
|
||||
SysDeptVo dept = baseMapper.selectDeptById(deptId);
|
||||
if (ObjectUtil.isNull(dept)) {
|
||||
throw new ServiceException("没有权限访问部门数据!");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -250,14 +252,18 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService {
|
||||
@Override
|
||||
public int updateDept(SysDeptBo bo) {
|
||||
SysDept dept = MapstructUtils.convert(bo, SysDept.class);
|
||||
SysDept newParentDept = baseMapper.selectById(dept.getParentId());
|
||||
SysDept oldDept = baseMapper.selectById(dept.getDeptId());
|
||||
if (!oldDept.getParentId().equals(dept.getParentId())) {
|
||||
// 如果是新父部门 则校验是否具有新父部门权限 避免越权
|
||||
this.checkDeptDataScope(dept.getParentId());
|
||||
SysDept newParentDept = baseMapper.selectById(dept.getParentId());
|
||||
if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
|
||||
String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
|
||||
String oldAncestors = oldDept.getAncestors();
|
||||
dept.setAncestors(newAncestors);
|
||||
updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
|
||||
}
|
||||
}
|
||||
int result = baseMapper.updateById(dept);
|
||||
if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors())
|
||||
&& !StringUtils.equals(UserConstants.DEPT_NORMAL, dept.getAncestors())) {
|
||||
|
||||
@@ -5,17 +5,18 @@ import cn.hutool.core.util.ObjectUtil;
|
||||
import com.baomidou.mybatisplus.core.conditions.Wrapper;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
|
||||
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import com.ruoyi.common.core.constant.UserConstants;
|
||||
import com.ruoyi.common.core.exception.ServiceException;
|
||||
import com.ruoyi.common.core.utils.MapstructUtils;
|
||||
import com.ruoyi.common.core.utils.StreamUtils;
|
||||
import com.ruoyi.common.core.utils.StringUtils;
|
||||
import com.ruoyi.common.mybatis.core.page.PageQuery;
|
||||
import com.ruoyi.system.domain.SysRole;
|
||||
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
|
||||
import com.ruoyi.common.core.exception.ServiceException;
|
||||
import com.ruoyi.common.satoken.utils.LoginHelper;
|
||||
import com.ruoyi.system.domain.SysRole;
|
||||
import com.ruoyi.system.domain.SysRoleDept;
|
||||
import com.ruoyi.system.domain.SysRoleMenu;
|
||||
import com.ruoyi.system.domain.SysUserRole;
|
||||
@@ -145,7 +146,7 @@ public class SysRoleServiceImpl implements ISysRoleService {
|
||||
*/
|
||||
@Override
|
||||
public SysRoleVo selectRoleById(Long roleId) {
|
||||
return baseMapper.selectVoById(roleId);
|
||||
return baseMapper.selectRoleById(roleId);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -179,11 +180,11 @@ public class SysRoleServiceImpl implements ISysRoleService {
|
||||
/**
|
||||
* 校验角色是否允许操作
|
||||
*
|
||||
* @param role 角色信息
|
||||
* @param roleId 角色ID
|
||||
*/
|
||||
@Override
|
||||
public void checkRoleAllowed(SysRoleBo role) {
|
||||
if (ObjectUtil.isNotNull(role.getRoleId()) && role.isSuperAdmin()) {
|
||||
public void checkRoleAllowed(Long roleId) {
|
||||
if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) {
|
||||
throw new ServiceException("不允许操作超级管理员角色");
|
||||
}
|
||||
}
|
||||
@@ -195,14 +196,17 @@ public class SysRoleServiceImpl implements ISysRoleService {
|
||||
*/
|
||||
@Override
|
||||
public void checkRoleDataScope(Long roleId) {
|
||||
if (!LoginHelper.isSuperAdmin()) {
|
||||
SysRoleBo role = new SysRoleBo();
|
||||
role.setRoleId(roleId);
|
||||
List<SysRoleVo> roles = this.selectRoleList(role);
|
||||
if (ObjectUtil.isNull(roleId)) {
|
||||
return;
|
||||
}
|
||||
if (LoginHelper.isSuperAdmin()) {
|
||||
return;
|
||||
}
|
||||
List<SysRoleVo> roles = this.selectRoleList(new SysRoleBo(roleId));
|
||||
if (CollUtil.isEmpty(roles)) {
|
||||
throw new ServiceException("没有权限访问角色数据!");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -252,13 +256,16 @@ public class SysRoleServiceImpl implements ISysRoleService {
|
||||
/**
|
||||
* 修改角色状态
|
||||
*
|
||||
* @param bo 角色信息
|
||||
* @param roleId 角色ID
|
||||
* @param status 角色状态
|
||||
* @return 结果
|
||||
*/
|
||||
@Override
|
||||
public int updateRoleStatus(SysRoleBo bo) {
|
||||
SysRole role = MapstructUtils.convert(bo, SysRole.class);
|
||||
return baseMapper.updateById(role);
|
||||
public int updateRoleStatus(Long roleId, String status) {
|
||||
return baseMapper.update(null,
|
||||
new LambdaUpdateWrapper<SysRole>()
|
||||
.set(SysRole::getStatus, status)
|
||||
.eq(SysRole::getRoleId, roleId));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -347,7 +354,7 @@ public class SysRoleServiceImpl implements ISysRoleService {
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public int deleteRoleByIds(Long[] roleIds) {
|
||||
for (Long roleId : roleIds) {
|
||||
checkRoleAllowed(new SysRoleBo(roleId));
|
||||
checkRoleAllowed(roleId);
|
||||
checkRoleDataScope(roleId);
|
||||
SysRole role = baseMapper.selectById(roleId);
|
||||
if (countUserRoleByRoleId(roleId) > 0) {
|
||||
|
||||
@@ -36,10 +36,8 @@ import org.springframework.cache.annotation.Cacheable;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 用户 业务层处理
|
||||
@@ -239,11 +237,11 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
/**
|
||||
* 校验用户是否允许操作
|
||||
*
|
||||
* @param user 用户信息
|
||||
* @param userId 用户ID
|
||||
*/
|
||||
@Override
|
||||
public void checkUserAllowed(SysUserBo user) {
|
||||
if (ObjectUtil.isNotNull(user.getUserId()) && user.isSuperAdmin()) {
|
||||
public void checkUserAllowed(Long userId) {
|
||||
if (ObjectUtil.isNotNull(userId) && LoginHelper.isSuperAdmin(userId)) {
|
||||
throw new ServiceException("不允许操作超级管理员用户");
|
||||
}
|
||||
}
|
||||
@@ -255,13 +253,14 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
*/
|
||||
@Override
|
||||
public void checkUserDataScope(Long userId) {
|
||||
if (!LoginHelper.isSuperAdmin()) {
|
||||
SysUserBo user = new SysUserBo();
|
||||
user.setUserId(userId);
|
||||
List<SysUserVo> users = this.selectUserList(user);
|
||||
if (CollUtil.isEmpty(users)) {
|
||||
throw new ServiceException("没有权限访问用户数据!");
|
||||
if (ObjectUtil.isNull(userId)) {
|
||||
return;
|
||||
}
|
||||
if (LoginHelper.isSuperAdmin()) {
|
||||
return;
|
||||
}
|
||||
if (ObjectUtil.isNull(baseMapper.selectUserById(userId))) {
|
||||
throw new ServiceException("没有权限访问用户数据!");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -279,9 +278,9 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
int rows = baseMapper.insert(sysUser);
|
||||
user.setUserId(sysUser.getUserId());
|
||||
// 新增用户岗位关联
|
||||
insertUserPost(user);
|
||||
insertUserPost(user, false);
|
||||
// 新增用户与角色管理
|
||||
insertUserRole(user);
|
||||
insertUserRole(user, false);
|
||||
return rows;
|
||||
}
|
||||
|
||||
@@ -309,20 +308,15 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public int updateUser(SysUserBo user) {
|
||||
Long userId = user.getUserId();
|
||||
// 删除用户与角色关联
|
||||
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
|
||||
// 新增用户与角色管理
|
||||
insertUserRole(user);
|
||||
// 删除用户与岗位关联
|
||||
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
|
||||
insertUserRole(user, true);
|
||||
// 新增用户与岗位管理
|
||||
insertUserPost(user);
|
||||
insertUserPost(user, true);
|
||||
SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
|
||||
//防止错误更新后导致的数据误删除
|
||||
// 防止错误更新后导致的数据误删除
|
||||
int flag = baseMapper.updateById(sysUser);
|
||||
if (flag <= 0){
|
||||
throw new ServiceException("修改用户"+user.getUserName()+"信息失败");
|
||||
if (flag < 1) {
|
||||
throw new ServiceException("修改用户" + user.getUserName() + "信息失败");
|
||||
}
|
||||
return flag;
|
||||
}
|
||||
@@ -338,21 +332,22 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
public void insertUserAuth(Long userId, Long[] roleIds) {
|
||||
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
||||
.eq(SysUserRole::getUserId, userId));
|
||||
insertUserRole(userId, roleIds);
|
||||
insertUserRole(userId, roleIds, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改用户状态
|
||||
*
|
||||
* @param user 用户信息
|
||||
* @param userId 用户ID
|
||||
* @param status 帐号状态
|
||||
* @return 结果
|
||||
*/
|
||||
@Override
|
||||
public int updateUserStatus(SysUserBo user) {
|
||||
public int updateUserStatus(Long userId, String status) {
|
||||
return baseMapper.update(null,
|
||||
new LambdaUpdateWrapper<SysUser>()
|
||||
.set(SysUser::getStatus, user.getStatus())
|
||||
.eq(SysUser::getUserId, user.getUserId()));
|
||||
.set(SysUser::getStatus, status)
|
||||
.eq(SysUser::getUserId, userId));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -406,33 +401,28 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
* 新增用户角色信息
|
||||
*
|
||||
* @param user 用户对象
|
||||
* @param clear 清除已存在的关联数据
|
||||
*/
|
||||
public void insertUserRole(SysUserBo user) {
|
||||
this.insertUserRole(user.getUserId(), user.getRoleIds());
|
||||
public void insertUserRole(SysUserBo user, boolean clear) {
|
||||
this.insertUserRole(user.getUserId(), user.getRoleIds(), clear);
|
||||
}
|
||||
|
||||
/**
|
||||
* 新增用户岗位信息
|
||||
*
|
||||
* @param user 用户对象
|
||||
* @param clear 清除已存在的关联数据
|
||||
*/
|
||||
public void insertUserPost(SysUserBo user) {
|
||||
public void insertUserPost(SysUserBo user, boolean clear) {
|
||||
Long[] posts = user.getPostIds();
|
||||
if (ArrayUtil.isNotEmpty(posts)) {
|
||||
//判断是否具有此角色的岗位权限
|
||||
List<Long> postList = postMapper.selectPostListByUserId(LoginHelper.getUserId());
|
||||
if (postList.isEmpty()){
|
||||
throw new ServiceException("您不具有操作岗位的权限");
|
||||
}
|
||||
List<Long> postIdList = Arrays.asList(posts);
|
||||
List<Long> canDoPostList = postIdList.stream()
|
||||
.filter(postList::contains)
|
||||
.collect(Collectors.toList());
|
||||
if (canDoPostList.isEmpty()){
|
||||
throw new ServiceException("您不具有操作当前岗位的权限");
|
||||
Long userId = LoginHelper.getUserId();
|
||||
if (clear) {
|
||||
// 删除用户与岗位关联
|
||||
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
|
||||
}
|
||||
// 新增用户与岗位管理
|
||||
List<SysUserPost> list = StreamUtils.toList(canDoPostList, postId -> {
|
||||
List<SysUserPost> list = StreamUtils.toList(List.of(posts), postId -> {
|
||||
SysUserPost up = new SysUserPost();
|
||||
up.setUserId(user.getUserId());
|
||||
up.setPostId(postId);
|
||||
@@ -447,20 +437,26 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
*
|
||||
* @param userId 用户ID
|
||||
* @param roleIds 角色组
|
||||
* @param clear 清除已存在的关联数据
|
||||
*/
|
||||
public void insertUserRole(Long userId, Long[] roleIds) {
|
||||
public void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
|
||||
if (ArrayUtil.isNotEmpty(roleIds)) {
|
||||
//判断是否具有此角色的操作权限
|
||||
List<Long> roleList = roleMapper.selectRoleListByUserId(LoginHelper.getUserId());
|
||||
if (roleList.isEmpty()){
|
||||
throw new ServiceException("您不具有操作角色的权限");
|
||||
// 判断是否具有此角色的操作权限
|
||||
List<SysRoleVo> roles = roleMapper.selectRoleList(new LambdaQueryWrapper<>());
|
||||
if (CollUtil.isEmpty(roles)) {
|
||||
throw new ServiceException("没有权限访问角色的数据");
|
||||
}
|
||||
List<Long> roleIdList = Arrays.asList(roleIds);
|
||||
List<Long> canDoRoleList = roleIdList.stream()
|
||||
.filter(roleList::contains)
|
||||
.collect(Collectors.toList());
|
||||
if (canDoRoleList.isEmpty()){
|
||||
throw new ServiceException("您不具有操作当前角色的权限");
|
||||
List<Long> roleList = StreamUtils.toList(roles, SysRoleVo::getRoleId);
|
||||
if (!LoginHelper.isSuperAdmin(userId)) {
|
||||
roleList.remove(UserConstants.SUPER_ADMIN_ID);
|
||||
}
|
||||
List<Long> canDoRoleList = StreamUtils.filter(List.of(roleIds), roleList::contains);
|
||||
if (CollUtil.isEmpty(canDoRoleList)) {
|
||||
throw new ServiceException("没有权限访问角色的数据");
|
||||
}
|
||||
if (clear) {
|
||||
// 删除用户与角色关联
|
||||
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
|
||||
}
|
||||
// 新增用户与角色管理
|
||||
List<SysUserRole> list = StreamUtils.toList(canDoRoleList, roleId -> {
|
||||
@@ -488,8 +484,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
|
||||
// 防止更新失败导致的数据删除
|
||||
int flag = baseMapper.deleteById(userId);
|
||||
if (flag <= 0){
|
||||
throw new ServiceException("删除用户发生异常");
|
||||
if (flag < 1) {
|
||||
throw new ServiceException("删除用户失败!");
|
||||
}
|
||||
return flag;
|
||||
}
|
||||
@@ -504,7 +500,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public int deleteUserByIds(Long[] userIds) {
|
||||
for (Long userId : userIds) {
|
||||
checkUserAllowed(new SysUserBo(userId));
|
||||
checkUserAllowed(userId);
|
||||
checkUserDataScope(userId);
|
||||
}
|
||||
List<Long> ids = List.of(userIds);
|
||||
@@ -514,8 +510,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().in(SysUserPost::getUserId, ids));
|
||||
// 防止更新失败导致的数据删除
|
||||
int flag = baseMapper.deleteBatchIds(ids);
|
||||
if (flag <= 0){
|
||||
throw new ServiceException("删除用户发生异常");
|
||||
if (flag < 1) {
|
||||
throw new ServiceException("删除用户失败!");
|
||||
}
|
||||
return flag;
|
||||
}
|
||||
|
||||
@@ -11,6 +11,10 @@
|
||||
select * from sys_dept ${ew.getCustomSqlSegment}
|
||||
</select>
|
||||
|
||||
<select id="selectDeptById" resultMap="SysDeptResult">
|
||||
select * from sys_dept where del_flag = '0' and dept_id = #{deptId}
|
||||
</select>
|
||||
|
||||
<select id="selectDeptListByRoleId" resultType="Long">
|
||||
select d.dept_id
|
||||
from sys_dept d
|
||||
|
||||
@@ -53,4 +53,9 @@
|
||||
WHERE r.del_flag = '0' and u.user_name = #{userName}
|
||||
</select>
|
||||
|
||||
<select id="selectRoleById" resultMap="SysRoleResult">
|
||||
<include refid="selectRoleVo"/>
|
||||
WHERE r.del_flag = '0' and r.role_id = #{roleId}
|
||||
</select>
|
||||
|
||||
</mapper>
|
||||
|
||||
Reference in New Issue
Block a user