用户访问控制时校验数据权限,防止越权
This commit is contained in:
parent
8007b22b85
commit
612c4293d1
|
@ -125,16 +125,17 @@ public class SysDeptController extends BaseController
|
||||||
@PutMapping
|
@PutMapping
|
||||||
public AjaxResult edit(@Validated @RequestBody SysDept dept)
|
public AjaxResult edit(@Validated @RequestBody SysDept dept)
|
||||||
{
|
{
|
||||||
|
Long deptId = dept.getDeptId();
|
||||||
|
deptService.checkDeptDataScope(deptId);
|
||||||
if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
|
if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
|
||||||
{
|
{
|
||||||
return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,部门名称已存在");
|
return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,部门名称已存在");
|
||||||
}
|
}
|
||||||
else if (dept.getParentId().equals(dept.getDeptId()))
|
else if (dept.getParentId().equals(deptId))
|
||||||
{
|
{
|
||||||
return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,上级部门不能是自己");
|
return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,上级部门不能是自己");
|
||||||
}
|
}
|
||||||
else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus())
|
else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) && deptService.selectNormalChildrenDeptById(deptId) > 0)
|
||||||
&& deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0)
|
|
||||||
{
|
{
|
||||||
return AjaxResult.error("该部门包含未停用的子部门!");
|
return AjaxResult.error("该部门包含未停用的子部门!");
|
||||||
}
|
}
|
||||||
|
@ -158,6 +159,7 @@ public class SysDeptController extends BaseController
|
||||||
{
|
{
|
||||||
return AjaxResult.error("部门存在用户,不允许删除");
|
return AjaxResult.error("部门存在用户,不允许删除");
|
||||||
}
|
}
|
||||||
|
deptService.checkDeptDataScope(deptId);
|
||||||
return toAjax(deptService.deleteDeptById(deptId));
|
return toAjax(deptService.deleteDeptById(deptId));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -111,6 +111,7 @@ public class SysRoleController extends BaseController
|
||||||
public AjaxResult edit(@Validated @RequestBody SysRole role)
|
public AjaxResult edit(@Validated @RequestBody SysRole role)
|
||||||
{
|
{
|
||||||
roleService.checkRoleAllowed(role);
|
roleService.checkRoleAllowed(role);
|
||||||
|
roleService.checkRoleDataScope(role.getRoleId());
|
||||||
if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role)))
|
if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role)))
|
||||||
{
|
{
|
||||||
return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败,角色名称已存在");
|
return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败,角色名称已存在");
|
||||||
|
@ -145,6 +146,7 @@ public class SysRoleController extends BaseController
|
||||||
public AjaxResult dataScope(@RequestBody SysRole role)
|
public AjaxResult dataScope(@RequestBody SysRole role)
|
||||||
{
|
{
|
||||||
roleService.checkRoleAllowed(role);
|
roleService.checkRoleAllowed(role);
|
||||||
|
roleService.checkRoleDataScope(role.getRoleId());
|
||||||
return toAjax(roleService.authDataScope(role));
|
return toAjax(roleService.authDataScope(role));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -157,6 +159,7 @@ public class SysRoleController extends BaseController
|
||||||
public AjaxResult changeStatus(@RequestBody SysRole role)
|
public AjaxResult changeStatus(@RequestBody SysRole role)
|
||||||
{
|
{
|
||||||
roleService.checkRoleAllowed(role);
|
roleService.checkRoleAllowed(role);
|
||||||
|
roleService.checkRoleDataScope(role.getRoleId());
|
||||||
role.setUpdateBy(getUsername());
|
role.setUpdateBy(getUsername());
|
||||||
return toAjax(roleService.updateRoleStatus(role));
|
return toAjax(roleService.updateRoleStatus(role));
|
||||||
}
|
}
|
||||||
|
@ -236,6 +239,7 @@ public class SysRoleController extends BaseController
|
||||||
@PutMapping("/authUser/selectAll")
|
@PutMapping("/authUser/selectAll")
|
||||||
public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds)
|
public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds)
|
||||||
{
|
{
|
||||||
|
roleService.checkRoleDataScope(roleId);
|
||||||
return toAjax(roleService.insertAuthUsers(roleId, userIds));
|
return toAjax(roleService.insertAuthUsers(roleId, userIds));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -148,6 +148,7 @@ public class SysUserController extends BaseController
|
||||||
public AjaxResult edit(@Validated @RequestBody SysUser user)
|
public AjaxResult edit(@Validated @RequestBody SysUser user)
|
||||||
{
|
{
|
||||||
userService.checkUserAllowed(user);
|
userService.checkUserAllowed(user);
|
||||||
|
userService.checkUserDataScope(user.getUserId());
|
||||||
if (StringUtils.isNotEmpty(user.getPhonenumber())
|
if (StringUtils.isNotEmpty(user.getPhonenumber())
|
||||||
&& UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
|
&& UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
|
||||||
{
|
{
|
||||||
|
@ -186,6 +187,7 @@ public class SysUserController extends BaseController
|
||||||
public AjaxResult resetPwd(@RequestBody SysUser user)
|
public AjaxResult resetPwd(@RequestBody SysUser user)
|
||||||
{
|
{
|
||||||
userService.checkUserAllowed(user);
|
userService.checkUserAllowed(user);
|
||||||
|
userService.checkUserDataScope(user.getUserId());
|
||||||
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
|
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
|
||||||
user.setUpdateBy(getUsername());
|
user.setUpdateBy(getUsername());
|
||||||
return toAjax(userService.resetPwd(user));
|
return toAjax(userService.resetPwd(user));
|
||||||
|
@ -200,6 +202,7 @@ public class SysUserController extends BaseController
|
||||||
public AjaxResult changeStatus(@RequestBody SysUser user)
|
public AjaxResult changeStatus(@RequestBody SysUser user)
|
||||||
{
|
{
|
||||||
userService.checkUserAllowed(user);
|
userService.checkUserAllowed(user);
|
||||||
|
userService.checkUserDataScope(user.getUserId());
|
||||||
user.setUpdateBy(getUsername());
|
user.setUpdateBy(getUsername());
|
||||||
return toAjax(userService.updateUserStatus(user));
|
return toAjax(userService.updateUserStatus(user));
|
||||||
}
|
}
|
||||||
|
@ -227,6 +230,7 @@ public class SysUserController extends BaseController
|
||||||
@PutMapping("/authRole")
|
@PutMapping("/authRole")
|
||||||
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
|
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
|
||||||
{
|
{
|
||||||
|
userService.checkUserDataScope(userId);
|
||||||
userService.insertUserAuth(userId, roleIds);
|
userService.insertUserAuth(userId, roleIds);
|
||||||
return success();
|
return success();
|
||||||
}
|
}
|
||||||
|
|
|
@ -361,6 +361,7 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||||
for (Long roleId : roleIds)
|
for (Long roleId : roleIds)
|
||||||
{
|
{
|
||||||
checkRoleAllowed(new SysRole(roleId));
|
checkRoleAllowed(new SysRole(roleId));
|
||||||
|
checkRoleDataScope(roleId);
|
||||||
SysRole role = selectRoleById(roleId);
|
SysRole role = selectRoleById(roleId);
|
||||||
if (countUserRoleByRoleId(roleId) > 0)
|
if (countUserRoleByRoleId(roleId) > 0)
|
||||||
{
|
{
|
||||||
|
|
|
@ -482,6 +482,7 @@ public class SysUserServiceImpl implements ISysUserService
|
||||||
for (Long userId : userIds)
|
for (Long userId : userIds)
|
||||||
{
|
{
|
||||||
checkUserAllowed(new SysUser(userId));
|
checkUserAllowed(new SysUser(userId));
|
||||||
|
checkUserDataScope(userId);
|
||||||
}
|
}
|
||||||
// 删除用户与角色关联
|
// 删除用户与角色关联
|
||||||
userRoleMapper.deleteUserRole(userIds);
|
userRoleMapper.deleteUserRole(userIds);
|
||||||
|
|
Loading…
Reference in New Issue