修改时检查用户数据权限范围
This commit is contained in:
parent
0fc266fe80
commit
e52092c6d4
|
@ -74,6 +74,7 @@ public class SysDeptController extends BaseController
|
||||||
@GetMapping(value = "/{deptId}")
|
@GetMapping(value = "/{deptId}")
|
||||||
public AjaxResult getInfo(@PathVariable Long deptId)
|
public AjaxResult getInfo(@PathVariable Long deptId)
|
||||||
{
|
{
|
||||||
|
deptService.checkDeptDataScope(deptId);
|
||||||
return AjaxResult.success(deptService.selectDeptById(deptId));
|
return AjaxResult.success(deptService.selectDeptById(deptId));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -76,6 +76,7 @@ public class SysRoleController extends BaseController
|
||||||
@GetMapping(value = "/{roleId}")
|
@GetMapping(value = "/{roleId}")
|
||||||
public AjaxResult getInfo(@PathVariable Long roleId)
|
public AjaxResult getInfo(@PathVariable Long roleId)
|
||||||
{
|
{
|
||||||
|
roleService.checkRoleDataScope(roleId);
|
||||||
return AjaxResult.success(roleService.selectRoleById(roleId));
|
return AjaxResult.success(roleService.selectRoleById(roleId));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -96,6 +96,7 @@ public class SysUserController extends BaseController
|
||||||
@GetMapping(value = { "/", "/{userId}" })
|
@GetMapping(value = { "/", "/{userId}" })
|
||||||
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
|
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
|
||||||
{
|
{
|
||||||
|
userService.checkUserDataScope(userId);
|
||||||
AjaxResult ajax = AjaxResult.success();
|
AjaxResult ajax = AjaxResult.success();
|
||||||
List<SysRole> roles = roleService.selectRoleAll();
|
List<SysRole> roles = roleService.selectRoleAll();
|
||||||
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
|
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
|
||||||
|
|
|
@ -83,6 +83,13 @@ public interface ISysDeptService
|
||||||
*/
|
*/
|
||||||
public String checkDeptNameUnique(SysDept dept);
|
public String checkDeptNameUnique(SysDept dept);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 校验部门是否有数据权限
|
||||||
|
*
|
||||||
|
* @param deptId 部门id
|
||||||
|
*/
|
||||||
|
public void checkDeptDataScope(Long deptId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 新增保存部门信息
|
* 新增保存部门信息
|
||||||
*
|
*
|
||||||
|
|
|
@ -82,6 +82,13 @@ public interface ISysRoleService
|
||||||
*/
|
*/
|
||||||
public void checkRoleAllowed(SysRole role);
|
public void checkRoleAllowed(SysRole role);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 校验角色是否有数据权限
|
||||||
|
*
|
||||||
|
* @param roleId 角色id
|
||||||
|
*/
|
||||||
|
public void checkRoleDataScope(Long roleId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 通过角色ID查询角色使用数量
|
* 通过角色ID查询角色使用数量
|
||||||
*
|
*
|
||||||
|
|
|
@ -97,6 +97,13 @@ public interface ISysUserService
|
||||||
*/
|
*/
|
||||||
public void checkUserAllowed(SysUser user);
|
public void checkUserAllowed(SysUser user);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 校验用户是否有数据权限
|
||||||
|
*
|
||||||
|
* @param userId 用户id
|
||||||
|
*/
|
||||||
|
public void checkUserDataScope(Long userId);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 新增用户信息
|
* 新增用户信息
|
||||||
*
|
*
|
||||||
|
|
|
@ -11,9 +11,12 @@ import com.ruoyi.common.constant.UserConstants;
|
||||||
import com.ruoyi.common.core.domain.TreeSelect;
|
import com.ruoyi.common.core.domain.TreeSelect;
|
||||||
import com.ruoyi.common.core.domain.entity.SysDept;
|
import com.ruoyi.common.core.domain.entity.SysDept;
|
||||||
import com.ruoyi.common.core.domain.entity.SysRole;
|
import com.ruoyi.common.core.domain.entity.SysRole;
|
||||||
|
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||||
import com.ruoyi.common.core.text.Convert;
|
import com.ruoyi.common.core.text.Convert;
|
||||||
import com.ruoyi.common.exception.ServiceException;
|
import com.ruoyi.common.exception.ServiceException;
|
||||||
|
import com.ruoyi.common.utils.SecurityUtils;
|
||||||
import com.ruoyi.common.utils.StringUtils;
|
import com.ruoyi.common.utils.StringUtils;
|
||||||
|
import com.ruoyi.common.utils.spring.SpringUtils;
|
||||||
import com.ruoyi.system.mapper.SysDeptMapper;
|
import com.ruoyi.system.mapper.SysDeptMapper;
|
||||||
import com.ruoyi.system.mapper.SysRoleMapper;
|
import com.ruoyi.system.mapper.SysRoleMapper;
|
||||||
import com.ruoyi.system.service.ISysDeptService;
|
import com.ruoyi.system.service.ISysDeptService;
|
||||||
|
@ -171,6 +174,26 @@ public class SysDeptServiceImpl implements ISysDeptService
|
||||||
return UserConstants.UNIQUE;
|
return UserConstants.UNIQUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 校验部门是否有数据权限
|
||||||
|
*
|
||||||
|
* @param deptId 部门id
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void checkDeptDataScope(Long deptId)
|
||||||
|
{
|
||||||
|
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||||
|
{
|
||||||
|
SysDept dept = new SysDept();
|
||||||
|
dept.setDeptId(deptId);
|
||||||
|
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
|
||||||
|
if (StringUtils.isEmpty(depts))
|
||||||
|
{
|
||||||
|
throw new ServiceException("没有权限访问部门数据!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 新增保存部门信息
|
* 新增保存部门信息
|
||||||
*
|
*
|
||||||
|
|
|
@ -11,7 +11,9 @@ import org.springframework.transaction.annotation.Transactional;
|
||||||
import com.ruoyi.common.annotation.DataScope;
|
import com.ruoyi.common.annotation.DataScope;
|
||||||
import com.ruoyi.common.constant.UserConstants;
|
import com.ruoyi.common.constant.UserConstants;
|
||||||
import com.ruoyi.common.core.domain.entity.SysRole;
|
import com.ruoyi.common.core.domain.entity.SysRole;
|
||||||
|
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||||
import com.ruoyi.common.exception.ServiceException;
|
import com.ruoyi.common.exception.ServiceException;
|
||||||
|
import com.ruoyi.common.utils.SecurityUtils;
|
||||||
import com.ruoyi.common.utils.StringUtils;
|
import com.ruoyi.common.utils.StringUtils;
|
||||||
import com.ruoyi.common.utils.spring.SpringUtils;
|
import com.ruoyi.common.utils.spring.SpringUtils;
|
||||||
import com.ruoyi.system.domain.SysRoleDept;
|
import com.ruoyi.system.domain.SysRoleDept;
|
||||||
|
@ -187,6 +189,26 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 校验角色是否有数据权限
|
||||||
|
*
|
||||||
|
* @param roleId 角色id
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void checkRoleDataScope(Long roleId)
|
||||||
|
{
|
||||||
|
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||||
|
{
|
||||||
|
SysRole role = new SysRole();
|
||||||
|
role.setRoleId(roleId);
|
||||||
|
List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
|
||||||
|
if (StringUtils.isEmpty(roles))
|
||||||
|
{
|
||||||
|
throw new ServiceException("没有权限访问角色数据!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 通过角色ID查询角色使用数量
|
* 通过角色ID查询角色使用数量
|
||||||
*
|
*
|
||||||
|
|
|
@ -14,6 +14,7 @@ import com.ruoyi.common.core.domain.entity.SysUser;
|
||||||
import com.ruoyi.common.exception.ServiceException;
|
import com.ruoyi.common.exception.ServiceException;
|
||||||
import com.ruoyi.common.utils.SecurityUtils;
|
import com.ruoyi.common.utils.SecurityUtils;
|
||||||
import com.ruoyi.common.utils.StringUtils;
|
import com.ruoyi.common.utils.StringUtils;
|
||||||
|
import com.ruoyi.common.utils.spring.SpringUtils;
|
||||||
import com.ruoyi.system.domain.SysPost;
|
import com.ruoyi.system.domain.SysPost;
|
||||||
import com.ruoyi.system.domain.SysUserPost;
|
import com.ruoyi.system.domain.SysUserPost;
|
||||||
import com.ruoyi.system.domain.SysUserRole;
|
import com.ruoyi.system.domain.SysUserRole;
|
||||||
|
@ -227,6 +228,26 @@ public class SysUserServiceImpl implements ISysUserService
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 校验用户是否有数据权限
|
||||||
|
*
|
||||||
|
* @param userId 用户id
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public void checkUserDataScope(Long userId)
|
||||||
|
{
|
||||||
|
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||||
|
{
|
||||||
|
SysUser user = new SysUser();
|
||||||
|
user.setUserId(userId);
|
||||||
|
List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
|
||||||
|
if (StringUtils.isEmpty(users))
|
||||||
|
{
|
||||||
|
throw new ServiceException("没有权限访问用户数据!");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 新增保存用户信息
|
* 新增保存用户信息
|
||||||
*
|
*
|
||||||
|
|
|
@ -30,6 +30,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||||
<select id="selectDeptList" parameterType="SysDept" resultMap="SysDeptResult">
|
<select id="selectDeptList" parameterType="SysDept" resultMap="SysDeptResult">
|
||||||
<include refid="selectDeptVo"/>
|
<include refid="selectDeptVo"/>
|
||||||
where d.del_flag = '0'
|
where d.del_flag = '0'
|
||||||
|
<if test="deptId != null and deptId != 0">
|
||||||
|
AND dept_id = #{deptId}
|
||||||
|
</if>
|
||||||
<if test="parentId != null and parentId != 0">
|
<if test="parentId != null and parentId != 0">
|
||||||
AND parent_id = #{parentId}
|
AND parent_id = #{parentId}
|
||||||
</if>
|
</if>
|
||||||
|
|
|
@ -33,6 +33,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||||
<select id="selectRoleList" parameterType="SysRole" resultMap="SysRoleResult">
|
<select id="selectRoleList" parameterType="SysRole" resultMap="SysRoleResult">
|
||||||
<include refid="selectRoleVo"/>
|
<include refid="selectRoleVo"/>
|
||||||
where r.del_flag = '0'
|
where r.del_flag = '0'
|
||||||
|
<if test="roleId != null and roleId != 0">
|
||||||
|
AND r.role_id = #{roleId}
|
||||||
|
</if>
|
||||||
<if test="roleName != null and roleName != ''">
|
<if test="roleName != null and roleName != ''">
|
||||||
AND r.role_name like concat('%', #{roleName}, '%')
|
AND r.role_name like concat('%', #{roleName}, '%')
|
||||||
</if>
|
</if>
|
||||||
|
|
|
@ -59,6 +59,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||||
select u.user_id, u.dept_id, u.nick_name, u.user_name, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, d.dept_name, d.leader from sys_user u
|
select u.user_id, u.dept_id, u.nick_name, u.user_name, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, d.dept_name, d.leader from sys_user u
|
||||||
left join sys_dept d on u.dept_id = d.dept_id
|
left join sys_dept d on u.dept_id = d.dept_id
|
||||||
where u.del_flag = '0'
|
where u.del_flag = '0'
|
||||||
|
<if test="userId != null and userId != 0">
|
||||||
|
AND u.user_id = #{userId}
|
||||||
|
</if>
|
||||||
<if test="userName != null and userName != ''">
|
<if test="userName != null and userName != ''">
|
||||||
AND u.user_name like concat('%', #{userName}, '%')
|
AND u.user_name like concat('%', #{userName}, '%')
|
||||||
</if>
|
</if>
|
||||||
|
|
Loading…
Reference in New Issue