修改时检查用户数据权限范围

This commit is contained in:
RuoYi 2021-08-24 16:00:39 +08:00
parent 0fc266fe80
commit e52092c6d4
12 changed files with 99 additions and 0 deletions

View File

@ -74,6 +74,7 @@ public class SysDeptController extends BaseController
@GetMapping(value = "/{deptId}") @GetMapping(value = "/{deptId}")
public AjaxResult getInfo(@PathVariable Long deptId) public AjaxResult getInfo(@PathVariable Long deptId)
{ {
deptService.checkDeptDataScope(deptId);
return AjaxResult.success(deptService.selectDeptById(deptId)); return AjaxResult.success(deptService.selectDeptById(deptId));
} }

View File

@ -76,6 +76,7 @@ public class SysRoleController extends BaseController
@GetMapping(value = "/{roleId}") @GetMapping(value = "/{roleId}")
public AjaxResult getInfo(@PathVariable Long roleId) public AjaxResult getInfo(@PathVariable Long roleId)
{ {
roleService.checkRoleDataScope(roleId);
return AjaxResult.success(roleService.selectRoleById(roleId)); return AjaxResult.success(roleService.selectRoleById(roleId));
} }

View File

@ -96,6 +96,7 @@ public class SysUserController extends BaseController
@GetMapping(value = { "/", "/{userId}" }) @GetMapping(value = { "/", "/{userId}" })
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId) public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
{ {
userService.checkUserDataScope(userId);
AjaxResult ajax = AjaxResult.success(); AjaxResult ajax = AjaxResult.success();
List<SysRole> roles = roleService.selectRoleAll(); List<SysRole> roles = roleService.selectRoleAll();
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList())); ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));

View File

@ -83,6 +83,13 @@ public interface ISysDeptService
*/ */
public String checkDeptNameUnique(SysDept dept); public String checkDeptNameUnique(SysDept dept);
/**
* 校验部门是否有数据权限
*
* @param deptId 部门id
*/
public void checkDeptDataScope(Long deptId);
/** /**
* 新增保存部门信息 * 新增保存部门信息
* *

View File

@ -82,6 +82,13 @@ public interface ISysRoleService
*/ */
public void checkRoleAllowed(SysRole role); public void checkRoleAllowed(SysRole role);
/**
* 校验角色是否有数据权限
*
* @param roleId 角色id
*/
public void checkRoleDataScope(Long roleId);
/** /**
* 通过角色ID查询角色使用数量 * 通过角色ID查询角色使用数量
* *

View File

@ -97,6 +97,13 @@ public interface ISysUserService
*/ */
public void checkUserAllowed(SysUser user); public void checkUserAllowed(SysUser user);
/**
* 校验用户是否有数据权限
*
* @param userId 用户id
*/
public void checkUserDataScope(Long userId);
/** /**
* 新增用户信息 * 新增用户信息
* *

View File

@ -11,9 +11,12 @@ import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.TreeSelect; import com.ruoyi.common.core.domain.TreeSelect;
import com.ruoyi.common.core.domain.entity.SysDept; import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.mapper.SysDeptMapper; import com.ruoyi.system.mapper.SysDeptMapper;
import com.ruoyi.system.mapper.SysRoleMapper; import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.service.ISysDeptService; import com.ruoyi.system.service.ISysDeptService;
@ -171,6 +174,26 @@ public class SysDeptServiceImpl implements ISysDeptService
return UserConstants.UNIQUE; return UserConstants.UNIQUE;
} }
/**
* 校验部门是否有数据权限
*
* @param deptId 部门id
*/
@Override
public void checkDeptDataScope(Long deptId)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
{
SysDept dept = new SysDept();
dept.setDeptId(deptId);
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
if (StringUtils.isEmpty(depts))
{
throw new ServiceException("没有权限访问部门数据!");
}
}
}
/** /**
* 新增保存部门信息 * 新增保存部门信息
* *

View File

@ -11,7 +11,9 @@ import org.springframework.transaction.annotation.Transactional;
import com.ruoyi.common.annotation.DataScope; import com.ruoyi.common.annotation.DataScope;
import com.ruoyi.common.constant.UserConstants; import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.SysRoleDept; import com.ruoyi.system.domain.SysRoleDept;
@ -187,6 +189,26 @@ public class SysRoleServiceImpl implements ISysRoleService
} }
} }
/**
* 校验角色是否有数据权限
*
* @param roleId 角色id
*/
@Override
public void checkRoleDataScope(Long roleId)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
{
SysRole role = new SysRole();
role.setRoleId(roleId);
List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
if (StringUtils.isEmpty(roles))
{
throw new ServiceException("没有权限访问角色数据!");
}
}
}
/** /**
* 通过角色ID查询角色使用数量 * 通过角色ID查询角色使用数量
* *

View File

@ -14,6 +14,7 @@ import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.SysPost; import com.ruoyi.system.domain.SysPost;
import com.ruoyi.system.domain.SysUserPost; import com.ruoyi.system.domain.SysUserPost;
import com.ruoyi.system.domain.SysUserRole; import com.ruoyi.system.domain.SysUserRole;
@ -227,6 +228,26 @@ public class SysUserServiceImpl implements ISysUserService
} }
} }
/**
* 校验用户是否有数据权限
*
* @param userId 用户id
*/
@Override
public void checkUserDataScope(Long userId)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
{
SysUser user = new SysUser();
user.setUserId(userId);
List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
if (StringUtils.isEmpty(users))
{
throw new ServiceException("没有权限访问用户数据!");
}
}
}
/** /**
* 新增保存用户信息 * 新增保存用户信息
* *

View File

@ -30,6 +30,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<select id="selectDeptList" parameterType="SysDept" resultMap="SysDeptResult"> <select id="selectDeptList" parameterType="SysDept" resultMap="SysDeptResult">
<include refid="selectDeptVo"/> <include refid="selectDeptVo"/>
where d.del_flag = '0' where d.del_flag = '0'
<if test="deptId != null and deptId != 0">
AND dept_id = #{deptId}
</if>
<if test="parentId != null and parentId != 0"> <if test="parentId != null and parentId != 0">
AND parent_id = #{parentId} AND parent_id = #{parentId}
</if> </if>

View File

@ -33,6 +33,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<select id="selectRoleList" parameterType="SysRole" resultMap="SysRoleResult"> <select id="selectRoleList" parameterType="SysRole" resultMap="SysRoleResult">
<include refid="selectRoleVo"/> <include refid="selectRoleVo"/>
where r.del_flag = '0' where r.del_flag = '0'
<if test="roleId != null and roleId != 0">
AND r.role_id = #{roleId}
</if>
<if test="roleName != null and roleName != ''"> <if test="roleName != null and roleName != ''">
AND r.role_name like concat('%', #{roleName}, '%') AND r.role_name like concat('%', #{roleName}, '%')
</if> </if>

View File

@ -59,6 +59,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
select u.user_id, u.dept_id, u.nick_name, u.user_name, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, d.dept_name, d.leader from sys_user u select u.user_id, u.dept_id, u.nick_name, u.user_name, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, d.dept_name, d.leader from sys_user u
left join sys_dept d on u.dept_id = d.dept_id left join sys_dept d on u.dept_id = d.dept_id
where u.del_flag = '0' where u.del_flag = '0'
<if test="userId != null and userId != 0">
AND u.user_id = #{userId}
</if>
<if test="userName != null and userName != ''"> <if test="userName != null and userName != ''">
AND u.user_name like concat('%', #{userName}, '%') AND u.user_name like concat('%', #{userName}, '%')
</if> </if>