admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update 优化 重构系统业务数据权限 避免可能存在的越权风险

Browse Source
This commit is contained in:
疯狂的狮子Li 2023-03-11 01:32:38 +08:00
parent 69edf436da
commit f0a9768d8e
13 changed files with 151 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
View File

@ -22,7 +22,6 @@ import com.ruoyi.system.domain.vo.DeptTreeSelectVo;
import com.ruoyi.system.domain.vo.SysRoleVo;
import com.ruoyi.system.domain.vo.SysUserVo;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
import jakarta.servlet.http.HttpServletResponse;
@ -46,7 +45,6 @@ public class SysRoleController extends BaseController {
private final ISysRoleService roleService;
private final ISysUserService userService;
private final ISysDeptService deptService;
private final ISysPermissionService permissionService;
/**
* 获取角色信息列表
@ -103,7 +101,7 @@ public class SysRoleController extends BaseController {
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping
public R<Void> edit(@Validated @RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role);
roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId());
if (!roleService.checkRoleNameUnique(role)) {
return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在");
@ -143,7 +141,7 @@ public class SysRoleController extends BaseController {
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping("/dataScope")
public R<Void> dataScope(@RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role);
roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId());
return toAjax(roleService.authDataScope(role));
}
@ -155,9 +153,9 @@ public class SysRoleController extends BaseController {
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus")
public R<Void> changeStatus(@RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role);
roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId());
return toAjax(roleService.updateRoleStatus(role));
return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus()));
}
/**

10
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
View File

@ -145,7 +145,7 @@ public class SysUserController extends BaseController {
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping
public R<Void> edit(@Validated @RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
if (!userService.checkUserNameUnique(user)) {
return R.fail("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
@ -179,10 +179,10 @@ public class SysUserController extends BaseController {
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping("/resetPwd")
public R<Void> resetPwd(@RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
user.setPassword(BCrypt.hashpw(user.getPassword()));
return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword()));
return toAjax(userService.resetUserPwd(user.getUserId(), user.getPassword()));
}
/**
@ -192,9 +192,9 @@ public class SysUserController extends BaseController {
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus")
public R<Void> changeStatus(@RequestBody SysUserBo user) {
userService.checkUserAllowed(user);
userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
return toAjax(userService.updateUserStatus(user));
return toAjax(userService.updateUserStatus(user.getUserId(), user.getStatus()));
}
/**

2
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
View File

@ -67,7 +67,7 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
user.setUserId(userId);
ValidatorUtils.validate(user);
userService.checkUserAllowed(user);
userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId());
user.setUpdateBy(operUserId);
userService.updateUser(user);

5
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java
View File

@ -29,6 +29,11 @@ public interface SysDeptMapper extends BaseMapperPlus<SysDeptMapper, SysDept, Sy
})
List<SysDeptVo> selectDeptList(@Param(Constants.WRAPPER) Wrapper<SysDept> queryWrapper);
@DataPermission({
@DataColumn(key = "deptName", value = "dept_id")
})
SysDeptVo selectDeptById(Long deptId);
/**
* 根据角色ID查询部门树信息
*

7
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java
View File

@ -5,8 +5,8 @@ import com.baomidou.mybatisplus.core.toolkit.Constants;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.mybatis.annotation.DataColumn;
import com.ruoyi.common.mybatis.annotation.DataPermission;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.vo.SysRoleVo;
import org.apache.ibatis.annotations.Param;
@ -35,6 +35,11 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRoleMapper, SysRole, Sy
})
List<SysRoleVo> selectRoleList(@Param(Constants.WRAPPER) Wrapper<SysRole> queryWrapper);
@DataPermission({
@DataColumn(key = "deptName", value = "d.dept_id")
})
SysRoleVo selectRoleById(Long roleId);
/**
* 根据用户ID查询角色
*

6
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
View File

@ -104,6 +104,10 @@ public interface SysUserMapper extends BaseMapperPlus<SysUserMapper, SysUser, Sy
* @param userId 用户ID
* @return 用户对象信息
*/
@DataPermission({
@DataColumn(key = "deptName", value = "d.dept_id"),
@DataColumn(key = "userName", value = "u.user_id")
})
SysUserVo selectUserById(Long userId);
@Override
@ -111,7 +115,7 @@ public interface SysUserMapper extends BaseMapperPlus<SysUserMapper, SysUser, Sy
@DataColumn(key = "deptName", value = "dept_id"),
@DataColumn(key = "userName", value = "user_id")
})
int update(@Param(Constants.ENTITY) SysUser user,@Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
@Override
@DataPermission({

9
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
View File

@ -85,9 +85,9 @@ public interface ISysRoleService {
/**
* 校验角色是否允许操作
*
* @param role 角色信息
* @param roleId 角色ID
*/
void checkRoleAllowed(SysRoleBo role);
void checkRoleAllowed(Long roleId);
/**
* 校验角色是否有数据权限
@ -123,10 +123,11 @@ public interface ISysRoleService {
/**
* 修改角色状态
*
* @param bo 角色信息
* @param roleId 角色ID
* @param status 角色状态
* @return 结果
*/
int updateRoleStatus(SysRoleBo bo);
int updateRoleStatus(Long roleId, String status);
/**
* 修改数据权限信息

13
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
View File

@ -108,9 +108,9 @@ public interface ISysUserService {
/**
* 校验用户是否允许操作
*
* @param user 用户信息
* @param userId 用户ID
*/
void checkUserAllowed(SysUserBo user);
void checkUserAllowed(Long userId);
/**
* 校验用户是否有数据权限
@ -154,10 +154,11 @@ public interface ISysUserService {
/**
* 修改用户状态
*
* @param user 用户信息
* @param userId 用户ID
* @param status 帐号状态
* @return 结果
*/
int updateUserStatus(SysUserBo user);
int updateUserStatus(Long userId, String status);
/**
* 修改用户基本信息
@ -171,7 +172,7 @@ public interface ISysUserService {
* 修改用户头像
*
* @param userId 用户ID
* @param avatar 头像地址
* @param avatar 头像地址
* @return 结果
*/
boolean updateUserAvatar(Long userId, Long avatar);
@ -179,7 +180,7 @@ public interface ISysUserService {
/**
* 重置用户密码
*
* @param userId 用户ID
* @param userId 用户ID
* @param password 密码
* @return 结果
*/

32
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
View File

@ -212,13 +212,15 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService {
*/
@Override
public void checkDeptDataScope(Long deptId) {
if (!LoginHelper.isSuperAdmin()) {
SysDeptBo dept = new SysDeptBo();
dept.setDeptId(deptId);
List<SysDeptVo> depts = this.selectDeptList(dept);
if (CollUtil.isEmpty(depts)) {
throw new ServiceException("没有权限访问部门数据!");
}
if (ObjectUtil.isNull(deptId)) {
return;
}
if (LoginHelper.isSuperAdmin()) {
return;
}
SysDeptVo dept = baseMapper.selectDeptById(deptId);
if (ObjectUtil.isNull(dept)) {
throw new ServiceException("没有权限访问部门数据!");
}
}
@ -250,13 +252,17 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService {
@Override
public int updateDept(SysDeptBo bo) {
SysDept dept = MapstructUtils.convert(bo, SysDept.class);
SysDept newParentDept = baseMapper.selectById(dept.getParentId());
SysDept oldDept = baseMapper.selectById(dept.getDeptId());
if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
String oldAncestors = oldDept.getAncestors();
dept.setAncestors(newAncestors);
updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
if (!oldDept.getParentId().equals(dept.getParentId())) {
// 如果是新父部门 则校验是否具有新父部门权限 避免越权
this.checkDeptDataScope(dept.getParentId());
SysDept newParentDept = baseMapper.selectById(dept.getParentId());
if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
String oldAncestors = oldDept.getAncestors();
dept.setAncestors(newAncestors);
updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
}
}
int result = baseMapper.updateById(dept);
if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors())

43
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
View File

@ -5,17 +5,18 @@ import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.satoken.utils.LoginHelper;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.SysRoleDept;
import com.ruoyi.system.domain.SysRoleMenu;
import com.ruoyi.system.domain.SysUserRole;
@ -145,7 +146,7 @@ public class SysRoleServiceImpl implements ISysRoleService {
*/
@Override
public SysRoleVo selectRoleById(Long roleId) {
return baseMapper.selectVoById(roleId);
return baseMapper.selectRoleById(roleId);
}
/**
@ -179,11 +180,11 @@ public class SysRoleServiceImpl implements ISysRoleService {
/**
* 校验角色是否允许操作
*
* @param role 角色信息
* @param roleId 角色ID
*/
@Override
public void checkRoleAllowed(SysRoleBo role) {
if (ObjectUtil.isNotNull(role.getRoleId()) && role.isSuperAdmin()) {
public void checkRoleAllowed(Long roleId) {
if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) {
throw new ServiceException("不允许操作超级管理员角色");
}
}
@ -195,14 +196,17 @@ public class SysRoleServiceImpl implements ISysRoleService {
*/
@Override
public void checkRoleDataScope(Long roleId) {
if (!LoginHelper.isSuperAdmin()) {
SysRoleBo role = new SysRoleBo();
role.setRoleId(roleId);
List<SysRoleVo> roles = this.selectRoleList(role);
if (CollUtil.isEmpty(roles)) {
throw new ServiceException("没有权限访问角色数据!");
}
if (ObjectUtil.isNull(roleId)) {
return;
}
if (LoginHelper.isSuperAdmin()) {
return;
}
List<SysRoleVo> roles = this.selectRoleList(new SysRoleBo(roleId));
if (CollUtil.isEmpty(roles)) {
throw new ServiceException("没有权限访问角色数据!");
}
}
/**
@ -252,13 +256,16 @@ public class SysRoleServiceImpl implements ISysRoleService {
/**
* 修改角色状态
*
* @param bo 角色信息
* @param roleId 角色ID
* @param status 角色状态
* @return 结果
*/
@Override
public int updateRoleStatus(SysRoleBo bo) {
SysRole role = MapstructUtils.convert(bo, SysRole.class);
return baseMapper.updateById(role);
public int updateRoleStatus(Long roleId, String status) {
return baseMapper.update(null,
new LambdaUpdateWrapper<SysRole>()
.set(SysRole::getStatus, status)
.eq(SysRole::getRoleId, roleId));
}
/**
@ -347,7 +354,7 @@ public class SysRoleServiceImpl implements ISysRoleService {
@Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(Long[] roleIds) {
for (Long roleId : roleIds) {
checkRoleAllowed(new SysRoleBo(roleId));
checkRoleAllowed(roleId);
checkRoleDataScope(roleId);
SysRole role = baseMapper.selectById(roleId);
if (countUserRoleByRoleId(roleId) > 0) {

124
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
View File

@ -36,10 +36,8 @@ import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
/**
* 用户 业务层处理
@ -239,11 +237,11 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
/**
* 校验用户是否允许操作
*
* @param user 用户信息
* @param userId 用户ID
*/
@Override
public void checkUserAllowed(SysUserBo user) {
if (ObjectUtil.isNotNull(user.getUserId()) && user.isSuperAdmin()) {
public void checkUserAllowed(Long userId) {
if (ObjectUtil.isNotNull(userId) && LoginHelper.isSuperAdmin(userId)) {
throw new ServiceException("不允许操作超级管理员用户");
}
}
@ -255,13 +253,14 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
*/
@Override
public void checkUserDataScope(Long userId) {
if (!LoginHelper.isSuperAdmin()) {
SysUserBo user = new SysUserBo();
user.setUserId(userId);
List<SysUserVo> users = this.selectUserList(user);
if (CollUtil.isEmpty(users)) {
throw new ServiceException("没有权限访问用户数据!");
}
if (ObjectUtil.isNull(userId)) {
return;
}
if (LoginHelper.isSuperAdmin()) {
return;
}
if (ObjectUtil.isNull(baseMapper.selectUserById(userId))) {
throw new ServiceException("没有权限访问用户数据!");
}
}
@ -279,9 +278,9 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
int rows = baseMapper.insert(sysUser);
user.setUserId(sysUser.getUserId());
// 新增用户岗位关联
insertUserPost(user);
insertUserPost(user, false);
// 新增用户与角色管理
insertUserRole(user);
insertUserRole(user, false);
return rows;
}
@ -309,20 +308,15 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
@Override
@Transactional(rollbackFor = Exception.class)
public int updateUser(SysUserBo user) {
Long userId = user.getUserId();
// 删除用户与角色关联
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
// 新增用户与角色管理
insertUserRole(user);
// 删除用户与岗位关联
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
insertUserRole(user, true);
// 新增用户与岗位管理
insertUserPost(user);
insertUserPost(user, true);
SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
//防止错误更新后导致的数据误删除
// 防止错误更新后导致的数据误删除
int flag = baseMapper.updateById(sysUser);
if (flag <= 0){
throw new ServiceException("修改用户"+user.getUserName()+"信息失败");
if (flag < 1) {
throw new ServiceException("修改用户" + user.getUserName() + "信息失败");
}
return flag;
}
@ -338,21 +332,22 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
public void insertUserAuth(Long userId, Long[] roleIds) {
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
.eq(SysUserRole::getUserId, userId));
insertUserRole(userId, roleIds);
insertUserRole(userId, roleIds, false);
}
/**
* 修改用户状态
*
* @param user 用户信息
* @param userId 用户ID
* @param status 帐号状态
* @return 结果
*/
@Override
public int updateUserStatus(SysUserBo user) {
public int updateUserStatus(Long userId, String status) {
return baseMapper.update(null,
new LambdaUpdateWrapper<SysUser>()
.set(SysUser::getStatus, user.getStatus())
.eq(SysUser::getUserId, user.getUserId()));
.set(SysUser::getStatus, status)
.eq(SysUser::getUserId, userId));
}
/**
@ -376,7 +371,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
* 修改用户头像
*
* @param userId 用户ID
* @param avatar 头像地址
* @param avatar 头像地址
* @return 结果
*/
@Override
@ -390,7 +385,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
/**
* 重置用户密码
*
* @param userId 用户ID
* @param userId 用户ID
* @param password 密码
* @return 结果
*/
@ -405,34 +400,29 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
/**
* 新增用户角色信息
*
* @param user 用户对象
* @param user 用户对象
* @param clear 清除已存在的关联数据
*/
public void insertUserRole(SysUserBo user) {
this.insertUserRole(user.getUserId(), user.getRoleIds());
public void insertUserRole(SysUserBo user, boolean clear) {
this.insertUserRole(user.getUserId(), user.getRoleIds(), clear);
}
/**
* 新增用户岗位信息
*
* @param user 用户对象
* @param user 用户对象
* @param clear 清除已存在的关联数据
*/
public void insertUserPost(SysUserBo user) {
public void insertUserPost(SysUserBo user, boolean clear) {
Long[] posts = user.getPostIds();
if (ArrayUtil.isNotEmpty(posts)) {
//判断是否具有此角色的岗位权限
List<Long> postList = postMapper.selectPostListByUserId(LoginHelper.getUserId());
if (postList.isEmpty()){
throw new ServiceException("您不具有操作岗位的权限");
}
List<Long> postIdList = Arrays.asList(posts);
List<Long> canDoPostList = postIdList.stream()
.filter(postList::contains)
.collect(Collectors.toList());
if (canDoPostList.isEmpty()){
throw new ServiceException("您不具有操作当前岗位的权限");
Long userId = LoginHelper.getUserId();
if (clear) {
// 删除用户与岗位关联
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
}
// 新增用户与岗位管理
List<SysUserPost> list = StreamUtils.toList(canDoPostList, postId -> {
List<SysUserPost> list = StreamUtils.toList(List.of(posts), postId -> {
SysUserPost up = new SysUserPost();
up.setUserId(user.getUserId());
up.setPostId(postId);
@ -447,20 +437,26 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
*
* @param userId 用户ID
* @param roleIds 角色组
* @param clear 清除已存在的关联数据
*/
public void insertUserRole(Long userId, Long[] roleIds) {
public void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
if (ArrayUtil.isNotEmpty(roleIds)) {
//判断是否具有此角色的操作权限
List<Long> roleList = roleMapper.selectRoleListByUserId(LoginHelper.getUserId());
if (roleList.isEmpty()){
throw new ServiceException("您不具有操作角色的权限");
// 判断是否具有此角色的操作权限
List<SysRoleVo> roles = roleMapper.selectRoleList(new LambdaQueryWrapper<>());
if (CollUtil.isEmpty(roles)) {
throw new ServiceException("没有权限访问角色的数据");
}
List<Long> roleIdList = Arrays.asList(roleIds);
List<Long> canDoRoleList = roleIdList.stream()
.filter(roleList::contains)
.collect(Collectors.toList());
if (canDoRoleList.isEmpty()){
throw new ServiceException("您不具有操作当前角色的权限");
List<Long> roleList = StreamUtils.toList(roles, SysRoleVo::getRoleId);
if (!LoginHelper.isSuperAdmin(userId)) {
roleList.remove(UserConstants.SUPER_ADMIN_ID);
}
List<Long> canDoRoleList = StreamUtils.filter(List.of(roleIds), roleList::contains);
if (CollUtil.isEmpty(canDoRoleList)) {
throw new ServiceException("没有权限访问角色的数据");
}
if (clear) {
// 删除用户与角色关联
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
}
// 新增用户与角色管理
List<SysUserRole> list = StreamUtils.toList(canDoRoleList, roleId -> {
@ -488,8 +484,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
// 防止更新失败导致的数据删除
int flag = baseMapper.deleteById(userId);
if (flag <= 0){
throw new ServiceException("删除用户发生异常");
if (flag < 1) {
throw new ServiceException("删除用户失败!");
}
return flag;
}
@ -504,7 +500,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
@Transactional(rollbackFor = Exception.class)
public int deleteUserByIds(Long[] userIds) {
for (Long userId : userIds) {
checkUserAllowed(new SysUserBo(userId));
checkUserAllowed(userId);
checkUserDataScope(userId);
}
List<Long> ids = List.of(userIds);
@ -514,8 +510,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().in(SysUserPost::getUserId, ids));
// 防止更新失败导致的数据删除
int flag = baseMapper.deleteBatchIds(ids);
if (flag <= 0){
throw new ServiceException("删除用户发生异常");
if (flag < 1) {
throw new ServiceException("删除用户失败!");
}
return flag;
}

4
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
View File

@ -11,6 +11,10 @@
select * from sys_dept ${ew.getCustomSqlSegment}
</select>
<select id="selectDeptById" resultMap="SysDeptResult">
select * from sys_dept where del_flag = '0' and dept_id = #{deptId}
</select>
<select id="selectDeptListByRoleId" resultType="Long">
select d.dept_id
from sys_dept d

5
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
View File

@ -53,4 +53,9 @@
WHERE r.del_flag = '0' and u.user_name = #{userName}
</select>
<select id="selectRoleById" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
WHERE r.del_flag = '0' and r.role_id = #{roleId}
</select>
</mapper>