diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java index 96400f6fd..4ef7c3624 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java @@ -22,7 +22,6 @@ import com.ruoyi.system.domain.vo.DeptTreeSelectVo; import com.ruoyi.system.domain.vo.SysRoleVo; import com.ruoyi.system.domain.vo.SysUserVo; import com.ruoyi.system.service.ISysDeptService; -import com.ruoyi.system.service.ISysPermissionService; import com.ruoyi.system.service.ISysRoleService; import com.ruoyi.system.service.ISysUserService; import jakarta.servlet.http.HttpServletResponse; @@ -46,7 +45,6 @@ public class SysRoleController extends BaseController { private final ISysRoleService roleService; private final ISysUserService userService; private final ISysDeptService deptService; - private final ISysPermissionService permissionService; /** * 获取角色信息列表 @@ -103,7 +101,7 @@ public class SysRoleController extends BaseController { @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping public R edit(@Validated @RequestBody SysRoleBo role) { - roleService.checkRoleAllowed(role); + roleService.checkRoleAllowed(role.getRoleId()); roleService.checkRoleDataScope(role.getRoleId()); if (!roleService.checkRoleNameUnique(role)) { return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); @@ -143,7 +141,7 @@ public class SysRoleController extends BaseController { @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping("/dataScope") public R dataScope(@RequestBody SysRoleBo role) { - roleService.checkRoleAllowed(role); + roleService.checkRoleAllowed(role.getRoleId()); roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.authDataScope(role)); } @@ -155,9 +153,9 @@ public class SysRoleController extends BaseController { @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping("/changeStatus") public R changeStatus(@RequestBody SysRoleBo role) { - roleService.checkRoleAllowed(role); + roleService.checkRoleAllowed(role.getRoleId()); roleService.checkRoleDataScope(role.getRoleId()); - return toAjax(roleService.updateRoleStatus(role)); + return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus())); } /** diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java index bc067a51f..b07185310 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java @@ -145,7 +145,7 @@ public class SysUserController extends BaseController { @Log(title = "用户管理", businessType = BusinessType.UPDATE) @PutMapping public R edit(@Validated @RequestBody SysUserBo user) { - userService.checkUserAllowed(user); + userService.checkUserAllowed(user.getUserId()); userService.checkUserDataScope(user.getUserId()); if (!userService.checkUserNameUnique(user)) { return R.fail("修改用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -179,10 +179,10 @@ public class SysUserController extends BaseController { @Log(title = "用户管理", businessType = BusinessType.UPDATE) @PutMapping("/resetPwd") public R resetPwd(@RequestBody SysUserBo user) { - userService.checkUserAllowed(user); + userService.checkUserAllowed(user.getUserId()); userService.checkUserDataScope(user.getUserId()); user.setPassword(BCrypt.hashpw(user.getPassword())); - return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword())); + return toAjax(userService.resetUserPwd(user.getUserId(), user.getPassword())); } /** @@ -192,9 +192,9 @@ public class SysUserController extends BaseController { @Log(title = "用户管理", businessType = BusinessType.UPDATE) @PutMapping("/changeStatus") public R changeStatus(@RequestBody SysUserBo user) { - userService.checkUserAllowed(user); + userService.checkUserAllowed(user.getUserId()); userService.checkUserDataScope(user.getUserId()); - return toAjax(userService.updateUserStatus(user)); + return toAjax(userService.updateUserStatus(user.getUserId(), user.getStatus())); } /** diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java index b201e3d16..f4423174d 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java @@ -67,7 +67,7 @@ public class SysUserImportListener extends AnalysisEventListener selectDeptList(@Param(Constants.WRAPPER) Wrapper queryWrapper); + @DataPermission({ + @DataColumn(key = "deptName", value = "dept_id") + }) + SysDeptVo selectDeptById(Long deptId); + /** * 根据角色ID查询部门树信息 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java index c6d0ad4aa..2d8a37f0a 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java @@ -5,8 +5,8 @@ import com.baomidou.mybatisplus.core.toolkit.Constants; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.ruoyi.common.mybatis.annotation.DataColumn; import com.ruoyi.common.mybatis.annotation.DataPermission; -import com.ruoyi.system.domain.SysRole; import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus; +import com.ruoyi.system.domain.SysRole; import com.ruoyi.system.domain.vo.SysRoleVo; import org.apache.ibatis.annotations.Param; @@ -35,6 +35,11 @@ public interface SysRoleMapper extends BaseMapperPlus selectRoleList(@Param(Constants.WRAPPER) Wrapper queryWrapper); + @DataPermission({ + @DataColumn(key = "deptName", value = "d.dept_id") + }) + SysRoleVo selectRoleById(Long roleId); + /** * 根据用户ID查询角色 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java index 19df29bba..4d466194b 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java @@ -104,6 +104,10 @@ public interface SysUserMapper extends BaseMapperPlus updateWrapper); + int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper updateWrapper); @Override @DataPermission({ diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java index 2e6dcfe2b..0f852fee5 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java @@ -85,9 +85,9 @@ public interface ISysRoleService { /** * 校验角色是否允许操作 * - * @param role 角色信息 + * @param roleId 角色ID */ - void checkRoleAllowed(SysRoleBo role); + void checkRoleAllowed(Long roleId); /** * 校验角色是否有数据权限 @@ -123,10 +123,11 @@ public interface ISysRoleService { /** * 修改角色状态 * - * @param bo 角色信息 + * @param roleId 角色ID + * @param status 角色状态 * @return 结果 */ - int updateRoleStatus(SysRoleBo bo); + int updateRoleStatus(Long roleId, String status); /** * 修改数据权限信息 diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java index b39a47391..ed1afdd2f 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java @@ -108,9 +108,9 @@ public interface ISysUserService { /** * 校验用户是否允许操作 * - * @param user 用户信息 + * @param userId 用户ID */ - void checkUserAllowed(SysUserBo user); + void checkUserAllowed(Long userId); /** * 校验用户是否有数据权限 @@ -154,10 +154,11 @@ public interface ISysUserService { /** * 修改用户状态 * - * @param user 用户信息 + * @param userId 用户ID + * @param status 帐号状态 * @return 结果 */ - int updateUserStatus(SysUserBo user); + int updateUserStatus(Long userId, String status); /** * 修改用户基本信息 @@ -171,7 +172,7 @@ public interface ISysUserService { * 修改用户头像 * * @param userId 用户ID - * @param avatar 头像地址 + * @param avatar 头像地址 * @return 结果 */ boolean updateUserAvatar(Long userId, Long avatar); @@ -179,7 +180,7 @@ public interface ISysUserService { /** * 重置用户密码 * - * @param userId 用户ID + * @param userId 用户ID * @param password 密码 * @return 结果 */ diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java index 04ff3f5f3..4a0722ad6 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java @@ -212,13 +212,15 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService { */ @Override public void checkDeptDataScope(Long deptId) { - if (!LoginHelper.isSuperAdmin()) { - SysDeptBo dept = new SysDeptBo(); - dept.setDeptId(deptId); - List depts = this.selectDeptList(dept); - if (CollUtil.isEmpty(depts)) { - throw new ServiceException("没有权限访问部门数据!"); - } + if (ObjectUtil.isNull(deptId)) { + return; + } + if (LoginHelper.isSuperAdmin()) { + return; + } + SysDeptVo dept = baseMapper.selectDeptById(deptId); + if (ObjectUtil.isNull(dept)) { + throw new ServiceException("没有权限访问部门数据!"); } } @@ -250,13 +252,17 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService { @Override public int updateDept(SysDeptBo bo) { SysDept dept = MapstructUtils.convert(bo, SysDept.class); - SysDept newParentDept = baseMapper.selectById(dept.getParentId()); SysDept oldDept = baseMapper.selectById(dept.getDeptId()); - if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) { - String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId(); - String oldAncestors = oldDept.getAncestors(); - dept.setAncestors(newAncestors); - updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors); + if (!oldDept.getParentId().equals(dept.getParentId())) { + // 如果是新父部门 则校验是否具有新父部门权限 避免越权 + this.checkDeptDataScope(dept.getParentId()); + SysDept newParentDept = baseMapper.selectById(dept.getParentId()); + if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) { + String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId(); + String oldAncestors = oldDept.getAncestors(); + dept.setAncestors(newAncestors); + updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors); + } } int result = baseMapper.updateById(dept); if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors()) diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java index 2140a7734..40c269e9e 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java @@ -5,17 +5,18 @@ import cn.hutool.core.util.ObjectUtil; import com.baomidou.mybatisplus.core.conditions.Wrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.ruoyi.common.core.constant.UserConstants; +import com.ruoyi.common.core.exception.ServiceException; import com.ruoyi.common.core.utils.MapstructUtils; import com.ruoyi.common.core.utils.StreamUtils; import com.ruoyi.common.core.utils.StringUtils; import com.ruoyi.common.mybatis.core.page.PageQuery; -import com.ruoyi.system.domain.SysRole; import com.ruoyi.common.mybatis.core.page.TableDataInfo; -import com.ruoyi.common.core.exception.ServiceException; import com.ruoyi.common.satoken.utils.LoginHelper; +import com.ruoyi.system.domain.SysRole; import com.ruoyi.system.domain.SysRoleDept; import com.ruoyi.system.domain.SysRoleMenu; import com.ruoyi.system.domain.SysUserRole; @@ -145,7 +146,7 @@ public class SysRoleServiceImpl implements ISysRoleService { */ @Override public SysRoleVo selectRoleById(Long roleId) { - return baseMapper.selectVoById(roleId); + return baseMapper.selectRoleById(roleId); } /** @@ -179,11 +180,11 @@ public class SysRoleServiceImpl implements ISysRoleService { /** * 校验角色是否允许操作 * - * @param role 角色信息 + * @param roleId 角色ID */ @Override - public void checkRoleAllowed(SysRoleBo role) { - if (ObjectUtil.isNotNull(role.getRoleId()) && role.isSuperAdmin()) { + public void checkRoleAllowed(Long roleId) { + if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) { throw new ServiceException("不允许操作超级管理员角色"); } } @@ -195,14 +196,17 @@ public class SysRoleServiceImpl implements ISysRoleService { */ @Override public void checkRoleDataScope(Long roleId) { - if (!LoginHelper.isSuperAdmin()) { - SysRoleBo role = new SysRoleBo(); - role.setRoleId(roleId); - List roles = this.selectRoleList(role); - if (CollUtil.isEmpty(roles)) { - throw new ServiceException("没有权限访问角色数据!"); - } + if (ObjectUtil.isNull(roleId)) { + return; } + if (LoginHelper.isSuperAdmin()) { + return; + } + List roles = this.selectRoleList(new SysRoleBo(roleId)); + if (CollUtil.isEmpty(roles)) { + throw new ServiceException("没有权限访问角色数据!"); + } + } /** @@ -252,13 +256,16 @@ public class SysRoleServiceImpl implements ISysRoleService { /** * 修改角色状态 * - * @param bo 角色信息 + * @param roleId 角色ID + * @param status 角色状态 * @return 结果 */ @Override - public int updateRoleStatus(SysRoleBo bo) { - SysRole role = MapstructUtils.convert(bo, SysRole.class); - return baseMapper.updateById(role); + public int updateRoleStatus(Long roleId, String status) { + return baseMapper.update(null, + new LambdaUpdateWrapper() + .set(SysRole::getStatus, status) + .eq(SysRole::getRoleId, roleId)); } /** @@ -347,7 +354,7 @@ public class SysRoleServiceImpl implements ISysRoleService { @Transactional(rollbackFor = Exception.class) public int deleteRoleByIds(Long[] roleIds) { for (Long roleId : roleIds) { - checkRoleAllowed(new SysRoleBo(roleId)); + checkRoleAllowed(roleId); checkRoleDataScope(roleId); SysRole role = baseMapper.selectById(roleId); if (countUserRoleByRoleId(roleId) > 0) { diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java index ea9cf9434..5c69b772d 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java @@ -36,10 +36,8 @@ import org.springframework.cache.annotation.Cacheable; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import java.util.Arrays; import java.util.List; import java.util.Map; -import java.util.stream.Collectors; /** * 用户 业务层处理 @@ -239,11 +237,11 @@ public class SysUserServiceImpl implements ISysUserService, UserService { /** * 校验用户是否允许操作 * - * @param user 用户信息 + * @param userId 用户ID */ @Override - public void checkUserAllowed(SysUserBo user) { - if (ObjectUtil.isNotNull(user.getUserId()) && user.isSuperAdmin()) { + public void checkUserAllowed(Long userId) { + if (ObjectUtil.isNotNull(userId) && LoginHelper.isSuperAdmin(userId)) { throw new ServiceException("不允许操作超级管理员用户"); } } @@ -255,13 +253,14 @@ public class SysUserServiceImpl implements ISysUserService, UserService { */ @Override public void checkUserDataScope(Long userId) { - if (!LoginHelper.isSuperAdmin()) { - SysUserBo user = new SysUserBo(); - user.setUserId(userId); - List users = this.selectUserList(user); - if (CollUtil.isEmpty(users)) { - throw new ServiceException("没有权限访问用户数据!"); - } + if (ObjectUtil.isNull(userId)) { + return; + } + if (LoginHelper.isSuperAdmin()) { + return; + } + if (ObjectUtil.isNull(baseMapper.selectUserById(userId))) { + throw new ServiceException("没有权限访问用户数据!"); } } @@ -279,9 +278,9 @@ public class SysUserServiceImpl implements ISysUserService, UserService { int rows = baseMapper.insert(sysUser); user.setUserId(sysUser.getUserId()); // 新增用户岗位关联 - insertUserPost(user); + insertUserPost(user, false); // 新增用户与角色管理 - insertUserRole(user); + insertUserRole(user, false); return rows; } @@ -309,20 +308,15 @@ public class SysUserServiceImpl implements ISysUserService, UserService { @Override @Transactional(rollbackFor = Exception.class) public int updateUser(SysUserBo user) { - Long userId = user.getUserId(); - // 删除用户与角色关联 - userRoleMapper.delete(new LambdaQueryWrapper().eq(SysUserRole::getUserId, userId)); // 新增用户与角色管理 - insertUserRole(user); - // 删除用户与岗位关联 - userPostMapper.delete(new LambdaQueryWrapper().eq(SysUserPost::getUserId, userId)); + insertUserRole(user, true); // 新增用户与岗位管理 - insertUserPost(user); + insertUserPost(user, true); SysUser sysUser = MapstructUtils.convert(user, SysUser.class); - //防止错误更新后导致的数据误删除 + // 防止错误更新后导致的数据误删除 int flag = baseMapper.updateById(sysUser); - if (flag <= 0){ - throw new ServiceException("修改用户"+user.getUserName()+"信息失败"); + if (flag < 1) { + throw new ServiceException("修改用户" + user.getUserName() + "信息失败"); } return flag; } @@ -338,21 +332,22 @@ public class SysUserServiceImpl implements ISysUserService, UserService { public void insertUserAuth(Long userId, Long[] roleIds) { userRoleMapper.delete(new LambdaQueryWrapper() .eq(SysUserRole::getUserId, userId)); - insertUserRole(userId, roleIds); + insertUserRole(userId, roleIds, false); } /** * 修改用户状态 * - * @param user 用户信息 + * @param userId 用户ID + * @param status 帐号状态 * @return 结果 */ @Override - public int updateUserStatus(SysUserBo user) { + public int updateUserStatus(Long userId, String status) { return baseMapper.update(null, new LambdaUpdateWrapper() - .set(SysUser::getStatus, user.getStatus()) - .eq(SysUser::getUserId, user.getUserId())); + .set(SysUser::getStatus, status) + .eq(SysUser::getUserId, userId)); } /** @@ -376,7 +371,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService { * 修改用户头像 * * @param userId 用户ID - * @param avatar 头像地址 + * @param avatar 头像地址 * @return 结果 */ @Override @@ -390,7 +385,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService { /** * 重置用户密码 * - * @param userId 用户ID + * @param userId 用户ID * @param password 密码 * @return 结果 */ @@ -405,34 +400,29 @@ public class SysUserServiceImpl implements ISysUserService, UserService { /** * 新增用户角色信息 * - * @param user 用户对象 + * @param user 用户对象 + * @param clear 清除已存在的关联数据 */ - public void insertUserRole(SysUserBo user) { - this.insertUserRole(user.getUserId(), user.getRoleIds()); + public void insertUserRole(SysUserBo user, boolean clear) { + this.insertUserRole(user.getUserId(), user.getRoleIds(), clear); } /** * 新增用户岗位信息 * - * @param user 用户对象 + * @param user 用户对象 + * @param clear 清除已存在的关联数据 */ - public void insertUserPost(SysUserBo user) { + public void insertUserPost(SysUserBo user, boolean clear) { Long[] posts = user.getPostIds(); if (ArrayUtil.isNotEmpty(posts)) { - //判断是否具有此角色的岗位权限 - List postList = postMapper.selectPostListByUserId(LoginHelper.getUserId()); - if (postList.isEmpty()){ - throw new ServiceException("您不具有操作岗位的权限"); - } - List postIdList = Arrays.asList(posts); - List canDoPostList = postIdList.stream() - .filter(postList::contains) - .collect(Collectors.toList()); - if (canDoPostList.isEmpty()){ - throw new ServiceException("您不具有操作当前岗位的权限"); + Long userId = LoginHelper.getUserId(); + if (clear) { + // 删除用户与岗位关联 + userPostMapper.delete(new LambdaQueryWrapper().eq(SysUserPost::getUserId, userId)); } // 新增用户与岗位管理 - List list = StreamUtils.toList(canDoPostList, postId -> { + List list = StreamUtils.toList(List.of(posts), postId -> { SysUserPost up = new SysUserPost(); up.setUserId(user.getUserId()); up.setPostId(postId); @@ -447,20 +437,26 @@ public class SysUserServiceImpl implements ISysUserService, UserService { * * @param userId 用户ID * @param roleIds 角色组 + * @param clear 清除已存在的关联数据 */ - public void insertUserRole(Long userId, Long[] roleIds) { + public void insertUserRole(Long userId, Long[] roleIds, boolean clear) { if (ArrayUtil.isNotEmpty(roleIds)) { - //判断是否具有此角色的操作权限 - List roleList = roleMapper.selectRoleListByUserId(LoginHelper.getUserId()); - if (roleList.isEmpty()){ - throw new ServiceException("您不具有操作角色的权限"); + // 判断是否具有此角色的操作权限 + List roles = roleMapper.selectRoleList(new LambdaQueryWrapper<>()); + if (CollUtil.isEmpty(roles)) { + throw new ServiceException("没有权限访问角色的数据"); } - List roleIdList = Arrays.asList(roleIds); - List canDoRoleList = roleIdList.stream() - .filter(roleList::contains) - .collect(Collectors.toList()); - if (canDoRoleList.isEmpty()){ - throw new ServiceException("您不具有操作当前角色的权限"); + List roleList = StreamUtils.toList(roles, SysRoleVo::getRoleId); + if (!LoginHelper.isSuperAdmin(userId)) { + roleList.remove(UserConstants.SUPER_ADMIN_ID); + } + List canDoRoleList = StreamUtils.filter(List.of(roleIds), roleList::contains); + if (CollUtil.isEmpty(canDoRoleList)) { + throw new ServiceException("没有权限访问角色的数据"); + } + if (clear) { + // 删除用户与角色关联 + userRoleMapper.delete(new LambdaQueryWrapper().eq(SysUserRole::getUserId, userId)); } // 新增用户与角色管理 List list = StreamUtils.toList(canDoRoleList, roleId -> { @@ -488,8 +484,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService { userPostMapper.delete(new LambdaQueryWrapper().eq(SysUserPost::getUserId, userId)); // 防止更新失败导致的数据删除 int flag = baseMapper.deleteById(userId); - if (flag <= 0){ - throw new ServiceException("删除用户发生异常"); + if (flag < 1) { + throw new ServiceException("删除用户失败!"); } return flag; } @@ -504,7 +500,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService { @Transactional(rollbackFor = Exception.class) public int deleteUserByIds(Long[] userIds) { for (Long userId : userIds) { - checkUserAllowed(new SysUserBo(userId)); + checkUserAllowed(userId); checkUserDataScope(userId); } List ids = List.of(userIds); @@ -514,8 +510,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService { userPostMapper.delete(new LambdaQueryWrapper().in(SysUserPost::getUserId, ids)); // 防止更新失败导致的数据删除 int flag = baseMapper.deleteBatchIds(ids); - if (flag <= 0){ - throw new ServiceException("删除用户发生异常"); + if (flag < 1) { + throw new ServiceException("删除用户失败!"); } return flag; } diff --git a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml index 80aa4286d..131c8a34b 100644 --- a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml +++ b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml @@ -11,6 +11,10 @@ select * from sys_dept ${ew.getCustomSqlSegment} + + + +