admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update 优化 重构系统业务数据权限 避免可能存在的越权风险

Browse Source
This commit is contained in:
疯狂的狮子Li 2023-03-11 01:32:38 +08:00
parent 69edf436da
commit f0a9768d8e
13 changed files with 151 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysRoleController.java
View File

@ -22,7 +22,6 @@ import com.ruoyi.system.domain.vo.DeptTreeSelectVo;
import com.ruoyi.system.domain.vo.SysRoleVo; import com.ruoyi.system.domain.vo.SysRoleVo;
import com.ruoyi.system.domain.vo.SysUserVo; import com.ruoyi.system.domain.vo.SysUserVo;
import com.ruoyi.system.service.ISysDeptService; import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysRoleService; import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService; import com.ruoyi.system.service.ISysUserService;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
@ -46,7 +45,6 @@ public class SysRoleController extends BaseController {
private final ISysRoleService roleService; private final ISysRoleService roleService;
private final ISysUserService userService; private final ISysUserService userService;
private final ISysDeptService deptService; private final ISysDeptService deptService;
private final ISysPermissionService permissionService;
/** /**
* 获取角色信息列表 * 获取角色信息列表
@ -103,7 +101,7 @@ public class SysRoleController extends BaseController {
@Log(title = "角色管理", businessType = BusinessType.UPDATE) @Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping @PutMapping
public R<Void> edit(@Validated @RequestBody SysRoleBo role) { public R<Void> edit(@Validated @RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role); roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId()); roleService.checkRoleDataScope(role.getRoleId());
if (!roleService.checkRoleNameUnique(role)) { if (!roleService.checkRoleNameUnique(role)) {
return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在");
@ -143,7 +141,7 @@ public class SysRoleController extends BaseController {
@Log(title = "角色管理", businessType = BusinessType.UPDATE) @Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping("/dataScope") @PutMapping("/dataScope")
public R<Void> dataScope(@RequestBody SysRoleBo role) { public R<Void> dataScope(@RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role); roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId()); roleService.checkRoleDataScope(role.getRoleId());
return toAjax(roleService.authDataScope(role)); return toAjax(roleService.authDataScope(role));
} }
@ -155,9 +153,9 @@ public class SysRoleController extends BaseController {
@Log(title = "角色管理", businessType = BusinessType.UPDATE) @Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus") @PutMapping("/changeStatus")
public R<Void> changeStatus(@RequestBody SysRoleBo role) { public R<Void> changeStatus(@RequestBody SysRoleBo role) {
roleService.checkRoleAllowed(role); roleService.checkRoleAllowed(role.getRoleId());
roleService.checkRoleDataScope(role.getRoleId()); roleService.checkRoleDataScope(role.getRoleId());
return toAjax(roleService.updateRoleStatus(role)); return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus()));
} }
/** /**

10
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysUserController.java
View File

@ -145,7 +145,7 @@ public class SysUserController extends BaseController {
@Log(title = "用户管理", businessType = BusinessType.UPDATE) @Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping @PutMapping
public R<Void> edit(@Validated @RequestBody SysUserBo user) { public R<Void> edit(@Validated @RequestBody SysUserBo user) {
userService.checkUserAllowed(user); userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId()); userService.checkUserDataScope(user.getUserId());
if (!userService.checkUserNameUnique(user)) { if (!userService.checkUserNameUnique(user)) {
return R.fail("修改用户'" + user.getUserName() + "'失败,登录账号已存在"); return R.fail("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
@ -179,10 +179,10 @@ public class SysUserController extends BaseController {
@Log(title = "用户管理", businessType = BusinessType.UPDATE) @Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping("/resetPwd") @PutMapping("/resetPwd")
public R<Void> resetPwd(@RequestBody SysUserBo user) { public R<Void> resetPwd(@RequestBody SysUserBo user) {
userService.checkUserAllowed(user); userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId()); userService.checkUserDataScope(user.getUserId());
user.setPassword(BCrypt.hashpw(user.getPassword())); user.setPassword(BCrypt.hashpw(user.getPassword()));
return toAjax(userService.resetUserPwd(user.getUserId(),user.getPassword())); return toAjax(userService.resetUserPwd(user.getUserId(), user.getPassword()));
} }
/** /**
@ -192,9 +192,9 @@ public class SysUserController extends BaseController {
@Log(title = "用户管理", businessType = BusinessType.UPDATE) @Log(title = "用户管理", businessType = BusinessType.UPDATE)
@PutMapping("/changeStatus") @PutMapping("/changeStatus")
public R<Void> changeStatus(@RequestBody SysUserBo user) { public R<Void> changeStatus(@RequestBody SysUserBo user) {
userService.checkUserAllowed(user); userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId()); userService.checkUserDataScope(user.getUserId());
return toAjax(userService.updateUserStatus(user)); return toAjax(userService.updateUserStatus(user.getUserId(), user.getStatus()));
} }
/** /**

2
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
View File

@ -67,7 +67,7 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class); SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
user.setUserId(userId); user.setUserId(userId);
ValidatorUtils.validate(user); ValidatorUtils.validate(user);
userService.checkUserAllowed(user); userService.checkUserAllowed(user.getUserId());
userService.checkUserDataScope(user.getUserId()); userService.checkUserDataScope(user.getUserId());
user.setUpdateBy(operUserId); user.setUpdateBy(operUserId);
userService.updateUser(user); userService.updateUser(user);

5
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysDeptMapper.java
View File

@ -29,6 +29,11 @@ public interface SysDeptMapper extends BaseMapperPlus<SysDeptMapper, SysDept, Sy
}) })
List<SysDeptVo> selectDeptList(@Param(Constants.WRAPPER) Wrapper<SysDept> queryWrapper); List<SysDeptVo> selectDeptList(@Param(Constants.WRAPPER) Wrapper<SysDept> queryWrapper);
@DataPermission({
@DataColumn(key = "deptName", value = "dept_id")
})
SysDeptVo selectDeptById(Long deptId);
/** /**
* 根据角色ID查询部门树信息 * 根据角色ID查询部门树信息
* *

7
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysRoleMapper.java
View File

@ -5,8 +5,8 @@ import com.baomidou.mybatisplus.core.toolkit.Constants;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.mybatis.annotation.DataColumn; import com.ruoyi.common.mybatis.annotation.DataColumn;
import com.ruoyi.common.mybatis.annotation.DataPermission; import com.ruoyi.common.mybatis.annotation.DataPermission;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus; import com.ruoyi.common.mybatis.core.mapper.BaseMapperPlus;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.vo.SysRoleVo; import com.ruoyi.system.domain.vo.SysRoleVo;
import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Param;
@ -35,6 +35,11 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRoleMapper, SysRole, Sy
}) })
List<SysRoleVo> selectRoleList(@Param(Constants.WRAPPER) Wrapper<SysRole> queryWrapper); List<SysRoleVo> selectRoleList(@Param(Constants.WRAPPER) Wrapper<SysRole> queryWrapper);
@DataPermission({
@DataColumn(key = "deptName", value = "d.dept_id")
})
SysRoleVo selectRoleById(Long roleId);
/** /**
* 根据用户ID查询角色 * 根据用户ID查询角色
* *

6
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java
View File

@ -104,6 +104,10 @@ public interface SysUserMapper extends BaseMapperPlus<SysUserMapper, SysUser, Sy
* @param userId 用户ID * @param userId 用户ID
* @return 用户对象信息 * @return 用户对象信息
*/ */
@DataPermission({
@DataColumn(key = "deptName", value = "d.dept_id"),
@DataColumn(key = "userName", value = "u.user_id")
})
SysUserVo selectUserById(Long userId); SysUserVo selectUserById(Long userId);
@Override @Override
@ -111,7 +115,7 @@ public interface SysUserMapper extends BaseMapperPlus<SysUserMapper, SysUser, Sy
@DataColumn(key = "deptName", value = "dept_id"), @DataColumn(key = "deptName", value = "dept_id"),
@DataColumn(key = "userName", value = "user_id") @DataColumn(key = "userName", value = "user_id")
}) })
int update(@Param(Constants.ENTITY) SysUser user,@Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper); int update(@Param(Constants.ENTITY) SysUser user, @Param(Constants.WRAPPER) Wrapper<SysUser> updateWrapper);
@Override @Override
@DataPermission({ @DataPermission({

9
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
View File

@ -85,9 +85,9 @@ public interface ISysRoleService {
/** /**
* 校验角色是否允许操作 * 校验角色是否允许操作
* *
* @param role 角色信息 * @param roleId 角色ID
*/ */
void checkRoleAllowed(SysRoleBo role); void checkRoleAllowed(Long roleId);
/** /**
* 校验角色是否有数据权限 * 校验角色是否有数据权限
@ -123,10 +123,11 @@ public interface ISysRoleService {
/** /**
* 修改角色状态 * 修改角色状态
* *
* @param bo 角色信息 * @param roleId 角色ID
* @param status 角色状态
* @return 结果 * @return 结果
*/ */
int updateRoleStatus(SysRoleBo bo); int updateRoleStatus(Long roleId, String status);
/** /**
* 修改数据权限信息 * 修改数据权限信息

13
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
View File

@ -108,9 +108,9 @@ public interface ISysUserService {
/** /**
* 校验用户是否允许操作 * 校验用户是否允许操作
* *
* @param user 用户信息 * @param userId 用户ID
*/ */
void checkUserAllowed(SysUserBo user); void checkUserAllowed(Long userId);
/** /**
* 校验用户是否有数据权限 * 校验用户是否有数据权限
@ -154,10 +154,11 @@ public interface ISysUserService {
/** /**
* 修改用户状态 * 修改用户状态
* *
* @param user 用户信息 * @param userId 用户ID
* @param status 帐号状态
* @return 结果 * @return 结果
*/ */
int updateUserStatus(SysUserBo user); int updateUserStatus(Long userId, String status);
/** /**
* 修改用户基本信息 * 修改用户基本信息
@ -171,7 +172,7 @@ public interface ISysUserService {
* 修改用户头像 * 修改用户头像
* *
* @param userId 用户ID * @param userId 用户ID
* @param avatar 头像地址 * @param avatar 头像地址
* @return 结果 * @return 结果
*/ */
boolean updateUserAvatar(Long userId, Long avatar); boolean updateUserAvatar(Long userId, Long avatar);
@ -179,7 +180,7 @@ public interface ISysUserService {
/** /**
* 重置用户密码 * 重置用户密码
* *
* @param userId 用户ID * @param userId 用户ID
* @param password 密码 * @param password 密码
* @return 结果 * @return 结果
*/ */

32
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
View File

@ -212,13 +212,15 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService {
*/ */
@Override @Override
public void checkDeptDataScope(Long deptId) { public void checkDeptDataScope(Long deptId) {
if (!LoginHelper.isSuperAdmin()) { if (ObjectUtil.isNull(deptId)) {
SysDeptBo dept = new SysDeptBo(); return;
dept.setDeptId(deptId); }
List<SysDeptVo> depts = this.selectDeptList(dept); if (LoginHelper.isSuperAdmin()) {
if (CollUtil.isEmpty(depts)) { return;
throw new ServiceException("没有权限访问部门数据!"); }
} SysDeptVo dept = baseMapper.selectDeptById(deptId);
if (ObjectUtil.isNull(dept)) {
throw new ServiceException("没有权限访问部门数据!");
} }
} }
@ -250,13 +252,17 @@ public class SysDeptServiceImpl implements ISysDeptService, DeptService {
@Override @Override
public int updateDept(SysDeptBo bo) { public int updateDept(SysDeptBo bo) {
SysDept dept = MapstructUtils.convert(bo, SysDept.class); SysDept dept = MapstructUtils.convert(bo, SysDept.class);
SysDept newParentDept = baseMapper.selectById(dept.getParentId());
SysDept oldDept = baseMapper.selectById(dept.getDeptId()); SysDept oldDept = baseMapper.selectById(dept.getDeptId());
if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) { if (!oldDept.getParentId().equals(dept.getParentId())) {
String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId(); // 如果是新父部门 则校验是否具有新父部门权限 避免越权
String oldAncestors = oldDept.getAncestors(); this.checkDeptDataScope(dept.getParentId());
dept.setAncestors(newAncestors); SysDept newParentDept = baseMapper.selectById(dept.getParentId());
updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors); if (ObjectUtil.isNotNull(newParentDept) && ObjectUtil.isNotNull(oldDept)) {
String newAncestors = newParentDept.getAncestors() + StringUtils.SEPARATOR + newParentDept.getDeptId();
String oldAncestors = oldDept.getAncestors();
dept.setAncestors(newAncestors);
updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
}
} }
int result = baseMapper.updateById(dept); int result = baseMapper.updateById(dept);
if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors()) if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors())

43
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
View File

@ -5,17 +5,18 @@ import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.conditions.Wrapper; import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.core.constant.UserConstants; import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.core.utils.MapstructUtils; import com.ruoyi.common.core.utils.MapstructUtils;
import com.ruoyi.common.core.utils.StreamUtils; import com.ruoyi.common.core.utils.StreamUtils;
import com.ruoyi.common.core.utils.StringUtils; import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.mybatis.core.page.PageQuery; import com.ruoyi.common.mybatis.core.page.PageQuery;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.common.mybatis.core.page.TableDataInfo; import com.ruoyi.common.mybatis.core.page.TableDataInfo;
import com.ruoyi.common.core.exception.ServiceException;
import com.ruoyi.common.satoken.utils.LoginHelper; import com.ruoyi.common.satoken.utils.LoginHelper;
import com.ruoyi.system.domain.SysRole;
import com.ruoyi.system.domain.SysRoleDept; import com.ruoyi.system.domain.SysRoleDept;
import com.ruoyi.system.domain.SysRoleMenu; import com.ruoyi.system.domain.SysRoleMenu;
import com.ruoyi.system.domain.SysUserRole; import com.ruoyi.system.domain.SysUserRole;
@ -145,7 +146,7 @@ public class SysRoleServiceImpl implements ISysRoleService {
*/ */
@Override @Override
public SysRoleVo selectRoleById(Long roleId) { public SysRoleVo selectRoleById(Long roleId) {
return baseMapper.selectVoById(roleId); return baseMapper.selectRoleById(roleId);
} }
/** /**
@ -179,11 +180,11 @@ public class SysRoleServiceImpl implements ISysRoleService {
/** /**
* 校验角色是否允许操作 * 校验角色是否允许操作
* *
* @param role 角色信息 * @param roleId 角色ID
*/ */
@Override @Override
public void checkRoleAllowed(SysRoleBo role) { public void checkRoleAllowed(Long roleId) {
if (ObjectUtil.isNotNull(role.getRoleId()) && role.isSuperAdmin()) { if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) {
throw new ServiceException("不允许操作超级管理员角色"); throw new ServiceException("不允许操作超级管理员角色");
} }
} }
@ -195,14 +196,17 @@ public class SysRoleServiceImpl implements ISysRoleService {
*/ */
@Override @Override
public void checkRoleDataScope(Long roleId) { public void checkRoleDataScope(Long roleId) {
if (!LoginHelper.isSuperAdmin()) { if (ObjectUtil.isNull(roleId)) {
SysRoleBo role = new SysRoleBo(); return;
role.setRoleId(roleId);
List<SysRoleVo> roles = this.selectRoleList(role);
if (CollUtil.isEmpty(roles)) {
throw new ServiceException("没有权限访问角色数据!");
}
} }
if (LoginHelper.isSuperAdmin()) {
return;
}
List<SysRoleVo> roles = this.selectRoleList(new SysRoleBo(roleId));
if (CollUtil.isEmpty(roles)) {
throw new ServiceException("没有权限访问角色数据!");
}
} }
/** /**
@ -252,13 +256,16 @@ public class SysRoleServiceImpl implements ISysRoleService {
/** /**
* 修改角色状态 * 修改角色状态
* *
* @param bo 角色信息 * @param roleId 角色ID
* @param status 角色状态
* @return 结果 * @return 结果
*/ */
@Override @Override
public int updateRoleStatus(SysRoleBo bo) { public int updateRoleStatus(Long roleId, String status) {
SysRole role = MapstructUtils.convert(bo, SysRole.class); return baseMapper.update(null,
return baseMapper.updateById(role); new LambdaUpdateWrapper<SysRole>()
.set(SysRole::getStatus, status)
.eq(SysRole::getRoleId, roleId));
} }
/** /**
@ -347,7 +354,7 @@ public class SysRoleServiceImpl implements ISysRoleService {
@Transactional(rollbackFor = Exception.class) @Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(Long[] roleIds) { public int deleteRoleByIds(Long[] roleIds) {
for (Long roleId : roleIds) { for (Long roleId : roleIds) {
checkRoleAllowed(new SysRoleBo(roleId)); checkRoleAllowed(roleId);
checkRoleDataScope(roleId); checkRoleDataScope(roleId);
SysRole role = baseMapper.selectById(roleId); SysRole role = baseMapper.selectById(roleId);
if (countUserRoleByRoleId(roleId) > 0) { if (countUserRoleByRoleId(roleId) > 0) {

124
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
View File

@ -36,10 +36,8 @@ import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors;
/** /**
* 用户 业务层处理 * 用户 业务层处理
@ -239,11 +237,11 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
/** /**
* 校验用户是否允许操作 * 校验用户是否允许操作
* *
* @param user 用户信息 * @param userId 用户ID
*/ */
@Override @Override
public void checkUserAllowed(SysUserBo user) { public void checkUserAllowed(Long userId) {
if (ObjectUtil.isNotNull(user.getUserId()) && user.isSuperAdmin()) { if (ObjectUtil.isNotNull(userId) && LoginHelper.isSuperAdmin(userId)) {
throw new ServiceException("不允许操作超级管理员用户"); throw new ServiceException("不允许操作超级管理员用户");
} }
} }
@ -255,13 +253,14 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
*/ */
@Override @Override
public void checkUserDataScope(Long userId) { public void checkUserDataScope(Long userId) {
if (!LoginHelper.isSuperAdmin()) { if (ObjectUtil.isNull(userId)) {
SysUserBo user = new SysUserBo(); return;
user.setUserId(userId); }
List<SysUserVo> users = this.selectUserList(user); if (LoginHelper.isSuperAdmin()) {
if (CollUtil.isEmpty(users)) { return;
throw new ServiceException("没有权限访问用户数据!"); }
} if (ObjectUtil.isNull(baseMapper.selectUserById(userId))) {
throw new ServiceException("没有权限访问用户数据!");
} }
} }
@ -279,9 +278,9 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
int rows = baseMapper.insert(sysUser); int rows = baseMapper.insert(sysUser);
user.setUserId(sysUser.getUserId()); user.setUserId(sysUser.getUserId());
// 新增用户岗位关联 // 新增用户岗位关联
insertUserPost(user); insertUserPost(user, false);
// 新增用户与角色管理 // 新增用户与角色管理
insertUserRole(user); insertUserRole(user, false);
return rows; return rows;
} }
@ -309,20 +308,15 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
@Override @Override
@Transactional(rollbackFor = Exception.class) @Transactional(rollbackFor = Exception.class)
public int updateUser(SysUserBo user) { public int updateUser(SysUserBo user) {
Long userId = user.getUserId();
// 删除用户与角色关联
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
// 新增用户与角色管理 // 新增用户与角色管理
insertUserRole(user); insertUserRole(user, true);
// 删除用户与岗位关联
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
// 新增用户与岗位管理 // 新增用户与岗位管理
insertUserPost(user); insertUserPost(user, true);
SysUser sysUser = MapstructUtils.convert(user, SysUser.class); SysUser sysUser = MapstructUtils.convert(user, SysUser.class);
//防止错误更新后导致的数据误删除 // 防止错误更新后导致的数据误删除
int flag = baseMapper.updateById(sysUser); int flag = baseMapper.updateById(sysUser);
if (flag <= 0){ if (flag < 1) {
throw new ServiceException("修改用户"+user.getUserName()+"信息失败"); throw new ServiceException("修改用户" + user.getUserName() + "信息失败");
} }
return flag; return flag;
} }
@ -338,21 +332,22 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
public void insertUserAuth(Long userId, Long[] roleIds) { public void insertUserAuth(Long userId, Long[] roleIds) {
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>() userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
.eq(SysUserRole::getUserId, userId)); .eq(SysUserRole::getUserId, userId));
insertUserRole(userId, roleIds); insertUserRole(userId, roleIds, false);
} }
/** /**
* 修改用户状态 * 修改用户状态
* *
* @param user 用户信息 * @param userId 用户ID
* @param status 帐号状态
* @return 结果 * @return 结果
*/ */
@Override @Override
public int updateUserStatus(SysUserBo user) { public int updateUserStatus(Long userId, String status) {
return baseMapper.update(null, return baseMapper.update(null,
new LambdaUpdateWrapper<SysUser>() new LambdaUpdateWrapper<SysUser>()
.set(SysUser::getStatus, user.getStatus()) .set(SysUser::getStatus, status)
.eq(SysUser::getUserId, user.getUserId())); .eq(SysUser::getUserId, userId));
} }
/** /**
@ -376,7 +371,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
* 修改用户头像 * 修改用户头像
* *
* @param userId 用户ID * @param userId 用户ID
* @param avatar 头像地址 * @param avatar 头像地址
* @return 结果 * @return 结果
*/ */
@Override @Override
@ -390,7 +385,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
/** /**
* 重置用户密码 * 重置用户密码
* *
* @param userId 用户ID * @param userId 用户ID
* @param password 密码 * @param password 密码
* @return 结果 * @return 结果
*/ */
@ -405,34 +400,29 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
/** /**
* 新增用户角色信息 * 新增用户角色信息
* *
* @param user 用户对象 * @param user 用户对象
* @param clear 清除已存在的关联数据
*/ */
public void insertUserRole(SysUserBo user) { public void insertUserRole(SysUserBo user, boolean clear) {
this.insertUserRole(user.getUserId(), user.getRoleIds()); this.insertUserRole(user.getUserId(), user.getRoleIds(), clear);
} }
/** /**
* 新增用户岗位信息 * 新增用户岗位信息
* *
* @param user 用户对象 * @param user 用户对象
* @param clear 清除已存在的关联数据
*/ */
public void insertUserPost(SysUserBo user) { public void insertUserPost(SysUserBo user, boolean clear) {
Long[] posts = user.getPostIds(); Long[] posts = user.getPostIds();
if (ArrayUtil.isNotEmpty(posts)) { if (ArrayUtil.isNotEmpty(posts)) {
//判断是否具有此角色的岗位权限 Long userId = LoginHelper.getUserId();
List<Long> postList = postMapper.selectPostListByUserId(LoginHelper.getUserId()); if (clear) {
if (postList.isEmpty()){ // 删除用户与岗位关联
throw new ServiceException("您不具有操作岗位的权限"); userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
}
List<Long> postIdList = Arrays.asList(posts);
List<Long> canDoPostList = postIdList.stream()
.filter(postList::contains)
.collect(Collectors.toList());
if (canDoPostList.isEmpty()){
throw new ServiceException("您不具有操作当前岗位的权限");
} }
// 新增用户与岗位管理 // 新增用户与岗位管理
List<SysUserPost> list = StreamUtils.toList(canDoPostList, postId -> { List<SysUserPost> list = StreamUtils.toList(List.of(posts), postId -> {
SysUserPost up = new SysUserPost(); SysUserPost up = new SysUserPost();
up.setUserId(user.getUserId()); up.setUserId(user.getUserId());
up.setPostId(postId); up.setPostId(postId);
@ -447,20 +437,26 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
* *
* @param userId 用户ID * @param userId 用户ID
* @param roleIds 角色组 * @param roleIds 角色组
* @param clear 清除已存在的关联数据
*/ */
public void insertUserRole(Long userId, Long[] roleIds) { public void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
if (ArrayUtil.isNotEmpty(roleIds)) { if (ArrayUtil.isNotEmpty(roleIds)) {
//判断是否具有此角色的操作权限 // 判断是否具有此角色的操作权限
List<Long> roleList = roleMapper.selectRoleListByUserId(LoginHelper.getUserId()); List<SysRoleVo> roles = roleMapper.selectRoleList(new LambdaQueryWrapper<>());
if (roleList.isEmpty()){ if (CollUtil.isEmpty(roles)) {
throw new ServiceException("您不具有操作角色的权限"); throw new ServiceException("没有权限访问角色的数据");
} }
List<Long> roleIdList = Arrays.asList(roleIds); List<Long> roleList = StreamUtils.toList(roles, SysRoleVo::getRoleId);
List<Long> canDoRoleList = roleIdList.stream() if (!LoginHelper.isSuperAdmin(userId)) {
.filter(roleList::contains) roleList.remove(UserConstants.SUPER_ADMIN_ID);
.collect(Collectors.toList()); }
if (canDoRoleList.isEmpty()){ List<Long> canDoRoleList = StreamUtils.filter(List.of(roleIds), roleList::contains);
throw new ServiceException("您不具有操作当前角色的权限"); if (CollUtil.isEmpty(canDoRoleList)) {
throw new ServiceException("没有权限访问角色的数据");
}
if (clear) {
// 删除用户与角色关联
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
} }
// 新增用户与角色管理 // 新增用户与角色管理
List<SysUserRole> list = StreamUtils.toList(canDoRoleList, roleId -> { List<SysUserRole> list = StreamUtils.toList(canDoRoleList, roleId -> {
@ -488,8 +484,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId)); userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, userId));
// 防止更新失败导致的数据删除 // 防止更新失败导致的数据删除
int flag = baseMapper.deleteById(userId); int flag = baseMapper.deleteById(userId);
if (flag <= 0){ if (flag < 1) {
throw new ServiceException("删除用户发生异常"); throw new ServiceException("删除用户失败!");
} }
return flag; return flag;
} }
@ -504,7 +500,7 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
@Transactional(rollbackFor = Exception.class) @Transactional(rollbackFor = Exception.class)
public int deleteUserByIds(Long[] userIds) { public int deleteUserByIds(Long[] userIds) {
for (Long userId : userIds) { for (Long userId : userIds) {
checkUserAllowed(new SysUserBo(userId)); checkUserAllowed(userId);
checkUserDataScope(userId); checkUserDataScope(userId);
} }
List<Long> ids = List.of(userIds); List<Long> ids = List.of(userIds);
@ -514,8 +510,8 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().in(SysUserPost::getUserId, ids)); userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().in(SysUserPost::getUserId, ids));
// 防止更新失败导致的数据删除 // 防止更新失败导致的数据删除
int flag = baseMapper.deleteBatchIds(ids); int flag = baseMapper.deleteBatchIds(ids);
if (flag <= 0){ if (flag < 1) {
throw new ServiceException("删除用户发生异常"); throw new ServiceException("删除用户失败!");
} }
return flag; return flag;
} }

4
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysDeptMapper.xml
View File

@ -11,6 +11,10 @@
select * from sys_dept ${ew.getCustomSqlSegment} select * from sys_dept ${ew.getCustomSqlSegment}
</select> </select>
<select id="selectDeptById" resultMap="SysDeptResult">
select * from sys_dept where del_flag = '0' and dept_id = #{deptId}
</select>
<select id="selectDeptListByRoleId" resultType="Long"> <select id="selectDeptListByRoleId" resultType="Long">
select d.dept_id select d.dept_id
from sys_dept d from sys_dept d

5
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysRoleMapper.xml
View File

@ -53,4 +53,9 @@
WHERE r.del_flag = '0' and u.user_name = #{userName} WHERE r.del_flag = '0' and u.user_name = #{userName}
</select> </select>
<select id="selectRoleById" resultMap="SysRoleResult">
<include refid="selectRoleVo"/>
WHERE r.del_flag = '0' and r.role_id = #{roleId}
</select>
</mapper> </mapper>