diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java index 6e4bc3815..c1c64ece2 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java @@ -106,8 +106,9 @@ public class DataScopeAspect continue; } if (DATA_SCOPE_ALL.equals(dataScope)) - { + { sqlString = new StringBuilder(); + conditions.add(dataScope); break; } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) @@ -141,6 +142,12 @@ public class DataScopeAspect conditions.add(dataScope); } + // 多角色情况下,所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,所以要限制一下,不查询任何数据 + if (StringUtils.isEmpty(conditions)) + { + sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias)); + } + if (StringUtils.isNotBlank(sqlString.toString())) { Object params = joinPoint.getArgs()[0];