限制用户操作数据权限范围
This commit is contained in:
parent
e5f30b1a19
commit
f46b1bbebd
|
@ -124,6 +124,8 @@ public class SysUserController extends BaseController
|
|||
@PostMapping
|
||||
public AjaxResult add(@Validated @RequestBody SysUser user)
|
||||
{
|
||||
deptService.checkDeptDataScope(user.getDeptId());
|
||||
roleService.checkRoleDataScope(user.getRoleIds());
|
||||
if (!userService.checkUserNameUnique(user))
|
||||
{
|
||||
return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在");
|
||||
|
@ -151,6 +153,8 @@ public class SysUserController extends BaseController
|
|||
{
|
||||
userService.checkUserAllowed(user);
|
||||
userService.checkUserDataScope(user.getUserId());
|
||||
deptService.checkDeptDataScope(user.getDeptId());
|
||||
roleService.checkRoleDataScope(user.getRoleIds());
|
||||
if (!userService.checkUserNameUnique(user))
|
||||
{
|
||||
return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
|
||||
|
@ -235,6 +239,7 @@ public class SysUserController extends BaseController
|
|||
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
|
||||
{
|
||||
userService.checkUserDataScope(userId);
|
||||
roleService.checkRoleDataScope(roleIds);
|
||||
userService.insertUserAuth(userId, roleIds);
|
||||
return success();
|
||||
}
|
||||
|
|
|
@ -22,7 +22,7 @@ public class SysUser extends BaseEntity
|
|||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/** 用户ID */
|
||||
@Excel(name = "用户序号", cellType = ColumnType.NUMERIC, prompt = "用户编号")
|
||||
@Excel(name = "用户序号", type = Type.EXPORT, cellType = ColumnType.NUMERIC, prompt = "用户编号")
|
||||
private Long userId;
|
||||
|
||||
/** 部门ID */
|
||||
|
|
|
@ -85,9 +85,9 @@ public interface ISysRoleService
|
|||
/**
|
||||
* 校验角色是否有数据权限
|
||||
*
|
||||
* @param roleId 角色id
|
||||
* @param roleIds 角色id
|
||||
*/
|
||||
public void checkRoleDataScope(Long roleId);
|
||||
public void checkRoleDataScope(Long... roleIds);
|
||||
|
||||
/**
|
||||
* 通过角色ID查询角色使用数量
|
||||
|
|
|
@ -190,7 +190,7 @@ public class SysDeptServiceImpl implements ISysDeptService
|
|||
@Override
|
||||
public void checkDeptDataScope(Long deptId)
|
||||
{
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
|
||||
{
|
||||
SysDept dept = new SysDept();
|
||||
dept.setDeptId(deptId);
|
||||
|
|
|
@ -192,19 +192,22 @@ public class SysRoleServiceImpl implements ISysRoleService
|
|||
/**
|
||||
* 校验角色是否有数据权限
|
||||
*
|
||||
* @param roleId 角色id
|
||||
* @param roleIds 角色id
|
||||
*/
|
||||
@Override
|
||||
public void checkRoleDataScope(Long roleId)
|
||||
public void checkRoleDataScope(Long... roleIds)
|
||||
{
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||
{
|
||||
SysRole role = new SysRole();
|
||||
role.setRoleId(roleId);
|
||||
List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
|
||||
if (StringUtils.isEmpty(roles))
|
||||
for (Long roleId : roleIds)
|
||||
{
|
||||
throw new ServiceException("没有权限访问角色数据!");
|
||||
SysRole role = new SysRole();
|
||||
role.setRoleId(roleId);
|
||||
List<SysRole> roles = SpringUtils.getAopProxy(this).selectRoleList(role);
|
||||
if (StringUtils.isEmpty(roles))
|
||||
{
|
||||
throw new ServiceException("没有权限访问角色数据!");
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,6 +28,7 @@ import com.ruoyi.system.mapper.SysUserMapper;
|
|||
import com.ruoyi.system.mapper.SysUserPostMapper;
|
||||
import com.ruoyi.system.mapper.SysUserRoleMapper;
|
||||
import com.ruoyi.system.service.ISysConfigService;
|
||||
import com.ruoyi.system.service.ISysDeptService;
|
||||
import com.ruoyi.system.service.ISysUserService;
|
||||
|
||||
/**
|
||||
|
@ -58,6 +59,9 @@ public class SysUserServiceImpl implements ISysUserService
|
|||
@Autowired
|
||||
private ISysConfigService configService;
|
||||
|
||||
@Autowired
|
||||
private ISysDeptService deptService;
|
||||
|
||||
@Autowired
|
||||
protected Validator validator;
|
||||
|
||||
|
@ -489,7 +493,6 @@ public class SysUserServiceImpl implements ISysUserService
|
|||
int failureNum = 0;
|
||||
StringBuilder successMsg = new StringBuilder();
|
||||
StringBuilder failureMsg = new StringBuilder();
|
||||
String password = configService.selectConfigByKey("sys.user.initPassword");
|
||||
for (SysUser user : userList)
|
||||
{
|
||||
try
|
||||
|
@ -499,6 +502,8 @@ public class SysUserServiceImpl implements ISysUserService
|
|||
if (StringUtils.isNull(u))
|
||||
{
|
||||
BeanValidators.validateWithException(validator, user);
|
||||
deptService.checkDeptDataScope(user.getDeptId());
|
||||
String password = configService.selectConfigByKey("sys.user.initPassword");
|
||||
user.setPassword(SecurityUtils.encryptPassword(password));
|
||||
user.setCreateBy(operName);
|
||||
userMapper.insertUser(user);
|
||||
|
@ -510,6 +515,7 @@ public class SysUserServiceImpl implements ISysUserService
|
|||
BeanValidators.validateWithException(validator, user);
|
||||
checkUserAllowed(u);
|
||||
checkUserDataScope(u.getUserId());
|
||||
deptService.checkDeptDataScope(user.getDeptId());
|
||||
user.setUserId(u.getUserId());
|
||||
user.setUpdateBy(operName);
|
||||
userMapper.updateUser(user);
|
||||
|
|
Loading…
Reference in New Issue