From a8d9020ac0f27cbf71945e4c607a382d22908951 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Tue, 24 Aug 2021 15:59:13 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=97=B6=E6=A3=80=E6=9F=A5?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E8=8C=83?= =?UTF-8?q?=E5=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../system/controller/SysDeptController.java | 1 + .../system/controller/SysRoleController.java | 1 + .../system/controller/SysUserController.java | 1 + .../system/service/ISysDeptService.java | 7 ++++++ .../system/service/ISysRoleService.java | 7 ++++++ .../system/service/ISysUserService.java | 7 ++++++ .../service/impl/SysDeptServiceImpl.java | 23 +++++++++++++++++++ .../service/impl/SysRoleServiceImpl.java | 22 ++++++++++++++++++ .../service/impl/SysUserServiceImpl.java | 21 +++++++++++++++++ .../mybatis/system/SysDeptMapper.xml | 3 +++ .../mybatis/system/SysRoleMapper.xml | 3 +++ .../mybatis/system/SysUserMapper.xml | 3 +++ 12 files changed, 99 insertions(+) diff --git a/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java b/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java index 7b2668d..0f4b0a6 100644 --- a/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java +++ b/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java @@ -74,6 +74,7 @@ public class SysDeptController extends BaseController @GetMapping(value = "/{deptId}") public AjaxResult getInfo(@PathVariable Long deptId) { + deptService.checkDeptDataScope(deptId); return AjaxResult.success(deptService.selectDeptById(deptId)); } diff --git a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java index 6631532..49ae1bc 100644 --- a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java +++ b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java @@ -76,6 +76,7 @@ public class SysRoleController extends BaseController @GetMapping(value = "/{roleId}") public AjaxResult getInfo(@PathVariable Long roleId) { + roleService.checkRoleDataScope(roleId); return AjaxResult.success(roleService.selectRoleById(roleId)); } diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java index cb4ed90..1afff5a 100644 --- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java +++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java @@ -96,6 +96,7 @@ public class SysUserController extends BaseController @GetMapping(value = { "/", "/{userId}" }) public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId) { + userService.checkUserDataScope(userId); AjaxResult ajax = AjaxResult.success(); List roles = roleService.selectRoleAll(); ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList())); diff --git a/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java b/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java index 5f59b8a..075d3cd 100644 --- a/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java +++ b/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java @@ -83,6 +83,13 @@ public interface ISysDeptService */ public String checkDeptNameUnique(SysDept dept); + /** + * 校验部门是否有数据权限 + * + * @param deptId 部门id + */ + public void checkDeptDataScope(Long deptId); + /** * 新增保存部门信息 * diff --git a/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java b/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java index d33a4fb..05182ff 100644 --- a/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java +++ b/src/main/java/com/ruoyi/project/system/service/ISysRoleService.java @@ -82,6 +82,13 @@ public interface ISysRoleService */ public void checkRoleAllowed(SysRole role); + /** + * 校验角色是否有数据权限 + * + * @param roleId 角色id + */ + public void checkRoleDataScope(Long roleId); + /** * 通过角色ID查询角色使用数量 * diff --git a/src/main/java/com/ruoyi/project/system/service/ISysUserService.java b/src/main/java/com/ruoyi/project/system/service/ISysUserService.java index 4206286..43be9a6 100644 --- a/src/main/java/com/ruoyi/project/system/service/ISysUserService.java +++ b/src/main/java/com/ruoyi/project/system/service/ISysUserService.java @@ -97,6 +97,13 @@ public interface ISysUserService */ public void checkUserAllowed(SysUser user); + /** + * 校验用户是否有数据权限 + * + * @param userId 用户id + */ + public void checkUserDataScope(Long userId); + /** * 新增用户信息 * diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java index aae3800..0cc2c3f 100644 --- a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java +++ b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java @@ -9,11 +9,14 @@ import org.springframework.stereotype.Service; import com.ruoyi.common.constant.UserConstants; import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.exception.ServiceException; +import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; +import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.framework.aspectj.lang.annotation.DataScope; import com.ruoyi.framework.web.domain.TreeSelect; import com.ruoyi.project.system.domain.SysDept; import com.ruoyi.project.system.domain.SysRole; +import com.ruoyi.project.system.domain.SysUser; import com.ruoyi.project.system.mapper.SysDeptMapper; import com.ruoyi.project.system.mapper.SysRoleMapper; import com.ruoyi.project.system.service.ISysDeptService; @@ -171,6 +174,26 @@ public class SysDeptServiceImpl implements ISysDeptService return UserConstants.UNIQUE; } + /** + * 校验部门是否有数据权限 + * + * @param deptId 部门id + */ + @Override + public void checkDeptDataScope(Long deptId) + { + if (!SysUser.isAdmin(SecurityUtils.getUserId())) + { + SysDept dept = new SysDept(); + dept.setDeptId(deptId); + List depts = SpringUtils.getAopProxy(this).selectDeptList(dept); + if (StringUtils.isEmpty(depts)) + { + throw new ServiceException("没有权限访问部门数据!"); + } + } + } + /** * 新增保存部门信息 * diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java index faa92ad..54cd6a0 100644 --- a/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java +++ b/src/main/java/com/ruoyi/project/system/service/impl/SysRoleServiceImpl.java @@ -10,12 +10,14 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import com.ruoyi.common.constant.UserConstants; import com.ruoyi.common.exception.ServiceException; +import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.framework.aspectj.lang.annotation.DataScope; import com.ruoyi.project.system.domain.SysRole; import com.ruoyi.project.system.domain.SysRoleDept; import com.ruoyi.project.system.domain.SysRoleMenu; +import com.ruoyi.project.system.domain.SysUser; import com.ruoyi.project.system.domain.SysUserRole; import com.ruoyi.project.system.mapper.SysRoleDeptMapper; import com.ruoyi.project.system.mapper.SysRoleMapper; @@ -187,6 +189,26 @@ public class SysRoleServiceImpl implements ISysRoleService } } + /** + * 校验角色是否有数据权限 + * + * @param roleId 角色id + */ + @Override + public void checkRoleDataScope(Long roleId) + { + if (!SysUser.isAdmin(SecurityUtils.getUserId())) + { + SysRole role = new SysRole(); + role.setRoleId(roleId); + List roles = SpringUtils.getAopProxy(this).selectRoleList(role); + if (StringUtils.isEmpty(roles)) + { + throw new ServiceException("没有权限访问角色数据!"); + } + } + } + /** * 通过角色ID查询角色使用数量 * diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java index 9f6583d..8a7c3e2 100644 --- a/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java +++ b/src/main/java/com/ruoyi/project/system/service/impl/SysUserServiceImpl.java @@ -11,6 +11,7 @@ import com.ruoyi.common.constant.UserConstants; import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; +import com.ruoyi.common.utils.spring.SpringUtils; import com.ruoyi.framework.aspectj.lang.annotation.DataScope; import com.ruoyi.project.system.domain.SysPost; import com.ruoyi.project.system.domain.SysRole; @@ -227,6 +228,26 @@ public class SysUserServiceImpl implements ISysUserService } } + /** + * 校验用户是否有数据权限 + * + * @param userId 用户id + */ + @Override + public void checkUserDataScope(Long userId) + { + if (!SysUser.isAdmin(SecurityUtils.getUserId())) + { + SysUser user = new SysUser(); + user.setUserId(userId); + List users = SpringUtils.getAopProxy(this).selectUserList(user); + if (StringUtils.isEmpty(users)) + { + throw new ServiceException("没有权限访问用户数据!"); + } + } + } + /** * 新增保存用户信息 * diff --git a/src/main/resources/mybatis/system/SysDeptMapper.xml b/src/main/resources/mybatis/system/SysDeptMapper.xml index 508e977..683b97a 100644 --- a/src/main/resources/mybatis/system/SysDeptMapper.xml +++ b/src/main/resources/mybatis/system/SysDeptMapper.xml @@ -30,6 +30,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" where r.del_flag = '0' + + AND r.role_id = #{roleId} + AND r.role_name like concat(concat('%',#{roleName}),'%') diff --git a/src/main/resources/mybatis/system/SysUserMapper.xml b/src/main/resources/mybatis/system/SysUserMapper.xml index 4789cea..ab67635 100644 --- a/src/main/resources/mybatis/system/SysUserMapper.xml +++ b/src/main/resources/mybatis/system/SysUserMapper.xml @@ -59,6 +59,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" select u.user_id, u.dept_id, u.nick_name, u.user_name, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, d.dept_name, d.leader from sys_user u left join sys_dept d on u.dept_id = d.dept_id where u.del_flag = '0' + + AND u.user_id = #{userId} + AND u.user_name like concat(concat('%',#{userName}),'%')