update 优化增加岗位修改校验

6 months ago · 34bb51f5c0
parent 64c37aaec6
commit 34bb51f5c0
3 changed files with 25 additions and 9 deletions
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
@ -33,6 +33,20 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
        return this.selectVoPage(page, queryWrapper);
    }

+    /**
+     * 分页查询岗位列表
+     *
+     * @param queryWrapper 查询条件
+     * @return 包含岗位信息的分页结果
+     */
+    @DataPermission({
+        @DataColumn(key = "deptName", value = "dept_id"),
+        @DataColumn(key = "userName", value = "create_by")
+    })
+    default List<SysPostVo> selectPostList(Wrapper<SysPost> queryWrapper) {
+        return this.selectVoList(queryWrapper);
+    }
+
    /**
     * 查询用户所属岗位组
     *
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysUserRoleMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysUserRoleMapper.java
@ -21,8 +21,7 @@ public interface SysUserRoleMapper extends BaseMapperPlus<SysUserRole, SysUserRo
     */
    default List<Long> selectUserIdsByRoleId(Long roleId) {
        return this.selectObjs(new LambdaQueryWrapper<SysUserRole>()
-            .select(SysUserRole::getUserId).inSql(SysUserRole::getRoleId,
-                "select role_id from sys_role where role_id = " + roleId)
+            .select(SysUserRole::getUserId).eq(SysUserRole::getRoleId, roleId)
        );
    }

--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
@ -22,10 +22,7 @@ import org.dromara.common.core.utils.*;
 import org.dromara.common.mybatis.core.page.PageQuery;
 import org.dromara.common.mybatis.core.page.TableDataInfo;
 import org.dromara.common.satoken.utils.LoginHelper;
-import org.dromara.system.domain.SysRole;
-import org.dromara.system.domain.SysUser;
-import org.dromara.system.domain.SysUserPost;
-import org.dromara.system.domain.SysUserRole;
+import org.dromara.system.domain.*;
 import org.dromara.system.domain.bo.SysUserBo;
 import org.dromara.system.domain.vo.SysPostVo;
 import org.dromara.system.domain.vo.SysRoleVo;
@ -452,14 +449,20 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
     * @param clear 清除已存在的关联数据
     */
    private void insertUserPost(SysUserBo user, boolean clear) {
-        Long[] posts = user.getPostIds();
-        if (ArrayUtil.isNotEmpty(posts)) {
+        List<Long> postIds = List.of(user.getPostIds());
+        if (ArrayUtil.isNotEmpty(postIds)) {
+            // 判断是否具有此角色的操作权限
+            List<SysPostVo> posts = postMapper.selectPostList(
+                new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
+            if (CollUtil.isEmpty(posts) || posts.size() != postIds.size()) {
+                throw new ServiceException("没有权限访问岗位的数据");
+            }
            if (clear) {
                // 删除用户与岗位关联
                userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
            }
            // 新增用户与岗位管理
-            List<SysUserPost> list = StreamUtils.toList(List.of(posts), postId -> {
+            List<SysUserPost> list = StreamUtils.toList(postIds, postId -> {
                SysUserPost up = new SysUserPost();
                up.setUserId(user.getUserId());
                up.setPostId(postId);