update 优化数据权限

6 months ago · d4a8c25eab
parent 0ddba506bf
commit d4a8c25eab
4 changed files with 82 additions and 35 deletions
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysPostMapper.java
@ -34,10 +34,10 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
    }
    /**
-     * 分页查询岗位列表
+     * 查询岗位列表
     *
     * @param queryWrapper 查询条件
-     * @return 包含岗位信息的分页结果
+     * @return 岗位信息列表
     */
    @DataPermission({
        @DataColumn(key = "deptName", value = "dept_id"),
@ -47,6 +47,20 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
        return this.selectVoList(queryWrapper);
    }
    /**
     * 根据岗位ID集合查询岗位数量
     *
     * @param postIds 岗位ID列表
     * @return 匹配的岗位数量
     */
    @DataPermission({
        @DataColumn(key = "deptName", value = "dept_id"),
        @DataColumn(key = "userName", value = "create_by")
    })
    default long selectPostCount(List<Long> postIds) {
        return this.selectCount(new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
    }
    /**
     * 根据用户ID查询其关联的岗位列表
     *
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysRoleMapper.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysRoleMapper.java
@ -48,7 +48,7 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
    }
    /**
-     * 根据条件分页查询角色数据
+     * 根据条件查询角色数据
     *
     * @param queryWrapper 查询条件
     * @return 角色数据集合信息
@ -61,6 +61,20 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
        return this.selectVoList(queryWrapper);
    }
    /**
     * 根据角色ID集合查询角色数量
     *
     * @param roleIds 角色ID列表
     * @return 匹配的角色数量
     */
    @DataPermission({
        @DataColumn(key = "deptName", value = "create_dept"),
        @DataColumn(key = "userName", value = "create_by")
    })
    default long selectRoleCount(List<Long> roleIds) {
        return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
    }
    /**
     * 根据角色ID查询角色信息
     *
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java
@ -441,6 +441,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
     */
    @Override
    public int deleteAuthUser(SysUserRole userRole) {
        if (LoginHelper.getUserId().equals(userRole.getUserId())) {
            throw new ServiceException("不允许修改当前用户角色!");
        }
        int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
            .eq(SysUserRole::getRoleId, userRole.getRoleId())
            .eq(SysUserRole::getUserId, userRole.getUserId()));
@ -460,6 +463,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
    @Override
    public int deleteAuthUsers(Long roleId, Long[] userIds) {
        List<Long> ids = List.of(userIds);
        if (ids.contains(LoginHelper.getUserId())) {
            throw new ServiceException("不允许修改当前用户角色!");
        }
        int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
            .eq(SysUserRole::getRoleId, roleId)
            .in(SysUserRole::getUserId, ids));
@ -481,6 +487,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
        // 新增用户与角色管理
        int rows = 1;
        List<Long> ids = List.of(userIds);
        if (ids.contains(LoginHelper.getUserId())) {
            throw new ServiceException("不允许修改当前用户角色!");
        }
        List<SysUserRole> list = StreamUtils.toList(ids, userId -> {
            SysUserRole ur = new SysUserRole();
            ur.setUserId(userId);
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysUserServiceImpl.java
@ -22,7 +22,9 @@ import org.dromara.common.core.utils.*;
 import org.dromara.common.mybatis.core.page.PageQuery;
 import org.dromara.common.mybatis.core.page.TableDataInfo;
 import org.dromara.common.satoken.utils.LoginHelper;
-import org.dromara.system.domain.*;
+import org.dromara.system.domain.SysUser;
 import org.dromara.system.domain.SysUserPost;
 import org.dromara.system.domain.SysUserRole;
 import org.dromara.system.domain.bo.SysUserBo;
 import org.dromara.system.domain.vo.SysPostVo;
 import org.dromara.system.domain.vo.SysRoleVo;
@ -454,23 +456,25 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
            return;
        }
        List<Long> postIds = Arrays.asList(postIdArr);
-        // 判断是否具有此角色的操作权限
+
-        List<SysPostVo> posts = postMapper.selectPostList(
+        // 校验是否有权限操作这些岗位（含数据权限控制）
-            new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
+        if (postMapper.selectPostCount(postIds) != postIds.size()) {
        if (CollUtil.isEmpty(posts) || posts.size() != postIds.size()) {
            throw new ServiceException("没有权限访问岗位的数据");
        }
        // 是否清除旧的用户岗位绑定
        if (clear) {
            // 删除用户与岗位关联
            userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
        }
-        // 新增用户与岗位管理
+
-        List<SysUserPost> list = StreamUtils.toList(postIds, postId -> {
+        // 构建用户岗位关联列表并批量插入
-            SysUserPost up = new SysUserPost();
+        List<SysUserPost> list = StreamUtils.toList(postIds,
-            up.setUserId(user.getUserId());
+            postId -> {
-            up.setPostId(postId);
+                SysUserPost up = new SysUserPost();
-            return up;
+                up.setUserId(user.getUserId());
-        });
+                up.setPostId(postId);
                return up;
            });
        userPostMapper.insertBatch(list);
    }
@ -482,30 +486,36 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
     * @param clear   清除已存在的关联数据
     */
    private void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
-        if (ArrayUtil.isNotEmpty(roleIds)) {
+        if (ArrayUtil.isEmpty(roleIds)) {
-            List<Long> roleList = new ArrayList<>(List.of(roleIds));
+            return;
-            if (!LoginHelper.isSuperAdmin(userId)) {
+        }
-                roleList.remove(SystemConstants.SUPER_ADMIN_ID);
+
-            }
+        List<Long> roleList = new ArrayList<>(Arrays.asList(roleIds));
-            // 判断是否具有此角色的操作权限
+
-            List<SysRoleVo> roles = roleMapper.selectRoleList(
+        // 非超级管理员，禁止包含超级管理员角色
-                new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleList));
+        if (!LoginHelper.isSuperAdmin(userId)) {
-            if (CollUtil.isEmpty(roles) || roles.size() != roleList.size()) {
+            roleList.remove(SystemConstants.SUPER_ADMIN_ID);
-                throw new ServiceException("没有权限访问角色的数据");
+        }
-            }
+
-            if (clear) {
+        // 校验是否有权限访问这些角色（含数据权限控制）
-                // 删除用户与角色关联
+        if (roleMapper.selectRoleCount(roleList) != roleList.size()) {
-                userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
+            throw new ServiceException("没有权限访问角色的数据");
-            }
+        }
-            // 新增用户与角色管理
+
-            List<SysUserRole> list = StreamUtils.toList(roleList, roleId -> {
+        // 是否清除原有绑定
        if (clear) {
            userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
        }
        // 批量插入用户-角色关联
        List<SysUserRole> list = StreamUtils.toList(roleList,
            roleId -> {
                SysUserRole ur = new SysUserRole();
                ur.setUserId(userId);
                ur.setRoleId(roleId);
                return ur;
            });
-            userRoleMapper.insertBatch(list);
+        userRoleMapper.insertBatch(list);
        }
    }
    /**