update 优化校验角色是否有数据权限

This commit is contained in:
AprilWind 2025-07-04 18:52:29 +08:00
parent f3c4c02d73
commit a7cddc8d40
2 changed files with 20 additions and 7 deletions

View File

@ -1,13 +1,16 @@
package org.dromara.system.mapper;
import cn.hutool.core.collection.CollUtil;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Constants;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import org.apache.ibatis.annotations.Param;
import org.dromara.common.core.exception.ServiceException;
import org.dromara.common.mybatis.annotation.DataColumn;
import org.dromara.common.mybatis.annotation.DataPermission;
import org.dromara.common.mybatis.core.mapper.BaseMapperPlus;
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.system.domain.SysRole;
import org.dromara.system.domain.vo.SysRoleVo;
@ -75,6 +78,21 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
}
/**
* 校验角色是否有数据权限
*
* @param roleIds 角色ID列表支持传单个ID
*/
default void checkRoleDataScope(List<Long> roleIds) {
if (CollUtil.isEmpty(roleIds) || LoginHelper.isSuperAdmin()) {
return;
}
long count = this.selectRoleCount(roleIds);
if (count != roleIds.size()) {
throw new ServiceException("没有权限访问部分角色数据!");
}
}
/**
* 根据角色ID查询角色信息
*

View File

@ -254,12 +254,7 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
if (ObjectUtil.isNull(roleId)) {
return;
}
if (LoginHelper.isSuperAdmin()) {
return;
}
if (baseMapper.selectRoleCount(Collections.singletonList(roleId)) == 0) {
throw new ServiceException("没有权限访问角色数据!");
}
baseMapper.checkRoleDataScope(Collections.singletonList(roleId));
}
/**
@ -417,9 +412,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
@Transactional(rollbackFor = Exception.class)
public int deleteRoleByIds(List<Long> roleIds) {
List<SysRole> roles = baseMapper.selectByIds(roleIds);
baseMapper.checkRoleDataScope(roleIds);
for (SysRole role : roles) {
checkRoleAllowed(BeanUtil.toBean(role, SysRoleBo.class));
checkRoleDataScope(role.getRoleId());
if (countUserRoleByRoleId(role.getRoleId()) > 0) {
throw new ServiceException(String.format("%1$s已分配不能删除!", role.getRoleName()));
}