update 优化数据权限

This commit is contained in:
AprilWind 2025-07-04 16:53:18 +08:00
parent 0ddba506bf
commit d4a8c25eab
4 changed files with 82 additions and 35 deletions

View File

@ -34,10 +34,10 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
}
/**
* 分页查询岗位列表
* 查询岗位列表
*
* @param queryWrapper 查询条件
* @return 包含岗位信息的分页结果
* @return 岗位信息列表
*/
@DataPermission({
@DataColumn(key = "deptName", value = "dept_id"),
@ -47,6 +47,20 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
return this.selectVoList(queryWrapper);
}
/**
* 根据岗位ID集合查询岗位数量
*
* @param postIds 岗位ID列表
* @return 匹配的岗位数量
*/
@DataPermission({
@DataColumn(key = "deptName", value = "dept_id"),
@DataColumn(key = "userName", value = "create_by")
})
default long selectPostCount(List<Long> postIds) {
return this.selectCount(new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
}
/**
* 根据用户ID查询其关联的岗位列表
*

View File

@ -48,7 +48,7 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
}
/**
* 根据条件分页查询角色数据
* 根据条件查询角色数据
*
* @param queryWrapper 查询条件
* @return 角色数据集合信息
@ -61,6 +61,20 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
return this.selectVoList(queryWrapper);
}
/**
* 根据角色ID集合查询角色数量
*
* @param roleIds 角色ID列表
* @return 匹配的角色数量
*/
@DataPermission({
@DataColumn(key = "deptName", value = "create_dept"),
@DataColumn(key = "userName", value = "create_by")
})
default long selectRoleCount(List<Long> roleIds) {
return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
}
/**
* 根据角色ID查询角色信息
*

View File

@ -441,6 +441,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
*/
@Override
public int deleteAuthUser(SysUserRole userRole) {
if (LoginHelper.getUserId().equals(userRole.getUserId())) {
throw new ServiceException("不允许修改当前用户角色!");
}
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
.eq(SysUserRole::getRoleId, userRole.getRoleId())
.eq(SysUserRole::getUserId, userRole.getUserId()));
@ -460,6 +463,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
@Override
public int deleteAuthUsers(Long roleId, Long[] userIds) {
List<Long> ids = List.of(userIds);
if (ids.contains(LoginHelper.getUserId())) {
throw new ServiceException("不允许修改当前用户角色!");
}
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
.eq(SysUserRole::getRoleId, roleId)
.in(SysUserRole::getUserId, ids));
@ -481,6 +487,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
// 新增用户与角色管理
int rows = 1;
List<Long> ids = List.of(userIds);
if (ids.contains(LoginHelper.getUserId())) {
throw new ServiceException("不允许修改当前用户角色!");
}
List<SysUserRole> list = StreamUtils.toList(ids, userId -> {
SysUserRole ur = new SysUserRole();
ur.setUserId(userId);

View File

@ -22,7 +22,9 @@ import org.dromara.common.core.utils.*;
import org.dromara.common.mybatis.core.page.PageQuery;
import org.dromara.common.mybatis.core.page.TableDataInfo;
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.system.domain.*;
import org.dromara.system.domain.SysUser;
import org.dromara.system.domain.SysUserPost;
import org.dromara.system.domain.SysUserRole;
import org.dromara.system.domain.bo.SysUserBo;
import org.dromara.system.domain.vo.SysPostVo;
import org.dromara.system.domain.vo.SysRoleVo;
@ -454,23 +456,25 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
return;
}
List<Long> postIds = Arrays.asList(postIdArr);
// 判断是否具有此角色的操作权限
List<SysPostVo> posts = postMapper.selectPostList(
new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
if (CollUtil.isEmpty(posts) || posts.size() != postIds.size()) {
// 校验是否有权限操作这些岗位含数据权限控制
if (postMapper.selectPostCount(postIds) != postIds.size()) {
throw new ServiceException("没有权限访问岗位的数据");
}
// 是否清除旧的用户岗位绑定
if (clear) {
// 删除用户与岗位关联
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
}
// 新增用户与岗位管理
List<SysUserPost> list = StreamUtils.toList(postIds, postId -> {
SysUserPost up = new SysUserPost();
up.setUserId(user.getUserId());
up.setPostId(postId);
return up;
});
// 构建用户岗位关联列表并批量插入
List<SysUserPost> list = StreamUtils.toList(postIds,
postId -> {
SysUserPost up = new SysUserPost();
up.setUserId(user.getUserId());
up.setPostId(postId);
return up;
});
userPostMapper.insertBatch(list);
}
@ -482,30 +486,36 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
* @param clear 清除已存在的关联数据
*/
private void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
if (ArrayUtil.isNotEmpty(roleIds)) {
List<Long> roleList = new ArrayList<>(List.of(roleIds));
if (!LoginHelper.isSuperAdmin(userId)) {
roleList.remove(SystemConstants.SUPER_ADMIN_ID);
}
// 判断是否具有此角色的操作权限
List<SysRoleVo> roles = roleMapper.selectRoleList(
new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleList));
if (CollUtil.isEmpty(roles) || roles.size() != roleList.size()) {
throw new ServiceException("没有权限访问角色的数据");
}
if (clear) {
// 删除用户与角色关联
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
}
// 新增用户与角色管理
List<SysUserRole> list = StreamUtils.toList(roleList, roleId -> {
if (ArrayUtil.isEmpty(roleIds)) {
return;
}
List<Long> roleList = new ArrayList<>(Arrays.asList(roleIds));
// 非超级管理员禁止包含超级管理员角色
if (!LoginHelper.isSuperAdmin(userId)) {
roleList.remove(SystemConstants.SUPER_ADMIN_ID);
}
// 校验是否有权限访问这些角色含数据权限控制
if (roleMapper.selectRoleCount(roleList) != roleList.size()) {
throw new ServiceException("没有权限访问角色的数据");
}
// 是否清除原有绑定
if (clear) {
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
}
// 批量插入用户-角色关联
List<SysUserRole> list = StreamUtils.toList(roleList,
roleId -> {
SysUserRole ur = new SysUserRole();
ur.setUserId(userId);
ur.setRoleId(roleId);
return ur;
});
userRoleMapper.insertBatch(list);
}
userRoleMapper.insertBatch(list);
}
/**