update 优化数据权限
This commit is contained in:
AprilWind
parent
0ddba506bf
commit
d4a8c25eab
@ -34,10 +34,10 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
|
||||
}
|
||||
|
||||
/**
|
||||
* 分页查询岗位列表
|
||||
* 查询岗位列表
|
||||
*
|
||||
* @param queryWrapper 查询条件
|
||||
* @return 包含岗位信息的分页结果
|
||||
* @return 岗位信息列表
|
||||
*/
|
||||
@DataPermission({
|
||||
@DataColumn(key = "deptName", value = "dept_id"),
|
||||
@ -47,6 +47,20 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
|
||||
return this.selectVoList(queryWrapper);
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据岗位ID集合查询岗位数量
|
||||
*
|
||||
* @param postIds 岗位ID列表
|
||||
* @return 匹配的岗位数量
|
||||
*/
|
||||
@DataPermission({
|
||||
@DataColumn(key = "deptName", value = "dept_id"),
|
||||
@DataColumn(key = "userName", value = "create_by")
|
||||
})
|
||||
default long selectPostCount(List<Long> postIds) {
|
||||
return this.selectCount(new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据用户ID查询其关联的岗位列表
|
||||
*
|
||||
|
||||
@ -48,7 +48,7 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据条件分页查询角色数据
|
||||
* 根据条件查询角色数据
|
||||
*
|
||||
* @param queryWrapper 查询条件
|
||||
* @return 角色数据集合信息
|
||||
@ -61,6 +61,20 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
|
||||
return this.selectVoList(queryWrapper);
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据角色ID集合查询角色数量
|
||||
*
|
||||
* @param roleIds 角色ID列表
|
||||
* @return 匹配的角色数量
|
||||
*/
|
||||
@DataPermission({
|
||||
@DataColumn(key = "deptName", value = "create_dept"),
|
||||
@DataColumn(key = "userName", value = "create_by")
|
||||
})
|
||||
default long selectRoleCount(List<Long> roleIds) {
|
||||
return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据角色ID查询角色信息
|
||||
*
|
||||
|
||||
@ -441,6 +441,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
|
||||
*/
|
||||
@Override
|
||||
public int deleteAuthUser(SysUserRole userRole) {
|
||||
if (LoginHelper.getUserId().equals(userRole.getUserId())) {
|
||||
throw new ServiceException("不允许修改当前用户角色!");
|
||||
}
|
||||
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
||||
.eq(SysUserRole::getRoleId, userRole.getRoleId())
|
||||
.eq(SysUserRole::getUserId, userRole.getUserId()));
|
||||
@ -460,6 +463,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
|
||||
@Override
|
||||
public int deleteAuthUsers(Long roleId, Long[] userIds) {
|
||||
List<Long> ids = List.of(userIds);
|
||||
if (ids.contains(LoginHelper.getUserId())) {
|
||||
throw new ServiceException("不允许修改当前用户角色!");
|
||||
}
|
||||
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
||||
.eq(SysUserRole::getRoleId, roleId)
|
||||
.in(SysUserRole::getUserId, ids));
|
||||
@ -481,6 +487,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
|
||||
// 新增用户与角色管理
|
||||
int rows = 1;
|
||||
List<Long> ids = List.of(userIds);
|
||||
if (ids.contains(LoginHelper.getUserId())) {
|
||||
throw new ServiceException("不允许修改当前用户角色!");
|
||||
}
|
||||
List<SysUserRole> list = StreamUtils.toList(ids, userId -> {
|
||||
SysUserRole ur = new SysUserRole();
|
||||
ur.setUserId(userId);
|
||||
|
||||
@ -22,7 +22,9 @@ import org.dromara.common.core.utils.*;
|
||||
import org.dromara.common.mybatis.core.page.PageQuery;
|
||||
import org.dromara.common.mybatis.core.page.TableDataInfo;
|
||||
import org.dromara.common.satoken.utils.LoginHelper;
|
||||
import org.dromara.system.domain.*;
|
||||
import org.dromara.system.domain.SysUser;
|
||||
import org.dromara.system.domain.SysUserPost;
|
||||
import org.dromara.system.domain.SysUserRole;
|
||||
import org.dromara.system.domain.bo.SysUserBo;
|
||||
import org.dromara.system.domain.vo.SysPostVo;
|
||||
import org.dromara.system.domain.vo.SysRoleVo;
|
||||
@ -454,23 +456,25 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
return;
|
||||
}
|
||||
List<Long> postIds = Arrays.asList(postIdArr);
|
||||
// 判断是否具有此角色的操作权限
|
||||
List<SysPostVo> posts = postMapper.selectPostList(
|
||||
new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
|
||||
if (CollUtil.isEmpty(posts) || posts.size() != postIds.size()) {
|
||||
|
||||
// 校验是否有权限操作这些岗位(含数据权限控制)
|
||||
if (postMapper.selectPostCount(postIds) != postIds.size()) {
|
||||
throw new ServiceException("没有权限访问岗位的数据");
|
||||
}
|
||||
|
||||
// 是否清除旧的用户岗位绑定
|
||||
if (clear) {
|
||||
// 删除用户与岗位关联
|
||||
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
|
||||
}
|
||||
// 新增用户与岗位管理
|
||||
List<SysUserPost> list = StreamUtils.toList(postIds, postId -> {
|
||||
SysUserPost up = new SysUserPost();
|
||||
up.setUserId(user.getUserId());
|
||||
up.setPostId(postId);
|
||||
return up;
|
||||
});
|
||||
|
||||
// 构建用户岗位关联列表并批量插入
|
||||
List<SysUserPost> list = StreamUtils.toList(postIds,
|
||||
postId -> {
|
||||
SysUserPost up = new SysUserPost();
|
||||
up.setUserId(user.getUserId());
|
||||
up.setPostId(postId);
|
||||
return up;
|
||||
});
|
||||
userPostMapper.insertBatch(list);
|
||||
}
|
||||
|
||||
@ -482,30 +486,36 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
||||
* @param clear 清除已存在的关联数据
|
||||
*/
|
||||
private void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
|
||||
if (ArrayUtil.isNotEmpty(roleIds)) {
|
||||
List<Long> roleList = new ArrayList<>(List.of(roleIds));
|
||||
if (!LoginHelper.isSuperAdmin(userId)) {
|
||||
roleList.remove(SystemConstants.SUPER_ADMIN_ID);
|
||||
}
|
||||
// 判断是否具有此角色的操作权限
|
||||
List<SysRoleVo> roles = roleMapper.selectRoleList(
|
||||
new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleList));
|
||||
if (CollUtil.isEmpty(roles) || roles.size() != roleList.size()) {
|
||||
throw new ServiceException("没有权限访问角色的数据");
|
||||
}
|
||||
if (clear) {
|
||||
// 删除用户与角色关联
|
||||
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
|
||||
}
|
||||
// 新增用户与角色管理
|
||||
List<SysUserRole> list = StreamUtils.toList(roleList, roleId -> {
|
||||
if (ArrayUtil.isEmpty(roleIds)) {
|
||||
return;
|
||||
}
|
||||
|
||||
List<Long> roleList = new ArrayList<>(Arrays.asList(roleIds));
|
||||
|
||||
// 非超级管理员,禁止包含超级管理员角色
|
||||
if (!LoginHelper.isSuperAdmin(userId)) {
|
||||
roleList.remove(SystemConstants.SUPER_ADMIN_ID);
|
||||
}
|
||||
|
||||
// 校验是否有权限访问这些角色(含数据权限控制)
|
||||
if (roleMapper.selectRoleCount(roleList) != roleList.size()) {
|
||||
throw new ServiceException("没有权限访问角色的数据");
|
||||
}
|
||||
|
||||
// 是否清除原有绑定
|
||||
if (clear) {
|
||||
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
|
||||
}
|
||||
|
||||
// 批量插入用户-角色关联
|
||||
List<SysUserRole> list = StreamUtils.toList(roleList,
|
||||
roleId -> {
|
||||
SysUserRole ur = new SysUserRole();
|
||||
ur.setUserId(userId);
|
||||
ur.setRoleId(roleId);
|
||||
return ur;
|
||||
});
|
||||
userRoleMapper.insertBatch(list);
|
||||
}
|
||||
userRoleMapper.insertBatch(list);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user