update 优化数据权限
This commit is contained in:
AprilWind
parent
0ddba506bf
commit
d4a8c25eab
@ -34,10 +34,10 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 分页查询岗位列表
|
* 查询岗位列表
|
||||||
*
|
*
|
||||||
* @param queryWrapper 查询条件
|
* @param queryWrapper 查询条件
|
||||||
* @return 包含岗位信息的分页结果
|
* @return 岗位信息列表
|
||||||
*/
|
*/
|
||||||
@DataPermission({
|
@DataPermission({
|
||||||
@DataColumn(key = "deptName", value = "dept_id"),
|
@DataColumn(key = "deptName", value = "dept_id"),
|
||||||
@ -47,6 +47,20 @@ public interface SysPostMapper extends BaseMapperPlus<SysPost, SysPostVo> {
|
|||||||
return this.selectVoList(queryWrapper);
|
return this.selectVoList(queryWrapper);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 根据岗位ID集合查询岗位数量
|
||||||
|
*
|
||||||
|
* @param postIds 岗位ID列表
|
||||||
|
* @return 匹配的岗位数量
|
||||||
|
*/
|
||||||
|
@DataPermission({
|
||||||
|
@DataColumn(key = "deptName", value = "dept_id"),
|
||||||
|
@DataColumn(key = "userName", value = "create_by")
|
||||||
|
})
|
||||||
|
default long selectPostCount(List<Long> postIds) {
|
||||||
|
return this.selectCount(new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 根据用户ID查询其关联的岗位列表
|
* 根据用户ID查询其关联的岗位列表
|
||||||
*
|
*
|
||||||
|
|||||||
@ -48,7 +48,7 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 根据条件分页查询角色数据
|
* 根据条件查询角色数据
|
||||||
*
|
*
|
||||||
* @param queryWrapper 查询条件
|
* @param queryWrapper 查询条件
|
||||||
* @return 角色数据集合信息
|
* @return 角色数据集合信息
|
||||||
@ -61,6 +61,20 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
|
|||||||
return this.selectVoList(queryWrapper);
|
return this.selectVoList(queryWrapper);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 根据角色ID集合查询角色数量
|
||||||
|
*
|
||||||
|
* @param roleIds 角色ID列表
|
||||||
|
* @return 匹配的角色数量
|
||||||
|
*/
|
||||||
|
@DataPermission({
|
||||||
|
@DataColumn(key = "deptName", value = "create_dept"),
|
||||||
|
@DataColumn(key = "userName", value = "create_by")
|
||||||
|
})
|
||||||
|
default long selectRoleCount(List<Long> roleIds) {
|
||||||
|
return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 根据角色ID查询角色信息
|
* 根据角色ID查询角色信息
|
||||||
*
|
*
|
||||||
|
|||||||
@ -441,6 +441,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public int deleteAuthUser(SysUserRole userRole) {
|
public int deleteAuthUser(SysUserRole userRole) {
|
||||||
|
if (LoginHelper.getUserId().equals(userRole.getUserId())) {
|
||||||
|
throw new ServiceException("不允许修改当前用户角色!");
|
||||||
|
}
|
||||||
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
||||||
.eq(SysUserRole::getRoleId, userRole.getRoleId())
|
.eq(SysUserRole::getRoleId, userRole.getRoleId())
|
||||||
.eq(SysUserRole::getUserId, userRole.getUserId()));
|
.eq(SysUserRole::getUserId, userRole.getUserId()));
|
||||||
@ -460,6 +463,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
|
|||||||
@Override
|
@Override
|
||||||
public int deleteAuthUsers(Long roleId, Long[] userIds) {
|
public int deleteAuthUsers(Long roleId, Long[] userIds) {
|
||||||
List<Long> ids = List.of(userIds);
|
List<Long> ids = List.of(userIds);
|
||||||
|
if (ids.contains(LoginHelper.getUserId())) {
|
||||||
|
throw new ServiceException("不允许修改当前用户角色!");
|
||||||
|
}
|
||||||
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
int rows = userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
|
||||||
.eq(SysUserRole::getRoleId, roleId)
|
.eq(SysUserRole::getRoleId, roleId)
|
||||||
.in(SysUserRole::getUserId, ids));
|
.in(SysUserRole::getUserId, ids));
|
||||||
@ -481,6 +487,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
|
|||||||
// 新增用户与角色管理
|
// 新增用户与角色管理
|
||||||
int rows = 1;
|
int rows = 1;
|
||||||
List<Long> ids = List.of(userIds);
|
List<Long> ids = List.of(userIds);
|
||||||
|
if (ids.contains(LoginHelper.getUserId())) {
|
||||||
|
throw new ServiceException("不允许修改当前用户角色!");
|
||||||
|
}
|
||||||
List<SysUserRole> list = StreamUtils.toList(ids, userId -> {
|
List<SysUserRole> list = StreamUtils.toList(ids, userId -> {
|
||||||
SysUserRole ur = new SysUserRole();
|
SysUserRole ur = new SysUserRole();
|
||||||
ur.setUserId(userId);
|
ur.setUserId(userId);
|
||||||
|
|||||||
@ -22,7 +22,9 @@ import org.dromara.common.core.utils.*;
|
|||||||
import org.dromara.common.mybatis.core.page.PageQuery;
|
import org.dromara.common.mybatis.core.page.PageQuery;
|
||||||
import org.dromara.common.mybatis.core.page.TableDataInfo;
|
import org.dromara.common.mybatis.core.page.TableDataInfo;
|
||||||
import org.dromara.common.satoken.utils.LoginHelper;
|
import org.dromara.common.satoken.utils.LoginHelper;
|
||||||
import org.dromara.system.domain.*;
|
import org.dromara.system.domain.SysUser;
|
||||||
|
import org.dromara.system.domain.SysUserPost;
|
||||||
|
import org.dromara.system.domain.SysUserRole;
|
||||||
import org.dromara.system.domain.bo.SysUserBo;
|
import org.dromara.system.domain.bo.SysUserBo;
|
||||||
import org.dromara.system.domain.vo.SysPostVo;
|
import org.dromara.system.domain.vo.SysPostVo;
|
||||||
import org.dromara.system.domain.vo.SysRoleVo;
|
import org.dromara.system.domain.vo.SysRoleVo;
|
||||||
@ -454,23 +456,25 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
List<Long> postIds = Arrays.asList(postIdArr);
|
List<Long> postIds = Arrays.asList(postIdArr);
|
||||||
// 判断是否具有此角色的操作权限
|
|
||||||
List<SysPostVo> posts = postMapper.selectPostList(
|
// 校验是否有权限操作这些岗位(含数据权限控制)
|
||||||
new LambdaQueryWrapper<SysPost>().in(SysPost::getPostId, postIds));
|
if (postMapper.selectPostCount(postIds) != postIds.size()) {
|
||||||
if (CollUtil.isEmpty(posts) || posts.size() != postIds.size()) {
|
|
||||||
throw new ServiceException("没有权限访问岗位的数据");
|
throw new ServiceException("没有权限访问岗位的数据");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 是否清除旧的用户岗位绑定
|
||||||
if (clear) {
|
if (clear) {
|
||||||
// 删除用户与岗位关联
|
|
||||||
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
|
userPostMapper.delete(new LambdaQueryWrapper<SysUserPost>().eq(SysUserPost::getUserId, user.getUserId()));
|
||||||
}
|
}
|
||||||
// 新增用户与岗位管理
|
|
||||||
List<SysUserPost> list = StreamUtils.toList(postIds, postId -> {
|
// 构建用户岗位关联列表并批量插入
|
||||||
SysUserPost up = new SysUserPost();
|
List<SysUserPost> list = StreamUtils.toList(postIds,
|
||||||
up.setUserId(user.getUserId());
|
postId -> {
|
||||||
up.setPostId(postId);
|
SysUserPost up = new SysUserPost();
|
||||||
return up;
|
up.setUserId(user.getUserId());
|
||||||
});
|
up.setPostId(postId);
|
||||||
|
return up;
|
||||||
|
});
|
||||||
userPostMapper.insertBatch(list);
|
userPostMapper.insertBatch(list);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -482,30 +486,36 @@ public class SysUserServiceImpl implements ISysUserService, UserService {
|
|||||||
* @param clear 清除已存在的关联数据
|
* @param clear 清除已存在的关联数据
|
||||||
*/
|
*/
|
||||||
private void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
|
private void insertUserRole(Long userId, Long[] roleIds, boolean clear) {
|
||||||
if (ArrayUtil.isNotEmpty(roleIds)) {
|
if (ArrayUtil.isEmpty(roleIds)) {
|
||||||
List<Long> roleList = new ArrayList<>(List.of(roleIds));
|
return;
|
||||||
if (!LoginHelper.isSuperAdmin(userId)) {
|
}
|
||||||
roleList.remove(SystemConstants.SUPER_ADMIN_ID);
|
|
||||||
}
|
List<Long> roleList = new ArrayList<>(Arrays.asList(roleIds));
|
||||||
// 判断是否具有此角色的操作权限
|
|
||||||
List<SysRoleVo> roles = roleMapper.selectRoleList(
|
// 非超级管理员,禁止包含超级管理员角色
|
||||||
new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleList));
|
if (!LoginHelper.isSuperAdmin(userId)) {
|
||||||
if (CollUtil.isEmpty(roles) || roles.size() != roleList.size()) {
|
roleList.remove(SystemConstants.SUPER_ADMIN_ID);
|
||||||
throw new ServiceException("没有权限访问角色的数据");
|
}
|
||||||
}
|
|
||||||
if (clear) {
|
// 校验是否有权限访问这些角色(含数据权限控制)
|
||||||
// 删除用户与角色关联
|
if (roleMapper.selectRoleCount(roleList) != roleList.size()) {
|
||||||
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
|
throw new ServiceException("没有权限访问角色的数据");
|
||||||
}
|
}
|
||||||
// 新增用户与角色管理
|
|
||||||
List<SysUserRole> list = StreamUtils.toList(roleList, roleId -> {
|
// 是否清除原有绑定
|
||||||
|
if (clear) {
|
||||||
|
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, userId));
|
||||||
|
}
|
||||||
|
|
||||||
|
// 批量插入用户-角色关联
|
||||||
|
List<SysUserRole> list = StreamUtils.toList(roleList,
|
||||||
|
roleId -> {
|
||||||
SysUserRole ur = new SysUserRole();
|
SysUserRole ur = new SysUserRole();
|
||||||
ur.setUserId(userId);
|
ur.setUserId(userId);
|
||||||
ur.setRoleId(roleId);
|
ur.setRoleId(roleId);
|
||||||
return ur;
|
return ur;
|
||||||
});
|
});
|
||||||
userRoleMapper.insertBatch(list);
|
userRoleMapper.insertBatch(list);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user