code-image-backup-public/fastbee
1
0
Fork 0
mirror of https://gitee.com/beecue/fastbee.git synced 2026-02-04 08:05:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Revert "refactor(数据权限): 修复游客账号能查询管理员信息""

Browse Source 
This reverts commit 2440abfd9b.
This commit is contained in:
gx_ma
2026-02-03 15:15:34 +08:00
parent 2440abfd9b
commit 797aad19fa
6 changed files with 171 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysDeptController.java
View File

@@ -1,7 +1,11 @@
package com.fastbee.web.controller.system;
import java.util.List;
import java.util.stream.Collectors;
import com.fastbee.common.core.domain.model.LoginUser;
import com.fastbee.common.exception.ServiceException;
import com.fastbee.common.utils.SecurityUtils;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang3.ArrayUtils;
@@ -71,8 +75,20 @@ public class SysDeptController extends BaseController
@GetMapping(value = "/{deptId}")
public AjaxResult getInfo(@PathVariable Long deptId)
{
deptService.checkDeptDataScope(deptId);
return success(deptService.selectDeptById(deptId));
LoginUser loginUser = SecurityUtils.getLoginUser();
List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
.map(role -> role.getRoleKey())
.collect(Collectors.toList());
if (currentRoleKeys.contains("visitor")) {
return AjaxResult.error(403, "游客无权限访问部门信息!");
}
try {
deptService.checkDeptDataScope(deptId);
} catch (ServiceException e) {
return AjaxResult.error(403, e.getMessage());
}
SysDept dept = deptService.selectDeptById(deptId);
return AjaxResult.success(dept);
}
/**

68
springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysUserController.java
View File

@@ -6,8 +6,10 @@ import com.fastbee.common.core.domain.AjaxResult;
import com.fastbee.common.core.domain.entity.SysDept;
import com.fastbee.common.core.domain.entity.SysRole;
import com.fastbee.common.core.domain.entity.SysUser;
import com.fastbee.common.core.domain.model.LoginUser;
import com.fastbee.common.core.page.TableDataInfo;
import com.fastbee.common.enums.BusinessType;
import com.fastbee.common.exception.ServiceException;
import com.fastbee.common.utils.SecurityUtils;
import com.fastbee.common.utils.StringUtils;
import com.fastbee.common.utils.poi.ExcelUtil;
@@ -96,17 +98,53 @@ public class SysUserController extends BaseController
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
{
AjaxResult ajax = AjaxResult.success();
LoginUser loginUser = SecurityUtils.getLoginUser();
SysUser currentUser = loginUser.getUser();
Long currentUserId = currentUser.getUserId();
List<String> currentRoleKeys = currentUser.getRoles().stream()
.map(SysRole::getRoleKey)
.collect(Collectors.toList());
if (currentRoleKeys.contains("visitor")) {
return AjaxResult.error(403, "游客无权限访问用户信息!");
}
if (StringUtils.isNotNull(userId))
{
userService.checkUserDataScope(userId);
try {
userService.checkUserDataScope(userId);
} catch (ServiceException e) {
return AjaxResult.error(403, e.getMessage());
}
SysUser sysUser = userService.selectUserById(userId);
// 非超管过滤超管角色信息
if (!SysUser.isAdmin(currentUserId)) {
List<SysRole> filterRoles = sysUser.getRoles().stream()
.filter(r -> !r.isAdmin())
.collect(Collectors.toList());
sysUser.setRoles(filterRoles);
}
// 封装数据
ajax.put(AjaxResult.DATA_TAG, sysUser);
ajax.put("postIds", postService.selectPostListByUserId(userId));
ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList()));
List<Long> roleIds = sysUser.getRoles().stream()
.map(SysRole::getRoleId)
.collect(Collectors.toList());
ajax.put("roleIds", roleIds);
}
// 角色/岗位列表过滤
List<SysRole> roles = roleService.selectRoleAll();
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
ajax.put("posts", postService.selectPostAll());
ajax.put("roles", SysUser.isAdmin(currentUserId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
// ========== 8. 岗位列表仅用selectPostListByUserId适配现有方法 ==========
if (SysUser.isAdmin(currentUserId)) {
// 超管:返回所有岗位
ajax.put("posts", postService.selectPostAll());
} else {
// 非超管:仅返回当前登录用户自己的岗位
ajax.put("posts", postService.selectPostListByUserId(currentUserId));
}
return ajax;
}
@@ -217,10 +255,30 @@ public class SysUserController extends BaseController
public AjaxResult authRole(@PathVariable("userId") Long userId)
{
AjaxResult ajax = AjaxResult.success();
LoginUser loginUser = SecurityUtils.getLoginUser();
SysUser currentUser = loginUser.getUser();
Long currentUserId = currentUser.getUserId();
List<String> currentRoleKeys = currentUser.getRoles().stream()
.map(SysRole::getRoleKey)
.collect(Collectors.toList());
if (currentRoleKeys.contains("visitor")) {
return AjaxResult.error(403, "游客无权限访问用户授权角色信息!");
}
try {
userService.checkUserDataScope(userId);
} catch (ServiceException e) {
return AjaxResult.error(403, e.getMessage());
}
SysUser user = userService.selectUserById(userId);
List<SysRole> roles = roleService.selectRolesByUserId(userId);
List<SysRole> filterRoles = SysUser.isAdmin(currentUserId)
? roles // 超管返回所有授权角色
: roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()); // 非超管过滤超管角色
ajax.put("user", user);
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
ajax.put("roles", filterRoles);
return ajax;
}

30
springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysDeptServiceImpl.java
View File

@@ -16,6 +16,7 @@ import com.fastbee.system.mapper.SysRoleMapper;
import com.fastbee.system.service.ISysDeptService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import java.util.ArrayList;
import java.util.Iterator;
@@ -191,15 +192,26 @@ public class SysDeptServiceImpl implements ISysDeptService
@Override
public void checkDeptDataScope(Long deptId)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
{
SysDept dept = new SysDept();
dept.setDeptId(deptId);
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
if (StringUtils.isEmpty(depts))
{
throw new ServiceException("没有权限访问部门数据!");
}
if (SysUser.isAdmin(SecurityUtils.getUserId())) {
return;
}
SysDept queryDept = new SysDept();
List<SysDept> accessibleDepts = SpringUtils.getAopProxy(this).selectDeptList(queryDept);
if (CollectionUtils.isEmpty(accessibleDepts)) {
throw new ServiceException("没有权限访问部门数据!");
}
boolean hasPermission = accessibleDepts.stream()
.anyMatch(dept -> dept.getDeptId().equals(deptId));
if (!hasPermission) {
throw new ServiceException("没有权限访问该部门数据!");
}
SysDept targetDept = this.selectDeptById(deptId);
if (targetDept == null) {
throw new ServiceException("部门不存在!");
}
}

15
springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysPostServiceImpl.java
View File

@@ -1,7 +1,9 @@
package com.fastbee.system.service.impl;
import com.fastbee.common.constant.UserConstants;
import com.fastbee.common.core.domain.model.LoginUser;
import com.fastbee.common.exception.ServiceException;
import com.fastbee.common.utils.SecurityUtils;
import com.fastbee.common.utils.StringUtils;
import com.fastbee.system.domain.SysPost;
import com.fastbee.system.mapper.SysPostMapper;
@@ -9,8 +11,11 @@ import com.fastbee.system.mapper.SysUserPostMapper;
import com.fastbee.system.service.ISysPostService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
/**
* 岗位信息 服务层处理
@@ -35,7 +40,15 @@ public class SysPostServiceImpl implements ISysPostService
@Override
public List<SysPost> selectPostList(SysPost post)
{
return postMapper.selectPostList(post);
LoginUser loginUser = SecurityUtils.getLoginUser();
if (loginUser.getUser().getRoles().stream()
.map(role -> role.getRoleKey())
.collect(Collectors.toList()).contains("visitor")) {
return Collections.emptyList();
}
List<SysPost> postList = postMapper.selectPostList(post);
return CollectionUtils.isEmpty(postList) ? Collections.emptyList() : postList;
}
/**

25
springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysRoleServiceImpl.java
View File

@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
import com.fastbee.common.constant.UserConstants;
import com.fastbee.common.core.domain.entity.SysRole;
import com.fastbee.common.core.domain.entity.SysUser;
import com.fastbee.common.core.domain.model.LoginUser;
import com.fastbee.common.exception.ServiceException;
import com.fastbee.common.utils.SecurityUtils;
import com.fastbee.common.utils.StringUtils;
@@ -19,8 +20,10 @@ import com.fastbee.system.service.ISysRoleService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import java.util.*;
import java.util.stream.Collectors;
/**
* 角色 业务层处理
@@ -52,7 +55,27 @@ public class SysRoleServiceImpl implements ISysRoleService
@DataScope(deptAlias = "d")
public List<SysRole> selectRoleList(SysRole role)
{
return roleMapper.selectRoleList(role);
LoginUser loginUser = SecurityUtils.getLoginUser();
List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
.map(SysRole::getRoleKey)
.collect(Collectors.toList());
if (currentRoleKeys.contains("visitor")) {
return Collections.emptyList();
}
List<SysRole> roleList = roleMapper.selectRoleList(role);
if (CollectionUtils.isEmpty(roleList)) {
return Collections.emptyList();
}
Long currentUserId = loginUser.getUser().getUserId();
if (SysUser.isAdmin(currentUserId)) {
return roleList;
} else {
return roleList.stream()
.filter(r -> !r.isAdmin())
.collect(Collectors.toList());
}
}
/**

40
springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysUserServiceImpl.java
View File

@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
import com.fastbee.common.constant.UserConstants;
import com.fastbee.common.core.domain.entity.SysRole;
import com.fastbee.common.core.domain.entity.SysUser;
import com.fastbee.common.core.domain.model.LoginUser;
import com.fastbee.common.enums.SocialPlatformType;
import com.fastbee.common.exception.ServiceException;
import com.fastbee.common.utils.SecurityUtils;
@@ -73,6 +74,16 @@ public class SysUserServiceImpl implements ISysUserService
@DataScope(deptAlias = "d", userAlias = "u")
public List<SysUser> selectUserList(SysUser user)
{
LoginUser loginUser = SecurityUtils.getLoginUser();
SysUser currentUser = loginUser.getUser();
Long currentUserId = currentUser.getUserId();
Long currentDeptId = currentUser.getDeptId();
if (!SecurityUtils.isAdmin(currentUserId)) {
user.setDeptId(currentDeptId);
user.setUserId(currentUserId);
return userMapper.selectUserList(user);
}
return userMapper.selectUserList(user);
}
@@ -236,15 +247,26 @@ public class SysUserServiceImpl implements ISysUserService
@Override
public void checkUserDataScope(Long userId)
{
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
{
SysUser user = new SysUser();
user.setUserId(userId);
List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
if (StringUtils.isEmpty(users))
{
throw new ServiceException("没有权限访问用户数据!");
}
Long currentUserId = SecurityUtils.getUserId();
// 超管直接放行
if (SysUser.isAdmin(currentUserId)) {
return;
}
SysUser queryCondition = new SysUser();
List<SysUser> accessibleUsers = SpringUtils.getAopProxy(this).selectUserList(queryCondition);
boolean hasPermission = accessibleUsers.stream()
.anyMatch(u -> u.getUserId().equals(userId));
SysUser targetUser = this.selectUserById(userId);
if (targetUser != null && SysUser.isAdmin(targetUser.getUserId())) {
throw new ServiceException("禁止访问超级管理员信息!");
}
if (!hasPermission) {
throw new ServiceException("没有权限访问用户数据!");
}
}