mirror of
https://gitee.com/beecue/fastbee.git
synced 2026-02-04 08:05:55 +08:00
Revert "Revert "refactor(数据权限): 修复游客账号能查询管理员信息""
This reverts commit 2440abfd9b.
This commit is contained in:
gx_ma
@@ -1,7 +1,11 @@
|
||||
package com.fastbee.web.controller.system;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.apache.commons.lang3.ArrayUtils;
|
||||
@@ -71,8 +75,20 @@ public class SysDeptController extends BaseController
|
||||
@GetMapping(value = "/{deptId}")
|
||||
public AjaxResult getInfo(@PathVariable Long deptId)
|
||||
{
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
|
||||
.map(role -> role.getRoleKey())
|
||||
.collect(Collectors.toList());
|
||||
if (currentRoleKeys.contains("visitor")) {
|
||||
return AjaxResult.error(403, "游客无权限访问部门信息!");
|
||||
}
|
||||
try {
|
||||
deptService.checkDeptDataScope(deptId);
|
||||
return success(deptService.selectDeptById(deptId));
|
||||
} catch (ServiceException e) {
|
||||
return AjaxResult.error(403, e.getMessage());
|
||||
}
|
||||
SysDept dept = deptService.selectDeptById(deptId);
|
||||
return AjaxResult.success(dept);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -6,8 +6,10 @@ import com.fastbee.common.core.domain.AjaxResult;
|
||||
import com.fastbee.common.core.domain.entity.SysDept;
|
||||
import com.fastbee.common.core.domain.entity.SysRole;
|
||||
import com.fastbee.common.core.domain.entity.SysUser;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.core.page.TableDataInfo;
|
||||
import com.fastbee.common.enums.BusinessType;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
import com.fastbee.common.utils.StringUtils;
|
||||
import com.fastbee.common.utils.poi.ExcelUtil;
|
||||
@@ -96,17 +98,53 @@ public class SysUserController extends BaseController
|
||||
public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
|
||||
{
|
||||
AjaxResult ajax = AjaxResult.success();
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
SysUser currentUser = loginUser.getUser();
|
||||
Long currentUserId = currentUser.getUserId();
|
||||
|
||||
List<String> currentRoleKeys = currentUser.getRoles().stream()
|
||||
.map(SysRole::getRoleKey)
|
||||
.collect(Collectors.toList());
|
||||
if (currentRoleKeys.contains("visitor")) {
|
||||
return AjaxResult.error(403, "游客无权限访问用户信息!");
|
||||
}
|
||||
if (StringUtils.isNotNull(userId))
|
||||
{
|
||||
try {
|
||||
userService.checkUserDataScope(userId);
|
||||
} catch (ServiceException e) {
|
||||
return AjaxResult.error(403, e.getMessage());
|
||||
}
|
||||
SysUser sysUser = userService.selectUserById(userId);
|
||||
// 非超管过滤超管角色信息
|
||||
if (!SysUser.isAdmin(currentUserId)) {
|
||||
List<SysRole> filterRoles = sysUser.getRoles().stream()
|
||||
.filter(r -> !r.isAdmin())
|
||||
.collect(Collectors.toList());
|
||||
sysUser.setRoles(filterRoles);
|
||||
}
|
||||
|
||||
// 封装数据
|
||||
ajax.put(AjaxResult.DATA_TAG, sysUser);
|
||||
ajax.put("postIds", postService.selectPostListByUserId(userId));
|
||||
ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList()));
|
||||
List<Long> roleIds = sysUser.getRoles().stream()
|
||||
.map(SysRole::getRoleId)
|
||||
.collect(Collectors.toList());
|
||||
ajax.put("roleIds", roleIds);
|
||||
}
|
||||
// 角色/岗位列表过滤
|
||||
List<SysRole> roles = roleService.selectRoleAll();
|
||||
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
|
||||
ajax.put("roles", SysUser.isAdmin(currentUserId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
|
||||
|
||||
// ========== 8. 岗位列表:仅用selectPostListByUserId(适配现有方法) ==========
|
||||
if (SysUser.isAdmin(currentUserId)) {
|
||||
// 超管:返回所有岗位
|
||||
ajax.put("posts", postService.selectPostAll());
|
||||
} else {
|
||||
// 非超管:仅返回当前登录用户自己的岗位
|
||||
ajax.put("posts", postService.selectPostListByUserId(currentUserId));
|
||||
}
|
||||
|
||||
return ajax;
|
||||
}
|
||||
|
||||
@@ -217,10 +255,30 @@ public class SysUserController extends BaseController
|
||||
public AjaxResult authRole(@PathVariable("userId") Long userId)
|
||||
{
|
||||
AjaxResult ajax = AjaxResult.success();
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
SysUser currentUser = loginUser.getUser();
|
||||
Long currentUserId = currentUser.getUserId();
|
||||
|
||||
List<String> currentRoleKeys = currentUser.getRoles().stream()
|
||||
.map(SysRole::getRoleKey)
|
||||
.collect(Collectors.toList());
|
||||
if (currentRoleKeys.contains("visitor")) {
|
||||
return AjaxResult.error(403, "游客无权限访问用户授权角色信息!");
|
||||
}
|
||||
|
||||
try {
|
||||
userService.checkUserDataScope(userId);
|
||||
} catch (ServiceException e) {
|
||||
return AjaxResult.error(403, e.getMessage());
|
||||
}
|
||||
|
||||
SysUser user = userService.selectUserById(userId);
|
||||
List<SysRole> roles = roleService.selectRolesByUserId(userId);
|
||||
List<SysRole> filterRoles = SysUser.isAdmin(currentUserId)
|
||||
? roles // 超管返回所有授权角色
|
||||
: roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()); // 非超管过滤超管角色
|
||||
ajax.put("user", user);
|
||||
ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
|
||||
ajax.put("roles", filterRoles);
|
||||
return ajax;
|
||||
}
|
||||
|
||||
|
||||
@@ -16,6 +16,7 @@ import com.fastbee.system.mapper.SysRoleMapper;
|
||||
import com.fastbee.system.service.ISysDeptService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
@@ -191,15 +192,26 @@ public class SysDeptServiceImpl implements ISysDeptService
|
||||
@Override
|
||||
public void checkDeptDataScope(Long deptId)
|
||||
{
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
|
||||
{
|
||||
SysDept dept = new SysDept();
|
||||
dept.setDeptId(deptId);
|
||||
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
|
||||
if (StringUtils.isEmpty(depts))
|
||||
{
|
||||
if (SysUser.isAdmin(SecurityUtils.getUserId())) {
|
||||
return;
|
||||
}
|
||||
|
||||
SysDept queryDept = new SysDept();
|
||||
List<SysDept> accessibleDepts = SpringUtils.getAopProxy(this).selectDeptList(queryDept);
|
||||
|
||||
if (CollectionUtils.isEmpty(accessibleDepts)) {
|
||||
throw new ServiceException("没有权限访问部门数据!");
|
||||
}
|
||||
|
||||
boolean hasPermission = accessibleDepts.stream()
|
||||
.anyMatch(dept -> dept.getDeptId().equals(deptId));
|
||||
if (!hasPermission) {
|
||||
throw new ServiceException("没有权限访问该部门数据!");
|
||||
}
|
||||
|
||||
SysDept targetDept = this.selectDeptById(deptId);
|
||||
if (targetDept == null) {
|
||||
throw new ServiceException("部门不存在!");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
package com.fastbee.system.service.impl;
|
||||
|
||||
import com.fastbee.common.constant.UserConstants;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
import com.fastbee.common.utils.StringUtils;
|
||||
import com.fastbee.system.domain.SysPost;
|
||||
import com.fastbee.system.mapper.SysPostMapper;
|
||||
@@ -9,8 +11,11 @@ import com.fastbee.system.mapper.SysUserPostMapper;
|
||||
import com.fastbee.system.service.ISysPostService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 岗位信息 服务层处理
|
||||
@@ -35,7 +40,15 @@ public class SysPostServiceImpl implements ISysPostService
|
||||
@Override
|
||||
public List<SysPost> selectPostList(SysPost post)
|
||||
{
|
||||
return postMapper.selectPostList(post);
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
if (loginUser.getUser().getRoles().stream()
|
||||
.map(role -> role.getRoleKey())
|
||||
.collect(Collectors.toList()).contains("visitor")) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
List<SysPost> postList = postMapper.selectPostList(post);
|
||||
return CollectionUtils.isEmpty(postList) ? Collections.emptyList() : postList;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
|
||||
import com.fastbee.common.constant.UserConstants;
|
||||
import com.fastbee.common.core.domain.entity.SysRole;
|
||||
import com.fastbee.common.core.domain.entity.SysUser;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
import com.fastbee.common.utils.StringUtils;
|
||||
@@ -19,8 +20,10 @@ import com.fastbee.system.service.ISysRoleService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 角色 业务层处理
|
||||
@@ -52,7 +55,27 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||
@DataScope(deptAlias = "d")
|
||||
public List<SysRole> selectRoleList(SysRole role)
|
||||
{
|
||||
return roleMapper.selectRoleList(role);
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
|
||||
.map(SysRole::getRoleKey)
|
||||
.collect(Collectors.toList());
|
||||
if (currentRoleKeys.contains("visitor")) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
List<SysRole> roleList = roleMapper.selectRoleList(role);
|
||||
if (CollectionUtils.isEmpty(roleList)) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
Long currentUserId = loginUser.getUser().getUserId();
|
||||
if (SysUser.isAdmin(currentUserId)) {
|
||||
return roleList;
|
||||
} else {
|
||||
return roleList.stream()
|
||||
.filter(r -> !r.isAdmin())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
|
||||
import com.fastbee.common.constant.UserConstants;
|
||||
import com.fastbee.common.core.domain.entity.SysRole;
|
||||
import com.fastbee.common.core.domain.entity.SysUser;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.enums.SocialPlatformType;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
@@ -73,6 +74,16 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
@DataScope(deptAlias = "d", userAlias = "u")
|
||||
public List<SysUser> selectUserList(SysUser user)
|
||||
{
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
SysUser currentUser = loginUser.getUser();
|
||||
Long currentUserId = currentUser.getUserId();
|
||||
Long currentDeptId = currentUser.getDeptId();
|
||||
if (!SecurityUtils.isAdmin(currentUserId)) {
|
||||
user.setDeptId(currentDeptId);
|
||||
user.setUserId(currentUserId);
|
||||
return userMapper.selectUserList(user);
|
||||
}
|
||||
|
||||
return userMapper.selectUserList(user);
|
||||
}
|
||||
|
||||
@@ -236,15 +247,26 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
@Override
|
||||
public void checkUserDataScope(Long userId)
|
||||
{
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||
{
|
||||
SysUser user = new SysUser();
|
||||
user.setUserId(userId);
|
||||
List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
|
||||
if (StringUtils.isEmpty(users))
|
||||
{
|
||||
throw new ServiceException("没有权限访问用户数据!");
|
||||
Long currentUserId = SecurityUtils.getUserId();
|
||||
// 超管直接放行
|
||||
if (SysUser.isAdmin(currentUserId)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
SysUser queryCondition = new SysUser();
|
||||
List<SysUser> accessibleUsers = SpringUtils.getAopProxy(this).selectUserList(queryCondition);
|
||||
|
||||
boolean hasPermission = accessibleUsers.stream()
|
||||
.anyMatch(u -> u.getUserId().equals(userId));
|
||||
|
||||
SysUser targetUser = this.selectUserById(userId);
|
||||
if (targetUser != null && SysUser.isAdmin(targetUser.getUserId())) {
|
||||
throw new ServiceException("禁止访问超级管理员信息!");
|
||||
}
|
||||
|
||||
if (!hasPermission) {
|
||||
throw new ServiceException("没有权限访问用户数据!");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user