From f1982e6be3d15620dc8faa113cd8771cc71f6d7b Mon Sep 17 00:00:00 2001
From: gx_ma <1773945958@qq.com>
Date: Mon, 2 Feb 2026 15:56:01 +0800
Subject: [PATCH] =?UTF-8?q?refactor(=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90):?=
 =?UTF-8?q?=20=E4=BF=AE=E5=A4=8D=E6=B8=B8=E5=AE=A2=E8=B4=A6=E5=8F=B7?=
 =?UTF-8?q?=E8=83=BD=E6=9F=A5=E8=AF=A2=E7=AE=A1=E7=90=86=E5=91=98=E4=BF=A1?=
 =?UTF-8?q?=E6=81=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/system/SysDeptController.java  | 20 +++++-
 .../controller/system/SysUserController.java  | 68 +++++++++++++++++--
 .../service/impl/SysDeptServiceImpl.java      | 30 +++++---
 .../service/impl/SysPostServiceImpl.java      | 15 +++-
 .../service/impl/SysRoleServiceImpl.java      | 25 ++++++-
 .../service/impl/SysUserServiceImpl.java      | 40 ++++++++---
 6 files changed, 171 insertions(+), 27 deletions(-)

diff --git a/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysDeptController.java b/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysDeptController.java
index 8dbf3ac7..b14bf5bf 100644
--- a/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysDeptController.java
+++ b/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysDeptController.java
@@ -1,7 +1,11 @@
 package com.fastbee.web.controller.system;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
+import com.fastbee.common.core.domain.model.LoginUser;
+import com.fastbee.common.exception.ServiceException;
+import com.fastbee.common.utils.SecurityUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.ArrayUtils;
@@ -71,8 +75,20 @@ public class SysDeptController extends BaseController
     @GetMapping(value = "/{deptId}")
     public AjaxResult getInfo(@PathVariable Long deptId)
     {
-        deptService.checkDeptDataScope(deptId);
-        return success(deptService.selectDeptById(deptId));
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
+                .map(role -> role.getRoleKey())
+                .collect(Collectors.toList());
+        if (currentRoleKeys.contains("visitor")) {
+            return AjaxResult.error(403, "游客无权限访问部门信息！");
+        }
+        try {
+            deptService.checkDeptDataScope(deptId);
+        } catch (ServiceException e) {
+            return AjaxResult.error(403, e.getMessage());
+        }
+        SysDept dept = deptService.selectDeptById(deptId);
+        return AjaxResult.success(dept);
     }
 
     /**
diff --git a/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysUserController.java b/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysUserController.java
index 8f5a27c2..75e1468d 100644
--- a/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysUserController.java
+++ b/springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysUserController.java
@@ -6,8 +6,10 @@ import com.fastbee.common.core.domain.AjaxResult;
 import com.fastbee.common.core.domain.entity.SysDept;
 import com.fastbee.common.core.domain.entity.SysRole;
 import com.fastbee.common.core.domain.entity.SysUser;
+import com.fastbee.common.core.domain.model.LoginUser;
 import com.fastbee.common.core.page.TableDataInfo;
 import com.fastbee.common.enums.BusinessType;
+import com.fastbee.common.exception.ServiceException;
 import com.fastbee.common.utils.SecurityUtils;
 import com.fastbee.common.utils.StringUtils;
 import com.fastbee.common.utils.poi.ExcelUtil;
@@ -96,17 +98,53 @@ public class SysUserController extends BaseController
     public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId)
     {
         AjaxResult ajax = AjaxResult.success();
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        SysUser currentUser = loginUser.getUser();
+        Long currentUserId = currentUser.getUserId();
+
+        List<String> currentRoleKeys = currentUser.getRoles().stream()
+                .map(SysRole::getRoleKey)
+                .collect(Collectors.toList());
+        if (currentRoleKeys.contains("visitor")) {
+            return AjaxResult.error(403, "游客无权限访问用户信息！");
+        }
         if (StringUtils.isNotNull(userId))
         {
-            userService.checkUserDataScope(userId);
+            try {
+                userService.checkUserDataScope(userId);
+            } catch (ServiceException e) {
+                return AjaxResult.error(403, e.getMessage());
+            }
             SysUser sysUser = userService.selectUserById(userId);
+            // 非超管过滤超管角色信息
+            if (!SysUser.isAdmin(currentUserId)) {
+                List<SysRole> filterRoles = sysUser.getRoles().stream()
+                        .filter(r -> !r.isAdmin())
+                        .collect(Collectors.toList());
+                sysUser.setRoles(filterRoles);
+            }
+
+            // 封装数据
             ajax.put(AjaxResult.DATA_TAG, sysUser);
             ajax.put("postIds", postService.selectPostListByUserId(userId));
-            ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList()));
+            List<Long> roleIds = sysUser.getRoles().stream()
+                    .map(SysRole::getRoleId)
+                    .collect(Collectors.toList());
+            ajax.put("roleIds", roleIds);
         }
+        // 角色/岗位列表过滤
         List<SysRole> roles = roleService.selectRoleAll();
-        ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
-        ajax.put("posts", postService.selectPostAll());
+        ajax.put("roles", SysUser.isAdmin(currentUserId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
+
+        // ========== 8. 岗位列表：仅用selectPostListByUserId（适配现有方法） ==========
+        if (SysUser.isAdmin(currentUserId)) {
+            // 超管：返回所有岗位
+            ajax.put("posts", postService.selectPostAll());
+        } else {
+            // 非超管：仅返回当前登录用户自己的岗位
+            ajax.put("posts", postService.selectPostListByUserId(currentUserId));
+        }
+
         return ajax;
     }
 
@@ -217,10 +255,30 @@ public class SysUserController extends BaseController
     public AjaxResult authRole(@PathVariable("userId") Long userId)
     {
         AjaxResult ajax = AjaxResult.success();
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        SysUser currentUser = loginUser.getUser();
+        Long currentUserId = currentUser.getUserId();
+
+        List<String> currentRoleKeys = currentUser.getRoles().stream()
+                .map(SysRole::getRoleKey)
+                .collect(Collectors.toList());
+        if (currentRoleKeys.contains("visitor")) {
+            return AjaxResult.error(403, "游客无权限访问用户授权角色信息！");
+        }
+
+        try {
+            userService.checkUserDataScope(userId);
+        } catch (ServiceException e) {
+            return AjaxResult.error(403, e.getMessage());
+        }
+
         SysUser user = userService.selectUserById(userId);
         List<SysRole> roles = roleService.selectRolesByUserId(userId);
+        List<SysRole> filterRoles = SysUser.isAdmin(currentUserId)
+                ? roles  // 超管返回所有授权角色
+                : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()); // 非超管过滤超管角色
         ajax.put("user", user);
-        ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList()));
+        ajax.put("roles", filterRoles);
         return ajax;
     }
 
diff --git a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysDeptServiceImpl.java b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysDeptServiceImpl.java
index 926b7139..d2e4af44 100644
--- a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysDeptServiceImpl.java
+++ b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysDeptServiceImpl.java
@@ -16,6 +16,7 @@ import com.fastbee.system.mapper.SysRoleMapper;
 import com.fastbee.system.service.ISysDeptService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 
 import java.util.ArrayList;
 import java.util.Iterator;
@@ -191,15 +192,26 @@ public class SysDeptServiceImpl implements ISysDeptService
     @Override
     public void checkDeptDataScope(Long deptId)
     {
-        if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
-        {
-            SysDept dept = new SysDept();
-            dept.setDeptId(deptId);
-            List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
-            if (StringUtils.isEmpty(depts))
-            {
-                throw new ServiceException("没有权限访问部门数据！");
-            }
+        if (SysUser.isAdmin(SecurityUtils.getUserId())) {
+            return;
+        }
+
+        SysDept queryDept = new SysDept();
+        List<SysDept> accessibleDepts = SpringUtils.getAopProxy(this).selectDeptList(queryDept);
+
+        if (CollectionUtils.isEmpty(accessibleDepts)) {
+            throw new ServiceException("没有权限访问部门数据！");
+        }
+
+        boolean hasPermission = accessibleDepts.stream()
+                .anyMatch(dept -> dept.getDeptId().equals(deptId));
+        if (!hasPermission) {
+            throw new ServiceException("没有权限访问该部门数据！");
+        }
+
+        SysDept targetDept = this.selectDeptById(deptId);
+        if (targetDept == null) {
+            throw new ServiceException("部门不存在！");
         }
     }
 
diff --git a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysPostServiceImpl.java b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysPostServiceImpl.java
index 189cbeb5..5a9843a0 100644
--- a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysPostServiceImpl.java
+++ b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysPostServiceImpl.java
@@ -1,7 +1,9 @@
 package com.fastbee.system.service.impl;
 
 import com.fastbee.common.constant.UserConstants;
+import com.fastbee.common.core.domain.model.LoginUser;
 import com.fastbee.common.exception.ServiceException;
+import com.fastbee.common.utils.SecurityUtils;
 import com.fastbee.common.utils.StringUtils;
 import com.fastbee.system.domain.SysPost;
 import com.fastbee.system.mapper.SysPostMapper;
@@ -9,8 +11,11 @@ import com.fastbee.system.mapper.SysUserPostMapper;
 import com.fastbee.system.service.ISysPostService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 
+import java.util.Collections;
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * 岗位信息 服务层处理
@@ -35,7 +40,15 @@ public class SysPostServiceImpl implements ISysPostService
     @Override
     public List<SysPost> selectPostList(SysPost post)
     {
-        return postMapper.selectPostList(post);
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (loginUser.getUser().getRoles().stream()
+                .map(role -> role.getRoleKey())
+                .collect(Collectors.toList()).contains("visitor")) {
+            return Collections.emptyList();
+        }
+
+        List<SysPost> postList = postMapper.selectPostList(post);
+        return CollectionUtils.isEmpty(postList) ? Collections.emptyList() : postList;
     }
 
     /**
diff --git a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysRoleServiceImpl.java b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysRoleServiceImpl.java
index 92d36999..8af89163 100644
--- a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysRoleServiceImpl.java
+++ b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysRoleServiceImpl.java
@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
 import com.fastbee.common.constant.UserConstants;
 import com.fastbee.common.core.domain.entity.SysRole;
 import com.fastbee.common.core.domain.entity.SysUser;
+import com.fastbee.common.core.domain.model.LoginUser;
 import com.fastbee.common.exception.ServiceException;
 import com.fastbee.common.utils.SecurityUtils;
 import com.fastbee.common.utils.StringUtils;
@@ -19,8 +20,10 @@ import com.fastbee.system.service.ISysRoleService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.CollectionUtils;
 
 import java.util.*;
+import java.util.stream.Collectors;
 
 /**
  * 角色 业务层处理
@@ -52,7 +55,27 @@ public class SysRoleServiceImpl implements ISysRoleService
     @DataScope(deptAlias = "d")
     public List<SysRole> selectRoleList(SysRole role)
     {
-        return roleMapper.selectRoleList(role);
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
+                .map(SysRole::getRoleKey)
+                .collect(Collectors.toList());
+        if (currentRoleKeys.contains("visitor")) {
+            return Collections.emptyList();
+        }
+
+        List<SysRole> roleList = roleMapper.selectRoleList(role);
+        if (CollectionUtils.isEmpty(roleList)) {
+            return Collections.emptyList();
+        }
+
+        Long currentUserId = loginUser.getUser().getUserId();
+        if (SysUser.isAdmin(currentUserId)) {
+            return roleList;
+        } else {
+            return roleList.stream()
+                    .filter(r -> !r.isAdmin())
+                    .collect(Collectors.toList());
+        }
     }
 
     /**
diff --git a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysUserServiceImpl.java b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysUserServiceImpl.java
index 42d7a353..3276eaa2 100644
--- a/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysUserServiceImpl.java
+++ b/springboot/fastbee-service/fastbee-system-service/src/main/java/com/fastbee/system/service/impl/SysUserServiceImpl.java
@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
 import com.fastbee.common.constant.UserConstants;
 import com.fastbee.common.core.domain.entity.SysRole;
 import com.fastbee.common.core.domain.entity.SysUser;
+import com.fastbee.common.core.domain.model.LoginUser;
 import com.fastbee.common.enums.SocialPlatformType;
 import com.fastbee.common.exception.ServiceException;
 import com.fastbee.common.utils.SecurityUtils;
@@ -73,6 +74,16 @@ public class SysUserServiceImpl implements ISysUserService
     @DataScope(deptAlias = "d", userAlias = "u")
     public List<SysUser> selectUserList(SysUser user)
     {
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        SysUser currentUser = loginUser.getUser();
+        Long currentUserId = currentUser.getUserId();
+        Long currentDeptId = currentUser.getDeptId();
+        if (!SecurityUtils.isAdmin(currentUserId)) {
+            user.setDeptId(currentDeptId);
+            user.setUserId(currentUserId);
+            return userMapper.selectUserList(user);
+        }
+
         return userMapper.selectUserList(user);
     }
 
@@ -236,15 +247,26 @@ public class SysUserServiceImpl implements ISysUserService
     @Override
     public void checkUserDataScope(Long userId)
     {
-        if (!SysUser.isAdmin(SecurityUtils.getUserId()))
-        {
-            SysUser user = new SysUser();
-            user.setUserId(userId);
-            List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
-            if (StringUtils.isEmpty(users))
-            {
-                throw new ServiceException("没有权限访问用户数据！");
-            }
+        Long currentUserId = SecurityUtils.getUserId();
+        // 超管直接放行
+        if (SysUser.isAdmin(currentUserId)) {
+            return;
+        }
+
+
+        SysUser queryCondition = new SysUser();
+        List<SysUser> accessibleUsers = SpringUtils.getAopProxy(this).selectUserList(queryCondition);
+
+        boolean hasPermission = accessibleUsers.stream()
+                .anyMatch(u -> u.getUserId().equals(userId));
+
+        SysUser targetUser = this.selectUserById(userId);
+        if (targetUser != null && SysUser.isAdmin(targetUser.getUserId())) {
+            throw new ServiceException("禁止访问超级管理员信息！");
+        }
+
+        if (!hasPermission) {
+            throw new ServiceException("没有权限访问用户数据！");
         }
     }