mirror of
https://gitee.com/beecue/fastbee.git
synced 2026-02-04 16:15:54 +08:00
refactor(数据权限): 修复游客账号能查询管理员信息
This commit is contained in:
gx_ma
@@ -16,6 +16,7 @@ import com.fastbee.system.mapper.SysRoleMapper;
|
||||
import com.fastbee.system.service.ISysDeptService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Iterator;
|
||||
@@ -191,15 +192,26 @@ public class SysDeptServiceImpl implements ISysDeptService
|
||||
@Override
|
||||
public void checkDeptDataScope(Long deptId)
|
||||
{
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
|
||||
{
|
||||
SysDept dept = new SysDept();
|
||||
dept.setDeptId(deptId);
|
||||
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
|
||||
if (StringUtils.isEmpty(depts))
|
||||
{
|
||||
throw new ServiceException("没有权限访问部门数据!");
|
||||
}
|
||||
if (SysUser.isAdmin(SecurityUtils.getUserId())) {
|
||||
return;
|
||||
}
|
||||
|
||||
SysDept queryDept = new SysDept();
|
||||
List<SysDept> accessibleDepts = SpringUtils.getAopProxy(this).selectDeptList(queryDept);
|
||||
|
||||
if (CollectionUtils.isEmpty(accessibleDepts)) {
|
||||
throw new ServiceException("没有权限访问部门数据!");
|
||||
}
|
||||
|
||||
boolean hasPermission = accessibleDepts.stream()
|
||||
.anyMatch(dept -> dept.getDeptId().equals(deptId));
|
||||
if (!hasPermission) {
|
||||
throw new ServiceException("没有权限访问该部门数据!");
|
||||
}
|
||||
|
||||
SysDept targetDept = this.selectDeptById(deptId);
|
||||
if (targetDept == null) {
|
||||
throw new ServiceException("部门不存在!");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
package com.fastbee.system.service.impl;
|
||||
|
||||
import com.fastbee.common.constant.UserConstants;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
import com.fastbee.common.utils.StringUtils;
|
||||
import com.fastbee.system.domain.SysPost;
|
||||
import com.fastbee.system.mapper.SysPostMapper;
|
||||
@@ -9,8 +11,11 @@ import com.fastbee.system.mapper.SysUserPostMapper;
|
||||
import com.fastbee.system.service.ISysPostService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 岗位信息 服务层处理
|
||||
@@ -35,7 +40,15 @@ public class SysPostServiceImpl implements ISysPostService
|
||||
@Override
|
||||
public List<SysPost> selectPostList(SysPost post)
|
||||
{
|
||||
return postMapper.selectPostList(post);
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
if (loginUser.getUser().getRoles().stream()
|
||||
.map(role -> role.getRoleKey())
|
||||
.collect(Collectors.toList()).contains("visitor")) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
List<SysPost> postList = postMapper.selectPostList(post);
|
||||
return CollectionUtils.isEmpty(postList) ? Collections.emptyList() : postList;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
|
||||
import com.fastbee.common.constant.UserConstants;
|
||||
import com.fastbee.common.core.domain.entity.SysRole;
|
||||
import com.fastbee.common.core.domain.entity.SysUser;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
import com.fastbee.common.utils.StringUtils;
|
||||
@@ -19,8 +20,10 @@ import com.fastbee.system.service.ISysRoleService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 角色 业务层处理
|
||||
@@ -52,7 +55,27 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||
@DataScope(deptAlias = "d")
|
||||
public List<SysRole> selectRoleList(SysRole role)
|
||||
{
|
||||
return roleMapper.selectRoleList(role);
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
List<String> currentRoleKeys = loginUser.getUser().getRoles().stream()
|
||||
.map(SysRole::getRoleKey)
|
||||
.collect(Collectors.toList());
|
||||
if (currentRoleKeys.contains("visitor")) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
List<SysRole> roleList = roleMapper.selectRoleList(role);
|
||||
if (CollectionUtils.isEmpty(roleList)) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
Long currentUserId = loginUser.getUser().getUserId();
|
||||
if (SysUser.isAdmin(currentUserId)) {
|
||||
return roleList;
|
||||
} else {
|
||||
return roleList.stream()
|
||||
.filter(r -> !r.isAdmin())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -4,6 +4,7 @@ import com.fastbee.common.annotation.DataScope;
|
||||
import com.fastbee.common.constant.UserConstants;
|
||||
import com.fastbee.common.core.domain.entity.SysRole;
|
||||
import com.fastbee.common.core.domain.entity.SysUser;
|
||||
import com.fastbee.common.core.domain.model.LoginUser;
|
||||
import com.fastbee.common.enums.SocialPlatformType;
|
||||
import com.fastbee.common.exception.ServiceException;
|
||||
import com.fastbee.common.utils.SecurityUtils;
|
||||
@@ -73,6 +74,16 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
@DataScope(deptAlias = "d", userAlias = "u")
|
||||
public List<SysUser> selectUserList(SysUser user)
|
||||
{
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
SysUser currentUser = loginUser.getUser();
|
||||
Long currentUserId = currentUser.getUserId();
|
||||
Long currentDeptId = currentUser.getDeptId();
|
||||
if (!SecurityUtils.isAdmin(currentUserId)) {
|
||||
user.setDeptId(currentDeptId);
|
||||
user.setUserId(currentUserId);
|
||||
return userMapper.selectUserList(user);
|
||||
}
|
||||
|
||||
return userMapper.selectUserList(user);
|
||||
}
|
||||
|
||||
@@ -236,15 +247,26 @@ public class SysUserServiceImpl implements ISysUserService
|
||||
@Override
|
||||
public void checkUserDataScope(Long userId)
|
||||
{
|
||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||
{
|
||||
SysUser user = new SysUser();
|
||||
user.setUserId(userId);
|
||||
List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
|
||||
if (StringUtils.isEmpty(users))
|
||||
{
|
||||
throw new ServiceException("没有权限访问用户数据!");
|
||||
}
|
||||
Long currentUserId = SecurityUtils.getUserId();
|
||||
// 超管直接放行
|
||||
if (SysUser.isAdmin(currentUserId)) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
SysUser queryCondition = new SysUser();
|
||||
List<SysUser> accessibleUsers = SpringUtils.getAopProxy(this).selectUserList(queryCondition);
|
||||
|
||||
boolean hasPermission = accessibleUsers.stream()
|
||||
.anyMatch(u -> u.getUserId().equals(userId));
|
||||
|
||||
SysUser targetUser = this.selectUserById(userId);
|
||||
if (targetUser != null && SysUser.isAdmin(targetUser.getUserId())) {
|
||||
throw new ServiceException("禁止访问超级管理员信息!");
|
||||
}
|
||||
|
||||
if (!hasPermission) {
|
||||
throw new ServiceException("没有权限访问用户数据!");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user