diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java index 57dcbd3..6ec2f3e 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java @@ -125,16 +125,17 @@ public class SysDeptController extends BaseController @PutMapping public AjaxResult edit(@Validated @RequestBody SysDept dept) { + Long deptId = dept.getDeptId(); + deptService.checkDeptDataScope(deptId); if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept))) { return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,部门名称已存在"); } - else if (dept.getParentId().equals(dept.getDeptId())) + else if (dept.getParentId().equals(deptId)) { return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,上级部门不能是自己"); } - else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) - && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0) + else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) && deptService.selectNormalChildrenDeptById(deptId) > 0) { return AjaxResult.error("该部门包含未停用的子部门!"); } @@ -158,6 +159,7 @@ public class SysDeptController extends BaseController { return AjaxResult.error("部门存在用户,不允许删除"); } + deptService.checkDeptDataScope(deptId); return toAjax(deptService.deleteDeptById(deptId)); } } diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java index d70fa81..10b62f1 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java @@ -111,6 +111,7 @@ public class SysRoleController extends BaseController public AjaxResult edit(@Validated @RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) { return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); @@ -145,6 +146,7 @@ public class SysRoleController extends BaseController public AjaxResult dataScope(@RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.authDataScope(role)); } @@ -157,6 +159,7 @@ public class SysRoleController extends BaseController public AjaxResult changeStatus(@RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); role.setUpdateBy(getUsername()); return toAjax(roleService.updateRoleStatus(role)); } @@ -236,6 +239,7 @@ public class SysRoleController extends BaseController @PutMapping("/authUser/selectAll") public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds) { + roleService.checkRoleDataScope(roleId); return toAjax(roleService.insertAuthUsers(roleId, userIds)); } } diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java index e9be25e..60d9de0 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java @@ -148,6 +148,7 @@ public class SysUserController extends BaseController public AjaxResult edit(@Validated @RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); if (StringUtils.isNotEmpty(user.getPhonenumber()) && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) { @@ -186,6 +187,7 @@ public class SysUserController extends BaseController public AjaxResult resetPwd(@RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); user.setUpdateBy(getUsername()); return toAjax(userService.resetPwd(user)); @@ -200,6 +202,7 @@ public class SysUserController extends BaseController public AjaxResult changeStatus(@RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); user.setUpdateBy(getUsername()); return toAjax(userService.updateUserStatus(user)); } @@ -227,6 +230,7 @@ public class SysUserController extends BaseController @PutMapping("/authRole") public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { + userService.checkUserDataScope(userId); userService.insertUserAuth(userId, roleIds); return success(); } diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java index f53f975..68dd15d 100644 --- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java +++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java @@ -361,6 +361,7 @@ public class SysRoleServiceImpl implements ISysRoleService for (Long roleId : roleIds) { checkRoleAllowed(new SysRole(roleId)); + checkRoleDataScope(roleId); SysRole role = selectRoleById(roleId); if (countUserRoleByRoleId(roleId) > 0) { diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java index 8d33286..56f3dac 100644 --- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java +++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java @@ -482,6 +482,7 @@ public class SysUserServiceImpl implements ISysUserService for (Long userId : userIds) { checkUserAllowed(new SysUser(userId)); + checkUserDataScope(userId); } // 删除用户与角色关联 userRoleMapper.deleteUserRole(userIds);