用户访问控制时校验数据权限，防止越权

2022-01-27 11:13:59 +08:00
parent e9ebf86ac8
commit ed1e7e69a8
5 changed files with 16 additions and 4 deletions
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@ -159,6 +159,7 @@ public class SysRoleServiceImpl implements ISysRoleService
        for (Long roleId : roleIds)
        {
            checkRoleAllowed(new SysRole(roleId));
+            checkRoleDataScope(roleId);
            SysRole role = selectRoleById(roleId);
            if (countUserRoleByRoleId(roleId) > 0)
            {
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@ -47,7 +47,7 @@ public class SysUserServiceImpl implements ISysUserService

    @Autowired
    private SysRoleMapper roleMapper;
-
+    
    @Autowired
    private SysPostMapper postMapper;

@ -193,6 +193,7 @@ public class SysUserServiceImpl implements ISysUserService
        for (Long userId : userIds)
        {
            checkUserAllowed(new SysUser(userId));
+            checkUserDataScope(userId);
        }
        // 删除用户与角色关联
        userRoleMapper.deleteUserRole(userIds);