限制用户操作数据权限范围

2024-05-29 12:19:57 +08:00
parent 61c2e96aaa
commit edb1c614d0
6 changed files with 26 additions and 12 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@ -130,6 +130,8 @@ public class SysUserController extends BaseController
    @ResponseBody
    public AjaxResult addSave(@Validated SysUser user)
    {
+        deptService.checkDeptDataScope(user.getDeptId());
+        roleService.checkRoleDataScope(user.getRoleIds());
        if (!userService.checkLoginNameUnique(user))
        {
            return error("新增用户'" + user.getLoginName() + "'失败，登录账号已存在");
@ -189,6 +191,8 @@ public class SysUserController extends BaseController
    {
        userService.checkUserAllowed(user);
        userService.checkUserDataScope(user.getUserId());
+        deptService.checkDeptDataScope(user.getDeptId());
+        roleService.checkRoleDataScope(user.getRoleIds());
        if (!userService.checkLoginNameUnique(user))
        {
            return error("修改用户'" + user.getLoginName() + "'失败，登录账号已存在");
@ -259,6 +263,7 @@ public class SysUserController extends BaseController
    public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
    {
        userService.checkUserDataScope(userId);
+        roleService.checkRoleDataScope(roleIds);
        userService.insertUserAuth(userId, roleIds);
        AuthorizationUtils.clearAllCachedAuthorizationInfo();
        return success();