diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java index 964ba1c..43bddd6 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java @@ -126,16 +126,17 @@ public class SysDeptController extends BaseController @PutMapping public AjaxResult edit(@Validated @RequestBody SysDept dept) { + Long deptId = dept.getDeptId(); + deptService.checkDeptDataScope(deptId); if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept))) { return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,部门名称已存在"); } - else if (dept.getParentId().equals(dept.getDeptId())) + else if (dept.getParentId().equals(deptId)) { return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败,上级部门不能是自己"); } - else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) - && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0) + else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus()) && deptService.selectNormalChildrenDeptById(deptId) > 0) { return AjaxResult.error("该部门包含未停用的子部门!"); } @@ -159,6 +160,7 @@ public class SysDeptController extends BaseController { return AjaxResult.error("部门存在用户,不允许删除"); } + deptService.checkDeptDataScope(deptId); return toAjax(deptService.deleteDeptById(deptId)); } } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java index 52023fb..5329e8e 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java @@ -102,6 +102,7 @@ public class SysRoleController extends BaseController public AjaxResult edit(@Validated @RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) { return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); @@ -123,6 +124,7 @@ public class SysRoleController extends BaseController public AjaxResult dataScope(@RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.authDataScope(role)); } @@ -135,6 +137,7 @@ public class SysRoleController extends BaseController public AjaxResult changeStatus(@RequestBody SysRole role) { roleService.checkRoleAllowed(role); + roleService.checkRoleDataScope(role.getRoleId()); role.setUpdateBy(SecurityUtils.getUsername()); return toAjax(roleService.updateRoleStatus(role)); } @@ -213,6 +216,7 @@ public class SysRoleController extends BaseController @PutMapping("/authUser/selectAll") public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds) { + roleService.checkRoleDataScope(roleId); return toAjax(roleService.insertAuthUsers(roleId, userIds)); } } \ No newline at end of file diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java index bc94e42..cdd0b2d 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java @@ -223,6 +223,7 @@ public class SysUserController extends BaseController public AjaxResult edit(@Validated @RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); if (StringUtils.isNotEmpty(user.getPhonenumber()) && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) { @@ -261,6 +262,7 @@ public class SysUserController extends BaseController public AjaxResult resetPwd(@RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); user.setUpdateBy(SecurityUtils.getUsername()); return toAjax(userService.resetPwd(user)); @@ -275,6 +277,7 @@ public class SysUserController extends BaseController public AjaxResult changeStatus(@RequestBody SysUser user) { userService.checkUserAllowed(user); + userService.checkUserDataScope(user.getUserId()); user.setUpdateBy(SecurityUtils.getUsername()); return toAjax(userService.updateUserStatus(user)); } @@ -302,6 +305,7 @@ public class SysUserController extends BaseController @PutMapping("/authRole") public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { + userService.checkUserDataScope(userId); userService.insertUserAuth(userId, roleIds); return success(); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java index ec7d7c0..4c5feb1 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java @@ -361,6 +361,7 @@ public class SysRoleServiceImpl implements ISysRoleService for (Long roleId : roleIds) { checkRoleAllowed(new SysRole(roleId)); + checkRoleDataScope(roleId); SysRole role = selectRoleById(roleId); if (countUserRoleByRoleId(roleId) > 0) { diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java index 19d40a0..43d6e8c 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java @@ -482,6 +482,7 @@ public class SysUserServiceImpl implements ISysUserService for (Long userId : userIds) { checkUserAllowed(new SysUser(userId)); + checkUserDataScope(userId); } // 删除用户与角色关联 userRoleMapper.deleteUserRole(userIds);