wsy182/RuoYi-Cloud
1
1
Fork 0
mirror of https://gitee.com/y_project/RuoYi-Cloud.git synced 2026-01-26 11:51:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

优化多角色数据权限匹配规则

Browse Source
This commit is contained in:
RuoYi
2022-08-22 15:02:29 +08:00
parent 12d335b9ac
commit 767f7c8621
24 changed files with 243 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java
View File

@@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
@@ -55,8 +54,7 @@ public class SysDeptController extends BaseController
public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
{
List<SysDept> depts = deptService.selectDeptList(new SysDept());
depts.removeIf(d -> d.getDeptId().intValue() == deptId
|| ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
depts.removeIf(d -> d.getDeptId().intValue() == deptId || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
return AjaxResult.success(depts);
}
@@ -71,29 +69,6 @@ public class SysDeptController extends BaseController
return AjaxResult.success(deptService.selectDeptById(deptId));
}
/**
* 获取部门下拉树列表
*/
@GetMapping("/treeselect")
public AjaxResult treeselect(SysDept dept)
{
List<SysDept> depts = deptService.selectDeptList(dept);
return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
}
/**
* 加载对应角色部门列表树
*/
@GetMapping(value = "/roleDeptTreeselect/{roleId}")
public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
{
List<SysDept> depts = deptService.selectDeptList(new SysDept());
AjaxResult ajax = AjaxResult.success();
ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
ajax.put("depts", deptService.buildDeptTreeSelect(depts));
return ajax;
}
/**
* 新增部门
*/

20
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java
View File

@@ -21,9 +21,11 @@ import com.ruoyi.common.log.annotation.Log;
import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.security.annotation.RequiresPermissions;
import com.ruoyi.common.security.utils.SecurityUtils;
import com.ruoyi.system.api.domain.SysDept;
import com.ruoyi.system.api.domain.SysRole;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.domain.SysUserRole;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@@ -42,6 +44,9 @@ public class SysRoleController extends BaseController
@Autowired
private ISysUserService userService;
@Autowired
private ISysDeptService deptService;
@RequiresPermissions("system:role:list")
@GetMapping("/list")
public TableDataInfo list(SysRole role)
@@ -219,4 +224,17 @@ public class SysRoleController extends BaseController
roleService.checkRoleDataScope(roleId);
return toAjax(roleService.insertAuthUsers(roleId, userIds));
}
}
/**
* 获取对应角色部门树列表
*/
@RequiresPermissions("system:role:query")
@GetMapping(value = "/deptTree/{roleId}")
public AjaxResult deptTree(@PathVariable("roleId") Long roleId)
{
AjaxResult ajax = AjaxResult.success();
ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
ajax.put("depts", deptService.selectDeptTreeList(new SysDept()));
return ajax;
}
}

27
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java
View File

@@ -29,10 +29,12 @@ import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.security.annotation.InnerAuth;
import com.ruoyi.common.security.annotation.RequiresPermissions;
import com.ruoyi.common.security.utils.SecurityUtils;
import com.ruoyi.system.api.domain.SysDept;
import com.ruoyi.system.api.domain.SysRole;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.api.model.LoginUser;
import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService;
@@ -53,6 +55,9 @@ public class SysUserController extends BaseController
@Autowired
private ISysRoleService roleService;
@Autowired
private ISysDeptService deptService;
@Autowired
private ISysPostService postService;
@@ -116,9 +121,9 @@ public class SysUserController extends BaseController
return R.fail("用户名或密码错误");
}
// 角色集合
Set<String> roles = permissionService.getRolePermission(sysUser.getUserId());
Set<String> roles = permissionService.getRolePermission(sysUser);
// 权限集合
Set<String> permissions = permissionService.getMenuPermission(sysUser.getUserId());
Set<String> permissions = permissionService.getMenuPermission(sysUser);
LoginUser sysUserVo = new LoginUser();
sysUserVo.setSysUser(sysUser);
sysUserVo.setRoles(roles);
@@ -153,13 +158,13 @@ public class SysUserController extends BaseController
@GetMapping("getInfo")
public AjaxResult getInfo()
{
Long userId = SecurityUtils.getUserId();
SysUser user = userService.selectUserById(SecurityUtils.getUserId());
// 角色集合
Set<String> roles = permissionService.getRolePermission(userId);
Set<String> roles = permissionService.getRolePermission(user);
// 权限集合
Set<String> permissions = permissionService.getMenuPermission(userId);
Set<String> permissions = permissionService.getMenuPermission(user);
AjaxResult ajax = AjaxResult.success();
ajax.put("user", userService.selectUserById(userId));
ajax.put("user", user);
ajax.put("roles", roles);
ajax.put("permissions", permissions);
return ajax;
@@ -309,4 +314,14 @@ public class SysUserController extends BaseController
userService.insertUserAuth(userId, roleIds);
return success();
}
/**
* 获取部门树列表
*/
@RequiresPermissions("system:user:list")
@GetMapping("/deptTree")
public AjaxResult deptTree(SysDept dept)
{
return AjaxResult.success(deptService.selectDeptTreeList(dept));
}
}

8
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java
View File

@@ -34,6 +34,14 @@ public interface SysMenuMapper
*/
public List<SysMenu> selectMenuListByUserId(SysMenu menu);
/**
* 根据角色ID查询权限
*
* @param roleId 角色ID
* @return 权限列表
*/
public List<String> selectMenuPermsByRoleId(Long roleId);
/**
* 根据用户ID查询权限
*

8
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java
View File

@@ -19,6 +19,14 @@ public interface ISysDeptService
*/
public List<SysDept> selectDeptList(SysDept dept);
/**
* 查询部门树结构信息
*
* @param dept 部门信息
* @return 部门树信息集合
*/
public List<TreeSelect> selectDeptTreeList(SysDept dept);
/**
* 构建前端所需要树结构
*

8
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java
View File

@@ -38,6 +38,14 @@ public interface ISysMenuService
*/
public Set<String> selectMenuPermsByUserId(Long userId);
/**
* 根据角色ID查询权限
*
* @param roleId 角色ID
* @return 权限列表
*/
public Set<String> selectMenuPermsByRoleId(Long roleId);
/**
* 根据用户ID查询菜单树信息
*

11
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysPermissionService.java
View File

@@ -2,6 +2,13 @@ package com.ruoyi.system.service;
import java.util.Set;
import com.ruoyi.system.api.domain.SysUser;
/**
* 权限信息 服务层
*
* @author ruoyi
*/
public interface ISysPermissionService
{
/**
@@ -10,7 +17,7 @@ public interface ISysPermissionService
* @param userId 用户Id
* @return 角色权限信息
*/
public Set<String> getRolePermission(Long userId);
public Set<String> getRolePermission(SysUser user);
/**
* 获取菜单数据权限
@@ -18,5 +25,5 @@ public interface ISysPermissionService
* @param userId 用户Id
* @return 菜单权限信息
*/
public Set<String> getMenuPermission(Long userId);
public Set<String> getMenuPermission(SysUser user);
}

13
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
View File

@@ -48,6 +48,19 @@ public class SysDeptServiceImpl implements ISysDeptService
return deptMapper.selectDeptList(dept);
}
/**
* 查询部门树结构信息
*
* @param dept 部门信息
* @return 部门树信息集合
*/
@Override
public List<TreeSelect> selectDeptTreeList(SysDept dept)
{
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
return buildDeptTreeSelect(depts);
}
/**
* 构建前端所需要树结构
*

21
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
View File

@@ -100,6 +100,27 @@ public class SysMenuServiceImpl implements ISysMenuService
return permsSet;
}
/**
* 根据角色ID查询权限
*
* @param roleId 角色ID
* @return 权限列表
*/
@Override
public Set<String> selectMenuPermsByRoleId(Long roleId)
{
List<String> perms = menuMapper.selectMenuPermsByRoleId(roleId);
Set<String> permsSet = new HashSet<>();
for (String perm : perms)
{
if (StringUtils.isNotEmpty(perm))
{
permsSet.addAll(Arrays.asList(perm.trim().split(",")));
}
}
return permsSet;
}
/**
* 根据用户ID查询菜单
*

33
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java
View File

@@ -1,14 +1,21 @@
package com.ruoyi.system.service.impl;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.ruoyi.system.api.domain.SysRole;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.service.ISysMenuService;
import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysRoleService;
/**
* 用户权限处理
*
* @author ruoyi
*/
@Service
public class SysPermissionServiceImpl implements ISysPermissionService
{
@@ -25,17 +32,17 @@ public class SysPermissionServiceImpl implements ISysPermissionService
* @return 角色权限信息
*/
@Override
public Set<String> getRolePermission(Long userId)
public Set<String> getRolePermission(SysUser user)
{
Set<String> roles = new HashSet<String>();
// 管理员拥有所有权限
if (SysUser.isAdmin(userId))
if (user.isAdmin())
{
roles.add("admin");
}
else
{
roles.addAll(roleService.selectRolePermissionByUserId(userId));
roles.addAll(roleService.selectRolePermissionByUserId(user.getUserId()));
}
return roles;
}
@@ -47,17 +54,31 @@ public class SysPermissionServiceImpl implements ISysPermissionService
* @return 菜单权限信息
*/
@Override
public Set<String> getMenuPermission(Long userId)
public Set<String> getMenuPermission(SysUser user)
{
Set<String> perms = new HashSet<String>();
// 管理员拥有所有权限
if (SysUser.isAdmin(userId))
if (user.isAdmin())
{
perms.add("*:*:*");
}
else
{
perms.addAll(menuService.selectMenuPermsByUserId(userId));
List<SysRole> roles = user.getRoles();
if (!roles.isEmpty() && roles.size() > 1)
{
// 多角色设置permissions属性以便数据权限匹配权限
for (SysRole role : roles)
{
Set<String> rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId());
role.setPermissions(rolePerms);
perms.addAll(rolePerms);
}
}
else
{
perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
}
}
return perms;
}

7
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml
View File

@@ -111,6 +111,13 @@
where m.status = '0' and r.status = '0' and ur.user_id = #{userId}
</select>
<select id="selectMenuPermsByRoleId" parameterType="Long" resultType="String">
select distinct m.perms
from sys_menu m
left join sys_role_menu rm on m.menu_id = rm.menu_id
where m.status = '0' and rm.role_id = #{roleId}
</select>
<select id="selectMenuById" parameterType="Long" resultMap="SysMenuResult">
<include refid="selectMenuVo"/>
where menu_id = #{menuId}