mirror of
https://gitee.com/y_project/RuoYi-Cloud.git
synced 2026-01-26 19:51:56 +08:00
优化多角色数据权限匹配规则
This commit is contained in:
RuoYi
@@ -1,6 +1,5 @@
|
||||
package com.ruoyi.system.controller;
|
||||
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import org.apache.commons.lang3.ArrayUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -55,8 +54,7 @@ public class SysDeptController extends BaseController
|
||||
public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
|
||||
{
|
||||
List<SysDept> depts = deptService.selectDeptList(new SysDept());
|
||||
depts.removeIf(d -> d.getDeptId().intValue() == deptId
|
||||
|| ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
|
||||
depts.removeIf(d -> d.getDeptId().intValue() == deptId || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
|
||||
return AjaxResult.success(depts);
|
||||
}
|
||||
|
||||
@@ -71,29 +69,6 @@ public class SysDeptController extends BaseController
|
||||
return AjaxResult.success(deptService.selectDeptById(deptId));
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取部门下拉树列表
|
||||
*/
|
||||
@GetMapping("/treeselect")
|
||||
public AjaxResult treeselect(SysDept dept)
|
||||
{
|
||||
List<SysDept> depts = deptService.selectDeptList(dept);
|
||||
return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
|
||||
}
|
||||
|
||||
/**
|
||||
* 加载对应角色部门列表树
|
||||
*/
|
||||
@GetMapping(value = "/roleDeptTreeselect/{roleId}")
|
||||
public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
|
||||
{
|
||||
List<SysDept> depts = deptService.selectDeptList(new SysDept());
|
||||
AjaxResult ajax = AjaxResult.success();
|
||||
ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
|
||||
ajax.put("depts", deptService.buildDeptTreeSelect(depts));
|
||||
return ajax;
|
||||
}
|
||||
|
||||
/**
|
||||
* 新增部门
|
||||
*/
|
||||
|
||||
@@ -21,9 +21,11 @@ import com.ruoyi.common.log.annotation.Log;
|
||||
import com.ruoyi.common.log.enums.BusinessType;
|
||||
import com.ruoyi.common.security.annotation.RequiresPermissions;
|
||||
import com.ruoyi.common.security.utils.SecurityUtils;
|
||||
import com.ruoyi.system.api.domain.SysDept;
|
||||
import com.ruoyi.system.api.domain.SysRole;
|
||||
import com.ruoyi.system.api.domain.SysUser;
|
||||
import com.ruoyi.system.domain.SysUserRole;
|
||||
import com.ruoyi.system.service.ISysDeptService;
|
||||
import com.ruoyi.system.service.ISysRoleService;
|
||||
import com.ruoyi.system.service.ISysUserService;
|
||||
|
||||
@@ -42,6 +44,9 @@ public class SysRoleController extends BaseController
|
||||
@Autowired
|
||||
private ISysUserService userService;
|
||||
|
||||
@Autowired
|
||||
private ISysDeptService deptService;
|
||||
|
||||
@RequiresPermissions("system:role:list")
|
||||
@GetMapping("/list")
|
||||
public TableDataInfo list(SysRole role)
|
||||
@@ -219,4 +224,17 @@ public class SysRoleController extends BaseController
|
||||
roleService.checkRoleDataScope(roleId);
|
||||
return toAjax(roleService.insertAuthUsers(roleId, userIds));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取对应角色部门树列表
|
||||
*/
|
||||
@RequiresPermissions("system:role:query")
|
||||
@GetMapping(value = "/deptTree/{roleId}")
|
||||
public AjaxResult deptTree(@PathVariable("roleId") Long roleId)
|
||||
{
|
||||
AjaxResult ajax = AjaxResult.success();
|
||||
ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
|
||||
ajax.put("depts", deptService.selectDeptTreeList(new SysDept()));
|
||||
return ajax;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -29,10 +29,12 @@ import com.ruoyi.common.log.enums.BusinessType;
|
||||
import com.ruoyi.common.security.annotation.InnerAuth;
|
||||
import com.ruoyi.common.security.annotation.RequiresPermissions;
|
||||
import com.ruoyi.common.security.utils.SecurityUtils;
|
||||
import com.ruoyi.system.api.domain.SysDept;
|
||||
import com.ruoyi.system.api.domain.SysRole;
|
||||
import com.ruoyi.system.api.domain.SysUser;
|
||||
import com.ruoyi.system.api.model.LoginUser;
|
||||
import com.ruoyi.system.service.ISysConfigService;
|
||||
import com.ruoyi.system.service.ISysDeptService;
|
||||
import com.ruoyi.system.service.ISysPermissionService;
|
||||
import com.ruoyi.system.service.ISysPostService;
|
||||
import com.ruoyi.system.service.ISysRoleService;
|
||||
@@ -53,6 +55,9 @@ public class SysUserController extends BaseController
|
||||
@Autowired
|
||||
private ISysRoleService roleService;
|
||||
|
||||
@Autowired
|
||||
private ISysDeptService deptService;
|
||||
|
||||
@Autowired
|
||||
private ISysPostService postService;
|
||||
|
||||
@@ -116,9 +121,9 @@ public class SysUserController extends BaseController
|
||||
return R.fail("用户名或密码错误");
|
||||
}
|
||||
// 角色集合
|
||||
Set<String> roles = permissionService.getRolePermission(sysUser.getUserId());
|
||||
Set<String> roles = permissionService.getRolePermission(sysUser);
|
||||
// 权限集合
|
||||
Set<String> permissions = permissionService.getMenuPermission(sysUser.getUserId());
|
||||
Set<String> permissions = permissionService.getMenuPermission(sysUser);
|
||||
LoginUser sysUserVo = new LoginUser();
|
||||
sysUserVo.setSysUser(sysUser);
|
||||
sysUserVo.setRoles(roles);
|
||||
@@ -153,13 +158,13 @@ public class SysUserController extends BaseController
|
||||
@GetMapping("getInfo")
|
||||
public AjaxResult getInfo()
|
||||
{
|
||||
Long userId = SecurityUtils.getUserId();
|
||||
SysUser user = userService.selectUserById(SecurityUtils.getUserId());
|
||||
// 角色集合
|
||||
Set<String> roles = permissionService.getRolePermission(userId);
|
||||
Set<String> roles = permissionService.getRolePermission(user);
|
||||
// 权限集合
|
||||
Set<String> permissions = permissionService.getMenuPermission(userId);
|
||||
Set<String> permissions = permissionService.getMenuPermission(user);
|
||||
AjaxResult ajax = AjaxResult.success();
|
||||
ajax.put("user", userService.selectUserById(userId));
|
||||
ajax.put("user", user);
|
||||
ajax.put("roles", roles);
|
||||
ajax.put("permissions", permissions);
|
||||
return ajax;
|
||||
@@ -309,4 +314,14 @@ public class SysUserController extends BaseController
|
||||
userService.insertUserAuth(userId, roleIds);
|
||||
return success();
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取部门树列表
|
||||
*/
|
||||
@RequiresPermissions("system:user:list")
|
||||
@GetMapping("/deptTree")
|
||||
public AjaxResult deptTree(SysDept dept)
|
||||
{
|
||||
return AjaxResult.success(deptService.selectDeptTreeList(dept));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -34,6 +34,14 @@ public interface SysMenuMapper
|
||||
*/
|
||||
public List<SysMenu> selectMenuListByUserId(SysMenu menu);
|
||||
|
||||
/**
|
||||
* 根据角色ID查询权限
|
||||
*
|
||||
* @param roleId 角色ID
|
||||
* @return 权限列表
|
||||
*/
|
||||
public List<String> selectMenuPermsByRoleId(Long roleId);
|
||||
|
||||
/**
|
||||
* 根据用户ID查询权限
|
||||
*
|
||||
|
||||
@@ -19,6 +19,14 @@ public interface ISysDeptService
|
||||
*/
|
||||
public List<SysDept> selectDeptList(SysDept dept);
|
||||
|
||||
/**
|
||||
* 查询部门树结构信息
|
||||
*
|
||||
* @param dept 部门信息
|
||||
* @return 部门树信息集合
|
||||
*/
|
||||
public List<TreeSelect> selectDeptTreeList(SysDept dept);
|
||||
|
||||
/**
|
||||
* 构建前端所需要树结构
|
||||
*
|
||||
|
||||
@@ -38,6 +38,14 @@ public interface ISysMenuService
|
||||
*/
|
||||
public Set<String> selectMenuPermsByUserId(Long userId);
|
||||
|
||||
/**
|
||||
* 根据角色ID查询权限
|
||||
*
|
||||
* @param roleId 角色ID
|
||||
* @return 权限列表
|
||||
*/
|
||||
public Set<String> selectMenuPermsByRoleId(Long roleId);
|
||||
|
||||
/**
|
||||
* 根据用户ID查询菜单树信息
|
||||
*
|
||||
|
||||
@@ -2,6 +2,13 @@ package com.ruoyi.system.service;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
import com.ruoyi.system.api.domain.SysUser;
|
||||
|
||||
/**
|
||||
* 权限信息 服务层
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public interface ISysPermissionService
|
||||
{
|
||||
/**
|
||||
@@ -10,7 +17,7 @@ public interface ISysPermissionService
|
||||
* @param userId 用户Id
|
||||
* @return 角色权限信息
|
||||
*/
|
||||
public Set<String> getRolePermission(Long userId);
|
||||
public Set<String> getRolePermission(SysUser user);
|
||||
|
||||
/**
|
||||
* 获取菜单数据权限
|
||||
@@ -18,5 +25,5 @@ public interface ISysPermissionService
|
||||
* @param userId 用户Id
|
||||
* @return 菜单权限信息
|
||||
*/
|
||||
public Set<String> getMenuPermission(Long userId);
|
||||
public Set<String> getMenuPermission(SysUser user);
|
||||
}
|
||||
|
||||
@@ -48,6 +48,19 @@ public class SysDeptServiceImpl implements ISysDeptService
|
||||
return deptMapper.selectDeptList(dept);
|
||||
}
|
||||
|
||||
/**
|
||||
* 查询部门树结构信息
|
||||
*
|
||||
* @param dept 部门信息
|
||||
* @return 部门树信息集合
|
||||
*/
|
||||
@Override
|
||||
public List<TreeSelect> selectDeptTreeList(SysDept dept)
|
||||
{
|
||||
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
|
||||
return buildDeptTreeSelect(depts);
|
||||
}
|
||||
|
||||
/**
|
||||
* 构建前端所需要树结构
|
||||
*
|
||||
|
||||
@@ -100,6 +100,27 @@ public class SysMenuServiceImpl implements ISysMenuService
|
||||
return permsSet;
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据角色ID查询权限
|
||||
*
|
||||
* @param roleId 角色ID
|
||||
* @return 权限列表
|
||||
*/
|
||||
@Override
|
||||
public Set<String> selectMenuPermsByRoleId(Long roleId)
|
||||
{
|
||||
List<String> perms = menuMapper.selectMenuPermsByRoleId(roleId);
|
||||
Set<String> permsSet = new HashSet<>();
|
||||
for (String perm : perms)
|
||||
{
|
||||
if (StringUtils.isNotEmpty(perm))
|
||||
{
|
||||
permsSet.addAll(Arrays.asList(perm.trim().split(",")));
|
||||
}
|
||||
}
|
||||
return permsSet;
|
||||
}
|
||||
|
||||
/**
|
||||
* 根据用户ID查询菜单
|
||||
*
|
||||
|
||||
@@ -1,14 +1,21 @@
|
||||
package com.ruoyi.system.service.impl;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import com.ruoyi.system.api.domain.SysRole;
|
||||
import com.ruoyi.system.api.domain.SysUser;
|
||||
import com.ruoyi.system.service.ISysMenuService;
|
||||
import com.ruoyi.system.service.ISysPermissionService;
|
||||
import com.ruoyi.system.service.ISysRoleService;
|
||||
|
||||
/**
|
||||
* 用户权限处理
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
@Service
|
||||
public class SysPermissionServiceImpl implements ISysPermissionService
|
||||
{
|
||||
@@ -25,17 +32,17 @@ public class SysPermissionServiceImpl implements ISysPermissionService
|
||||
* @return 角色权限信息
|
||||
*/
|
||||
@Override
|
||||
public Set<String> getRolePermission(Long userId)
|
||||
public Set<String> getRolePermission(SysUser user)
|
||||
{
|
||||
Set<String> roles = new HashSet<String>();
|
||||
// 管理员拥有所有权限
|
||||
if (SysUser.isAdmin(userId))
|
||||
if (user.isAdmin())
|
||||
{
|
||||
roles.add("admin");
|
||||
}
|
||||
else
|
||||
{
|
||||
roles.addAll(roleService.selectRolePermissionByUserId(userId));
|
||||
roles.addAll(roleService.selectRolePermissionByUserId(user.getUserId()));
|
||||
}
|
||||
return roles;
|
||||
}
|
||||
@@ -47,17 +54,31 @@ public class SysPermissionServiceImpl implements ISysPermissionService
|
||||
* @return 菜单权限信息
|
||||
*/
|
||||
@Override
|
||||
public Set<String> getMenuPermission(Long userId)
|
||||
public Set<String> getMenuPermission(SysUser user)
|
||||
{
|
||||
Set<String> perms = new HashSet<String>();
|
||||
// 管理员拥有所有权限
|
||||
if (SysUser.isAdmin(userId))
|
||||
if (user.isAdmin())
|
||||
{
|
||||
perms.add("*:*:*");
|
||||
}
|
||||
else
|
||||
{
|
||||
perms.addAll(menuService.selectMenuPermsByUserId(userId));
|
||||
List<SysRole> roles = user.getRoles();
|
||||
if (!roles.isEmpty() && roles.size() > 1)
|
||||
{
|
||||
// 多角色设置permissions属性,以便数据权限匹配权限
|
||||
for (SysRole role : roles)
|
||||
{
|
||||
Set<String> rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId());
|
||||
role.setPermissions(rolePerms);
|
||||
perms.addAll(rolePerms);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
|
||||
}
|
||||
}
|
||||
return perms;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user