wsy182
/
RuoYi-Cloud
mirror of https://gitee.com/y_project/RuoYi-Cloud.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: wsy182:b692b38edfd7f83b4b6efdd932b2502e2a3ddeca
Branches Tags
wsy182:springboot3
wsy182:master
wsy182:v3.6.6
wsy182:v3.6.5
wsy182:v3.6.4
wsy182:v3.6.3
wsy182:v3.6.2
wsy182:v3.6.1
wsy182:v3.6.0
wsy182:v3.5.0
wsy182:v3.4.0
wsy182:v3.3.0
wsy182:v3.2.0
wsy182:v3.1.0
wsy182:v3.0.0
wsy182:v2.5.0
wsy182:v2.4.0
wsy182:v2.3.0
wsy182:v2.2
wsy182:v2.1
wsy182:v2.0
...
compare: wsy182:fd20b31477ce5656e0064b2726d5c54f8b2edb28
Branches Tags
wsy182:springboot3
wsy182:master
wsy182:v3.6.6
wsy182:v3.6.5
wsy182:v3.6.4
wsy182:v3.6.3
wsy182:v3.6.2
wsy182:v3.6.1
wsy182:v3.6.0
wsy182:v3.5.0
wsy182:v3.4.0
wsy182:v3.3.0
wsy182:v3.2.0
wsy182:v3.1.0
wsy182:v3.0.0
wsy182:v2.5.0
wsy182:v2.4.0
wsy182:v2.3.0
wsy182:v2.2
wsy182:v2.1
wsy182:v2.0

3 Commits
b692b38edf ... fd20b31477

Author SHA1 Message Date
D哥 fd20b31477
Pre Merge pull request !401 from D哥/N/A 2025-12-05 07:10:07 +00:00
RuoYi d488b79c2d 优化用户序列化忽略密码字段 2025-12-05 15:09:48 +08:00
D哥 6fb42d117e
解决数据权限过滤处理逻辑中,莫名其妙添加AND (d.dept_id = 0)的问题 
解决数据权限过滤处理逻辑中,莫名其妙添加AND (d.dept_id = 0)的问题。
修改前生成sql语句:
SELECT d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time, d.tenant_id FROM sys_dept d WHERE d.del_flag = '0' AND (d.dept_id = 0) ORDER BY d.parent_id, d.order_num

修改后生成sql语句:
SELECT d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time, d.tenant_id FROM sys_dept d WHERE d.del_flag = '0' ORDER BY d.parent_id, d.order_num

Signed-off-by: D哥 <12271764+darrenteng@user.noreply.gitee.com>
 2025-03-21 07:27:12 +00:00
3 changed files with 19 additions and 15 deletions
Show Stats Expand all files Collapse all files

4
ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java
View File

@ -5,11 +5,12 @@ import java.util.List;
import javax.validation.constraints.*; import javax.validation.constraints.*;
import org.apache.commons.lang3.builder.ToStringBuilder; import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle; import org.apache.commons.lang3.builder.ToStringStyle;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.ruoyi.common.core.annotation.Excel; import com.ruoyi.common.core.annotation.Excel;
import com.ruoyi.common.core.annotation.Excel.ColumnType; import com.ruoyi.common.core.annotation.Excel.ColumnType;
import com.ruoyi.common.core.annotation.Excel.Type; import com.ruoyi.common.core.annotation.Excel.Type;
import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.annotation.Excels; import com.ruoyi.common.core.annotation.Excels;
import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.web.domain.BaseEntity; import com.ruoyi.common.core.web.domain.BaseEntity;
import com.ruoyi.common.core.xss.Xss; import com.ruoyi.common.core.xss.Xss;
@ -201,6 +202,7 @@ public class SysUser extends BaseEntity
this.avatar = avatar; this.avatar = avatar;
} }
@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
public String getPassword() public String getPassword()
{ {
return password; return password;

25
ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java
View File

@ -113,9 +113,10 @@ public class DataScopeAspect
} }
if (DATA_SCOPE_ALL.equals(dataScope)) if (DATA_SCOPE_ALL.equals(dataScope))
{ {
// 全部数据权限,不添加额外条件
sqlString = new StringBuilder(); sqlString = new StringBuilder();
conditions.add(dataScope); conditions.clear();
break; return;
} }
else if (DATA_SCOPE_CUSTOM.equals(dataScope)) else if (DATA_SCOPE_CUSTOM.equals(dataScope))
{ {
@ -143,28 +144,28 @@ public class DataScopeAspect
{ {
sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId())); sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
} }
else // 当没有 userAlias 时,不添加任何条件
{
// 数据权限为仅本人且没有userAlias别名不查询任何数据
sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
}
} }
conditions.add(dataScope); conditions.add(dataScope);
} }
// 角色都不包含传递过来的权限字符,这个时候sqlString也会为空所以要限制一下,不查询任何数据 // 角色都不包含传递过来的权限字符,这个时候不添加任何条件
if (StringUtils.isEmpty(conditions)) if (StringUtils.isEmpty(conditions))
{ {
sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias)); sqlString = new StringBuilder();
} }
if (StringUtils.isNotBlank(sqlString.toString())) String sql = sqlString.toString().trim();
if (sql.startsWith("OR ")) {
sql = sql.substring(3);
}
if (StringUtils.isNotBlank(sql))
{ {
Object params = joinPoint.getArgs()[0]; Object params = joinPoint.getArgs()[0];
if (StringUtils.isNotNull(params) && params instanceof BaseEntity) if (params instanceof BaseEntity)
{ {
BaseEntity baseEntity = (BaseEntity) params; BaseEntity baseEntity = (BaseEntity) params;
baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")"); baseEntity.getParams().put(DATA_SCOPE, " AND (" + sql + ")");
} }
} }
} }

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java
View File

@ -101,7 +101,8 @@ public class SysProfileController extends BaseController
String newPassword = params.get("newPassword"); String newPassword = params.get("newPassword");
LoginUser loginUser = SecurityUtils.getLoginUser(); LoginUser loginUser = SecurityUtils.getLoginUser();
Long userId = loginUser.getUserid(); Long userId = loginUser.getUserid();
String password = loginUser.getSysUser().getPassword(); SysUser user = userService.selectUserById(userId);
String password = user.getPassword();
if (!SecurityUtils.matchesPassword(oldPassword, password)) if (!SecurityUtils.matchesPassword(oldPassword, password))
{ {
return error("修改密码失败,旧密码错误"); return error("修改密码失败,旧密码错误");