Pre Merge pull request !401 from D哥/N/A

解决数据权限过滤处理逻辑中，莫名其妙添加AND (d.dept_id = 0)的问题。
修改前生成sql语句：
SELECT d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time, d.tenant_id FROM sys_dept d WHERE d.del_flag = '0' AND (d.dept_id = 0) ORDER BY d.parent_id, d.order_num

修改后生成sql语句：
SELECT d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time, d.tenant_id FROM sys_dept d WHERE d.del_flag = '0' ORDER BY d.parent_id, d.order_num

Signed-off-by: D哥 <12271764+darrenteng@user.noreply.gitee.com>

ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java

@@ -5,11 +5,12 @@ import java.util.List;
 import javax.validation.constraints.*;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import com.ruoyi.common.core.annotation.Excel;
 import com.ruoyi.common.core.annotation.Excel.ColumnType;
 import com.ruoyi.common.core.annotation.Excel.Type;
-import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.annotation.Excels;
+import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.web.domain.BaseEntity;
 import com.ruoyi.common.core.xss.Xss;
 
@@ -201,6 +202,7 @@ public class SysUser extends BaseEntity
         this.avatar = avatar;
     }
 
+    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
     public String getPassword()
     {
         return password;

ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java

@@ -113,9 +113,10 @@ public class DataScopeAspect
             }
             if (DATA_SCOPE_ALL.equals(dataScope))
             {
+                // 全部数据权限，不添加额外条件
                 sqlString = new StringBuilder();
-                conditions.add(dataScope);
-                break;
+                conditions.clear();
+                return;
             }
             else if (DATA_SCOPE_CUSTOM.equals(dataScope))
             {
@@ -143,28 +144,28 @@ public class DataScopeAspect
                 {
                     sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
                 }
-                else
-                {
-                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
-                    sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
-                }
+                // 当没有 userAlias 时，不添加任何条件
             }
             conditions.add(dataScope);
         }
 
-        // 角色都不包含传递过来的权限字符，这个时候sqlString也会为空，所以要限制一下,不查询任何数据
+        // 角色都不包含传递过来的权限字符，这个时候不添加任何条件
         if (StringUtils.isEmpty(conditions))
         {
-            sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
+            sqlString = new StringBuilder();
         }
 
-        if (StringUtils.isNotBlank(sqlString.toString()))
+        String sql = sqlString.toString().trim();
+        if (sql.startsWith("OR ")) {
+            sql = sql.substring(3);
+        }
+        if (StringUtils.isNotBlank(sql))
         {
             Object params = joinPoint.getArgs()[0];
-            if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
+            if (params instanceof BaseEntity)
             {
                 BaseEntity baseEntity = (BaseEntity) params;
-                baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
+                baseEntity.getParams().put(DATA_SCOPE, " AND (" + sql + ")");
             }
         }
     }

ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java

@@ -101,7 +101,8 @@ public class SysProfileController extends BaseController
         String newPassword = params.get("newPassword");
         LoginUser loginUser = SecurityUtils.getLoginUser();
         Long userId = loginUser.getUserid();
-        String password = loginUser.getSysUser().getPassword();
+        SysUser user = userService.selectUserById(userId);
+        String password = user.getPassword();
         if (!SecurityUtils.matchesPassword(oldPassword, password))
         {
             return error("修改密码失败，旧密码错误");