用户角色权限优化
This commit is contained in:
parent
708ef3a735
commit
acbf9e7876
|
@ -1,12 +1,7 @@
|
||||||
package com.ruoyi.web.controller.monitor;
|
package com.ruoyi.web.controller.monitor;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.*;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Properties;
|
|
||||||
import java.util.Set;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.data.redis.core.RedisCallback;
|
import org.springframework.data.redis.core.RedisCallback;
|
||||||
import org.springframework.data.redis.core.RedisTemplate;
|
import org.springframework.data.redis.core.RedisTemplate;
|
||||||
|
@ -87,7 +82,7 @@ public class CacheController
|
||||||
public AjaxResult getCacheKeys(@PathVariable String cacheName)
|
public AjaxResult getCacheKeys(@PathVariable String cacheName)
|
||||||
{
|
{
|
||||||
Set<String> cacheKeys = redisTemplate.keys(cacheName + "*");
|
Set<String> cacheKeys = redisTemplate.keys(cacheName + "*");
|
||||||
return AjaxResult.success(cacheKeys);
|
return AjaxResult.success(new TreeSet<>(cacheKeys));
|
||||||
}
|
}
|
||||||
|
|
||||||
@PreAuthorize("@ss.hasPermi('monitor:cache:list')")
|
@PreAuthorize("@ss.hasPermi('monitor:cache:list')")
|
||||||
|
|
|
@ -148,6 +148,8 @@ public class SysUserController extends BaseController
|
||||||
@PostMapping
|
@PostMapping
|
||||||
public AjaxResult add(@Validated @RequestBody SysUser user)
|
public AjaxResult add(@Validated @RequestBody SysUser user)
|
||||||
{
|
{
|
||||||
|
deptService.checkDeptDataScope(user.getDeptId());
|
||||||
|
roleService.checkRoleDataScope(user.getRoleIds());
|
||||||
if (!userService.checkUserNameUnique(user))
|
if (!userService.checkUserNameUnique(user))
|
||||||
{
|
{
|
||||||
return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在");
|
return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在");
|
||||||
|
@ -180,6 +182,8 @@ public class SysUserController extends BaseController
|
||||||
{
|
{
|
||||||
userService.checkUserAllowed(user);
|
userService.checkUserAllowed(user);
|
||||||
userService.checkUserDataScope(user.getUserId());
|
userService.checkUserDataScope(user.getUserId());
|
||||||
|
deptService.checkDeptDataScope(user.getDeptId());
|
||||||
|
roleService.checkRoleDataScope(user.getRoleIds());
|
||||||
if (!userService.checkUserNameUnique(user))
|
if (!userService.checkUserNameUnique(user))
|
||||||
{
|
{
|
||||||
return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
|
return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在");
|
||||||
|
@ -301,6 +305,7 @@ public class SysUserController extends BaseController
|
||||||
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
|
public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
|
||||||
{
|
{
|
||||||
userService.checkUserDataScope(userId);
|
userService.checkUserDataScope(userId);
|
||||||
|
roleService.checkRoleDataScope(roleIds);
|
||||||
userService.insertUserAuth(userId, roleIds);
|
userService.insertUserAuth(userId, roleIds);
|
||||||
return success();
|
return success();
|
||||||
}
|
}
|
||||||
|
|
|
@ -88,6 +88,11 @@ public @interface Excel
|
||||||
*/
|
*/
|
||||||
public String[] combo() default {};
|
public String[] combo() default {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 是否从字典读数据到combo,默认不读取,如读取需要设置dictType注解.
|
||||||
|
*/
|
||||||
|
public boolean comboReadDict() default false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 是否需要纵向合并单元格,应对需求:含有list集合单元格)
|
* 是否需要纵向合并单元格,应对需求:含有list集合单元格)
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -92,11 +92,18 @@ public class DataScopeAspect
|
||||||
{
|
{
|
||||||
StringBuilder sqlString = new StringBuilder();
|
StringBuilder sqlString = new StringBuilder();
|
||||||
List<String> conditions = new ArrayList<String>();
|
List<String> conditions = new ArrayList<String>();
|
||||||
|
List<String> scopeCustomIds = new ArrayList<String>();
|
||||||
|
user.getRoles().forEach(role -> {
|
||||||
|
if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
|
||||||
|
{
|
||||||
|
scopeCustomIds.add(Convert.toStr(role.getRoleId()));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
for (SysRole role : user.getRoles())
|
for (SysRole role : user.getRoles())
|
||||||
{
|
{
|
||||||
String dataScope = role.getDataScope();
|
String dataScope = role.getDataScope();
|
||||||
if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
|
if (conditions.contains(dataScope))
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -113,9 +120,15 @@ public class DataScopeAspect
|
||||||
}
|
}
|
||||||
else if (DATA_SCOPE_CUSTOM.equals(dataScope))
|
else if (DATA_SCOPE_CUSTOM.equals(dataScope))
|
||||||
{
|
{
|
||||||
sqlString.append(StringUtils.format(
|
if (scopeCustomIds.size() > 1)
|
||||||
" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
|
{
|
||||||
role.getRoleId()));
|
// 多个自定数据权限使用in查询,避免多次拼接。
|
||||||
|
sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds)));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (DATA_SCOPE_DEPT.equals(dataScope))
|
else if (DATA_SCOPE_DEPT.equals(dataScope))
|
||||||
{
|
{
|
||||||
|
@ -142,7 +155,7 @@ public class DataScopeAspect
|
||||||
conditions.add(dataScope);
|
conditions.add(dataScope);
|
||||||
}
|
}
|
||||||
|
|
||||||
// 多角色情况下,所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,所以要限制一下,不查询任何数据
|
// 角色都不包含传递过来的权限字符,这个时候sqlString也会为空,所以要限制一下,不查询任何数据
|
||||||
if (StringUtils.isEmpty(conditions))
|
if (StringUtils.isEmpty(conditions))
|
||||||
{
|
{
|
||||||
sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
|
sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
package com.ruoyi.framework.web.exception;
|
package com.ruoyi.framework.web.exception;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
|
import com.ruoyi.common.core.text.Convert;
|
||||||
|
import com.ruoyi.common.utils.html.EscapeUtil;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
|
@ -79,8 +82,13 @@ public class GlobalExceptionHandler
|
||||||
public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request)
|
public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request)
|
||||||
{
|
{
|
||||||
String requestURI = request.getRequestURI();
|
String requestURI = request.getRequestURI();
|
||||||
|
String value = Convert.toStr(e.getValue());
|
||||||
|
if (StringUtils.isNotEmpty(value))
|
||||||
|
{
|
||||||
|
value = EscapeUtil.clean(value);
|
||||||
|
}
|
||||||
log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e);
|
log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e);
|
||||||
return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), e.getValue()));
|
return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), value));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -131,12 +131,12 @@ public class SysLoginService
|
||||||
{
|
{
|
||||||
String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + StringUtils.nvl(uuid, "");
|
String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + StringUtils.nvl(uuid, "");
|
||||||
String captcha = redisCache.getCacheObject(verifyKey);
|
String captcha = redisCache.getCacheObject(verifyKey);
|
||||||
redisCache.deleteObject(verifyKey);
|
|
||||||
if (captcha == null)
|
if (captcha == null)
|
||||||
{
|
{
|
||||||
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire")));
|
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire")));
|
||||||
throw new CaptchaExpireException();
|
throw new CaptchaExpireException();
|
||||||
}
|
}
|
||||||
|
redisCache.deleteObject(verifyKey);
|
||||||
if (!code.equalsIgnoreCase(captcha))
|
if (!code.equalsIgnoreCase(captcha))
|
||||||
{
|
{
|
||||||
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
|
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error")));
|
||||||
|
|
|
@ -12,12 +12,12 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||||
#if($table.sub)
|
#if($table.sub)
|
||||||
|
|
||||||
<resultMap id="${ClassName}${subClassName}Result" type="${ClassName}" extends="${ClassName}Result">
|
<resultMap id="${ClassName}${subClassName}Result" type="${ClassName}" extends="${ClassName}Result">
|
||||||
<collection property="${subclassName}List" notNullColumn="sub_${subTable.pkColumn.columnName}" javaType="java.util.List" resultMap="${subClassName}Result" />
|
<collection property="${subclassName}List" ofType="${subClassName}" column="${pkColumn.columnName}" select="select${subClassName}List" />
|
||||||
</resultMap>
|
</resultMap>
|
||||||
|
|
||||||
<resultMap type="${subClassName}" id="${subClassName}Result">
|
<resultMap type="${subClassName}" id="${subClassName}Result">
|
||||||
#foreach ($column in $subTable.columns)
|
#foreach ($column in $subTable.columns)
|
||||||
<result property="${column.javaField}" column="sub_${column.columnName}" />
|
<result property="${column.javaField}" column="${column.columnName}" />
|
||||||
#end
|
#end
|
||||||
</resultMap>
|
</resultMap>
|
||||||
#end
|
#end
|
||||||
|
@ -63,14 +63,19 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
||||||
<include refid="select${ClassName}Vo"/>
|
<include refid="select${ClassName}Vo"/>
|
||||||
where ${pkColumn.columnName} = #{${pkColumn.javaField}}
|
where ${pkColumn.columnName} = #{${pkColumn.javaField}}
|
||||||
#elseif($table.sub)
|
#elseif($table.sub)
|
||||||
select#foreach($column in $columns) a.$column.columnName#if($foreach.count != $columns.size()),#end#end,
|
select#foreach($column in $columns) $column.columnName#if($foreach.count != $columns.size()),#end#end
|
||||||
#foreach($column in $subTable.columns) b.$column.columnName as sub_$column.columnName#if($foreach.count != $subTable.columns.size()),#end#end
|
from ${tableName}
|
||||||
|
where ${pkColumn.columnName} = #{${pkColumn.javaField}}
|
||||||
from ${tableName} a
|
|
||||||
left join ${subTableName} b on b.${subTableFkName} = a.${pkColumn.columnName}
|
|
||||||
where a.${pkColumn.columnName} = #{${pkColumn.javaField}}
|
|
||||||
#end
|
#end
|
||||||
</select>
|
</select>
|
||||||
|
#if($table.sub)
|
||||||
|
|
||||||
|
<select id="select${subClassName}List" resultType="${subClassName}" resultMap="${subClassName}Result">
|
||||||
|
select#foreach ($column in $subTable.columns) $column.columnName#if($foreach.count != $subTable.columns.size()),#end#end
|
||||||
|
from ${subTableName}
|
||||||
|
where ${subTableFkName} = #{${subTableFkName}}
|
||||||
|
</select>
|
||||||
|
#end
|
||||||
|
|
||||||
<insert id="insert${ClassName}" parameterType="${ClassName}"#if($pkColumn.increment) useGeneratedKeys="true" keyProperty="$pkColumn.javaField"#end>
|
<insert id="insert${ClassName}" parameterType="${ClassName}"#if($pkColumn.increment) useGeneratedKeys="true" keyProperty="$pkColumn.javaField"#end>
|
||||||
insert into ${tableName}
|
insert into ${tableName}
|
||||||
|
|
|
@ -85,9 +85,9 @@ public interface ISysRoleService
|
||||||
/**
|
/**
|
||||||
* 校验角色是否有数据权限
|
* 校验角色是否有数据权限
|
||||||
*
|
*
|
||||||
* @param roleId 角色id
|
* @param roleIds 角色id
|
||||||
*/
|
*/
|
||||||
public void checkRoleDataScope(Long roleId);
|
public void checkRoleDataScope(Long... roleIds);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 通过角色ID查询角色使用数量
|
* 通过角色ID查询角色使用数量
|
||||||
|
|
|
@ -190,7 +190,7 @@ public class SysDeptServiceImpl implements ISysDeptService
|
||||||
@Override
|
@Override
|
||||||
public void checkDeptDataScope(Long deptId)
|
public void checkDeptDataScope(Long deptId)
|
||||||
{
|
{
|
||||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId))
|
||||||
{
|
{
|
||||||
SysDept dept = new SysDept();
|
SysDept dept = new SysDept();
|
||||||
dept.setDeptId(deptId);
|
dept.setDeptId(deptId);
|
||||||
|
|
|
@ -192,12 +192,14 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||||
/**
|
/**
|
||||||
* 校验角色是否有数据权限
|
* 校验角色是否有数据权限
|
||||||
*
|
*
|
||||||
* @param roleId 角色id
|
* @param roleIds 角色id
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void checkRoleDataScope(Long roleId)
|
public void checkRoleDataScope(Long... roleIds)
|
||||||
{
|
{
|
||||||
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
if (!SysUser.isAdmin(SecurityUtils.getUserId()))
|
||||||
|
{
|
||||||
|
for (Long roleId : roleIds)
|
||||||
{
|
{
|
||||||
SysRole role = new SysRole();
|
SysRole role = new SysRole();
|
||||||
role.setRoleId(roleId);
|
role.setRoleId(roleId);
|
||||||
|
@ -208,6 +210,7 @@ public class SysRoleServiceImpl implements ISysRoleService
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 通过角色ID查询角色使用数量
|
* 通过角色ID查询角色使用数量
|
||||||
|
|
|
@ -4,6 +4,8 @@ import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
import javax.validation.Validator;
|
import javax.validation.Validator;
|
||||||
|
|
||||||
|
import com.ruoyi.system.service.ISysDeptService;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
@ -58,6 +60,9 @@ public class SysUserServiceImpl implements ISysUserService
|
||||||
@Autowired
|
@Autowired
|
||||||
private ISysConfigService configService;
|
private ISysConfigService configService;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private ISysDeptService deptService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
protected Validator validator;
|
protected Validator validator;
|
||||||
|
|
||||||
|
@ -489,7 +494,6 @@ public class SysUserServiceImpl implements ISysUserService
|
||||||
int failureNum = 0;
|
int failureNum = 0;
|
||||||
StringBuilder successMsg = new StringBuilder();
|
StringBuilder successMsg = new StringBuilder();
|
||||||
StringBuilder failureMsg = new StringBuilder();
|
StringBuilder failureMsg = new StringBuilder();
|
||||||
String password = configService.selectConfigByKey("sys.user.initPassword");
|
|
||||||
for (SysUser user : userList)
|
for (SysUser user : userList)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
@ -499,6 +503,8 @@ public class SysUserServiceImpl implements ISysUserService
|
||||||
if (StringUtils.isNull(u))
|
if (StringUtils.isNull(u))
|
||||||
{
|
{
|
||||||
BeanValidators.validateWithException(validator, user);
|
BeanValidators.validateWithException(validator, user);
|
||||||
|
deptService.checkDeptDataScope(user.getDeptId());
|
||||||
|
String password = configService.selectConfigByKey("sys.user.initPassword");
|
||||||
user.setPassword(SecurityUtils.encryptPassword(password));
|
user.setPassword(SecurityUtils.encryptPassword(password));
|
||||||
user.setCreateBy(operName);
|
user.setCreateBy(operName);
|
||||||
userMapper.insertUser(user);
|
userMapper.insertUser(user);
|
||||||
|
@ -510,6 +516,7 @@ public class SysUserServiceImpl implements ISysUserService
|
||||||
BeanValidators.validateWithException(validator, user);
|
BeanValidators.validateWithException(validator, user);
|
||||||
checkUserAllowed(u);
|
checkUserAllowed(u);
|
||||||
checkUserDataScope(u.getUserId());
|
checkUserDataScope(u.getUserId());
|
||||||
|
deptService.checkDeptDataScope(user.getDeptId());
|
||||||
user.setUserId(u.getUserId());
|
user.setUserId(u.getUserId());
|
||||||
user.setUpdateBy(operName);
|
user.setUpdateBy(operName);
|
||||||
userMapper.updateUser(user);
|
userMapper.updateUser(user);
|
||||||
|
|
|
@ -51,6 +51,12 @@ export default {
|
||||||
methods: {
|
methods: {
|
||||||
// 单选按钮值变化时
|
// 单选按钮值变化时
|
||||||
radioChange() {
|
radioChange() {
|
||||||
|
if (this.cron.min === '*') {
|
||||||
|
this.$emit('update', 'min', '0', 'hour');
|
||||||
|
}
|
||||||
|
if (this.cron.second === '*') {
|
||||||
|
this.$emit('update', 'second', '0', 'hour');
|
||||||
|
}
|
||||||
switch (this.radioValue) {
|
switch (this.radioValue) {
|
||||||
case 1:
|
case 1:
|
||||||
this.$emit('update', 'hour', '*')
|
this.$emit('update', 'hour', '*')
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue