Просмотр исходного кода

update 优化校验角色是否有数据权限

AprilWind 1 год назад
Родитель
Сommit
a7cddc8d40

+ 18 - 0
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/mapper/SysRoleMapper.java

@@ -1,13 +1,16 @@
 package org.dromara.system.mapper;
 
+import cn.hutool.core.collection.CollUtil;
 import com.baomidou.mybatisplus.core.conditions.Wrapper;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Constants;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.apache.ibatis.annotations.Param;
+import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.mybatis.annotation.DataColumn;
 import org.dromara.common.mybatis.annotation.DataPermission;
 import org.dromara.common.mybatis.core.mapper.BaseMapperPlus;
+import org.dromara.common.satoken.utils.LoginHelper;
 import org.dromara.system.domain.SysRole;
 import org.dromara.system.domain.vo.SysRoleVo;
 
@@ -75,6 +78,21 @@ public interface SysRoleMapper extends BaseMapperPlus<SysRole, SysRoleVo> {
         return this.selectCount(new LambdaQueryWrapper<SysRole>().in(SysRole::getRoleId, roleIds));
     }
 
+    /**
+     * 校验角色是否有数据权限
+     *
+     * @param roleIds 角色ID列表(支持传单个ID)
+     */
+    default void checkRoleDataScope(List<Long> roleIds) {
+        if (CollUtil.isEmpty(roleIds) || LoginHelper.isSuperAdmin()) {
+            return;
+        }
+        long count = this.selectRoleCount(roleIds);
+        if (count != roleIds.size()) {
+            throw new ServiceException("没有权限访问部分角色数据!");
+        }
+    }
+
     /**
      * 根据角色ID查询角色信息
      *

+ 2 - 7
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java

@@ -254,12 +254,7 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
         if (ObjectUtil.isNull(roleId)) {
             return;
         }
-        if (LoginHelper.isSuperAdmin()) {
-            return;
-        }
-        if (baseMapper.selectRoleCount(Collections.singletonList(roleId)) == 0) {
-            throw new ServiceException("没有权限访问角色数据!");
-        }
+        baseMapper.checkRoleDataScope(Collections.singletonList(roleId));
     }
 
     /**
@@ -417,9 +412,9 @@ public class SysRoleServiceImpl implements ISysRoleService, RoleService {
     @Transactional(rollbackFor = Exception.class)
     public int deleteRoleByIds(List<Long> roleIds) {
         List<SysRole> roles = baseMapper.selectByIds(roleIds);
+        baseMapper.checkRoleDataScope(roleIds);
         for (SysRole role : roles) {
             checkRoleAllowed(BeanUtil.toBean(role, SysRoleBo.class));
-            checkRoleDataScope(role.getRoleId());
             if (countUserRoleByRoleId(role.getRoleId()) > 0) {
                 throw new ServiceException(String.format("%1$s已分配,不能删除!", role.getRoleName()));
             }