Merge remote-tracking branch 'ruoyi-vue/master' into dev

# Conflicts: # pom.xml # ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java # ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java # ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java # ruoyi-common/src/main/java/com/ruoyi/common/utils/poi/ExcelUtil.java # ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java # ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java # ruoyi-ui/src/assets/styles/ruoyi.scss # ry.bat
2025-09-24 07:19:46 +08:00 · 2022-01-29 09:23:11 +08:00
parent ce9e033551 612c4293d1
commit 0b852faf00
6 changed files with 19 additions and 8 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
@ -116,12 +116,14 @@ public class SysDeptController extends BaseController {
    @Log(title = "部门管理", businessType = BusinessType.UPDATE)
    @PutMapping
    public AjaxResult<Void> edit(@Validated @RequestBody SysDept dept) {
+        Long deptId = dept.getDeptId();
+        deptService.checkDeptDataScope(deptId);
        if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept))) {
            return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败，部门名称已存在");
-        } else if (dept.getParentId().equals(dept.getDeptId())) {
+        } else if (dept.getParentId().equals(deptId)) {
            return AjaxResult.error("修改部门'" + dept.getDeptName() + "'失败，上级部门不能是自己");
        } else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus())
-            && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0) {
+            && deptService.selectNormalChildrenDeptById(deptId) > 0) {
            return AjaxResult.error("该部门包含未停用的子部门！");
        }
        return toAjax(deptService.updateDept(dept));
@ -141,6 +143,7 @@ public class SysDeptController extends BaseController {
        if (deptService.checkDeptExistUser(deptId)) {
            return AjaxResult.error("部门存在用户,不允许删除");
        }
+        deptService.checkDeptDataScope(deptId);
        return toAjax(deptService.deleteDeptById(deptId));
    }
 }
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
@ -95,6 +95,7 @@ public class SysRoleController extends BaseController {
    @PutMapping
    public AjaxResult<Void> edit(@Validated @RequestBody SysRole role) {
        roleService.checkRoleAllowed(role);
+        roleService.checkRoleDataScope(role.getRoleId());
        if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) {
            return AjaxResult.error("修改角色'" + role.getRoleName() + "'失败，角色名称已存在");
        } else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role))) {
@ -123,6 +124,7 @@ public class SysRoleController extends BaseController {
    @PutMapping("/dataScope")
    public AjaxResult<Void> dataScope(@RequestBody SysRole role) {
        roleService.checkRoleAllowed(role);
+        roleService.checkRoleDataScope(role.getRoleId());
        return toAjax(roleService.authDataScope(role));
    }

@ -135,6 +137,7 @@ public class SysRoleController extends BaseController {
    @PutMapping("/changeStatus")
    public AjaxResult<Void> changeStatus(@RequestBody SysRole role) {
        roleService.checkRoleAllowed(role);
+        roleService.checkRoleDataScope(role.getRoleId());
        return toAjax(roleService.updateRoleStatus(role));
    }

@ -217,6 +220,7 @@ public class SysRoleController extends BaseController {
    @Log(title = "角色管理", businessType = BusinessType.GRANT)
    @PutMapping("/authUser/selectAll")
    public AjaxResult<Void> selectAuthUserAll(Long roleId, Long[] userIds) {
+        roleService.checkRoleDataScope(roleId);
        return toAjax(roleService.insertAuthUsers(roleId, userIds));
    }
 }
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@ -150,6 +150,7 @@ public class SysUserController extends BaseController {
    @PutMapping
    public AjaxResult<Void> edit(@Validated @RequestBody SysUser user) {
        userService.checkUserAllowed(user);
+        userService.checkUserDataScope(user.getUserId());
        if (StringUtils.isNotEmpty(user.getPhonenumber())
            && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
            return AjaxResult.error("修改用户'" + user.getUserName() + "'失败，手机号码已存在");
@ -183,6 +184,7 @@ public class SysUserController extends BaseController {
    @PutMapping("/resetPwd")
    public AjaxResult<Void> resetPwd(@RequestBody SysUser user) {
        userService.checkUserAllowed(user);
+        userService.checkUserDataScope(user.getUserId());
        user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
        return toAjax(userService.resetPwd(user));
    }
@ -196,6 +198,7 @@ public class SysUserController extends BaseController {
    @PutMapping("/changeStatus")
    public AjaxResult<Void> changeStatus(@RequestBody SysUser user) {
        userService.checkUserAllowed(user);
+        userService.checkUserDataScope(user.getUserId());
        return toAjax(userService.updateUserStatus(user));
    }

@ -226,6 +229,7 @@ public class SysUserController extends BaseController {
    @Log(title = "用户管理", businessType = BusinessType.GRANT)
    @PutMapping("/authRole")
    public AjaxResult<Void> insertAuthRole(Long userId, Long[] roleIds) {
+        userService.checkUserDataScope(userId);
        userService.insertUserAuth(userId, roleIds);
        return success();
    }