From 03ad165dc5d55022598568addf757e600372f29f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Sat, 17 Jun 2023 22:38:14 +0800 Subject: [PATCH] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=20=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E7=AF=A1=E6=94=B9=E7=AE=A1=E7=90=86=E5=91=98=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E6=A0=87=E8=AF=86=E7=AC=A6=E8=B6=8A=E6=9D=83=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/system/SysRoleController.java | 6 ++-- .../system/service/ISysRoleService.java | 4 +-- .../service/impl/SysRoleServiceImpl.java | 28 +++++++++++++++---- 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysRoleController.java index 89542c64..4890c8bd 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysRoleController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysRoleController.java @@ -95,7 +95,7 @@ public class SysRoleController extends BaseController { @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping public R edit(@Validated @RequestBody SysRoleBo role) { - roleService.checkRoleAllowed(role.getRoleId()); + roleService.checkRoleAllowed(role); roleService.checkRoleDataScope(role.getRoleId()); if (!roleService.checkRoleNameUnique(role)) { return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在"); @@ -117,7 +117,7 @@ public class SysRoleController extends BaseController { @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping("/dataScope") public R dataScope(@RequestBody SysRoleBo role) { - roleService.checkRoleAllowed(role.getRoleId()); + roleService.checkRoleAllowed(role); roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.authDataScope(role)); } @@ -129,7 +129,7 @@ public class SysRoleController extends BaseController { @Log(title = "角色管理", businessType = BusinessType.UPDATE) @PutMapping("/changeStatus") public R changeStatus(@RequestBody SysRoleBo role) { - roleService.checkRoleAllowed(role.getRoleId()); + roleService.checkRoleAllowed(role); roleService.checkRoleDataScope(role.getRoleId()); return toAjax(roleService.updateRoleStatus(role.getRoleId(), role.getStatus())); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysRoleService.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysRoleService.java index c073ce9a..d2ee61f8 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysRoleService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysRoleService.java @@ -85,9 +85,9 @@ public interface ISysRoleService { /** * 校验角色是否允许操作 * - * @param roleId 角色ID + * @param role 角色信息 */ - void checkRoleAllowed(Long roleId); + void checkRoleAllowed(SysRoleBo role); /** * 校验角色是否有数据权限 diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java index 0d6e6c4e..584755c8 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysRoleServiceImpl.java @@ -2,6 +2,7 @@ package org.dromara.system.service.impl; import cn.dev33.satoken.exception.NotLoginException; import cn.dev33.satoken.stp.StpUtil; +import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.util.ObjectUtil; import com.baomidou.mybatisplus.core.conditions.Wrapper; @@ -11,6 +12,7 @@ import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import lombok.RequiredArgsConstructor; +import org.dromara.common.core.constant.TenantConstants; import org.dromara.common.core.constant.UserConstants; import org.dromara.common.core.exception.ServiceException; import org.dromara.common.core.utils.MapstructUtils; @@ -183,13 +185,29 @@ public class SysRoleServiceImpl implements ISysRoleService { /** * 校验角色是否允许操作 * - * @param roleId 角色ID + * @param role 角色信息 */ @Override - public void checkRoleAllowed(Long roleId) { - if (ObjectUtil.isNotNull(roleId) && LoginHelper.isSuperAdmin(roleId)) { + public void checkRoleAllowed(SysRoleBo role) { + if (ObjectUtil.isNotNull(role.getRoleId()) && LoginHelper.isSuperAdmin(role.getRoleId())) { throw new ServiceException("不允许操作超级管理员角色"); } + // 新增不允许使用 管理员标识符 + if (ObjectUtil.isNull(role.getRoleId()) + && StringUtils.equalsAny(role.getRoleKey(), + TenantConstants.SUPER_ADMIN_ROLE_KEY, TenantConstants.TENANT_ADMIN_ROLE_KEY)) { + throw new ServiceException("不允许使用系统内置管理员角色标识符!"); + } + // 修改不允许修改 管理员标识符 + if (ObjectUtil.isNotNull(role.getRoleId())) { + SysRole sysRole = baseMapper.selectById(role.getRoleId()); + // 如果标识符不相等 判断为修改了管理员标识符 + if (!StringUtils.equals(sysRole.getRoleKey(), role.getRoleKey()) + && StringUtils.equalsAny(sysRole.getRoleKey(), + TenantConstants.SUPER_ADMIN_ROLE_KEY, TenantConstants.TENANT_ADMIN_ROLE_KEY)) { + throw new ServiceException("不允许修改系统内置管理员角色标识符!"); + } + } } /** @@ -357,9 +375,9 @@ public class SysRoleServiceImpl implements ISysRoleService { @Transactional(rollbackFor = Exception.class) public int deleteRoleByIds(Long[] roleIds) { for (Long roleId : roleIds) { - checkRoleAllowed(roleId); - checkRoleDataScope(roleId); SysRole role = baseMapper.selectById(roleId); + checkRoleAllowed(BeanUtil.toBean(role, SysRoleBo.class)); + checkRoleDataScope(roleId); if (countUserRoleByRoleId(roleId) > 0) { throw new ServiceException(String.format("%1$s已分配,不能删除", role.getRoleName())); }