diff --git a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java index b00838cf6..e0c38d01c 100644 --- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java +++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysUser.java @@ -22,7 +22,7 @@ public class SysUser extends BaseEntity private static final long serialVersionUID = 1L; /** 用户ID */ - @Excel(name = "用户序号", cellType = ColumnType.NUMERIC, prompt = "用户编号") + @Excel(name = "用户序号", type = Type.EXPORT, cellType = ColumnType.NUMERIC, prompt = "用户编号") private Long userId; /** 部门ID */ diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/service/impl/ValidateCodeServiceImpl.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/service/impl/ValidateCodeServiceImpl.java index bc5fc7fea..f45010266 100644 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/service/impl/ValidateCodeServiceImpl.java +++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/service/impl/ValidateCodeServiceImpl.java @@ -103,20 +103,13 @@ public class ValidateCodeServiceImpl implements ValidateCodeService { throw new CaptchaException("验证码不能为空"); } - if (StringUtils.isEmpty(uuid)) - { - throw new CaptchaException("uuid不能为空"); - } - - String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + uuid; + String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + StringUtils.nvl(uuid, ""); String captcha = redisService.getCacheObject(verifyKey); if (captcha == null) { throw new CaptchaException("验证码已失效"); } - redisService.deleteObject(verifyKey); - if (!code.equalsIgnoreCase(captcha)) { throw new CaptchaException("验证码错误"); diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java index 47102d5e0..77183a425 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java @@ -199,6 +199,8 @@ public class SysUserController extends BaseController @PostMapping public AjaxResult add(@Validated @RequestBody SysUser user) { + deptService.checkDeptDataScope(user.getDeptId()); + roleService.checkRoleDataScope(user.getRoleIds()); if (!userService.checkUserNameUnique(user)) { return error("新增用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -226,6 +228,8 @@ public class SysUserController extends BaseController { userService.checkUserAllowed(user); userService.checkUserDataScope(user.getUserId()); + deptService.checkDeptDataScope(user.getDeptId()); + roleService.checkRoleDataScope(user.getRoleIds()); if (!userService.checkUserNameUnique(user)) { return error("修改用户'" + user.getUserName() + "'失败,登录账号已存在"); @@ -310,6 +314,7 @@ public class SysUserController extends BaseController public AjaxResult insertAuthRole(Long userId, Long[] roleIds) { userService.checkUserDataScope(userId); + roleService.checkRoleDataScope(roleIds); userService.insertUserAuth(userId, roleIds); return success(); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java index 52f85b839..7f572fdcb 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java @@ -85,9 +85,9 @@ public interface ISysRoleService /** * 校验角色是否有数据权限 * - * @param roleId 角色id + * @param roleIds 角色id */ - public void checkRoleDataScope(Long roleId); + public void checkRoleDataScope(Long... roleIds); /** * 通过角色ID查询角色使用数量 diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java index 671611806..a57ee3401 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java @@ -190,7 +190,7 @@ public class SysDeptServiceImpl implements ISysDeptService @Override public void checkDeptDataScope(Long deptId) { - if (!SysUser.isAdmin(SecurityUtils.getUserId())) + if (!SysUser.isAdmin(SecurityUtils.getUserId()) && StringUtils.isNotNull(deptId)) { SysDept dept = new SysDept(); dept.setDeptId(deptId); diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java index eb0148816..cff399e08 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java @@ -192,19 +192,22 @@ public class SysRoleServiceImpl implements ISysRoleService /** * 校验角色是否有数据权限 * - * @param roleId 角色id + * @param roleIds 角色id */ @Override - public void checkRoleDataScope(Long roleId) + public void checkRoleDataScope(Long... roleIds) { if (!SysUser.isAdmin(SecurityUtils.getUserId())) { - SysRole role = new SysRole(); - role.setRoleId(roleId); - List roles = SpringUtils.getAopProxy(this).selectRoleList(role); - if (StringUtils.isEmpty(roles)) + for (Long roleId : roleIds) { - throw new ServiceException("没有权限访问角色数据!"); + SysRole role = new SysRole(); + role.setRoleId(roleId); + List roles = SpringUtils.getAopProxy(this).selectRoleList(role); + if (StringUtils.isEmpty(roles)) + { + throw new ServiceException("没有权限访问角色数据!"); + } } } } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java index 4735055ca..787fcce53 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java @@ -28,6 +28,7 @@ import com.ruoyi.system.mapper.SysUserMapper; import com.ruoyi.system.mapper.SysUserPostMapper; import com.ruoyi.system.mapper.SysUserRoleMapper; import com.ruoyi.system.service.ISysConfigService; +import com.ruoyi.system.service.ISysDeptService; import com.ruoyi.system.service.ISysUserService; /** @@ -58,6 +59,9 @@ public class SysUserServiceImpl implements ISysUserService @Autowired private ISysConfigService configService; + @Autowired + private ISysDeptService deptService; + @Autowired protected Validator validator; @@ -489,7 +493,6 @@ public class SysUserServiceImpl implements ISysUserService int failureNum = 0; StringBuilder successMsg = new StringBuilder(); StringBuilder failureMsg = new StringBuilder(); - String password = configService.selectConfigByKey("sys.user.initPassword"); for (SysUser user : userList) { try @@ -499,6 +502,8 @@ public class SysUserServiceImpl implements ISysUserService if (StringUtils.isNull(u)) { BeanValidators.validateWithException(validator, user); + deptService.checkDeptDataScope(user.getDeptId()); + String password = configService.selectConfigByKey("sys.user.initPassword"); user.setPassword(SecurityUtils.encryptPassword(password)); user.setCreateBy(operName); userMapper.insertUser(user); @@ -510,6 +515,7 @@ public class SysUserServiceImpl implements ISysUserService BeanValidators.validateWithException(validator, user); checkUserAllowed(u); checkUserDataScope(u.getUserId()); + deptService.checkDeptDataScope(user.getDeptId()); user.setUserId(u.getUserId()); user.setUpdateBy(operName); userMapper.updateUser(user);