msb-public-java
/
RuoYi-Cloud
mirror of https://gitee.com/y_project/RuoYi-Cloud.git
1
0
Code Issues Projects Releases Wiki Activity

优化多角色数据权限匹配规则

Browse Source
pull/206/MERGE
RuoYi 2 years ago
parent 12d335b9ac
commit 767f7c8621
24 changed files with 243 additions and 81 deletions
Show Stats Download Patch File Download Diff File

14
ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java
Unescape View File

@ -1,5 +1,6 @@
package com.ruoyi.system.api.domain;
import java.util.Set;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
import org.apache.commons.lang3.builder.ToStringBuilder;
@ -59,6 +60,9 @@ public class SysRole extends BaseEntity
/** 部门组(数据权限) */
private Long[] deptIds;
/** 角色菜单权限 */
private Set<String> permissions;
public SysRole()
{
@ -204,6 +208,16 @@ public class SysRole extends BaseEntity
this.deptIds = deptIds;
}
public Set<String> getPermissions()
{
return permissions;
}
public void setPermissions(Set<String> permissions)
{
this.permissions = permissions;
}
@Override
public String toString() {
return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE)

5
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java
Unescape View File

@ -41,4 +41,9 @@ public class SecurityConstants
*
*/
public static final String LOGIN_USER = "login_user";
/**
*
*/
public static final String ROLE_PERMISSION = "role_permission";
}

10
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java
Unescape View File

@ -81,6 +81,16 @@ public class SecurityContextHolder
set(SecurityConstants.USER_KEY, userKey);
}
public static String getPermission()
{
return get(SecurityConstants.ROLE_PERMISSION);
}
public static void setPermission(String permissions)
{
set(SecurityConstants.ROLE_PERMISSION, permissions);
}
public static void remove()
{
THREAD_LOCAL.remove();

26
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java
Unescape View File

@ -294,6 +294,32 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
return StringUtils.startsWithAny(link, Constants.HTTP, Constants.HTTPS);
}
/**
* setarray arrayvalue
*
* @param set
* @param array
* @return boolean
*/
public static boolean containsAny(Collection<String> collection, String... array)
{
if (isEmpty(collection) || isEmpty(array))
{
return false;
}
else
{
for (String str : array)
{
if (collection.contains(str))
{
return true;
}
}
return false;
}
}
/**
* 线
*/

5
ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java
Unescape View File

@ -25,4 +25,9 @@ public @interface DataScope
*
*/
public String userAlias() default "";
/**
* @ss
*/
public String permission() default "";
}

13
ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java
Unescape View File

@ -6,6 +6,8 @@ import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;
import com.ruoyi.common.core.context.SecurityContextHolder;
import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.core.web.domain.BaseEntity;
import com.ruoyi.common.datascope.annotation.DataScope;
@ -70,8 +72,9 @@ public class DataScopeAspect
// 如果是超级管理员,则不过滤数据
if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
{
String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), SecurityContextHolder.getPermission());
dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
controllerDataScope.userAlias());
controllerDataScope.userAlias(), permission);
}
}
}
@ -83,8 +86,9 @@ public class DataScopeAspect
* @param user
* @param deptAlias
* @param userAlias
* @param permission
*/
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
{
StringBuilder sqlString = new StringBuilder();
List<String> conditions = new ArrayList<String>();
@ -96,6 +100,11 @@ public class DataScopeAspect
{
continue;
}
if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
&& !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
{
continue;
}
if (DATA_SCOPE_ALL.equals(dataScope))
{
sqlString = new StringBuilder();

4
ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/service/RedisService.java
Unescape View File

@ -124,9 +124,9 @@ public class RedisService
* @param collection
* @return
*/
public long deleteObject(final Collection collection)
public boolean deleteObject(final Collection collection)
{
return redisTemplate.delete(collection);
return redisTemplate.delete(collection) > 0;
}
/**

2
ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthLogic.java
Unescape View File

@ -4,6 +4,7 @@ import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.springframework.util.PatternMatchUtils;
import com.ruoyi.common.core.context.SecurityContextHolder;
import com.ruoyi.common.core.exception.auth.NotLoginException;
import com.ruoyi.common.core.exception.auth.NotPermissionException;
import com.ruoyi.common.core.exception.auth.NotRoleException;
@ -134,6 +135,7 @@ public class AuthLogic
*/
public void checkPermi(RequiresPermissions requiresPermissions)
{
SecurityContextHolder.setPermission(StringUtils.join(requiresPermissions.value(), ","));
if (requiresPermissions.logical() == Logical.AND)
{
checkPermiAnd(requiresPermissions.value());

27
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java
Unescape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
@ -55,8 +54,7 @@ public class SysDeptController extends BaseController
public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
{
List<SysDept> depts = deptService.selectDeptList(new SysDept());
depts.removeIf(d -> d.getDeptId().intValue() == deptId
|| ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
depts.removeIf(d -> d.getDeptId().intValue() == deptId || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""));
return AjaxResult.success(depts);
}
@ -71,29 +69,6 @@ public class SysDeptController extends BaseController
return AjaxResult.success(deptService.selectDeptById(deptId));
}
/**
*
*/
@GetMapping("/treeselect")
public AjaxResult treeselect(SysDept dept)
{
List<SysDept> depts = deptService.selectDeptList(dept);
return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
}
/**
*
*/
@GetMapping(value = "/roleDeptTreeselect/{roleId}")
public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
{
List<SysDept> depts = deptService.selectDeptList(new SysDept());
AjaxResult ajax = AjaxResult.success();
ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
ajax.put("depts", deptService.buildDeptTreeSelect(depts));
return ajax;
}
/**
*
*/

20
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java
Unescape View File

@ -21,9 +21,11 @@ import com.ruoyi.common.log.annotation.Log;
import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.security.annotation.RequiresPermissions;
import com.ruoyi.common.security.utils.SecurityUtils;
import com.ruoyi.system.api.domain.SysDept;
import com.ruoyi.system.api.domain.SysRole;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.domain.SysUserRole;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@ -42,6 +44,9 @@ public class SysRoleController extends BaseController
@Autowired
private ISysUserService userService;
@Autowired
private ISysDeptService deptService;
@RequiresPermissions("system:role:list")
@GetMapping("/list")
public TableDataInfo list(SysRole role)
@ -219,4 +224,17 @@ public class SysRoleController extends BaseController
roleService.checkRoleDataScope(roleId);
return toAjax(roleService.insertAuthUsers(roleId, userIds));
}
}
/**
*
*/
@RequiresPermissions("system:role:query")
@GetMapping(value = "/deptTree/{roleId}")
public AjaxResult deptTree(@PathVariable("roleId") Long roleId)
{
AjaxResult ajax = AjaxResult.success();
ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
ajax.put("depts", deptService.selectDeptTreeList(new SysDept()));
return ajax;
}
}

27
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java
Unescape View File

@ -29,10 +29,12 @@ import com.ruoyi.common.log.enums.BusinessType;
import com.ruoyi.common.security.annotation.InnerAuth;
import com.ruoyi.common.security.annotation.RequiresPermissions;
import com.ruoyi.common.security.utils.SecurityUtils;
import com.ruoyi.system.api.domain.SysDept;
import com.ruoyi.system.api.domain.SysRole;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.api.model.LoginUser;
import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService;
@ -53,6 +55,9 @@ public class SysUserController extends BaseController
@Autowired
private ISysRoleService roleService;
@Autowired
private ISysDeptService deptService;
@Autowired
private ISysPostService postService;
@ -116,9 +121,9 @@ public class SysUserController extends BaseController
return R.fail("用户名或密码错误");
}
// 角色集合
Set<String> roles = permissionService.getRolePermission(sysUser.getUserId());
Set<String> roles = permissionService.getRolePermission(sysUser);
// 权限集合
Set<String> permissions = permissionService.getMenuPermission(sysUser.getUserId());
Set<String> permissions = permissionService.getMenuPermission(sysUser);
LoginUser sysUserVo = new LoginUser();
sysUserVo.setSysUser(sysUser);
sysUserVo.setRoles(roles);
@ -153,13 +158,13 @@ public class SysUserController extends BaseController
@GetMapping("getInfo")
public AjaxResult getInfo()
{
Long userId = SecurityUtils.getUserId();
SysUser user = userService.selectUserById(SecurityUtils.getUserId());
// 角色集合
Set<String> roles = permissionService.getRolePermission(userId);
Set<String> roles = permissionService.getRolePermission(user);
// 权限集合
Set<String> permissions = permissionService.getMenuPermission(userId);
Set<String> permissions = permissionService.getMenuPermission(user);
AjaxResult ajax = AjaxResult.success();
ajax.put("user", userService.selectUserById(userId));
ajax.put("user", user);
ajax.put("roles", roles);
ajax.put("permissions", permissions);
return ajax;
@ -309,4 +314,14 @@ public class SysUserController extends BaseController
userService.insertUserAuth(userId, roleIds);
return success();
}
/**
*
*/
@RequiresPermissions("system:user:list")
@GetMapping("/deptTree")
public AjaxResult deptTree(SysDept dept)
{
return AjaxResult.success(deptService.selectDeptTreeList(dept));
}
}

8
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java
Unescape View File

@ -34,6 +34,14 @@ public interface SysMenuMapper
*/
public List<SysMenu> selectMenuListByUserId(SysMenu menu);
/**
* ID
*
* @param roleId ID
* @return
*/
public List<String> selectMenuPermsByRoleId(Long roleId);
/**
* ID
*

8
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java
Unescape View File

@ -19,6 +19,14 @@ public interface ISysDeptService
*/
public List<SysDept> selectDeptList(SysDept dept);
/**
*
*
* @param dept
* @return
*/
public List<TreeSelect> selectDeptTreeList(SysDept dept);
/**
*
*

8
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java
Unescape View File

@ -38,6 +38,14 @@ public interface ISysMenuService
*/
public Set<String> selectMenuPermsByUserId(Long userId);
/**
* ID
*
* @param roleId ID
* @return
*/
public Set<String> selectMenuPermsByRoleId(Long roleId);
/**
* ID
*

11
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysPermissionService.java
Unescape View File

@ -2,6 +2,13 @@ package com.ruoyi.system.service;
import java.util.Set;
import com.ruoyi.system.api.domain.SysUser;
/**
*
*
* @author ruoyi
*/
public interface ISysPermissionService
{
/**
@ -10,7 +17,7 @@ public interface ISysPermissionService
* @param userId Id
* @return
*/
public Set<String> getRolePermission(Long userId);
public Set<String> getRolePermission(SysUser user);
/**
*
@ -18,5 +25,5 @@ public interface ISysPermissionService
* @param userId Id
* @return
*/
public Set<String> getMenuPermission(Long userId);
public Set<String> getMenuPermission(SysUser user);
}

13
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
Unescape View File

@ -48,6 +48,19 @@ public class SysDeptServiceImpl implements ISysDeptService
return deptMapper.selectDeptList(dept);
}
/**
*
*
* @param dept
* @return
*/
@Override
public List<TreeSelect> selectDeptTreeList(SysDept dept)
{
List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
return buildDeptTreeSelect(depts);
}
/**
*
*

21
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
Unescape View File

@ -100,6 +100,27 @@ public class SysMenuServiceImpl implements ISysMenuService
return permsSet;
}
/**
* ID
*
* @param roleId ID
* @return
*/
@Override
public Set<String> selectMenuPermsByRoleId(Long roleId)
{
List<String> perms = menuMapper.selectMenuPermsByRoleId(roleId);
Set<String> permsSet = new HashSet<>();
for (String perm : perms)
{
if (StringUtils.isNotEmpty(perm))
{
permsSet.addAll(Arrays.asList(perm.trim().split(",")));
}
}
return permsSet;
}
/**
* ID
*

33
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java
Unescape View File

@ -1,14 +1,21 @@
package com.ruoyi.system.service.impl;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.ruoyi.system.api.domain.SysRole;
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.service.ISysMenuService;
import com.ruoyi.system.service.ISysPermissionService;
import com.ruoyi.system.service.ISysRoleService;
/**
*
*
* @author ruoyi
*/
@Service
public class SysPermissionServiceImpl implements ISysPermissionService
{
@ -25,17 +32,17 @@ public class SysPermissionServiceImpl implements ISysPermissionService
* @return
*/
@Override
public Set<String> getRolePermission(Long userId)
public Set<String> getRolePermission(SysUser user)
{
Set<String> roles = new HashSet<String>();
// 管理员拥有所有权限
if (SysUser.isAdmin(userId))
if (user.isAdmin())
{
roles.add("admin");
}
else
{
roles.addAll(roleService.selectRolePermissionByUserId(userId));
roles.addAll(roleService.selectRolePermissionByUserId(user.getUserId()));
}
return roles;
}
@ -47,17 +54,31 @@ public class SysPermissionServiceImpl implements ISysPermissionService
* @return
*/
@Override
public Set<String> getMenuPermission(Long userId)
public Set<String> getMenuPermission(SysUser user)
{
Set<String> perms = new HashSet<String>();
// 管理员拥有所有权限
if (SysUser.isAdmin(userId))
if (user.isAdmin())
{
perms.add("*:*:*");
}
else
{
perms.addAll(menuService.selectMenuPermsByUserId(userId));
List<SysRole> roles = user.getRoles();
if (!roles.isEmpty() && roles.size() > 1)
{
// 多角色设置permissions属性以便数据权限匹配权限
for (SysRole role : roles)
{
Set<String> rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId());
role.setPermissions(rolePerms);
perms.addAll(rolePerms);
}
}
else
{
perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
}
}
return perms;
}

7
ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml
Unescape View File

@ -111,6 +111,13 @@
where m.status = '0' and r.status = '0' and ur.user_id = #{userId}
</select>
<select id="selectMenuPermsByRoleId" parameterType="Long" resultType="String">
select distinct m.perms
from sys_menu m
left join sys_role_menu rm on m.menu_id = rm.menu_id
where m.status = '0' and rm.role_id = #{roleId}
</select>
<select id="selectMenuById" parameterType="Long" resultMap="SysMenuResult">
<include refid="selectMenuVo"/>
where menu_id = #{menuId}

16
ruoyi-ui/src/api/system/dept.js
Unescape View File

@ -25,22 +25,6 @@ export function getDept(deptId) {
})
}
// 查询部门下拉树结构
export function treeselect() {
return request({
url: '/system/dept/treeselect',
method: 'get'
})
}
// 根据角色ID查询部门树结构
export function roleDeptTreeselect(roleId) {
return request({
url: '/system/dept/roleDeptTreeselect/' + roleId,
method: 'get'
})
}
// 新增部门
export function addDept(data) {
return request({

10
ruoyi-ui/src/api/system/role.js
Unescape View File

@ -108,4 +108,12 @@ export function authUserSelectAll(data) {
method: 'put',
params: data
})
}
}
// 根据角色ID查询部门树结构
export function deptTreeSelect(roleId) {
return request({
url: '/system/role/deptTree/' + roleId,
method: 'get'
})
}

8
ruoyi-ui/src/api/system/user.js
Unescape View File

@ -125,3 +125,11 @@ export function updateAuthRole(data) {
params: data
})
}
// 查询部门下拉树结构
export function deptTreeSelect() {
return request({
url: '/system/user/deptTree',
method: 'get'
})
}

17
ruoyi-ui/src/views/system/role/index.vue
Unescape View File

@ -254,9 +254,8 @@
</template>
<script>
import { listRole, getRole, delRole, addRole, updateRole, dataScope, changeRoleStatus } from "@/api/system/role";
import { listRole, getRole, delRole, addRole, updateRole, dataScope, changeRoleStatus, deptTreeSelect } from "@/api/system/role";
import { treeselect as menuTreeselect, roleMenuTreeselect } from "@/api/system/menu";
import { treeselect as deptTreeselect, roleDeptTreeselect } from "@/api/system/dept";
export default {
name: "Role",
@ -364,12 +363,6 @@ export default {
this.menuOptions = response.data;
});
},
/** 查询部门树结构 */
getDeptTreeselect() {
deptTreeselect().then(response => {
this.deptOptions = response.data;
});
},
//
getMenuAllCheckedKeys() {
//
@ -396,8 +389,8 @@ export default {
});
},
/** 根据角色ID查询部门树结构 */
getRoleDeptTreeselect(roleId) {
return roleDeptTreeselect(roleId).then(response => {
getDeptTree(roleId) {
return deptTreeSelect(roleId).then(response => {
this.deptOptions = response.depts;
return response;
});
@ -543,12 +536,12 @@ export default {
/** 分配数据权限操作 */
handleDataScope(row) {
this.reset();
const roleDeptTreeselect = this.getRoleDeptTreeselect(row.roleId);
const deptTreeSelect = this.getDeptTree(row.roleId);
getRole(row.roleId).then(response => {
this.form = response.data;
this.openDataScope = true;
this.$nextTick(() => {
roleDeptTreeselect.then(res => {
deptTreeSelect.then(res => {
this.$refs.dept.setCheckedKeys(res.checkedKeys);
});
});

11
ruoyi-ui/src/views/system/user/index.vue
Unescape View File

@ -342,9 +342,8 @@
</template>
<script>
import { listUser, getUser, delUser, addUser, updateUser, resetUserPwd, changeUserStatus } from "@/api/system/user";
import { listUser, getUser, delUser, addUser, updateUser, resetUserPwd, changeUserStatus, deptTreeSelect } from "@/api/system/user";
import { getToken } from "@/utils/auth";
import { treeselect } from "@/api/system/dept";
import Treeselect from "@riophae/vue-treeselect";
import "@riophae/vue-treeselect/dist/vue-treeselect.css";
@ -462,7 +461,7 @@ export default {
},
created() {
this.getList();
this.getTreeselect();
this.getDeptTree();
this.getConfigKey("sys.user.initPassword").then(response => {
this.initPassword = response.msg;
});
@ -479,8 +478,8 @@ export default {
);
},
/** 查询部门下拉树结构 */
getTreeselect() {
treeselect().then(response => {
getDeptTree() {
deptTreeSelect().then(response => {
this.deptOptions = response.data;
});
},
@ -561,7 +560,6 @@ export default {
/** 新增按钮操作 */
handleAdd() {
this.reset();
this.getTreeselect();
getUser().then(response => {
this.postOptions = response.posts;
this.roleOptions = response.roles;
@ -573,7 +571,6 @@ export default {
/** 修改按钮操作 */
handleUpdate(row) {
this.reset();
this.getTreeselect();
const userId = row.userId || this.ids;
getUser(userId).then(response => {
this.form = response.data;

Write Preview
Loading…
Cancel
Save