优化租户修改权限

opsli-base-support/opsli-core/src/main/java/org/opsli/core/utils/UserUtil.java

@@ -59,6 +59,9 @@ public class UserUtil {
     public static final String PREFIX_ID_MENUS = "userId:menus:";
     public static final String PREFIX_USERNAME = "username:";
 
+    /** 修改租户权限 */
+    private static final String PERMS_TENANT = "system_user_tenant";
+
     /** 用户Service */
     private static UserApi userApi;
 
@@ -586,6 +589,23 @@ public class UserUtil {
         return user.getTenantId();
     }
 
+    /**
+     * 是否有修改租户的权限
+     * @param currUser model
+     * @return boolean
+     */
+    public static boolean isHasUpdateTenantPerms(final UserModel currUser){
+        // 排除超级管理员
+        if(UserUtil.SUPER_ADMIN.equals(currUser.getUsername())){
+            return true;
+        }
+
+        // 获得当前用户权限
+        List<String> userAllPermsByUserId = UserUtil.getUserAllPermsByUserId(currUser.getId());
+        return !CollUtil.isEmpty(userAllPermsByUserId) &&
+                userAllPermsByUserId.contains(PERMS_TENANT);
+    }
+
     /**
      * 处理密码
      * @param password 密码

opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/role/service/impl/RoleServiceImpl.java

@@ -24,7 +24,10 @@ import org.opsli.common.constants.MyBatisConstants;
 import org.opsli.common.enums.DictType;
 import org.opsli.common.exception.ServiceException;
 import org.opsli.core.base.service.impl.CrudServiceImpl;
+import org.opsli.core.persistence.querybuilder.GenQueryBuilder;
+import org.opsli.core.persistence.querybuilder.QueryBuilder;
 import org.opsli.core.persistence.querybuilder.chain.TenantHandler;
+import org.opsli.core.utils.UserUtil;
 import org.opsli.modulars.system.SystemMsg;
 import org.opsli.modulars.system.role.entity.SysRole;
 import org.opsli.modulars.system.role.mapper.RoleMapper;
@@ -60,6 +63,14 @@ public class RoleServiceImpl extends CrudServiceImpl<RoleMapper, SysRole, RoleMo
             return null;
         }
 
+        // 判断用户是否有 修改租户的能力 (超级管理员除外)
+        if(StringUtils.isNotEmpty(model.getTenantId())){
+            // 如果没有租户修改能力 则清空对应字段
+            if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+                model.setTenantId(null);
+            }
+        }
+
         // 唯一验证
         Integer count = this.uniqueVerificationByCode(model);
         if(count != null && count > 0){
@@ -77,6 +88,14 @@ public class RoleServiceImpl extends CrudServiceImpl<RoleMapper, SysRole, RoleMo
             return null;
         }
 
+        // 判断用户是否有 修改租户的能力 (超级管理员除外)
+        if(StringUtils.isNotEmpty(model.getTenantId())){
+            // 如果没有租户修改能力 则清空对应字段
+            if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+                model.setTenantId(null);
+            }
+        }
+
         // 唯一验证
         Integer count = this.uniqueVerificationByCode(model);
         if(count != null && count > 0){
@@ -122,6 +141,33 @@ public class RoleServiceImpl extends CrudServiceImpl<RoleMapper, SysRole, RoleMo
         return super.deleteAll(models);
     }
 
+    @Override
+    public List<SysRole> findList(QueryWrapper<SysRole> queryWrapper) {
+        // 如果没有租户修改能力 则默认增加租户限制
+        if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+            // 多租户处理
+            TenantHandler tenantHandler = new TenantHandler();
+            tenantHandler.handler(entityClazz, queryWrapper);
+        }
+
+        return super.list(queryWrapper);
+    }
+
+    @Override
+    public List<SysRole> findAllList() {
+        QueryBuilder<SysRole> queryBuilder = new GenQueryBuilder<>();
+        QueryWrapper<SysRole> queryWrapper = queryBuilder.build();
+
+        // 如果没有租户修改能力 则默认增加租户限制
+        if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+            // 多租户处理
+            TenantHandler tenantHandler = new TenantHandler();
+            tenantHandler.handler(entityClazz, queryWrapper);
+        }
+
+        return super.list(queryWrapper);
+    }
+
     /**
      * 唯一验证
      * @param model model

opsli-modulars/opsli-modulars-system/src/main/java/org/opsli/modulars/system/user/service/impl/UserServiceImpl.java

@@ -75,6 +75,14 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
             return null;
         }
 
+        // 判断用户是否有 修改租户的能力 (超级管理员除外)
+        if(StringUtils.isNotEmpty(model.getTenantId())){
+            // 如果没有租户修改能力 则清空对应字段
+            if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+                model.setTenantId(null);
+            }
+        }
+
         // 唯一验证
         Integer count = this.uniqueVerificationByName(model);
         if(count != null && count > 0){
@@ -123,6 +131,14 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
             return null;
         }
 
+        // 判断用户是否有 修改租户的能力 (超级管理员除外)
+        if(StringUtils.isNotEmpty(model.getTenantId())){
+            // 如果没有租户修改能力 则清空对应字段
+            if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+                model.setTenantId(null);
+            }
+        }
+
         // 唯一验证 - 用户名
         Integer count = this.uniqueVerificationByName(model);
         if(count != null && count > 0){
@@ -365,6 +381,32 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
         return super.findPage(page);
     }
 
+    @Override
+    public List<SysUser> findList(QueryWrapper<SysUser> queryWrapper) {
+        // 如果没有租户修改能力 则默认增加租户限制
+        if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+            // 多租户处理
+            TenantHandler tenantHandler = new TenantHandler();
+            tenantHandler.handler(entityClazz, queryWrapper);
+        }
+
+        return super.list(queryWrapper);
+    }
+
+    @Override
+    public List<SysUser> findAllList() {
+        QueryBuilder<SysUser> queryBuilder = new GenQueryBuilder<>();
+        QueryWrapper<SysUser> queryWrapper = queryBuilder.build();
+        // 如果没有租户修改能力 则默认增加租户限制
+        if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+            // 多租户处理
+            TenantHandler tenantHandler = new TenantHandler();
+            tenantHandler.handler(entityClazz, queryWrapper);
+        }
+        return super.list(queryWrapper);
+    }
+
+
     @Override
     @Transactional(rollbackFor = Exception.class)
     public boolean updatePassword(UserPassword userPassword) {
@@ -479,18 +521,32 @@ public class UserServiceImpl extends CrudServiceImpl<UserMapper, SysUser, UserMo
     }
 
 
-    public List<SysUserAndOrg> findListByCus(QueryWrapper<SysUserAndOrg> queryWrapper) {
-        // 多租户处理
-        QueryWrapper<SysUserAndOrg> qWrapper = new TenantHandler().handler(SysUserAndOrg.class, queryWrapper);
+    private List<SysUserAndOrg> findListByCus(QueryWrapper<SysUserAndOrg> queryWrapper) {
+        // 如果没有租户修改能力 则默认增加租户限制
+        if(!UserUtil.isHasUpdateTenantPerms(UserUtil.getUser())){
+            // 多租户处理
+            TenantHandler tenantHandler = new TenantHandler();
+            tenantHandler.handler(SysUserAndOrg.class, queryWrapper);
+        }
+
+
         // 逻辑删除 查询未删除数据
-        qWrapper.eq(HumpUtil.humpToUnderline(MyBatisConstants.FIELD_DELETE_LOGIC),
-            "0"
-        );
-        return mapper.findList(qWrapper);
+        queryWrapper.eq(
+                HumpUtil.humpToUnderline(MyBatisConstants.FIELD_DELETE_LOGIC), DictType.NO_YES_NO.getCode());
+
+        return mapper.findList(queryWrapper);
     }
 
     @Override
     public Page<SysUserAndOrg,UserAndOrgModel> findPageByCus(Page<SysUserAndOrg,UserAndOrgModel> page) {
+        UserModel currUser = UserUtil.getUser();
+        // 如果不是超级管理员则 无法看到超级管理员账户
+        if(!UserUtil.SUPER_ADMIN.equals(currUser.getUsername())){
+            QueryWrapper<SysUserAndOrg> queryWrapper = page.getQueryWrapper();
+            queryWrapper.notIn("username", UserUtil.SUPER_ADMIN);
+            page.setQueryWrapper(queryWrapper);
+        }
+
         page.pageHelperBegin();
         try{
             List<SysUserAndOrg> list = this.findListByCus(page.getQueryWrapper());