From b5fd51b6978d88df93ce287a3dba3022904b563c Mon Sep 17 00:00:00 2001
From: fengshuonan <sn93@qq.com>
Date: Mon, 9 Oct 2023 10:58:43 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=908.0.1=E3=80=91=E3=80=90system=E3=80=91?=
 =?UTF-8?q?=E9=9D=9E=E7=AE=A1=E7=90=86=E5=91=98=E7=94=A8=E6=88=B7=E5=8F=AA?=
 =?UTF-8?q?=E8=83=BD=E5=88=A0=E9=99=A4=E8=87=AA=E5=B7=B1=E5=88=9B=E5=BB=BA?=
 =?UTF-8?q?=E7=9A=84=E8=A7=92=E8=89=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../enums/exception/SysRoleExceptionEnum.java |  7 ++-
 .../role/service/impl/SysRoleServiceImpl.java | 50 +++++++++++++------
 2 files changed, 40 insertions(+), 17 deletions(-)

diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/enums/exception/SysRoleExceptionEnum.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/enums/exception/SysRoleExceptionEnum.java
index 699853ef7..c34d751d3 100644
--- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/enums/exception/SysRoleExceptionEnum.java
+++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/enums/exception/SysRoleExceptionEnum.java
@@ -26,7 +26,12 @@ public enum SysRoleExceptionEnum implements AbstractExceptionEnum {
     /**
      * 超级管理员不能被删除
      */
-    SYSTEM_ROLE_CANT_DELETE(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10003", "系统角色不能被删除");
+    SYSTEM_ROLE_CANT_DELETE(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10003", "系统角色不能被删除"),
+
+    /**
+     * 非管理员用户，不能删除其他角色
+     */
+    DEL_PERMISSION_ERROR(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10004", "非管理员用户，不能删除其他角色");
 
     /**
      * 错误编码
diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java
index fff82de79..984f0a7e0 100644
--- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java
+++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java
@@ -65,6 +65,13 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
             throw new ServiceException(SysRoleExceptionEnum.SYSTEM_ROLE_CANT_DELETE);
         }
 
+        // 非管理员，只能删除自己的角色
+        if (!LoginContext.me().getSuperAdminFlag()) {
+            if (!sysRole.getCreateUser().equals(LoginContext.me().getLoginUser().getUserId())) {
+                throw new ServiceException(SysRoleExceptionEnum.DEL_PERMISSION_ERROR);
+            }
+        }
+
         // 删除角色
         this.baseDelete(CollectionUtil.set(false, sysRole.getRoleId()));
     }
@@ -82,6 +89,17 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
             throw new ServiceException(SysRoleExceptionEnum.SYSTEM_ROLE_CANT_DELETE);
         }
 
+        // 如果当前用户是非管理员，则只能删除自己创建的角色
+        if (!LoginContext.me().getSuperAdminFlag()) {
+            LambdaQueryWrapper<SysRole> tempWrapper = new LambdaQueryWrapper<>();
+            tempWrapper.in(SysRole::getRoleId, sysRoleRequest.getRoleIdList());
+            tempWrapper.ne(BaseEntity::getCreateUser, LoginContext.me().getLoginUser().getUserId());
+            long notMeCreateCount = this.count(tempWrapper);
+            if (notMeCreateCount > 0) {
+                throw new ServiceException(SysRoleExceptionEnum.DEL_PERMISSION_ERROR);
+            }
+        }
+
         // 执行删除角色
         this.baseDelete(sysRoleRequest.getRoleIdList());
     }
@@ -188,22 +206,6 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
         return this.list(wrapper);
     }
 
-    /**
-     * 过滤角色的权限展示
-     * <p>
-     * 非管理员只能看到自己的角色和自己创建的角色
-     *
-     * @author fengshuonan
-     * @since 2023/10/9 10:44
-     */
-    private void filterRolePermission(LambdaQueryWrapper<SysRole> wrapper) {
-        if (!LoginContext.me().getSuperAdminFlag()) {
-            Long userId = LoginContext.me().getLoginUser().getUserId();
-            wrapper.eq(SysRole::getCreateUser, userId);
-            wrapper.in(SysRole::getRoleId, sysUserRoleServiceApi.getUserRoleIdList(userId));
-        }
-    }
-
     @Override
     public Long getDefaultRoleId() {
 
@@ -294,4 +296,20 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
         // 删除角色
         this.removeBatchByIds(roleIdList);
     }
+
+    /**
+     * 过滤角色的权限展示
+     * <p>
+     * 非管理员只能看到自己的角色和自己创建的角色
+     *
+     * @author fengshuonan
+     * @since 2023/10/9 10:44
+     */
+    private void filterRolePermission(LambdaQueryWrapper<SysRole> wrapper) {
+        if (!LoginContext.me().getSuperAdminFlag()) {
+            Long userId = LoginContext.me().getLoginUser().getUserId();
+            wrapper.eq(SysRole::getCreateUser, userId).or().in(SysRole::getRoleId, sysUserRoleServiceApi.getUserRoleIdList(userId));
+        }
+    }
+
 }
\ No newline at end of file