diff --git a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/config/DataScopeConfig.java b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/config/DataScopeConfig.java index d5db6cb90..0f3fe5715 100644 --- a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/config/DataScopeConfig.java +++ b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/config/DataScopeConfig.java @@ -21,6 +21,13 @@ public class DataScopeConfig { */ private boolean totalDataScope = false; + //-------------------------------针对限制的用户的数据范围进行校验------------------------------- + + /** + * 是否对创建人进行校验 + */ + private boolean doCreateUserValidate = false; + /** * 用户拥有权限的用户id *

@@ -33,6 +40,13 @@ public class DataScopeConfig { */ private String userIdFieldName = ProjectDataScopeHandler.DEFAULT_USER_ID_FIELD_NAME; + //-------------------------------针对限制的部门集合数据范围进行校验------------------------------- + + /** + * 是否对机构的数据范围进行校验 + */ + private boolean doOrgScopeValidate = false; + /** * 用户拥有权限的组织机构id集合 *

diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java index 4305af245..b1a91c3e3 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java @@ -21,6 +21,7 @@ import org.springframework.stereotype.Service; import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; /** * 用户的数据范围的获取实现 @@ -82,8 +83,13 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi { */ private DataScopeConfig nullDataScopeConfig() { DataScopeConfig dataScopeConfig = new DataScopeConfig(); + + dataScopeConfig.setDoCreateUserValidate(true); dataScopeConfig.setUserId(ProjectDataScopeHandler.NONE_ID_VALUE); + + dataScopeConfig.setDoOrgScopeValidate(true); dataScopeConfig.setUserOrgIdList(CollectionUtil.set(false, ProjectDataScopeHandler.NONE_ID_VALUE)); + return dataScopeConfig; } @@ -108,13 +114,24 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi { // 如果有仅包含自己的数据,则将结果设置为仅包含自己的数据 for (SysRoleDataScope sysRoleDataScope : sysRoleDataScopeList) { if (DataScopeTypeEnum.SELF.getCode().equals(sysRoleDataScope.getDataScopeType())) { + dataScopeConfig.setDoCreateUserValidate(true); dataScopeConfig.setUserId(loginUser.getUserId()); } } + // 剔除掉本人和全部的类型,看是否还有校验部门的权限范围的,如果有则找到部门的权限范围列表 + List otherRoleDataScopeList = sysRoleDataScopeList.stream() + .filter(sysRoleDataScope -> !DataScopeTypeEnum.SELF.getCode().equals(sysRoleDataScope.getDataScopeType()) && !DataScopeTypeEnum.ALL.getCode() + .equals(sysRoleDataScope.getDataScopeType())).collect(Collectors.toList()); + if (ObjectUtil.isEmpty(otherRoleDataScopeList)) { + return dataScopeConfig; + } else { + dataScopeConfig.setDoOrgScopeValidate(true); + } + // 开始处理除了仅本人、全部数据外的数据范围 Set userOrgIdList = new HashSet<>(); - for (SysRoleDataScope sysRoleDataScope : sysRoleDataScopeList) { + for (SysRoleDataScope sysRoleDataScope : otherRoleDataScopeList) { // 如果是20-本部门数据 if (DataScopeTypeEnum.DEPT.getCode().equals(sysRoleDataScope.getDataScopeType())) { @@ -156,6 +173,12 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi { userOrgIdList.addAll(pointOrgAndSub); } } + + // 如果部门的数据范围最终没获取到,则设定为空数据范围 + if (ObjectUtil.isEmpty(userOrgIdList)) { + userOrgIdList.add(ProjectDataScopeHandler.NONE_ID_VALUE); + } + dataScopeConfig.setUserOrgIdList(userOrgIdList); return dataScopeConfig; }