github
/
RuoYi
mirror of https://gitee.com/y_project/RuoYi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

优化多角色数据权限匹配规则

pull/403/MERGE
RuoYi 2022-08-22 19:43:27 +08:00
parent 47bd3c4c10
commit c95cb70af3
23 changed files with 296 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
View File

@ -17,7 +17,6 @@ import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.Ztree;
import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.service.ISysDeptService;
@ -166,24 +165,13 @@ public class SysDeptController extends BaseController
*/
@GetMapping(value = { "/selectDeptTree/{deptId}", "/selectDeptTree/{deptId}/{excludeId}" })
public String selectDeptTree(@PathVariable("deptId") Long deptId,
@PathVariable(value = "excludeId", required = false) String excludeId, ModelMap mmap)
@PathVariable(value = "excludeId", required = false) Long excludeId, ModelMap mmap)
{
mmap.put("dept", deptService.selectDeptById(deptId));
mmap.put("excludeId", excludeId);
return prefix + "/tree";
}
/**
*
*/
@GetMapping("/treeData")
@ResponseBody
public List<Ztree> treeData()
{
List<Ztree> ztrees = deptService.selectDeptTree(new SysDept());
return ztrees;
}
/**
*
*/
@ -196,15 +184,4 @@ public class SysDeptController extends BaseController
List<Ztree> ztrees = deptService.selectDeptTreeExcludeChild(dept);
return ztrees;
}
/**
*
*/
@GetMapping("/roleDeptTreeData")
@ResponseBody
public List<Ztree> deptTreeData(SysRole role)
{
List<Ztree> ztrees = deptService.roleDeptTreeData(role);
return ztrees;
}
}

17
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
View File

@ -15,6 +15,7 @@ import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.Ztree;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.page.TableDataInfo;
@ -22,6 +23,7 @@ import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.framework.shiro.util.AuthorizationUtils;
import com.ruoyi.system.domain.SysUserRole;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@ -42,6 +44,9 @@ public class SysRoleController extends BaseController
@Autowired
private ISysUserService userService;
@Autowired
private ISysDeptService deptService;
@RequiresPermissions("system:role:view")
@GetMapping()
public String role()
@ -303,4 +308,16 @@ public class SysRoleController extends BaseController
roleService.checkRoleDataScope(roleId);
return toAjax(roleService.insertAuthUsers(roleId, userIds));
}
/**
*
*/
@RequiresPermissions("system:role:edit")
@GetMapping("/deptTreeData")
@ResponseBody
public List<Ztree> deptTreeData(SysRole role)
{
List<Ztree> ztrees = deptService.roleDeptTreeData(role);
return ztrees;
}
}

31
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
View File

@ -18,6 +18,8 @@ import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.Ztree;
import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.page.TableDataInfo;
@ -28,6 +30,7 @@ import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.framework.shiro.service.SysPasswordService;
import com.ruoyi.framework.shiro.util.AuthorizationUtils;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@ -48,6 +51,9 @@ public class SysUserController extends BaseController
@Autowired
private ISysRoleService roleService;
@Autowired
private ISysDeptService deptService;
@Autowired
private ISysPostService postService;
@ -299,4 +305,29 @@ public class SysUserController extends BaseController
userService.checkUserDataScope(user.getUserId());
return toAjax(userService.changeStatus(user));
}
/**
*
*/
@RequiresPermissions("system:user:list")
@GetMapping("/deptTreeData")
@ResponseBody
public List<Ztree> deptTreeData()
{
List<Ztree> ztrees = deptService.selectDeptTree(new SysDept());
return ztrees;
}
/**
*
*
* @param deptId ID
*/
@RequiresPermissions("system:user:list")
@GetMapping("/selectDeptTree/{deptId}")
public String selectDeptTree(@PathVariable("deptId") Long deptId, ModelMap mmap)
{
mmap.put("dept", deptService.selectDeptById(deptId));
return prefix + "/deptTree";
}
}

2
ruoyi-admin/src/main/resources/templates/system/dept/add.html
View File

@ -116,7 +116,7 @@
var options = {
title: '部门选择',
width: "380",
url: prefix + "/selectDeptTree/" + treeId,
url: prefix + "/selectDeptTree/" + treeId + "/0",
callBack: doSubmit
};
$.modal.openOptions(options);

2
ruoyi-admin/src/main/resources/templates/system/dept/tree.html
View File

@ -32,7 +32,7 @@
var deptId = [[${deptId}]];
var excludeId = [[${excludeId}]];
$(function() {
var url = $.common.isEmpty(excludeId) ? prefix + "/treeData": prefix + "/treeData/" + excludeId;
var url = prefix + "/treeData/" + excludeId;
var options = {
url: url,
expandLevel: 2,

2
ruoyi-admin/src/main/resources/templates/system/role/dataScope.html
View File

@ -52,7 +52,7 @@
<script type="text/javascript">
$(function() {
var url = ctx + "system/dept/roleDeptTreeData?roleId=" + $("#roleId").val();
var url = ctx + "system/role/deptTreeData?roleId=" + $("#roleId").val();
var options = {
id: "deptTrees",
url: url,

3
ruoyi-admin/src/main/resources/templates/system/user/add.html
View File

@ -239,7 +239,7 @@
function selectDeptTree() {
var treeId = $("#treeId").val();
var deptId = $.common.isEmpty(treeId) ? "100" : $("#treeId").val();
var url = ctx + "system/dept/selectDeptTree/" + deptId;
var url = ctx + "system/user/selectDeptTree/" + deptId;
var options = {
title: '选择部门',
width: "380",
@ -250,7 +250,6 @@
}
function doSubmit(index, layero){
var tree = layero.find("iframe")[0].contentWindow.$._tree;
var body = $.modal.getChildFrame(index);
$("#treeId").val(body.find('#treeId').val());
$("#treeName").val(body.find('#treeName').val());

51
ruoyi-admin/src/main/resources/templates/system/user/deptTree.html Normal file
View File

@ -0,0 +1,51 @@
<!DOCTYPE html>
<html lang="zh" xmlns:th="http://www.thymeleaf.org" >
<head>
<th:block th:include="include :: header('部门树选择')" />
<th:block th:include="include :: ztree-css" />
</head>
<style>
body{height:auto;font-family: "Microsoft YaHei";}
button{font-family: "SimSun","Helvetica Neue",Helvetica,Arial;}
</style>
<body class="hold-transition box box-main">
<input id="treeId" name="treeId" type="hidden" th:value="${dept.deptId}"/>
<input id="treeName" name="treeName" type="hidden" th:value="${dept.deptName}"/>
<div class="wrapper"><div class="treeShowHideButton" onclick="$.tree.toggleSearch();">
<label id="btnShow" title="显示搜索" style="display:none;"></label>
<label id="btnHide" title="隐藏搜索"></label>
</div>
<div class="treeSearchInput" id="search">
<label for="keyword">关键字:</label><input type="text" class="empty" id="keyword" maxlength="50">
<button class="btn" id="btn" onclick="$.tree.searchNode()"> 搜索 </button>
</div>
<div class="treeExpandCollapse">
<a href="#" onclick="$.tree.expand()">展开</a> /
<a href="#" onclick="$.tree.collapse()">折叠</a>
</div>
<div id="tree" class="ztree treeselect"></div>
</div>
<th:block th:include="include :: footer" />
<th:block th:include="include :: ztree-js" />
<script th:inline="javascript">
var prefix = ctx + "system/user"
var deptId = [[${deptId}]];
$(function() {
var url = prefix + "/deptTreeData";
var options = {
url: url,
expandLevel: 2,
onClick : zOnClick
};
$.tree.init(options);
});
function zOnClick(event, treeId, treeNode) {
var treeId = treeNode.id;
var treeName = treeNode.name;
$("#treeId").val(treeId);
$("#treeName").val(treeName);
}
</script>
</body>
</html>

3
ruoyi-admin/src/main/resources/templates/system/user/edit.html
View File

@ -203,7 +203,7 @@
/* 用户管理-修改-选择部门树 */
function selectDeptTree() {
var deptId = $.common.isEmpty($("#treeId").val()) ? "100" : $("#treeId").val();
var url = ctx + "system/dept/selectDeptTree/" + deptId;
var url = ctx + "system/user/selectDeptTree/" + deptId;
var options = {
title: '选择部门',
width: "380",
@ -214,7 +214,6 @@
}
function doSubmit(index, layero){
var tree = layero.find("iframe")[0].contentWindow.$._tree;
var body = $.modal.getChildFrame(index);
$("#treeId").val(body.find('#treeId').val());
$("#treeName").val(body.find('#treeName').val());

2
ruoyi-admin/src/main/resources/templates/system/user/user.html
View File

@ -191,7 +191,7 @@
function queryDeptTree()
{
var url = ctx + "system/dept/treeData";
var url = ctx + "system/user/deptTreeData";
var options = {
url: url,
expandLevel: 2,

5
ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java
View File

@ -25,4 +25,9 @@ public @interface DataScope
*
*/
public String userAlias() default "";
/**
* @RequiresPermissions
*/
public String permission() default "";
}

27
ruoyi-common/src/main/java/com/ruoyi/common/core/context/PermissionContextHolder.java Normal file
View File

@ -0,0 +1,27 @@
package com.ruoyi.common.core.context;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import com.ruoyi.common.core.text.Convert;
/**
*
*
* @author ruoyi
*/
public class PermissionContextHolder
{
private static final String PERMISSION_CONTEXT_ATTRIBUTES = "PERMISSION_CONTEXT";
public static void setContext(String permission)
{
RequestContextHolder.currentRequestAttributes().setAttribute(PERMISSION_CONTEXT_ATTRIBUTES, permission,
RequestAttributes.SCOPE_REQUEST);
}
public static String getContext()
{
return Convert.toStr(RequestContextHolder.currentRequestAttributes().getAttribute(PERMISSION_CONTEXT_ATTRIBUTES,
RequestAttributes.SCOPE_REQUEST));
}
}

2
ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysDictData.java
View File

@ -131,7 +131,7 @@ public class SysDictData extends BaseEntity
public boolean getDefault()
{
return UserConstants.YES.equals(this.isDefault) ? true : false;
return UserConstants.YES.equals(this.isDefault);
}
public String getIsDefault()

14
ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java
View File

@ -1,5 +1,6 @@
package com.ruoyi.common.core.domain.entity;
import java.util.Set;
import javax.validation.constraints.*;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
@ -52,6 +53,9 @@ public class SysRole extends BaseEntity
/** 部门组(数据权限) */
private Long[] deptIds;
/** 角色菜单权限 */
private Set<String> permissions;
public SysRole()
{
@ -177,6 +181,16 @@ public class SysRole extends BaseEntity
this.deptIds = deptIds;
}
public Set<String> getPermissions()
{
return permissions;
}
public void setPermissions(Set<String> permissions)
{
this.permissions = permissions;
}
@Override
public String toString() {
return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE)

26
ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java
View File

@ -324,6 +324,32 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
return list;
}
/**
* setarray arrayvalue
*
* @param set
* @param array
* @return boolean
*/
public static boolean containsAny(Collection<String> collection, String... array)
{
if (isEmpty(collection) || isEmpty(array))
{
return false;
}
else
{
for (String str : array)
{
if (collection.contains(str))
{
return true;
}
}
return false;
}
}
/**
*
*

13
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
View File

@ -7,9 +7,11 @@ import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;
import com.ruoyi.common.annotation.DataScope;
import com.ruoyi.common.core.context.PermissionContextHolder;
import com.ruoyi.common.core.domain.BaseEntity;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.utils.ShiroUtils;
import com.ruoyi.common.utils.StringUtils;
@ -68,8 +70,9 @@ public class DataScopeAspect
// 如果是超级管理员,则不过滤数据
if (!currentUser.isAdmin())
{
String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext());
dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
controllerDataScope.userAlias());
controllerDataScope.userAlias(), permission);
}
}
}
@ -81,8 +84,9 @@ public class DataScopeAspect
* @param user
* @param deptAlias
* @param userAlias
* @param permission
*/
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
{
StringBuilder sqlString = new StringBuilder();
List<String> conditions = new ArrayList<String>();
@ -94,6 +98,11 @@ public class DataScopeAspect
{
continue;
}
if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
&& !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
{
continue;
}
if (DATA_SCOPE_ALL.equals(dataScope))
{
sqlString = new StringBuilder();

30
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/PermissionsAspect.java Normal file
View File

@ -0,0 +1,30 @@
package com.ruoyi.framework.aspectj;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;
import com.ruoyi.common.core.context.PermissionContextHolder;
import com.ruoyi.common.utils.StringUtils;
/**
* 便
*
* @author ruoyi
*/
@Aspect
@Component
public class PermissionsAspect
{
@Before("@annotation(controllerRequiresPermissions)")
public void doBefore(JoinPoint point, RequiresPermissions controllerRequiresPermissions) throws Throwable
{
handleRequiresPermissions(point, controllerRequiresPermissions);
}
protected void handleRequiresPermissions(final JoinPoint joinPoint, RequiresPermissions requiresPermissions)
{
PermissionContextHolder.setContext(StringUtils.join(requiresPermissions.value(), ","));
}
}

27
ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/service/SysLoginService.java
View File

@ -1,10 +1,13 @@
package com.ruoyi.framework.shiro.service;
import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.ShiroConstants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.enums.UserStatus;
import com.ruoyi.common.exception.user.CaptchaException;
@ -19,6 +22,7 @@ import com.ruoyi.common.utils.ShiroUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
import com.ruoyi.system.service.ISysMenuService;
import com.ruoyi.system.service.ISysUserService;
/**
@ -35,6 +39,9 @@ public class SysLoginService
@Autowired
private ISysUserService userService;
@Autowired
private ISysMenuService menuService;
/**
*
*/
@ -104,6 +111,7 @@ public class SysLoginService
passwordService.validate(user, password);
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
setRolePermission(user);
recordLoginInfo(user.getUserId());
return user;
}
@ -128,6 +136,25 @@ public class SysLoginService
}
*/
/**
*
*
* @param user
*/
public void setRolePermission(SysUser user)
{
List<SysRole> roles = user.getRoles();
if (!roles.isEmpty() && roles.size() > 1)
{
// 多角色设置permissions属性以便数据权限匹配权限
for (SysRole role : roles)
{
Set<String> rolePerms = menuService.selectPermsByRoleId(role.getRoleId());
role.setPermissions(rolePerms);
}
}
}
/**
*
*

8
ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java
View File

@ -49,6 +49,14 @@ public interface SysMenuMapper
*/
public List<String> selectPermsByUserId(Long userId);
/**
* ID
*
* @param roleId ID
* @return
*/
public List<String> selectPermsByRoleId(Long roleId);
/**
* ID
*

8
ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java
View File

@ -48,6 +48,14 @@ public interface ISysMenuService
*/
public Set<String> selectPermsByUserId(Long userId);
/**
* ID
*
* @param roleId ID
* @return
*/
public Set<String> selectPermsByRoleId(Long roleId);
/**
* ID
*

17
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
View File

@ -1,7 +1,6 @@
package com.ruoyi.system.service.impl;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
@ -71,18 +70,12 @@ public class SysDeptServiceImpl implements ISysDeptService
public List<Ztree> selectDeptTreeExcludeChild(SysDept dept)
{
Long excludeId = dept.getExcludeId();
List<SysDept> deptList = deptMapper.selectDeptList(dept);
Iterator<SysDept> it = deptList.iterator();
while (it.hasNext())
List<SysDept> depts = deptMapper.selectDeptList(dept);
if (excludeId.intValue() > 0)
{
SysDept d = (SysDept) it.next();
if (d.getDeptId().intValue() == excludeId
|| ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), excludeId + ""))
{
it.remove();
}
depts.removeIf(d -> d.getDeptId().intValue() == excludeId || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), excludeId + ""));
}
List<Ztree> ztrees = initZtree(deptList);
List<Ztree> ztrees = initZtree(depts);
return ztrees;
}
@ -97,7 +90,7 @@ public class SysDeptServiceImpl implements ISysDeptService
{
Long roleId = role.getRoleId();
List<Ztree> ztrees = new ArrayList<Ztree>();
List<SysDept> deptList = selectDeptList(new SysDept());
List<SysDept> deptList = SpringUtils.getAopProxy(this).selectDeptList(new SysDept());
if (StringUtils.isNotNull(roleId))
{
List<String> roleDeptList = deptMapper.selectRoleDeptTree(roleId);

21
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
View File

@ -121,6 +121,27 @@ public class SysMenuServiceImpl implements ISysMenuService
return permsSet;
}
/**
* ID
*
* @param roleId ID
* @return
*/
@Override
public Set<String> selectPermsByRoleId(Long roleId)
{
List<String> perms = menuMapper.selectPermsByRoleId(roleId);
Set<String> permsSet = new HashSet<>();
for (String perm : perms)
{
if (StringUtils.isNotEmpty(perm))
{
permsSet.addAll(Arrays.asList(perm.trim().split(",")));
}
}
return permsSet;
}
/**
* ID
*

7
ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml
View File

@ -70,6 +70,13 @@
where m.visible = '0' and r.status = '0' and ur.user_id = #{userId}
</select>
<select id="selectPermsByRoleId" parameterType="Long" resultType="String">
select distinct m.perms
from sys_menu m
left join sys_role_menu rm on m.menu_id = rm.menu_id
where m.visible = '0' and rm.role_id = #{roleId}
</select>
<select id="selectMenuTree" parameterType="Long" resultType="String">
select concat(m.menu_id, ifnull(m.perms,'')) as perms
from sys_menu m