管理员用户&角色不允许操作

661b6fe5 · RuoYi · ac97d15a · 661b6fe5 · 661b6fe5 · 661b6fe5
Commit 661b6fe5 authored Oct 03, 2019 by RuoYi
11 changed files
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@
 10. 登录日志：系统登录日志记录查询包含登录异常。
 11. 在线用户：当前系统中活跃用户状态监控。
 12. 定时任务：在线（添加、修改、删除)任务调度包含执行结果日志。
-13. 代码生成：前后端代码的生成（java、html、xml、sql)支持CRUD下载 。
+13. 代码生成：前后端代码的生成（java、html、xml、sql）支持CRUD下载 。
 14. 系统接口：根据业务代码自动生成相关的api接口文档。
 15. 服务监控：监视当前系统CPU、内存、磁盘、堆栈等相关信息。
 16. 在线构建器：拖动表单元素生成相应的HTML代码。

--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
@@ -121,6 +121,7 @@ public class SysRoleController extends BaseController
    @ResponseBody
    public AjaxResult editSave(@Validated SysRole role)
    {
+        roleService.checkRoleAllowed(role);
        if (UserConstants.ROLE_NAME_NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role)))
        {
            return error("修改角色'" + role.getRoleName() + "'失败，角色名称已存在");
@@ -153,6 +154,7 @@ public class SysRoleController extends BaseController
    @ResponseBody
    public AjaxResult authDataScopeSave(SysRole role)
    {
+        roleService.checkRoleAllowed(role);
        role.setUpdateBy(ShiroUtils.getLoginName());
        if (roleService.authDataScope(role) > 0)
        {
@@ -216,6 +218,7 @@ public class SysRoleController extends BaseController
    @ResponseBody
    public AjaxResult changeStatus(SysRole role)
    {
+        roleService.checkRoleAllowed(role);
        return toAjax(roleService.changeStatus(role));
    }

--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -18,7 +18,6 @@ import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
-import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.framework.shiro.service.SysPasswordService;
 import com.ruoyi.framework.util.ShiroUtils;
@@ -159,11 +158,8 @@ public class SysUserController extends BaseController
    @ResponseBody
    public AjaxResult editSave(@Validated SysUser user)
    {
-        if (StringUtils.isNotNull(user.getUserId()) && SysUser.isAdmin(user.getUserId()))
+        userService.checkUserAllowed(user);
-        {
+        if (UserConstants.USER_PHONE_NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
-            return error("不允许修改超级管理员用户");
-        }
-        else if (UserConstants.USER_PHONE_NOT_UNIQUE.equals(userService.checkPhoneUnique(user)))
        {
            return error("修改用户'" + user.getLoginName() + "'失败，手机号码已存在");
        }
@@ -190,6 +186,7 @@ public class SysUserController extends BaseController
    @ResponseBody
    public AjaxResult resetPwdSave(SysUser user)
    {
+        userService.checkUserAllowed(user);
        user.setSalt(ShiroUtils.randomSalt());
        user.setPassword(passwordService.encryptPassword(user.getLoginName(), user.getPassword(), user.getSalt()));
        if (userService.resetUserPwd(user) > 0)
@@ -258,6 +255,7 @@ public class SysUserController extends BaseController
    @ResponseBody
    public AjaxResult changeStatus(SysUser user)
    {
+        userService.checkUserAllowed(user);
        return toAjax(userService.changeStatus(user));
    }
 }
\ No newline at end of file
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MyBatisConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/MyBatisConfig.java
@@ -5,7 +5,6 @@ import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import javax.sql.DataSource;
 import org.apache.ibatis.io.VFS;
 import org.apache.ibatis.session.SqlSessionFactory;
 import org.mybatis.spring.SqlSessionFactoryBean;

--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/realm/UserRealm.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/shiro/realm/UserRealm.java
@@ -19,7 +19,6 @@ import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import com.ruoyi.common.exception.user.CaptchaException;
 import com.ruoyi.common.exception.user.RoleBlockedException;
 import com.ruoyi.common.exception.user.UserBlockedException;

--- a/ruoyi-system/src/main/java/com/ruoyi/system/domain/SysRole.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/domain/SysRole.java
@@ -52,6 +52,16 @@ public class SysRole extends BaseEntity
    /** 部门组（数据权限） */
    private Long[] deptIds;
+    public SysRole()
+    {
+    }
+    public SysRole(Long roleId)
+    {
+        this.roleId = roleId;
+    }
    public Long getRoleId()
    {
        return roleId;
@@ -62,6 +72,16 @@ public class SysRole extends BaseEntity
        this.roleId = roleId;
    }
+    public boolean isAdmin()
+    {
+        return isAdmin(this.roleId);
+    }
+    public static boolean isAdmin(Long roleId)
+    {
+        return roleId != null && 1L == roleId;
+    }
    public String getDataScope()
    {
        return dataScope;

--- a/ruoyi-system/src/main/java/com/ruoyi/system/domain/SysUser.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/domain/SysUser.java
@@ -93,6 +93,16 @@ public class SysUser extends BaseEntity
    /** 岗位组 */
    private Long[] postIds;
+    public SysUser()
+    {
+    }
+    public SysUser(Long userId)
+    {
+        this.userId = userId;
+    }
    public Long getUserId()
    {
        return userId;

--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysRoleService.java
@@ -109,6 +109,13 @@ public interface ISysRoleService
    public String checkRoleKeyUnique(SysRole role);
    /**
+     * 校验角色是否允许操作
+     * 
+     * @param role 角色信息
+     */
+    public void checkRoleAllowed(SysRole role);
+    /**
     * 通过角色ID查询角色使用数量
     * 
     * @param roleId 角色ID
@@ -123,6 +130,7 @@ public interface ISysRoleService
     * @return 结果
     */
    public int changeStatus(SysRole role);
    /**
     * 取消授权用户角色
     * 
@@ -139,7 +147,7 @@ public interface ISysRoleService
     * @return 结果
     */
    public int deleteAuthUsers(Long roleId, String userIds);
    /**
     * 批量选择授权用户角色
     * 

--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
@@ -140,6 +140,13 @@ public interface ISysUserService
    public String checkEmailUnique(SysUser user);
    /**
+     * 校验用户是否允许操作
+     * 
+     * @param user 用户信息
+     */
+    public void checkUserAllowed(SysUser user);
+    /**
     * 根据用户ID查询用户所属角色组
     * 
     * @param userId 用户ID

--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
@@ -150,6 +150,7 @@ public class SysRoleServiceImpl implements ISysRoleService
        Long[] roleIds = Convert.toLongArray(ids);
        for (Long roleId : roleIds)
        {
+            checkRoleAllowed(new SysRole(roleId));
            SysRole role = selectRoleById(roleId);
            if (countUserRoleByRoleId(roleId) > 0)
            {
@@ -294,6 +295,19 @@ public class SysRoleServiceImpl implements ISysRoleService
    }
    /**
+     * 校验角色是否允许操作
+     * 
+     * @param role 角色信息
+     */
+    public void checkRoleAllowed(SysRole role)
+    {
+        if (StringUtils.isNotNull(role.getRoleId()) && role.isAdmin())
+        {
+            throw new BusinessException("不允许操作超级管理员角色");
+        }
+    }
+    /**
     * 通过角色ID查询角色使用数量
     * 
     * @param roleId 角色ID

--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -167,10 +167,7 @@ public class SysUserServiceImpl implements ISysUserService
        Long[] userIds = Convert.toLongArray(ids);
        for (Long userId : userIds)
        {
-            if (SysUser.isAdmin(userId))
+            checkUserAllowed(new SysUser(userId));
-            {
-                throw new BusinessException("不允许删除超级管理员用户");
-            }
        }
        return userMapper.deleteUserByIds(userIds);
    }
@@ -346,6 +343,19 @@ public class SysUserServiceImpl implements ISysUserService
    }
    /**
+     * 校验用户是否允许操作
+     * 
+     * @param user 用户信息
+     */
+    public void checkUserAllowed(SysUser user)
+    {
+        if (StringUtils.isNotNull(user.getUserId()) && user.isAdmin())
+        {
+            throw new BusinessException("不允许操作超级管理员用户");
+        }
+    }
+    /**
     * 查询用户所属角色组
     * 
     * @param userId 用户ID
@@ -465,10 +475,6 @@ public class SysUserServiceImpl implements ISysUserService
    @Override
    public int changeStatus(SysUser user)
    {
-        if (SysUser.isAdmin(user.getUserId()))
-        {
-            throw new BusinessException("不允许修改超级管理员用户");
-        }
        return userMapper.updateUser(user);
    }
 }