From 4e8dd706d568d1276ad82a0bf8f4ba13c5dac5ef Mon Sep 17 00:00:00 2001
From: 0慕容雪0 <ytu.mxh@163.com>
Date: Fri, 10 Mar 2023 16:22:35 +0800
Subject: [PATCH] update ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java. DataScopeAspect,数据权限切面处理类中,用户多角色情况下,若所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,会导致用户拥有全部数据权限,所以要限制一下, 可以根据conditions集合是否为空,来判断循环时所有角色是否都是在判断权限字符时continue了。 复现方法: 在使用@DataScope注解时permission定义了值,这个值所有角色不包含。
---
ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java | 18 +++++++++++++++++-
1 files changed, 17 insertions(+), 1 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
index 19c4a51..357e12f 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
@@ -1,9 +1,11 @@
package com.ruoyi.framework.web.service;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.system.service.ISysMenuService;
import com.ruoyi.system.service.ISysRoleService;
@@ -59,7 +61,21 @@
}
else
{
- perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
+ List<SysRole> roles = user.getRoles();
+ if (!roles.isEmpty() && roles.size() > 1)
+ {
+ // 多角色设置permissions属性,以便数据权限匹配权限
+ for (SysRole role : roles)
+ {
+ Set<String> rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId());
+ role.setPermissions(rolePerms);
+ perms.addAll(rolePerms);
+ }
+ }
+ else
+ {
+ perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
+ }
}
return perms;
}
--
Gitblit v1.9.2