From 4e8dd706d568d1276ad82a0bf8f4ba13c5dac5ef Mon Sep 17 00:00:00 2001
From: 0慕容雪0 <ytu.mxh@163.com>
Date: Fri, 10 Mar 2023 16:22:35 +0800
Subject: [PATCH] update ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java. DataScopeAspect,数据权限切面处理类中,用户多角色情况下,若所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,会导致用户拥有全部数据权限,所以要限制一下, 可以根据conditions集合是否为空,来判断循环时所有角色是否都是在判断权限字符时continue了。 复现方法: 在使用@DataScope注解时permission定义了值,这个值所有角色不包含。
---
ruoyi-ui/src/views/system/role/selectUser.vue | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/ruoyi-ui/src/views/system/role/selectUser.vue b/ruoyi-ui/src/views/system/role/selectUser.vue
index 3229462..e0f83fa 100644
--- a/ruoyi-ui/src/views/system/role/selectUser.vue
+++ b/ruoyi-ui/src/views/system/role/selectUser.vue
@@ -1,13 +1,12 @@
<template>
<!-- 授权用户 -->
<el-dialog title="选择用户" :visible.sync="visible" width="800px" top="5vh" append-to-body>
- <el-form :model="queryParams" ref="queryForm" :inline="true">
+ <el-form :model="queryParams" ref="queryForm" size="small" :inline="true">
<el-form-item label="用户名称" prop="userName">
<el-input
v-model="queryParams.userName"
placeholder="请输入用户名称"
clearable
- size="small"
@keyup.enter.native="handleQuery"
/>
</el-form-item>
@@ -16,7 +15,6 @@
v-model="queryParams.phonenumber"
placeholder="请输入手机号码"
clearable
- size="small"
@keyup.enter.native="handleQuery"
/>
</el-form-item>
@@ -123,8 +121,12 @@
handleSelectUser() {
const roleId = this.queryParams.roleId;
const userIds = this.userIds.join(",");
+ if (userIds == "") {
+ this.$modal.msgError("请选择要分配的用户");
+ return;
+ }
authUserSelectAll({ roleId: roleId, userIds: userIds }).then(res => {
- this.msgSuccess(res.msg);
+ this.$modal.msgSuccess(res.msg);
if (res.code === 200) {
this.visible = false;
this.$emit("ok");
--
Gitblit v1.9.2