From 050b6bc88dfbff427d67ad5fd335f7cb0ec13ee1 Mon Sep 17 00:00:00 2001
From: whycxzp <glperry@163.com>
Date: 星期四, 12 九月 2024 15:38:24 +0800
Subject: [PATCH] 用户编辑权限校验

---
 src/main/java/com/whyc/service/UserService.java |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/whyc/service/UserService.java b/src/main/java/com/whyc/service/UserService.java
index 5ee7cb3..f62daac 100644
--- a/src/main/java/com/whyc/service/UserService.java
+++ b/src/main/java/com/whyc/service/UserService.java
@@ -45,6 +45,9 @@
     @Autowired
     private ApplicationContext applicationContext;
 
+    @Resource
+    private PermitGroupUserService permitGroupUserService;
+
     public Response add(UserInf user) {
         try {
             UserInf userFound = userBridgeService.findPasswordByUserName(user.getUName());
@@ -79,6 +82,8 @@
         }
     }
     public Response addByRSA(UserInf user) {
+        //棣栧厛鏍￠獙褰撳墠鐢ㄦ埛鎵�鍦ㄧ殑鏉冮檺缁�,鏄惁瀛樺湪鐢ㄦ埛缂栬緫鏉冮檺 usr_edit_permit
+        if (!checkUserPermit()) return new Response<>().set(1, false, "鎮ㄦ病鏈夋潈闄愮紪杈戠敤鎴�");
         try {
             UserInf userFound = userBridgeService.findPasswordByUserName(user.getUName());
             if (userFound.getUId() != 0) {
@@ -110,6 +115,16 @@
             e.printStackTrace();
             return new Response<>().set(0);
         }
+    }
+
+    private boolean checkUserPermit() {
+        //棣栧厛鏍￠獙褰撳墠鐢ㄦ埛鎵�鍦ㄧ殑鏉冮檺缁�,鏄惁瀛樺湪鐢ㄦ埛缂栬緫鏉冮檺 usr_edit_permit
+        Long uId = ActionUtil.getUser().getUId();
+        List<String> itemList = permitGroupUserService.getItemList(uId);
+        if (!itemList.contains("usr_edit_permit")){
+            return false;
+        }
+        return true;
     }
 
     public Response registerUser(UserInf user){
@@ -172,6 +187,8 @@
     }
 
     public Response update(UserInf user) {
+        //棣栧厛鏍￠獙褰撳墠鐢ㄦ埛鎵�鍦ㄧ殑鏉冮檺缁�,鏄惁瀛樺湪鐢ㄦ埛缂栬緫鏉冮檺 usr_edit_permit
+        if (!checkUserPermit()) return new Response<>().set(1, false, "鎮ㄦ病鏈夋潈闄愮紪杈戠敤鎴�");
         //闈炵郴缁熺鐞嗗憳鐢ㄦ埛,绂佹淇敼璁块棶ip鍜岃闂椂闂�
         if(user.getUId()!=1 && user.getUName().equals("sys_admin")){
             user.setVisitIp((String) ActionUtil.objeNull);
@@ -195,6 +212,8 @@
 
     @Transactional
     public boolean delete(int id) {
+        //棣栧厛鏍￠獙褰撳墠鐢ㄦ埛鎵�鍦ㄧ殑鏉冮檺缁�,鏄惁瀛樺湪鐢ㄦ埛缂栬緫鏉冮檺 usr_edit_permit
+        if (!checkUserPermit()) return false;
         UpdateWrapper wrapper = new UpdateWrapper();
         wrapper.eq("uId", id);
         //鍒犻櫎瀵瑰簲鐨勫寘鏈虹粍璁板綍

--
Gitblit v1.9.1