数据权限

2024-08-12 15:08:07 +08:00 · 2024-08-12 15:08:07 +08:00 · b784d739bc
commit b784d739bc
parent be4810d4c8
9 changed files with 54 additions and 4 deletions
--- a/dl-module-base/pom.xml
+++ b/dl-module-base/pom.xml
@ -25,11 +25,18 @@
            <artifactId>yudao-module-infra-api</artifactId>
            <version>${revision}</version>
        </dependency>
+        <!-- 多租户相关 -->
        <dependency>
            <groupId>cn.iocoder.boot</groupId>
            <artifactId>yudao-spring-boot-starter-biz-tenant</artifactId>
            <version>2.1.0-jdk8-snapshot</version>
        </dependency>
+        <!-- 数据权限 -->
+        <dependency>
+            <groupId>cn.iocoder.boot</groupId>
+            <artifactId>yudao-spring-boot-starter-biz-data-permission</artifactId>
+            <version>2.1.0-jdk8-snapshot</version>
+        </dependency>
        <!-- Web 相关 -->
        <dependency>
            <groupId>cn.iocoder.boot</groupId>
--- a/dl-module-company/src/main/java/cn/iocoder/yudao/config/CompanyDataPermissionConfiguration.java
+++ b/dl-module-company/src/main/java/cn/iocoder/yudao/config/CompanyDataPermissionConfiguration.java
@ -0,0 +1,28 @@
+package cn.iocoder.yudao.config;
+
+import cn.iocoder.yudao.framework.datapermission.core.rule.dept.DeptDataPermissionRuleCustomizer;
+import cn.iocoder.yudao.module.staff.entity.CompanyStaff;
+import cn.iocoder.yudao.module.system.dal.dataobject.dept.DeptDO;
+import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 数据权限 Configuration
+ *
+ * @author vinjor-m
+ */
+@Configuration(proxyBeanMethods = false)
+public class CompanyDataPermissionConfiguration {
+
+    @Bean
+    public DeptDataPermissionRuleCustomizer companyDataPermissionRuleCustomizer() {
+        return rule -> {
+            // 应用部门的数据权限都有哪些表，默认dept_id
+            rule.addDeptColumn(CompanyStaff.class);
+            // 应用用户的数据权限都有哪些表和对应字段，默认creator
+//            rule.addUserColumn(CompanyStaff.class, "id");
+        };
+    }
+
+}
--- a/dl-module-company/src/main/java/cn/iocoder/yudao/module/staff/service/impl/CompanyStaffServiceImpl.java
+++ b/dl-module-company/src/main/java/cn/iocoder/yudao/module/staff/service/impl/CompanyStaffServiceImpl.java
@ -6,6 +6,8 @@ import cn.hutool.core.util.RandomUtil;
 import cn.iocoder.yudao.common.BaseConstants;
 import cn.iocoder.yudao.common.CommonErrorCodeConstants;
 import cn.iocoder.yudao.framework.common.util.io.FileUtils;
+import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule;
+import cn.iocoder.yudao.framework.datapermission.core.rule.dept.DeptDataPermissionRule;
 import cn.iocoder.yudao.framework.security.core.LoginUser;
 import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
 import cn.iocoder.yudao.module.company.entity.Company;
@ -66,6 +68,8 @@ public class CompanyStaffServiceImpl extends ServiceImpl<CompanyStaffMapper, Com

    @Resource
    private UniqueCodeService uniqueCodeService;
+    @Resource
+    private DataPermissionRule dataPermissionRule;

    /**
     * 获得企业管理-员工信息表分页
--- a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/config/CommonStr.java
+++ b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/config/CommonStr.java
@ -8,4 +8,6 @@ package cn.iocoder.yudao.framework.common.config;
 public interface CommonStr {
    /** 默认点亮科技租户 --1 */
    Long TENANT_ID=1L;
+    /** 默认超级管理员id --1 */
+    Long SUPER_ADMIN_ID=1L;
 }
--- a/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java
+++ b/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java
@ -54,7 +54,7 @@ public class DeptDataPermissionRule implements DataPermissionRule {
    protected static final String CONTEXT_KEY = DeptDataPermissionRule.class.getSimpleName();

    private static final String DEPT_COLUMN_NAME = "dept_id";
-    private static final String USER_COLUMN_NAME = "user_id";
+    private static final String USER_COLUMN_NAME = "creator";

    static final Expression EXPRESSION_NULL = new NullValue();

--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/permission/RoleServiceImpl.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/permission/RoleServiceImpl.java
@ -3,12 +3,13 @@ package cn.iocoder.yudao.module.system.service.permission;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
+import cn.iocoder.yudao.framework.security.core.LoginUser;
+import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
 import cn.iocoder.yudao.framework.tenant.core.aop.TenantIgnore;
 import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RolePageReqVO;
 import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
@ -32,6 +33,7 @@ import org.springframework.util.StringUtils;
 import javax.annotation.Resource;
 import java.util.*;

+import static cn.iocoder.yudao.framework.common.config.CommonStr.SUPER_ADMIN_ID;
 import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertMap;
 import static cn.iocoder.yudao.module.system.enums.ErrorCodeConstants.*;
@ -181,7 +183,12 @@ public class RoleServiceImpl implements RoleService {
        }
        // 内置角色，不允许删除
        if (RoleTypeEnum.SYSTEM.getType().equals(role.getType())) {
-            throw exception(ROLE_CAN_NOT_UPDATE_SYSTEM_TYPE_ROLE);
+            /* 获取当前登录用户的信息 */
+            LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
+            if (loginUser != null && !SUPER_ADMIN_ID.equals(loginUser.getId())) {
+                //只有admin可以编辑
+                throw exception(ROLE_CAN_NOT_UPDATE_SYSTEM_TYPE_ROLE);
+            }
        }
        return role;
    }
--- a/yudao-server/src/main/java/cn/iocoder/yudao/server/YudaoServerApplication.java
+++ b/yudao-server/src/main/java/cn/iocoder/yudao/server/YudaoServerApplication.java
@ -13,7 +13,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication;
 * @author 芋道源码
 */
@SuppressWarnings("SpringComponentScan") // 忽略 IDEA 无法识别 ${yudao.info.base-package}
-@SpringBootApplication(scanBasePackages = {"${yudao.info.base-package}.server", "${yudao.info.base-package}.module"})
+@SpringBootApplication(scanBasePackages = {"${yudao.info.base-package}.server", "${yudao.info.base-package}.module", "${yudao.info.base-package}"})
 public class YudaoServerApplication {

    public static void main(String[] args) {
--- a/yudao-server/src/main/resources/application-local.yaml
+++ b/yudao-server/src/main/resources/application-local.yaml
@ -177,6 +177,7 @@ logging:
    org.springframework.context.support.PostProcessorRegistrationDelegate: ERROR # TODO 芋艿：先禁用，Spring Boot 3.X 存在部分错误的 WARN 提示
    cn.iocoder.yudao.module.custom.mapper: debug #
    cn.iocoder.yudao.module.company.mapper: debug #
+    cn.iocoder.yudao.module.staff.mapper: debug #

 debug: false

--- a/yudao-server/src/main/resources/application.yaml
+++ b/yudao-server/src/main/resources/application.yaml
@ -7,6 +7,7 @@ spring:

  main:
    allow-circular-references: true # 允许循环依赖，因为项目是三层架构，无法避免这个情况。
+    allow-bean-definition-overriding: true #允许bean的重复命名

  # Servlet 配置
  servlet: