上级角色校验

hx-tenant/src/main/java/com/fjhx/tenant/controller/tenant/RoleTenantController.java

@@ -13,7 +13,6 @@ import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.domain.model.LoginUser;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.exception.ServiceException;
-import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.web.service.SysPermissionService;
 import com.ruoyi.framework.web.service.TokenService;
@@ -24,7 +23,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.ArrayList;
 import java.util.List;
+import java.util.stream.Collectors;
 
 @TenantIgnore
 @DS(BaseSourceConstant.BASE)
@@ -80,18 +81,23 @@ public class RoleTenantController extends BaseController {
      */
     @PutMapping
     public void edit(@Validated @RequestBody SysRole role) {
+        //检查上级角色是否循环
+        Long parentId = role.getParentId();
+        if (ObjectUtil.isNotEmpty(parentId)) {
+            SysRole sysRole = roleService.getById(parentId);
+            List<String> nameList = new ArrayList<>();
+            while (ObjectUtil.isNotEmpty(sysRole)) {
+                nameList.add(0, sysRole.getRoleName());
+                if (ObjectUtil.equals(role.getRoleId(), sysRole.getParentId())) {
+                    throw new ServiceException(String.format("当前角色为 %s 上级角色！", nameList.stream().collect(Collectors.joining(">"))));
+                }
+                sysRole = roleService.getById(sysRole.getParentId());
+            }
+        }
+
         LoginUser loginUser = getLoginUser();
         SysUser user = loginUser.getUser();
-//        //非超管 禁止修改admin角色
-//        SysRole oldSysRole = roleService.getById(role.getRoleId());
-//        if (!user.isAdmin() && "admin".equals(oldSysRole.getRoleKey())) {
-//            throw new ServiceException("您无权操作该数据");
-//        }
         String tenantId = role.getTenantId();
-//        if (!user.isAdmin() && !user.getTenantId().equals(tenantId)) {
-//            //非超管 只能改本租户的数据
-//            throw new ServiceException("您无权操作其他租户的数据");
-//        }
         if (ObjectUtil.isEmpty(tenantId)) {
             throw new ServiceException("租户id不能为空");
         }

ruoyi-system/src/main/java/com/ruoyi/system/utils/UserUtil.java

@@ -1,9 +1,13 @@
 package com.ruoyi.system.utils;
 
+import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import com.ruoyi.common.core.domain.entity.SysRole;
 import com.ruoyi.common.core.domain.entity.SysUser;
+import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.wrapper.IWrapper;
 import com.ruoyi.system.mapper.SysRoleMapper;
+import com.ruoyi.system.service.ISysRoleService;
 import com.ruoyi.system.service.ISysUserService;
 
 import java.util.ArrayList;
@@ -18,6 +22,7 @@ public class UserUtil {
 
     private static final ISysUserService sysUserService = SpringUtil.getBean(ISysUserService.class);
     private static final SysRoleMapper roleMapper = SpringUtil.getBean(SysRoleMapper.class);
+    private static final ISysRoleService roleService = SpringUtil.getBean(ISysRoleService.class);
 
     public static List<SysUser> getListByIds(List<Long> idList) {
         if (idList.size() == 0) {
@@ -70,28 +75,63 @@ public class UserUtil {
     /**
      * 根据角色KEY获取用户id列表
      */
-    public static List<Long> getUserIdsByRoleKey(String roleKey){
+    public static List<Long> getUserIdsByRoleKey(String roleKey) {
         return sysUserService.getUserIdsByRoleKey(roleKey);
     }
 
     /**
      * 根据角色KEY和公司id获取用户id列表
      */
-    public static List<Long> getUserIdsByRoleKey(String roleKey, Long companyId){
-        return sysUserService.getUserIdsByRoleKey(roleKey,companyId);
+    public static List<Long> getUserIdsByRoleKey(String roleKey, Long companyId) {
+        return sysUserService.getUserIdsByRoleKey(roleKey, companyId);
+    }
+
+    public static List<Long> getUserIdsByRoleKeys(List<String> roleKeys, Long companyId) {
+        roleKeys = roleKeys.stream().distinct().collect(Collectors.toList());
+        List<Long> uidList = new ArrayList<>();
+        for (String roleKey : roleKeys) {
+            uidList.addAll(sysUserService.getUserIdsByRoleKey(roleKey, companyId));
+        }
+        return uidList.stream().distinct().collect(Collectors.toList());
     }
 
     /**
      * 获取用户角色列表
      */
-    public static List<SysRole> getUserRoles(Long userId){
+    public static List<SysRole> getUserRoles(Long userId) {
         return roleMapper.selectRolePermissionByUserId(userId);
     }
+
     /**
      * 获取用户角色Key列表
      */
-    public static List<String> getUserRoleKeys(Long userId){
+    public static List<String> getUserRoleKeys(Long userId) {
         return getUserRoles(userId).stream().map(SysRole::getRoleKey).collect(Collectors.toList());
     }
 
+    /**
+     * 获取用户角色以及子角色
+     */
+    public static List<SysRole> getUserRoleAndChildRole(Long userId) {
+        return recursionRoles(getUserRoles(userId), 0);
+    }
+
+    /**
+     * 递归角色以及子角色
+     */
+    private static List<SysRole> recursionRoles(List<SysRole> userRoles, int count) {
+        count++;
+        if (count >= 100) {
+            throw new ServiceException("查询角色子级循环超过" + count + "次，可能成环，请检查或联系管理员！");
+        }
+        for (SysRole userRole : userRoles) {
+            List<SysRole> list = roleService.list(IWrapper.<SysRole>getWrapper().eq(SysRole::getParentId, userRole.getRoleId()));
+            if (ObjectUtil.isEmpty(list)) {
+                continue;
+            }
+            userRoles.addAll(recursionRoles(list, count));
+        }
+        return userRoles;
+    }
+
 }