|
|
@@ -80,14 +80,18 @@ public class RoleTenantController extends BaseController {
|
|
|
*/
|
|
|
@PutMapping
|
|
|
public void edit(@Validated @RequestBody SysRole role) {
|
|
|
- //禁止修改admin角色
|
|
|
+ LoginUser loginUser = getLoginUser();
|
|
|
+ SysUser user = loginUser.getUser();
|
|
|
+ //非超管 禁止修改admin角色
|
|
|
SysRole oldSysRole = roleService.getById(role.getRoleId());
|
|
|
- if ("admin".equals(oldSysRole.getRoleKey())) {
|
|
|
+ if (!user.isAdmin() && "admin".equals(oldSysRole.getRoleKey())) {
|
|
|
throw new ServiceException("您无权操作该数据");
|
|
|
}
|
|
|
- //只能改本租户的数据
|
|
|
- String tenantId = SecurityUtils.getTenantId();
|
|
|
-// String tenantId = role.getTenantId();
|
|
|
+ String tenantId = role.getTenantId();
|
|
|
+ if (!user.isAdmin()) {
|
|
|
+ //非超管 只能改本租户的数据
|
|
|
+ tenantId = SecurityUtils.getTenantId();
|
|
|
+ }
|
|
|
if (ObjectUtil.isEmpty(tenantId)) {
|
|
|
throw new ServiceException("租户id不能为空");
|
|
|
}
|
|
|
@@ -109,8 +113,6 @@ public class RoleTenantController extends BaseController {
|
|
|
}
|
|
|
|
|
|
// 更新缓存用户权限
|
|
|
- LoginUser loginUser = getLoginUser();
|
|
|
- SysUser user = loginUser.getUser();
|
|
|
if (StringUtils.isNotNull(user) && !user.isAdmin()) {
|
|
|
loginUser.setPermissions(permissionService.getMenuPermission(user));
|
|
|
loginUser.setUser(userService.selectUserByUserName(user.getTenantId(), user.getUserName()));
|
yzc