相关接口权限限制

hx-tenant/src/main/java/com/fjhx/tenant/controller/tenant/RoleTenantController.java

@@ -13,6 +13,7 @@ import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.domain.model.LoginUser;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.web.service.SysPermissionService;
 import com.ruoyi.framework.web.service.TokenService;
@@ -79,7 +80,14 @@ public class RoleTenantController extends BaseController {
      */
     @PutMapping
     public void edit(@Validated @RequestBody SysRole role) {
-        String tenantId = role.getTenantId();
+        //禁止修改admin角色
+        SysRole oldSysRole = roleService.getById(role.getRoleId());
+        if ("admin".equals(oldSysRole.getRoleKey())) {
+            throw new ServiceException("您无权操作该数据");
+        }
+        //只能改本租户的数据
+        String tenantId = SecurityUtils.getTenantId();
+//        String tenantId = role.getTenantId();
         if (ObjectUtil.isEmpty(tenantId)) {
             throw new ServiceException("租户id不能为空");
         }

hx-tenant/src/main/java/com/fjhx/tenant/service/tenant/impl/TenantInfoServiceImpl.java

@@ -196,6 +196,11 @@ public class TenantInfoServiceImpl extends ServiceImpl<TenantInfoMapper, TenantI
     @Transactional
     @Override
     public void bindingMenu(BindingMenuDto dto) {
+        //只有超管能操作该接口
+        SysUser user = SecurityUtils.getLoginUser().getUser();
+        if (!user.isAdmin()){
+            throw new ServiceException("你无权操作该数据");
+        }
         String tenantId = dto.getTenantId();
         TenantInfo tenantInfo = this.getOne(q -> q.eq(TenantInfo::getTenantId, tenantId));
         if (tenantInfo == null) {