fix: 完善用户角色变更校验及在线用户权限处理

continew-org · Nov 12, 2024 · c28d3cf · c28d3cf
1 parent ad3f832
commit c28d3cf
Show file tree

Hide file tree

Showing 7 changed files with 61 additions and 19 deletions.
diff --git a/continew-module-system/src/main/java/top/continew/admin/system/service/RoleService.java b/continew-module-system/src/main/java/top/continew/admin/system/service/RoleService.java
@@ -91,4 +91,12 @@ public interface RoleService extends BaseService<RoleResp, RoleDetailResp, RoleQ
      * @return 角色数量
      */
     int countByNames(List<String> roleNames);
+
+    /**
+     * 分配角色给用户
+     *
+     * @param id      角色 ID
+     * @param userIds 用户 ID 列表
+     */
+    void assignToUsers(Long id, List<Long> userIds);
 }
diff --git a/...w-module-system/src/main/java/top/continew/admin/system/service/impl/RoleServiceImpl.java b/...w-module-system/src/main/java/top/continew/admin/system/service/impl/RoleServiceImpl.java
@@ -26,7 +26,6 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-import top.continew.admin.auth.service.OnlineUserService;
 import top.continew.admin.common.constant.CacheConstants;
 import top.continew.admin.common.constant.ContainerConstants;
 import top.continew.admin.common.constant.SysConstants;
@@ -62,7 +61,6 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
     private final RoleMenuService roleMenuService;
     private final RoleDeptService roleDeptService;
     private final UserRoleService userRoleService;
-    private final OnlineUserService onlineUserService;
 
     @Override
     @Transactional(rollbackFor = Exception.class)
@@ -103,15 +101,7 @@ public void update(RoleReq req, Long id) {
         boolean isSaveDeptSuccess = roleDeptService.add(req.getDeptIds(), id);
         // 如果功能权限或数据权限有变更，则更新在线用户权限信息
         if (isSaveMenuSuccess || isSaveDeptSuccess || ObjectUtil.notEqual(req.getDataScope(), oldDataScope)) {
-            List<Long> userIdList = userRoleService.listUserIdByRoleId(id);
-            userIdList.parallelStream().forEach(userId -> {
-                UserContext userContext = UserContextHolder.getContext(userId);
-                if (null != userContext) {
-                    userContext.setRoles(this.listByUserId(userId));
-                    userContext.setPermissions(this.listPermissionByUserId(userId));
-                    UserContextHolder.setContext(userContext);
-                }
-            });
+            this.updateUserContext(id);
         }
     }
 
@@ -198,6 +188,15 @@ public int countByNames(List<String> roleNames) {
         return (int)this.count(Wrappers.<RoleDO>lambdaQuery().in(RoleDO::getName, roleNames));
     }
 
+    @Override
+    public void assignToUsers(Long id, List<Long> userIds) {
+        super.getById(id);
+        // 保存用户和角色关联
+        userRoleService.assignRoleToUsers(id, userIds);
+        // 更新用户上下文
+        this.updateUserContext(id);
+    }
+
     /**
      * 名称是否存在
      *
@@ -219,4 +218,21 @@ private boolean isNameExists(String name, Long id) {
     private boolean isCodeExists(String code, Long id) {
         return baseMapper.lambdaQuery().eq(RoleDO::getCode, code).ne(null != id, RoleDO::getId, id).exists();
     }
+
+    /**
+     * 更新用户上下文
+     *
+     * @param roleId 角色 ID
+     */
+    private void updateUserContext(Long roleId) {
+        List<Long> userIdList = userRoleService.listUserIdByRoleId(roleId);
+        userIdList.parallelStream().forEach(userId -> {
+            UserContext userContext = UserContextHolder.getContext(userId);
+            if (null != userContext) {
+                userContext.setRoles(this.listByUserId(userId));
+                userContext.setPermissions(this.listPermissionByUserId(userId));
+                UserContextHolder.setContext(userContext);
+            }
+        });
+    }
 }
diff --git a/...dule-system/src/main/java/top/continew/admin/system/service/impl/UserRoleServiceImpl.java b/...dule-system/src/main/java/top/continew/admin/system/service/impl/UserRoleServiceImpl.java
@@ -57,6 +57,8 @@ public boolean assignRolesToUser(List<Long> roleIds, Long userId) {
         if (CollUtil.isEmpty(CollUtil.disjunction(roleIds, oldRoleIdList))) {
             return false;
         }
+        CheckUtils.throwIf(SysConstants.SUPER_USER_ID.equals(userId) && !roleIds
+            .contains(SysConstants.SUPER_ROLE_ID), "不允许变更超管用户角色");
         // 删除原有关联
         baseMapper.lambdaUpdate().eq(UserRoleDO::getUserId, userId).remove();
         // 保存最新关联

diff --git a/...w-module-system/src/main/java/top/continew/admin/system/service/impl/UserServiceImpl.java b/...w-module-system/src/main/java/top/continew/admin/system/service/impl/UserServiceImpl.java
@@ -182,12 +182,7 @@ public void update(UserReq req, Long id) {
         }
         // 如果角色有变更，则更新在线用户权限信息
         if (isSaveUserRoleSuccess) {
-            UserContext userContext = UserContextHolder.getContext(id);
-            if (null != userContext) {
-                userContext.setRoles(roleService.listByUserId(id));
-                userContext.setPermissions(roleService.listPermissionByUserId(id));
-                UserContextHolder.setContext(userContext);
-            }
+            this.updateContext(id);
         }
     }
 
@@ -209,6 +204,8 @@ public void delete(List<Long> ids) {
         userPasswordHistoryService.deleteByUserIds(ids);
         // 删除用户
         super.delete(ids);
+        // 踢出在线用户
+        ids.forEach(onlineUserService::kickOut);
     }
 
     @Override
@@ -388,8 +385,11 @@ public void resetPassword(UserPasswordResetReq req, Long id) {
     @Override
     public void updateRole(UserRoleUpdateReq updateReq, Long id) {
         super.getById(id);
+        List<Long> roleIds = updateReq.getRoleIds();
         // 保存用户和角色关联
-        userRoleService.assignRolesToUser(updateReq.getRoleIds(), id);
+        userRoleService.assignRolesToUser(roleIds, id);
+        // 更新用户上下文
+        this.updateContext(id);
     }
 
     @Override
@@ -685,4 +685,18 @@ private List<UserDO> listByUsernames(List<String> usernames) {
             .in(UserDO::getUsername, usernames)
             .select(UserDO::getId, UserDO::getUsername));
     }
+
+    /**
+     * 更新用户上下文信息
+     *
+     * @param id ID
+     */
+    private void updateContext(Long id) {
+        UserContext userContext = UserContextHolder.getContext(id);
+        if (null != userContext) {
+            userContext.setRoles(roleService.listByUserId(id));
+            userContext.setPermissions(roleService.listPermissionByUserId(id));
+            UserContextHolder.setContext(userContext);
+        }
+    }
 }
diff --git a/continew-webapi/src/main/java/top/continew/admin/controller/system/RoleController.java b/continew-webapi/src/main/java/top/continew/admin/controller/system/RoleController.java
@@ -66,6 +66,6 @@ public List<Long> listUser(@PathVariable("id") Long id) {
     @PostMapping("/{id}/user")
     public void assignToUsers(@PathVariable("id") Long id,
                               @Validated @NotEmpty(message = "用户ID列表不能为空") @RequestBody List<Long> userIds) {
-        userRoleService.assignRoleToUsers(id, userIds);
+        baseService.assignToUsers(id, userIds);
     }
 }
diff --git a/continew-webapi/src/main/resources/db/changelog/mysql/main_data.sql b/continew-webapi/src/main/resources/db/changelog/mysql/main_data.sql
@@ -16,6 +16,7 @@ VALUES
 (1016, '导出', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:export', 6, 1, 1, NOW(), NULL, NULL),
 (1017, '导入', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:import', 7, 1, 1, NOW(), NULL, NULL),
 (1018, '重置密码', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:resetPwd', 8, 1, 1, NOW(), NULL, NULL),
+(1019, '分配角色', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:updateRole', 9, 1, 1, NOW(), NULL, NULL),
 
 (1030, '角色管理', 1000, 2, '/system/role', 'SystemRole', 'system/role/index', NULL, 'user-group', b'0', b'0', b'0', NULL, 2, 1, 1, NOW(), NULL, NULL),
 (1031, '列表', 1030, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:role:list', 1, 1, 1, NOW(), NULL, NULL),

diff --git a/continew-webapi/src/main/resources/db/changelog/postgresql/main_data.sql b/continew-webapi/src/main/resources/db/changelog/postgresql/main_data.sql
@@ -16,6 +16,7 @@ VALUES
 (1016, '导出', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:export', 6, 1, 1, NOW(), NULL, NULL),
 (1017, '导入', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:import', 7, 1, 1, NOW(), NULL, NULL),
 (1018, '重置密码', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:resetPwd', 8, 1, 1, NOW(), NULL, NULL),
+(1019, '分配角色', 1010, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:user:updateRole', 9, 1, 1, NOW(), NULL, NULL),
 
 (1030, '角色管理', 1000, 2, '/system/role', 'SystemRole', 'system/role/index', NULL, 'user-group', false, false, false, NULL, 2, 1, 1, NOW(), NULL, NULL),
 (1031, '列表', 1030, 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 'system:role:list', 1, 1, 1, NOW(), NULL, NULL),