chuangte/project-manager-java
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

0.5.4 非管理员可创建属于自己的任务

Browse Source
This commit is contained in:
磷叶 2025-02-28 10:35:13 +08:00
parent 130a4a6cbf
commit 59c395158c
8 changed files with 117 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ruoyi-service/src/main/java/com/ruoyi/common/constants/RoleConstants.java → common-ruoyi/ruoyi-common/src/main/java/com/ruoyi/common/constant/RoleConstants.java
View File

@ -1,4 +1,4 @@
package com.ruoyi.common.constants; package com.ruoyi.common.constant;
/** /**
* @author wjh * @author wjh

38
common-ruoyi/ruoyi-common/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
View File

@ -2,6 +2,7 @@ package com.ruoyi.common.utils;
import com.ruoyi.common.constant.Constants; import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.HttpStatus; import com.ruoyi.common.constant.HttpStatus;
import com.ruoyi.common.constant.RoleConstants;
import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.exception.ServiceException;
@ -10,6 +11,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.util.PatternMatchUtils; import org.springframework.util.PatternMatchUtils;
import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -155,11 +157,24 @@ public class SecurityUtils
*/ */
public static boolean hasRole(String role) public static boolean hasRole(String role)
{ {
List<SysRole> roleList = getLoginUser().getUser().getRoles(); Collection<String> roles = getRoleKeys();
Collection<String> roles = roleList.stream().map(SysRole::getRoleKey).collect(Collectors.toSet());
return hasRole(roles, role); return hasRole(roles, role);
} }
/**
* 验证用户是否含有某个角色
*/
public static boolean hasAnyRole(String... roles) {
Collection<String> roleKeys = getRoleKeys();
for (String role : roles) {
if (hasRole(roleKeys, role)) {
return true;
}
}
return false;
}
/** /**
* 判断是否包含角色 * 判断是否包含角色
* *
@ -173,4 +188,23 @@ public class SecurityUtils
.anyMatch(x -> Constants.SUPER_ADMIN.equals(x) || PatternMatchUtils.simpleMatch(x, role)); .anyMatch(x -> Constants.SUPER_ADMIN.equals(x) || PatternMatchUtils.simpleMatch(x, role));
} }
public static List<SysRole> getRoles() {
List<SysRole> roles = getLoginUser().getUser().getRoles();
if (roles == null) {
roles = new ArrayList<>();
}
return roles;
}
public static Collection<String> getRoleKeys() {
return getRoles().stream().map(SysRole::getRoleKey).collect(Collectors.toSet());
}
/**
* 是否是系统管理员或者更高权限的
* @return
*/
public static boolean isSysAdmin() {
return hasAnyRole(RoleConstants.ADMIN, RoleConstants.SYS_ADMIN);
}
} }

2
ruoyi-service/src/main/java/com/ruoyi/bst/task/service/TaskService.java
View File

@ -121,5 +121,5 @@ public interface TaskService
*/ */
List<StringIntegerVO> selectCountGroupByType(TaskQuery query); List<StringIntegerVO> selectCountGroupByType(TaskQuery query);
List<TaskVO> selectTaskByIds(List<Long> ids);
} }

18
ruoyi-service/src/main/java/com/ruoyi/bst/task/service/TaskValidator.java
View File

@ -2,6 +2,8 @@ package com.ruoyi.bst.task.service;
import com.ruoyi.bst.task.domain.TaskVO; import com.ruoyi.bst.task.domain.TaskVO;
import java.util.List;
public interface TaskValidator { public interface TaskValidator {
/** /**
@ -25,5 +27,19 @@ public interface TaskValidator {
* @param vo 任务VO * @param vo 任务VO
*/ */
void validate(TaskVO vo); void validate(TaskVO vo);
/**
* 是否允许修改任务
*/
boolean allowUpdateTask(TaskVO vo);
/**
* 是否允许取消任务
*/
boolean allowCancelTask(TaskVO vo);
/**
* 是否允许删除所有任务
*/
boolean allowDelAllTask(List<TaskVO> old);
} }

13
ruoyi-service/src/main/java/com/ruoyi/bst/task/service/impl/TaskServiceImpl.java
View File

@ -1,6 +1,7 @@
package com.ruoyi.bst.task.service.impl; package com.ruoyi.bst.task.service.impl;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collections;
import java.util.List; import java.util.List;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -150,7 +151,7 @@ public class TaskServiceImpl implements TaskService
List<Message> messages = messageConverter.toPoByTaskUpdate(vo); List<Message> messages = messageConverter.toPoByTaskUpdate(vo);
int messageRows = MessageService.batchInsert(messages); int messageRows = MessageService.batchInsert(messages);
ServiceUtil.assertion(messageRows != messages.size(), "保存消息失败"); ServiceUtil.assertion(messageRows != messages.size(), "保存消息失败");
} }
return rows; return rows;
@ -329,4 +330,14 @@ public class TaskServiceImpl implements TaskService
public List<StringIntegerVO> selectCountGroupByType(TaskQuery query) { public List<StringIntegerVO> selectCountGroupByType(TaskQuery query) {
return taskMapper.selectCountGroupByType(query); return taskMapper.selectCountGroupByType(query);
} }
@Override
public List<TaskVO> selectTaskByIds(List<Long> ids) {
if (CollectionUtils.isEmptyElement(ids)) {
return Collections.emptyList();
}
TaskQuery query = new TaskQuery();
query.setIds(ids);
return selectTaskList(query);
}
} }

31
ruoyi-service/src/main/java/com/ruoyi/bst/task/service/impl/TaskValidatorImpl.java
View File

@ -1,7 +1,9 @@
package com.ruoyi.bst.task.service.impl; package com.ruoyi.bst.task.service.impl;
import java.util.List;
import java.util.Objects; import java.util.Objects;
import com.ruoyi.common.utils.SecurityUtils;
import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.CollectionUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -58,4 +60,33 @@ public class TaskValidatorImpl implements TaskValidator{
} }
} }
/**
* 是否允许修改任务
*/
@Override
public boolean allowUpdateTask(TaskVO vo) {
return SecurityUtils.isSysAdmin() || isCreator(vo, SecurityUtils.getUserId());
}
@Override
public boolean allowCancelTask(TaskVO vo) {
return SecurityUtils.isSysAdmin() || isCreator(vo, SecurityUtils.getUserId());
}
@Override
public boolean allowDelAllTask(List<TaskVO> old) {
if (SecurityUtils.isSysAdmin()) {
return true;
}
Long userId = SecurityUtils.getUserId();
return old.stream().allMatch(vo -> isCreator(vo, userId));
}
/**
* 是否是创建人
*/
private boolean isCreator(TaskVO vo, Long userId) {
return vo != null && vo.getCreateId() != null && Objects.equals(vo.getCreateId(), userId);
}
} }

2
ruoyi-web/src/main/java/com/ruoyi/web/bst/CustomerController.java
View File

@ -23,7 +23,7 @@ import com.ruoyi.bst.customer.domain.dto.CustomerAddDTO;
import com.ruoyi.bst.customer.service.CustomerConverter; import com.ruoyi.bst.customer.service.CustomerConverter;
import com.ruoyi.bst.customer.service.CustomerService; import com.ruoyi.bst.customer.service.CustomerService;
import com.ruoyi.common.annotation.Log; import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constants.RoleConstants; import com.ruoyi.common.constant.RoleConstants;
import com.ruoyi.common.core.controller.BaseController; import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.core.page.TableDataInfo;

18
ruoyi-web/src/main/java/com/ruoyi/web/bst/TaskController.java
View File

@ -5,6 +5,8 @@ import java.util.List;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import com.ruoyi.common.constant.RoleConstants;
import com.ruoyi.common.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.annotation.Validated; import org.springframework.validation.annotation.Validated;
@ -108,6 +110,10 @@ public class TaskController extends BaseController
@PostMapping @PostMapping
public AjaxResult add(@RequestBody @Validated(ValidGroup.Create.class) Task task) public AjaxResult add(@RequestBody @Validated(ValidGroup.Create.class) Task task)
{ {
// 若不是管理员则负责人只能填写自己
if (!SecurityUtils.hasAnyRole(RoleConstants.ADMIN, RoleConstants.SYS_ADMIN)) {
task.setOwnerIds(Collections.singletonList(getUserId()));
}
task = taskConverter.toPoByCreate(task); task = taskConverter.toPoByCreate(task);
return toAjax(taskService.insertTask(task)); return toAjax(taskService.insertTask(task));
} }
@ -120,6 +126,10 @@ public class TaskController extends BaseController
@PutMapping @PutMapping
public AjaxResult edit(@RequestBody @Validated(ValidGroup.Update.class) Task task) public AjaxResult edit(@RequestBody @Validated(ValidGroup.Update.class) Task task)
{ {
TaskVO old = taskService.selectTaskById(task.getId());
if (!taskValidator.allowUpdateTask(old)) {
return error("您无权修改ID为" + task.getId() + "的任务");
}
task = taskConverter.toPoByUpdate(task); task = taskConverter.toPoByUpdate(task);
return toAjax(taskService.updateTask(task)); return toAjax(taskService.updateTask(task));
} }
@ -132,6 +142,10 @@ public class TaskController extends BaseController
@DeleteMapping("/{ids}") @DeleteMapping("/{ids}")
public AjaxResult remove(@PathVariable List<Long> ids) public AjaxResult remove(@PathVariable List<Long> ids)
{ {
List<TaskVO> old = taskService.selectTaskByIds(ids);
if (!taskValidator.allowDelAllTask(old)) {
return error("您无权修改ID为" + ids + "的任务");
}
return toAjax(taskService.logicDel(ids)); return toAjax(taskService.logicDel(ids));
} }
@ -156,6 +170,10 @@ public class TaskController extends BaseController
@Log(title = "任务", businessType = BusinessType.UPDATE) @Log(title = "任务", businessType = BusinessType.UPDATE)
@PutMapping("/cancel") @PutMapping("/cancel")
public AjaxResult cancel(@RequestBody @Validated TaskCancelDTO dto) { public AjaxResult cancel(@RequestBody @Validated TaskCancelDTO dto) {
TaskVO old = taskService.selectTaskById(dto.getId());
if (!taskValidator.allowCancelTask(old)) {
return error("您无权取消ID为" + dto.getId() + "的任务");
}
return toAjax(taskService.cancelTask(dto)); return toAjax(taskService.cancelTask(dto));
} }