Prechádzať zdrojové kódy

解决数据权限只有本部门及以下时候,可能出现数据权限越界的情况

RACSU 5 rokov pred
rodič
commit
dea394a93d

+ 2 - 3
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java

@@ -118,10 +118,9 @@ public class DataScopeAspect
             }
             else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
             {
-                String deptChild = user.getDept().getParentId() + "," + user.getDeptId();
                 sqlString.append(StringUtils.format(
-                        " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or ancestors LIKE '%{}%' )",
-                        deptAlias, user.getDeptId(), deptChild));
+                        " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
+                        deptAlias, user.getDeptId(),  user.getDeptId()));
             }
             else if (DATA_SCOPE_SELF.equals(dataScope))
             {