From 93d8168e9f55ecb9691eeb9ce899503f0140020a Mon Sep 17 00:00:00 2001
From: lishuyanla <1206770390@qq.com>
Date: Mon, 28 Jul 2025 17:31:22 +0800
Subject: [PATCH] =?UTF-8?q?fix(system/user):=20=E7=B3=BB=E7=BB=9F=E5=86=85?=
=?UTF-8?q?=E7=BD=AE=E7=94=A8=E6=88=B7=E7=A6=81=E6=AD=A2=E4=BF=AE=E6=94=B9?=
=?UTF-8?q?=E8=A7=92=E8=89=B2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: lishuyan<1206770390@qq.com>
# message auto-generated for no-merge-commit merge:
merge feat/dev into dev
fix(user-role): 🐛 禁止修改系统内置用户的角色分配
Created-by: lishuyanla
Commit-by: lishuyan
Merged-by: Charles_7c
Description:
## PR 类型
- [ ] 新 feature
- [x] Bug 修复
- [ ] 功能增强
- [ ] 文档变更
- [ ] 代码样式变更
- [ ] 重构
- [ ] 性能改进
- [ ] 单元测试
- [ ] CI/CD
- [ ] 其他
## PR 目的
修复 可以修改系统内置用户的角色分配 的BUG
## 解决方案
## PR 测试
## Changelog
| 模块 | Changelog | Related issues |
| ------------ | ------------------------------------------------------------ | -------------- |
| 系统管理模块 | fix(user-role): 🐛 禁止修改系统内置用户的角色分配
- 在用户角色分配功能中增加了对系统内置用户的检查
- 如果尝试修改系统内置用户的角色,会抛出异常并提示错误信息
- 这个修改确保了系统内置用户的权限不会被意外更改,提高了系统安全性 | |
## 其他信息
## 提交前确认
- [x] PR 代码经过了完整测试,并且通过了代码规范检查
- [x] 已经完整填写 Changelog,并链接到了相关 issues
- [x] PR 代码将要提交到 dev 分支
See merge request: continew/continew-admin!8
---
.../system/service/impl/UserRoleServiceImpl.java | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/continew-system/src/main/java/top/continew/admin/system/service/impl/UserRoleServiceImpl.java b/continew-system/src/main/java/top/continew/admin/system/service/impl/UserRoleServiceImpl.java
index 29840500..172e5d5d 100644
--- a/continew-system/src/main/java/top/continew/admin/system/service/impl/UserRoleServiceImpl.java
+++ b/continew-system/src/main/java/top/continew/admin/system/service/impl/UserRoleServiceImpl.java
@@ -32,16 +32,19 @@ import top.continew.admin.common.enums.RoleCodeEnum;
import top.continew.admin.system.constant.SystemConstants;
import top.continew.admin.system.mapper.UserRoleMapper;
import top.continew.admin.system.model.entity.UserRoleDO;
+import top.continew.admin.system.model.entity.user.UserDO;
import top.continew.admin.system.model.query.RoleUserQuery;
import top.continew.admin.system.model.resp.role.RoleUserResp;
import top.continew.admin.system.service.RoleService;
import top.continew.admin.system.service.UserRoleService;
+import top.continew.admin.system.service.UserService;
import top.continew.starter.core.util.CollUtils;
import top.continew.starter.core.util.validation.CheckUtils;
import top.continew.starter.data.util.QueryWrapperHelper;
import top.continew.starter.extension.crud.model.query.PageQuery;
import top.continew.starter.extension.crud.model.resp.PageResp;
+import java.util.Collection;
import java.util.List;
import java.util.Set;
@@ -59,6 +62,9 @@ public class UserRoleServiceImpl implements UserRoleService {
@Lazy
@Resource
private RoleService roleService;
+ @Lazy
+ @Resource
+ private UserService userService;
@Override
@AutoOperate(type = RoleUserResp.class, on = "list")
@@ -79,6 +85,11 @@ public class UserRoleServiceImpl implements UserRoleService {
@Override
@Transactional(rollbackFor = Exception.class)
public boolean assignRolesToUser(List roleIds, Long userId) {
+ UserDO userDO = userService.getById(userId);
+ if (Boolean.TRUE.equals(userDO.getIsSystem())) {
+ Collection disjunctionRoleIds = CollUtil.disjunction(roleIds, this.listRoleIdByUserId(userId));
+ CheckUtils.throwIfNotEmpty(disjunctionRoleIds, "[{}] 是系统内置用户,不允许变更角色", userDO.getNickname());
+ }
// 超级管理员和租户管理员角色不允许分配
CheckUtils.throwIf(roleIds.contains(SystemConstants.SUPER_ADMIN_ROLE_ID), "不允许分配超级管理员角色");
Set roleCodeSet = CollUtils.mapToSet(roleService.listByUserId(userId), RoleContext::getCode);