diff --git a/ruoyi-fastapi-backend/module_admin/controller/dept_controller.py b/ruoyi-fastapi-backend/module_admin/controller/dept_controller.py index 28f1d58..9bf93c3 100644 --- a/ruoyi-fastapi-backend/module_admin/controller/dept_controller.py +++ b/ruoyi-fastapi-backend/module_admin/controller/dept_controller.py @@ -101,9 +101,10 @@ async def delete_system_dept( data_scope_sql: str = Depends(GetDataScope('SysDept')), ): dept_id_list = dept_ids.split(',') - for dept_id in dept_id_list: - if not current_user.user.admin: - await DeptService.check_dept_data_scope_services(query_db, int(dept_id), data_scope_sql) + if dept_id_list: + for dept_id in dept_id_list: + if not current_user.user.admin: + await DeptService.check_dept_data_scope_services(query_db, int(dept_id), data_scope_sql) delete_dept = DeleteDeptModel(deptIds=dept_ids) delete_dept.update_by = current_user.user.user_name delete_dept.update_time = datetime.now() diff --git a/ruoyi-fastapi-backend/module_admin/controller/role_controller.py b/ruoyi-fastapi-backend/module_admin/controller/role_controller.py index 797fd8e..e42d932 100644 --- a/ruoyi-fastapi-backend/module_admin/controller/role_controller.py +++ b/ruoyi-fastapi-backend/module_admin/controller/role_controller.py @@ -131,10 +131,11 @@ async def delete_system_role( data_scope_sql: str = Depends(GetDataScope('SysDept')), ): role_id_list = role_ids.split(',') - for role_id in role_id_list: - await RoleService.check_role_allowed_services(RoleModel(roleId=int(role_id))) - if not current_user.user.admin: - await RoleService.check_role_data_scope_services(query_db, role_id, data_scope_sql) + if role_id_list: + for role_id in role_id_list: + await RoleService.check_role_allowed_services(RoleModel(roleId=int(role_id))) + if not current_user.user.admin: + await RoleService.check_role_data_scope_services(query_db, role_id, data_scope_sql) delete_role = DeleteRoleModel(roleIds=role_ids, updateBy=current_user.user.user_name, updateTime=datetime.now()) delete_role_result = await RoleService.delete_role_services(query_db, delete_role) logger.info(delete_role_result.message) diff --git a/ruoyi-fastapi-backend/module_admin/controller/user_controller.py b/ruoyi-fastapi-backend/module_admin/controller/user_controller.py index 86af1a7..e6f1b39 100644 --- a/ruoyi-fastapi-backend/module_admin/controller/user_controller.py +++ b/ruoyi-fastapi-backend/module_admin/controller/user_controller.py @@ -83,7 +83,9 @@ async def add_system_user( ): if not current_user.user.admin: await DeptService.check_dept_data_scope_services(query_db, add_user.dept_id, dept_data_scope_sql) - await RoleService.check_role_data_scope_services(query_db, ','.join([str(item) for item in add_user.role_ids]), role_data_scope_sql) + await RoleService.check_role_data_scope_services( + query_db, ','.join([str(item) for item in add_user.role_ids]), role_data_scope_sql + ) add_user.password = PwdUtil.get_password_hash(add_user.password) add_user.create_by = current_user.user.user_name add_user.create_time = datetime.now() @@ -111,7 +113,9 @@ async def edit_system_user( if not current_user.user.admin: await UserService.check_user_data_scope_services(query_db, edit_user.user_id, user_data_scope_sql) await DeptService.check_dept_data_scope_services(query_db, edit_user.dept_id, dept_data_scope_sql) - await RoleService.check_role_data_scope_services(query_db, ','.join([str(item) for item in edit_user.role_ids]), role_data_scope_sql) + await RoleService.check_role_data_scope_services( + query_db, ','.join([str(item) for item in edit_user.role_ids]), role_data_scope_sql + ) edit_user.update_by = current_user.user.user_name edit_user.update_time = datetime.now() edit_user_result = await UserService.edit_user_services(query_db, edit_user) @@ -130,14 +134,15 @@ async def delete_system_user( data_scope_sql: str = Depends(GetDataScope('SysUser')), ): user_id_list = user_ids.split(',') - if current_user.user.user_id in user_id_list: - logger.warning('当前登录用户不能删除') - - return ResponseUtil.failure(msg='当前登录用户不能删除') - for user_id in user_id_list: - await UserService.check_user_allowed_services(UserModel(userId=int(user_id))) - if not current_user.user.admin: - await UserService.check_user_data_scope_services(query_db, int(user_id), data_scope_sql) + if user_id_list: + if current_user.user.user_id in user_id_list: + logger.warning('当前登录用户不能删除') + + return ResponseUtil.failure(msg='当前登录用户不能删除') + for user_id in user_id_list: + await UserService.check_user_allowed_services(UserModel(userId=int(user_id))) + if not current_user.user.admin: + await UserService.check_user_data_scope_services(query_db, int(user_id), data_scope_sql) delete_user = DeleteUserModel(userIds=user_ids, updateBy=current_user.user.user_name, updateTime=datetime.now()) delete_user_result = await UserService.delete_user_services(query_db, delete_user) logger.info(delete_user_result.message) diff --git a/ruoyi-fastapi-backend/module_admin/service/role_service.py b/ruoyi-fastapi-backend/module_admin/service/role_service.py index cd6fa57..35af5ef 100644 --- a/ruoyi-fastapi-backend/module_admin/service/role_service.py +++ b/ruoyi-fastapi-backend/module_admin/service/role_service.py @@ -92,14 +92,16 @@ class RoleService: :param data_scope_sql: 数据权限对应的查询sql语句 :return: 校验结果 """ - for role_id in role_ids.split(','): - roles = await RoleDao.get_role_list( - query_db, RolePageQueryModel(roleId=int(role_id)), data_scope_sql, is_page=False - ) - if roles: - return CrudResponseModel(is_success=True, message='校验通过') - else: - raise ServiceException(message='没有权限访问角色数据') + role_id_list = role_ids.split(',') + if role_id_list: + for role_id in role_id_list: + roles = await RoleDao.get_role_list( + query_db, RolePageQueryModel(roleId=int(role_id)), data_scope_sql, is_page=False + ) + if roles: + return CrudResponseModel(is_success=True, message='校验通过') + else: + raise ServiceException(message='没有权限访问角色数据') @classmethod async def check_role_name_unique_services(cls, query_db: AsyncSession, page_object: RoleModel):