7 years ago · ce43c3aa2a
--- a/src/main/java/io/renren/modules/sys/dao/BaseDao.java
+++ b/src/main/java/io/renren/modules/sys/dao/BaseDao.java
@ -1,6 +1,5 @@
 
														package io.renren.modules.sys.dao;
													
 
														
													
 
														import org.apache.ibatis.annotations.Mapper;
													
 
														
													
 
														import java.util.List;
													
 
														import java.util.Map;
													
--- a/src/main/java/io/renren/modules/sys/service/impl/SysMenuServiceImpl.java
+++ b/src/main/java/io/renren/modules/sys/service/impl/SysMenuServiceImpl.java
@ -4,10 +4,8 @@ import io.renren.common.utils.Constant;
 
														import io.renren.modules.sys.dao.SysMenuDao;
													
 
														import io.renren.modules.sys.entity.SysMenuEntity;
													
 
														import io.renren.modules.sys.service.SysMenuService;
													
 
														import io.renren.modules.sys.service.SysRoleMenuService;
													
 
														import io.renren.modules.sys.service.SysUserService;
													
 
														import io.renren.common.utils.Constant.MenuType;
													
 
														import org.apache.commons.lang.StringUtils;
													
 
														import org.springframework.beans.factory.annotation.Autowired;
													
 
														import org.springframework.stereotype.Service;
													
 
														import org.springframework.transaction.annotation.Transactional;
													
--- a/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java
+++ b/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java
@ -121,6 +121,9 @@ public class SysUserServiceImpl implements SysUserService {
 
															 * 检查角色是否越权
													
 
															 */
													
 
															private void checkRole(SysUserEntity user){
													
 
																if(user.getRoleIdList() == null || user.getRoleIdList().size() == 0){
													
 
																	return;
													
 
																}
													
 
																//如果不是超级管理员，则需要判断用户的角色是否自己创建
													
 
																if(user.getCreateUserId() == Constant.SUPER_ADMIN){
													
 
																	return ;
													
@ -128,7 +131,7 @@ public class SysUserServiceImpl implements SysUserService {
 
																
													
 
																//查询用户创建的角色列表
													
 
																List<Long> roleIdList = sysRoleService.queryRoleIdList(user.getCreateUserId());
													
 
																
													
 
														
													
 
																//判断是否越权
													
 
																if(!roleIdList.containsAll(user.getRoleIdList())){
													
 
																	throw new RRException("新增用户所选角色，不是本人创建");