update ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java.

addSave， editSave， insertAuthRole后台方法对用户的deptId 和roleId没有DataScope检查。
当限制数据范围的角色使用用户管理模块，构造超越数据范围的deptId和roleId参数的话会越权设置。

Signed-off-by: zablo <zhiqiang-ge@163.com>

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java

@@ -130,6 +130,12 @@ public class SysUserController extends BaseController
     @ResponseBody
     public AjaxResult addSave(@Validated SysUser user)
     {
+         //检查部门数据权限，检测角色权限
+        deptService.checkDeptDataScope(user.getDeptId());
+        for (Long roleId :user.getRoleIds()){
+            roleService.checkRoleDataScope(roleId); 
+        }
+
         if (!userService.checkLoginNameUnique(user))
         {
             return error("新增用户'" + user.getLoginName() + "'失败，登录账号已存在");
@@ -189,6 +195,13 @@ public class SysUserController extends BaseController
     {
         userService.checkUserAllowed(user);
         userService.checkUserDataScope(user.getUserId());
+        
+        //检查部门数据权限，检测角色权限
+        deptService.checkDeptDataScope(user.getDeptId());
+        for (Long roleId :user.getRoleIds()){
+            roleService.checkRoleDataScope(roleId); 
+        }
+
         if (!userService.checkLoginNameUnique(user))
         {
             return error("修改用户'" + user.getLoginName() + "'失败，登录账号已存在");
@@ -259,6 +272,9 @@ public class SysUserController extends BaseController
     public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
     {
         userService.checkUserDataScope(userId);
+        for (Long roleId :roleIds){
+            roleService.checkRoleDataScope(roleId);
+        }
         userService.insertUserAuth(userId, roleIds);
         AuthorizationUtils.clearAllCachedAuthorizationInfo();
         return success();