diff --git a/src/main/java/com/ruoyi/common/constant/UserConstants.java b/src/main/java/com/ruoyi/common/constant/UserConstants.java index c6c7797..737c9d5 100644 --- a/src/main/java/com/ruoyi/common/constant/UserConstants.java +++ b/src/main/java/com/ruoyi/common/constant/UserConstants.java @@ -12,6 +12,11 @@ public class UserConstants */ public static final String SYS_USER = "SYS_USER"; + /** + * ss标记的权限字符 + */ + public static final String SS_PERMISSION = "SS_PERMISSION"; + /** 正常状态 */ public static final String NORMAL = "0"; diff --git a/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java index 9e0caea..694924d 100644 --- a/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java +++ b/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java @@ -10,6 +10,7 @@ import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.framework.aspectj.lang.annotation.DataScope; import com.ruoyi.framework.security.LoginUser; +import com.ruoyi.framework.security.context.PermissionContextHolder; import com.ruoyi.framework.web.domain.BaseEntity; import com.ruoyi.project.system.domain.SysRole; import com.ruoyi.project.system.domain.SysUser; @@ -70,8 +71,9 @@ public class DataScopeAspect // 如果是超级管理员,则不过滤数据 if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) { + String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext()); dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(), - controllerDataScope.userAlias()); + controllerDataScope.userAlias(), permission); } } } @@ -83,8 +85,9 @@ public class DataScopeAspect * @param user 用户 * @param deptAlias 部门别名 * @param userAlias 用户别名 + * @param permission 权限字符 */ - public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias) + public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission) { StringBuilder sqlString = new StringBuilder(); List conditions = new ArrayList(); @@ -96,6 +99,10 @@ public class DataScopeAspect { continue; } + if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) && !role.getPermissions().contains(permission)) + { + continue; + } if (DATA_SCOPE_ALL.equals(dataScope)) { sqlString = new StringBuilder(); @@ -114,7 +121,7 @@ public class DataScopeAspect else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) { sqlString.append(StringUtils.format( - " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", + " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or FIND_IN_SET ( {} ,ancestors ) <> 0 )", deptAlias, user.getDeptId(), user.getDeptId())); } else if (DATA_SCOPE_SELF.equals(dataScope)) diff --git a/src/main/java/com/ruoyi/framework/aspectj/lang/annotation/DataScope.java b/src/main/java/com/ruoyi/framework/aspectj/lang/annotation/DataScope.java index 5e4cc9c..3eefec8 100644 --- a/src/main/java/com/ruoyi/framework/aspectj/lang/annotation/DataScope.java +++ b/src/main/java/com/ruoyi/framework/aspectj/lang/annotation/DataScope.java @@ -25,4 +25,9 @@ public @interface DataScope * 用户表的别名 */ public String userAlias() default ""; + + /** + * 权限字符(如不填默认会自动根据注解获取) + */ + public String permission() default ""; } diff --git a/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java b/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java new file mode 100644 index 0000000..fcd93b6 --- /dev/null +++ b/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java @@ -0,0 +1,21 @@ +package com.ruoyi.framework.security.context; + +/** + * 权限信息 + * + * @author ruoyi + */ +public class PermissionContextHolder +{ + private static final ThreadLocal contextHolder = new ThreadLocal<>(); + + public static void setContext(String permission) + { + contextHolder.set(permission); + } + + public static String getContext() + { + return contextHolder.get(); + } +} diff --git a/src/main/java/com/ruoyi/framework/security/service/PermissionService.java b/src/main/java/com/ruoyi/framework/security/service/PermissionService.java index 2fa1e5f..a27b798 100644 --- a/src/main/java/com/ruoyi/framework/security/service/PermissionService.java +++ b/src/main/java/com/ruoyi/framework/security/service/PermissionService.java @@ -6,6 +6,7 @@ import org.springframework.util.CollectionUtils; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.framework.security.LoginUser; +import com.ruoyi.framework.security.context.PermissionContextHolder; import com.ruoyi.project.system.domain.SysRole; /** @@ -43,6 +44,7 @@ public class PermissionService { return false; } + PermissionContextHolder.setContext(permission); return hasPermissions(loginUser.getPermissions(), permission); } diff --git a/src/main/java/com/ruoyi/framework/security/service/SysPermissionService.java b/src/main/java/com/ruoyi/framework/security/service/SysPermissionService.java index 021e9a5..0d4b280 100644 --- a/src/main/java/com/ruoyi/framework/security/service/SysPermissionService.java +++ b/src/main/java/com/ruoyi/framework/security/service/SysPermissionService.java @@ -1,9 +1,11 @@ package com.ruoyi.framework.security.service; import java.util.HashSet; +import java.util.List; import java.util.Set; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import com.ruoyi.project.system.domain.SysRole; import com.ruoyi.project.system.domain.SysUser; import com.ruoyi.project.system.service.ISysMenuService; import com.ruoyi.project.system.service.ISysRoleService; @@ -59,7 +61,21 @@ public class SysPermissionService } else { - perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId())); + List roles = user.getRoles(); + if (!roles.isEmpty() && roles.size() > 1) + { + // 多角色设置permissions属性,以便数据权限匹配权限 + for (SysRole role : roles) + { + Set rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId()); + role.setPermissions(rolePerms); + perms.addAll(rolePerms); + } + } + else + { + perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId())); + } } return perms; } diff --git a/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java b/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java index 953747c..793b0db 100644 --- a/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java +++ b/src/main/java/com/ruoyi/project/system/controller/SysDeptController.java @@ -78,29 +78,6 @@ public class SysDeptController extends BaseController return AjaxResult.success(deptService.selectDeptById(deptId)); } - /** - * 获取部门下拉树列表 - */ - @GetMapping("/treeselect") - public AjaxResult treeselect(SysDept dept) - { - List depts = deptService.selectDeptList(dept); - return AjaxResult.success(deptService.buildDeptTreeSelect(depts)); - } - - /** - * 加载对应角色部门列表树 - */ - @GetMapping(value = "/roleDeptTreeselect/{roleId}") - public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId) - { - List depts = deptService.selectDeptList(new SysDept()); - AjaxResult ajax = AjaxResult.success(); - ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId)); - ajax.put("depts", deptService.buildDeptTreeSelect(depts)); - return ajax; - } - /** * 新增部门 */ diff --git a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java index 30f656e..7bdd909 100644 --- a/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java +++ b/src/main/java/com/ruoyi/project/system/controller/SysRoleController.java @@ -24,9 +24,11 @@ import com.ruoyi.framework.security.service.TokenService; import com.ruoyi.framework.web.controller.BaseController; import com.ruoyi.framework.web.domain.AjaxResult; import com.ruoyi.framework.web.page.TableDataInfo; +import com.ruoyi.project.system.domain.SysDept; import com.ruoyi.project.system.domain.SysRole; import com.ruoyi.project.system.domain.SysUser; import com.ruoyi.project.system.domain.SysUserRole; +import com.ruoyi.project.system.service.ISysDeptService; import com.ruoyi.project.system.service.ISysRoleService; import com.ruoyi.project.system.service.ISysUserService; @@ -51,6 +53,9 @@ public class SysRoleController extends BaseController @Autowired private ISysUserService userService; + @Autowired + private ISysDeptService deptService; + @PreAuthorize("@ss.hasPermi('system:role:list')") @GetMapping("/list") public TableDataInfo list(SysRole role) @@ -242,4 +247,17 @@ public class SysRoleController extends BaseController roleService.checkRoleDataScope(roleId); return toAjax(roleService.insertAuthUsers(roleId, userIds)); } -} \ No newline at end of file + + /** + * 获取对应角色部门树列表 + */ + @PreAuthorize("@ss.hasPermi('system:role:list')") + @GetMapping(value = "/deptTree/{roleId}") + public AjaxResult deptTree(@PathVariable("roleId") Long roleId) + { + AjaxResult ajax = AjaxResult.success(); + ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId)); + ajax.put("depts", deptService.selectDeptTreeList(new SysDept())); + return ajax; + } +} diff --git a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java index a79fed5..e21fadf 100644 --- a/src/main/java/com/ruoyi/project/system/controller/SysUserController.java +++ b/src/main/java/com/ruoyi/project/system/controller/SysUserController.java @@ -25,8 +25,10 @@ import com.ruoyi.framework.aspectj.lang.enums.BusinessType; import com.ruoyi.framework.web.controller.BaseController; import com.ruoyi.framework.web.domain.AjaxResult; import com.ruoyi.framework.web.page.TableDataInfo; +import com.ruoyi.project.system.domain.SysDept; import com.ruoyi.project.system.domain.SysRole; import com.ruoyi.project.system.domain.SysUser; +import com.ruoyi.project.system.service.ISysDeptService; import com.ruoyi.project.system.service.ISysPostService; import com.ruoyi.project.system.service.ISysRoleService; import com.ruoyi.project.system.service.ISysUserService; @@ -46,6 +48,9 @@ public class SysUserController extends BaseController @Autowired private ISysRoleService roleService; + @Autowired + private ISysDeptService deptService; + @Autowired private ISysPostService postService; @@ -234,4 +239,14 @@ public class SysUserController extends BaseController userService.insertUserAuth(userId, roleIds); return success(); } -} \ No newline at end of file + + /** + * 获取部门树列表 + */ + @PreAuthorize("@ss.hasPermi('system:user:list')") + @GetMapping("/deptTree") + public AjaxResult deptTree(SysDept dept) + { + return AjaxResult.success(deptService.selectDeptTreeList(dept)); + } +} diff --git a/src/main/java/com/ruoyi/project/system/domain/SysRole.java b/src/main/java/com/ruoyi/project/system/domain/SysRole.java index c947414..9326ac4 100644 --- a/src/main/java/com/ruoyi/project/system/domain/SysRole.java +++ b/src/main/java/com/ruoyi/project/system/domain/SysRole.java @@ -1,5 +1,6 @@ package com.ruoyi.project.system.domain; +import java.util.Set; import javax.validation.constraints.NotBlank; import javax.validation.constraints.Size; import org.apache.commons.lang3.builder.ToStringBuilder; @@ -59,6 +60,9 @@ public class SysRole extends BaseEntity /** 部门组(数据权限) */ private Long[] deptIds; + /** 角色菜单权限 */ + private Set permissions; + public SysRole() { @@ -203,7 +207,17 @@ public class SysRole extends BaseEntity { this.deptIds = deptIds; } - + + public Set getPermissions() + { + return permissions; + } + + public void setPermissions(Set permissions) + { + this.permissions = permissions; + } + @Override public String toString() { return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE) diff --git a/src/main/java/com/ruoyi/project/system/mapper/SysMenuMapper.java b/src/main/java/com/ruoyi/project/system/mapper/SysMenuMapper.java index d7ebd32..3a0857d 100644 --- a/src/main/java/com/ruoyi/project/system/mapper/SysMenuMapper.java +++ b/src/main/java/com/ruoyi/project/system/mapper/SysMenuMapper.java @@ -42,6 +42,14 @@ public interface SysMenuMapper */ public List selectMenuPermsByUserId(Long userId); + /** + * 根据角色ID查询权限 + * + * @param roleId 角色ID + * @return 权限列表 + */ + public List selectMenuPermsByRoleId(Long roleId); + /** * 根据用户ID查询菜单 * diff --git a/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java b/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java index 02a89b5..9c83483 100644 --- a/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java +++ b/src/main/java/com/ruoyi/project/system/service/ISysDeptService.java @@ -19,6 +19,14 @@ public interface ISysDeptService */ public List selectDeptList(SysDept dept); + /** + * 查询部门树结构信息 + * + * @param dept 部门信息 + * @return 部门树信息集合 + */ + public List selectDeptTreeList(SysDept dept); + /** * 构建前端所需要树结构 * diff --git a/src/main/java/com/ruoyi/project/system/service/ISysMenuService.java b/src/main/java/com/ruoyi/project/system/service/ISysMenuService.java index 432a280..4237f95 100644 --- a/src/main/java/com/ruoyi/project/system/service/ISysMenuService.java +++ b/src/main/java/com/ruoyi/project/system/service/ISysMenuService.java @@ -37,6 +37,14 @@ public interface ISysMenuService * @return 权限列表 */ public Set selectMenuPermsByUserId(Long userId); + + /** + * 根据角色ID查询权限 + * + * @param roleId 角色ID + * @return 权限列表 + */ + public Set selectMenuPermsByRoleId(Long roleId); /** * 根据用户ID查询菜单树信息 diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java index 59d13a3..d189c4c 100644 --- a/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java +++ b/src/main/java/com/ruoyi/project/system/service/impl/SysDeptServiceImpl.java @@ -47,6 +47,19 @@ public class SysDeptServiceImpl implements ISysDeptService { return deptMapper.selectDeptList(dept); } + + /** + * 查询部门树结构信息 + * + * @param dept 部门信息 + * @return 部门树信息集合 + */ + @Override + public List selectDeptTreeList(SysDept dept) + { + List depts = SpringUtils.getAopProxy(this).selectDeptList(dept); + return buildDeptTreeSelect(depts); + } /** * 构建前端所需要树结构 diff --git a/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java b/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java index 7946f97..7723315 100644 --- a/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java +++ b/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java @@ -100,6 +100,27 @@ public class SysMenuServiceImpl implements ISysMenuService return permsSet; } + /** + * 根据角色ID查询权限 + * + * @param roleId 角色ID + * @return 权限列表 + */ + @Override + public Set selectMenuPermsByRoleId(Long roleId) + { + List perms = menuMapper.selectMenuPermsByRoleId(roleId); + Set permsSet = new HashSet<>(); + for (String perm : perms) + { + if (StringUtils.isNotEmpty(perm)) + { + permsSet.addAll(Arrays.asList(perm.trim().split(","))); + } + } + return permsSet; + } + /** * 根据用户ID查询菜单 * diff --git a/src/main/resources/mybatis/system/SysMenuMapper.xml b/src/main/resources/mybatis/system/SysMenuMapper.xml index 03dc35c..5eb8796 100644 --- a/src/main/resources/mybatis/system/SysMenuMapper.xml +++ b/src/main/resources/mybatis/system/SysMenuMapper.xml @@ -111,6 +111,13 @@ where m.status = '0' and r.status = '0' and ur.user_id = #{userId} + +