diff --git a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java index 8305b9935..04a4d0ef4 100644 --- a/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java +++ b/ruoyi-api/ruoyi-api-system/src/main/java/com/ruoyi/system/api/domain/SysRole.java @@ -1,5 +1,6 @@ package com.ruoyi.system.api.domain; +import java.util.Set; import javax.validation.constraints.NotBlank; import javax.validation.constraints.Size; import org.apache.commons.lang3.builder.ToStringBuilder; @@ -59,6 +60,9 @@ public class SysRole extends BaseEntity /** 部门组(数据权限) */ private Long[] deptIds; + /** 角色菜单权限 */ + private Set permissions; + public SysRole() { @@ -204,6 +208,16 @@ public class SysRole extends BaseEntity this.deptIds = deptIds; } + public Set getPermissions() + { + return permissions; + } + + public void setPermissions(Set permissions) + { + this.permissions = permissions; + } + @Override public String toString() { return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE) diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java index aecbd95a6..d02baeb05 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java @@ -41,4 +41,9 @@ public class SecurityConstants * 登录用户 */ public static final String LOGIN_USER = "login_user"; + + /** + * 角色权限 + */ + public static final String ROLE_PERMISSION = "role_permission"; } diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java index 0a66f38fb..2a8dde846 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/context/SecurityContextHolder.java @@ -81,6 +81,16 @@ public class SecurityContextHolder set(SecurityConstants.USER_KEY, userKey); } + public static String getPermission() + { + return get(SecurityConstants.ROLE_PERMISSION); + } + + public static void setPermission(String permissions) + { + set(SecurityConstants.ROLE_PERMISSION, permissions); + } + public static void remove() { THREAD_LOCAL.remove(); diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java index 562a3482f..f1878debb 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/StringUtils.java @@ -294,6 +294,32 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils return StringUtils.startsWithAny(link, Constants.HTTP, Constants.HTTPS); } + /** + * 判断给定的set列表中是否包含数组array 判断给定的数组array中是否包含给定的元素value + * + * @param set 给定的集合 + * @param array 给定的数组 + * @return boolean 结果 + */ + public static boolean containsAny(Collection collection, String... array) + { + if (isEmpty(collection) || isEmpty(array)) + { + return false; + } + else + { + for (String str : array) + { + if (collection.contains(str)) + { + return true; + } + } + return false; + } + } + /** * 驼峰转下划线命名 */ diff --git a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java index de78297a3..e79118449 100644 --- a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java +++ b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/annotation/DataScope.java @@ -25,4 +25,9 @@ public @interface DataScope * 用户表的别名 */ public String userAlias() default ""; + + /** + * 权限字符(用于多个角色匹配符合要求的权限)默认根据权限注解@ss获取,多个权限用逗号分隔开来 + */ + public String permission() default ""; } diff --git a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java index 61c78d295..e97944b54 100644 --- a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java +++ b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java @@ -6,6 +6,8 @@ import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import org.springframework.stereotype.Component; +import com.ruoyi.common.core.context.SecurityContextHolder; +import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.core.utils.StringUtils; import com.ruoyi.common.core.web.domain.BaseEntity; import com.ruoyi.common.datascope.annotation.DataScope; @@ -70,8 +72,9 @@ public class DataScopeAspect // 如果是超级管理员,则不过滤数据 if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) { + String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), SecurityContextHolder.getPermission()); dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(), - controllerDataScope.userAlias()); + controllerDataScope.userAlias(), permission); } } } @@ -83,8 +86,9 @@ public class DataScopeAspect * @param user 用户 * @param deptAlias 部门别名 * @param userAlias 用户别名 + * @param permission 权限字符 */ - public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias) + public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission) { StringBuilder sqlString = new StringBuilder(); List conditions = new ArrayList(); @@ -96,6 +100,11 @@ public class DataScopeAspect { continue; } + if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) + && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) + { + continue; + } if (DATA_SCOPE_ALL.equals(dataScope)) { sqlString = new StringBuilder(); diff --git a/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/service/RedisService.java b/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/service/RedisService.java index 46bb4d6c5..1f2d70f06 100644 --- a/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/service/RedisService.java +++ b/ruoyi-common/ruoyi-common-redis/src/main/java/com/ruoyi/common/redis/service/RedisService.java @@ -124,9 +124,9 @@ public class RedisService * @param collection 多个对象 * @return */ - public long deleteObject(final Collection collection) + public boolean deleteObject(final Collection collection) { - return redisTemplate.delete(collection); + return redisTemplate.delete(collection) > 0; } /** diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthLogic.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthLogic.java index 61820df5d..2d8bb9998 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthLogic.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/auth/AuthLogic.java @@ -4,6 +4,7 @@ import java.util.Collection; import java.util.HashSet; import java.util.Set; import org.springframework.util.PatternMatchUtils; +import com.ruoyi.common.core.context.SecurityContextHolder; import com.ruoyi.common.core.exception.auth.NotLoginException; import com.ruoyi.common.core.exception.auth.NotPermissionException; import com.ruoyi.common.core.exception.auth.NotRoleException; @@ -134,6 +135,7 @@ public class AuthLogic */ public void checkPermi(RequiresPermissions requiresPermissions) { + SecurityContextHolder.setPermission(StringUtils.join(requiresPermissions.value(), ",")); if (requiresPermissions.logical() == Logical.AND) { checkPermiAnd(requiresPermissions.value()); diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java index e3cfc65eb..eb100fab3 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDeptController.java @@ -1,6 +1,5 @@ package com.ruoyi.system.controller; -import java.util.Iterator; import java.util.List; import org.apache.commons.lang3.ArrayUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -55,8 +54,7 @@ public class SysDeptController extends BaseController public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId) { List depts = deptService.selectDeptList(new SysDept()); - depts.removeIf(d -> d.getDeptId().intValue() == deptId - || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + "")); + depts.removeIf(d -> d.getDeptId().intValue() == deptId || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + "")); return AjaxResult.success(depts); } @@ -71,29 +69,6 @@ public class SysDeptController extends BaseController return AjaxResult.success(deptService.selectDeptById(deptId)); } - /** - * 获取部门下拉树列表 - */ - @GetMapping("/treeselect") - public AjaxResult treeselect(SysDept dept) - { - List depts = deptService.selectDeptList(dept); - return AjaxResult.success(deptService.buildDeptTreeSelect(depts)); - } - - /** - * 加载对应角色部门列表树 - */ - @GetMapping(value = "/roleDeptTreeselect/{roleId}") - public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId) - { - List depts = deptService.selectDeptList(new SysDept()); - AjaxResult ajax = AjaxResult.success(); - ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId)); - ajax.put("depts", deptService.buildDeptTreeSelect(depts)); - return ajax; - } - /** * 新增部门 */ diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java index 5329e8ea1..2c3315541 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java @@ -21,9 +21,11 @@ import com.ruoyi.common.log.annotation.Log; import com.ruoyi.common.log.enums.BusinessType; import com.ruoyi.common.security.annotation.RequiresPermissions; import com.ruoyi.common.security.utils.SecurityUtils; +import com.ruoyi.system.api.domain.SysDept; import com.ruoyi.system.api.domain.SysRole; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.domain.SysUserRole; +import com.ruoyi.system.service.ISysDeptService; import com.ruoyi.system.service.ISysRoleService; import com.ruoyi.system.service.ISysUserService; @@ -42,6 +44,9 @@ public class SysRoleController extends BaseController @Autowired private ISysUserService userService; + @Autowired + private ISysDeptService deptService; + @RequiresPermissions("system:role:list") @GetMapping("/list") public TableDataInfo list(SysRole role) @@ -219,4 +224,17 @@ public class SysRoleController extends BaseController roleService.checkRoleDataScope(roleId); return toAjax(roleService.insertAuthUsers(roleId, userIds)); } -} \ No newline at end of file + + /** + * 获取对应角色部门树列表 + */ + @RequiresPermissions("system:role:query") + @GetMapping(value = "/deptTree/{roleId}") + public AjaxResult deptTree(@PathVariable("roleId") Long roleId) + { + AjaxResult ajax = AjaxResult.success(); + ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId)); + ajax.put("depts", deptService.selectDeptTreeList(new SysDept())); + return ajax; + } +} diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java index cdd0b2dab..b7b400de4 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java @@ -29,10 +29,12 @@ import com.ruoyi.common.log.enums.BusinessType; import com.ruoyi.common.security.annotation.InnerAuth; import com.ruoyi.common.security.annotation.RequiresPermissions; import com.ruoyi.common.security.utils.SecurityUtils; +import com.ruoyi.system.api.domain.SysDept; import com.ruoyi.system.api.domain.SysRole; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.api.model.LoginUser; import com.ruoyi.system.service.ISysConfigService; +import com.ruoyi.system.service.ISysDeptService; import com.ruoyi.system.service.ISysPermissionService; import com.ruoyi.system.service.ISysPostService; import com.ruoyi.system.service.ISysRoleService; @@ -53,6 +55,9 @@ public class SysUserController extends BaseController @Autowired private ISysRoleService roleService; + @Autowired + private ISysDeptService deptService; + @Autowired private ISysPostService postService; @@ -116,9 +121,9 @@ public class SysUserController extends BaseController return R.fail("用户名或密码错误"); } // 角色集合 - Set roles = permissionService.getRolePermission(sysUser.getUserId()); + Set roles = permissionService.getRolePermission(sysUser); // 权限集合 - Set permissions = permissionService.getMenuPermission(sysUser.getUserId()); + Set permissions = permissionService.getMenuPermission(sysUser); LoginUser sysUserVo = new LoginUser(); sysUserVo.setSysUser(sysUser); sysUserVo.setRoles(roles); @@ -153,13 +158,13 @@ public class SysUserController extends BaseController @GetMapping("getInfo") public AjaxResult getInfo() { - Long userId = SecurityUtils.getUserId(); + SysUser user = userService.selectUserById(SecurityUtils.getUserId()); // 角色集合 - Set roles = permissionService.getRolePermission(userId); + Set roles = permissionService.getRolePermission(user); // 权限集合 - Set permissions = permissionService.getMenuPermission(userId); + Set permissions = permissionService.getMenuPermission(user); AjaxResult ajax = AjaxResult.success(); - ajax.put("user", userService.selectUserById(userId)); + ajax.put("user", user); ajax.put("roles", roles); ajax.put("permissions", permissions); return ajax; @@ -309,4 +314,14 @@ public class SysUserController extends BaseController userService.insertUserAuth(userId, roleIds); return success(); } + + /** + * 获取部门树列表 + */ + @RequiresPermissions("system:user:list") + @GetMapping("/deptTree") + public AjaxResult deptTree(SysDept dept) + { + return AjaxResult.success(deptService.selectDeptTreeList(dept)); + } } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java index 8a141a4e6..532aaa8d9 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java @@ -34,6 +34,14 @@ public interface SysMenuMapper */ public List selectMenuListByUserId(SysMenu menu); + /** + * 根据角色ID查询权限 + * + * @param roleId 角色ID + * @return 权限列表 + */ + public List selectMenuPermsByRoleId(Long roleId); + /** * 根据用户ID查询权限 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java index ed1f6115d..1907fadaf 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java @@ -19,6 +19,14 @@ public interface ISysDeptService */ public List selectDeptList(SysDept dept); + /** + * 查询部门树结构信息 + * + * @param dept 部门信息 + * @return 部门树信息集合 + */ + public List selectDeptTreeList(SysDept dept); + /** * 构建前端所需要树结构 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java index 9c4daf4a7..222601493 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java @@ -38,6 +38,14 @@ public interface ISysMenuService */ public Set selectMenuPermsByUserId(Long userId); + /** + * 根据角色ID查询权限 + * + * @param roleId 角色ID + * @return 权限列表 + */ + public Set selectMenuPermsByRoleId(Long roleId); + /** * 根据用户ID查询菜单树信息 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysPermissionService.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysPermissionService.java index f020bf9ea..bc3bf322d 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysPermissionService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysPermissionService.java @@ -2,6 +2,13 @@ package com.ruoyi.system.service; import java.util.Set; +import com.ruoyi.system.api.domain.SysUser; + +/** + * 权限信息 服务层 + * + * @author ruoyi + */ public interface ISysPermissionService { /** @@ -10,7 +17,7 @@ public interface ISysPermissionService * @param userId 用户Id * @return 角色权限信息 */ - public Set getRolePermission(Long userId); + public Set getRolePermission(SysUser user); /** * 获取菜单数据权限 @@ -18,5 +25,5 @@ public interface ISysPermissionService * @param userId 用户Id * @return 菜单权限信息 */ - public Set getMenuPermission(Long userId); + public Set getMenuPermission(SysUser user); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java index f18254d11..5aca64b2c 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java @@ -48,6 +48,19 @@ public class SysDeptServiceImpl implements ISysDeptService return deptMapper.selectDeptList(dept); } + /** + * 查询部门树结构信息 + * + * @param dept 部门信息 + * @return 部门树信息集合 + */ + @Override + public List selectDeptTreeList(SysDept dept) + { + List depts = SpringUtils.getAopProxy(this).selectDeptList(dept); + return buildDeptTreeSelect(depts); + } + /** * 构建前端所需要树结构 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java index e63024c92..3569522ce 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java @@ -100,6 +100,27 @@ public class SysMenuServiceImpl implements ISysMenuService return permsSet; } + /** + * 根据角色ID查询权限 + * + * @param roleId 角色ID + * @return 权限列表 + */ + @Override + public Set selectMenuPermsByRoleId(Long roleId) + { + List perms = menuMapper.selectMenuPermsByRoleId(roleId); + Set permsSet = new HashSet<>(); + for (String perm : perms) + { + if (StringUtils.isNotEmpty(perm)) + { + permsSet.addAll(Arrays.asList(perm.trim().split(","))); + } + } + return permsSet; + } + /** * 根据用户ID查询菜单 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java index 46a8c7a82..d6750af19 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java @@ -1,14 +1,21 @@ package com.ruoyi.system.service.impl; import java.util.HashSet; +import java.util.List; import java.util.Set; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import com.ruoyi.system.api.domain.SysRole; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.service.ISysMenuService; import com.ruoyi.system.service.ISysPermissionService; import com.ruoyi.system.service.ISysRoleService; +/** + * 用户权限处理 + * + * @author ruoyi + */ @Service public class SysPermissionServiceImpl implements ISysPermissionService { @@ -25,17 +32,17 @@ public class SysPermissionServiceImpl implements ISysPermissionService * @return 角色权限信息 */ @Override - public Set getRolePermission(Long userId) + public Set getRolePermission(SysUser user) { Set roles = new HashSet(); // 管理员拥有所有权限 - if (SysUser.isAdmin(userId)) + if (user.isAdmin()) { roles.add("admin"); } else { - roles.addAll(roleService.selectRolePermissionByUserId(userId)); + roles.addAll(roleService.selectRolePermissionByUserId(user.getUserId())); } return roles; } @@ -47,17 +54,31 @@ public class SysPermissionServiceImpl implements ISysPermissionService * @return 菜单权限信息 */ @Override - public Set getMenuPermission(Long userId) + public Set getMenuPermission(SysUser user) { Set perms = new HashSet(); // 管理员拥有所有权限 - if (SysUser.isAdmin(userId)) + if (user.isAdmin()) { perms.add("*:*:*"); } else { - perms.addAll(menuService.selectMenuPermsByUserId(userId)); + List roles = user.getRoles(); + if (!roles.isEmpty() && roles.size() > 1) + { + // 多角色设置permissions属性,以便数据权限匹配权限 + for (SysRole role : roles) + { + Set rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId()); + role.setPermissions(rolePerms); + perms.addAll(rolePerms); + } + } + else + { + perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId())); + } } return perms; } diff --git a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml index f11402c7f..e90f6baf0 100644 --- a/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml +++ b/ruoyi-modules/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml @@ -111,6 +111,13 @@ where m.status = '0' and r.status = '0' and ur.user_id = #{userId} + +