diff --git a/pom.xml b/pom.xml
index 50c8ff8e..668ef18b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
2.3.2
2.2.2
1.4.3
- 2.0.11
+ 2.0.12
6.2.2
2.11.0
1.4
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
index 6ec2f3ef..92625493 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
@@ -78,29 +78,6 @@ public class SysDeptController extends BaseController
return AjaxResult.success(deptService.selectDeptById(deptId));
}
- /**
- * 获取部门下拉树列表
- */
- @GetMapping("/treeselect")
- public AjaxResult treeselect(SysDept dept)
- {
- List depts = deptService.selectDeptList(dept);
- return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
- }
-
- /**
- * 加载对应角色部门列表树
- */
- @GetMapping(value = "/roleDeptTreeselect/{roleId}")
- public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
- {
- List depts = deptService.selectDeptList(new SysDept());
- AjaxResult ajax = AjaxResult.success();
- ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
- ajax.put("depts", deptService.buildDeptTreeSelect(depts));
- return ajax;
- }
-
/**
* 新增部门
*/
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
index 10b62f1f..a2c8d4de 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
@@ -17,6 +17,7 @@ import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult;
+import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
@@ -27,6 +28,7 @@ import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.framework.web.service.SysPermissionService;
import com.ruoyi.framework.web.service.TokenService;
import com.ruoyi.system.domain.SysUserRole;
+import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@@ -44,13 +46,16 @@ public class SysRoleController extends BaseController
@Autowired
private TokenService tokenService;
-
+
@Autowired
private SysPermissionService permissionService;
-
+
@Autowired
private ISysUserService userService;
+ @Autowired
+ private ISysDeptService deptService;
+
@PreAuthorize("@ss.hasPermi('system:role:list')")
@GetMapping("/list")
public TableDataInfo list(SysRole role)
@@ -242,4 +247,17 @@ public class SysRoleController extends BaseController
roleService.checkRoleDataScope(roleId);
return toAjax(roleService.insertAuthUsers(roleId, userIds));
}
+
+ /**
+ * 获取对应角色部门树列表
+ */
+ @PreAuthorize("@ss.hasPermi('system:role:query')")
+ @GetMapping(value = "/deptTree/{roleId}")
+ public AjaxResult deptTree(@PathVariable("roleId") Long roleId)
+ {
+ AjaxResult ajax = AjaxResult.success();
+ ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
+ ajax.put("depts", deptService.selectDeptTreeList(new SysDept()));
+ return ajax;
+ }
}
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
index 60d9de07..e9030e0a 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
@@ -20,6 +20,7 @@ import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult;
+import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.page.TableDataInfo;
@@ -27,6 +28,7 @@ import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil;
+import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
@@ -46,6 +48,9 @@ public class SysUserController extends BaseController
@Autowired
private ISysRoleService roleService;
+ @Autowired
+ private ISysDeptService deptService;
+
@Autowired
private ISysPostService postService;
@@ -234,4 +239,14 @@ public class SysUserController extends BaseController
userService.insertUserAuth(userId, roleIds);
return success();
}
+
+ /**
+ * 获取部门树列表
+ */
+ @PreAuthorize("@ss.hasPermi('system:user:list')")
+ @GetMapping("/deptTree")
+ public AjaxResult deptTree(SysDept dept)
+ {
+ return AjaxResult.success(deptService.selectDeptTreeList(dept));
+ }
}
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java
index fe5a01f5..cebe592c 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java
@@ -25,4 +25,9 @@ public @interface DataScope
* 用户表的别名
*/
public String userAlias() default "";
+
+ /**
+ * 权限字符(用于多个角色匹配符合要求的权限)默认根据权限注解@ss获取,多个权限用逗号分隔开来
+ */
+ public String permission() default "";
}
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java b/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java
index 60992f21..2396f802 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysRole.java
@@ -1,5 +1,6 @@
package com.ruoyi.common.core.domain.entity;
+import java.util.Set;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
@@ -60,6 +61,9 @@ public class SysRole extends BaseEntity
/** 部门组(数据权限) */
private Long[] deptIds;
+ /** 角色菜单权限 */
+ private Set permissions;
+
public SysRole()
{
@@ -204,7 +208,17 @@ public class SysRole extends BaseEntity
{
this.deptIds = deptIds;
}
-
+
+ public Set getPermissions()
+ {
+ return permissions;
+ }
+
+ public void setPermissions(Set permissions)
+ {
+ this.permissions = permissions;
+ }
+
@Override
public String toString() {
return new ToStringBuilder(this,ToStringStyle.MULTI_LINE_STYLE)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java
index 67651178..f49d57ee 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java
@@ -324,6 +324,32 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
return list;
}
+ /**
+ * 判断给定的set列表中是否包含数组array 判断给定的数组array中是否包含给定的元素value
+ *
+ * @param set 给定的集合
+ * @param array 给定的数组
+ * @return boolean 结果
+ */
+ public static boolean containsAny(Collection collection, String... array)
+ {
+ if (isEmpty(collection) || isEmpty(array))
+ {
+ return false;
+ }
+ else
+ {
+ for (String str : array)
+ {
+ if (collection.contains(str))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+ }
+
/**
* 查找指定字符串是否包含指定字符串列表中的任意一个字符串同时串忽略大小写
*
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index f1d420e0..6e4bc381 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -11,8 +11,10 @@ import com.ruoyi.common.core.domain.BaseEntity;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
-import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.security.context.PermissionContextHolder;
/**
* 数据过滤处理
@@ -70,8 +72,9 @@ public class DataScopeAspect
// 如果是超级管理员,则不过滤数据
if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
{
+ String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext());
dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
- controllerDataScope.userAlias());
+ controllerDataScope.userAlias(), permission);
}
}
}
@@ -83,8 +86,9 @@ public class DataScopeAspect
* @param user 用户
* @param deptAlias 部门别名
* @param userAlias 用户别名
+ * @param permission 权限字符
*/
- public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
+ public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
{
StringBuilder sqlString = new StringBuilder();
List conditions = new ArrayList();
@@ -96,6 +100,11 @@ public class DataScopeAspect
{
continue;
}
+ if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
+ && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+ {
+ continue;
+ }
if (DATA_SCOPE_ALL.equals(dataScope))
{
sqlString = new StringBuilder();
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
new file mode 100644
index 00000000..2fcd65b4
--- /dev/null
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/security/context/PermissionContextHolder.java
@@ -0,0 +1,27 @@
+package com.ruoyi.framework.security.context;
+
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import com.ruoyi.common.core.text.Convert;
+
+/**
+ * 权限信息
+ *
+ * @author ruoyi
+ */
+public class PermissionContextHolder
+{
+ private static final String PERMISSION_CONTEXT_ATTRIBUTES = "PERMISSION_CONTEXT";
+
+ public static void setContext(String permission)
+ {
+ RequestContextHolder.currentRequestAttributes().setAttribute(PERMISSION_CONTEXT_ATTRIBUTES, permission,
+ RequestAttributes.SCOPE_REQUEST);
+ }
+
+ public static String getContext()
+ {
+ return Convert.toStr(RequestContextHolder.currentRequestAttributes().getAttribute(PERMISSION_CONTEXT_ATTRIBUTES,
+ RequestAttributes.SCOPE_REQUEST));
+ }
+}
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
index 3881053b..8fed7fbd 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
@@ -7,6 +7,7 @@ import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.framework.security.context.PermissionContextHolder;
/**
* RuoYi首创 自定义权限实现,ss取自SpringSecurity首字母
@@ -43,6 +44,7 @@ public class PermissionService
{
return false;
}
+ PermissionContextHolder.setContext(permission);
return hasPermissions(loginUser.getPermissions(), permission);
}
@@ -74,6 +76,7 @@ public class PermissionService
{
return false;
}
+ PermissionContextHolder.setContext(permissions);
Set authorities = loginUser.getPermissions();
for (String permission : permissions.split(PERMISSION_DELIMETER))
{
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
index 08157b6d..56669a7a 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
@@ -89,6 +89,10 @@ public class SysLoginService
throw new ServiceException(e.getMessage());
}
}
+ finally
+ {
+ AuthenticationContextHolder.clearContext();
+ }
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
recordLoginInfo(loginUser.getUserId());
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
index 19c4a515..357e12f2 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPermissionService.java
@@ -1,9 +1,11 @@
package com.ruoyi.framework.web.service;
import java.util.HashSet;
+import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.system.service.ISysMenuService;
import com.ruoyi.system.service.ISysRoleService;
@@ -59,7 +61,21 @@ public class SysPermissionService
}
else
{
- perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
+ List roles = user.getRoles();
+ if (!roles.isEmpty() && roles.size() > 1)
+ {
+ // 多角色设置permissions属性,以便数据权限匹配权限
+ for (SysRole role : roles)
+ {
+ Set rolePerms = menuService.selectMenuPermsByRoleId(role.getRoleId());
+ role.setPermissions(rolePerms);
+ perms.addAll(rolePerms);
+ }
+ }
+ else
+ {
+ perms.addAll(menuService.selectMenuPermsByUserId(user.getUserId()));
+ }
}
return perms;
}
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java b/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java
index f19d476d..f3e2eb9e 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysMenuMapper.java
@@ -34,6 +34,14 @@ public interface SysMenuMapper
*/
public List selectMenuListByUserId(SysMenu menu);
+ /**
+ * 根据角色ID查询权限
+ *
+ * @param roleId 角色ID
+ * @return 权限列表
+ */
+ public List selectMenuPermsByRoleId(Long roleId);
+
/**
* 根据用户ID查询权限
*
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java
index 1ac8ccb2..f131ee38 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysDeptService.java
@@ -19,6 +19,14 @@ public interface ISysDeptService
*/
public List selectDeptList(SysDept dept);
+ /**
+ * 查询部门树结构信息
+ *
+ * @param dept 部门信息
+ * @return 部门树信息集合
+ */
+ public List selectDeptTreeList(SysDept dept);
+
/**
* 构建前端所需要树结构
*
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java
index 59009be0..8b77dae8 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysMenuService.java
@@ -38,6 +38,14 @@ public interface ISysMenuService
*/
public Set selectMenuPermsByUserId(Long userId);
+ /**
+ * 根据角色ID查询权限
+ *
+ * @param roleId 角色ID
+ * @return 权限列表
+ */
+ public Set selectMenuPermsByRoleId(Long roleId);
+
/**
* 根据用户ID查询菜单树信息
*
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
index 32ec0077..1aa456f0 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
@@ -48,6 +48,19 @@ public class SysDeptServiceImpl implements ISysDeptService
return deptMapper.selectDeptList(dept);
}
+ /**
+ * 查询部门树结构信息
+ *
+ * @param dept 部门信息
+ * @return 部门树信息集合
+ */
+ @Override
+ public List selectDeptTreeList(SysDept dept)
+ {
+ List depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
+ return buildDeptTreeSelect(depts);
+ }
+
/**
* 构建前端所需要树结构
*
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
index b2ac3f02..604d60e6 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysMenuServiceImpl.java
@@ -100,6 +100,27 @@ public class SysMenuServiceImpl implements ISysMenuService
return permsSet;
}
+ /**
+ * 根据角色ID查询权限
+ *
+ * @param roleId 角色ID
+ * @return 权限列表
+ */
+ @Override
+ public Set selectMenuPermsByRoleId(Long roleId)
+ {
+ List perms = menuMapper.selectMenuPermsByRoleId(roleId);
+ Set permsSet = new HashSet<>();
+ for (String perm : perms)
+ {
+ if (StringUtils.isNotEmpty(perm))
+ {
+ permsSet.addAll(Arrays.asList(perm.trim().split(",")));
+ }
+ }
+ return permsSet;
+ }
+
/**
* 根据用户ID查询菜单
*
diff --git a/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml b/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml
index 6a3b4246..7ef6241f 100644
--- a/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml
+++ b/ruoyi-system/src/main/resources/mapper/system/SysMenuMapper.xml
@@ -111,6 +111,13 @@
where m.status = '0' and r.status = '0' and ur.user_id = #{userId}
+
+