diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/action/RoleAssignOperateAction.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/action/RoleAssignOperateAction.java index dd5c38fe6..898fbf444 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/action/RoleAssignOperateAction.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/action/RoleAssignOperateAction.java @@ -3,6 +3,8 @@ package cn.stylefeng.roses.kernel.sys.modular.role.action; import cn.stylefeng.roses.kernel.sys.modular.role.enums.PermissionNodeTypeEnum; import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.RoleBindPermissionRequest; +import java.util.Set; + /** * 角色绑定权限操作的接口 * @@ -22,10 +24,11 @@ public interface RoleAssignOperateAction { /** * 执行角色绑定权限的过程,根据不同的点击类型,执行不同的操作过程 * - * @param roleBindPermissionRequest 角色绑定权限的参数 + * @param roleBindPermissionRequest 角色绑定权限的参数 + * @param roleLimitMenuIdsAndOptionIds 角色所能承受的绑定范围 * @author fengshuonan * @since 2023/6/13 22:17 */ - void doOperateAction(RoleBindPermissionRequest roleBindPermissionRequest); + void doOperateAction(RoleBindPermissionRequest roleBindPermissionRequest, Set roleLimitMenuIdsAndOptionIds); } diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java index 5125c21a4..08f54bbb1 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java @@ -90,10 +90,15 @@ public class PermissionAssignServiceImpl implements PermissionAssignService { @Override public void updateRoleBindPermission(RoleBindPermissionRequest roleBindPermissionRequest) { + + // 1. 获取角色的限制范围,如果限制范围为空,则为查询所有的范围 + Set userRoleLimitScope = userRoleServiceApi.findCurrentUserRoleLimitScope(); + + // 2. 绑定角色的权限 Map operateActionMap = SpringUtil.getBeansOfType(RoleAssignOperateAction.class); for (RoleAssignOperateAction roleAssignOperateAction : operateActionMap.values()) { if (roleAssignOperateAction.getNodeType().getCode().equals(roleBindPermissionRequest.getPermissionNodeType())) { - roleAssignOperateAction.doOperateAction(roleBindPermissionRequest); + roleAssignOperateAction.doOperateAction(roleBindPermissionRequest, userRoleLimitScope); // 更新角色绑定权限的缓存 BusinessEventPublisher.publishEvent(RoleConstants.ROLE_BIND_MENU_EVENT, roleBindPermissionRequest.getRoleId()); diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindAppImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindAppImpl.java index 7fe483bac..424cd87e1 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindAppImpl.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindAppImpl.java @@ -58,19 +58,19 @@ public class RoleBindAppImpl implements RoleAssignOperateAction, RoleBindLimitAc } @Override - public void doOperateAction(RoleBindPermissionRequest roleBindPermissionRequest) { + public void doOperateAction(RoleBindPermissionRequest roleBindPermissionRequest, Set roleLimitMenuIdsAndOptionIds) { Long roleId = roleBindPermissionRequest.getRoleId(); Long appId = roleBindPermissionRequest.getNodeId(); // 找到所选应用的对应的所有菜单 - Set appMenuIds = this.getAppMenuIds(appId); + Set appMenuIds = this.getAppMenuIds(appId, roleLimitMenuIdsAndOptionIds); if (ObjectUtil.isEmpty(appMenuIds)) { return; } // 找到所选应用的对应的所有菜单功能 - List totalMenuOptions = this.getAppMenuOptions(appId); + List totalMenuOptions = this.getAppMenuOptions(appId, roleLimitMenuIdsAndOptionIds); Set totalMenuOptionIds = totalMenuOptions.stream().map(SysMenuOptions::getMenuOptionId).collect(Collectors.toSet()); // 先删除角色绑定的这些菜单 @@ -183,8 +183,22 @@ public class RoleBindAppImpl implements RoleAssignOperateAction, RoleBindLimitAc * @since 2023/9/8 15:03 */ private Set getAppMenuIds(Long appId) { + return this.getAppMenuIds(appId, null); + } + + /** + * 获取应用下的所有菜单id + * + * @author fengshuonan + * @since 2023/9/8 15:03 + */ + private Set getAppMenuIds(Long appId, Set roleLimitMenuIdsAndOptionIds) { LambdaQueryWrapper menuLambdaQueryWrapper = new LambdaQueryWrapper<>(); menuLambdaQueryWrapper.eq(SysMenu::getAppId, appId); + // 如果有范围限制,则查询范围内的菜单 + if (ObjectUtil.isNotEmpty(roleLimitMenuIdsAndOptionIds)) { + menuLambdaQueryWrapper.in(SysMenu::getMenuId, roleLimitMenuIdsAndOptionIds); + } menuLambdaQueryWrapper.select(SysMenu::getMenuId); List totalMenus = sysMenuService.list(menuLambdaQueryWrapper); if (ObjectUtil.isEmpty(totalMenus)) { @@ -200,8 +214,22 @@ public class RoleBindAppImpl implements RoleAssignOperateAction, RoleBindLimitAc * @since 2023/9/8 15:13 */ private List getAppMenuOptions(Long appId) { + return this.getAppMenuOptions(appId, null); + } + + /** + * 获取应用下的所有菜单功能 + * + * @author fengshuonan + * @since 2023/9/8 15:13 + */ + private List getAppMenuOptions(Long appId, Set roleLimitMenuIdsAndOptionIds) { LambdaQueryWrapper menuOptionsLambdaQueryWrapper = new LambdaQueryWrapper<>(); menuOptionsLambdaQueryWrapper.eq(SysMenuOptions::getAppId, appId); + // 如果有范围限制,则查询范围内的菜单 + if (ObjectUtil.isNotEmpty(roleLimitMenuIdsAndOptionIds)) { + menuOptionsLambdaQueryWrapper.in(SysMenuOptions::getMenuOptionId, roleLimitMenuIdsAndOptionIds); + } menuOptionsLambdaQueryWrapper.select(SysMenuOptions::getMenuOptionId, SysMenuOptions::getMenuId); return sysMenuOptionsService.list(menuOptionsLambdaQueryWrapper); }