diff --git a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java index 1f96d38ec..8bbf4a77a 100644 --- a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java +++ b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java @@ -2,6 +2,8 @@ package cn.stylefeng.roses.kernel.db.mp.datascope; import cn.stylefeng.roses.kernel.db.mp.datascope.config.DataScopeConfig; +import java.util.Set; + /** * 获取用户角色的数据范围 * @@ -18,4 +20,18 @@ public interface UserRoleDataScopeApi { */ DataScopeConfig getUserRoleDataScopeConfig(); + /** + * 获取当前用户拥有的所有组织机构id列表 + *

+ * 返回值说明: + * 1. 可以返回null或者空,代表用户有所有权限,也就是全部数据 + * 2. 返回带有userId或者orgId的选项,代表用户有这些人或者这些机构的权限 + * 3. 返回带有负数(例如:-1)的数组,则代表用户没有任何权限 + * + * @return 用户拥有的数据范围,userId或者orgId + * @author fengshuonan + * @since 2023/7/18 22:54 + */ + Set currentUserOrgScopeList(); + } diff --git a/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/UserDataScopeApi.java b/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/UserDataScopeApi.java deleted file mode 100644 index e4d4dcb57..000000000 --- a/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/UserDataScopeApi.java +++ /dev/null @@ -1,37 +0,0 @@ -package cn.stylefeng.roses.kernel.sys.api; - -import cn.stylefeng.roses.kernel.rule.enums.permission.DataScopeTypeEnum; - -import java.util.Set; - -/** - * 用户数据范围权限的Api - * - * @author fengshuonan - * @since 2023/7/18 22:51 - */ -public interface UserDataScopeApi { - - /** - * 获取当前用户拥有的数据范围类型 - * - * @author fengshuonan - * @since 2023/7/18 22:58 - */ - DataScopeTypeEnum currentUserDataScopeType(); - - /** - * 获取当前用户拥有的所有组织机构id列表 - *

- * 返回值说明: - * 1. 可以返回null或者空,代表用户有所有权限,也就是全部数据 - * 2. 返回带有userId或者orgId的选项,代表用户有这些人或者这些机构的权限 - * 3. 返回带有负数(例如:-1)的数组,则代表用户没有任何权限 - * - * @return 用户拥有的数据范围,userId或者orgId - * @author fengshuonan - * @since 2023/7/18 22:54 - */ - Set currentUserOrgScopeList(); - -} diff --git a/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/context/DataScopeContext.java b/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/context/DataScopeContext.java deleted file mode 100644 index 22fff4466..000000000 --- a/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/context/DataScopeContext.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright [2020-2030] [https://www.stylefeng.cn] - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Guns采用APACHE LICENSE 2.0开源协议,您在使用过程中,需要注意以下几点: - * - * 1.请不要删除和修改根目录下的LICENSE文件。 - * 2.请不要删除和修改Guns源码头部的版权声明。 - * 3.请保留源码和相关描述文件的项目出处,作者声明等。 - * 4.分发源码时候,请注明软件出处 https://gitee.com/stylefeng/guns - * 5.在修改包名,模块名称,项目代码等时,请注明软件出处 https://gitee.com/stylefeng/guns - * 6.若您的项目无法满足以上几点,可申请商业授权 - */ -package cn.stylefeng.roses.kernel.sys.api.context; - -import cn.hutool.extra.spring.SpringUtil; -import cn.stylefeng.roses.kernel.sys.api.UserDataScopeApi; - -/** - * 获取数据范围的快捷调用 - * - * @author fengshuonan - * @since 2023/7/18 23:04 - */ -public class DataScopeContext { - - /** - * 获取用户权限接口 - * - * @author fengshuonan - * @since 2023/7/18 23:04 - */ - public static UserDataScopeApi me() { - return SpringUtil.getBean(UserDataScopeApi.class); - } - -} diff --git a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java index 64302ad79..9566e278a 100644 --- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java +++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java @@ -14,6 +14,7 @@ import cn.stylefeng.roses.kernel.db.api.factory.PageFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory; import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity; import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult; +import cn.stylefeng.roses.kernel.db.mp.datascope.UserRoleDataScopeApi; import cn.stylefeng.roses.kernel.db.mp.tenant.holder.TenantIdHolder; import cn.stylefeng.roses.kernel.db.mp.tenant.holder.TenantSwitchHolder; import cn.stylefeng.roses.kernel.dsctn.api.context.DataSourceContext; @@ -28,7 +29,6 @@ import cn.stylefeng.roses.kernel.rule.util.SortUtils; import cn.stylefeng.roses.kernel.sys.api.SecurityConfigService; import cn.stylefeng.roses.kernel.sys.api.callback.RemoveUserCallbackApi; import cn.stylefeng.roses.kernel.sys.api.constants.SysConstants; -import cn.stylefeng.roses.kernel.sys.api.context.DataScopeContext; import cn.stylefeng.roses.kernel.sys.api.enums.user.UserStatusEnum; import cn.stylefeng.roses.kernel.sys.api.expander.SysConfigExpander; import cn.stylefeng.roses.kernel.sys.api.pojo.user.*; @@ -87,6 +87,9 @@ public class SysUserServiceImpl extends ServiceImpl impl @Resource private SysUserCertificateService sysUserCertificateService; + @Resource + private UserRoleDataScopeApi userRoleDataScopeApi; + @Override @Transactional(rollbackFor = Exception.class) public void add(SysUserRequest sysUserRequest) { @@ -108,8 +111,7 @@ public class SysUserServiceImpl extends ServiceImpl impl this.save(sysUser); // 记录一个密码修改记录 - securityConfigService.recordPasswordEditLog(sysUser.getUserId(), saltedEncryptResult.getEncryptPassword(), - saltedEncryptResult.getPasswordSalt()); + securityConfigService.recordPasswordEditLog(sysUser.getUserId(), saltedEncryptResult.getEncryptPassword(), saltedEncryptResult.getPasswordSalt()); // 更新用户的任职信息 sysUserOrgService.updateUserOrg(sysUser.getUserId(), sysUserRequest.getUserOrgList()); @@ -210,9 +212,8 @@ public class SysUserServiceImpl extends ServiceImpl impl // 查询用户个人信息 LambdaQueryWrapper sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>(); sysUserLambdaQueryWrapper.eq(SysUser::getUserId, sysUserRequest.getUserId()); - sysUserLambdaQueryWrapper.select(SysUser::getUserId, SysUser::getAvatar, SysUser::getAccount, SysUser::getUserSort, - SysUser::getSuperAdminFlag, SysUser::getRealName, SysUser::getSex, SysUser::getBirthday, SysUser::getEmail, - SysUser::getPhone, SysUser::getLastLoginIp, SysUser::getLoginCount, SysUser::getLastLoginTime, SysUser::getStatusFlag, + sysUserLambdaQueryWrapper.select(SysUser::getUserId, SysUser::getAvatar, SysUser::getAccount, SysUser::getUserSort, SysUser::getSuperAdminFlag, SysUser::getRealName, SysUser::getSex, + SysUser::getBirthday, SysUser::getEmail, SysUser::getPhone, SysUser::getLastLoginIp, SysUser::getLoginCount, SysUser::getLastLoginTime, SysUser::getStatusFlag, BaseEntity::getCreateTime, BaseEntity::getUpdateTime, SysUser::getEmployeeNumber); SysUser sysUser = this.getOne(sysUserLambdaQueryWrapper, false); @@ -242,8 +243,7 @@ public class SysUserServiceImpl extends ServiceImpl impl LambdaQueryWrapper wrapper = createWrapper(sysUserRequest); // 只查询需要的字段 - wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, SysUser::getStatusFlag, - BaseEntity::getCreateTime, SysUser::getEmployeeNumber); + wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, SysUser::getStatusFlag, BaseEntity::getCreateTime, SysUser::getEmployeeNumber); // 分页查询 Page sysUserPage = this.page(PageFactory.defaultPage(), wrapper); @@ -323,8 +323,7 @@ public class SysUserServiceImpl extends ServiceImpl impl // 查询用户的详细信息 LambdaQueryWrapper sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>(); sysUserLambdaQueryWrapper.eq(SysUser::getUserId, userId); - sysUserLambdaQueryWrapper.select(SysUser::getRealName, SysUser::getAccount, SysUser::getAvatar, SysUser::getEmail, - SysUser::getPhone, SysUser::getSex, SysUser::getBirthday); + sysUserLambdaQueryWrapper.select(SysUser::getRealName, SysUser::getAccount, SysUser::getAvatar, SysUser::getEmail, SysUser::getPhone, SysUser::getSex, SysUser::getBirthday); SysUser sysUser = this.getOne(sysUserLambdaQueryWrapper, false); if (sysUser == null) { @@ -363,8 +362,7 @@ public class SysUserServiceImpl extends ServiceImpl impl SysUser sysUser = this.querySysUser(sysUserRequest); // 原密码错误 - if (!passwordStoredEncryptApi.checkPasswordWithSalt(sysUserRequest.getPassword(), sysUser.getPasswordSalt(), - sysUser.getPassword())) { + if (!passwordStoredEncryptApi.checkPasswordWithSalt(sysUserRequest.getPassword(), sysUser.getPasswordSalt(), sysUser.getPassword())) { throw new ServiceException(SysUserExceptionEnum.USER_PWD_ERROR); } @@ -382,8 +380,7 @@ public class SysUserServiceImpl extends ServiceImpl impl this.updateById(sysUser); // 记录一个密码修改记录 - securityConfigService.recordPasswordEditLog(sysUser.getUserId(), saltedEncryptResult.getEncryptPassword(), - saltedEncryptResult.getPasswordSalt()); + securityConfigService.recordPasswordEditLog(sysUser.getUserId(), saltedEncryptResult.getEncryptPassword(), saltedEncryptResult.getPasswordSalt()); } @Override @@ -502,16 +499,14 @@ public class SysUserServiceImpl extends ServiceImpl impl throw new ServiceException(SysUserExceptionEnum.ACCOUNT_NOT_EXIST); } - return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getPasswordSalt(), - sysUserServiceOne.getStatusFlag(), tenantId, account); + return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getPasswordSalt(), sysUserServiceOne.getStatusFlag(), tenantId, account); } @Override public UserValidateDTO getUserLoginValidateDTO(Long userId) { LambdaQueryWrapper sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>(); sysUserLambdaQueryWrapper.eq(SysUser::getUserId, userId); - sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getAccount, SysUser::getPasswordSalt, SysUser::getStatusFlag, - SysUser::getUserId, SysUser::getTenantId); + sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getAccount, SysUser::getPasswordSalt, SysUser::getStatusFlag, SysUser::getUserId, SysUser::getTenantId); // 单独填充租户id SysUser sysUser; @@ -526,8 +521,7 @@ public class SysUserServiceImpl extends ServiceImpl impl throw new ServiceException(SysUserExceptionEnum.ACCOUNT_NOT_EXIST); } - return new UserValidateDTO(sysUser.getUserId(), sysUser.getPassword(), sysUser.getPasswordSalt(), sysUser.getStatusFlag(), - sysUser.getTenantId(), sysUser.getAccount()); + return new UserValidateDTO(sysUser.getUserId(), sysUser.getPassword(), sysUser.getPasswordSalt(), sysUser.getStatusFlag(), sysUser.getTenantId(), sysUser.getAccount()); } @Override @@ -661,9 +655,8 @@ public class SysUserServiceImpl extends ServiceImpl impl LambdaQueryWrapper sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>(); sysUserLambdaQueryWrapper.eq(SysUser::getUserId, userId); - sysUserLambdaQueryWrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getNickName, SysUser::getAccount, - SysUser::getBirthday, SysUser::getSex, SysUser::getPhone, SysUser::getTel, SysUser::getEmail, SysUser::getSuperAdminFlag, - SysUser::getStatusFlag, SysUser::getUserSort, SysUser::getMasterUserId); + sysUserLambdaQueryWrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getNickName, SysUser::getAccount, SysUser::getBirthday, SysUser::getSex, SysUser::getPhone, SysUser::getTel, + SysUser::getEmail, SysUser::getSuperAdminFlag, SysUser::getStatusFlag, SysUser::getUserSort, SysUser::getMasterUserId); SysUser userInfo = this.getOne(sysUserLambdaQueryWrapper); if (userInfo != null) { @@ -814,7 +807,7 @@ public class SysUserServiceImpl extends ServiceImpl impl } // 数据权限范围控制 - Set dataScope = DataScopeContext.me().currentUserOrgScopeList(); + Set dataScope = userRoleDataScopeApi.currentUserOrgScopeList(); if (ObjectUtil.isNotEmpty(dataScope)) { Set userIdList = this.sysUserOrgService.getOrgUserIdList(dataScope); queryWrapper.in(SysUser::getUserId, userIdList); diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/PermissionAssignService.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/PermissionAssignService.java index 16f5ebb73..63eaf0cf5 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/PermissionAssignService.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/PermissionAssignService.java @@ -1,6 +1,5 @@ package cn.stylefeng.roses.kernel.sys.modular.role.service; -import cn.stylefeng.roses.kernel.sys.api.UserDataScopeApi; import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.RoleBindPermissionRequest; import cn.stylefeng.roses.kernel.sys.modular.role.pojo.response.RoleBindPermissionResponse; @@ -12,7 +11,7 @@ import java.util.Set; * @author fengshuonan * @since 2023/6/13 16:13 */ -public interface PermissionAssignService extends UserDataScopeApi { +public interface PermissionAssignService { /** * 获取角色绑定的权限列表 diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java index 3bcf513df..3579a1b52 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/PermissionAssignServiceImpl.java @@ -1,13 +1,10 @@ package cn.stylefeng.roses.kernel.sys.modular.role.service.impl; -import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.ObjectUtil; import cn.hutool.extra.spring.SpringUtil; -import cn.stylefeng.roses.kernel.auth.api.context.LoginContext; import cn.stylefeng.roses.kernel.db.api.DbOperatorApi; import cn.stylefeng.roses.kernel.event.sdk.publish.BusinessEventPublisher; import cn.stylefeng.roses.kernel.log.api.util.BusinessLogUtil; -import cn.stylefeng.roses.kernel.rule.enums.permission.DataScopeTypeEnum; import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi; import cn.stylefeng.roses.kernel.sys.modular.app.entity.SysApp; import cn.stylefeng.roses.kernel.sys.modular.app.service.SysAppService; @@ -185,71 +182,4 @@ public class PermissionAssignServiceImpl implements PermissionAssignService { return resultPermissions; } - @Override - public DataScopeTypeEnum currentUserDataScopeType() { - - // 获取当前用户id - Long userId = LoginContext.me().getLoginUser().getUserId(); - - // 获取用户的角色列表 - List userHaveRoleIds = sysUserRoleServiceApi.getUserRoleIdList(userId); - - // 获取这些角色对应的数据范围 - return sysRoleService.getRoleDataScope(userHaveRoleIds); - } - - @Override - public Set currentUserOrgScopeList() { - - // 获取当前用户id - Long userId = LoginContext.me().getLoginUser().getUserId(); - - // 用户当前组织机构id - Long currentOrgId = LoginContext.me().getLoginUser().getCurrentOrgId(); - - // 获取当前用户的数据范围类型 - DataScopeTypeEnum dataScopeTypeEnum = this.currentUserDataScopeType(); - - // 如果是只有本人数据 - if (DataScopeTypeEnum.SELF.equals(dataScopeTypeEnum)) { - return CollectionUtil.set(false, userId); - } - - // 如果是本部门数据 - else if (DataScopeTypeEnum.DEPT.equals(dataScopeTypeEnum)) { - return CollectionUtil.set(false, currentOrgId); - } - - // 如果是本部门及以下部门 - else if (DataScopeTypeEnum.DEPT_WITH_CHILD.equals(dataScopeTypeEnum)) { - - // 获取指定组织机构下的所有机构id - Set subOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", currentOrgId); - if (ObjectUtil.isEmpty(subOrgIdList)) { - subOrgIdList = new HashSet<>(); - } - subOrgIdList.add(currentOrgId); - return subOrgIdList; - } - - // 如果是指定部门数据 - else if (DataScopeTypeEnum.DEFINE.equals(dataScopeTypeEnum)) { - - // 获取用户的角色列表 - List userHaveRoleIds = sysUserRoleServiceApi.getUserRoleIdList(userId); - - // 获取角色指定的所有部门范围 - return sysRoleDataScopeService.getRoleBindOrgIdList(userHaveRoleIds); - } - - // 如果是全部数据 - else if (DataScopeTypeEnum.ALL.equals(dataScopeTypeEnum)) { - - return null; - } - - // 默认返回只有本人数据 - return CollectionUtil.set(false, userId); - } - } diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java index 6d9cc5601..7cf91f331 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java @@ -2,8 +2,10 @@ package cn.stylefeng.roses.kernel.sys.modular.role.service.impl; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.collection.ListUtil; +import cn.hutool.core.util.ObjectUtil; import cn.stylefeng.roses.kernel.auth.api.context.LoginContext; import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser; +import cn.stylefeng.roses.kernel.db.api.DbOperatorApi; import cn.stylefeng.roses.kernel.db.mp.datascope.UserRoleDataScopeApi; import cn.stylefeng.roses.kernel.db.mp.datascope.config.DataScopeConfig; import cn.stylefeng.roses.kernel.rule.enums.permission.DataScopeTypeEnum; @@ -15,6 +17,7 @@ import org.springframework.stereotype.Service; import javax.annotation.Resource; import java.util.ArrayList; +import java.util.HashSet; import java.util.List; import java.util.Set; @@ -36,6 +39,9 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi { @Resource private SysRoleDataScopeService sysRoleDataScopeService; + @Resource + private DbOperatorApi dbOperatorApi; + @Override public DataScopeConfig getUserRoleDataScopeConfig() { @@ -93,4 +99,68 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi { return dataScopeConfig; } + @Override + public Set currentUserOrgScopeList() { + + // 获取当前用户id + Long userId = LoginContext.me().getLoginUser().getUserId(); + + // 获取当前用户的数据范围类型 + DataScopeConfig userRoleDataScopeConfig = this.getUserRoleDataScopeConfig(); + DataScopeTypeEnum dataScopeTypeEnum = userRoleDataScopeConfig.getDataScopeType(); + + // 如果是只有本人数据 + if (DataScopeTypeEnum.SELF.equals(dataScopeTypeEnum)) { + return CollectionUtil.set(false, userId); + } + + // 如果是本部门数据 + else if (DataScopeTypeEnum.DEPT.equals(dataScopeTypeEnum)) { + return CollectionUtil.set(false, userRoleDataScopeConfig.getUserDeptId()); + } + + // 如果是本部门及以下部门 + else if (DataScopeTypeEnum.DEPT_WITH_CHILD.equals(dataScopeTypeEnum)) { + + // 获取指定组织机构下的所有机构id + Set subOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", userRoleDataScopeConfig.getUserDeptId()); + if (ObjectUtil.isEmpty(subOrgIdList)) { + subOrgIdList = new HashSet<>(); + } + subOrgIdList.add(userRoleDataScopeConfig.getUserDeptId()); + return subOrgIdList; + } + + // 如果是本公司及以下部门 + else if (DataScopeTypeEnum.COMPANY_WITH_CHILD.equals(dataScopeTypeEnum)) { + + // 获取指定组织机构下的所有机构id + Set subOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", userRoleDataScopeConfig.getUserCompanyId()); + if (ObjectUtil.isEmpty(subOrgIdList)) { + subOrgIdList = new HashSet<>(); + } + subOrgIdList.add(userRoleDataScopeConfig.getUserCompanyId()); + return subOrgIdList; + } + + // 如果是指定部门数据 + else if (DataScopeTypeEnum.DEFINE.equals(dataScopeTypeEnum)) { + + // 获取用户的角色列表 + List userHaveRoleIds = sysUserRoleServiceApi.getUserRoleIdList(userId); + + // 获取角色指定的所有部门范围 + return sysRoleDataScopeService.getRoleBindOrgIdList(userHaveRoleIds); + } + + // 如果是全部数据 + else if (DataScopeTypeEnum.ALL.equals(dataScopeTypeEnum)) { + + return null; + } + + // 默认返回只有本人数据 + return CollectionUtil.set(false, userId); + } + }