【8.0】【role】完善绑定权限

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindAppImpl.java

@@ -17,6 +17,7 @@ import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.RoleBindPermissio
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleLimitService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuService;
+import cn.stylefeng.roses.kernel.sys.modular.role.util.AssertAssignUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import org.springframework.stereotype.Service;
 
@@ -84,6 +85,7 @@ public class RoleBindAppImpl implements RoleAssignOperateAction, RoleBindLimitAc
             LambdaQueryWrapper<SysRoleMenuOptions> sysRoleMenuOptionsLambdaQueryWrapper = new LambdaQueryWrapper<>();
             sysRoleMenuOptionsLambdaQueryWrapper.eq(SysRoleMenuOptions::getRoleId, roleId);
             sysRoleMenuOptionsLambdaQueryWrapper.in(SysRoleMenuOptions::getMenuOptionId, totalMenuOptionIds);
+            AssertAssignUtil.assertAssign(roleId, sysRoleMenuOptionsLambdaQueryWrapper);
             sysRoleMenuOptionsService.remove(sysRoleMenuOptionsLambdaQueryWrapper);
         }
 

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindMenuImpl.java

@@ -16,6 +16,7 @@ import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.RoleBindPermissio
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleLimitService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuService;
+import cn.stylefeng.roses.kernel.sys.modular.role.util.AssertAssignUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import org.springframework.stereotype.Service;
 
@@ -97,6 +98,7 @@ public class RoleBindMenuImpl implements RoleAssignOperateAction, RoleBindLimitA
         LambdaQueryWrapper<SysRoleMenuOptions> roleMenuOptionsLambdaQueryWrapper = new LambdaQueryWrapper<>();
         roleMenuOptionsLambdaQueryWrapper.eq(SysRoleMenuOptions::getRoleId, roleId);
         roleMenuOptionsLambdaQueryWrapper.in(SysRoleMenuOptions::getMenuOptionId, menuOptions);
+        AssertAssignUtil.assertAssign(roleId, roleMenuOptionsLambdaQueryWrapper);
         sysRoleMenuOptionsService.remove(roleMenuOptionsLambdaQueryWrapper);
 
         // 2.3. 如果是选中状态，则从新进行这些角色和功能的绑定

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindOptionImpl.java

@@ -1,6 +1,8 @@
 package cn.stylefeng.roses.kernel.sys.modular.role.service.impl;
 
 import cn.hutool.core.util.ObjectUtil;
+import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
+import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi;
 import cn.stylefeng.roses.kernel.sys.modular.role.action.RoleAssignOperateAction;
 import cn.stylefeng.roses.kernel.sys.modular.role.action.RoleBindLimitAction;
 import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRoleLimit;
@@ -10,10 +12,12 @@ import cn.stylefeng.roses.kernel.sys.modular.role.enums.RoleLimitTypeEnum;
 import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.RoleBindPermissionRequest;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleLimitService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService;
+import cn.stylefeng.roses.kernel.sys.modular.role.util.AssertAssignUtil;
 import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.Resource;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -31,6 +35,9 @@ public class RoleBindOptionImpl implements RoleAssignOperateAction, RoleBindLimi
     @Resource
     private SysRoleLimitService sysRoleLimitService;
 
+    @Resource
+    private SysUserRoleServiceApi sysUserRoleServiceApi;
+
     @Override
     public PermissionNodeTypeEnum getNodeType() {
         return PermissionNodeTypeEnum.OPTIONS;
@@ -53,6 +60,14 @@ public class RoleBindOptionImpl implements RoleAssignOperateAction, RoleBindLimi
             sysRoleMenuOptions.setMenuOptionId(menuOptionId);
             this.sysRoleMenuOptionsService.save(sysRoleMenuOptions);
         } else {
+
+            // 当前正在进行的角色，不能禁用掉自己的权限
+            Long userId = LoginContext.me().getLoginUser().getUserId();
+            List<Long> userRoleIdList = sysUserRoleServiceApi.getUserRoleIdList(userId);
+            if (userRoleIdList.contains(roleId) && menuOptionId.equals(AssertAssignUtil.DISABLED_MENU_OPTIONS)) {
+                return;
+            }
+
             LambdaUpdateWrapper<SysRoleMenuOptions> wrapper = new LambdaUpdateWrapper<>();
             wrapper.eq(SysRoleMenuOptions::getRoleId, roleId);
             wrapper.eq(SysRoleMenuOptions::getMenuOptionId, menuOptionId);

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/RoleBindTotalImpl.java

@@ -15,6 +15,7 @@ import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.RoleBindPermissio
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleLimitService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuOptionsService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleMenuService;
+import cn.stylefeng.roses.kernel.sys.modular.role.util.AssertAssignUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import org.springframework.stereotype.Service;
 
@@ -64,6 +65,7 @@ public class RoleBindTotalImpl implements RoleAssignOperateAction, RoleBindLimit
 
         LambdaQueryWrapper<SysRoleMenuOptions> sysRoleMenuOptionsLambdaQueryWrapper = new LambdaQueryWrapper<>();
         sysRoleMenuOptionsLambdaQueryWrapper.eq(SysRoleMenuOptions::getRoleId, roleId);
+        AssertAssignUtil.assertAssign(roleId, sysRoleMenuOptionsLambdaQueryWrapper);
         this.sysRoleMenuOptionsService.remove(sysRoleMenuOptionsLambdaQueryWrapper);
 
         // 如果是选中状态，则从新绑定所有的选项

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/util/AssertAssignUtil.java

@@ -0,0 +1,48 @@
+package cn.stylefeng.roses.kernel.sys.modular.role.util;
+
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.extra.spring.SpringUtil;
+import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
+import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi;
+import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRoleMenuOptions;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+
+import java.util.List;
+
+/**
+ * 判断当前用户的所有角色，是否包含了被操作的角色，并且被操作角色的菜单功能id包含了禁用修改权限的菜单功能id
+ *
+ * @author fengshuonan
+ * @since 2023/9/8 23:31
+ */
+public class AssertAssignUtil {
+
+    /**
+     * 修改权限的操作id
+     */
+    public static final Long DISABLED_MENU_OPTIONS = 1677229379281846273L;
+
+    /**
+     * 执行判断过程，并增加筛选条件
+     *
+     * @param roleId  被操作的角色id
+     * @param wrapper 拼接条件
+     * @author fengshuonan
+     * @since 2023/9/8 23:34
+     */
+    public static void assertAssign(Long roleId, LambdaQueryWrapper<SysRoleMenuOptions> wrapper) {
+
+        // 获取当前登录用户的所有角色列表
+        SysUserRoleServiceApi sysUserRoleServiceApi = SpringUtil.getBean(SysUserRoleServiceApi.class);
+        List<Long> userRoleIdList = sysUserRoleServiceApi.getUserRoleIdList(LoginContext.me().getLoginUser().getUserId());
+
+        if (ObjectUtil.isEmpty(userRoleIdList)) {
+            return;
+        }
+
+        if (userRoleIdList.contains(roleId)) {
+            wrapper.notIn(SysRoleMenuOptions::getMenuOptionId, DISABLED_MENU_OPTIONS);
+        }
+    }
+
+}