Merge branch 'test' into test-dsc

* test: 修复BUG710，添加文件下载次数统计修改私服地址,把 seata-dm 项目从 dsc挪过来 feat(gateway): 添加API客户端凭证加密功能支持 bmp 已挪到 ztcloud-dist 仓库修改发布信息增加快照仓库恢复 erp 模块数据权限从maven模块中移除 zt-server 修改版本号 feat:登陆用户的部门数据权限接口增加角色参数；获取当前用户可访问的顶级部门列表不校验数据权限 no message
2026-01-15 14:51:00 +08:00
parent 70f8e59c1b a44e7e835e
commit 378a9e7bcb
26 changed files with 156 additions and 24 deletions
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/api/permission/PermissionApiImpl.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/api/permission/PermissionApiImpl.java
@@ -86,4 +86,8 @@ public class PermissionApiImpl implements PermissionApi {
        return success(permissionService.getDeptDataPermission(userId));
    }

+    @Override
+    public CommonResult<DeptDataPermissionRespDTO> getDeptDataPermissionWithRoleCodes(Long userId, String roleCodes) {
+        return success(permissionService.getDeptDataPermissionWithRoleCodes(userId, roleCodes));
+    }
 }
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/dept/DeptController.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/dept/DeptController.java
@@ -123,7 +123,7 @@ public class DeptController {

    @GetMapping("/top-level-list")
    @Operation(summary = "获取当前用户可访问的顶级部门列表", description = "用于懒加载，返回当前用户所属部门的最顶层祖先部门，如果用户没有关联任何部门则返回空列表")
-    @PreAuthorize("@ss.hasPermission('system:dept:query')")
+//    @PreAuthorize("@ss.hasPermission('system:dept:query')")
    public CommonResult<List<DeptRespVO>> getTopLevelDeptList() {
        List<DeptDO> list = deptService.getTopLevelDeptList();
        return success(BeanUtils.toBean(list, DeptRespVO.class));
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionService.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionService.java
@@ -143,6 +143,7 @@ public interface PermissionService {
     * @return 部门数据权限
     */
    DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
+    DeptDataPermissionRespDTO getDeptDataPermissionWithRoleCodes(Long userId, String roleCodes);

    /**
     * 获得用户的数据权限级别
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java
@@ -3,6 +3,7 @@ package com.zt.plat.module.system.service.permission;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.util.ArrayUtil;
+import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import com.baomidou.dynamic.datasource.annotation.DSTransactional;
 import com.google.common.annotations.VisibleForTesting;
@@ -12,6 +13,7 @@ import com.zt.plat.framework.common.biz.system.permission.dto.DeptDataPermission
 import com.zt.plat.framework.common.enums.CommonStatusEnum;
 import com.zt.plat.framework.common.util.collection.CollectionUtils;
 import com.zt.plat.framework.datapermission.core.annotation.DataPermission;
+import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
 import com.zt.plat.module.system.dal.dataobject.permission.MenuDO;
 import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
 import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
@@ -347,6 +349,12 @@ public class PermissionServiceImpl implements PermissionService {
        // 获得用户的角色
        List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);

+        //使用上下文角色编码过滤
+        List<String> contextRoleCodes = DeptContextHolder.getRoleCodeList();
+        if(!CollectionUtil.isEmpty(contextRoleCodes)){
+            roles = roles.stream().filter(role -> contextRoleCodes.contains(role.getCode())).collect(Collectors.toList());
+        }
+
        // 获得用户的部门编号的缓存，通过 Guava 的 Suppliers 惰性求值，即有且仅有第一次发起 DB 的查询
        Supplier<Set<Long>> userDeptIds = Suppliers.memoize(() -> {
            List<UserDeptDO> validUserDeptListByUserId = userDeptService.getValidUserDeptListByUserIds(singleton(userId));
@@ -414,6 +422,26 @@ public class PermissionServiceImpl implements PermissionService {
        return result;
    }

+    @Override
+    public DeptDataPermissionRespDTO getDeptDataPermissionWithRoleCodes(Long userId, String roleCodes) {
+        // 获得用户的角色
+        List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
+        if(ObjectUtil.isEmpty(roleCodes))
+            return getDeptDataPermission(userId);
+        List<String> roleCodesList = Arrays.asList(roleCodes.split(","));
+        if(CollectionUtil.isEmpty(roles))
+            return getDeptDataPermission(userId);
+        DeptContextHolder.setRoleCodeList(roleCodesList);
+        try{
+            return getDeptDataPermission(userId);
+        }catch (Exception e){
+            log.error("getDeptDataPermission-- error ", e);
+        }finally {
+            DeptContextHolder.clearRoleCodeList();
+        }
+        return getDeptDataPermission(userId);
+    }
+
    @Override
    @DataPermission(enable = false)
    @TenantIgnore