1. 新增 dept 类型的全局上下文权限

zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/context/DeptContextHolder.java

@@ -0,0 +1,61 @@
+package com.zt.plat.framework.tenant.core.context;
+
+import com.alibaba.ttl.TransmittableThreadLocal;
+
+/**
+ * 部门上下文 Holder，使用 {@link TransmittableThreadLocal} 支持在线程池/异步场景下的上下文传递。
+ *
+ * 包含当前部门编号、所属公司编号以及是否忽略部门数据权限的标识。
+ */
+public class DeptContextHolder {
+
+    /** 当前部门编号 */
+    private static final ThreadLocal<Long> DEPT_ID = new TransmittableThreadLocal<>();
+    /** 当前部门所属公司编号（用于一致性校验） */
+    private static final ThreadLocal<Long> COMPANY_ID = new TransmittableThreadLocal<>();
+    /** 是否忽略部门数据权限 */
+    private static final ThreadLocal<Boolean> IGNORE = new TransmittableThreadLocal<>();
+
+    public static Long getDeptId() {
+        return DEPT_ID.get();
+    }
+
+    public static Long getCompanyId() {
+        return COMPANY_ID.get();
+    }
+
+    /**
+     * 设置部门与所属公司编号。
+     */
+    public static void setContext(Long deptId, Long companyId) {
+        DEPT_ID.set(deptId);
+        COMPANY_ID.set(companyId);
+    }
+
+    public static void setDeptId(Long deptId) {
+        DEPT_ID.set(deptId);
+    }
+
+    public static void setCompanyId(Long companyId) {
+        COMPANY_ID.set(companyId);
+    }
+
+    public static boolean hasDeptId() {
+        Long deptId = DEPT_ID.get();
+        return deptId != null && deptId > 0L;
+    }
+
+    public static void setIgnore(Boolean ignore) {
+        IGNORE.set(ignore);
+    }
+
+    public static boolean shouldIgnore() {
+        return Boolean.TRUE.equals(IGNORE.get());
+    }
+
+    public static void clear() {
+        DEPT_ID.remove();
+        COMPANY_ID.remove();
+        IGNORE.remove();
+    }
+}

zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/web/CompanyVisitContextInterceptor.java

@@ -3,6 +3,7 @@ package com.zt.plat.framework.tenant.core.web;
 import com.zt.plat.framework.security.core.LoginUser;
 import com.zt.plat.framework.security.core.util.SecurityFrameworkUtils;
 import com.zt.plat.framework.tenant.core.context.CompanyContextHolder;
+import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
 import com.zt.plat.framework.web.core.util.WebFrameworkUtils;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -66,11 +67,19 @@ public class CompanyVisitContextInterceptor implements HandlerInterceptor {
 
         if (companyId == null || companyId <= 0L) {
             CompanyContextHolder.setIgnore(true);
+            DeptContextHolder.clear();
             return true;
         }
 
         CompanyContextHolder.setIgnore(false);
         CompanyContextHolder.setCompanyId(companyId);
+        // 默认不忽略部门数据权限；如果有有效部门则写入上下文
+        DeptContextHolder.setIgnore(false);
+        if (deptId != null && deptId > 0L) {
+            DeptContextHolder.setContext(deptId, companyId);
+        } else {
+            DeptContextHolder.clear();
+        }
         if (loginUser == null) {
             return true;
         }
@@ -91,7 +100,9 @@ public class CompanyVisitContextInterceptor implements HandlerInterceptor {
         LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
         if (loginUser != null) {
             loginUser.setVisitCompanyId(0L);
+            loginUser.setVisitDeptId(0L);
         }
+        DeptContextHolder.clear();
     }
 
     private Long resolveLong(Object value) {