From a86b98b0f57a0e43f9b0d64c275be77a8b871121 Mon Sep 17 00:00:00 2001
From: chenbowen <you@example.com>
Date: Thu, 18 Dec 2025 20:26:27 +0800
Subject: [PATCH] =?UTF-8?q?1.=20=E6=96=B0=E5=A2=9E=20permissionApi=20?=
 =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E5=BD=93=E5=89=8D=E7=94=A8=E6=88=B7=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E7=BA=A7=E5=88=AB=E7=9A=84=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../system/api/permission/PermissionApi.java  |  6 +++
 .../enums/permission/DataScopeEnum.java       | 22 ++++++++
 .../api/permission/PermissionApiImpl.java     |  6 +++
 .../service/permission/PermissionService.java |  9 ++++
 .../permission/PermissionServiceImpl.java     | 44 +++++++++++++++
 .../permission/PermissionServiceTest.java     | 53 +++++++++++++++++++
 6 files changed, 140 insertions(+)

diff --git a/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/api/permission/PermissionApi.java b/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/api/permission/PermissionApi.java
index 9e541926..b30f62f6 100644
--- a/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/api/permission/PermissionApi.java
+++ b/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/api/permission/PermissionApi.java
@@ -4,6 +4,7 @@ import com.zt.plat.framework.common.biz.system.permission.PermissionCommonApi;
 import com.zt.plat.framework.common.pojo.CommonResult;
 import com.zt.plat.module.system.api.permission.dto.*;
 import com.zt.plat.module.system.enums.ApiConstants;
+import com.zt.plat.module.system.enums.permission.DataScopeEnum;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
@@ -50,4 +51,9 @@ public interface PermissionApi extends PermissionCommonApi {
     @Parameter(name = "userId", description = "用户编号", example = "1", required = true)
     CommonResult<Set<Long>> getUserRoleIdListByUserId(@RequestParam("userId") Long userId);
 
+    @GetMapping(PREFIX + "/user-data-permission-level")
+    @Operation(summary = "获得用户的数据权限级别")
+    @Parameter(name = "userId", description = "用户编号", example = "1", required = true)
+    CommonResult<DataScopeEnum> getUserDataPermissionLevel(@RequestParam("userId") Long userId);
+
 }
\ No newline at end of file
diff --git a/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/permission/DataScopeEnum.java b/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/permission/DataScopeEnum.java
index b0edcfd0..4a1ab13f 100644
--- a/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/permission/DataScopeEnum.java
+++ b/zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/permission/DataScopeEnum.java
@@ -1,10 +1,12 @@
 package com.zt.plat.module.system.enums.permission;
 
+import com.fasterxml.jackson.annotation.JsonValue;
 import com.zt.plat.framework.common.core.ArrayValuable;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 
 import java.util.Arrays;
+import java.util.Objects;
 
 /**
  * 数据范围枚举类
@@ -33,6 +35,26 @@ public enum DataScopeEnum implements ArrayValuable<Integer> {
 
     public static final Integer[] ARRAYS = Arrays.stream(values()).map(DataScopeEnum::getScope).toArray(Integer[]::new);
 
+    /**
+     * Jackson 序列化时输出整数 code，兼容旧客户端
+     */
+    @JsonValue
+    public Integer getScope() {
+        return scope;
+    }
+
+    public static DataScopeEnum findByScope(Integer scope) {
+        if (scope == null) {
+            return null;
+        }
+        for (DataScopeEnum value : values()) {
+            if (Objects.equals(value.scope, scope)) {
+                return value;
+            }
+        }
+        return null;
+    }
+
     @Override
     public Integer[] array() {
         return ARRAYS;
diff --git a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/api/permission/PermissionApiImpl.java b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/api/permission/PermissionApiImpl.java
index 955fa69a..771f322b 100644
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/api/permission/PermissionApiImpl.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/api/permission/PermissionApiImpl.java
@@ -6,6 +6,7 @@ import com.zt.plat.framework.common.util.object.BeanUtils;
 import com.zt.plat.module.system.api.permission.dto.*;
 import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleDataScopeReqVO;
 import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignUserRoleReqVO;
+import com.zt.plat.module.system.enums.permission.DataScopeEnum;
 import com.zt.plat.module.system.service.permission.PermissionService;
 import org.springframework.context.annotation.Primary;
 import org.springframework.validation.annotation.Validated;
@@ -65,6 +66,11 @@ public class PermissionApiImpl implements PermissionApi {
         return success(permissionService.getUserRoleIdListByUserIdFromCache(userId));
     }
 
+    @Override
+    public CommonResult<DataScopeEnum> getUserDataPermissionLevel(Long userId) {
+        return success(permissionService.getUserDataPermissionLevel(userId));
+    }
+
     @Override
     public CommonResult<Boolean> hasAnyPermissions(Long userId, String... permissions) {
         return success(permissionService.hasAnyPermissions(userId, permissions));
diff --git a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionService.java b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionService.java
index 28a029fd..a1a88dd3 100644
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionService.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionService.java
@@ -1,6 +1,7 @@
 package com.zt.plat.module.system.service.permission;
 
 import com.zt.plat.framework.common.biz.system.permission.dto.DeptDataPermissionRespDTO;
+import com.zt.plat.module.system.enums.permission.DataScopeEnum;
 
 import java.util.Collection;
 import java.util.Set;
@@ -143,4 +144,12 @@ public interface PermissionService {
      */
     DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
 
+    /**
+     * 获得用户的数据权限级别
+     *
+     * @param userId 用户编号
+     * @return 数据权限范围枚举
+     */
+    DataScopeEnum getUserDataPermissionLevel(Long userId);
+
 }
diff --git a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java
index ac7a1553..6bb37d18 100644
--- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java
+++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/permission/PermissionServiceImpl.java
@@ -27,6 +27,7 @@ import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
 import com.zt.plat.module.system.service.dept.DeptService;
 import com.zt.plat.module.system.service.user.AdminUserService;
 import com.zt.plat.module.system.service.userdept.UserDeptService;
+import com.zt.plat.framework.tenant.core.aop.TenantIgnore;
 import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -57,6 +58,15 @@ import static com.zt.plat.module.system.enums.ErrorCodeConstants.ROLE_CAN_NOT_UP
 @Slf4j
 public class PermissionServiceImpl implements PermissionService {
 
+    private static final List<DataScopeEnum> DATA_SCOPE_PRIORITY = Arrays.asList(
+            DataScopeEnum.ALL,
+            DataScopeEnum.COMPANY_AND_DEPT,
+            DataScopeEnum.DEPT_AND_CHILD,
+            DataScopeEnum.DEPT_ONLY,
+            DataScopeEnum.DEPT_CUSTOM,
+            DataScopeEnum.SELF
+    );
+
     @Resource
     private RoleMenuMapper roleMenuMapper;
     @Resource
@@ -404,6 +414,40 @@ public class PermissionServiceImpl implements PermissionService {
         return result;
     }
 
+    @Override
+    @DataPermission(enable = false)
+    @TenantIgnore
+    public DataScopeEnum getUserDataPermissionLevel(Long userId) {
+        List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
+        if (CollUtil.isEmpty(roles)) {
+            return DataScopeEnum.SELF;
+        }
+
+        DataScopeEnum best = null;
+        for (RoleDO role : roles) {
+            DataScopeEnum scopeEnum = DataScopeEnum.findByScope(role.getDataScope());
+            if (scopeEnum == null) {
+                continue;
+            }
+            if (best == null || compareScope(scopeEnum, best) < 0) {
+                best = scopeEnum;
+                if (DataScopeEnum.ALL.equals(best)) {
+                    break;
+                }
+            }
+        }
+        return best != null ? best : DataScopeEnum.SELF;
+    }
+
+    private int compareScope(DataScopeEnum left, DataScopeEnum right) {
+        return getScopePriority(left) - getScopePriority(right);
+    }
+
+    private int getScopePriority(DataScopeEnum scope) {
+        int idx = DATA_SCOPE_PRIORITY.indexOf(scope);
+        return idx >= 0 ? idx : Integer.MAX_VALUE;
+    }
+
     /**
      * 获得自身的代理对象，解决 AOP 生效问题
      *
diff --git a/zt-module-system/zt-module-system-server/src/test/java/com/zt/plat/module/system/service/permission/PermissionServiceTest.java b/zt-module-system/zt-module-system-server/src/test/java/com/zt/plat/module/system/service/permission/PermissionServiceTest.java
index 73095709..9bfefac6 100644
--- a/zt-module-system/zt-module-system-server/src/test/java/com/zt/plat/module/system/service/permission/PermissionServiceTest.java
+++ b/zt-module-system/zt-module-system-server/src/test/java/com/zt/plat/module/system/service/permission/PermissionServiceTest.java
@@ -1,7 +1,9 @@
 package com.zt.plat.module.system.service.permission;
 
 import com.zt.plat.framework.common.exception.ServiceException;
+import com.zt.plat.framework.common.enums.CommonStatusEnum;
 import com.zt.plat.framework.test.core.ut.BaseDbUnitTest;
+import com.zt.plat.framework.common.util.json.JsonUtils;
 import com.zt.plat.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
 import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
 import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
@@ -11,6 +13,7 @@ import com.zt.plat.module.system.dal.mysql.permission.RoleMapper;
 import com.zt.plat.module.system.dal.mysql.permission.RoleMenuMapper;
 import com.zt.plat.module.system.dal.mysql.permission.UserRoleMapper;
 import com.zt.plat.module.system.dal.mysql.rolemenuexclusion.RoleMenuExclusionMapper;
+import com.zt.plat.module.system.enums.permission.DataScopeEnum;
 import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
 import com.zt.plat.module.system.service.dept.DeptService;
 import com.zt.plat.module.system.service.user.AdminUserService;
@@ -408,4 +411,54 @@ public class PermissionServiceTest extends BaseDbUnitTest {
         assertEquals(1, exclusionDOS.size());
         assertEquals(101L, exclusionDOS.get(0).getMenuId());
     }
+
+    @Test
+    public void testGetUserDataPermissionLevel_noRolesReturnSelf() {
+        Long userId = 1000L;
+
+        DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
+
+        assertEquals(DataScopeEnum.SELF, result);
+    }
+
+    @Test
+    public void testGetUserDataPermissionLevel_pickHighestPriority() {
+        Long userId = 2000L;
+        RoleDO roleCustom = randomPojo(RoleDO.class, o -> o
+                .setStatus(CommonStatusEnum.ENABLE.getStatus())
+                .setDataScope(DataScopeEnum.DEPT_CUSTOM.getScope())
+                .setId(110L)
+                .setTenantId(0L));
+        roleMapper.insert(roleCustom);
+        RoleDO roleCompany = randomPojo(RoleDO.class, o -> o
+                .setStatus(CommonStatusEnum.ENABLE.getStatus())
+                .setDataScope(DataScopeEnum.COMPANY_AND_DEPT.getScope())
+                .setId(120L)
+                .setTenantId(0L));
+        roleMapper.insert(roleCompany);
+
+        userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleCustom.getId())));
+        userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleCompany.getId())));
+
+        DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
+
+        assertEquals(DataScopeEnum.COMPANY_AND_DEPT, result);
+    }
+
+    @Test
+    public void testGetUserDataPermissionLevel_serializeAsNumber() {
+        Long userId = 3000L;
+        RoleDO roleAll = randomPojo(RoleDO.class, o -> o
+                .setStatus(CommonStatusEnum.ENABLE.getStatus())
+                .setDataScope(DataScopeEnum.ALL.getScope())
+                .setId(210L)
+                .setTenantId(0L));
+        roleMapper.insert(roleAll);
+        userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleAll.getId())));
+
+        DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
+
+        assertEquals(DataScopeEnum.ALL, result);
+        assertEquals("1", JsonUtils.toJsonString(result));
+    }
 }