支持角色父子继承，允许子角色单独调整自己有的权限

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/controller/admin/permission/PermissionController.java

@@ -10,12 +10,12 @@ import cn.iocoder.yudao.module.system.service.tenant.TenantService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.Resource;
+import jakarta.validation.Valid;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
-import jakarta.annotation.Resource;
-import jakarta.validation.Valid;
 import java.util.Set;
 
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/controller/admin/permission/RoleController.java

@@ -7,7 +7,9 @@ import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
 import cn.iocoder.yudao.framework.excel.core.util.ExcelUtils;
-import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.*;
+import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RolePageReqVO;
+import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RoleRespVO;
+import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
 import cn.iocoder.yudao.module.system.dal.dataobject.permission.RoleDO;
 import cn.iocoder.yudao.module.system.service.permission.RoleService;
 import io.swagger.v3.oas.annotations.Operation;
@@ -23,11 +25,15 @@ import org.springframework.web.bind.annotation.*;
 import java.io.IOException;
 import java.util.Comparator;
 import java.util.List;
+import java.util.stream.Collectors;
 
 import static cn.iocoder.yudao.framework.apilog.core.enums.OperateTypeEnum.EXPORT;
 import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
 import static java.util.Collections.singleton;
 
+/**
+ * @author chenbowen
+ */
 @Tag(name = "管理后台 - 角色")
 @RestController
 @RequestMapping("/system/role")
@@ -41,7 +47,7 @@ public class RoleController {
     @Operation(summary = "创建角色")
     @PreAuthorize("@ss.hasPermission('system:role:create')")
     public CommonResult<Long> createRole(@Valid @RequestBody RoleSaveReqVO createReqVO) {
-        return success(roleService.createRole(createReqVO, null));
+        return success(roleService.createRole(createReqVO, createReqVO.getType() == null ? null : Integer.valueOf(createReqVO.getType())));
     }
 
     @PutMapping("/update")
@@ -74,6 +80,20 @@ public class RoleController {
     @PreAuthorize("@ss.hasPermission('system:role:query')")
     public CommonResult<PageResult<RoleRespVO>> getRolePage(RolePageReqVO pageReqVO) {
         PageResult<RoleDO> pageResult = roleService.getRolePage(pageReqVO);
+        // 获取所有父级角色信息
+        List<Long> parentIds = pageResult.getList().stream().filter(role -> role.getParentId() != null && role.getParentId() > 0)
+                .map(RoleDO::getParentId)
+                .distinct()
+                .toList();
+        List<RoleDO> parentRoles = roleService.getRoleList(parentIds);
+        // 将父级角色信息转换为 id 与 name 的 Map
+        var parentRoleMap = parentRoles.stream().collect(Collectors.toMap(RoleDO::getId, RoleDO::getName, (v1, v2) -> v1));
+        // 补全父级角色名称
+        pageResult.getList().forEach(role -> {
+            if (role.getParentId() != null && role.getParentId() > 0) {
+                role.setParentName(parentRoleMap.get(role.getParentId()));
+            }
+        });
         return success(BeanUtils.toBean(pageResult, RoleRespVO.class));
     }
 
@@ -85,6 +105,16 @@ public class RoleController {
         return success(BeanUtils.toBean(list, RoleRespVO.class));
     }
 
+    @GetMapping({"/list-all-extend-simple", "/simple-extend-list"})
+    @Operation(summary = "获取所有可继承角色精简信息列表", description = "只包含被开启的角色，主要用于前端的下拉选项")
+    public CommonResult<List<RoleRespVO>> getParentSimpleRoleList() {
+        List<RoleDO> list = roleService.getRoleListByStatus(singleton(CommonStatusEnum.ENABLE.getStatus()));
+        // 过滤掉系统内置角色（如有需要）
+        list.removeIf(role -> role.getType() != null && role.getType().equals(1));
+        list.sort(Comparator.comparing(RoleDO::getSort));
+        return success(BeanUtils.toBean(list, RoleRespVO.class));
+    }
+
     @GetMapping("/export-excel")
     @Operation(summary = "导出角色 Excel")
     @ApiAccessLog(operateType = EXPORT)

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/controller/admin/permission/vo/permission/PermissionAssignUserRoleReqVO.java

@@ -1,12 +1,15 @@
 package cn.iocoder.yudao.module.system.controller.admin.permission.vo.permission;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 
-import jakarta.validation.constraints.NotNull;
 import java.util.Collections;
 import java.util.Set;
 
+/**
+ * @author chenbowen
+ */
 @Schema(description = "管理后台 - 赋予用户角色 Request VO")
 @Data
 public class PermissionAssignUserRoleReqVO {
@@ -16,6 +19,6 @@ public class PermissionAssignUserRoleReqVO {
     private Long userId;
 
     @Schema(description = "角色编号列表", example = "1,3,5")
-    private Set<Long> roleIds = Collections.emptySet(); // 兜底
+    private Set<Long> roleIds = Collections.emptySet();
 
 }

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/controller/admin/permission/vo/role/RoleRespVO.java

@@ -12,6 +12,9 @@ import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.Set;
 
+/**
+ * @author chenbowen
+ */
 @Schema(description = "管理后台 - 角色信息 Response VO")
 @Data
 @ExcelIgnoreUnannotated
@@ -56,4 +59,11 @@ public class RoleRespVO {
     @Schema(description = "创建时间", requiredMode = Schema.RequiredMode.REQUIRED, example = "时间戳格式")
     private LocalDateTime createTime;
 
+    @Schema(description = "父级角色名称", example = "1")
+    @ExcelProperty("父级角色名称")
+    private String parentName;
+
+    @Schema(description = "父级角色 Id", example = "1")
+    @ExcelProperty("父级角色 Id")
+    private Long parentId;
 }

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/controller/admin/permission/vo/role/RoleSaveReqVO.java

@@ -9,6 +9,9 @@ import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Size;
 import lombok.Data;
 
+/**
+ * @author chenbowen
+ */
 @Schema(description = "管理后台 - 角色创建/更新 Request VO")
 @Data
 public class RoleSaveReqVO {
@@ -39,6 +42,12 @@ public class RoleSaveReqVO {
     @InEnum(value = CommonStatusEnum.class, message = "状态必须是 {value}")
     private Integer status;
 
+    @Schema(description = "角色类型", example = "1 内置角色，2 标准角色，3 租户自定义角色")
+    private String type;
+
+    @Schema(description = "父级角色Id", example = "-1 系统角色，0 顶级角色")
+    private Long parentId;
+
     @Schema(description = "备注", example = "我是一个角色")
     @Size(max = 500, message = "备注长度不能超过 500 个字符")
     @DiffLogField(name = "备注")

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/dal/dataobject/permission/RoleDO.java

@@ -33,7 +33,6 @@ public class RoleDO extends TenantBaseDO {
     private String name;
     /**
      * 角色标识
-     *
      * 枚举
      */
     private String code;
@@ -43,13 +42,11 @@ public class RoleDO extends TenantBaseDO {
     private Integer sort;
     /**
      * 角色状态
-     *
      * 枚举 {@link CommonStatusEnum}
      */
     private Integer status;
     /**
      * 角色类型
-     *
      * 枚举 {@link RoleTypeEnum}
      */
     private Integer type;
@@ -60,16 +57,27 @@ public class RoleDO extends TenantBaseDO {
 
     /**
      * 数据范围
-     *
      * 枚举 {@link DataScopeEnum}
      */
     private Integer dataScope;
     /**
      * 数据范围(指定部门数组)
-     *
      * 适用于 {@link #dataScope} 的值为 {@link DataScopeEnum#DEPT_CUSTOM} 时
      */
     @TableField(typeHandler = JacksonTypeHandler.class)
     private Set<Long> dataScopeDeptIds;
 
+    /**
+     * 父级标准角色 Id : 继承的标准角色Id，系统角色为 -1、标准角色为 0
+     */
+    private Long parentId;
+
+    /**
+     * 父级角色名称
+     * 仅用于前端角色界面展示
+     */
+    @TableField(exist = false)
+    private String parentName;
+
+
 }

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/dal/dataobject/rolemenuexclusion/RoleMenuExclusionDO.java

@@ -0,0 +1,44 @@
+package cn.iocoder.yudao.module.system.dal.dataobject.rolemenuexclusion;
+
+import cn.iocoder.yudao.framework.mybatis.core.dataobject.BaseDO;
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.KeySequence;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import lombok.*;
+
+/**
+ * 角色菜单剔除 DO
+ *
+ * @author 管理员
+ */
+@TableName("system_role_menu_exclusion")
+@KeySequence("system_role_menu_exclusion_seq") // 用于 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库的主键自增。如果是 MySQL 等数据库，可不写。
+@Data
+@EqualsAndHashCode(callSuper = true)
+@ToString(callSuper = true)
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class RoleMenuExclusionDO extends BaseDO {
+
+    /**
+     * 主键ID
+     */
+    @TableId(type = IdType.ASSIGN_ID)
+    private Long id;
+    /**
+     * 角色ID
+     */
+    private Long roleId;
+    /**
+     * 菜单ID
+     */
+    private Long menuId;
+    /**
+     * 备注
+     */
+    private String remark;
+
+
+}

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/permission/RoleMapper.java

@@ -12,6 +12,9 @@ import org.springframework.lang.Nullable;
 import java.util.Collection;
 import java.util.List;
 
+/**
+ * @author chenbowen
+ */
 @Mapper
 public interface RoleMapper extends BaseMapperX<RoleDO> {
 
@@ -36,4 +39,8 @@ public interface RoleMapper extends BaseMapperX<RoleDO> {
         return selectList(RoleDO::getStatus, statuses);
     }
 
+    default long selectCountByParentId(Long parentId) {
+        return selectCount(RoleDO::getParentId, parentId);
+    }
+
 }

yudao-module-system/yudao-module-system-server/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/rolemenuexclusion/RoleMenuExclusionMapper.java

@@ -0,0 +1,39 @@
+package cn.iocoder.yudao.module.system.dal.mysql.rolemenuexclusion;
+
+import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
+import cn.iocoder.yudao.module.system.dal.dataobject.rolemenuexclusion.RoleMenuExclusionDO;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * 角色菜单剔除 Mapper
+ *
+ * @author 管理员
+ */
+@Mapper
+public interface RoleMenuExclusionMapper extends BaseMapperX<RoleMenuExclusionDO> {
+
+    /**
+     * 根据角色编号，查询角色菜单剔除列表
+     *
+     * @param roleIds 角色编号
+     */
+    default List<RoleMenuExclusionDO> selectMenuIdListByRoleId(Collection<Long> roleIds) {
+        return selectList(RoleMenuExclusionDO::getRoleId, roleIds);
+    }
+
+    /**
+     * 根据角色编号，菜单编号，删除角色菜单剔除列表
+     *
+     * @param roleId 角色编号
+     * @param menuIds 菜单编号
+     */
+    default void deleteListByRoleIdAndMenuIds(Long roleId, Collection<Long> menuIds) {
+        delete(new LambdaQueryWrapper<RoleMenuExclusionDO>()
+                .eq(RoleMenuExclusionDO::getRoleId, roleId)
+                .in(RoleMenuExclusionDO::getMenuId, menuIds));
+    }
+}