支持角色父子继承,允许子角色单独调整自己有的权限
This commit is contained in:
陈博文
2
.gitignore
vendored
2
.gitignore
vendored
@@ -52,7 +52,6 @@ npm-debug.log*
|
||||
yarn-error.log
|
||||
|
||||
/coverage
|
||||
.idea
|
||||
yarn.lock
|
||||
package-lock.json
|
||||
*bak
|
||||
@@ -73,3 +72,4 @@ functions/mock
|
||||
screenshot
|
||||
.firebase
|
||||
sessionStore
|
||||
/http/
|
||||
|
||||
33
sql/dm/角色权限剔除表.sql
Normal file
33
sql/dm/角色权限剔除表.sql
Normal file
@@ -0,0 +1,33 @@
|
||||
create table "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION
|
||||
(
|
||||
ID BIGINT,
|
||||
ROLE_ID BIGINT not null,
|
||||
MENU_ID BIGINT not null,
|
||||
REMARK VARCHAR(2000),
|
||||
CREATOR VARCHAR(256) default '',
|
||||
CREATE_TIME TIMESTAMP default CURRENT_TIMESTAMP not null,
|
||||
UPDATER VARCHAR(256) default '',
|
||||
UPDATE_TIME TIMESTAMP default CURRENT_TIMESTAMP not null,
|
||||
DELETED TINYINT default 0 not null,
|
||||
TENANT_ID BIGINT default 0 not null
|
||||
);
|
||||
|
||||
comment on table "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION is '角色菜单剔除表';
|
||||
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.ID is '主键ID';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.ROLE_ID is '角色ID';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.MENU_ID is '菜单ID';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.REMARK is '备注';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.CREATOR is '创建者';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.CREATE_TIME is '创建时间';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.UPDATER is '更新者';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.UPDATE_TIME is '更新时间';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.DELETED is '是否删除';
|
||||
comment on column "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION.TENANT_ID is '租户编号';
|
||||
|
||||
create unique index "RUOYI-VUE-PRO".IDX_ROLE_MENU_EXCLUSION_ID
|
||||
on "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION (ID);
|
||||
|
||||
alter table "RUOYI-VUE-PRO".SYSTEM_ROLE_MENU_EXCLUSION
|
||||
add constraint PK_ROLE_MENU_EXCLUSION_ID
|
||||
primary key (ID);
|
||||
@@ -3,12 +3,12 @@
|
||||
spring:
|
||||
cloud:
|
||||
nacos:
|
||||
# server-addr: 172.16.46.63:30848 # Nacos 服务器地址
|
||||
server-addr: 120.26.250.247:8848 # Nacos 服务器地址
|
||||
server-addr: 172.16.46.63:30848 # Nacos 服务器地址
|
||||
# server-addr: 120.26.250.247:8848 # Nacos 服务器地址
|
||||
username: # Nacos 账号
|
||||
password: # Nacos 密码
|
||||
discovery: # 【配置中心】配置项
|
||||
namespace: dev # 命名空间。这里使用 dev 开发环境
|
||||
namespace: local # 命名空间。这里使用 dev 开发环境
|
||||
group: DEFAULT_GROUP # 使用的 Nacos 配置分组,默认为 DEFAULT_GROUP
|
||||
metadata:
|
||||
version: 1.0.0 # 服务实例的版本号,可用于灰度发布
|
||||
|
||||
@@ -6,6 +6,7 @@ import cn.iocoder.yudao.framework.common.exception.ErrorCode;
|
||||
* System 错误码枚举类
|
||||
*
|
||||
* system 系统,使用 1-002-000-000 段
|
||||
* @author chenbowen
|
||||
*/
|
||||
public interface ErrorCodeConstants {
|
||||
|
||||
@@ -33,6 +34,8 @@ public interface ErrorCodeConstants {
|
||||
ErrorCode ROLE_CAN_NOT_UPDATE_SYSTEM_TYPE_ROLE = new ErrorCode(1_002_002_003, "不能操作类型为系统内置的角色");
|
||||
ErrorCode ROLE_IS_DISABLE = new ErrorCode(1_002_002_004, "名字为【{}】的角色已被禁用");
|
||||
ErrorCode ROLE_ADMIN_CODE_ERROR = new ErrorCode(1_002_002_005, "标识【{}】不能使用");
|
||||
ErrorCode ROLE_CAN_NOT_DELETE_HAS_CHILDREN = new ErrorCode(1_002_002_006, " 角色【{}】存在子角色,不允许删除");
|
||||
ErrorCode ROLE_PARENT_IS_CHILD = new ErrorCode(1_002_002_007, "不能设置自己的子角色为父角色");
|
||||
|
||||
// ========== 用户模块 1-002-003-000 ==========
|
||||
ErrorCode USER_USERNAME_EXISTS = new ErrorCode(1_002_003_000, "用户账号已经存在");
|
||||
|
||||
@@ -5,16 +5,22 @@ import lombok.Getter;
|
||||
|
||||
/**
|
||||
* 登录结果的枚举类
|
||||
* @author chenbowen
|
||||
*/
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
public enum LoginResultEnum {
|
||||
|
||||
SUCCESS(0), // 成功
|
||||
BAD_CREDENTIALS(10), // 账号或密码不正确
|
||||
USER_DISABLED(20), // 用户被禁用
|
||||
CAPTCHA_NOT_FOUND(30), // 图片验证码不存在
|
||||
CAPTCHA_CODE_ERROR(31), // 图片验证码不正确
|
||||
// 成功
|
||||
SUCCESS(0),
|
||||
// 账号或密码不正确
|
||||
BAD_CREDENTIALS(10),
|
||||
// 用户被禁用
|
||||
USER_DISABLED(20),
|
||||
// 图片验证码不存在
|
||||
CAPTCHA_NOT_FOUND(30),
|
||||
// 图片验证码不正确
|
||||
CAPTCHA_CODE_ERROR(31),
|
||||
|
||||
;
|
||||
|
||||
|
||||
@@ -3,6 +3,10 @@ package cn.iocoder.yudao.module.system.enums.permission;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
|
||||
/**
|
||||
* @author chenbowen
|
||||
*/
|
||||
|
||||
@Getter
|
||||
@AllArgsConstructor
|
||||
public enum RoleTypeEnum {
|
||||
@@ -11,10 +15,14 @@ public enum RoleTypeEnum {
|
||||
* 内置角色
|
||||
*/
|
||||
SYSTEM(1),
|
||||
/**
|
||||
* 标准角色
|
||||
*/
|
||||
NORMAL(2),
|
||||
/**
|
||||
* 自定义角色
|
||||
*/
|
||||
CUSTOM(2);
|
||||
CUSTOM(3);
|
||||
|
||||
private final Integer type;
|
||||
|
||||
|
||||
@@ -10,12 +10,12 @@ import cn.iocoder.yudao.module.system.service.tenant.TenantService;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.Parameter;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import jakarta.annotation.Resource;
|
||||
import jakarta.validation.Valid;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.validation.annotation.Validated;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import jakarta.annotation.Resource;
|
||||
import jakarta.validation.Valid;
|
||||
import java.util.Set;
|
||||
|
||||
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
||||
|
||||
@@ -7,7 +7,9 @@ import cn.iocoder.yudao.framework.common.pojo.PageParam;
|
||||
import cn.iocoder.yudao.framework.common.pojo.PageResult;
|
||||
import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
|
||||
import cn.iocoder.yudao.framework.excel.core.util.ExcelUtils;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.*;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RolePageReqVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RoleRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.permission.RoleDO;
|
||||
import cn.iocoder.yudao.module.system.service.permission.RoleService;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
@@ -23,11 +25,15 @@ import org.springframework.web.bind.annotation.*;
|
||||
import java.io.IOException;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static cn.iocoder.yudao.framework.apilog.core.enums.OperateTypeEnum.EXPORT;
|
||||
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
||||
import static java.util.Collections.singleton;
|
||||
|
||||
/**
|
||||
* @author chenbowen
|
||||
*/
|
||||
@Tag(name = "管理后台 - 角色")
|
||||
@RestController
|
||||
@RequestMapping("/system/role")
|
||||
@@ -41,7 +47,7 @@ public class RoleController {
|
||||
@Operation(summary = "创建角色")
|
||||
@PreAuthorize("@ss.hasPermission('system:role:create')")
|
||||
public CommonResult<Long> createRole(@Valid @RequestBody RoleSaveReqVO createReqVO) {
|
||||
return success(roleService.createRole(createReqVO, null));
|
||||
return success(roleService.createRole(createReqVO, createReqVO.getType() == null ? null : Integer.valueOf(createReqVO.getType())));
|
||||
}
|
||||
|
||||
@PutMapping("/update")
|
||||
@@ -74,6 +80,20 @@ public class RoleController {
|
||||
@PreAuthorize("@ss.hasPermission('system:role:query')")
|
||||
public CommonResult<PageResult<RoleRespVO>> getRolePage(RolePageReqVO pageReqVO) {
|
||||
PageResult<RoleDO> pageResult = roleService.getRolePage(pageReqVO);
|
||||
// 获取所有父级角色信息
|
||||
List<Long> parentIds = pageResult.getList().stream().filter(role -> role.getParentId() != null && role.getParentId() > 0)
|
||||
.map(RoleDO::getParentId)
|
||||
.distinct()
|
||||
.toList();
|
||||
List<RoleDO> parentRoles = roleService.getRoleList(parentIds);
|
||||
// 将父级角色信息转换为 id 与 name 的 Map
|
||||
var parentRoleMap = parentRoles.stream().collect(Collectors.toMap(RoleDO::getId, RoleDO::getName, (v1, v2) -> v1));
|
||||
// 补全父级角色名称
|
||||
pageResult.getList().forEach(role -> {
|
||||
if (role.getParentId() != null && role.getParentId() > 0) {
|
||||
role.setParentName(parentRoleMap.get(role.getParentId()));
|
||||
}
|
||||
});
|
||||
return success(BeanUtils.toBean(pageResult, RoleRespVO.class));
|
||||
}
|
||||
|
||||
@@ -85,6 +105,16 @@ public class RoleController {
|
||||
return success(BeanUtils.toBean(list, RoleRespVO.class));
|
||||
}
|
||||
|
||||
@GetMapping({"/list-all-extend-simple", "/simple-extend-list"})
|
||||
@Operation(summary = "获取所有可继承角色精简信息列表", description = "只包含被开启的角色,主要用于前端的下拉选项")
|
||||
public CommonResult<List<RoleRespVO>> getParentSimpleRoleList() {
|
||||
List<RoleDO> list = roleService.getRoleListByStatus(singleton(CommonStatusEnum.ENABLE.getStatus()));
|
||||
// 过滤掉系统内置角色(如有需要)
|
||||
list.removeIf(role -> role.getType() != null && role.getType().equals(1));
|
||||
list.sort(Comparator.comparing(RoleDO::getSort));
|
||||
return success(BeanUtils.toBean(list, RoleRespVO.class));
|
||||
}
|
||||
|
||||
@GetMapping("/export-excel")
|
||||
@Operation(summary = "导出角色 Excel")
|
||||
@ApiAccessLog(operateType = EXPORT)
|
||||
|
||||
@@ -1,12 +1,15 @@
|
||||
package cn.iocoder.yudao.module.system.controller.admin.permission.vo.permission;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import lombok.Data;
|
||||
|
||||
import jakarta.validation.constraints.NotNull;
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author chenbowen
|
||||
*/
|
||||
@Schema(description = "管理后台 - 赋予用户角色 Request VO")
|
||||
@Data
|
||||
public class PermissionAssignUserRoleReqVO {
|
||||
@@ -16,6 +19,6 @@ public class PermissionAssignUserRoleReqVO {
|
||||
private Long userId;
|
||||
|
||||
@Schema(description = "角色编号列表", example = "1,3,5")
|
||||
private Set<Long> roleIds = Collections.emptySet(); // 兜底
|
||||
private Set<Long> roleIds = Collections.emptySet();
|
||||
|
||||
}
|
||||
|
||||
@@ -12,6 +12,9 @@ import lombok.Data;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author chenbowen
|
||||
*/
|
||||
@Schema(description = "管理后台 - 角色信息 Response VO")
|
||||
@Data
|
||||
@ExcelIgnoreUnannotated
|
||||
@@ -56,4 +59,11 @@ public class RoleRespVO {
|
||||
@Schema(description = "创建时间", requiredMode = Schema.RequiredMode.REQUIRED, example = "时间戳格式")
|
||||
private LocalDateTime createTime;
|
||||
|
||||
@Schema(description = "父级角色名称", example = "1")
|
||||
@ExcelProperty("父级角色名称")
|
||||
private String parentName;
|
||||
|
||||
@Schema(description = "父级角色 Id", example = "1")
|
||||
@ExcelProperty("父级角色 Id")
|
||||
private Long parentId;
|
||||
}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user