修改权限逻辑

ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/core/service/SaPermissionImpl.java

@@ -1,7 +1,10 @@
 package org.dromara.common.satoken.core.service;
 
 import cn.dev33.satoken.stp.StpInterface;
+import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.ObjectUtil;
+import org.dromara.common.core.domain.vo.SysProjectRoleMenuVo;
+import org.dromara.common.core.domain.vo.SysProjectRolePermissionVo;
 import org.dromara.common.core.enums.UserType;
 import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.core.service.PermissionService;
@@ -12,6 +15,9 @@ import org.dromara.system.api.model.LoginUser;
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 /**
  * sa-token 权限管理实现类
@@ -30,17 +36,21 @@ public class SaPermissionImpl implements StpInterface {
             PermissionService permissionService = getPermissionService();
             if (ObjectUtil.isNotNull(permissionService)) {
                 List<String> list = StringUtils.splitList(loginId.toString(), ":");
-                return new ArrayList<>(permissionService.getMenuPermission(Long.parseLong(list.get(1))));
+                return getPermissionListByProjectId(permissionService.getMenuPermission(Long.parseLong(list.get(1))), null);
             } else {
                 throw new ServiceException("PermissionService 实现类不存在");
             }
         }
         UserType userType = UserType.getUserType(loginUser.getUserType());
-        if (userType == UserType.APP_USER) {
+        // 系统用户
+        if (userType == UserType.SYS_USER) {
+            Long projectId = loginUser.getProjectId();
+            List<SysProjectRoleMenuVo> menuPermission = loginUser.getMenuPermission();
+            return getPermissionListByProjectId(menuPermission, projectId);
+        } else if (userType == UserType.APP_USER) {
             // 其他端 自行根据业务编写
         }
-        // SYS_USER 默认返回权限
-        return new ArrayList<>(loginUser.getMenuPermission());
+        return new ArrayList<>();
     }
 
     /**
@@ -53,17 +63,21 @@ public class SaPermissionImpl implements StpInterface {
             PermissionService permissionService = getPermissionService();
             if (ObjectUtil.isNotNull(permissionService)) {
                 List<String> list = StringUtils.splitList(loginId.toString(), ":");
-                return new ArrayList<>(permissionService.getRolePermission(Long.parseLong(list.get(1))));
+                return getRoleListByProjectId(permissionService.getRolePermission(Long.parseLong(list.get(1))), null);
             } else {
                 throw new ServiceException("PermissionService 实现类不存在");
             }
         }
         UserType userType = UserType.getUserType(loginUser.getUserType());
-        if (userType == UserType.APP_USER) {
+        // 系统用户
+        if (userType == UserType.SYS_USER) {
+            Long projectId = loginUser.getProjectId();
+            List<SysProjectRolePermissionVo> rolePermission = loginUser.getRolePermission();
+            return getRoleListByProjectId(rolePermission, projectId);
+        } else if (userType == UserType.APP_USER) {
             // 其他端 自行根据业务编写
         }
-        // SYS_USER 默认返回权限
-        return new ArrayList<>(loginUser.getRolePermission());
+        return new ArrayList<>();
     }
 
     private PermissionService getPermissionService() {
@@ -74,4 +88,60 @@ public class SaPermissionImpl implements StpInterface {
         }
     }
 
+    /**
+     * 获取菜单权限列表
+     *
+     * @param menuPermission 菜单权限
+     * @param projectId      当前用户所在项目id
+     * @return 菜单权限列表
+     */
+    private List<String> getPermissionListByProjectId(List<SysProjectRoleMenuVo> menuPermission, Long projectId) {
+        if (CollUtil.isNotEmpty(menuPermission)) {
+            if (projectId != null) {
+                Map<Long, List<SysProjectRoleMenuVo>> map = menuPermission.stream()
+                    .collect(Collectors.groupingBy(SysProjectRoleMenuVo::getProjectId));
+                if (map.containsKey(projectId)) {
+                    return map.get(projectId).stream()
+                        .map(SysProjectRoleMenuVo::getProjectPermissions)
+                        .flatMap(Set::stream)
+                        .filter(s -> !s.isEmpty())
+                        .distinct()
+                        .toList();
+                }
+            }
+            List<Set<String>> setList = menuPermission.stream().map(SysProjectRoleMenuVo::getProjectPermissions).toList();
+            return setList.stream().flatMap(Set::stream).filter(s -> !s.isEmpty()).distinct().toList();
+        } else {
+            return new ArrayList<>();
+        }
+    }
+
+    /**
+     * 获取角色权限列表
+     *
+     * @param rolePermission 角色权限
+     * @param projectId      当前用户所在项目id
+     * @return 角色权限列表
+     */
+    private List<String> getRoleListByProjectId(List<SysProjectRolePermissionVo> rolePermission, Long projectId) {
+        if (CollUtil.isNotEmpty(rolePermission)) {
+            if (projectId != null) {
+                Map<Long, List<SysProjectRolePermissionVo>> map = rolePermission.stream()
+                    .collect(Collectors.groupingBy(SysProjectRolePermissionVo::getProjectId));
+                if (map.containsKey(projectId)) {
+                    return map.get(projectId).stream()
+                        .map(SysProjectRolePermissionVo::getProjectRoles)
+                        .flatMap(Set::stream)
+                        .filter(s -> !s.isEmpty())
+                        .distinct()
+                        .toList();
+                }
+            }
+            List<Set<String>> list = rolePermission.stream().map(SysProjectRolePermissionVo::getProjectRoles).toList();
+            return list.stream().flatMap(Set::stream).filter(s -> !s.isEmpty()).distinct().toList();
+        } else {
+            return new ArrayList<>();
+        }
+    }
+
 }

ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java

@@ -10,9 +10,11 @@ import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 import org.dromara.common.core.constant.SystemConstants;
 import org.dromara.common.core.constant.TenantConstants;
+import org.dromara.common.core.domain.vo.SysProjectRolePermissionVo;
 import org.dromara.common.core.enums.UserType;
 import org.dromara.system.api.model.LoginUser;
 
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -38,6 +40,7 @@ public class LoginHelper {
     public static final String DEPT_NAME_KEY = "deptName";
     public static final String DEPT_CATEGORY_KEY = "deptCategory";
     public static final String CLIENT_KEY = "clientid";
+    public static final String PROJECT_KEY = "projectId";
 
     /**
      * 登录系统 基于 设备类型
@@ -55,6 +58,7 @@ public class LoginHelper {
                 .setExtra(DEPT_KEY, loginUser.getDeptId())
                 .setExtra(DEPT_NAME_KEY, loginUser.getDeptName())
                 .setExtra(DEPT_CATEGORY_KEY, loginUser.getDeptCategory())
+                .setExtra(PROJECT_KEY, loginUser.getProjectId())
         );
         StpUtil.getTokenSession().set(LOGIN_USER_KEY, loginUser);
     }
@@ -132,6 +136,13 @@ public class LoginHelper {
         return Convert.toStr(getExtra(DEPT_CATEGORY_KEY));
     }
 
+    /**
+     * 获取项目ID
+     */
+    public static Long getProjectId() {
+        return Convert.toLong(getExtra(PROJECT_KEY));
+    }
+
     /**
      * 获取当前 Token 的扩展信息
      *
@@ -197,7 +208,8 @@ public class LoginHelper {
         if (loginUser == null) {
             return false;
         }
-        return Convert.toBool(isTenantAdmin(loginUser.getRolePermission()));
+        List<SysProjectRolePermissionVo> rolePermission = loginUser.getRolePermission();
+        return Convert.toBool(isTenantAdmin(rolePermission.getFirst().getProjectRoles()));
     }
 
     /**