Merge branch 'ZL' into dev

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java

@@ -9,10 +9,12 @@ import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.apache.shiro.subject.Subject;
 import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.aspect.annotation.PermissionData;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.constant.SymbolConstant;
 import org.jeecg.common.exception.JeecgBootException;
 import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.IpUtils;
 import org.jeecg.common.util.Md5Util;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
@@ -95,27 +97,16 @@ public class SysPermissionController {
 	 *
 	 * @return
 	 */
-	//@RequiresPermissions("system:permission:list")
-	@RequestMapping(value = "/list", method = RequestMethod.GET)
+	@RequiresPermissions("system:permission:list")
+	@RequestMapping(value = "/sqlList", method = RequestMethod.GET)
+	@PermissionData
 	public Result<List<SysPermissionTree>> list(SysPermission sysPermission, HttpServletRequest req) {
         long start = System.currentTimeMillis();
 		Result<List<SysPermissionTree>> result = new Result<>();
 		try {
-//			LambdaQueryWrapper<SysPermission> query = new LambdaQueryWrapper<SysPermission>();
-//			query.eq(SysPermission::getDelFlag, CommonConstant.DEL_FLAG_0);
-//			query.orderByAsc(SysPermission::getSortNo);
-//
-//			//支持通过菜单名字，模糊查询
-//			if(oConvertUtils.isNotEmpty(sysPermission.getName())){
-//				query.like(SysPermission::getName, sysPermission.getName());
-//			}
-//			//通过应用id条件查询
-//			if(oConvertUtils.isNotEmpty(sysPermission.getAppId())){
-//				query.eq(SysPermission::getAppId, sysPermission.getAppId());
-//			}
-//			List<SysPermission> list = sysPermissionService.list(query);
 			sysPermission.setDelFlag(CommonConstant.DEL_FLAG_0);
-			List<SysPermission> list = sysPermissionService.listAndAppName(sysPermission);
+//			List<SysPermission> list = sysPermissionService.listAndAppName(sysPermission);
+			List<SysPermission> list = sysPermissionService.listAndAppNameWithPermission(sysPermission);
 			List<SysPermissionTree> treeList = new ArrayList<>();
 
 			//如果有菜单名查询条件，则平铺数据 不做上下级
@@ -149,17 +140,13 @@ public class SysPermissionController {
 		sysPermission.setAppId(appId);
 		sysPermission.setBusiness(business);
 		sysPermission.setPermission(permission);
-		System.out.println(type);
-		System.out.println(sysPermission);
 
 		try{
 			List<SysPermissionReportVO> list = new ArrayList<>();
 			if("role".equals(type)){
 				 list = sysPermissionService.reportRole(sysPermission);
-				System.out.println(list);
 			}else {
 				list = sysPermissionService.reportUser(sysPermission);
-				System.out.println(list);
 			}
 
 			result.setResult(list);
@@ -816,7 +803,12 @@ public class SysPermissionController {
 						.eq(SysUserPermission::getUserId,userId);
 				SysUserPermission sysUserPermission = sysUserPermissionService.getOne(query);
 				if(sysUserPermission ==null) {
-					return Result.error("请先保存用户菜单权限!");
+					String permission= sysUserPermissionService.getOneByUserId(userId, permissionId);
+					if (permission == null){
+						return Result.error("请先保存用户菜单权限!");
+					}
+					SysUserPermission newUserPermission = new SysUserPermission(userId, permissionId).setDataRuleIds(dataRuleIds).setOperateDate(new Date());
+					sysUserPermissionService.save(newUserPermission);
 				}else {
 					sysUserPermission.setDataRuleIds(dataRuleIds);
 					this.sysUserPermissionService.updateById(sysUserPermission);

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java

@@ -18,6 +18,7 @@ import cn.hutool.core.util.RandomUtil;
 import com.baomidou.mybatisplus.extension.plugins.pagination.PageDTO;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.jeecg.common.api.vo.Result;
+import org.jeecg.common.aspect.annotation.PermissionData;
 import org.jeecg.common.base.BaseMap;
 import org.jeecg.common.config.TenantContext;
 import org.jeecg.common.constant.CommonConstant;
@@ -113,6 +114,32 @@ public class SysRoleController {
 		result.setResult(pageList);
 		return result;
 	}
+	/**
+	 * 分页列表查询 【系统角色，通过应用隔离】
+	 * @param role
+	 * @param pageNo
+	 * @param pageSize
+	 * @param req
+	 * @return
+	 */
+	@RequiresPermissions("system:role:list")
+	@PermissionData
+	@RequestMapping(value = "/listByApp", method = RequestMethod.GET)
+	public Result<IPage<SysRole>> listByApp(SysRole role,
+												@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
+												@RequestParam(name="pageSize", defaultValue="10") Integer pageSize,
+												HttpServletRequest req) {
+		Result<IPage<SysRole>> result = new Result<IPage<SysRole>>();
+		QueryWrapper<SysRole> queryWrapper = QueryGenerator.initQueryWrapper(role, req.getParameterMap());
+		String s = QueryGenerator.installAuthJdbc(SysRole.class);
+		queryWrapper.orderByDesc("create_time");
+		Page<SysRole> page = new Page<SysRole>(pageNo, pageSize);
+		IPage<SysRole> pageList = sysRoleService.page(page, queryWrapper);
+
+		result.setSuccess(true);
+		result.setResult(pageList);
+		return result;
+	}
 	
 	/**
 	 * 分页列表查询【租户角色，做租户隔离】

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/SysPermissionMapper.java

@@ -28,6 +28,7 @@ public interface SysPermissionMapper extends BaseMapper<SysPermission> {
 	 */
 	public List<TreeModel> queryListByParentId(@Param("parentId") String parentId);
 	public List<SysPermission> listAndAppName( SysPermission sysPermission) ;
+	public List<SysPermission> listAndAppNameWithPermission( @Param("permission")SysPermission sysPermission,@Param("permissionSql")String permissionSql);
 	public List<AppBaseInfo> appList();
 	/**
 	 * 根据用户查询用户权限

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/SysUserPermissionMapper.java

@@ -20,4 +20,6 @@ public interface SysUserPermissionMapper extends BaseMapper<SysUserPermission> {
      * @return List<SysPermission>
      */
     public List<String> listByUser(@Param("userId") String userId);
+
+    String getOneByUserId(@Param("userId")String userId, @Param("permissionId")String permissionId);
 }

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysPermissionMapper.xml

@@ -80,6 +80,50 @@
 			ORDER BY p.sort_no ASC
 
 
+	</select>
+
+	<!--查询权限列表并添加app名称(数据权限）-->
+	<select id="listAndAppNameWithPermission" parameterType="Object"  resultMap="SysPermission">
+		SELECT  p.id,
+		p.parent_id,
+		p.name,
+		p.app_id,
+		p.url,
+		p.component,
+		p.is_route ,
+		p.component_name,
+		p.redirect,
+		p.menu_type,
+		p.perms,
+		p.perms_type,
+		p.sort_no,
+		p.always_show,
+		p.icon,
+		p.is_leaf,
+		p.keep_alive,
+		p.hidden,
+		p.hide_tab,
+		p.rule_flag,
+		p.status,
+		p.internal_or_external,
+		sa.name AS app_name
+		FROM
+		sys_permission p
+		INNER JOIN
+		app_base_info sa ON p.app_id = sa.id
+		WHERE p.del_flag = #{permission.delFlag}
+		<if test="permissionSql !=null and permissionSql != ''">
+			${permissionSql}
+		</if>
+		<if test="permission.name !=null and permission.name != ''">
+			AND p.name LIKE CONCAT('%', #{permission.name},'%')
+		</if>
+		<if test="permission.appId !=null and permission.appId != ''">
+			AND ( p.app_id = #{permission.appId})
+		</if>
+		ORDER BY p.sort_no ASC
+
+
 	</select>
 	
 	<select id="queryListByParentId" parameterType="Object"  resultMap="TreeModel">

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysUserPermissionMapper.xml

@@ -21,4 +21,26 @@
             WHERE up.user_id =#{userId}
         </if>
     </select>
+
+    <select id="getOneByUserId" parameterType="map" resultType="java.lang.String">
+        SELECT
+            permission_id
+        FROM
+            sys_user_permission
+        WHERE
+            user_id = #{userId}
+          AND permission_id = #{permissionId}
+
+        UNION
+        SELECT
+            rp.permission_id
+        FROM
+            sys_user_role ur
+                LEFT JOIN sys_role_permission rp ON ur.role_id = rp.role_id
+        WHERE
+            ur.user_id = #{userId}
+          AND rp.permission_id = #{permissionId}
+
+    </select>
+
 </mapper>

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysPermissionService.java

@@ -31,6 +31,7 @@ public interface ISysPermissionService extends IService<SysPermission> {
 	public List<TreeModel> queryListByParentId(String parentId);
 //	public List<SysPermission> joinList(MPJLambdaWrapper<SysPermission> querywrapper);
 	public List<SysPermission> listAndAppName( SysPermission sysPermission);
+	public List<SysPermission> listAndAppNameWithPermission( SysPermission sysPermission);
 	public List<AppBaseInfo> appList();
 	/**
      * 真实删除

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/ISysUserPermissionService.java

@@ -29,4 +29,6 @@ public interface ISysUserPermissionService extends IService<SysUserPermission> {
      * @param lastPermissionIds
      */
     public void saveUserPermission(String userId,String permissionIds,String lastPermissionIds);
+
+    String getOneByUserId(String userId, String permissionId);
 }

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysPermissionServiceImpl.java

@@ -6,6 +6,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.jeecg.common.constant.CacheConstant;
 import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.exception.JeecgBootException;
+import org.jeecg.common.system.query.QueryGenerator;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
 import org.jeecg.modules.system.entity.AppmanageEntity.AppBaseInfo;
@@ -29,6 +30,8 @@ import org.springframework.transaction.annotation.Transactional;
 
 import javax.annotation.Resource;
 import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * <p>
@@ -76,7 +79,26 @@ public class SysPermissionServiceImpl extends ServiceImpl<SysPermissionMapper, S
 	public List<SysPermission> listAndAppName( SysPermission sysPermission) {
 		return sysPermissionMapper.listAndAppName(sysPermission);
 	}
-
+	public List<SysPermission> listAndAppNameWithPermission( SysPermission sysPermission) {
+		String sql = QueryGenerator.installAuthJdbc(SysPermission.class);
+		//处理sql格式，避免注入风险
+		//只对应用进行数据隔离
+		if (sql!= null){
+			String modifiedSql = modifySql(sql);
+			sql = modifiedSql;
+		}
+		return sysPermissionMapper.listAndAppNameWithPermission(sysPermission,sql);
+	}
+	public static String modifySql(String sql) {
+		String regex ="(?i)\\s+AND\\s+";
+		String modiSQL = "";
+		for (String s : sql.split(regex)) {
+			if(s.trim()!=""){
+				modiSQL += " AND p."+s.trim();
+			}
+		}
+		return modiSQL;
+	}
 	@Override
 	public List<AppBaseInfo> appList() {
 		return sysPermissionMapper.appList();

jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserPermissionServiceImpl.java

@@ -119,4 +119,8 @@ public class SysUserPermissionServiceImpl extends ServiceImpl<SysUserPermissionM
         return res;
     }
 
+    @Override
+    public String getOneByUserId(String userId, String permissionId) {
+        return sysUserPermissionMapper.getOneByUserId(userId,permissionId);
+    }
 }

jeecgboot-vue3/src/views/system/menu/menu/menu.api.ts

@@ -2,7 +2,7 @@ import { defHttp } from '/@/utils/http/axios';
 import { Modal } from 'ant-design-vue';
 
 enum Api {
-  list = '/sys/permission/list',
+  list = '/sys/permission/sqlList',
   save = '/sys/permission/add',
   edit = '/sys/permission/edit',
   delete = '/sys/permission/delete',

jeecgboot-vue3/src/views/system/role/index.vue

@@ -46,6 +46,7 @@ import RoleIndexModal from './components/RoleIndexModal.vue';
 import RoleUserTable from './components/RoleUserTable.vue';
 import { columns, searchFormSchema } from './role.data';
 import { list, deleteRole, batchDeleteRole, getExportUrl, getImportUrl } from './role.api';
+import { appList } from '../menu/menu/menu.api';
 import { useListPage } from '/@/hooks/system/useListPage';
 const showFooter = ref(true);
 const [roleUserDrawer, { openDrawer: openRoleUserDrawer }] = useDrawer();
@@ -76,6 +77,15 @@ const { prefixCls, tableContext, onImportXls, onExportXls } = useListPage({
       column: 'createTime',
       order: 'desc',
     },
+    afterFetch: async (record) => {
+      const app = await appList();
+      record.forEach((item) => {
+        // 获取当前角色的appName
+        const rightApp = app.find((m) => m.id === item.appId);
+        item.appName = rightApp ? rightApp.name : '';
+      });
+      return record;
+    },
   },
   exportConfig: {
     name: '角色列表',

jeecgboot-vue3/src/views/system/role/role.api.ts

@@ -2,7 +2,7 @@ import { defHttp } from '/@/utils/http/axios';
 import { Modal } from 'ant-design-vue';
 
 enum Api {
-  list = '/sys/role/list',
+  list = '/sys/role/listByApp',
   listByTenant = '/sys/role/listByTenant',
   save = '/sys/role/add',
   edit = '/sys/role/edit',