feat(role): 实现角色管理及权限功能

- 新增角色实体及相关服务接口和实现类，支持角色的增删改查
- 实现角色菜单权限及按钮权限的数据库查询和授权控制
- 完善角色控制器服务，支持角色授权及查询当前用户可见角色
- 支持超级管理员权限绕过，普通角色权限基于用户所拥有角色限制菜单节点展示
- 新增角色Mapper XML，包含角色搜索及角色关联菜单查询SQL
- 新增角色相关常量定义，统一管理角色相关字符串常量
- 用户管理新增通过LDAP批量添加用户功能，支持LDAP用户信息同步
- 用户查询增加根据创建人ID过滤，限制非超级管理员只能查询自身创建用户
- 优化用户新增LDAP用户时部门的自动匹配和验证逻辑
- 在菜单权限获取及授权接口中新增对用户角色和用户权限校验逻辑，保证数据权限安全
- 多处新增事务控制，保证数据一致性及错误回滚机制

nflg-wms-admin/src/main/java/com/nflg/wms/admin/controller/UserController.java

@@ -1,5 +1,6 @@
 package com.nflg.wms.admin.controller;
 
+import com.nflg.wms.admin.pojo.request.UserAddLdapQO;
 import com.nflg.wms.admin.service.LDAPControllerService;
 import com.nflg.wms.admin.service.UserControllerService;
 import com.nflg.wms.common.pojo.ApiResult;
@@ -14,6 +15,7 @@ import com.nflg.wms.starter.BaseController;
 import jakarta.annotation.Resource;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import org.springframework.web.bind.annotation.*;
 
@@ -159,4 +161,13 @@ public class UserController extends BaseController {
     public ApiResult<List<LdapUserDTO>> getLdapUsers(@RequestParam Long ldapId, @RequestParam String distinguishedName){
         return ApiResult.success(ldapControllerService.getUsers(ldapId,distinguishedName));
     }
+
+    /**
+     * 从LDAP添加用户
+     */
+    @PostMapping("addLdapUser")
+    public ApiResult<Void> addLdapUser(@Valid @RequestBody @NotEmpty List<UserAddLdapQO> users) {
+        userControllerService.addLdapUsers(users);
+        return ApiResult.success();
+    }
 }

nflg-wms-admin/src/main/java/com/nflg/wms/admin/pojo/request/UserAddLdapQO.java

@@ -0,0 +1,44 @@
+package com.nflg.wms.admin.pojo.request;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import lombok.Data;
+
+@Data
+public class UserAddLdapQO {
+
+    /**
+     * 用户名
+     */
+    @NotBlank
+    private String name;
+
+    /**
+     * ad表id
+     */
+    @NotNull
+    private Long ldapId;
+
+    /**
+     * 用户工号
+     */
+    @NotBlank
+    private String userCode;
+
+    /**
+     * 用户DN
+     */
+    @NotBlank
+    private String distinguishedName;
+
+    /**
+     * 部门DN
+     */
+    @JsonIgnore
+    private String departmentDistinguishedName;
+
+    public String getDepartmentDistinguishedName() {
+        return distinguishedName.substring(distinguishedName.indexOf(",") + 1);
+    }
+}

nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/RoleControllerService.java

@@ -3,6 +3,7 @@ package com.nflg.wms.admin.service;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.github.promeg.pinyinhelper.Pinyin;
+import com.nflg.wms.common.constant.Constant;
 import com.nflg.wms.common.pojo.qo.*;
 import com.nflg.wms.common.pojo.vo.RoleVO;
 import com.nflg.wms.common.pojo.vo.UserVO;
@@ -36,10 +37,10 @@ public class RoleControllerService {
     private IUserRoleMapService userRoleMapService;
 
     public void addRole(RoleAddQO request) {
-        if (StrUtil.isBlank(request.getCode())){
+        if (StrUtil.isBlank(request.getCode())) {
             request.setCode(toPinYin(request.getName()));
         }
-        roleService.add(request, UserUtil.getUserName());
+        roleService.add(request, UserUtil.getUserId(), UserUtil.getUserName());
     }
 
     public void updateRole(RoleUpdateQO request) {
@@ -48,6 +49,9 @@ public class RoleControllerService {
     }
 
     public IPage<RoleVO> searchRoles(RoleSearchQO request) {
+        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+            request.setUserId(UserUtil.getUserId());
+        }
         return roleService.search(request);
     }
 
@@ -68,7 +72,7 @@ public class RoleControllerService {
         return userRoleMapService.getAuthorizeUser(roleId);
     }
 
-    private String toPinYin(String str){
+    private String toPinYin(String str) {
         StringBuilder pinyin = new StringBuilder();
         for (char c : str.toCharArray()) {
             if (Pinyin.isChinese(c)) {

nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java

@@ -8,6 +8,7 @@ import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.nflg.wms.admin.pojo.request.UserAddLdapQO;
 import com.nflg.wms.common.constant.Constant;
 import com.nflg.wms.common.constant.STATE;
 import com.nflg.wms.common.exception.NflgException;
@@ -183,6 +184,9 @@ public class UserControllerService {
         if (Objects.nonNull(request.getDeptId())) {
             request.setDeptIds(deptService.getWithChildren(request.getDeptId()));
         }
+        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+            request.setCreateById(UserUtil.getUserId());
+        }
         IPage<UserVO> pu = uService.search(request);
         pu.getRecords().forEach(userVO -> userVO.setRoles(userRoleMapService.getAuthorizeRole(userVO.getId())));
         return pu;
@@ -763,4 +767,40 @@ public class UserControllerService {
                 .addSheet(new ListSheet<>(datas))
                 .writeTo(response.getOutputStream());
     }
+
+    @Transactional
+    public void addLdapUsers(List<UserAddLdapQO> ldapUsers) {
+        List<User> users = new ArrayList<>();
+        List<UserInterior> userInteriors = new ArrayList<>();
+        List<Department> departments = deptService.lambdaQuery()
+                .eq(Department::getSource, 1)
+                .in(Department::getSourceId, ldapUsers.stream().map(UserAddLdapQO::getDepartmentDistinguishedName).collect(Collectors.toSet()))
+                .list();
+        ldapUsers.forEach(userAddLdapQO -> {
+            Department department = departments.stream()
+                    .filter(it -> it.getSourceId().equals(userAddLdapQO.getDepartmentDistinguishedName()))
+                    .findFirst()
+                    .orElse(null);
+            VUtil.trueThrowBusinessError(Objects.isNull(department)).throwMessage("部门不存在");
+            User user = new User()
+                    .setId(IdUtil.getSnowflakeNextId())
+                    .setUserCode(userAddLdapQO.getUserCode())
+                    .setUserName(userAddLdapQO.getName())
+                    .setEnableMustResetPwd(false)
+                    .setMustResetPwd(false)
+                    .setSource(1)
+                    .setSourceId(userAddLdapQO.getDistinguishedName())
+                    .setRemark("LDAP用户")
+                    .setLanguageCode(Constant.DEFAULT_LANGUAGE_CODE)
+                    .setCreateBy(UserUtil.getUserName())
+                    .setCreateTime(LocalDateTime.now());
+            users.add(user);
+            userInteriors.add(new UserInterior()
+                    .setUserId(user.getId())
+                    .setDeptId(department.getId())
+            );
+        });
+        uService.saveBatch(users);
+        userInteriorService.saveBatch(userInteriors);
+    }
 }

nflg-wms-common/src/main/java/com/nflg/wms/common/constant/Constant.java

@@ -33,4 +33,6 @@ public class Constant {
     public static String DICTIONARY_SUPPLIERS_CATEGORY = "SuppliersCategory";
 
     public static String LOGIN_EXTRA_PURCHASING_GROUP = "purchasing_group";
+
+    public static String SUPER_ADMIN = "SuperAdmin";
 }

nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/RoleSearchQO.java

@@ -1,5 +1,6 @@
 package com.nflg.wms.common.pojo.qo;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 
@@ -8,4 +9,7 @@ import lombok.EqualsAndHashCode;
 public class RoleSearchQO extends PageQO{
 
     private String name;
+
+    @JsonIgnore
+    private Long userId;
 }

nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java

@@ -28,4 +28,7 @@ public class UserSearchQO extends SearchBaseQO {
      */
     @JsonIgnore
     private Set<Long> deptIds;
+
+    @JsonIgnore
+    private Long createById;
 }

nflg-wms-repository/src/main/java/com/nflg/wms/repository/entity/Role.java

@@ -2,12 +2,13 @@ package com.nflg.wms.repository.entity;
 
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
-import java.io.Serializable;
-import java.time.LocalDateTime;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.experimental.Accessors;
 
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
 /**
  * <p>
  * 角色
@@ -41,6 +42,16 @@ public class Role implements Serializable {
      */
     private Boolean enable;
 
+    /**
+     * 类型，0：普通角色；1：业务管理员
+     */
+    private Integer type;
+
+    /**
+     * 创建人ID
+     */
+    private Long createById;
+
     /**
      * 创建人
      */

nflg-wms-repository/src/main/java/com/nflg/wms/repository/entity/User.java

@@ -59,6 +59,11 @@ public class User implements Serializable {
      */
     private Integer state;
 
+    /**
+     * 创建人ID
+     */
+    private Long createById;
+
     /**
      * 创建人
      */

nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/IRoleService.java

@@ -9,9 +9,6 @@ import com.nflg.wms.common.pojo.qo.RoleUpdateQO;
 import com.nflg.wms.common.pojo.vo.MenuVO;
 import com.nflg.wms.common.pojo.vo.RoleVO;
 import com.nflg.wms.repository.entity.Role;
-import jakarta.validation.Valid;
-import jakarta.validation.constraints.NotBlank;
-import jakarta.validation.constraints.NotNull;
 
 import java.util.List;
 
@@ -25,13 +22,13 @@ import java.util.List;
  */
 public interface IRoleService extends IService<Role> {
 
-    void add(@Valid RoleAddQO request,@NotBlank String userName);
+    void add(RoleAddQO request,Long userId,String userName);
 
-    void update(@Valid RoleUpdateQO request, @NotBlank String userName);
+    void update(RoleUpdateQO request, String userName);
 
-    IPage<RoleVO> search(@Valid RoleSearchQO request);
+    IPage<RoleVO> search(RoleSearchQO request);
 
-    void enable(@Valid EnableQO request, String userName);
+    void enable(EnableQO request, String userName);
 
-    List<MenuVO> getMenusByRoleCodes(@Valid @NotNull Long serviceId, Long userId);
+    List<MenuVO> getMenusByRoleCodes(Long serviceId, Long userId);
 }

nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/MenuServiceImpl.java

@@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.nflg.wms.common.constant.Constant;
 import com.nflg.wms.common.pojo.qo.EnableMenuQO;
 import com.nflg.wms.common.pojo.qo.MenuAddQO;
 import com.nflg.wms.common.pojo.qo.MenuSearchQO;
@@ -14,15 +15,15 @@ import com.nflg.wms.common.pojo.qo.MenuUpdateQO;
 import com.nflg.wms.common.pojo.vo.ButtonVO;
 import com.nflg.wms.common.pojo.vo.MenuAuthorizeVO;
 import com.nflg.wms.common.pojo.vo.MenuVO;
+import com.nflg.wms.common.pojo.vo.RoleVO;
 import com.nflg.wms.common.util.UserUtil;
 import com.nflg.wms.common.util.VUtil;
 import com.nflg.wms.repository.entity.Menu;
 import com.nflg.wms.repository.entity.MenuButton;
 import com.nflg.wms.repository.entity.RoleButtonMap;
+import com.nflg.wms.repository.entity.RoleMenuMap;
 import com.nflg.wms.repository.mapper.MenuMapper;
-import com.nflg.wms.repository.service.IMenuButtonService;
+import com.nflg.wms.repository.service.*;
-import com.nflg.wms.repository.service.IMenuService;
-import com.nflg.wms.repository.service.IRoleButtonMapService;
 import jakarta.annotation.Resource;
 import org.springframework.stereotype.Service;
 
@@ -47,6 +48,12 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements IM
     @Resource
     private IRoleButtonMapService roleButtonMapService;
 
+    @Resource
+    private IUserRoleMapService userRoleMapService;
+
+    @Resource
+    private IRoleMenuMapService roleMenuMapService;
+
     @Override
     public List<MenuAuthorizeVO> getMenuForAuthorize(Long roleId) {
         List<Menu> datas = lambdaQuery()
@@ -63,6 +70,16 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements IM
     @Override
     public List<MenuAuthorizeVO> getNodeForAuthorize(Long roleId) {
         List<MenuAuthorizeVO> nodes = baseMapper.getAllDataForAuthorize(roleId);
+        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)){
+            List<RoleVO> userRoles=userRoleMapService.getRoleList(UserUtil.getUserId());
+            List<Long> menuIds =roleMenuMapService.lambdaQuery()
+                    .in(RoleMenuMap::getRoleId, userRoles.stream().map(RoleVO::getId).collect(Collectors.toList()))
+                    .list()
+                    .stream()
+                    .map(RoleMenuMap::getMenuId)
+                    .toList();
+            nodes.removeIf(v -> !menuIds.contains(v.getId()));
+        }
         List<MenuAuthorizeVO> rootNodes = nodes.stream().filter(v ->
                 v.getType() == 1 && v.getParentId() == 0
         ).toList();

nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/RoleServiceImpl.java

@@ -9,7 +9,6 @@ import com.nflg.wms.common.pojo.qo.RoleSearchQO;
 import com.nflg.wms.common.pojo.qo.RoleUpdateQO;
 import com.nflg.wms.common.pojo.vo.MenuVO;
 import com.nflg.wms.common.pojo.vo.RoleVO;
-import com.nflg.wms.common.util.BeanUtil;
 import com.nflg.wms.common.util.VUtil;
 import com.nflg.wms.repository.entity.Menu;
 import com.nflg.wms.repository.entity.Role;
@@ -45,11 +44,12 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements IR
 
     @Transactional
     @Override
-    public void add(RoleAddQO request, String userName) {
+    public void add(RoleAddQO request,Long userId, String userName) {
         Role role = new Role()
                 .setCode(request.getCode())
                 .setName(request.getName())
                 .setEnable(request.getEnable())
+                .setCreateById(userId)
                 .setCreateBy(userName)
                 .setCreateTime(LocalDateTime.now());
         save(role);

nflg-wms-repository/src/main/resources/mapper/MenuMapper.xml

@@ -22,24 +22,14 @@
     </select>
 
     <select id="getAllDataForAuthorize" resultType="com.nflg.wms.common.pojo.vo.MenuAuthorizeVO">
-        select id,
+        select id,parent_id,"name",CONCAT('menu-', id) as key,sort,1 as type
-               parent_id,
+                 ,case when b.menu_id is null then false else true end as selected
-               "name",
-               CONCAT('menu-', id)                                  as key,
-               sort,
-               1                                                   as type,
-               case when b.menu_id is null then false else true end as selected
         from menu a
         left join (select menu_id from role_menu_map where role_id = #{roleId}) b on a.id = b.menu_id
         where "enable" = true
         UNION
-        select id,
+        select id,menu_id,"name",CONCAT('button-', id) as key,sort,2 as type
-               menu_id,
+                 ,case when b.button_id is null then false else true end as selected
-               "name",
-               CONCAT('button-', id)                                  as key,
-               sort,
-               2                                                      as type,
-               case when b.button_id is null then false else true end as selected
         from menu_button a
         left join (select button_id from role_button_map where role_id = #{roleId}) b on a.id = b.button_id
         where "enable" = true

nflg-wms-repository/src/main/resources/mapper/RoleMapper.xml

@@ -6,6 +6,9 @@
         SELECT *
         FROM role
         <where>
+            <if test="request.userId != null">
+                AND create_by_id = #{request.userId}
+            </if>
             <if test="request.name != null and request.name != ''">
                 AND name ilike CONCAT('%',#{request.name},'%')
             </if>

nflg-wms-repository/src/main/resources/mapper/UserMapper.xml

@@ -14,6 +14,9 @@
         select vu.*
         from v_user_interior vu
         <where>
+            <if test="request.createById != null">
+                and vu.create_by_id = #{request.createById}
+            </if>
             <if test="request.deptIds!=null">
                 and vu.dept_id in
                 <foreach item="item" collection="request.deptIds" separator="," close=")" open="(">