feat(role): 实现角色管理及权限功能

- 新增角色实体及相关服务接口和实现类，支持角色的增删改查 - 实现角色菜单权限及按钮权限的数据库查询和授权控制 - 完善角色控制器服务，支持角色授权及查询当前用户可见角色 - 支持超级管理员权限绕过，普通角色权限基于用户所拥有角色限制菜单节点展示 - 新增角色Mapper XML，包含角色搜索及角色关联菜单查询SQL - 新增角色相关常量定义，统一管理角色相关字符串常量 - 用户管理新增通过LDAP批量添加用户功能，支持LDAP用户信息同步 - 用户查询增加根据创建人ID过滤，限制非超级管理员只能查询自身创建用户 - 优化用户新增LDAP用户时部门的自动匹配和验证逻辑 - 在菜单权限获取及授权接口中新增对用户角色和用户权限校验逻辑，保证数据权限安全 - 多处新增事务控制，保证数据一致性及错误回滚机制
2026-04-08 18:53:30 +08:00 · 2026-04-08 18:53:30 +08:00 · f336cf7ae6
parent 143d6b6146
commit f336cf7ae6
15 changed files with 168 additions and 34 deletions
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/controller/UserController.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/controller/UserController.java
@ -1,5 +1,6 @@
 package com.nflg.wms.admin.controller;

+import com.nflg.wms.admin.pojo.request.UserAddLdapQO;
 import com.nflg.wms.admin.service.LDAPControllerService;
 import com.nflg.wms.admin.service.UserControllerService;
 import com.nflg.wms.common.pojo.ApiResult;
@ -14,6 +15,7 @@ import com.nflg.wms.starter.BaseController;
 import jakarta.annotation.Resource;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
 import org.springframework.web.bind.annotation.*;

@ -159,4 +161,13 @@ public class UserController extends BaseController {
    public ApiResult<List<LdapUserDTO>> getLdapUsers(@RequestParam Long ldapId, @RequestParam String distinguishedName){
        return ApiResult.success(ldapControllerService.getUsers(ldapId,distinguishedName));
    }
+
+    /**
+     * 从LDAP添加用户
+     */
+    @PostMapping("addLdapUser")
+    public ApiResult<Void> addLdapUser(@Valid @RequestBody @NotEmpty List<UserAddLdapQO> users) {
+        userControllerService.addLdapUsers(users);
+        return ApiResult.success();
+    }
 }
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/pojo/request/UserAddLdapQO.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/pojo/request/UserAddLdapQO.java
@ -0,0 +1,44 @@
+package com.nflg.wms.admin.pojo.request;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import lombok.Data;
+
+@Data
+public class UserAddLdapQO {
+
+    /**
+     * 用户名
+     */
+    @NotBlank
+    private String name;
+
+    /**
+     * ad表id
+     */
+    @NotNull
+    private Long ldapId;
+
+    /**
+     * 用户工号
+     */
+    @NotBlank
+    private String userCode;
+
+    /**
+     * 用户DN
+     */
+    @NotBlank
+    private String distinguishedName;
+
+    /**
+     * 部门DN
+     */
+    @JsonIgnore
+    private String departmentDistinguishedName;
+
+    public String getDepartmentDistinguishedName() {
+        return distinguishedName.substring(distinguishedName.indexOf(",") + 1);
+    }
+}
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/RoleControllerService.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/RoleControllerService.java
@ -3,6 +3,7 @@ package com.nflg.wms.admin.service;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.github.promeg.pinyinhelper.Pinyin;
+import com.nflg.wms.common.constant.Constant;
 import com.nflg.wms.common.pojo.qo.*;
 import com.nflg.wms.common.pojo.vo.RoleVO;
 import com.nflg.wms.common.pojo.vo.UserVO;
@ -36,10 +37,10 @@ public class RoleControllerService {
    private IUserRoleMapService userRoleMapService;

    public void addRole(RoleAddQO request) {
-        if (StrUtil.isBlank(request.getCode())){
+        if (StrUtil.isBlank(request.getCode())) {
            request.setCode(toPinYin(request.getName()));
        }
-        roleService.add(request, UserUtil.getUserName());
+        roleService.add(request, UserUtil.getUserId(), UserUtil.getUserName());
    }

    public void updateRole(RoleUpdateQO request) {
@ -48,6 +49,9 @@ public class RoleControllerService {
    }

    public IPage<RoleVO> searchRoles(RoleSearchQO request) {
+        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+            request.setUserId(UserUtil.getUserId());
+        }
        return roleService.search(request);
    }

@ -68,7 +72,7 @@ public class RoleControllerService {
        return userRoleMapService.getAuthorizeUser(roleId);
    }

-    private String toPinYin(String str){
+    private String toPinYin(String str) {
        StringBuilder pinyin = new StringBuilder();
        for (char c : str.toCharArray()) {
            if (Pinyin.isChinese(c)) {
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
@ -8,6 +8,7 @@ import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.nflg.wms.admin.pojo.request.UserAddLdapQO;
 import com.nflg.wms.common.constant.Constant;
 import com.nflg.wms.common.constant.STATE;
 import com.nflg.wms.common.exception.NflgException;
@ -183,6 +184,9 @@ public class UserControllerService {
        if (Objects.nonNull(request.getDeptId())) {
            request.setDeptIds(deptService.getWithChildren(request.getDeptId()));
        }
+        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+            request.setCreateById(UserUtil.getUserId());
+        }
        IPage<UserVO> pu = uService.search(request);
        pu.getRecords().forEach(userVO -> userVO.setRoles(userRoleMapService.getAuthorizeRole(userVO.getId())));
        return pu;
@ -763,4 +767,40 @@ public class UserControllerService {
                .addSheet(new ListSheet<>(datas))
                .writeTo(response.getOutputStream());
    }
+
+    @Transactional
+    public void addLdapUsers(List<UserAddLdapQO> ldapUsers) {
+        List<User> users = new ArrayList<>();
+        List<UserInterior> userInteriors = new ArrayList<>();
+        List<Department> departments = deptService.lambdaQuery()
+                .eq(Department::getSource, 1)
+                .in(Department::getSourceId, ldapUsers.stream().map(UserAddLdapQO::getDepartmentDistinguishedName).collect(Collectors.toSet()))
+                .list();
+        ldapUsers.forEach(userAddLdapQO -> {
+            Department department = departments.stream()
+                    .filter(it -> it.getSourceId().equals(userAddLdapQO.getDepartmentDistinguishedName()))
+                    .findFirst()
+                    .orElse(null);
+            VUtil.trueThrowBusinessError(Objects.isNull(department)).throwMessage("部门不存在");
+            User user = new User()
+                    .setId(IdUtil.getSnowflakeNextId())
+                    .setUserCode(userAddLdapQO.getUserCode())
+                    .setUserName(userAddLdapQO.getName())
+                    .setEnableMustResetPwd(false)
+                    .setMustResetPwd(false)
+                    .setSource(1)
+                    .setSourceId(userAddLdapQO.getDistinguishedName())
+                    .setRemark("LDAP用户")
+                    .setLanguageCode(Constant.DEFAULT_LANGUAGE_CODE)
+                    .setCreateBy(UserUtil.getUserName())
+                    .setCreateTime(LocalDateTime.now());
+            users.add(user);
+            userInteriors.add(new UserInterior()
+                    .setUserId(user.getId())
+                    .setDeptId(department.getId())
+            );
+        });
+        uService.saveBatch(users);
+        userInteriorService.saveBatch(userInteriors);
+    }
 }
--- a/nflg-wms-common/src/main/java/com/nflg/wms/common/constant/Constant.java
+++ b/nflg-wms-common/src/main/java/com/nflg/wms/common/constant/Constant.java
@ -33,4 +33,6 @@ public class Constant {
    public static String DICTIONARY_SUPPLIERS_CATEGORY = "SuppliersCategory";

    public static String LOGIN_EXTRA_PURCHASING_GROUP = "purchasing_group";
+
+    public static String SUPER_ADMIN = "SuperAdmin";
 }
--- a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/RoleSearchQO.java
+++ b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/RoleSearchQO.java
@ -1,5 +1,6 @@
 package com.nflg.wms.common.pojo.qo;

+import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Data;
 import lombok.EqualsAndHashCode;

@ -8,4 +9,7 @@ import lombok.EqualsAndHashCode;
 public class RoleSearchQO extends PageQO{

    private String name;
+
+    @JsonIgnore
+    private Long userId;
 }
--- a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java
+++ b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java
@ -28,4 +28,7 @@ public class UserSearchQO extends SearchBaseQO {
     */
    @JsonIgnore
    private Set<Long> deptIds;
+
+    @JsonIgnore
+    private Long createById;
 }
--- a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/entity/Role.java
+++ b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/entity/Role.java
@ -2,12 +2,13 @@ package com.nflg.wms.repository.entity;

 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
-import java.io.Serializable;
-import java.time.LocalDateTime;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.experimental.Accessors;

+import java.io.Serializable;
+import java.time.LocalDateTime;
+
 /**
 * <p>
 * 角色
@ -41,6 +42,16 @@ public class Role implements Serializable {
     */
    private Boolean enable;

+    /**
+     * 类型，0：普通角色；1：业务管理员
+     */
+    private Integer type;
+
+    /**
+     * 创建人ID
+     */
+    private Long createById;
+
    /**
     * 创建人
     */
--- a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/entity/User.java
+++ b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/entity/User.java
@ -59,6 +59,11 @@ public class User implements Serializable {
     */
    private Integer state;

+    /**
+     * 创建人ID
+     */
+    private Long createById;
+
    /**
     * 创建人
     */
--- a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/IRoleService.java
+++ b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/IRoleService.java
@ -9,9 +9,6 @@ import com.nflg.wms.common.pojo.qo.RoleUpdateQO;
 import com.nflg.wms.common.pojo.vo.MenuVO;
 import com.nflg.wms.common.pojo.vo.RoleVO;
 import com.nflg.wms.repository.entity.Role;
-import jakarta.validation.Valid;
-import jakarta.validation.constraints.NotBlank;
-import jakarta.validation.constraints.NotNull;

 import java.util.List;

@ -25,13 +22,13 @@ import java.util.List;
 */
 public interface IRoleService extends IService<Role> {

-    void add(@Valid RoleAddQO request,@NotBlank String userName);
+    void add(RoleAddQO request,Long userId,String userName);

-    void update(@Valid RoleUpdateQO request, @NotBlank String userName);
+    void update(RoleUpdateQO request, String userName);

-    IPage<RoleVO> search(@Valid RoleSearchQO request);
+    IPage<RoleVO> search(RoleSearchQO request);

-    void enable(@Valid EnableQO request, String userName);
+    void enable(EnableQO request, String userName);

-    List<MenuVO> getMenusByRoleCodes(@Valid @NotNull Long serviceId, Long userId);
+    List<MenuVO> getMenusByRoleCodes(Long serviceId, Long userId);
 }
--- a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/MenuServiceImpl.java
+++ b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/MenuServiceImpl.java
@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.nflg.wms.common.constant.Constant;
 import com.nflg.wms.common.pojo.qo.EnableMenuQO;
 import com.nflg.wms.common.pojo.qo.MenuAddQO;
 import com.nflg.wms.common.pojo.qo.MenuSearchQO;
@ -14,15 +15,15 @@ import com.nflg.wms.common.pojo.qo.MenuUpdateQO;
 import com.nflg.wms.common.pojo.vo.ButtonVO;
 import com.nflg.wms.common.pojo.vo.MenuAuthorizeVO;
 import com.nflg.wms.common.pojo.vo.MenuVO;
+import com.nflg.wms.common.pojo.vo.RoleVO;
 import com.nflg.wms.common.util.UserUtil;
 import com.nflg.wms.common.util.VUtil;
 import com.nflg.wms.repository.entity.Menu;
 import com.nflg.wms.repository.entity.MenuButton;
 import com.nflg.wms.repository.entity.RoleButtonMap;
+import com.nflg.wms.repository.entity.RoleMenuMap;
 import com.nflg.wms.repository.mapper.MenuMapper;
-import com.nflg.wms.repository.service.IMenuButtonService;
-import com.nflg.wms.repository.service.IMenuService;
-import com.nflg.wms.repository.service.IRoleButtonMapService;
+import com.nflg.wms.repository.service.*;
 import jakarta.annotation.Resource;
 import org.springframework.stereotype.Service;

@ -47,6 +48,12 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements IM
    @Resource
    private IRoleButtonMapService roleButtonMapService;

+    @Resource
+    private IUserRoleMapService userRoleMapService;
+
+    @Resource
+    private IRoleMenuMapService roleMenuMapService;
+
    @Override
    public List<MenuAuthorizeVO> getMenuForAuthorize(Long roleId) {
        List<Menu> datas = lambdaQuery()
@ -63,6 +70,16 @@ public class MenuServiceImpl extends ServiceImpl<MenuMapper, Menu> implements IM
    @Override
    public List<MenuAuthorizeVO> getNodeForAuthorize(Long roleId) {
        List<MenuAuthorizeVO> nodes = baseMapper.getAllDataForAuthorize(roleId);
+        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)){
+            List<RoleVO> userRoles=userRoleMapService.getRoleList(UserUtil.getUserId());
+            List<Long> menuIds =roleMenuMapService.lambdaQuery()
+                    .in(RoleMenuMap::getRoleId, userRoles.stream().map(RoleVO::getId).collect(Collectors.toList()))
+                    .list()
+                    .stream()
+                    .map(RoleMenuMap::getMenuId)
+                    .toList();
+            nodes.removeIf(v -> !menuIds.contains(v.getId()));
+        }
        List<MenuAuthorizeVO> rootNodes = nodes.stream().filter(v ->
                v.getType() == 1 && v.getParentId() == 0
        ).toList();
--- a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/RoleServiceImpl.java
+++ b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/RoleServiceImpl.java
@ -9,7 +9,6 @@ import com.nflg.wms.common.pojo.qo.RoleSearchQO;
 import com.nflg.wms.common.pojo.qo.RoleUpdateQO;
 import com.nflg.wms.common.pojo.vo.MenuVO;
 import com.nflg.wms.common.pojo.vo.RoleVO;
-import com.nflg.wms.common.util.BeanUtil;
 import com.nflg.wms.common.util.VUtil;
 import com.nflg.wms.repository.entity.Menu;
 import com.nflg.wms.repository.entity.Role;
@ -45,11 +44,12 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements IR

    @Transactional
    @Override
-    public void add(RoleAddQO request, String userName) {
+    public void add(RoleAddQO request,Long userId, String userName) {
        Role role = new Role()
                .setCode(request.getCode())
                .setName(request.getName())
                .setEnable(request.getEnable())
+                .setCreateById(userId)
                .setCreateBy(userName)
                .setCreateTime(LocalDateTime.now());
        save(role);
--- a/nflg-wms-repository/src/main/resources/mapper/MenuMapper.xml
+++ b/nflg-wms-repository/src/main/resources/mapper/MenuMapper.xml
@ -22,26 +22,16 @@
    </select>

    <select id="getAllDataForAuthorize" resultType="com.nflg.wms.common.pojo.vo.MenuAuthorizeVO">
-        select id,
-               parent_id,
-               "name",
-               CONCAT('menu-', id)                                  as key,
-               sort,
-               1                                                   as type,
-               case when b.menu_id is null then false else true end as selected
+        select id,parent_id,"name",CONCAT('menu-', id) as key,sort,1 as type
+                 ,case when b.menu_id is null then false else true end as selected
        from menu a
-                 left join (select menu_id from role_menu_map where role_id = #{roleId}) b on a.id = b.menu_id
+        left join (select menu_id from role_menu_map where role_id = #{roleId}) b on a.id = b.menu_id
        where "enable" = true
        UNION
-        select id,
-               menu_id,
-               "name",
-               CONCAT('button-', id)                                  as key,
-               sort,
-               2                                                      as type,
-               case when b.button_id is null then false else true end as selected
+        select id,menu_id,"name",CONCAT('button-', id) as key,sort,2 as type
+                 ,case when b.button_id is null then false else true end as selected
        from menu_button a
-                 left join (select button_id from role_button_map where role_id = #{roleId}) b on a.id = b.button_id
+        left join (select button_id from role_button_map where role_id = #{roleId}) b on a.id = b.button_id
        where "enable" = true
        order by sort;
    </select>
--- a/nflg-wms-repository/src/main/resources/mapper/RoleMapper.xml
+++ b/nflg-wms-repository/src/main/resources/mapper/RoleMapper.xml
@ -6,6 +6,9 @@
        SELECT *
        FROM role
        <where>
+            <if test="request.userId != null">
+                AND create_by_id = #{request.userId}
+            </if>
            <if test="request.name != null and request.name != ''">
                AND name ilike CONCAT('%',#{request.name},'%')
            </if>
--- a/nflg-wms-repository/src/main/resources/mapper/UserMapper.xml
+++ b/nflg-wms-repository/src/main/resources/mapper/UserMapper.xml
@ -14,6 +14,9 @@
        select vu.*
        from v_user_interior vu
        <where>
+            <if test="request.createById != null">
+                and vu.create_by_id = #{request.createById}
+            </if>
            <if test="request.deptIds!=null">
                and vu.dept_id in
                <foreach item="item" collection="request.deptIds" separator="," close=")" open="(">