浏览代码

refactor: 角色仅仅用来做权限分配,不做登录

wuwenyi 2 周之前
父节点
当前提交
28e1605d25

+ 1 - 3
src/main/java/com/qqflow/engine/common/constant/SecurityConstants.java

@@ -9,9 +9,7 @@ public final class SecurityConstants {
     }
 
     public static final String USER_TYPE_SYSTEM = "SYSTEM";
-    public static final String USER_TYPE_ROLE = "ROLE";
-
-    public static final String LOGIN_TYPE_ROLE = "ROLE";
+    public static final String USER_TYPE_ROLE = "ROLE"; // 保留常量,但岗位登录已移除,不再使用
 
     public static final String ASSIGNEE_TYPE_ROLE = "ROLE";
     public static final String ASSIGNEE_TYPE_USER = "USER";

+ 3 - 0
src/main/java/com/qqflow/engine/domain/flow/mapper/ApprovalTaskMapper.java

@@ -32,17 +32,20 @@ public interface ApprovalTaskMapper extends BaseMapper<ApprovalTask> {
             com.baomidou.mybatisplus.extension.plugins.pagination.Page<ApprovalTask> page,
             @Param("assigneeId") Long assigneeId,
             @Param("assigneeType") String assigneeType,
+            @Param("roleIds") List<Long> roleIds,
             @Param("processName") String processName);
 
     com.baomidou.mybatisplus.extension.plugins.pagination.Page<ApprovalTask> selectHandledList(
             com.baomidou.mybatisplus.extension.plugins.pagination.Page<ApprovalTask> page,
             @Param("assigneeId") Long assigneeId,
             @Param("assigneeType") String assigneeType,
+            @Param("roleIds") List<Long> roleIds,
             @Param("processName") String processName);
 
     com.baomidou.mybatisplus.extension.plugins.pagination.Page<ApprovalTask> selectCcList(
             com.baomidou.mybatisplus.extension.plugins.pagination.Page<ApprovalTask> page,
             @Param("assigneeId") Long assigneeId,
             @Param("assigneeType") String assigneeType,
+            @Param("roleIds") List<Long> roleIds,
             @Param("processName") String processName);
 }

+ 22 - 3
src/main/java/com/qqflow/engine/domain/flow/service/impl/ApprovalTaskServiceImpl.java

@@ -34,6 +34,7 @@ import com.qqflow.engine.domain.system.entity.SysUser;
 import com.qqflow.engine.domain.system.entity.SysUserRole;
 import com.qqflow.engine.domain.system.mapper.SysUserMapper;
 import com.qqflow.engine.domain.system.mapper.SysUserRoleMapper;
+import com.qqflow.engine.domain.system.service.SysUserService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.ApplicationEventPublisher;
 import com.fasterxml.jackson.core.type.TypeReference;
@@ -74,11 +75,13 @@ public class ApprovalTaskServiceImpl implements ApprovalTaskService {
     private final ApplicationEventPublisher eventPublisher;
     private final SysUserRoleMapper sysUserRoleMapper;
     private final SysUserMapper sysUserMapper;
+    private final SysUserService sysUserService;
 
     @Override
     public PageResult<ApprovalTaskDTO> todoList(Long assigneeId, String assigneeType, String processName, Integer pageNum, Integer pageSize) {
+        List<Long> roleIds = loadRoleIdsIfSystemUser(assigneeId, assigneeType);
         Page<ApprovalTask> page = new Page<>(pageNum, pageSize);
-        this.approvalTaskMapper.selectTodoList(page, assigneeId, assigneeType, processName);
+        this.approvalTaskMapper.selectTodoList(page, assigneeId, assigneeType, roleIds, processName);
         List<ApprovalTaskDTO> records = page.getRecords().stream()
                 .map(ApprovalTaskDTO::of)
                 .peek(this::fillUrgency)
@@ -106,8 +109,9 @@ public class ApprovalTaskServiceImpl implements ApprovalTaskService {
 
     @Override
     public PageResult<ApprovalTaskDTO> handledList(Long assigneeId, String assigneeType, String processName, Integer pageNum, Integer pageSize) {
+        List<Long> roleIds = loadRoleIdsIfSystemUser(assigneeId, assigneeType);
         Page<ApprovalTask> page = new Page<>(pageNum, pageSize);
-        this.approvalTaskMapper.selectHandledList(page, assigneeId, assigneeType, processName);
+        this.approvalTaskMapper.selectHandledList(page, assigneeId, assigneeType, roleIds, processName);
         List<ApprovalTaskDTO> records = page.getRecords().stream()
                 .map(ApprovalTaskDTO::of)
                 .collect(Collectors.toList());
@@ -258,8 +262,9 @@ public class ApprovalTaskServiceImpl implements ApprovalTaskService {
 
     @Override
     public PageResult<ApprovalTaskDTO> ccList(Long assigneeId, String assigneeType, String processName, Integer pageNum, Integer pageSize) {
+        List<Long> roleIds = loadRoleIdsIfSystemUser(assigneeId, assigneeType);
         Page<ApprovalTask> page = new Page<>(pageNum, pageSize);
-        this.approvalTaskMapper.selectCcList(page, assigneeId, assigneeType, processName);
+        this.approvalTaskMapper.selectCcList(page, assigneeId, assigneeType, roleIds, processName);
         List<ApprovalTaskDTO> records = page.getRecords().stream()
                 .map(ApprovalTaskDTO::of)
                 .collect(Collectors.toList());
@@ -533,4 +538,18 @@ public class ApprovalTaskServiceImpl implements ApprovalTaskService {
                 operatorId, operatorName, action, result
         ));
     }
+
+    private List<Long> loadRoleIdsIfSystemUser(Long assigneeId, String assigneeType) {
+        if (!"ROLE".equals(assigneeType)) {
+            List<String> roleCodes = sysUserService.loadUserRoles(assigneeId);
+            if (roleCodes != null && !roleCodes.isEmpty()) {
+                // loadUserRoles returns role codes, we need role IDs
+                // But sys_user_role stores role_id, so query directly
+                return sysUserRoleMapper.selectList(
+                        new LambdaQueryWrapper<SysUserRole>().eq(SysUserRole::getUserId, assigneeId)
+                ).stream().map(SysUserRole::getRoleId).distinct().collect(Collectors.toList());
+            }
+        }
+        return Collections.emptyList();
+    }
 }

+ 2 - 37
src/main/java/com/qqflow/engine/domain/system/controller/AuthController.java

@@ -7,10 +7,7 @@ import com.qqflow.engine.domain.system.assembler.UserAssembler;
 import com.qqflow.engine.domain.system.dto.ChangePasswordDTO;
 import com.qqflow.engine.domain.system.dto.LoginDTO;
 import com.qqflow.engine.domain.system.dto.UserDTO;
-import com.qqflow.engine.domain.system.entity.SysRole;
 import com.qqflow.engine.domain.system.entity.SysUser;
-import com.qqflow.engine.domain.system.mapper.SysRoleMapper;
-import com.qqflow.engine.domain.system.service.RoleAuthService;
 import com.qqflow.engine.domain.system.service.SysUserService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -26,10 +23,6 @@ import org.springframework.web.bind.annotation.RestController;
 import java.util.HashMap;
 import java.util.Map;
 
-import static com.qqflow.engine.common.constant.SecurityConstants.LOGIN_TYPE_ROLE;
-import static com.qqflow.engine.common.constant.SecurityConstants.USER_TYPE_ROLE;
-import static com.qqflow.engine.common.constant.SecurityConstants.USER_TYPE_SYSTEM;
-
 @Tag(name = "认证管理")
 @RestController
 @RequestMapping("/auth")
@@ -37,20 +30,11 @@ public class AuthController {
 
     @Resource
     private SysUserService sysUserService;
-    @Resource
-    private RoleAuthService roleAuthService;
-    @Resource
-    private SysRoleMapper sysRoleMapper;
 
     @Operation(summary = "用户登录")
     @PostMapping("/login")
     public Result<Map<String, String>> login(@Valid @RequestBody LoginDTO loginDTO) {
-        String token;
-        if (LOGIN_TYPE_ROLE.equals(loginDTO.getLoginType())) {
-            token = roleAuthService.login(loginDTO);
-        } else {
-            token = sysUserService.login(loginDTO);
-        }
+        String token = sysUserService.login(loginDTO);
         Map<String, String> map = new HashMap<>();
         map.put("token", token);
         return Result.ok(map);
@@ -70,7 +54,7 @@ public class AuthController {
         String token = request.getHeader("Authorization");
         String newToken = sysUserService.refreshToken(token);
         Map<String, String> map = new HashMap<>();
-        map.put("token", newToken);
+        map.put("token", token);
         return Result.ok(map);
     }
 
@@ -92,27 +76,8 @@ public class AuthController {
         if (loginUser == null) {
             return Result.error(401, "未登录");
         }
-        if (USER_TYPE_ROLE.equals(loginUser.getUserType())) {
-            SysRole role = sysRoleMapper.selectById(loginUser.getUserId());
-            if (role == null) {
-                return Result.error(401, "用户不存在");
-            }
-            UserDTO dto = new UserDTO();
-            dto.setId(role.getId());
-            dto.setUsername(role.getUsername());
-            dto.setRealName(role.getRoleName());
-            dto.setDeptId(role.getDeptId());
-            dto.setStatus(role.getStatus());
-            dto.setCreateTime(role.getCreateTime());
-            dto.setRoles(loginUser.getRoles());
-            dto.setUserType(USER_TYPE_ROLE);
-            return Result.ok(dto);
-        }
         SysUser user = sysUserService.getByUsername(loginUser.getUsername());
         UserDTO dto = UserAssembler.toDTO(user);
-        if (dto != null) {
-            dto.setUserType(USER_TYPE_SYSTEM);
-        }
         return Result.ok(dto);
     }
 }

+ 0 - 3
src/main/java/com/qqflow/engine/domain/system/dto/LoginDTO.java

@@ -15,7 +15,4 @@ public class LoginDTO {
     @NotBlank(message = "密码不能为空")
     @Schema(description = "密码")
     private String password;
-
-    @Schema(description = "登录类型:SYSTEM-系统用户 ROLE-角色用户")
-    private String loginType;
 }

+ 0 - 8
src/main/java/com/qqflow/engine/domain/system/dto/RoleDTO.java

@@ -19,12 +19,6 @@ public class RoleDTO {
     @Schema(description = "角色名称")
     private String roleName;
 
-    @Schema(description = "登录账号")
-    private String username;
-
-    @Schema(description = "手机号")
-    private String phone;
-
     @Schema(description = "角色范围")
     private String roleScope;
 
@@ -57,8 +51,6 @@ public class RoleDTO {
         dto.setId(role.getId());
         dto.setRoleCode(role.getRoleCode());
         dto.setRoleName(role.getRoleName());
-        dto.setUsername(role.getUsername());
-        dto.setPhone(role.getPhone());
         dto.setRoleScope(role.getRoleScope());
         dto.setParentId(role.getParentId());
         dto.setDeptId(role.getDeptId());

+ 2 - 13
src/main/java/com/qqflow/engine/domain/system/entity/SysRole.java

@@ -3,7 +3,6 @@ package com.qqflow.engine.domain.system.entity;
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
-import com.fasterxml.jackson.annotation.JsonProperty;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 
@@ -11,7 +10,7 @@ import java.time.LocalDateTime;
 
 @Data
 @TableName("sys_role")
-@Schema(description = "系统角色")
+@Schema(description = "审批角色(纯权限,不登录)")
 public class SysRole {
 
     @TableId(type = IdType.AUTO)
@@ -24,7 +23,7 @@ public class SysRole {
     @Schema(description = "角色名称")
     private String roleName;
 
-    @Schema(description = "角色范围")
+    @Schema(description = "角色范围/描述")
     private String roleScope;
 
     @Schema(description = "父角色ID")
@@ -33,16 +32,6 @@ public class SysRole {
     @Schema(description = "所属部门ID")
     private Long deptId;
 
-    @Schema(description = "登录账号")
-    private String username;
-
-    @Schema(description = "手机号")
-    private String phone;
-
-    @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
-    @Schema(description = "密码")
-    private String password;
-
     @Schema(description = "状态:0-禁用 1-正常")
     private Integer status;
 

+ 0 - 23
src/main/java/com/qqflow/engine/domain/system/mapper/SysRoleMapper.java

@@ -15,28 +15,5 @@ public interface SysRoleMapper extends BaseMapper<SysRole> {
         );
     }
 
-    default SysRole selectByUsername(String username) {
-        return this.selectOne(
-                new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SysRole>()
-                        .eq(SysRole::getUsername, username)
-        );
-    }
-
-    default SysRole selectByPhone(String phone) {
-        return this.selectOne(
-                new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SysRole>()
-                        .eq(SysRole::getPhone, phone)
-        );
-    }
-
-    default SysRole selectByUsernameOrPhone(String account) {
-        return this.selectOne(
-                new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SysRole>()
-                        .eq(SysRole::getUsername, account)
-                        .or()
-                        .eq(SysRole::getPhone, account)
-        );
-    }
-
     List<SysRole> selectRolesByUserId(@Param("userId") Long userId);
 }

+ 0 - 43
src/main/java/com/qqflow/engine/domain/system/service/RoleAuthService.java

@@ -1,43 +0,0 @@
-package com.qqflow.engine.domain.system.service;
-
-import com.qqflow.engine.common.exception.BusinessException;
-import com.qqflow.engine.common.util.JwtUtils;
-import com.qqflow.engine.config.security.LoginUser;
-import com.qqflow.engine.domain.system.dto.LoginDTO;
-import com.qqflow.engine.domain.system.entity.SysRole;
-import com.qqflow.engine.domain.system.mapper.SysRoleMapper;
-import jakarta.annotation.Resource;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.stereotype.Service;
-
-import java.util.List;
-
-import static com.qqflow.engine.common.constant.SecurityConstants.USER_TYPE_ROLE;
-
-@Service
-public class RoleAuthService {
-
-    @Resource
-    private SysRoleMapper sysRoleMapper;
-    @Resource
-    private PasswordEncoder passwordEncoder;
-    @Resource
-    private JwtUtils jwtUtils;
-
-    public String login(LoginDTO loginDTO) {
-        SysRole role = sysRoleMapper.selectByUsernameOrPhone(loginDTO.getUsername());
-        if (role == null || role.getStatus() == null || role.getStatus() != 1) {
-            throw new BusinessException("用户名或密码错误");
-        }
-        if (!passwordEncoder.matches(loginDTO.getPassword(), role.getPassword())) {
-            throw new BusinessException("用户名或密码错误");
-        }
-        LoginUser loginUser = new LoginUser();
-        loginUser.setUserId(role.getId());
-        loginUser.setUsername(role.getUsername());
-        loginUser.setRealName(role.getRoleName());
-        loginUser.setUserType(USER_TYPE_ROLE);
-        loginUser.setRoles(List.of(role.getRoleCode()));
-        return jwtUtils.generateToken(loginUser);
-    }
-}

+ 0 - 61
src/main/java/com/qqflow/engine/domain/system/service/impl/SysRoleServiceImpl.java

@@ -11,7 +11,6 @@ import com.qqflow.engine.domain.system.mapper.SysUserRoleMapper;
 import com.qqflow.engine.domain.system.service.SysDeptService;
 import com.qqflow.engine.domain.system.service.SysRoleService;
 import jakarta.annotation.Resource;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
@@ -29,9 +28,6 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole>
     @Resource
     private SysDeptService sysDeptService;
 
-    @Resource
-    private PasswordEncoder passwordEncoder;
-
     @Override
     @Transactional
     public boolean addRole(SysRole role) {
@@ -41,30 +37,11 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole>
         if (!StringUtils.hasText(role.getRoleName())) {
             throw new BusinessException("角色名称不能为空");
         }
-        if (!StringUtils.hasText(role.getUsername())) {
-            throw new BusinessException("角色登录账号不能为空");
-        }
-        if (!StringUtils.hasText(role.getPassword())) {
-            throw new BusinessException("角色登录密码不能为空");
-        }
-        validateRolePassword(role.getPassword());
-        validatePhone(role.getPhone());
         SysRole exist = this.baseMapper.selectByRoleCode(role.getRoleCode());
         if (exist != null) {
             throw new BusinessException("角色编码已存在");
         }
-        SysRole usernameExist = this.baseMapper.selectByUsername(role.getUsername());
-        if (usernameExist != null) {
-            throw new BusinessException("角色登录账号已存在");
-        }
-        if (StringUtils.hasText(role.getPhone())) {
-            SysRole phoneExist = this.baseMapper.selectByPhone(role.getPhone());
-            if (phoneExist != null) {
-                throw new BusinessException("手机号已存在");
-            }
-        }
         role.setCreateTime(LocalDateTime.now());
-        role.setPassword(passwordEncoder.encode(role.getPassword()));
         return this.save(role);
     }
 
@@ -78,26 +55,6 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole>
         if (existing == null) {
             throw new BusinessException("角色不存在");
         }
-        if (StringUtils.hasText(role.getPassword())) {
-            validateRolePassword(role.getPassword());
-            role.setPassword(passwordEncoder.encode(role.getPassword()));
-        } else {
-            // 不修改密码时,清空 password 字段避免覆盖
-            role.setPassword(null);
-        }
-        if (StringUtils.hasText(role.getUsername()) && !role.getUsername().equals(existing.getUsername())) {
-            SysRole usernameExist = this.baseMapper.selectByUsername(role.getUsername());
-            if (usernameExist != null && !usernameExist.getId().equals(role.getId())) {
-                throw new BusinessException("角色登录账号已存在");
-            }
-        }
-        if (StringUtils.hasText(role.getPhone()) && !role.getPhone().equals(existing.getPhone())) {
-            validatePhone(role.getPhone());
-            SysRole phoneExist = this.baseMapper.selectByPhone(role.getPhone());
-            if (phoneExist != null && !phoneExist.getId().equals(role.getId())) {
-                throw new BusinessException("手机号已存在");
-            }
-        }
         return this.updateById(role);
     }
 
@@ -131,24 +88,6 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole>
         return this.page(page, wrapper);
     }
 
-    private void validateRolePassword(String password) {
-        if (password.length() < 6) {
-            throw new BusinessException("密码长度不能少于6位");
-        }
-        if (!password.matches(".*[A-Za-z].*") || !password.matches(".*\\d.*")) {
-            throw new BusinessException("密码必须同时包含字母和数字");
-        }
-    }
-
-    private void validatePhone(String phone) {
-        if (!StringUtils.hasText(phone)) {
-            return;
-        }
-        if (!phone.matches("^1[3-9]\\d{9}$")) {
-            throw new BusinessException("手机号格式不正确");
-        }
-    }
-
     @Override
     public List<SysRole> listRolesByUserId(Long userId) {
         return this.baseMapper.selectRolesByUserId(userId);

+ 0 - 30
src/main/resources/data-mysql.sql

@@ -1,30 +0,0 @@
--- ========================================================
--- MySQL 初始化数据脚本
--- 与 data-dev.sql 语义一致,使用标准 MySQL 语法
--- ========================================================
-
-INSERT IGNORE INTO sys_dept (id, dept_name, dept_code, parent_id, sort_order, status) VALUES
-(1, '总裁办', 'CEO', 0, 1, 1),
-(2, '技术部', 'TECH', 0, 2, 1),
-(3, '财务部', 'FIN', 0, 3, 1),
-(4, '人事部', 'HR', 0, 4, 1),
-(5, '前端组', 'FE', 2, 1, 1),
-(6, '后端组', 'BE', 2, 2, 1);
-
-INSERT IGNORE INTO sys_user (id, username, password, real_name, phone, email, dept_id, employee_type, status) VALUES
-(1, 'admin', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', '超级管理员', '13800138000', 'admin@qqflow.com', 1, 'super_admin', 0),
-(2, 'zhangsan', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', '张三', '13800138001', 'zhangsan@qqflow.com', 2, 'common_user', 0),
-(3, 'lisi', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', '李四', '13800138002', 'lisi@qqflow.com', 3, 'dept_manager', 0),
-(4, 'wangwu', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', '王五', '13800138003', 'wangwu@qqflow.com', 4, 'flow_manager', 0);
-
-INSERT IGNORE INTO sys_role (id, role_code, role_name, role_scope, parent_id, dept_id, username, password, status, phone) VALUES
-(1, 'super_admin', '总裁办专员', 'platform', 0, 1, 'role_super_admin', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000001'),
-(2, 'flow_admin', '流程运维专员', 'tenant', 0, 1, 'role_flow_admin', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000002'),
-(3, 'normal_user', '技术部员工', 'tenant', 0, 2, 'role_normal_user', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000003'),
-(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 'role_dept_manager', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000004');
-
-INSERT IGNORE INTO sys_user_role (id, user_id, role_id) VALUES
-(1, 1, 1),
-(2, 2, 4),
-(3, 3, 3),
-(4, 4, 3);

+ 5 - 5
src/main/resources/data-test.sql

@@ -12,11 +12,11 @@ MERGE INTO sys_user (id, username, password, real_name, phone, email, dept_id, e
 (3, 'lisi', '$2a$10$je3eVNDSkYWM929JHtmsEOL0eS4GB6s7UObxx91PmmppoFwnfmTty', '李四', '13800138002', 'lisi@qqflow.com', 3, 'dept_manager', 0),
 (4, 'wangwu', '$2a$10$je3eVNDSkYWM929JHtmsEOL0eS4GB6s7UObxx91PmmppoFwnfmTty', '王五', '13800138003', 'wangwu@qqflow.com', 4, 'flow_manager', 0);
 
-MERGE INTO sys_role (id, role_code, role_name, role_scope, parent_id, dept_id, username, password, status, phone) KEY(id) VALUES
-(1, 'super_admin', '总裁办专员', 'platform', 0, 1, 'role_super_admin', '$2a$10$je3eVNDSkYWM929JHtmsEOL0eS4GB6s7UObxx91PmmppoFwnfmTty', 1, '13900000001'),
-(2, 'flow_admin', '流程运维专员', 'tenant', 0, 1, 'role_flow_admin', '$2a$10$je3eVNDSkYWM929JHtmsEOL0eS4GB6s7UObxx91PmmppoFwnfmTty', 1, '13900000002'),
-(3, 'normal_user', '技术部员工', 'tenant', 0, 2, 'role_normal_user', '$2a$10$je3eVNDSkYWM929JHtmsEOL0eS4GB6s7UObxx91PmmppoFwnfmTty', 1, '13900000003'),
-(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 'role_dept_manager', '$2a$10$je3eVNDSkYWM929JHtmsEOL0eS4GB6s7UObxx91PmmppoFwnfmTty', 1, '13900000004');
+MERGE INTO sys_role (id, role_code, role_name, role_scope, parent_id, dept_id, status) KEY(id) VALUES
+(1, 'super_admin', '总裁办专员', 'platform', 0, 1, 1),
+(2, 'flow_admin', '流程运维专员', 'tenant', 0, 1, 1),
+(3, 'normal_user', '技术部员工', 'tenant', 0, 2, 1),
+(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 1);
 
 MERGE INTO sys_user_role (id, user_id, role_id) KEY(id) VALUES
 (1, 1, 1),

+ 33 - 15
src/main/resources/mapper/flow/ApprovalTaskMapper.xml

@@ -31,17 +31,23 @@
         INNER JOIN bpm_process_instance pi ON t.instance_id = pi.id
         LEFT JOIN bpm_process_definition pd ON pi.process_definition_id = pd.id
         WHERE t.deleted = 0
-          AND t.assignee_id = #{assigneeId}
           AND t.task_status = 0
           AND t.node_type != 'cc'
-          <choose>
+          AND (
+            <choose>
               <when test="assigneeType == 'ROLE'">
-                  AND t.assignee_type = 'ROLE'
+                  (t.assignee_type = 'ROLE' AND t.assignee_id = #{assigneeId})
+              </when>
+              <when test="roleIds != null and roleIds.size() > 0">
+                  ((t.assignee_type != 'ROLE' AND t.assignee_id = #{assigneeId})
+                   OR (t.assignee_type = 'ROLE' AND t.assignee_id IN
+                       <foreach collection="roleIds" item="roleId" open="(" close=")" separator=",">#{roleId}</foreach>))
               </when>
               <otherwise>
-                  AND (t.assignee_type IS NULL OR t.assignee_type = '' OR t.assignee_type = 'USER')
+                  (t.assignee_id = #{assigneeId} AND (t.assignee_type IS NULL OR t.assignee_type = '' OR t.assignee_type = 'USER'))
               </otherwise>
-          </choose>
+            </choose>
+          )
         <if test="processName != null and processName != ''">
             AND pd.process_name LIKE CONCAT('%', #{processName}, '%')
         </if>
@@ -54,17 +60,23 @@
         INNER JOIN bpm_process_instance pi ON t.instance_id = pi.id
         LEFT JOIN bpm_process_definition pd ON pi.process_definition_id = pd.id
         WHERE t.deleted = 0
-          AND t.assignee_id = #{assigneeId}
           AND t.task_status IN (1, 2, 4)
           AND t.node_type != 'cc'
-          <choose>
+          AND (
+            <choose>
               <when test="assigneeType == 'ROLE'">
-                  AND t.assignee_type = 'ROLE'
+                  (t.assignee_type = 'ROLE' AND t.assignee_id = #{assigneeId})
+              </when>
+              <when test="roleIds != null and roleIds.size() > 0">
+                  ((t.assignee_type != 'ROLE' AND t.assignee_id = #{assigneeId})
+                   OR (t.assignee_type = 'ROLE' AND t.assignee_id IN
+                       <foreach collection="roleIds" item="roleId" open="(" close=")" separator=",">#{roleId}</foreach>))
               </when>
               <otherwise>
-                  AND (t.assignee_type IS NULL OR t.assignee_type = '' OR t.assignee_type = 'USER')
+                  (t.assignee_id = #{assigneeId} AND (t.assignee_type IS NULL OR t.assignee_type = '' OR t.assignee_type = 'USER'))
               </otherwise>
-          </choose>
+            </choose>
+          )
         <if test="processName != null and processName != ''">
             AND pd.process_name LIKE CONCAT('%', #{processName}, '%')
         </if>
@@ -77,16 +89,22 @@
         INNER JOIN bpm_process_instance pi ON t.instance_id = pi.id
         LEFT JOIN bpm_process_definition pd ON pi.process_definition_id = pd.id
         WHERE t.deleted = 0
-          AND t.assignee_id = #{assigneeId}
           AND t.node_type = 'cc'
-          <choose>
+          AND (
+            <choose>
               <when test="assigneeType == 'ROLE'">
-                  AND t.assignee_type = 'ROLE'
+                  (t.assignee_type = 'ROLE' AND t.assignee_id = #{assigneeId})
+              </when>
+              <when test="roleIds != null and roleIds.size() > 0">
+                  ((t.assignee_type != 'ROLE' AND t.assignee_id = #{assigneeId})
+                   OR (t.assignee_type = 'ROLE' AND t.assignee_id IN
+                       <foreach collection="roleIds" item="roleId" open="(" close=")" separator=",">#{roleId}</foreach>))
               </when>
               <otherwise>
-                  AND (t.assignee_type IS NULL OR t.assignee_type = '' OR t.assignee_type = 'USER')
+                  (t.assignee_id = #{assigneeId} AND (t.assignee_type IS NULL OR t.assignee_type = '' OR t.assignee_type = 'USER'))
               </otherwise>
-          </choose>
+            </choose>
+          )
         <if test="processName != null and processName != ''">
             AND pd.process_name LIKE CONCAT('%', #{processName}, '%')
         </if>

+ 1 - 1
src/main/resources/mapper/system/SysRoleMapper.xml

@@ -3,7 +3,7 @@
 <mapper namespace="com.qqflow.engine.domain.system.mapper.SysRoleMapper">
 
     <select id="selectRolesByUserId" resultType="com.qqflow.engine.domain.system.entity.SysRole">
-        SELECT r.id, r.role_code, r.role_name, r.role_scope, r.parent_id, r.dept_id, r.username, r.password, r.status, r.create_time
+        SELECT r.id, r.role_code, r.role_name, r.role_scope, r.parent_id, r.dept_id, r.status, r.create_time
         FROM sys_role r
         INNER JOIN sys_user_role ur ON r.id = ur.role_id
         WHERE ur.user_id = #{userId}