فهرست منبع

fix: 部门运维/流程运维权限对齐

- 系统管理接口(用户/角色/部门/通知配置查询)增加 dept_manager 角色权限
- 用户新增/修改时自动按 employeeType 同步同名角色
  - super_admin/dept_manager/flow_manager 自动绑定对应角色
  - common_user 不绑定
- 种子数据补充 flow_manager 角色,并修正测试用户的角色分配
ye-zhaojia 1 هفته پیش
والد
کامیت
3ac9a10620

+ 4 - 4
src/main/java/com/qqflow/engine/domain/system/controller/SysDeptController.java

@@ -23,7 +23,7 @@ import java.util.List;
 @Tag(name = "部门管理")
 @RestController
 @RequestMapping("/system/dept")
-@PreAuthorize("hasAnyRole('super_admin','flow_manager')")
+@PreAuthorize("hasAnyRole('super_admin','flow_manager','dept_manager')")
 public class SysDeptController {
 
     @Resource
@@ -51,7 +51,7 @@ public class SysDeptController {
 
     @Operation(summary = "新增部门")
     @PostMapping
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> add(@RequestBody SysDept dept) {
         sysDeptService.addDept(dept);
         return Result.ok();
@@ -59,7 +59,7 @@ public class SysDeptController {
 
     @Operation(summary = "修改部门")
     @PutMapping
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> update(@RequestBody SysDept dept) {
         sysDeptService.updateDept(dept);
         return Result.ok();
@@ -67,7 +67,7 @@ public class SysDeptController {
 
     @Operation(summary = "删除部门")
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> delete(@PathVariable Long id) {
         sysDeptService.removeDept(id);
         return Result.ok();

+ 1 - 1
src/main/java/com/qqflow/engine/domain/system/controller/SysNotificationConfigController.java

@@ -36,7 +36,7 @@ public class SysNotificationConfigController {
      */
     @GetMapping("/wecom")
     @Operation(summary = "获取企业微信配置")
-    @PreAuthorize("hasAnyRole('super_admin','flow_manager')")
+    @PreAuthorize("hasAnyRole('super_admin','flow_manager','dept_manager')")
     public Result<WeComConfigDTO> getWeComConfig() {
         return Result.ok(this.sysNotificationConfigService.getWeComConfig());
     }

+ 4 - 4
src/main/java/com/qqflow/engine/domain/system/controller/SysRoleController.java

@@ -37,7 +37,7 @@ import java.util.stream.Collectors;
 @Tag(name = "角色管理")
 @RestController
 @RequestMapping("/system/role")
-@PreAuthorize("hasAnyRole('super_admin','flow_manager')")
+@PreAuthorize("hasAnyRole('super_admin','flow_manager','dept_manager')")
 public class SysRoleController {
 
     @Resource
@@ -123,7 +123,7 @@ public class SysRoleController {
 
     @Operation(summary = "新增角色")
     @PostMapping
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> add(@RequestBody SysRole role) {
         sysRoleService.addRole(role);
         return Result.ok();
@@ -131,7 +131,7 @@ public class SysRoleController {
 
     @Operation(summary = "修改角色")
     @PutMapping
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> update(@RequestBody SysRole role) {
         sysRoleService.updateRole(role);
         return Result.ok();
@@ -139,7 +139,7 @@ public class SysRoleController {
 
     @Operation(summary = "删除角色")
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> delete(@PathVariable Long id) {
         sysRoleService.removeRole(id);
         return Result.ok();

+ 4 - 4
src/main/java/com/qqflow/engine/domain/system/controller/SysUserController.java

@@ -26,7 +26,7 @@ import org.springframework.web.bind.annotation.RestController;
 @Tag(name = "用户管理")
 @RestController
 @RequestMapping("/system/user")
-@PreAuthorize("hasAnyRole('super_admin','flow_manager')")
+@PreAuthorize("hasAnyRole('super_admin','flow_manager','dept_manager')")
 public class SysUserController {
 
     @Resource
@@ -60,7 +60,7 @@ public class SysUserController {
 
     @Operation(summary = "新增用户")
     @PostMapping
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> add(@RequestBody SysUser user) {
         sysUserService.addUser(user);
         return Result.ok();
@@ -68,7 +68,7 @@ public class SysUserController {
 
     @Operation(summary = "修改用户")
     @PutMapping
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> update(@RequestBody SysUser user) {
         sysUserService.updateUser(user);
         return Result.ok();
@@ -76,7 +76,7 @@ public class SysUserController {
 
     @Operation(summary = "删除用户")
     @DeleteMapping("/{id}")
-    @PreAuthorize("hasRole('super_admin')")
+    @PreAuthorize("hasAnyRole('super_admin','dept_manager')")
     public Result<Void> delete(@PathVariable Long id) {
         sysUserService.removeUser(id);
         return Result.ok();

+ 39 - 0
src/main/java/com/qqflow/engine/domain/system/service/impl/SysUserServiceImpl.java

@@ -10,9 +10,11 @@ import com.qqflow.engine.config.security.LoginUser;
 import com.qqflow.engine.domain.system.dto.LoginDTO;
 import com.qqflow.engine.domain.system.dto.UserDTO;
 import com.qqflow.engine.domain.system.entity.SysDept;
+import com.qqflow.engine.domain.system.entity.SysRole;
 import com.qqflow.engine.domain.system.entity.SysUser;
 import com.qqflow.engine.domain.system.entity.SysUserRole;
 import com.qqflow.engine.domain.system.mapper.SysDeptMapper;
+import com.qqflow.engine.domain.system.mapper.SysRoleMapper;
 import com.qqflow.engine.domain.system.mapper.SysUserMapper;
 import com.qqflow.engine.domain.system.mapper.SysUserRoleMapper;
 import com.qqflow.engine.domain.system.service.SysDeptService;
@@ -48,6 +50,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
     private SysUserRoleMapper sysUserRoleMapper;
 
     @Resource
+    private SysRoleMapper sysRoleMapper;
+
+    @Resource
     private SysDeptMapper sysDeptMapper;
 
     @Resource
@@ -97,6 +102,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
                 sysUserRoleMapper.insert(userRole);
             }
         }
+        if (saved) {
+            this.syncEmployeeTypeRole(user);
+        }
         return saved;
     }
 
@@ -128,6 +136,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
                 sysUserRoleMapper.insert(userRole);
             }
         }
+        if (updated) {
+            this.syncEmployeeTypeRole(user);
+        }
         return updated;
     }
 
@@ -140,6 +151,34 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
         return this.removeById(id);
     }
 
+    /**
+     * 根据 employeeType 自动为用户绑定同名的角色,保证前后端权限一致。
+     * common_user 不绑定任何角色。
+     */
+    private void syncEmployeeTypeRole(SysUser user) {
+        String employeeType = user.getEmployeeType();
+        if (employeeType == null || EMPLOYEE_TYPE_COMMON_USER.equals(employeeType)) {
+            return;
+        }
+        SysRole role = this.sysRoleMapper.selectByRoleCode(employeeType);
+        if (role == null || role.getId() == null) {
+            return;
+        }
+        Long userId = user.getId();
+        Long roleId = role.getId();
+        List<SysUserRole> existing = this.sysUserRoleMapper.selectList(
+                new LambdaQueryWrapper<SysUserRole>()
+                        .eq(SysUserRole::getUserId, userId)
+                        .eq(SysUserRole::getRoleId, roleId));
+        if (!existing.isEmpty()) {
+            return;
+        }
+        SysUserRole userRole = new SysUserRole();
+        userRole.setUserId(userId);
+        userRole.setRoleId(roleId);
+        this.sysUserRoleMapper.insert(userRole);
+    }
+
     @Override
     public SysUser getUserById(Long id) {
         return this.getById(id);

+ 5 - 4
src/main/resources/data-dev.sql

@@ -16,13 +16,14 @@ MERGE INTO sys_role (id, role_code, role_name, role_scope, parent_id, dept_id, u
 (1, 'super_admin', '总裁办专员', 'platform', 0, 1, 'role_super_admin', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000001'),
 (2, 'flow_admin', '流程运维专员', 'tenant', 0, 1, 'role_flow_admin', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000002'),
 (3, 'normal_user', '技术部员工', 'tenant', 0, 2, 'role_normal_user', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000003'),
-(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 'role_dept_manager', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000004');
+(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 'role_dept_manager', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000004'),
+(5, 'flow_manager', '流程运维', 'tenant', 0, 1, 'role_flow_manager', '$2a$10$TGAG9dOoBWlslF3EjezT4eyIUgdW1X.YF4lLpNq4E8U9IaXRgZ8K2', 1, '13900000005');
 
 MERGE INTO sys_user_role (id, user_id, role_id) KEY(id) VALUES
 (1, 1, 1),
-(2, 2, 4),
-(3, 3, 3),
-(4, 4, 3);
+(2, 2, 3),
+(3, 3, 4),
+(4, 4, 5);
 
 
 

+ 5 - 4
src/main/resources/data-test.sql

@@ -16,13 +16,14 @@ MERGE INTO sys_role (id, role_code, role_name, role_scope, parent_id, dept_id, s
 (1, 'super_admin', '总裁办专员', 'platform', 0, 1, 1),
 (2, 'flow_admin', '流程运维专员', 'tenant', 0, 1, 1),
 (3, 'normal_user', '技术部员工', 'tenant', 0, 2, 1),
-(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 1);
+(4, 'dept_manager', '财务部经理', 'tenant', 3, 3, 1),
+(5, 'flow_manager', '流程运维', 'tenant', 0, 1, 1);
 
 MERGE INTO sys_user_role (id, user_id, role_id) KEY(id) VALUES
 (1, 1, 1),
-(2, 2, 4),
-(3, 3, 3),
-(4, 4, 3);
+(2, 2, 3),
+(3, 3, 4),
+(4, 4, 5);