refactor(X-Pack): 对权限体系进行重构-8

2026-06-16 11:21:44 +08:00 · 2026-05-22 10:32:17 +08:00
parent e761402f4d
commit e568d1a8c7
16 changed files with 128 additions and 24 deletions
--- a/core/core-frontend/src/api/auth.ts
+++ b/core/core-frontend/src/api/auth.ts
@@ -1,10 +1,16 @@
 import request from '@/config/axios'

 export const queryUserApi = data => request.post({ url: '/user/byCurOrg', data })
-export const queryUserOptionsApi = () => request.get({ url: '/user/org/option' })
+export const queryUserOptionsApi = () => request.get({ url: '/user/query' })
 export const queryRoleApi = data => request.post({ url: '/role/byCurOrg', data })

-export const resourceTreeApi = (flag: string) => request.get({ url: '/auth/busiResource/' + flag })
+export const resourceTreeApi = (flag: string, isSystem?: boolean) => {
+  const param = {
+    flag,
+    isSystem: !!isSystem
+  }
+  return request.post({ url: '/auth/busiResource', data: param })
+}

 export const menuTreeApi = () => request.get({ url: '/auth/menuResource' })

--- a/core/core-frontend/src/api/user.ts
+++ b/core/core-frontend/src/api/user.ts
@@ -7,7 +7,7 @@ export const switchOrg = (id: number | string) => request.post({ url: `/user/swi

 export const userInfo = () => request.get({ url: '/user/info' })

-export const searchRoleApi = (keyword: string) =>
+export const searchRoleApi = (keyword?: string) =>
  request.post({ url: '/role/query', data: { keyword } })
 export const searchRoleByOidApi = (oid: number) => request.get({ url: `/role/queryWithOid/${oid}` })

--- a/core/core-frontend/src/assets/svg/icon-enter.svg
+++ b/core/core-frontend/src/assets/svg/icon-enter.svg
@@ -0,0 +1 @@
+<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1779100824142" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="9362" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M595.8272 500.6272c0 13.0496-5.76 24.8768-14.8352 32.9792l-148.0768 132.896c-7.8976 7.0016-18.3488 11.264-29.7472 11.264-24.6016 0-44.5248-19.7888-44.5248-44.2496 0-13.1968 5.76-24.8768 14.8352-32.9792l62.048-55.6544L236.3904 544.8832c-24.5248 0-44.3904-19.7888-44.3904-44.3904 0-24.4608 19.8656-44.2496 44.3904-44.2496l199.136 0-62.048-55.6608c-9.0752-8.1088-14.8352-19.8592-14.8352-32.9728 0-24.4672 19.9232-44.256 44.5248-44.256 11.3984 0 21.8496 4.2624 29.7472 11.4048l148.0768 132.8896C590.0608 475.7504 595.8272 487.5712 595.8272 500.6272M617.9904 807.36l125.1776 0L743.168 216.64 617.9904 216.64c-24.5248 0-44.3904-19.9232-44.3904-44.3904 0-24.6016 19.936-44.2496 44.3904-44.2496l169.5616 0c24.5248 0 44.448 19.648 44.448 44.2496l0 679.4304c0 24.4544-19.9232 44.32-44.448 44.32L617.9904 896c-24.448 0-44.3904-19.8656-44.3904-44.32C573.6 827.2192 593.4656 807.36 617.9904 807.36" fill="" p-id="9363"></path></svg>
--- a/core/core-frontend/src/config/axios/service.ts
+++ b/core/core-frontend/src/config/axios/service.ts
@@ -121,6 +121,10 @@ service.interceptors.request.use(
    } else if (embeddedStore.token) {
      ;(config.headers as AxiosRequestHeaders)['X-EMBEDDED-TOKEN'] = embeddedStore.token
    }
+    const storedProxyInfo = wsCache.get('user.proxyInfo')
+    if (storedProxyInfo?.proxy && storedProxyInfo?.proxySecret) {
+      ;(config.headers as AxiosRequestHeaders)['X-DE-ADMIN-PROXY'] = storedProxyInfo.proxySecret
+    }
    const locale = getLocale()
    if (locale) {
      const val = mapping[locale] || locale
--- a/core/core-frontend/src/locales/zh-CN.ts
+++ b/core/core-frontend/src/locales/zh-CN.ts
@@ -967,6 +967,7 @@ export default {
    resource_name: '资源名称',
    menu_name: '菜单名称',
    from_role: '继承自以下角色：',
+    from_org: '继承自以下组织：',
    auth_alone: '单独授权',
    org_role_empty: '组织管理员已拥有所有资源的权限，无需再授权',
    user_role_empty: '该用户是组织管理员，已拥有所有资源的权限，无需再授权',
--- a/core/core-frontend/src/store/modules/user.ts
+++ b/core/core-frontend/src/store/modules/user.ts
@@ -14,6 +14,11 @@ interface UserState {
  language: string
  exp: number
  time: number
+  proxyInfo: {
+    proxy: boolean
+    proxyOid: string | null
+    proxySecret: string | null
+  }
 }

 export const userStore = defineStore('user', {
@@ -25,7 +30,12 @@ export const userStore = defineStore('user', {
      oid: null,
      language: 'zh-CN',
      exp: null,
-      time: null
+      time: null,
+      proxyInfo: {
+        proxy: false,
+        proxyOid: null,
+        proxySecret: null
+      }
    }
  },
  getters: {
@@ -49,6 +59,9 @@ export const userStore = defineStore('user', {
    },
    getTime(): number {
      return this.time
+    },
+    getProxyInfo(): { proxy: boolean; proxyOid: string | null; proxySecret: string | null } {
+      return this.proxyInfo
    }
  },
  actions: {
@@ -66,6 +79,10 @@ export const userStore = defineStore('user', {
        this[key] = data[dkey]
        wsCache.set('user.' + key, this[key])
      })
+      const cachedProxyInfo = wsCache.get('user.proxyInfo')
+      if (cachedProxyInfo) {
+        this.proxyInfo = cachedProxyInfo
+      }
      const locale = useLocaleStoreWithOut()
      if (locale.getCurrentLocale?.lang !== this.language && !window.DataEaseBi) {
        window.location.reload()
@@ -96,6 +113,14 @@ export const userStore = defineStore('user', {
      wsCache.set('user.oid', oid)
      this.oid = oid
    },
+    setProxyInfo(proxyInfo: {
+      proxy: boolean
+      proxyOid: string | null
+      proxySecret: string | null
+    }) {
+      wsCache.set('user.proxyInfo', proxyInfo)
+      this.proxyInfo = proxyInfo
+    },
    setLanguage(language: string) {
      const locale = useLocaleStoreWithOut()
      if (!language || language === 'zh_CN') {
@@ -107,7 +132,7 @@ export const userStore = defineStore('user', {
      changeLocale(language as any)
    },
    clear() {
-      const keys: string[] = ['token', 'uid', 'name', 'oid', 'language', 'exp', 'time']
+      const keys: string[] = ['token', 'uid', 'name', 'oid', 'language', 'exp', 'time', 'proxyInfo']
      keys.forEach(key => wsCache.delete('user.' + key))
    }
  }
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/api/AuthApi.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/api/AuthApi.java
@@ -9,10 +9,9 @@ import io.dataease.api.permissions.auth.vo.ResourceItemVO;
 import io.dataease.api.permissions.auth.vo.ResourceVO;
 import io.swagger.v3.oas.annotations.Hidden;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
+
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;

@@ -24,9 +23,8 @@ public interface AuthApi {

    @Operation(summary = "查询资源树")
    @ApiOperationSupport(order = 1)
-    @Parameter(name = "flag", description = "类型")
-    @GetMapping("/busiResource/{flag}")
-    List<ResourceVO> busiResource(@PathVariable("flag") String flag);
+    @PostMapping("/busiResource")
+    List<ResourceVO> busiResource(@RequestBody BusiResourceRequest request);

    @Operation(summary = "查询对象已授权资源")
    @ApiOperationSupport(order = 3)
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/dto/BusiResourceRequest.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/dto/BusiResourceRequest.java
@@ -0,0 +1,20 @@
+package io.dataease.api.permissions.auth.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+@Schema(description = "业务资源请求参数")
+@Data
+public class BusiResourceRequest implements Serializable {
+    @Serial
+    private static final long serialVersionUID = 6769377426446797907L;
+
+    @Schema(description = "资源flag", requiredMode = Schema.RequiredMode.REQUIRED)
+    private String flag;
+
+    @Schema(description = "是否系统级查询")
+    private boolean isSystem;
+}
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionItem.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionItem.java
@@ -2,16 +2,20 @@ package io.dataease.api.permissions.auth.vo;

 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
-import io.dataease.api.permissions.dataset.dto.DataSetColumnPermissionsDTO;
-import io.dataease.api.permissions.dataset.dto.DataSetRowPermissionsTreeDTO;
 import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;

 import java.io.Serial;
 import java.io.Serializable;

@Schema(description = "权限项")
@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
 public class PermissionItem implements Serializable {

    @Serial
@@ -21,10 +25,6 @@ public class PermissionItem implements Serializable {
    private Long id;
    @Schema(description = "权重")
    private int weight;
-    @Schema(description = "列权限")
-    private DataSetColumnPermissionsDTO columnPermissions;
-    @Schema(description = "行权限")
-    private DataSetRowPermissionsTreeDTO rowPermissions;
    @Schema(description = "独立权重")
    private int ext;
 }
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionOrigin.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionOrigin.java
@@ -3,7 +3,10 @@ package io.dataease.api.permissions.auth.vo;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
 import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;

 import java.io.Serial;
 import java.io.Serializable;
@@ -11,6 +14,9 @@ import java.util.List;

@Schema(description = "关联权限")
@Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
 public class PermissionOrigin implements Serializable {
    @Serial
    private static final long serialVersionUID = 1455588932869130794L;
@@ -20,6 +26,8 @@ public class PermissionOrigin implements Serializable {
    private Long id;
    @Schema(description = "关联名称")
    private String name;
+    @Schema(description = "来源类型: 0=user, 1=role, 2=org")
+    private Integer type;
    @Schema(description = "关联权限项")
    private List<PermissionItem> permissions;
 }
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionVO.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionVO.java
@@ -17,6 +17,8 @@ public class PermissionVO implements Serializable {
    private boolean root;
    @Schema(description = "是否只读")
    private boolean readonly;
+    @Schema(description = "角色类型编码: 0=普通用户,5=数据分析师,9=组织管理员")
+    private Integer typeCode = 0;
    @Schema(description = "直接权限项")
    private List<PermissionItem> permissions;
    @Schema(description = "关联权限项")
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/role/dto/RoleCreator.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/role/dto/RoleCreator.java
@@ -21,8 +21,4 @@ public class RoleCreator implements Serializable {
    @JsonIgnore
    @Schema(hidden = true)
    private Long rid;
-
-    private Long oid;
-
-
 }
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java
@@ -8,7 +8,6 @@ import io.dataease.api.permissions.user.dto.*;
 import io.dataease.api.permissions.user.vo.*;
 import io.dataease.auth.DeApiPath;
 import io.dataease.auth.DePermit;
-import io.dataease.auth.vo.TokenVO;
 import io.dataease.model.KeywordRequest;
 import io.dataease.result.PageResult;
 import io.swagger.v3.oas.annotations.Hidden;
@@ -104,9 +103,9 @@ public interface UserApi {
    @PostMapping("/role/option")
    List<UserItemVO> optionForRole(@RequestBody UserRequest request);

-    @Operation(summary = "组织内用户")
+    /*@Operation(summary = "组织内用户")
    @GetMapping("/org/option")
-    List<UserItemVO> optionForOrg();
+    List<UserItemVO> optionForOrg();*/

    @Operation(summary = "角色已绑用户")
    @Parameters({
@@ -118,7 +117,6 @@ public interface UserApi {
    PageResult<UserItemVO> selectedForRole(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody UserRequest request);


-
    @Operation(summary = "获取当前登录人信息")
    @GetMapping("/info")
    CurUserVO info();
@@ -255,4 +253,8 @@ public interface UserApi {
    @Hidden
    List<UserReciVO> getFormatRecipient(Long oid, List<Long> uidList, List<Long> ridList);

+    @Operation(summary = "查询用户")
+    @GetMapping("/query")
+    List<UserOptionVO> query();
+
 }
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserQueryRequest.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserQueryRequest.java
@@ -0,0 +1,13 @@
+package io.dataease.api.permissions.user.dto;
+
+import io.dataease.model.KeywordRequest;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class UserQueryRequest extends KeywordRequest implements Serializable {
+    private Long oid;
+}
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/vo/UserOptionVO.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/vo/UserOptionVO.java
@@ -0,0 +1,13 @@
+package io.dataease.api.permissions.user.vo;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class UserOptionVO extends UserItem implements Serializable {
+
+    private String account;
+}
--- a/sdk/common/src/main/java/io/dataease/constant/SubjectTypeEnum.java
+++ b/sdk/common/src/main/java/io/dataease/constant/SubjectTypeEnum.java
@@ -0,0 +1,15 @@
+package io.dataease.constant;
+
+import lombok.Getter;
+
+@Getter
+public enum SubjectTypeEnum {
+    USER(0), ROLE(1), ORG(2);
+
+    private final int code;
+
+    SubjectTypeEnum(int code) {
+        this.code = code;
+    }
+
+}
				`@@ -0,0 +1 @@`
				<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1779100824142" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="9362" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M595.8272 500.6272c0 13.0496-5.76 24.8768-14.8352 32.9792l-148.0768 132.896c-7.8976 7.0016-18.3488 11.264-29.7472 11.264-24.6016 0-44.5248-19.7888-44.5248-44.2496 0-13.1968 5.76-24.8768 14.8352-32.9792l62.048-55.6544L236.3904 544.8832c-24.5248 0-44.3904-19.7888-44.3904-44.3904 0-24.4608 19.8656-44.2496 44.3904-44.2496l199.136 0-62.048-55.6608c-9.0752-8.1088-14.8352-19.8592-14.8352-32.9728 0-24.4672 19.9232-44.256 44.5248-44.256 11.3984 0 21.8496 4.2624 29.7472 11.4048l148.0768 132.8896C590.0608 475.7504 595.8272 487.5712 595.8272 500.6272M617.9904 807.36l125.1776 0L743.168 216.64 617.9904 216.64c-24.5248 0-44.3904-19.9232-44.3904-44.3904 0-24.6016 19.936-44.2496 44.3904-44.2496l169.5616 0c24.5248 0 44.448 19.648 44.448 44.2496l0 679.4304c0 24.4544-19.9232 44.32-44.448 44.32L617.9904 896c-24.448 0-44.3904-19.8656-44.3904-44.32C573.6 827.2192 593.4656 807.36 617.9904 807.36" fill="" p-id="9363"></path></svg>