From e568d1a8c7616afe29a619fed1f3feef3a3419df Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Fri, 22 May 2026 10:32:17 +0800
Subject: [PATCH] =?UTF-8?q?refactor(X-Pack):=20=E5=AF=B9=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E4=BD=93=E7=B3=BB=E8=BF=9B=E8=A1=8C=E9=87=8D=E6=9E=84-8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/core-frontend/src/api/auth.ts            | 10 +++++--
 core/core-frontend/src/api/user.ts            |  2 +-
 .../src/assets/svg/icon-enter.svg             |  1 +
 .../core-frontend/src/config/axios/service.ts |  4 +++
 core/core-frontend/src/locales/zh-CN.ts       |  1 +
 core/core-frontend/src/store/modules/user.ts  | 29 +++++++++++++++++--
 .../api/permissions/auth/api/AuthApi.java     |  8 ++---
 .../auth/dto/BusiResourceRequest.java         | 20 +++++++++++++
 .../permissions/auth/vo/PermissionItem.java   | 12 ++++----
 .../permissions/auth/vo/PermissionOrigin.java |  8 +++++
 .../api/permissions/auth/vo/PermissionVO.java |  2 ++
 .../api/permissions/role/dto/RoleCreator.java |  4 ---
 .../api/permissions/user/api/UserApi.java     | 10 ++++---
 .../user/dto/UserQueryRequest.java            | 13 +++++++++
 .../api/permissions/user/vo/UserOptionVO.java | 13 +++++++++
 .../io/dataease/constant/SubjectTypeEnum.java | 15 ++++++++++
 16 files changed, 128 insertions(+), 24 deletions(-)
 create mode 100644 core/core-frontend/src/assets/svg/icon-enter.svg
 create mode 100644 sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/dto/BusiResourceRequest.java
 create mode 100644 sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserQueryRequest.java
 create mode 100644 sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/vo/UserOptionVO.java
 create mode 100644 sdk/common/src/main/java/io/dataease/constant/SubjectTypeEnum.java

diff --git a/core/core-frontend/src/api/auth.ts b/core/core-frontend/src/api/auth.ts
index 834f407124..2ae39019f7 100644
--- a/core/core-frontend/src/api/auth.ts
+++ b/core/core-frontend/src/api/auth.ts
@@ -1,10 +1,16 @@
 import request from '@/config/axios'
 
 export const queryUserApi = data => request.post({ url: '/user/byCurOrg', data })
-export const queryUserOptionsApi = () => request.get({ url: '/user/org/option' })
+export const queryUserOptionsApi = () => request.get({ url: '/user/query' })
 export const queryRoleApi = data => request.post({ url: '/role/byCurOrg', data })
 
-export const resourceTreeApi = (flag: string) => request.get({ url: '/auth/busiResource/' + flag })
+export const resourceTreeApi = (flag: string, isSystem?: boolean) => {
+  const param = {
+    flag,
+    isSystem: !!isSystem
+  }
+  return request.post({ url: '/auth/busiResource', data: param })
+}
 
 export const menuTreeApi = () => request.get({ url: '/auth/menuResource' })
 
diff --git a/core/core-frontend/src/api/user.ts b/core/core-frontend/src/api/user.ts
index ab334729d6..143ae2ad2d 100644
--- a/core/core-frontend/src/api/user.ts
+++ b/core/core-frontend/src/api/user.ts
@@ -7,7 +7,7 @@ export const switchOrg = (id: number | string) => request.post({ url: `/user/swi
 
 export const userInfo = () => request.get({ url: '/user/info' })
 
-export const searchRoleApi = (keyword: string) =>
+export const searchRoleApi = (keyword?: string) =>
   request.post({ url: '/role/query', data: { keyword } })
 export const searchRoleByOidApi = (oid: number) => request.get({ url: `/role/queryWithOid/${oid}` })
 
diff --git a/core/core-frontend/src/assets/svg/icon-enter.svg b/core/core-frontend/src/assets/svg/icon-enter.svg
new file mode 100644
index 0000000000..701ccc5ff1
--- /dev/null
+++ b/core/core-frontend/src/assets/svg/icon-enter.svg
@@ -0,0 +1 @@
+<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1779100824142" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="9362" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M595.8272 500.6272c0 13.0496-5.76 24.8768-14.8352 32.9792l-148.0768 132.896c-7.8976 7.0016-18.3488 11.264-29.7472 11.264-24.6016 0-44.5248-19.7888-44.5248-44.2496 0-13.1968 5.76-24.8768 14.8352-32.9792l62.048-55.6544L236.3904 544.8832c-24.5248 0-44.3904-19.7888-44.3904-44.3904 0-24.4608 19.8656-44.2496 44.3904-44.2496l199.136 0-62.048-55.6608c-9.0752-8.1088-14.8352-19.8592-14.8352-32.9728 0-24.4672 19.9232-44.256 44.5248-44.256 11.3984 0 21.8496 4.2624 29.7472 11.4048l148.0768 132.8896C590.0608 475.7504 595.8272 487.5712 595.8272 500.6272M617.9904 807.36l125.1776 0L743.168 216.64 617.9904 216.64c-24.5248 0-44.3904-19.9232-44.3904-44.3904 0-24.6016 19.936-44.2496 44.3904-44.2496l169.5616 0c24.5248 0 44.448 19.648 44.448 44.2496l0 679.4304c0 24.4544-19.9232 44.32-44.448 44.32L617.9904 896c-24.448 0-44.3904-19.8656-44.3904-44.32C573.6 827.2192 593.4656 807.36 617.9904 807.36" fill="" p-id="9363"></path></svg>
diff --git a/core/core-frontend/src/config/axios/service.ts b/core/core-frontend/src/config/axios/service.ts
index f86c189ef3..521839bbd1 100644
--- a/core/core-frontend/src/config/axios/service.ts
+++ b/core/core-frontend/src/config/axios/service.ts
@@ -121,6 +121,10 @@ service.interceptors.request.use(
     } else if (embeddedStore.token) {
       ;(config.headers as AxiosRequestHeaders)['X-EMBEDDED-TOKEN'] = embeddedStore.token
     }
+    const storedProxyInfo = wsCache.get('user.proxyInfo')
+    if (storedProxyInfo?.proxy && storedProxyInfo?.proxySecret) {
+      ;(config.headers as AxiosRequestHeaders)['X-DE-ADMIN-PROXY'] = storedProxyInfo.proxySecret
+    }
     const locale = getLocale()
     if (locale) {
       const val = mapping[locale] || locale
diff --git a/core/core-frontend/src/locales/zh-CN.ts b/core/core-frontend/src/locales/zh-CN.ts
index 69861092f5..48ff02bdf9 100644
--- a/core/core-frontend/src/locales/zh-CN.ts
+++ b/core/core-frontend/src/locales/zh-CN.ts
@@ -967,6 +967,7 @@ export default {
     resource_name: '资源名称',
     menu_name: '菜单名称',
     from_role: '继承自以下角色：',
+    from_org: '继承自以下组织：',
     auth_alone: '单独授权',
     org_role_empty: '组织管理员已拥有所有资源的权限，无需再授权',
     user_role_empty: '该用户是组织管理员，已拥有所有资源的权限，无需再授权',
diff --git a/core/core-frontend/src/store/modules/user.ts b/core/core-frontend/src/store/modules/user.ts
index b8ad3401b3..9109daafcc 100644
--- a/core/core-frontend/src/store/modules/user.ts
+++ b/core/core-frontend/src/store/modules/user.ts
@@ -14,6 +14,11 @@ interface UserState {
   language: string
   exp: number
   time: number
+  proxyInfo: {
+    proxy: boolean
+    proxyOid: string | null
+    proxySecret: string | null
+  }
 }
 
 export const userStore = defineStore('user', {
@@ -25,7 +30,12 @@ export const userStore = defineStore('user', {
       oid: null,
       language: 'zh-CN',
       exp: null,
-      time: null
+      time: null,
+      proxyInfo: {
+        proxy: false,
+        proxyOid: null,
+        proxySecret: null
+      }
     }
   },
   getters: {
@@ -49,6 +59,9 @@ export const userStore = defineStore('user', {
     },
     getTime(): number {
       return this.time
+    },
+    getProxyInfo(): { proxy: boolean; proxyOid: string | null; proxySecret: string | null } {
+      return this.proxyInfo
     }
   },
   actions: {
@@ -66,6 +79,10 @@ export const userStore = defineStore('user', {
         this[key] = data[dkey]
         wsCache.set('user.' + key, this[key])
       })
+      const cachedProxyInfo = wsCache.get('user.proxyInfo')
+      if (cachedProxyInfo) {
+        this.proxyInfo = cachedProxyInfo
+      }
       const locale = useLocaleStoreWithOut()
       if (locale.getCurrentLocale?.lang !== this.language && !window.DataEaseBi) {
         window.location.reload()
@@ -96,6 +113,14 @@ export const userStore = defineStore('user', {
       wsCache.set('user.oid', oid)
       this.oid = oid
     },
+    setProxyInfo(proxyInfo: {
+      proxy: boolean
+      proxyOid: string | null
+      proxySecret: string | null
+    }) {
+      wsCache.set('user.proxyInfo', proxyInfo)
+      this.proxyInfo = proxyInfo
+    },
     setLanguage(language: string) {
       const locale = useLocaleStoreWithOut()
       if (!language || language === 'zh_CN') {
@@ -107,7 +132,7 @@ export const userStore = defineStore('user', {
       changeLocale(language as any)
     },
     clear() {
-      const keys: string[] = ['token', 'uid', 'name', 'oid', 'language', 'exp', 'time']
+      const keys: string[] = ['token', 'uid', 'name', 'oid', 'language', 'exp', 'time', 'proxyInfo']
       keys.forEach(key => wsCache.delete('user.' + key))
     }
   }
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/api/AuthApi.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/api/AuthApi.java
index 1a2b0dc810..457e6c6226 100644
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/api/AuthApi.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/api/AuthApi.java
@@ -9,10 +9,9 @@ import io.dataease.api.permissions.auth.vo.ResourceItemVO;
 import io.dataease.api.permissions.auth.vo.ResourceVO;
 import io.swagger.v3.oas.annotations.Hidden;
 import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.Parameter;
+
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
@@ -24,9 +23,8 @@ public interface AuthApi {
 
     @Operation(summary = "查询资源树")
     @ApiOperationSupport(order = 1)
-    @Parameter(name = "flag", description = "类型")
-    @GetMapping("/busiResource/{flag}")
-    List<ResourceVO> busiResource(@PathVariable("flag") String flag);
+    @PostMapping("/busiResource")
+    List<ResourceVO> busiResource(@RequestBody BusiResourceRequest request);
 
     @Operation(summary = "查询对象已授权资源")
     @ApiOperationSupport(order = 3)
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/dto/BusiResourceRequest.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/dto/BusiResourceRequest.java
new file mode 100644
index 0000000000..6efed3de78
--- /dev/null
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/dto/BusiResourceRequest.java
@@ -0,0 +1,20 @@
+package io.dataease.api.permissions.auth.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+@Schema(description = "业务资源请求参数")
+@Data
+public class BusiResourceRequest implements Serializable {
+    @Serial
+    private static final long serialVersionUID = 6769377426446797907L;
+
+    @Schema(description = "资源flag", requiredMode = Schema.RequiredMode.REQUIRED)
+    private String flag;
+
+    @Schema(description = "是否系统级查询")
+    private boolean isSystem;
+}
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionItem.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionItem.java
index ffe384643b..c057f051c3 100644
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionItem.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionItem.java
@@ -2,16 +2,20 @@ package io.dataease.api.permissions.auth.vo;
 
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
-import io.dataease.api.permissions.dataset.dto.DataSetColumnPermissionsDTO;
-import io.dataease.api.permissions.dataset.dto.DataSetRowPermissionsTreeDTO;
 import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 import java.io.Serial;
 import java.io.Serializable;
 
 @Schema(description = "权限项")
 @Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
 public class PermissionItem implements Serializable {
 
     @Serial
@@ -21,10 +25,6 @@ public class PermissionItem implements Serializable {
     private Long id;
     @Schema(description = "权重")
     private int weight;
-    @Schema(description = "列权限")
-    private DataSetColumnPermissionsDTO columnPermissions;
-    @Schema(description = "行权限")
-    private DataSetRowPermissionsTreeDTO rowPermissions;
     @Schema(description = "独立权重")
     private int ext;
 }
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionOrigin.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionOrigin.java
index c043f5f5d3..7d388edd57 100644
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionOrigin.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionOrigin.java
@@ -3,7 +3,10 @@ package io.dataease.api.permissions.auth.vo;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
 import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 
 import java.io.Serial;
 import java.io.Serializable;
@@ -11,6 +14,9 @@ import java.util.List;
 
 @Schema(description = "关联权限")
 @Data
+@AllArgsConstructor
+@NoArgsConstructor
+@Builder
 public class PermissionOrigin implements Serializable {
     @Serial
     private static final long serialVersionUID = 1455588932869130794L;
@@ -20,6 +26,8 @@ public class PermissionOrigin implements Serializable {
     private Long id;
     @Schema(description = "关联名称")
     private String name;
+    @Schema(description = "来源类型: 0=user, 1=role, 2=org")
+    private Integer type;
     @Schema(description = "关联权限项")
     private List<PermissionItem> permissions;
 }
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionVO.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionVO.java
index 2d7f6579a8..c1fb6928c3 100644
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionVO.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/auth/vo/PermissionVO.java
@@ -17,6 +17,8 @@ public class PermissionVO implements Serializable {
     private boolean root;
     @Schema(description = "是否只读")
     private boolean readonly;
+    @Schema(description = "角色类型编码: 0=普通用户,5=数据分析师,9=组织管理员")
+    private Integer typeCode = 0;
     @Schema(description = "直接权限项")
     private List<PermissionItem> permissions;
     @Schema(description = "关联权限项")
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/role/dto/RoleCreator.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/role/dto/RoleCreator.java
index ec17769035..557aefc9f0 100644
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/role/dto/RoleCreator.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/role/dto/RoleCreator.java
@@ -21,8 +21,4 @@ public class RoleCreator implements Serializable {
     @JsonIgnore
     @Schema(hidden = true)
     private Long rid;
-
-    private Long oid;
-
-
 }
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java
index ad0c9f919a..2bf63f2085 100644
--- a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/api/UserApi.java
@@ -8,7 +8,6 @@ import io.dataease.api.permissions.user.dto.*;
 import io.dataease.api.permissions.user.vo.*;
 import io.dataease.auth.DeApiPath;
 import io.dataease.auth.DePermit;
-import io.dataease.auth.vo.TokenVO;
 import io.dataease.model.KeywordRequest;
 import io.dataease.result.PageResult;
 import io.swagger.v3.oas.annotations.Hidden;
@@ -104,9 +103,9 @@ public interface UserApi {
     @PostMapping("/role/option")
     List<UserItemVO> optionForRole(@RequestBody UserRequest request);
 
-    @Operation(summary = "组织内用户")
+    /*@Operation(summary = "组织内用户")
     @GetMapping("/org/option")
-    List<UserItemVO> optionForOrg();
+    List<UserItemVO> optionForOrg();*/
 
     @Operation(summary = "角色已绑用户")
     @Parameters({
@@ -118,7 +117,6 @@ public interface UserApi {
     PageResult<UserItemVO> selectedForRole(@PathVariable("goPage") int goPage, @PathVariable("pageSize") int pageSize, @RequestBody UserRequest request);
 
 
-
     @Operation(summary = "获取当前登录人信息")
     @GetMapping("/info")
     CurUserVO info();
@@ -255,4 +253,8 @@ public interface UserApi {
     @Hidden
     List<UserReciVO> getFormatRecipient(Long oid, List<Long> uidList, List<Long> ridList);
 
+    @Operation(summary = "查询用户")
+    @GetMapping("/query")
+    List<UserOptionVO> query();
+
 }
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserQueryRequest.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserQueryRequest.java
new file mode 100644
index 0000000000..6a0fcfe23d
--- /dev/null
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/dto/UserQueryRequest.java
@@ -0,0 +1,13 @@
+package io.dataease.api.permissions.user.dto;
+
+import io.dataease.model.KeywordRequest;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class UserQueryRequest extends KeywordRequest implements Serializable {
+    private Long oid;
+}
diff --git a/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/vo/UserOptionVO.java b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/vo/UserOptionVO.java
new file mode 100644
index 0000000000..7ef5b6bf90
--- /dev/null
+++ b/sdk/api/api-permissions/src/main/java/io/dataease/api/permissions/user/vo/UserOptionVO.java
@@ -0,0 +1,13 @@
+package io.dataease.api.permissions.user.vo;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.io.Serializable;
+
+@EqualsAndHashCode(callSuper = true)
+@Data
+public class UserOptionVO extends UserItem implements Serializable {
+
+    private String account;
+}
diff --git a/sdk/common/src/main/java/io/dataease/constant/SubjectTypeEnum.java b/sdk/common/src/main/java/io/dataease/constant/SubjectTypeEnum.java
new file mode 100644
index 0000000000..192a1bae8c
--- /dev/null
+++ b/sdk/common/src/main/java/io/dataease/constant/SubjectTypeEnum.java
@@ -0,0 +1,15 @@
+package io.dataease.constant;
+
+import lombok.Getter;
+
+@Getter
+public enum SubjectTypeEnum {
+    USER(0), ROLE(1), ORG(2);
+
+    private final int code;
+
+    SubjectTypeEnum(int code) {
+        this.code = code;
+    }
+
+}