Merge remote-tracking branch 'origin/dev_bugfix' into dev_bugfix

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java

@@ -25,4 +25,19 @@ public @interface DataFilter {
      */
     String[] tableAliases() default "";
 
+    /**
+     * 网格ID参数名
+     * 如果权限管理中配置开启了"网格内"权限过滤，那此处必须指定，并且在方法列表中使用该方法名传参，供过滤器使用
+     *  例如： @DataFilter(gridIdArgName="gridId")
+     *        public void test(String a, String b, String gridId) {...}
+     * @return
+     */
+    String gridIdArgName() default "";
+
+    /**
+     * 部门ID参数名
+     * @return
+     */
+    String deptIdArgName() default "";
+
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java

@@ -19,6 +19,7 @@ import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.user.LoginUserUtil;
 import com.epmet.commons.tools.utils.Result;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
@@ -52,6 +53,9 @@ public class DataFilterAspect {
 
     public static final ThreadLocal<String> sqlFilter = new ThreadLocal();
 
+    //public static final ThreadLocal<String> gridIdTL = new ThreadLocal();
+    //public static final ThreadLocal<String> deptIdTL = new ThreadLocal();
+
     @Autowired
     private LoginUserUtil loginUserUtil;
 
@@ -69,10 +73,30 @@ public class DataFilterAspect {
         //清空
         sqlFilter.set(null);
 
-        // 通过反射，取到注解属性
-        DataFilter dataFilterAnno = ((MethodSignature) point.getSignature()).getMethod().getAnnotation(DataFilter.class);
-        String[] tableAliases = dataFilterAnno.tableAliases();
-        String tableAlias = tableAliases[0];
+        // 取到注解属性
+        MethodSignature methodSignature = (MethodSignature) point.getSignature();
+        DataFilter dataFilterAnno = methodSignature.getMethod().getAnnotation(DataFilter.class);
+        String tableAlias = dataFilterAnno.tableAliases()[0];
+        String gridIdArgName = dataFilterAnno.gridIdArgName();
+        String deptIdArgName = dataFilterAnno.deptIdArgName();
+
+        String[] parameterNames = methodSignature.getParameterNames();
+
+        // 取出注解参数中指定的gridId和deptId的入参的值
+        String gridId = null;
+        String deptId = null;
+        if (StringUtils.isNotBlank(gridIdArgName)) {
+            int gridIdArgIndex = ArrayUtils.indexOf(parameterNames, gridIdArgName);
+            if (gridIdArgIndex >-1){
+                gridId = (String) point.getArgs()[gridIdArgIndex];
+            }
+        }
+        if (StringUtils.isNotBlank(deptIdArgName)) {
+            int deptArgIndex = ArrayUtils.indexOf(parameterNames, deptIdArgName);
+            if (deptArgIndex > -1) {
+                deptId = (String) point.getArgs()[deptArgIndex];
+            }
+        }
 
         // 从ThreadLocal中取所需权限
         String requirePermission = AccessOpeAspect.requirePermissionTl.get();
@@ -114,7 +138,7 @@ public class DataFilterAspect {
 
         // 生成过滤sql
         String sqlFilterSegment = getSqlFilterSegment(userId, userDetail.getRoleIdList(), requirePermission,
-                userDetail.getOrgIdPath(), userDetail.getDeptIdList(), tableAlias, userDetail.getDeptIdList());
+                userDetail.getOrgIdPath(), userDetail.getGridIdList(), tableAlias, userDetail.getDeptIdList(), gridId, deptId);
 
         // 方式1.填充到Service方法列表中的DataScope对象中。如果dao入参是用DTO的话，那么再加一个DataScope入参，sql中会报错提示#{}参数找不到，因此改用方法2
         //Object[] methodArgs = point.getArgs();
@@ -135,13 +159,13 @@ public class DataFilterAspect {
         Set<String> permissions = new HashSet<>();
         roleIdList.forEach(role -> {
             // 找出该角色的所有功能操作列表
-            Result<Set<RoleOpeScopeResultDTO>> result = govAccessFeignClient.listRoleAllOperationScopesByRoleId(role);
+            Result<List<RoleOpeScopeResultDTO>> result = govAccessFeignClient.listRoleAllOperationScopesByRoleId(role);
             if (!result.success()) {
                 // 获取operation异常
                 log.error("调用GovAccess，根据RoleId查询Operation列表失败:{}", result.getMsg());
                 throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
             }
-            Set<RoleOpeScopeResultDTO> roleOperations = result.getData();
+            List<RoleOpeScopeResultDTO> roleOperations = result.getData();
             permissions.addAll(roleOperations.stream().map(ope -> ope.getOperationKey()).collect(Collectors.toSet()));
         });
         return permissions;
@@ -164,31 +188,42 @@ public class DataFilterAspect {
      * @return
      */
     private String getSqlFilterSegment(String userId, Set<String> roleIds, String reqiurePermission, String orgIdPath,
-                                       Set<String> gridIdList, String tableAlias, Set<String> deptIds) {
+                                       Set<String> gridIdList, String tableAlias, Set<String> deptIds, String gridId, String deptId) {
 
         StringBuilder sb = new StringBuilder();
 
         Map<String, String> accessSettings = listRoleAccessSettings(roleIds);
 
         // 1.生成sql:组织范围过滤
-        genOrgScopeSql(sb, orgIdPath, roleIds, reqiurePermission, tableAlias);
+        if (!genOrgScopeSql(sb, orgIdPath, roleIds, reqiurePermission, tableAlias)) {
+            // 返回false，说明已经开启了all所有范围，后续条件不在拼接入sql，结束执行
+            return sb.toString();
+        }
 
         // 2.生成sql:我发起的
         String iCreated = accessSettings.get(AccessSettingConstant.I_CREATED_KEY);
-        if (StringUtils.isNotBlank(iCreated) && AccessSettingConstant.I_CREATED_YES.equals(iCreated)) {
+        if (StringUtils.isNotBlank(iCreated) && AccessSettingConstant.I_CREATED_ON.equals(iCreated)) {
             genICreatedSql(sb, userId, tableAlias);
         }
 
         // 3.生成sql:本网格的
         String inGrid = accessSettings.get(AccessSettingConstant.IN_GRID_KEY);
-        if (StringUtils.isNotBlank(inGrid) && AccessSettingConstant.IN_GRID_YES.equals(inGrid)) {
-            genInGrid(sb, gridIdList, tableAlias);
+        if (StringUtils.isNotBlank(inGrid) && AccessSettingConstant.IN_GRID_ON.equals(inGrid)) {
+            if (StringUtils.isBlank(gridId)) {
+                log.error("DataFilter:拼接SQL语句出错:需要in grid权限，但是代码中没有获取到:{}", gridId);
+                throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
+            }
+            genInGrid(sb, gridId, tableAlias);
         }
 
         // 4.生成sql:根据部门列表
         String inDept = accessSettings.get(AccessSettingConstant.IN_DEPARTMENT_KEY);
-        if (StringUtils.isNotBlank(inDept) && AccessSettingConstant.IN_DEPARTMENT_YES.equals(inDept)) {
-            genDepartmentFilterSql(sb, deptIds);
+        if (StringUtils.isNotBlank(inDept) && AccessSettingConstant.IN_DEPARTMENT_ON.equals(inDept)) {
+            if (StringUtils.isBlank(deptId)) {
+                log.error("DataFilter:拼接SQL语句出错:需要in department权限，但是代码中没有获取到:{}", deptId);
+                throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
+            }
+            genDepartmentFilterSql(sb, deptId, tableAlias);
         }
 
         return sb.toString();
@@ -196,6 +231,7 @@ public class DataFilterAspect {
 
     /**
      * 列出角色对应的权限设置项
+     *
      * @param roleIds
      * @return
      */
@@ -216,51 +252,81 @@ public class DataFilterAspect {
         }
         return new HashMap<>();
     }
+
     /**
      * 生成部门过滤sql
      *
      * @param sb
      */
-    private void genDepartmentFilterSql(StringBuilder sb, Set<String> deptIdList) {
+    private void genDepartmentFilterSql(StringBuilder sb, String deptId, String tableAlias) {
         //Result<List<DepartmentListResultDTO>> deptListResult = govOrgFeignClient.getDepartmentListByStaffId(staffId);
-        if (CollectionUtils.isEmpty(deptIdList)) {
-            return;
+        if (hasConditions.get()) {
+            // 之前没有条件
+            sb.append(" OR ");
+        }
+        if (StringUtils.isBlank(tableAlias)) {
+            sb.append(" DEPARTMENT_ID = '").append(deptId).append("' ");
+        } else {
+            sb.append(" ").append(tableAlias).append(".DEPARTMENT_ID ='").append(deptId).append("' ");
         }
-        deptIdList.forEach(deptId -> {
-            sb.append(hasConditions.get() ? " OR " : "").append(" DEPARTMENT_ID = '").append(deptId).append("' ");
-        });
         hasConditions.set(true);
     }
 
+    //private void genDepartmentFilterSql(StringBuilder sb, Set<String> deptIdList) {
+    //    //Result<List<DepartmentListResultDTO>> deptListResult = govOrgFeignClient.getDepartmentListByStaffId(staffId);
+    //    if (CollectionUtils.isEmpty(deptIdList)) {
+    //        return;
+    //    }
+    //    deptIdList.forEach(deptId -> {
+    //        sb.append(hasConditions.get() ? " OR " : "").append(" DEPARTMENT_ID = '").append(deptId).append("' ");
+    //    });
+    //    hasConditions.set(true);
+    //}
+
     /**
      * 网格sql
      *
      * @param sb
      * @param tableAlias
      */
-    private void genInGrid(StringBuilder sb, Set<String> gridIdList, String tableAlias) {
-        //if (StringUtils.isBlank(tableAlias)) {
-        //    sb.append(hasConditions.get() ? " OR " : "").append(" GRID_ID ='").append(gridId).append("' ");
-        //} else {
-        //    sb.append(hasConditions.get() ? " OR " : "").append(tableAlias).append(".GRID_ID ='").append(gridId).append("' ");
-        //}
-
+    private void genInGrid(StringBuilder sb, String gridId, String tableAlias) {
         if (hasConditions.get()) {
             // 之前没有条件
             sb.append(" OR ");
         }
+
         // OR     GRID_ID = 'XXX' OR GRID_ID = 'QQQ'
-        for (String gridId : gridIdList) {
         if (StringUtils.isBlank(tableAlias)) {
-                sb.append(" GRID_ID = '").append(gridId).append("' OR");
+            sb.append(" GRID_ID = '").append(gridId).append("' ");
         } else {
-                sb.append(" ").append(tableAlias).append(".GRID_ID ='").append(gridId).append("' OR ");
+            sb.append(" ").append(tableAlias).append(".GRID_ID ='").append(gridId).append("' ");
         }
-        }
-        sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
         hasConditions.set(true);
     }
 
+    //private void genInGrid(StringBuilder sb, Set<String> gridIdList, String tableAlias) {
+    //    //if (StringUtils.isBlank(tableAlias)) {
+    //    //    sb.append(hasConditions.get() ? " OR " : "").append(" GRID_ID ='").append(gridId).append("' ");
+    //    //} else {
+    //    //    sb.append(hasConditions.get() ? " OR " : "").append(tableAlias).append(".GRID_ID ='").append(gridId).append("' ");
+    //    //}
+    //
+    //    if (hasConditions.get()) {
+    //        // 之前没有条件
+    //        sb.append(" OR ");
+    //    }
+    //    // OR     GRID_ID = 'XXX' OR GRID_ID = 'QQQ'
+    //    for (String gridId : gridIdList) {
+    //        if (StringUtils.isBlank(tableAlias)) {
+    //            sb.append(" GRID_ID = '").append(gridId).append("' OR");
+    //        } else {
+    //            sb.append(" ").append(tableAlias).append(".GRID_ID ='").append(gridId).append("' OR ");
+    //        }
+    //    }
+    //    sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
+    //    hasConditions.set(true);
+    //}
+
     /**
      * sql：我发起的
      *
@@ -277,41 +343,43 @@ public class DataFilterAspect {
 
     /**
      * 计算组织范围过滤sql，整体入口
-     *
      * @param sb
      * @param orgIdPath
+     * @param roleIds
+     * @param reqiurePermission
+     * @param tableAlias
+     * @return Boolean 是否继续往下执行。true:继续执行，false:不继续执行
      */
-    public void genOrgScopeSql(StringBuilder sb, String orgIdPath, Set<String> roleIds, String reqiurePermission, String tableAlias) {
+    public boolean genOrgScopeSql(StringBuilder sb, String orgIdPath, Set<String> roleIds, String reqiurePermission, String tableAlias) {
 
         // 根据角色列表查询操作范围列表
         Set<RoleOpeScopeResultDTO> opeAndScopes = new HashSet<>();
-        //roleIds.forEach(roleId -> {
-        //    OperationScopeFormDTO osformDto = new OperationScopeFormDTO();
-        //    osformDto.setRoleId(roleId);
-        //    osformDto.setOperationKey(reqiurePermission);
-        //    Result<Set<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(osformDto);
-        //    if (result.success()) {
-        //        scopeDTOS.addAll(result.getData());
-        //    }
-        //});
 
         roleIds.forEach(roleId -> {
-            Result<Set<RoleOpeScopeResultDTO>> opeResult = govAccessFeignClient.listRoleAllOperationScopesByRoleId(roleId);
+            Result<List<RoleOpeScopeResultDTO>> opeResult = govAccessFeignClient.listRoleAllOperationScopesByRoleId(roleId);
             if (!opeResult.success()) {
                 log.error("DataFilter：根据角色查询角色所有的操作列表出错:{}", opeResult.getMsg());
             } else {
-                Set<RoleOpeScopeResultDTO> opes = opeResult.getData();
+                List<RoleOpeScopeResultDTO> opes = opeResult.getData();
                 if (!CollectionUtils.isEmpty(opes)) {
-                    opeAndScopes.addAll(opes);
+                    opes.forEach(ope -> {
+                        if (reqiurePermission.equals(ope.getOperationKey())) {
+                            // 拿到当前操作对应的 RoleOpeScopeResultDTO
+                            opeAndScopes.add(ope);
+                        }
+                    });
                 }
             }
         });
 
-        // 过滤范围
+        // 过滤出最大的范围
         HashSet<String> scopes = filteScopes(opeAndScopes);
         if (CollectionUtils.isEmpty(scopes)) {
             // 没有范围限制
-            return;
+            return true;
+        }
+        if (scopes.contains(OpeScopeConstant.ORG_ALL)) {
+            return false;
         }
 
         // 取出父组织ID path 和当前组织ID
@@ -320,11 +388,12 @@ public class DataFilterAspect {
         genOrgScopeSql(sb, scopes, currOrgPath, pOrgPath, tableAlias);
         sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
         hasConditions.set(true);
+        return true;
     }
 
     /**
      * 计算组织范围过滤sql
-     *
+     * PS:这个方法需要优化，当前阶段因为逻辑不稳定，暂时不做过度封装
      * @param scopes
      * @param currOrg
      * @param pOrgPath
@@ -342,16 +411,32 @@ public class DataFilterAspect {
                     break;
                 case OpeScopeConstant.ORG_CURR_AND_SUB:
                     if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append("%' ").append(" OR ");
+                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append("%' OR ");
                     } else {
-                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append("%' ").append(" OR ");
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append("%' OR ");
                     }
                     break;
                 case OpeScopeConstant.ORG_CURR_SUB:
                     if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' ").append(" OR ");
+                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' OR ");
+                    }
+                    break;
+                 //当前单位的父级单位
+                case OpeScopeConstant.ORG_CURR_SUP:
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" '").append(pOrgPath).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR ");
+                    } else {
+                        sb.append(" '").append(pOrgPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%') OR ");
+                    }
+                    break;
+                //    当前单位及其父级单位
+                case OpeScopeConstant.ORG_CURR_AND_SUP:
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR ");
                     } else {
-                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' ").append(" OR ");
+                        sb.append(" '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%' ) OR ");
                     }
                     break;
                 case OpeScopeConstant.ORG_EQUAL:
@@ -366,6 +451,14 @@ public class DataFilterAspect {
                     // todo 同级的子级
                     //sb.append(" OR ");
                     break;
+                case OpeScopeConstant.ORG_EQUAL_AND_SUP:
+                    // todo 同级及其上级
+                    //sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_EQUAL_SUP:
+                    // todo 同级的上级
+                    //sb.append(" OR ");
+                    break;
             }
         }
     }
@@ -378,12 +471,16 @@ public class DataFilterAspect {
      */
     private HashSet<String> filteScopes(Set<RoleOpeScopeResultDTO> scopeDTOS) {
         HashMap<String, RoleOpeScopeResultDTO> filtedScopes = new HashMap<>();
-
         for (RoleOpeScopeResultDTO scope : scopeDTOS) {
             String scopeIndex = scope.getScopeIndex();
             if (StringUtils.isBlank(scopeIndex)) {
                 continue;
             }
+            if (OpeScopeConstant.ORG_ALL.equals(scope.getScopeKey())) {
+                // 该操作具有all的权限，直接放入
+                filtedScopes.put(scopeIndex, scope);
+                break;
+            }
             String[] currArr = scopeIndex.split("_");
             if ("0".equals(currArr[1])) {
                 // 为0，说明没有包含关系，直接放入

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java

@@ -2,14 +2,14 @@ package com.epmet.commons.mybatis.constant;
 
 public class AccessSettingConstant {
     public static final String I_CREATED_KEY = "I_CREATED";
-    public static final String I_CREATED_YES = "YES";
+    public static final String I_CREATED_ON = "ON";
 
     public static final String I_PART_KEY = "I_PART";
-    public static final String I_PART_YES = "YES";
+    public static final String I_PART_ON = "ON";
 
     public static final String IN_GRID_KEY = "IN_GRID";
-    public static final String IN_GRID_YES = "YES";
+    public static final String IN_GRID_ON = "ON";
 
     public static final String IN_DEPARTMENT_KEY = "IN_DEPARTMENT";
-    public static final String IN_DEPARTMENT_YES = "YES";
+    public static final String IN_DEPARTMENT_ON = "ON";
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/RoleAccessSettingResultDTO.java

@@ -1,13 +0,0 @@
-package com.epmet.commons.mybatis.dto.form;
-
-import lombok.Data;
-
-@Data
-public class RoleAccessSettingResultDTO {
-
-    private String settingKey;
-    private String id;
-    private String settingName;
-    private String roleId;
-
-}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java

@@ -41,7 +41,7 @@ public interface GovAccessFeignClient {
      * @param roleId
      * @return
      */
-    @PostMapping("/gov/access/access/role/{roleId}/accesssettings")
+    @PostMapping("/gov/access/access/accesssettings/{roleId}")
     Result<Map<String, String>> listAccessSettings(@PathVariable("roleId") String roleId);
 
     /**
@@ -49,5 +49,5 @@ public interface GovAccessFeignClient {
      * @return
      */
     @PostMapping("/gov/access/access/roleallopesandscopes/{roleId}")
-    Result<Set<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId);
+    Result<List<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId);
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java

@@ -8,6 +8,7 @@ import com.epmet.commons.tools.utils.Result;
 import org.springframework.stereotype.Component;
 import org.springframework.web.bind.annotation.PathVariable;
 
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -36,7 +37,7 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient {
     }
 
     @Override
-    public Result<Set<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId){
+    public Result<List<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId){
         return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listRoleAllOperationScopesByRoleId", roleId);
     }
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java

@@ -8,11 +8,9 @@
 
 package com.epmet.commons.mybatis.interceptor;
 
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
 import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
 import com.epmet.commons.mybatis.aspect.DataFilterAspect;
-import com.epmet.commons.mybatis.entity.DataScope;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.ibatis.executor.statement.StatementHandler;
 import org.apache.ibatis.mapping.BoundSql;
@@ -23,7 +21,6 @@ import org.apache.ibatis.reflection.MetaObject;
 import org.apache.ibatis.reflection.SystemMetaObject;
 
 import java.sql.Connection;
-import java.util.Map;
 import java.util.Properties;
 
 /**
@@ -43,16 +40,17 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I
         // SQL解析
         this.sqlParser(metaObject);
 
-        // 先判断是不是SELECT操作
-        //MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
-        //if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
-        //    return invocation.proceed();
-        //}
+        // 先判断是不是INSERT操作,insert不过滤
+        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
+        if (SqlCommandType.INSERT.equals(mappedStatement.getSqlCommandType())) {
+            return invocation.proceed();
+        }
 
         // 针对定义了rowBounds，做为mapper接口方法的参数
         BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
         String originalSql = boundSql.getSql();
-        Object paramObj = boundSql.getParameterObject();
+
+        //Object paramObj = boundSql.getParameterObject();
 
         // 方式1.判断参数里是否有DataScope对象
         /*DataScope scope = null;

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/constant/OpeScopeConstant.java

@@ -1,5 +1,8 @@
 package com.epmet.commons.tools.constant;
 
+/**
+ * 操作范围常量
+ */
 public class OpeScopeConstant {
 
     // 权限覆盖所有范围
@@ -9,6 +12,10 @@ public class OpeScopeConstant {
     public static final String ORG_EQUAL_SUB = "org_equal_sub";
     //"同级组织及下级"
     public static final String ORG_EQUAL_AND_SUB = "org_equal_and_sub";
+    // 同级组织的上级
+    public static final String ORG_EQUAL_SUP = "org_equal_sup";
+    // 同级组织及上级
+    public static final String ORG_EQUAL_AND_SUP = "org_equal_and_sup";
     //"同级组织"
     public static final String ORG_EQUAL = "org_equal";
 

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java

@@ -0,0 +1,8 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+@Data
+public class AccessSettingFormDTO {
+    private String roleId;
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessSettingResultDTO.java

@@ -0,0 +1,58 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+/**
+ * 权限配置
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-29
+ */
+@Data
+public class AccessSettingResultDTO {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 配置KEY
+     */
+	private String settingKey;
+
+    /**
+     * 配置值
+     */
+	private String settingValue;
+
+	/**
+	 * 配置名称
+	 */
+	private String settingName;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/RoleAccessSettingResultDTO.java

@@ -1,14 +0,0 @@
-package com.epmet.dto.result;
-
-import lombok.Data;
-
-@Data
-public class RoleAccessSettingResultDTO {
-
-    private String settingKey;
-    private String id;
-    private String settingName;
-    private String settingValue;
-    private String roleId;
-
-}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java

@@ -3,19 +3,15 @@ package com.epmet.controller;
 import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
-import com.epmet.dto.OperationScopeDTO;
+import com.epmet.dto.form.AccessSettingFormDTO;
 import com.epmet.dto.form.OperationScopeFormDTO;
 import com.epmet.dto.form.StaffPermCacheFormDTO;
 import com.epmet.dto.result.LoginUserInfoResultDTO;
-import com.epmet.dto.result.RoleAccessSettingResultDTO;
 import com.epmet.dto.result.RoleOpeScopeResultDTO;
-import com.epmet.entity.OperationScopeEntity;
 import com.epmet.service.AccessService;
-import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -88,17 +84,16 @@ public class AccessController {
      * @return
      */
     @PostMapping("roleallopesandscopes/{roleId}")
-    public Result<Set<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId) {
-        Set<RoleOpeScopeResultDTO> scopes = accessService.listAllRoleOperationScopesByRoleId(roleId);
-        return new Result<Set<RoleOpeScopeResultDTO>>().ok(scopes);
+    public Result<List<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId) {
+        List<RoleOpeScopeResultDTO> scopes = accessService.listAllRoleOperationScopesByRoleId(roleId);
+        return new Result<List<RoleOpeScopeResultDTO>>().ok(scopes);
     }
 
     /**
      * 查询角色的权限相关配置
-     * @param roleId
      * @return
      */
-    @PostMapping("/role/{roleId}/accesssettings")
+    @PostMapping("/accesssettings/{roleId}")
     public Result<Map<String, String>> listAccessSettings(@PathVariable("roleId") String roleId) {
         Map<String, String> settings = accessService.listAccessSettings(roleId);
         return new Result<Map<String, String>>().ok(settings);

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java

@@ -0,0 +1,43 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.AccessSettingResultDTO;
+import com.epmet.entity.AccessSettingEntity;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.List;
+
+/**
+ * 权限配置
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-29
+ */
+@Mapper
+public interface AccessSettingDao extends BaseDao<AccessSettingEntity> {
+
+    /**
+     * 根据角色查询配置列表
+     * @param roleId
+     * @return
+     */
+    List<AccessSettingResultDTO> listAccessSettingsByRoleId(String roleId);
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleAccessSettingDao.java → epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingOptionsDao.java

@@ -18,20 +18,16 @@
 package com.epmet.dao;
 
 import com.epmet.commons.mybatis.dao.BaseDao;
-import com.epmet.dto.result.RoleAccessSettingResultDTO;
-import com.epmet.entity.RoleAccessSettingEntity;
+import com.epmet.entity.AccessSettingOptionsEntity;
 import org.apache.ibatis.annotations.Mapper;
 
-import java.util.List;
-
 /**
- * 权限配置
+ * 权限配置选项
  *
  * @author generator generator@elink-cn.com
- * @since v1.0.0 2020-04-26
+ * @since v1.0.0 2020-04-29
  */
 @Mapper
-public interface RoleAccessSettingDao extends BaseDao<RoleAccessSettingEntity> {
+public interface AccessSettingOptionsDao extends BaseDao<AccessSettingOptionsEntity> {
 	
-    List<RoleAccessSettingResultDTO> listRoleAccessSettingsByRoleId(String roleId);
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java

@@ -49,7 +49,7 @@ public interface OperationScopeDao extends BaseDao<OperationScopeEntity> {
      * 查询角色所有operation及其范围
      * @param roleId
      */
-    Set<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId);
+    List<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId);
 
     String getDefaultScopeKeyForOperation(@Param("operationKey") String operationKey);
 

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleAccessSettingEntity.java → epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/AccessSettingEntity.java

@@ -29,37 +29,33 @@ import java.util.Date;
  * 权限配置
  *
  * @author generator generator@elink-cn.com
- * @since v1.0.0 2020-04-26
+ * @since v1.0.0 2020-04-29
  */
 @Data
 @EqualsAndHashCode(callSuper=false)
-@TableName("role_access_setting")
-public class RoleAccessSettingEntity extends BaseEpmetEntity {
+@TableName("access_setting")
+public class AccessSettingEntity extends BaseEpmetEntity {
 
 	private static final long serialVersionUID = 1L;
 
     /**
-     * 配置KEY
+     * 角色ID
      */
-	private String settingKey;
+	private String roleId;
 
     /**
-     * 配置name
-     */
-	private String settingName;
-	/**
-	 * 配置值
+     * 操作key
      */
-	private String settingValue;
+	private String operationKey;
 
     /**
-     * 角色ID
+     * 配置KEY
      */
-	private String roleId;
+	private String settingKey;
 
     /**
-     * 操作简介
+     * 配置值
      */
-	private String brief;
+	private String settingValue;
 
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/AccessSettingOptionsEntity.java

@@ -0,0 +1,56 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 权限配置选项
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-29
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("access_setting_options")
+public class AccessSettingOptionsEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 配置KEY
+     */
+	private String settingKey;
+
+    /**
+     * 配置name
+     */
+	private String settingName;
+
+    /**
+     * 简介
+     */
+	private String brief;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java

@@ -2,14 +2,11 @@ package com.epmet.redis;
 
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
-import com.epmet.dto.result.RoleAccessSettingResultDTO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
-import java.util.function.BiConsumer;
 
 @Component
 public class RoleAccessSettingRedis {

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java

@@ -1,12 +1,12 @@
 package com.epmet.redis;
 
-import cn.hutool.core.bean.BeanUtil;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.dto.result.RoleOpeScopeResultDTO;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -34,7 +34,7 @@ public class RoleOpeScopeRedis {
      * @param roleId
      * @param scopes
      */
-    public void setRoleAllOpeScopes(String roleId, Set<RoleOpeScopeResultDTO> scopes) {
+    public void setRoleAllOpeScopes(String roleId, List<RoleOpeScopeResultDTO> scopes) {
         String roleAllOpeScopesKey = RedisKeys.getRoleAllOpeScopesKey(roleId);
         redisUtils.set(roleAllOpeScopesKey, scopes);
     }
@@ -55,9 +55,10 @@ public class RoleOpeScopeRedis {
      * @param roleId
      * @return
      */
-    public Set<RoleOpeScopeResultDTO> getRoleAllOpeScopes(String roleId) {
+    public List<RoleOpeScopeResultDTO> getRoleAllOpeScopes(String roleId) {
         String roleOpeScopesKey = RedisKeys.getRoleAllOpeScopesKey(roleId);
-        return (Set<RoleOpeScopeResultDTO>)redisUtils.get(roleOpeScopesKey);
+        Object o = redisUtils.get(roleOpeScopesKey);
+        return (List<RoleOpeScopeResultDTO>)o;
     }
 
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java

@@ -1,9 +1,7 @@
 package com.epmet.service;
 
 import com.epmet.commons.tools.security.dto.GovTokenDto;
-import com.epmet.dto.result.RoleAccessSettingResultDTO;
 import com.epmet.dto.result.RoleOpeScopeResultDTO;
-import com.epmet.entity.OperationScopeEntity;
 
 import java.util.List;
 import java.util.Map;
@@ -43,5 +41,5 @@ public interface AccessService {
      * @param roleId
      * @return
      */
-    Set<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId);
+    List<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId);
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java

@@ -4,18 +4,14 @@ import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.dao.OperationScopeDao;
-import com.epmet.dao.RoleAccessSettingDao;
-import com.epmet.dto.result.RoleAccessSettingResultDTO;
 import com.epmet.dto.result.RoleOpeScopeResultDTO;
 import com.epmet.redis.RoleAccessSettingRedis;
 import com.epmet.redis.RoleOpeScopeRedis;
 import com.epmet.service.AccessService;
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
-import org.springframework.util.CollectionUtils;
 
 import java.util.*;
 
@@ -30,9 +26,6 @@ public class AccessServiceImpl implements AccessService {
     @Autowired
     private OperationScopeDao operationScopeDao;
 
-    @Autowired
-    private RoleAccessSettingDao roleAccessSettingDao;
-
     @Autowired
     private RoleOpeScopeRedis roleOpeScopeRedis;
 
@@ -114,26 +107,11 @@ public class AccessServiceImpl implements AccessService {
     }
 
     @Override
-    public Set<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId) {
-        Set<RoleOpeScopeResultDTO> roleAllOpeScopes = roleOpeScopeRedis.getRoleAllOpeScopes(roleId);
+    public List<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId) {
+        List<RoleOpeScopeResultDTO> roleAllOpeScopes = roleOpeScopeRedis.getRoleAllOpeScopes(roleId);
+        // 防止缓存穿透
         if (roleAllOpeScopes == null) {
-            roleAllOpeScopes = new HashSet<>();
-            Set<RoleOpeScopeResultDTO> roleAllOpeScopesResult = operationScopeDao.listAllRoleOperationScopesByRoleId(roleId);
-            for (RoleOpeScopeResultDTO opeAndScope : roleAllOpeScopesResult) {
-                if (StringUtils.isBlank(opeAndScope.getScopeKey())) {
-                    // 没有人为配置scope，则使用角色默认配置
-                    String scopeKey = operationScopeDao.getDefaultScopeKeyForOperation(opeAndScope.getOperationKey());
-                    if (StringUtils.isNotBlank(scopeKey)) {
-                        String scopeIndex = operationScopeDao.getScopeIndexByScopeKey(scopeKey);
-                        opeAndScope.setScopeKey(scopeKey);
-                        opeAndScope.setScopeIndex(scopeIndex);
-                        roleAllOpeScopes.add(opeAndScope);
-                        // 有默认scope配置的才返回
-                    }
-                } else {
-                    roleAllOpeScopes.add(opeAndScope);
-                }
-            }
+            roleAllOpeScopes = operationScopeDao.listAllRoleOperationScopesByRoleId(roleId);
             roleOpeScopeRedis.setRoleAllOpeScopes(roleId, roleAllOpeScopes);
         }
         return roleAllOpeScopes;

epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql

@@ -75,22 +75,45 @@ CREATE TABLE `role_scope`  (
   PRIMARY KEY (`ID`) USING BTREE
 ) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '角色能操作哪些范围' ROW_FORMAT = Dynamic;
 
--- 2020.04.26 wxz --
+-- SET FOREIGN_KEY_CHECKS = 1;
 
-CREATE TABLE `role_access_setting` (
-  `ID` varchar(64) NOT NULL COMMENT '主键',
-  `SETTING_KEY` varchar(30) NOT NULL COMMENT '配置KEY',
-  `SETTING_NAME` varchar(30) NOT NULL COMMENT '配置name',
-  `SETTING_VALUE` varchar(30) NOT NULL COMMENT '配置值',
-  `ROLE_ID` varchar(64) DEFAULT NULL COMMENT '角色ID',
-  `BRIEF` varchar(255) DEFAULT NULL COMMENT '操作简介',
-  `DEL_FLAG` tinyint(1) DEFAULT NULL,
-  `REVISION` int(10) DEFAULT NULL,
-  `CREATED_BY` varchar(64) DEFAULT NULL,
-  `CREATED_TIME` datetime DEFAULT NULL,
-  `UPDATED_BY` varchar(64) DEFAULT NULL,
-  `UPDATED_TIME` datetime DEFAULT NULL,
-  PRIMARY KEY (`ID`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='权限配置'
+-- 2020.04.29 wxz
+CREATE TABLE `access_setting`  (
+  `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '主键',
+  `ROLE_ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '角色ID',
+  `OPERATION_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '操作key',
+  `SETTING_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '配置KEY',
+  `SETTING_VALUE` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '配置值',
+  `DEL_FLAG` tinyint(1) NULL DEFAULT NULL,
+  `REVISION` int(10) NULL DEFAULT NULL,
+  `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
+  `CREATED_TIME` datetime(0) NULL DEFAULT NULL,
+  `UPDATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
+  `UPDATED_TIME` datetime(0) NULL DEFAULT NULL,
+  PRIMARY KEY (`ID`) USING BTREE,
+  UNIQUE INDEX `uni_access_setting_role_key_opt`(`ROLE_ID`, `OPERATION_KEY`, `SETTING_KEY`) USING BTREE
+) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '权限配置' ROW_FORMAT = Dynamic;
 
--- SET FOREIGN_KEY_CHECKS = 1;
+
+CREATE TABLE `access_setting_options`  (
+  `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '主键',
+  `SETTING_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '配置KEY',
+  `SETTING_NAME` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '配置name',
+  `BRIEF` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '简介',
+  `DEL_FLAG` tinyint(1) NULL DEFAULT NULL,
+  `REVISION` int(10) NULL DEFAULT NULL,
+  `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
+  `CREATED_TIME` datetime(0) NULL DEFAULT NULL,
+  `UPDATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL,
+  `UPDATED_TIME` datetime(0) NULL DEFAULT NULL,
+  PRIMARY KEY (`ID`) USING BTREE,
+  UNIQUE INDEX `uni_access_setting_opts`(`SETTING_KEY`) USING BTREE COMMENT '配置KEY不能重复'
+) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_general_ci COMMENT = '权限配置选项' ROW_FORMAT = Dynamic;
+
+-- ----------------------------
+-- Records of access_setting_options
+-- ----------------------------
+INSERT INTO `access_setting_options` VALUES ('1', 'I_CREATED', '我发起的', '我发起的条件过滤。ON为开启，OFF为关闭', 0, 0, NULL, NULL, NULL, NULL);
+INSERT INTO `access_setting_options` VALUES ('2', 'I_PART', '我参与的', '我参与的条件过滤', 0, 0, NULL, NULL, NULL, NULL);
+INSERT INTO `access_setting_options` VALUES ('3', 'IN_GRID', '网格内', '网格内', 0, 0, NULL, NULL, NULL, NULL);
+INSERT INTO `access_setting_options` VALUES ('4', 'IN_DEPARTMENT', '部门内', '部门内', 0, 0, NULL, NULL, NULL, NULL);

epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml

@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.epmet.dao.AccessSettingDao">
+
+    <resultMap type="com.epmet.entity.AccessSettingEntity" id="accessSettingMap">
+        <result property="id" column="ID"/>
+        <result property="roleId" column="ROLE_ID"/>
+        <result property="operationKey" column="OPERATION_KEY"/>
+        <result property="settingKey" column="SETTING_KEY"/>
+        <result property="settingValue" column="SETTING_VALUE"/>
+        <result property="delFlag" column="DEL_FLAG"/>
+        <result property="revision" column="REVISION"/>
+        <result property="createdBy" column="CREATED_BY"/>
+        <result property="createdTime" column="CREATED_TIME"/>
+        <result property="updatedBy" column="UPDATED_BY"/>
+        <result property="updatedTime" column="UPDATED_TIME"/>
+    </resultMap>
+
+    <!--根据角色查询配置列表-->
+    <select id="listAccessSettingsByRoleId" resultType="com.epmet.dto.result.AccessSettingResultDTO">
+        SELECT
+            s.*,
+            opt.SETTING_NAME
+        FROM
+            access_setting s
+            INNER JOIN access_setting_options opt ON ( s.SETTING_KEY = opt.SETTING_KEY AND opt.DEL_FLAG = 0)
+        WHERE
+            s.ROLE_ID = #{roleId}
+            AND s.DEL_FLAG = 0
+    </select>
+
+
+</mapper>

epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleAccessSettingDao.xml → epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingOptionsDao.xml

@@ -1,14 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 
-<mapper namespace="com.epmet.dao.RoleAccessSettingDao">
+<mapper namespace="com.epmet.dao.AccessSettingOptionsDao">
 
-    <resultMap type="com.epmet.entity.RoleAccessSettingEntity" id="roleAccessSettingMap">
+    <resultMap type="com.epmet.entity.AccessSettingOptionsEntity" id="accessSettingOptionsMap">
         <result property="id" column="ID"/>
         <result property="settingKey" column="SETTING_KEY"/>
         <result property="settingName" column="SETTING_NAME"/>
-        <result property="settingValue" column="SETTING_VALUE"/>
-        <result property="roleId" column="ROLE_ID"/>
         <result property="brief" column="BRIEF"/>
         <result property="delFlag" column="DEL_FLAG"/>
         <result property="revision" column="REVISION"/>
@@ -18,13 +16,5 @@
         <result property="updatedTime" column="UPDATED_TIME"/>
     </resultMap>
 
-    <!--查询角色的权限相关配置-->
-    <select id="listRoleAccessSettingsByRoleId" resultType="com.epmet.dto.result.RoleAccessSettingResultDTO">
-        select settings.*
-        from role_access_setting settings
-        where ROLE_ID = #{roleId}
-            AND DEL_FLAG = '0'
-    </select>
-
 
 </mapper>

epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml

@@ -29,17 +29,22 @@
 
     <!--查询角色所有operation及其范围-->
     <select id="listAllRoleOperationScopesByRoleId" resultType="com.epmet.dto.result.RoleOpeScopeResultDTO">
+        SELECT t.*, os.SCOPE_INDEX
+        FROM (
                  SELECT ope.ROLE_ID,
                         ope.OPERATION_KEY,
-               ro.SCOPE_KEY,
-               os.SCOPE_INDEX
+                        CASE
+                            WHEN ro.SCOPE_KEY IS NULL THEN d.SCOPE_KEY
+                            ELSE ro.SCOPE_KEY END AS SCOPE_KEY
                  FROM role_operation ope
                           LEFT JOIN role_scope ro
                                     ON (ope.ROLE_ID = ro.ROLE_ID AND ope.OPERATION_KEY = ro.OPERATION_KEY AND ro.DEL_FLAG = 0)
-                 LEFT JOIN operation_scope os
-                           ON (ro.SCOPE_KEY = os.SCOPE_KEY)
+                          LEFT JOIN operation_scope_default d ON (ope.OPERATION_KEY = d.OPERATION_KEY AND d.DEL_FLAG = 0)
                  WHERE ope.ROLE_ID = #{roleId}
                    AND ope.DEL_FLAG = 0
+                 ORDER BY OPERATION_KEY ASC
+             ) t
+                 INNER JOIN operation_scope os ON (t.SCOPE_KEY = os.SCOPE_KEY)
     </select>
 
     <select id="getDefaultScopeKeyForOperation" resultType="java.lang.String">

epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java

@@ -1,7 +1,7 @@
 package com.epmet.test.govaccess;
 
-import com.epmet.dao.RoleAccessSettingDao;
-import com.epmet.dto.result.RoleAccessSettingResultDTO;
+import com.epmet.dao.AccessSettingDao;
+import com.epmet.dto.result.AccessSettingResultDTO;
 import com.epmet.redis.RoleAccessSettingRedis;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -18,17 +18,17 @@ import java.util.Map;
 public class AccessSettingTest {
 
     @Autowired
-    private RoleAccessSettingDao roleAccessSettingDao;
+    private AccessSettingDao roleAccessSettingDao;
 
     @Autowired
     private RoleAccessSettingRedis roleAccessSettingRedis;
 
     @Test
     public void addAccessSettings2Redis() {
-        List<RoleAccessSettingResultDTO> settings = roleAccessSettingDao.listRoleAccessSettingsByRoleId("1");
+        List<AccessSettingResultDTO> settings = roleAccessSettingDao.listAccessSettingsByRoleId("1");
         HashMap<String, Object> objectObjectHashMap = new HashMap<>();
-        settings.forEach(s -> {
-            objectObjectHashMap.put(s.getSettingKey(), s.getSettingValue());
+        settings.forEach(setting -> {
+            objectObjectHashMap.put(setting.getSettingKey(), setting.getSettingValue());
         });
         roleAccessSettingRedis.set(objectObjectHashMap, "1");
         Map<String, String> map = roleAccessSettingRedis.get("1");

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java

@@ -53,6 +53,6 @@ public interface GovAccessFeignClient {
      * @return
      */
     @PostMapping("/gov/access/access/roleallopesandscopes/{roleId}")
-    Result<Set<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId);
+    Result<List<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(@PathVariable("roleId") String roleId);
 
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovAccessFeignClientFallback.java

@@ -43,7 +43,7 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient {
 	}
 
 	@Override
-	public Result<Set<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(String roleId) {
+	public Result<List<RoleOpeScopeResultDTO>> listRoleAllOperationScopesByRoleId(String roleId) {
 		return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listRoleAllOperationScopesByRoleId", roleId);
 	}
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java

@@ -94,13 +94,13 @@ public class AccessServiceImpl implements AccessService {
         roleDTOS.forEach(roleDto -> {
             String roleId = roleDto.getId();
             // 找出该角色的所有功能操作列表
-            Result<Set<RoleOpeScopeResultDTO>> result = govAccessFeignClient.listRoleAllOperationScopesByRoleId(roleId);
+            Result<List<RoleOpeScopeResultDTO>> result = govAccessFeignClient.listRoleAllOperationScopesByRoleId(roleId);
             if (!result.success()) {
                 // 获取operation异常
                 logger.error("调用GovAccess，根据RoleId查询Operation列表失败:{}", result.getMsg());
                 throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
             }
-            Set<RoleOpeScopeResultDTO> roleOperations = result.getData();
+            List<RoleOpeScopeResultDTO> roleOperations = result.getData();
             filtedOps.addAll(filterOpesByScope(currOrgRelation, roleOperations));
         });
         return filtedOps;
@@ -113,7 +113,7 @@ public class AccessServiceImpl implements AccessService {
      * @param roleOperations
      * @return
      */
-    private HashSet<String> filterOpesByScope(String currOrgRelation, Set<RoleOpeScopeResultDTO> roleOperations) {
+    private HashSet<String> filterOpesByScope(String currOrgRelation, List<RoleOpeScopeResultDTO> roleOperations) {
         HashSet<String> opeKeys = new HashSet<>();
         for (RoleOpeScopeResultDTO opeScope : roleOperations) {
             String scopeKey = opeScope.getScopeKey();

epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/feign/EpmetUserFeignClient.java

@@ -32,6 +32,7 @@ import java.util.List;
  * @dscription
  * @date 2020/3/19 9:32
  */
+//url = "8087"
 @FeignClient(name = ServiceConstant.EPMET_USER_SERVER, fallback = EpmetUserFeignClientFallBack.class)
 public interface EpmetUserFeignClient {
 	/**

epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/feign/EpmetUserFeignClient.java

@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.*;
  * @dscription
  * @date 2020/3/19 9:32
  */
+//, url = "localhost:8087"
 @FeignClient(name = ServiceConstant.EPMET_USER_SERVER, path="/epmetuser", fallback = EpmetUserFeignClientFallback.class)
 public interface EpmetUserFeignClient {
 

epmet-user/epmet-user-server/src/main/java/com/epmet/dao/StaffRoleDao.java

@@ -45,7 +45,7 @@ public interface StaffRoleDao extends BaseDao<StaffRoleEntity> {
      * @param orgId
      * @return
      */
-    @DataFilter(tableAliases = { "sr" })
+    //@DataFilter(tableAliases = { "sr" }, gridIdArgName = "gridId", deptIdArgName = "deptId")
     List<GovStaffRoleResultDTO> listStaffIdsByRoleKeyAndOrgId(@Param("roleKey") String roleKey, @Param("orgId") String orgId,
                                                               @Param("dataScope") DataScope dataScope);