1.完成组织范围sql过滤，本网格sql过滤，我创建的sql过滤

5 years ago · 4cd81531f8
23 changed files with 256 additions and 255 deletions
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java
@ -8,8 +8,10 @@

 package com.epmet.commons.mybatis.aspect;

+import com.epmet.commons.mybatis.annotation.DataFilter;
 import com.epmet.commons.mybatis.constant.OpeScopeConstant;
 import com.epmet.commons.mybatis.dto.form.OperationScopeDTO;
+import com.epmet.commons.mybatis.dto.form.OperationScopeFormDTO;
 import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO;
 import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
 import com.epmet.commons.mybatis.entity.DataScope;
@ -23,6 +25,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.reflect.MethodSignature;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@ -53,15 +56,11 @@ public class DataFilterAspect {

    @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
    public void dataFilter(JoinPoint point) {
-        // 反射的方式
-        //MethodSignature signature = (MethodSignature) point.getSignature();
-        //Class[] parameterTypes = signature.getParameterTypes();
-        //for (Class parameterType : parameterTypes) {
-        //    if (parameterType == DataScope.class) {
-        //
-        //    }
-        //}
+        // 通过反射，取到注解属性
+        DataFilter dataFilterAnno = ((MethodSignature) point.getSignature()).getMethod().getAnnotation(DataFilter.class);
+        String tableAlias = dataFilterAnno.tableAlias();

+        // 从ThreadLocal中取所需权限
        String requirePermission = AccessOpeAspect.requirePermissionTl.get();
        // 没有配置所需权限，不做操作，打印提示日志
        if (StringUtils.isBlank(requirePermission)) {
@ -69,10 +68,14 @@ public class DataFilterAspect {
            return;
        }

+        String app = loginUserUtil.getLoginUserApp();
+        String client = loginUserUtil.getLoginUserClient();
+        String userId = loginUserUtil.getLoginUserId();
+
        StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO();
-        staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp());
-        staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient());
-        staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId());
+        staffPermissionFormDTO.setApp(app);
+        staffPermissionFormDTO.setClient(client);
+        staffPermissionFormDTO.setStaffId(userId);
        Result<StaffPermCacheResultDTO> result = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO);

        if (result.getCode() != 0) {
@ -91,10 +94,17 @@ public class DataFilterAspect {
        // 校验操作权限
        validateOpePermission(permCacheResultDTO.getPermissions(), requirePermission);

+        // 生成过滤sql
        Object[] methodArgs = point.getArgs();
        for (Object methodArg : methodArgs) {
            if (methodArg instanceof DataScope) {
-                ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment(permCacheResultDTO.getRoleIdList(), requirePermission, permCacheResultDTO.getOrgIdPath()));
+                ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment(
+                        userId,
+                        permCacheResultDTO.getRoleIdList(),
+                        requirePermission,
+                        permCacheResultDTO.getOrgIdPath(),
+                        permCacheResultDTO.getGridId(),
+                        tableAlias));
                return;
            }
        }
@ -118,56 +128,111 @@ public class DataFilterAspect {
     *
     * @return
     */
-    private String getSqlFilterSegment(Set<String> roleIds, String reqiurePermission, String orgIdPath) {
+    private String getSqlFilterSegment(String userId,Set<String> roleIds, String reqiurePermission, String orgIdPath, String gridId, String tableAlias) {
        // 根据角色列表查询操作范围列表
-        // todo 暂停，先模拟数据
-        //roleIds.forEach(roleId -> {
-        //    OperationScopeFormDTO osformDto = new OperationScopeFormDTO();
-        //    osformDto.setRoleId(roleId);
-        //    osformDto.setOperationKey(reqiurePermission);
-        //    Result<List<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(osformDto);
-        //    List<OperationScopeDTO> scopeDTOS = result.getData();
-        //});
-        Set<OperationScopeDTO> scopeDTOS = genScopeDtos();
-
-        // 过滤有效范围
+        Set<OperationScopeDTO> scopeDTOS = new HashSet<>();
+        roleIds.forEach(roleId -> {
+            OperationScopeFormDTO osformDto = new OperationScopeFormDTO();
+            osformDto.setRoleId(roleId);
+            osformDto.setOperationKey(reqiurePermission);
+            Result<Set<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(osformDto);
+            if (result.success()) {
+                scopeDTOS.addAll(result.getData());
+            }
+        });
+
+        // 过滤范围
        HashSet<String> scopes = filteScopes(scopeDTOS);
+        if (CollectionUtils.isEmpty(scopes)) {
+            // 没有范围限制
+            return "";
+        }
+        StringBuilder sb = new StringBuilder();
+
+        // 1.生成sql:组织范围过滤
+        genOrgScopeSql(sb, orgIdPath, scopes, tableAlias);
+
+        // 2.生成sql:我发起的
+        genIStartedSql(sb, userId, tableAlias);
+
+        // 3.生成sql:本网格的
+        genInGrid(sb, gridId, tableAlias);
+
+        //sb.append(")");
+        System.out.println("生成的过滤sql：" + sb.toString());
+        return sb.toString();
+    }
+
+    /**
+     * 网格sql
+     * @param sb
+     * @param gridId
+     * @param tableAlias
+     */
+    private void genInGrid(StringBuilder sb, String gridId, String tableAlias) {
+        if (StringUtils.isBlank(tableAlias)) {
+            sb.append(" OR GRID_ID ='").append(gridId).append("'");
+        } else {
+            sb.append(" OR ").append(tableAlias).append(".GRID_ID ='").append(gridId).append("'");
+        }
+    }
+
+    /**
+     * sql：我发起的
+     * @param userId
+     */
+    private void genIStartedSql(StringBuilder sb, String userId, String tableAlias) {
+        if (StringUtils.isBlank(tableAlias)) {
+            sb.append(" OR CREATED_BY ='").append(userId).append("'");
+        } else {
+            sb.append(" OR ").append(tableAlias).append(".CREATED_BY ='").append(userId).append("'");
+        }
+    }

+    /**
+     * 计算组织范围过滤sql，整体入口
+     * @param sb
+     * @param orgIdPath
+     * @param scopes
+     */
+    public void genOrgScopeSql(StringBuilder sb, String orgIdPath, HashSet<String> scopes, String tableAlias) {
        // 取出父组织ID path 和当前组织ID
        String pOrgPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter));
        String currOrgPath = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1);
-
-        StringBuilder sb = new StringBuilder(" AND (");
-        getOrgScopeSql(sb, scopes, currOrgPath, pOrgPath);
+        genOrgScopeSql(sb, scopes, currOrgPath, pOrgPath, tableAlias);
        sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
-        sb.append(") ");
-        // 拼接sql语句
-        sb.replace(141,142,"");
-        // TODO
-        return "";
    }

    /**
-     * 计算范围过滤sql
+     * 计算组织范围过滤sql
     * @param scopes
     * @param currOrg
     * @param pOrgPath
     * @return
     */
-    private void getOrgScopeSql(StringBuilder sb,HashSet<String> scopes, String currOrg, String pOrgPath) {
+    private void genOrgScopeSql(StringBuilder sb,HashSet<String> scopes, String currOrg, String pOrgPath, String tableAlias) {
        for (String scope : scopes) {
            switch (scope) {
                case OpeScopeConstant.ORG_CURR:
-                    getAgencyCurrScopedSql(sb, currOrg);
-                    sb.append(" OR ");
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" ORG_ID = '").append(currOrg).append("' OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID = '").append(currOrg).append("' OR ");
+                    }
                    break;
                case OpeScopeConstant.ORG_CURR_AND_SUB:
-                    getAgencyCurrAndSubScopedSql(sb, pOrgPath);
-                    sb.append(" OR ");
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append("%' ").append(" OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append("%' ").append(" OR ");
+                    }
                    break;
                case OpeScopeConstant.ORG_CURR_SUB:
-                    getAgencyCurrSubScopedSql(sb, pOrgPath, currOrg);
-                    sb.append(" OR ");
+                    if (StringUtils.isBlank(tableAlias)) {
+                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' ").append(" OR ");
+                    } else {
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' ").append(" OR ");
+                    }
                    break;
                case OpeScopeConstant.ORG_EQUAL:
                    // todo 同级
@ -185,32 +250,6 @@ public class DataFilterAspect {
        }
    }

-    /**
-     * 本身
-     * @param sb
-     * @param orgId
-     */
-    public void getAgencyCurrScopedSql(StringBuilder sb,String orgId) {
-        sb.append(" ORG_ID = ").append(orgId);
-    }
-
-    /**
-     * 本身及子级
-     * @param sb
-     * @param pOrgIdPath
-     */
-    public void getAgencyCurrAndSubScopedSql(StringBuilder sb,String pOrgIdPath) {
-        sb.append(" ORG_ID_PATH like '").append(pOrgIdPath).append("%'");
-    }
-
-    /**
-     * 子级组织(不含本身)
-     * @param sb
-     */
-    public void getAgencyCurrSubScopedSql(StringBuilder sb,String pOrgIdPath, String currOrgIdPath) {
-        sb.append("ORG_ID_PATH like '").append(pOrgIdPath).append(orgIdPathSpliter).append(currOrgIdPath).append("%'");
-    }
-
    /**
     * 过滤有效范围
     *
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java
@ -39,6 +39,11 @@ public class OperationScopeDTO implements Serializable {
     */
 	private String id;

+    /**
+     * 角色id
+     */
+    private String roleId;
+
    /**
     * 范围key
     */
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java
@ -22,4 +22,9 @@ public class StaffPermCacheResultDTO {
     */
    private String orgIdPath;

+    /**
+     * 网格ID
+     */
+    private String gridId;
+
 }
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java
@ -34,6 +34,6 @@ public interface GovAccessFeignClient {
     * @return
     */
    @PostMapping("/gov/access/access/operationscopes")
-    Result<List<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO);
+    Result<Set<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO);

 }
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java
@ -10,7 +10,7 @@ import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
 import org.springframework.stereotype.Component;

-import java.util.List;
+import java.util.Set;

 /**
 * 调用政府端权限
@ -27,7 +27,7 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient {
    }

    @Override
-    public Result<List<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO) {
+    public Result<Set<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO) {
        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getOperationScopesByRoleId", operationScopeFormDTO);
    }
 }
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java
@ -10,9 +10,9 @@ package com.epmet.commons.mybatis.interceptor;

 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
-import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
 import com.epmet.commons.mybatis.entity.DataScope;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.ibatis.executor.statement.StatementHandler;
 import org.apache.ibatis.mapping.BoundSql;
 import org.apache.ibatis.mapping.MappedStatement;
@ -43,10 +43,10 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I
        this.sqlParser(metaObject);

        // 先判断是不是SELECT操作
-        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
-        if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
-            return invocation.proceed();
-        }
+        //MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
+        //if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
+        //    return invocation.proceed();
+        //}

        // 针对定义了rowBounds，做为mapper接口方法的参数
        BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
@ -79,12 +79,18 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I
        // 拼接新SQL
        String orderBy = "ORDER BY";
        String groupBy = "GROUP BY";
+        String sqlFilter = scope.getSqlFilter();
+        if (originalSql.indexOf("WHERE") == 0) {
+            // 不包含where，需要手动拼接上
+            sqlFilter = " WHERE ".concat(sqlFilter);
+        }
+
        if (originalSql.indexOf(groupBy) > -1) {
-            originalSql = originalSql.replace(groupBy, scope.getSqlFilter() + groupBy);
+            originalSql = originalSql.replace(groupBy, sqlFilter + groupBy);
        } else if (originalSql.indexOf(orderBy) > -1) {
-            originalSql = originalSql.replace(orderBy, scope.getSqlFilter() + orderBy);
+            originalSql = originalSql.replace(orderBy, sqlFilter + orderBy);
        } else {
-            originalSql = originalSql + scope.getSqlFilter();
+            originalSql = originalSql.concat(" AND (").concat(scope.getSqlFilter()).concat(")");
        }

        // 重写SQL
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
@ -207,4 +207,14 @@ public class RedisKeys {
 	public static String getLoginSmsCodeKey(String app, String client, String phone) {
 		return String.format(rootPrefix+"smsCode:login:%s:%s:%s",app,client,phone);
 	}
+
+	/**
+	 * 角色的操作权限对应的可操作范围
+	 * @param roleId 角色ID
+	 * @param opeKey 操作Key
+	 * @return
+	 */
+	public static String getRoleOpeScopesKey(String roleId, String opeKey) {
+		return rootPrefix.concat("gov:access:role:opescopes:").concat(roleId).concat(opeKey);
+	}
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/RoleOpeScopeResultDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/RoleOpeScopeResultDTO.java
@ -0,0 +1,28 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+@Data
+public class RoleOpeScopeResultDTO {
+
+    /**
+     * 角色ID
+     */
+    private String roleId;
+
+    /**
+     * 范围key
+     */
+    private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+    private String scopeName;
+
+    /**
+     * 范围序号
+     */
+    private String scopeIndex;
+
+}
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java
@ -23,4 +23,9 @@ public class StaffPermCacheResultDTO {
     */
    private String orgIdPath;

+    /**
+     * 网格ID
+     */
+    private String gridId;
+
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java
@ -6,6 +6,7 @@ import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.OperationScopeDTO;
 import com.epmet.dto.form.OperationScopeFormDTO;
 import com.epmet.dto.form.StaffPermCacheFormDTO;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
 import com.epmet.dto.result.StaffPermCacheResultDTO;
 import com.epmet.entity.OperationScopeEntity;
 import com.epmet.service.AccessService;
@ -62,26 +63,19 @@ public class AccessController {
            resultDTO.setPermissions(govTokenDto.getPermissions());
            resultDTO.setRoleIdList(govTokenDto.getRoleIdList());
            resultDTO.setOrgIdPath(govTokenDto.getOrgIdPath());
+            resultDTO.setGridId(govTokenDto.getGridId());
        }
        return new Result<StaffPermCacheResultDTO>().ok(resultDTO);
    }

    /**
-     * 查询角色的操作key对应操作范围列表(需要入缓存)
+     * 查询角色的操作key对应操作范围列表(缓存)
     * @return
     */
-    // todo 需要加缓存
    @PostMapping("operationscopes")
-    public Result<List<OperationScopeDTO>> getOperationScopesByRoleId(@RequestBody OperationScopeFormDTO operationScopeFormDTO) {
+    public Result<Set<RoleOpeScopeResultDTO>> getOperationScopesByRoleId(@RequestBody OperationScopeFormDTO operationScopeFormDTO) {
        ValidatorUtils.validateEntity(operationScopeFormDTO, OperationScopeFormDTO.ListOperationScopeGroup.class);
-        List<OperationScopeEntity> scopes = accessService.listOperationScopesByRoleId(operationScopeFormDTO.getRoleId(), operationScopeFormDTO.getOperationKey());
-        ArrayList<OperationScopeDTO> scopeDtos = new ArrayList<>();
-        scopes.forEach(scope -> {
-            OperationScopeDTO scopeDTO = new OperationScopeDTO();
-            BeanUtils.copyProperties(scope, scopeDTO);
-            scopeDtos.add(scopeDTO);
-        });
-
-        return new Result<List<OperationScopeDTO>>().ok(scopeDtos);
+        Set<RoleOpeScopeResultDTO> scopes = accessService.listOperationScopesByRoleId(operationScopeFormDTO.getRoleId(), operationScopeFormDTO.getOperationKey());
+        return new Result<Set<RoleOpeScopeResultDTO>>().ok(scopes);
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java
@ -18,12 +18,14 @@
 package com.epmet.dao;

 import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
 import com.epmet.entity.OperationScopeEntity;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 import org.springframework.context.annotation.Scope;

 import java.util.List;
+import java.util.Set;

 /**
 * 权限范围表
@ -40,6 +42,6 @@ public interface OperationScopeDao extends BaseDao<OperationScopeEntity> {
     * @param operationKey 操作key
     * @return
     */
-    List<OperationScopeEntity> listOperationScopesByRoleId(@Param("roleId") String roleId,
-                                                           @Param("operationKey") String operationKey);
+    Set<RoleOpeScopeResultDTO> listOperationScopesByRoleId(@Param("roleId") String roleId,
+                                            @Param("operationKey") String operationKey);
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java
@ -1,47 +0,0 @@
-/**
- * Copyright 2018 人人开源 https://www.renren.io
- * <p>
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.epmet.redis;
-
-import com.epmet.commons.tools.redis.RedisUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-/**
- * 权限范围表
- *
- * @author generator generator@elink-cn.com
- * @since v1.0.0 2020-04-24
- */
-@Component
-public class OperationScopeRedis {
-    @Autowired
-    private RedisUtils redisUtils;
-
-    public void delete(Object[] ids) {
-
-    }
-
-    public void set(){
-
-    }
-
-    public String get(String id){
-        return null;
-    }
-
-}
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java
@ -0,0 +1,43 @@
+package com.epmet.redis;
+
+import cn.hutool.core.bean.BeanUtil;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import java.util.Set;
+
+/**
+ * 角色的操作权限对应的操作范围Redis
+ */
+@Component
+public class RoleOpeScopeRedis {
+
+    @Autowired
+    private RedisUtils redisUtils;
+
+    /**
+     * 缓存角色操作范围
+     * @param roleId
+     * @param opeKey
+     * @param scopes
+     */
+    public void setRoleOpeScopes(String roleId, String opeKey, Set<RoleOpeScopeResultDTO> scopes) {
+        String roleOpeScopesKey = RedisKeys.getRoleOpeScopesKey(roleId, opeKey);
+        redisUtils.set(roleOpeScopesKey, scopes);
+    }
+
+    /**
+     * 查询角色操作范围
+     * @param roleId
+     * @param opeKey
+     * @return
+     */
+    public Set<RoleOpeScopeResultDTO> getRoleOpeScopes(String roleId, String opeKey) {
+        String roleOpeScopesKey = RedisKeys.getRoleOpeScopesKey(roleId, opeKey);
+        return (Set<RoleOpeScopeResultDTO>)redisUtils.get(roleOpeScopesKey);
+    }
+
+}
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOperationRedis.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOperationRedis.java
@ -1,47 +0,0 @@
-/**
- * Copyright 2018 人人开源 https://www.renren.io
- * <p>
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.epmet.redis;
-
-import com.epmet.commons.tools.redis.RedisUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-/**
- * 角色能进行那些操作
- *
- * @author generator generator@elink-cn.com
- * @since v1.0.0 2020-04-22
- */
-@Component
-public class RoleOperationRedis {
-    @Autowired
-    private RedisUtils redisUtils;
-
-    public void delete(Object[] ids) {
-
-    }
-
-    public void set(){
-
-    }
-
-    public String get(String id){
-        return null;
-    }
-
-}
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java
@ -1,47 +0,0 @@
-/**
- * Copyright 2018 人人开源 https://www.renren.io
- * <p>
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-
-package com.epmet.redis;
-
-import com.epmet.commons.tools.redis.RedisUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
-/**
- * 角色能操作哪些范围
- *
- * @author generator generator@elink-cn.com
- * @since v1.0.0 2020-04-24
- */
-@Component
-public class RoleScopeRedis {
-    @Autowired
-    private RedisUtils redisUtils;
-
-    public void delete(Object[] ids) {
-
-    }
-
-    public void set(){
-
-    }
-
-    public String get(String id){
-        return null;
-    }
-
-}
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java
@ -1,6 +1,7 @@
 package com.epmet.service;

 import com.epmet.commons.tools.security.dto.GovTokenDto;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
 import com.epmet.entity.OperationScopeEntity;

 import java.util.List;
@ -26,5 +27,5 @@ public interface AccessService {
     * @param operationKey
     * @return
     */
-    List<OperationScopeEntity> listOperationScopesByRoleId(String roleId, String operationKey);
+    Set<RoleOpeScopeResultDTO> listOperationScopesByRoleId(String roleId, String operationKey);
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java
@ -1,9 +1,11 @@
 package com.epmet.service.impl;

+import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.dao.OperationScopeDao;
-import com.epmet.entity.OperationScopeEntity;
+import com.epmet.dto.result.RoleOpeScopeResultDTO;
+import com.epmet.redis.RoleOpeScopeRedis;
 import com.epmet.service.AccessService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -11,8 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;

-import java.util.HashSet;
-import java.util.List;
 import java.util.Set;

@Service
@ -26,6 +26,9 @@ public class AccessServiceImpl implements AccessService {
    @Autowired
    private OperationScopeDao operationScopeDao;

+    @Autowired
+    private RoleOpeScopeRedis roleOpeScopeRedis;
+
    /**
     * 更新权限缓存
     * @param staffId
@ -60,7 +63,18 @@ public class AccessServiceImpl implements AccessService {
     * @param operationKey
     * @return
     */
-    public List<OperationScopeEntity> listOperationScopesByRoleId(String roleId, String operationKey) {
-        return operationScopeDao.listOperationScopesByRoleId(roleId, operationKey);
+    public Set<RoleOpeScopeResultDTO> listOperationScopesByRoleId(String roleId, String operationKey) {
+        Set<RoleOpeScopeResultDTO> roleOpeScopes = roleOpeScopeRedis.getRoleOpeScopes(roleId, operationKey);
+        if (roleOpeScopes != null) {
+            return roleOpeScopes;
+        }
+        Set<RoleOpeScopeResultDTO> scopes = operationScopeDao.listOperationScopesByRoleId(roleId, operationKey);
+        try {
+            roleOpeScopeRedis.setRoleOpeScopes(roleId, operationKey, scopes);
+        } catch (Exception e) {
+            String errorStackTrace = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("GovAccess:查询角色的操作范围:缓存范围出错:{}", errorStackTrace);
+        }
+        return scopes;
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java
@ -26,7 +26,6 @@ import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.dao.OperationScopeDao;
 import com.epmet.dto.OperationScopeDTO;
 import com.epmet.entity.OperationScopeEntity;
-import com.epmet.redis.OperationScopeRedis;
 import com.epmet.service.OperationScopeService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@ -46,8 +45,6 @@ import java.util.Map;
@Service
 public class OperationScopeServiceImpl extends BaseServiceImpl<OperationScopeDao, OperationScopeEntity> implements OperationScopeService {

-    @Autowired
-    private OperationScopeRedis operationScopeRedis;

    @Override
    public PageData<OperationScopeDTO> page(Map<String, Object> params) {
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleOperationServiceImpl.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleOperationServiceImpl.java
@ -27,7 +27,6 @@ import com.epmet.dao.RoleOperationDao;
 import com.epmet.dto.RoleOperationDTO;
 import com.epmet.dto.result.RoleOperationResultDTO;
 import com.epmet.entity.RoleOperationEntity;
-import com.epmet.redis.RoleOperationRedis;
 import com.epmet.service.RoleOperationService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@ -47,9 +46,6 @@ import java.util.Map;
@Service
 public class RoleOperationServiceImpl extends BaseServiceImpl<RoleOperationDao, RoleOperationEntity> implements RoleOperationService {

-    @Autowired
-    private RoleOperationRedis roleOperationRedis;
-
    @Override
    public PageData<RoleOperationDTO> page(Map<String, Object> params) {
        IPage<RoleOperationEntity> page = baseDao.selectPage(
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java
@ -26,7 +26,6 @@ import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.dao.RoleScopeDao;
 import com.epmet.dto.RoleScopeDTO;
 import com.epmet.entity.RoleScopeEntity;
-import com.epmet.redis.RoleScopeRedis;
 import com.epmet.service.RoleScopeService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@ -46,9 +45,6 @@ import java.util.Map;
@Service
 public class RoleScopeServiceImpl extends BaseServiceImpl<RoleScopeDao, RoleScopeEntity> implements RoleScopeService {

-    @Autowired
-    private RoleScopeRedis roleScopeRedis;
-
    @Override
    public PageData<RoleScopeDTO> page(Map<String, Object> params) {
        IPage<RoleScopeEntity> page = baseDao.selectPage(
--- a/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql
+++ b/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql
@ -10,6 +10,7 @@ CREATE TABLE `operation_scope`  (
  `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT 'id',
  `SCOPE_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围key',
  `SCOPE_NAME` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围名称',
+  `SCOPE_INDEX` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围序号',
  `DEL_FLAG` tinyint(1) NULL DEFAULT NULL COMMENT '是否删除，0：未删除，1：已删除',
  `REVISION` int(10) NULL DEFAULT NULL COMMENT '乐观锁',
  `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '创建者id',
--- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml
+++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml
@ -16,13 +16,13 @@
    </resultMap>

    <!--查询角色的操作key对应操作范围列表-->
-    <select id="listOperationScopesByRoleId" resultType="com.epmet.entity.OperationScopeEntity">
-        select os.*
+    <select id="listOperationScopesByRoleId" resultType="com.epmet.dto.result.RoleOpeScopeResultDTO">
+        select os.SCOPE_KEY, os.SCOPE_NAME, rs.ROLE_ID, os.SCOPE_INDEX
        from role_scope rs
-                 inner join operation_scope os
-                            on (rs.SCOPE_KEY = os.SCOPE_KEY)
+               inner join operation_scope os
+                          on (rs.SCOPE_KEY = os.SCOPE_KEY)
        where rs.ROLE_ID = #{roleId}
-            and rs.OPERATION_KEY = #{operationKey}
+          and rs.OPERATION_KEY = #{operationKey}
    </select>


--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java
@ -16,7 +16,7 @@ import java.util.List;
 * @Description
 * @Author sun
 */
-@FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class)
+@FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class, url = "localhost:8099")
 public interface GovAccessFeignClient {

    /**