权限基本完成

5 years ago · e917105566
38 changed files with 809 additions and 98 deletions
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java
@ -9,7 +9,7 @@
 package com.epmet.commons.mybatis.aspect;
 import com.epmet.commons.mybatis.annotation.DataFilter;
-import com.epmet.commons.mybatis.constant.AccessSettingConstant;
+import com.epmet.commons.tools.constant.AccessSettingConstant;
 import com.epmet.commons.tools.constant.OpeScopeConstant;
 import com.epmet.commons.mybatis.dto.form.*;
 import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
@ -138,7 +138,8 @@ public class DataFilterAspect {
        // 生成过滤sql
        String sqlFilterSegment = getSqlFilterSegment(userId, userDetail.getRoleIdList(), requirePermission,
-                userDetail.getOrgIdPath(), userDetail.getGridIdList(), tableAlias, userDetail.getDeptIdList(), gridId, deptId);
+                userDetail.getOrgIdPath(), userDetail.getGridIdList(), tableAlias, userDetail.getDeptIdList(),
                gridId, deptId, requirePermission);
        // 方式1.填充到Service方法列表中的DataScope对象中。如果dao入参是用DTO的话，那么再加一个DataScope入参，sql中会报错提示#{}参数找不到，因此改用方法2
        //Object[] methodArgs = point.getArgs();
@ -188,11 +189,12 @@ public class DataFilterAspect {
     * @return
     */
    private String getSqlFilterSegment(String userId, Set<String> roleIds, String reqiurePermission, String orgIdPath,
-                                       Set<String> gridIdList, String tableAlias, Set<String> deptIds, String gridId, String deptId) {
+                                       Set<String> gridIdList, String tableAlias, Set<String> deptIds, String gridId, String deptId,
                                       String operationKey) {
        StringBuilder sb = new StringBuilder();
-        Map<String, String> accessSettings = listRoleAccessSettings(roleIds);
+        Map<String, String> accessSettings = listRoleAccessSettings(roleIds, operationKey);
        // 1.生成sql:组织范围过滤
        if (!genOrgScopeSql(sb, orgIdPath, roleIds, reqiurePermission, tableAlias)) {
@ -235,16 +237,19 @@ public class DataFilterAspect {
     * @param roleIds
     * @return
     */
-    private Map<String, String> listRoleAccessSettings(Set<String> roleIds) {
+    private Map<String, String> listRoleAccessSettings(Set<String> roleIds, String operationKey) {
        Map<String, String> settings = new HashMap<>();
        roleIds.forEach(roleId -> {
-            settings.putAll(listRoleAccessSettings(roleId));
+            settings.putAll(listRoleAccessSettings(roleId, operationKey));
        });
        return settings;
    }
-    private Map<String, String> listRoleAccessSettings(String roleId) {
+    private Map<String, String> listRoleAccessSettings(String roleId, String operationKey) {
-        Result<Map<String, String>> result = govAccessFeignClient.listAccessSettings(roleId);
+        AccessSettingFormDTO accessSettingFormDTO = new AccessSettingFormDTO();
        accessSettingFormDTO.setRoleId(roleId);
        accessSettingFormDTO.setOperationKey(operationKey);
        Result<Map<String, String>> result = govAccessFeignClient.listAccessSettings(accessSettingFormDTO);
        if (result.success()) {
            return result.getData();
        } else {
@ -382,10 +387,8 @@ public class DataFilterAspect {
            return false;
        }
-        // 取出父组织ID path 和当前组织ID
+        // 生成sql语句
-        String pOrgPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter));
+        genOrgScopeSql(sb, scopes, orgIdPath, tableAlias);
        String currOrgPath = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1);
        genOrgScopeSql(sb, scopes, currOrgPath, pOrgPath, tableAlias);
        sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
        hasConditions.set(true);
        return true;
@ -395,48 +398,55 @@ public class DataFilterAspect {
     * 计算组织范围过滤sql
     * PS:这个方法需要优化，当前阶段因为逻辑不稳定，暂时不做过度封装
     * @param scopes
     * @param currOrg
     * @param pOrgPath
     * @return
     */
-    private void genOrgScopeSql(StringBuilder sb, HashSet<String> scopes, String currOrg, String pOrgPath, String tableAlias) {
+    private void genOrgScopeSql(StringBuilder sb, HashSet<String> scopes, String orgIdPath, String tableAlias) {
        // 取出父组织ID path 和当前组织ID
        //String parentOrgIDPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter));
        //String currOrgID = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1);
        for (String scope : scopes) {
            switch (scope) {
                // 当前单位(可以用ORG_ID_PATH，也可以用ORG_ID判断)
                case OpeScopeConstant.ORG_CURR:
                    if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" ORG_ID = '").append(currOrg).append("' OR ");
+                        sb.append(" ORG_ID_PATH = '").append(orgIdPath).append("' OR ");
                        //sb.append(" ORG_ID = '").append(currOrgID).append("' OR ");
                    } else {
-                        sb.append(" ").append(tableAlias).append(".ORG_ID = '").append(currOrg).append("' OR ");
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH = '").append(orgIdPath).append("' OR ");
                        //sb.append(" ").append(tableAlias).append(".ORG_ID = '").append(currOrgID).append("' OR ");
                    }
                    break;
                //    本单位及其子级单位
                case OpeScopeConstant.ORG_CURR_AND_SUB:
                    if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append("%' OR ");
+                        sb.append(" ORG_ID_PATH like '").append(orgIdPath).append("%' OR ");
                    } else {
-                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append("%' OR ");
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(orgIdPath).append("%' OR ");
                    }
                    break;
                //    本单位的子级单位
                case OpeScopeConstant.ORG_CURR_SUB:
                    if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' OR ");
+                        sb.append(" ORG_ID_PATH like '").append(orgIdPath).append(":%' OR ");
                    } else {
-                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' OR ");
+                        sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(orgIdPath).append(":%' OR ");
                    }
                    break;
                 //当前单位的父级单位
                case OpeScopeConstant.ORG_CURR_SUP:
                    if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" '").append(pOrgPath).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR ");
+                        sb.append(" '").append(orgIdPath).append("' like CONCAT(").append("ORG_ID_PATH,':%') OR ");
                    } else {
-                        sb.append(" '").append(pOrgPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%') OR ");
+                        sb.append(" '").append(orgIdPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,':%') OR ");
                    }
                    break;
                //    当前单位及其父级单位
                case OpeScopeConstant.ORG_CURR_AND_SUP:
                    if (StringUtils.isBlank(tableAlias)) {
-                        sb.append(" '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR ");
+                        sb.append(" '").append(orgIdPath).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR ");
                    } else {
-                        sb.append(" '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%' ) OR ");
+                        sb.append(" '").append(orgIdPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%' ) OR ");
                    }
                    break;
                case OpeScopeConstant.ORG_EQUAL:
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/AccessSettingFormDTO.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/AccessSettingFormDTO.java
@ -0,0 +1,9 @@
 package com.epmet.commons.mybatis.dto.form;
 import lombok.Data;
@Data
 public class AccessSettingFormDTO {
    private String roleId;
    private String operationKey;
 }
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java
@ -38,11 +38,10 @@ public interface GovAccessFeignClient {
    /**
     * 查询角色的权限相关配置
     * @param roleId
     * @return
     */
-    @PostMapping("/gov/access/access/accesssettings/{roleId}")
+    @PostMapping("/gov/access/access/accesssettings")
-    Result<Map<String, String>> listAccessSettings(@PathVariable("roleId") String roleId);
+    Result<Map<String, String>> listAccessSettings(AccessSettingFormDTO accessSettingFormDTO);
    /**
     * 查询角色所有operation及其范围(缓存)
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java
@ -32,8 +32,8 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient {
    }
    @Override
-    public Result<Map<String, String>> listAccessSettings(String roleId) {
+    public Result<Map<String, String>> listAccessSettings(AccessSettingFormDTO accessSettingFormDTO) {
-        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listAccessSettings", roleId);
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listAccessSettings", accessSettingFormDTO);
    }
    @Override
--- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java
+++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java
@ -1,6 +1,9 @@
-package com.epmet.commons.mybatis.constant;
+package com.epmet.commons.tools.constant;
 public class AccessSettingConstant {
    public static final String ON = "ON";
    public static final String I_CREATED_KEY = "I_CREATED";
    public static final String I_CREATED_ON = "ON";
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java
@ -2,36 +2,36 @@ package com.epmet.commons.tools.enums;
 public enum RequirePermissionEnum {
-    WORK_GRASSROOTS_GROUP_AUDITINGLIST("work_grassroots_group_auditinglist", "基层治理-群组管理-待审核列表", "基层治理-群组管理-待审核列表"),
+    WORK_GRASSROOTS_GROUP_AUDITINGLIST("work_grassroots_group_auditinglist", "基层治理:群组管理:待审核列表", "基层治理:群组管理:待审核列表"),
-    WORK_GRASSROOTS_GROUP_AUDIT("work_grassroots_group_audit", "基层治理-群组管理-审核建组", "基层治理-群组管理-审核建组"),
+    WORK_GRASSROOTS_GROUP_AUDIT("work_grassroots_group_audit", "基层治理:群组管理:审核建组", "基层治理:群组管理:审核建组"),
-    WORK_GRASSROOTS_GROUP_GROUPSINTHEGRID("work_grassroots_group_groupsinthegrid", "基层治理-群组管理-本网格小组列表", "基层治理-群组管理-本网格小组列表"),
+    WORK_GRASSROOTS_GROUP_GROUPSINTHEGRID("work_grassroots_group_groupsinthegrid", "基层治理:群组管理:本网格小组列表", "基层治理:群组管理:本网格小组列表"),
-    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITINGLIST("work_grassroots_resi_warmhearted_auditinglist", "基层治理-居民管理-热心居民待审核列表", "基层治理-居民管理-热心居民待审核列表"),
+    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITINGLIST("work_grassroots_resi_warmhearted_auditinglist", "基层治理:居民管理:热心居民待审核列表", "基层治理:居民管理:热心居民待审核列表"),
-    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITHISTORYLIST("work_grassroots_resi_warmhearted_audithistorylist", "基层治理-居民管理-热心审核历史", "基层治理-居民管理-热心审核历史"),
+    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITHISTORYLIST("work_grassroots_resi_warmhearted_audithistorylist", "基层治理:居民管理:热心审核历史", "基层治理:居民管理:热心审核历史"),
-    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDIT("work_grassroots_resi_warmhearted_audit", "基层治理-居民管理-热心居民审核", "基层治理-居民管理-热心居民审核"),
+    WORK_GRASSROOTS_RESI_WARMHEARTED_AUDIT("work_grassroots_resi_warmhearted_audit", "基层治理:居民管理:热心居民审核", "基层治理:居民管理:热心居民审核"),
-    ORG_AGENCY_TRACE("org_agency_trace", "组织-查看上级机关", "组织-查看上级机关"),
+    ORG_AGENCY_TRACE("org_agency_trace", "组织:查看上级机关", "组织:查看上级机关"),
-    ORG_AGENCY_UPDATE("org_agency_update", "组织-机关单位-编辑", "组织-机关单位-编辑"),
+    ORG_AGENCY_UPDATE("org_agency_update", "组织:机关单位:编辑", "组织:机关单位:编辑"),
-    ORG_SUBAGENCY_LIST("org_subagency_list", "组织-下级机关-列表", "组织-下级机关-列表"),
+    ORG_SUBAGENCY_LIST("org_subagency_list", "组织:下级机关:列表", "组织:下级机关:列表"),
-    ORG_SUBAGENCY_CREATE("org_subagency_create", "组织-下级机关-新增", "组织-下级机关-新增"),
+    ORG_SUBAGENCY_CREATE("org_subagency_create", "组织:下级机关:新增", "组织:下级机关:新增"),
-    ORG_SUBAGENCY_DELETE("org_subagency_delete", "组织-下级机关-删除", "组织-下级机关-删除"),
+    ORG_SUBAGENCY_DELETE("org_subagency_delete", "组织:下级机关:删除", "组织:下级机关:删除"),
-    ORG_STAFF_DETAIL("org_staff_detail", "组织-工作人员-详情", "组织-工作人员-详情"),
+    ORG_STAFF_DETAIL("org_staff_detail", "组织:工作人员:详情", "组织:工作人员:详情"),
-    ORG_STAFF_LIST("org_staff_list", "组织-工作人员-列表", "组织-工作人员-列表"),
+    ORG_STAFF_LIST("org_staff_list", "组织:工作人员:列表", "组织:工作人员:列表"),
-    ORG_STAFF_CREATE("org_staff_create", "组织-工作人员-新增", "组织-工作人员-新增"),
+    ORG_STAFF_CREATE("org_staff_create", "组织:工作人员:新增", "组织:工作人员:新增"),
-    ORG_STAFF_UPDATE("org_staff_update", "组织-工作人员-编辑", "组织-工作人员-编辑"),
+    ORG_STAFF_UPDATE("org_staff_update", "组织:工作人员:编辑", "组织:工作人员:编辑"),
-    ORG_STAFF_FORBIDDEN("org_staff_forbidden", "组织-工作人员-禁用", "组织-工作人员-禁用"),
+    ORG_STAFF_FORBIDDEN("org_staff_forbidden", "组织:工作人员:禁用", "组织:工作人员:禁用"),
-    ORG_DEPARTMENT_LIST("org_department_list", "组织-直属部门-部门列表", "组织-直属部门-部门列表"),
+    ORG_DEPARTMENT_LIST("org_department_list", "组织:直属部门:部门列表", "组织:直属部门:部门列表"),
-    ORG_DEPARTMENT_CREATE("org_department_create", "组织-直属部门-新增部门", "组织-直属部门-新增部门"),
+    ORG_DEPARTMENT_CREATE("org_department_create", "组织:直属部门:新增部门", "组织:直属部门:新增部门"),
-    ORG_DEPARTMENT_UPDATE("org_department_update", "组织-直属部门-编辑部门", "组织-直属部门-编辑部门"),
+    ORG_DEPARTMENT_UPDATE("org_department_update", "组织:直属部门:编辑部门", "组织:直属部门:编辑部门"),
-    ORG_DEPARTMENT_DELETE("org_department_delete", "组织-直属部门-删除", "组织-直属部门-删除"),
+    ORG_DEPARTMENT_DELETE("org_department_delete", "组织:直属部门:删除", "组织:直属部门:删除"),
-    ORG_DEPARTMENT_STAFF_ADD("org_department_staff_add", "组织-直属部门-添加人员", "组织-直属部门-添加人员"),
+    ORG_DEPARTMENT_STAFF_ADD("org_department_staff_add", "组织:直属部门:添加人员", "组织:直属部门:添加人员"),
-    ORG_DEPARTMENT_STAFF_REMOVE("org_department_staff_remove", "组织-直属部门-移除人员", "组织-直属部门-移除人员"),
+    ORG_DEPARTMENT_STAFF_REMOVE("org_department_staff_remove", "组织:直属部门:移除人员", "组织:直属部门:移除人员"),
-    ORG_DEPARTMENT_STAFF_LIST("org_department_staff_list", "组织-直属部门-人员列表", "组织-直属部门-人员列表"),
+    ORG_DEPARTMENT_STAFF_LIST("org_department_staff_list", "组织:直属部门:人员列表", "组织:直属部门:人员列表"),
-    ORG_GRID_LIST("org_grid_list", "组织-治理网格-网格列表", "组织-治理网格-网格列表"),
+    ORG_GRID_LIST("org_grid_list", "组织:治理网格:网格列表", "组织:治理网格:网格列表"),
-    ORG_GRID_CREATE("org_grid_create", "组织-治理网格-新增网格", "组织-治理网格-新增网格"),
+    ORG_GRID_CREATE("org_grid_create", "组织:治理网格:新增网格", "组织:治理网格:新增网格"),
-    ORG_GRID_UPDATE("org_grid_update", "组织-治理网格-编辑网格", "组织-治理网格-编辑网格"),
+    ORG_GRID_UPDATE("org_grid_update", "组织:治理网格:编辑网格", "组织:治理网格:编辑网格"),
-    ORG_GRID_DELETE("org_grid_delete", "组织-治理网格-删除", "组织-治理网格-删除"),
+    ORG_GRID_DELETE("org_grid_delete", "组织:治理网格:删除", "组织:治理网格:删除"),
-    ORG_GRID_STAFF_ADD("org_grid_staff_add", "组织-治理网格-新增网格工作人员", "组织-治理网格-新增网格工作人员"),
+    ORG_GRID_STAFF_ADD("org_grid_staff_add", "组织:治理网格:新增网格工作人员", "组织:治理网格:新增网格工作人员"),
-    ORG_GRID_STAFF_REMOVE("org_grid_staff_remove", "组织-治理网格-移除网格工作人员", "组织-治理网格-移除网格工作人员"),
+    ORG_GRID_STAFF_REMOVE("org_grid_staff_remove", "组织:治理网格:移除网格工作人员", "组织:治理网格:移除网格工作人员"),
-    ORG_PARTYMEMBER_SUMMARY("org_partymember_summary", "组织-党员-汇总信息", "组织-党员-汇总信息");
+    ORG_PARTYMEMBER_SUMMARY("org_partymember_summary", "组织:党员:汇总信息", "组织:党员:汇总信息");
    private String key;
    private String name;
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
@ -232,7 +232,7 @@ public class RedisKeys {
 	 * @param roleId
 	 * @return
 	 */
-	public static String getRoleAccessSettingKey(String roleId) {
+	public static String getRoleAccessSettingKey(String roleId, String operationKey) {
-		return rootPrefix.concat("gov:access:role:accesssettings:").concat(roleId);
+		return rootPrefix.concat(String.format("gov:access:role:accesssettings:%s:%s", roleId, operationKey));
 	}
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigOpesFormDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigOpesFormDTO.java
@ -0,0 +1,16 @@
 package com.epmet.dto.form;
 import com.epmet.dto.result.AccessConfigOpesResultDTO;
 import lombok.Data;
 import javax.validation.constraints.NotBlank;
 import java.util.List;
@Data
 public class AccessConfigOpesFormDTO {
    @NotBlank(message = "角色ID不能为空")
    private String roleId;
    private List<AccessConfigOpesResultDTO> opes;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSaveSettingDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSaveSettingDTO.java
@ -0,0 +1,18 @@
 package com.epmet.dto.form;
 import lombok.Data;
 import javax.validation.constraints.NotBlank;
 import java.util.Set;
@Data
 public class AccessConfigSaveSettingDTO {
    @NotBlank(message = "角色ID不能为空")
    private String roleId;
    @NotBlank(message = "操作Key不能为空")
    private String operationKey;
    private Set<String> scopeKeys;
    private Set<String> settingKeys;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSettingFormDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSettingFormDTO.java
@ -0,0 +1,16 @@
 package com.epmet.dto.form;
 import lombok.Data;
 import javax.validation.constraints.NotBlank;
@Data
 public class AccessConfigSettingFormDTO {
    @NotBlank(message = "角色ID不能为空")
    private String roleId;
    @NotBlank(message = "操作的Key不能为空")
    private String operationKey;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java
@ -2,7 +2,11 @@ package com.epmet.dto.form;
 import lombok.Data;
 /**
 * 查询拥有的权限的DTO，非后台配置用
 */
@Data
 public class AccessSettingFormDTO {
    private String roleId;
    private String operationKey;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOpesResultDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOpesResultDTO.java
@ -0,0 +1,13 @@
 package com.epmet.dto.result;
 import lombok.Data;
@Data
 public class AccessConfigOpesResultDTO {
    private String operationKey;
    private String operationName;
    private String brief;
    private Boolean assigned;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOptionsResultDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOptionsResultDTO.java
@ -0,0 +1,11 @@
 package com.epmet.dto.result;
 import lombok.Data;
 import java.util.List;
@Data
 public class AccessConfigOptionsResultDTO {
    private List<AccessConfigScopeResultDTO> scopeOptions;
    private List<AccessConfigSettingResultDTO> settingOptions;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigScopeResultDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigScopeResultDTO.java
@ -0,0 +1,15 @@
 package com.epmet.dto.result;
 import lombok.Data;
@Data
 public class AccessConfigScopeResultDTO {
    private String scopeKey;
    private String scopeName;
    private String scopeIndex;
    private String operationKey;
    private String roleId;
    private Boolean assigned;
 }
--- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigSettingResultDTO.java
+++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigSettingResultDTO.java
@ -0,0 +1,14 @@
 package com.epmet.dto.result;
 import lombok.Data;
@Data
 public class AccessConfigSettingResultDTO {
    private String settingKey;
    private String settingName;
    private String roleId;
    private Boolean assigned;
    private String operationKey;
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessConfigController.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessConfigController.java
@ -0,0 +1,73 @@
 package com.epmet.controller;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.form.AccessConfigOpesFormDTO;
 import com.epmet.dto.form.AccessConfigSaveSettingDTO;
 import com.epmet.dto.form.AccessConfigSettingFormDTO;
 import com.epmet.dto.result.AccessConfigOpesResultDTO;
 import com.epmet.dto.result.AccessConfigOptionsResultDTO;
 import com.epmet.service.AccessConfigService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import javax.validation.constraints.NotBlank;
 import java.util.List;
 import java.util.Set;
@RestController
@RequestMapping("config")
 public class AccessConfigController {
    @Autowired
    private AccessConfigService accessConfigService;
    /**
     * 列出角色的操作列表(及该操作的scope范围)
     * @param roleId
     * @return
     */
    @PostMapping("roleopes/{roleId}")
    public Result listRoleOperations(@PathVariable("roleId") String roleId) {
        List<AccessConfigOpesResultDTO> opes = accessConfigService.listOpesByRole(roleId);
        return new Result().ok(opes);
    }
    /**
     * 保存角色的操作功能列表
     * @return
     */
    @PostMapping("saveroleopes")
    public Result saveRoleOpes(@RequestBody AccessConfigOpesFormDTO formDTO) {
        accessConfigService.saveRoleOpes(formDTO.getRoleId(), formDTO.getOpes());
        return new Result();
    }
    /**
     * 查询可配置项列表
     * @return
     */
    @PostMapping("settingoptions")
    public Result listSettingoptions(@RequestBody AccessConfigSettingFormDTO settingFormDTO) {
        ValidatorUtils.validateEntity(settingFormDTO);
        AccessConfigOptionsResultDTO options = accessConfigService.listScopeItemsForAccessConfig(settingFormDTO.getRoleId(), settingFormDTO.getOperationKey());
        return new Result().ok(options);
    }
    /**
     * 保存设置
     * @param settings
     * @return
     */
    @PostMapping("savesettings")
    public Result saveSettings(@RequestBody AccessConfigSaveSettingDTO settings) {
        ValidatorUtils.validateEntity(settings);
        String roleId = settings.getRoleId();
        String operationKey = settings.getOperationKey();
        Set<String> scopeKeys = settings.getScopeKeys();
        Set<String> settingKeys = settings.getSettingKeys();
        accessConfigService.saveSettings(roleId, operationKey, scopeKeys, settingKeys);
        return new Result();
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java
@ -90,12 +90,12 @@ public class AccessController {
    }
    /**
-     * 查询角色的权限相关配置
+     * 查询角色的权限相关配置(缓存)
     * @return
     */
-    @PostMapping("/accesssettings/{roleId}")
+    @PostMapping("/accesssettings")
-    public Result<Map<String, String>> listAccessSettings(@PathVariable("roleId") String roleId) {
+    public Result<Map<String, String>> listAccessSettings(@RequestBody AccessSettingFormDTO accessSettingFormDTO) {
-        Map<String, String> settings = accessService.listAccessSettings(roleId);
+        Map<String, String> settings = accessService.listAccessSettings(accessSettingFormDTO.getRoleId(), accessSettingFormDTO.getOperationKey());
        return new Result<Map<String, String>>().ok(settings);
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java
@ -18,11 +18,14 @@
 package com.epmet.dao;
 import com.epmet.commons.mybatis.dao.BaseDao;
 import com.epmet.dto.result.AccessConfigSettingResultDTO;
 import com.epmet.dto.result.AccessSettingResultDTO;
 import com.epmet.entity.AccessSettingEntity;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 import java.util.List;
 import java.util.Set;
 /**
 * 权限配置
@ -38,6 +41,35 @@ public interface AccessSettingDao extends BaseDao<AccessSettingEntity> {
     * @param roleId
     * @return
     */
-    List<AccessSettingResultDTO> listAccessSettingsByRoleId(String roleId);
+    List<AccessSettingResultDTO> listAccessSettingsByRoleId(@Param("roleId") String roleId,
                                                            @Param("operationKey") String operationKey);
    List<AccessConfigSettingResultDTO> listSettingOptionsForAccessConfig(@Param("roleId") String roleId,
                                                                         @Param("operationKey") String operationKey);
    /**
     * 删除
     * @param roleId
     * @param operationKey
     * @param settingKeys2Delete
     * @return
     */
    int delete(@Param("roleId") String roleId,
                @Param("operationKey") String operationKey,
                @Param("settingKeys2Delete") Set<String> settingKeys2Delete);
    AccessSettingEntity get(@Param("roleId") String roleId,
                            @Param("operationKey") String operationKey,
                            @Param("settingKey") String settingKey);
    /**
     * 启用
     * @param roleId
     * @param operationKey
     * @param settingKey
     * @return
     */
    int enable(@Param("roleId") String roleId,
               @Param("operationKey") String operationKey,
               @Param("settingKey") String settingKey);
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationDao.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationDao.java
@ -33,4 +33,6 @@ import java.util.List;
 public interface OperationDao extends BaseDao<OperationEntity> {
    List<OperationEntity> listAllOperationEntities();
    List<OperationEntity> listAllValidOperationEntities();
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java
@ -18,6 +18,7 @@
 package com.epmet.dao;
 import com.epmet.commons.mybatis.dao.BaseDao;
 import com.epmet.dto.result.AccessConfigOpesResultDTO;
 import com.epmet.dto.result.RoleOperationResultDTO;
 import com.epmet.entity.RoleOperationEntity;
 import org.apache.ibatis.annotations.Mapper;
@ -35,4 +36,12 @@ import java.util.List;
 public interface RoleOperationDao extends BaseDao<RoleOperationEntity> {
    List<RoleOperationResultDTO> listOperationsByRoleId(@Param("roleId") String roleId);
    List<AccessConfigOpesResultDTO> listOpesForAccessConfig(@Param("roleId") String roleId);
    void deleteRoleOpe(@Param("roleId") String roleId, @Param("opeKey") String opeKey);
    RoleOperationEntity getRoleOpe(@Param("roleId") String roleId, @Param("opeKey") String opeKey);
    int enableRoleOpe(@Param("roleId") String roleId, @Param("opeKey") String opeKey);
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java
@ -18,8 +18,14 @@
 package com.epmet.dao;
 import com.epmet.commons.mybatis.dao.BaseDao;
 import com.epmet.dto.result.AccessConfigScopeResultDTO;
 import com.epmet.dto.result.AccessConfigSettingResultDTO;
 import com.epmet.entity.RoleScopeEntity;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 import java.util.List;
 import java.util.Set;
 /**
 * 角色能操作哪些范围
@ -30,4 +36,51 @@ import org.apache.ibatis.annotations.Mapper;
@Mapper
 public interface RoleScopeDao extends BaseDao<RoleScopeEntity> {
    /**
     * 权限配置：列出可选项
     * @param roleId
     * @param operationKey
     * @return
     */
    List<AccessConfigScopeResultDTO> listScopeOptionsForAccessConfig(@Param("roleId") String roleId, @Param("operationKey") String operationKey);
    /**
     *
     * @param roleId
     * @param operationKey
     * @return
     */
    List<RoleScopeEntity> listScopeEntities(@Param("roleId") String roleId, @Param("operationKey") String operationKey);
    /**
     * 使用roleId+OperationKey+ScopeKey删除
     * @param roleId
     * @param operationKey
     * @param scopeKeys2Remove
     * @return
     */
    int deleteByRoleIdAndOpeKey(@Param("roleId") String roleId,
                                @Param("operationKey") String operationKey,
                                @Param("scopeKeys2Remove") Set<String> scopeKeys2Remove);
    /**
     * 启用
     * @param roleId
     * @param operationKey
     * @param scopeKey
     * @return
     */
    int enableByRoleIdAndOpeKey(@Param("roleId") String roleId,
                                @Param("operationKey") String operationKey,
                                @Param("scopeKey") String scopeKey);
    /**
     * 使用RoleId + operationKey + scopeKey
     * @param roleId
     * @param operationKey
     * @param scopeKey
     */
    RoleScopeEntity getByRoleIdAndOpeKey(@Param("roleId") String roleId,
                              @Param("operationKey") String operationKey,
                              @Param("scopeKey") String scopeKey);
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java
@ -4,9 +4,11 @@ import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@Component
 public class RoleAccessSettingRedis {
@ -14,14 +16,23 @@ public class RoleAccessSettingRedis {
    @Autowired
    private RedisUtils redisUtils;
-    public void set(Map<String, Object> settings, String roleId) {
+    public void set(Map<String, String> settings, String roleId, String operationKey) {
-        String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId);
+        // 转化Map
-        redisUtils.hMSet(roleAccessSettingKey, settings);
+        HashMap<String, Object> newSettings = new HashMap<>();
        Set<Map.Entry<String, String>> entries = settings.entrySet();
        entries.forEach(entry -> {
            newSettings.put(entry.getKey(), entry.getValue());
        });
        String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId, operationKey);
        redisUtils.hMSet(roleAccessSettingKey, newSettings);
    }
-    public Map<String, String> get(String roleId) {
+    public Map<String, String> get(String roleId, String operationKey) {
-        String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId);
+        String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId, operationKey);
        Map<String, Object> s = redisUtils.hGetAll(roleAccessSettingKey);
        // 转化Map
        if (!CollectionUtils.isEmpty(s)) {
            Map<String, String> settings = new HashMap<>();
            s.forEach((s1, o) -> {
                if (o != null) {
@ -31,4 +42,11 @@ public class RoleAccessSettingRedis {
            return settings;
        }
        return null;
    }
    public void delete(String roleId, String operationKey) {
        redisUtils.delete(RedisKeys.getRoleAccessSettingKey(roleId, operationKey));
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java
@ -63,4 +63,12 @@ public class RoleOpeScopeRedis {
        return JSON.parseObject(stringValue, new TypeReference<List<RoleOpeScopeResultDTO>>(){});
    }
    /**
     * 删除缓存
     * @param roleId
     */
    public void delRoleAllOpeScopes(String roleId) {
        redisUtils.delete(RedisKeys.getRoleAllOpeScopesKey(roleId));
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessConfigService.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessConfigService.java
@ -0,0 +1,17 @@
 package com.epmet.service;
 import com.epmet.dto.result.AccessConfigOpesResultDTO;
 import com.epmet.dto.result.AccessConfigOptionsResultDTO;
 import java.util.List;
 import java.util.Set;
 public interface AccessConfigService {
    List<AccessConfigOpesResultDTO> listOpesByRole(String roleId);
    void saveRoleOpes(String roleId, List<AccessConfigOpesResultDTO> opes);
    AccessConfigOptionsResultDTO listScopeItemsForAccessConfig(String roleId, String operationKey);
    void saveSettings(String roleId, String operationKey, Set<String> scopeKeys, Set<String> settingKeys);
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java
@ -34,7 +34,7 @@ public interface AccessService {
     * @param roleId
     * @return
     */
-    Map<String, String> listAccessSettings(String roleId);
+    Map<String, String> listAccessSettings(String roleId, String operationKey);
    /**
     * 查询角色所有operation及其范围(缓存)
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessConfigServiceImpl.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessConfigServiceImpl.java
@ -0,0 +1,182 @@
 package com.epmet.service.impl;
 import com.epmet.commons.tools.constant.AccessSettingConstant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.dao.*;
 import com.epmet.dto.result.*;
 import com.epmet.entity.AccessSettingEntity;
 import com.epmet.entity.RoleOperationEntity;
 import com.epmet.entity.RoleScopeEntity;
 import com.epmet.redis.RoleAccessSettingRedis;
 import com.epmet.redis.RoleOpeScopeRedis;
 import com.epmet.service.AccessConfigService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.CollectionUtils;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
@Service
 public class AccessConfigServiceImpl implements AccessConfigService {
    protected static final Logger logger = LoggerFactory.getLogger(AccessConfigServiceImpl.class);
    @Autowired
    private RoleOpeScopeRedis roleOpeScopeRedis;
    @Autowired
    private RoleOperationDao roleOperationDao;
    @Autowired
    private RoleScopeDao roleScopeDao;
    @Autowired
    private AccessSettingDao accessSettingDao;
    @Autowired
    private RoleAccessSettingRedis roleAccessSettingRedis;
    @Override
    public List<AccessConfigOpesResultDTO> listOpesByRole(String roleId) {
        return roleOperationDao.listOpesForAccessConfig(roleId);
    }
    @Override
    @Transactional(rollbackFor = Exception.class)
    public void saveRoleOpes(String roleId, List<AccessConfigOpesResultDTO> opes) {
        List<RoleOperationResultDTO> operationsDB = roleOperationDao.listOperationsByRoleId(roleId);
        Set<String> opeKeysDB = operationsDB.stream().map(opeDB -> opeDB.getOperationKey()).collect(Collectors.toSet());
        Set<String> opeKeysForm = opes.stream().map(opeForm -> opeForm.getOperationKey()).collect(Collectors.toSet());
        for (String s : opeKeysDB) {
            if (!opeKeysForm.contains(s)) {
                // 说明这个已经被取消
                roleOperationDao.deleteRoleOpe(roleId, s);
            }
        }
        for (String s : opeKeysForm) {
            if (!opeKeysDB.contains(s)) {
                // 说明这个是新勾选的
                if (roleOperationDao.getRoleOpe(roleId, s) != null) {
                    if (roleOperationDao.enableRoleOpe(roleId, s) == 0) {
                        logger.error("权限配置:启用权限失败，roleId:{}", roleId);
                        throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
                    }
                    continue;
                }
                RoleOperationEntity newRoleOpe = new RoleOperationEntity();
                newRoleOpe.setRoleId(roleId);
                newRoleOpe.setOperationKey(s);
                roleOperationDao.insert(newRoleOpe);
            }
        }
        // 失效Redis缓存
        roleOpeScopeRedis.delRoleAllOpeScopes(roleId);
    }
    @Override
    public AccessConfigOptionsResultDTO listScopeItemsForAccessConfig(String roleId, String operationKey) {
        List<AccessConfigScopeResultDTO> scopeOptions = roleScopeDao.listScopeOptionsForAccessConfig(roleId, operationKey);
        List<AccessConfigSettingResultDTO > settingOptions = accessSettingDao.listSettingOptionsForAccessConfig(roleId, operationKey);
        AccessConfigOptionsResultDTO options = new AccessConfigOptionsResultDTO();
        options.setScopeOptions(scopeOptions);
        options.setSettingOptions(settingOptions);
        return options;
    }
    @Override
    @Transactional
    public void saveSettings(String roleId, String operationKey, Set<String> scopeKeys, Set<String> settingKeys) {
        saveScopeSettings(roleId, operationKey, scopeKeys);
        saveAccessSettingSettings(roleId, operationKey, settingKeys);
    }
    /**
     * 保存设置
     * 可以优化为：遍历时候直接删除或者新增，而不用新建settingKeys2Delete, settingKeys2Add变量
     * @param roleId
     * @param operationKey
     */
    private void saveAccessSettingSettings(String roleId, String operationKey, Set<String> newSettingKeys) {
        Set<String> settingKeysDB = accessSettingDao.listAccessSettingsByRoleId(roleId, operationKey)
                .stream()
                .map(setting -> setting.getSettingKey())
                .collect(Collectors.toSet());
        Set<String> settingKeys2Delete = settingKeysDB.stream().filter(settingKeyDB -> !newSettingKeys.contains(settingKeyDB)).collect(Collectors.toSet());
        Set<String> settingKeys2Add = newSettingKeys.stream().filter(newSetting -> !settingKeysDB.contains(newSetting)).collect(Collectors.toSet());
        // 删除
        if (!CollectionUtils.isEmpty(settingKeys2Delete)) {
            accessSettingDao.delete(roleId, operationKey, settingKeys2Delete);
        }
        // 新增
        if (!CollectionUtils.isEmpty(settingKeys2Add)) {
            settingKeys2Add.forEach(settingKey -> {
                if (accessSettingDao.get(roleId, operationKey, settingKey) != null) {
                    // 数据库中已有
                    accessSettingDao.enable(roleId, operationKey, settingKey);
                } else {
                    AccessSettingEntity newSetting = new AccessSettingEntity();
                    newSetting.setRoleId(roleId);
                    newSetting.setOperationKey(operationKey);
                    newSetting.setSettingKey(settingKey);
                    newSetting.setSettingValue(AccessSettingConstant.ON);
                    accessSettingDao.insert(newSetting);
                }
            });
        }
        // 清空redis缓存
        roleAccessSettingRedis.delete(roleId, operationKey);
    }
    /**
     * 保存Scope设置
     * @param roleId
     * @param operationKey
     * @param scopeKeys
     */
    private void saveScopeSettings(String roleId, String operationKey, Set<String> scopeKeys) {
        List<RoleScopeEntity> scopesDB = roleScopeDao.listScopeEntities(roleId, operationKey);
        // 数据库中已有的scopeKey列表
        Set<String> scopeKeysDB = scopesDB.stream().map(scope -> scope.getScopeKey()).collect(Collectors.toSet());
        Set<String> scopeKeys2Add = scopeKeys.stream().filter(scopeKey -> !scopeKeysDB.contains(scopeKey)).collect(Collectors.toSet());
        Set<String> scopeKeys2Remove = scopeKeysDB.stream().filter(scopeKeyDB -> !scopeKeys.contains(scopeKeyDB)).collect(Collectors.toSet());
        // 添加/重新启用
        if (!CollectionUtils.isEmpty(scopeKeys2Add)) {
            scopeKeys2Add.forEach(scopeKey -> {
                RoleScopeEntity rsDB = roleScopeDao.getByRoleIdAndOpeKey(roleId, operationKey, scopeKey);
                if (rsDB != null) {
                    roleScopeDao.enableByRoleIdAndOpeKey(roleId, operationKey, scopeKey);
                } else {
                    RoleScopeEntity rs2Add = new RoleScopeEntity();
                    rs2Add.setRoleId(roleId);
                    rs2Add.setOperationKey(operationKey);
                    rs2Add.setScopeKey(scopeKey);
                    roleScopeDao.insert(rs2Add);
                }
            });
        }
        // 删除
        if (!CollectionUtils.isEmpty(scopeKeys2Remove)) {
            roleScopeDao.deleteByRoleIdAndOpeKey(roleId, operationKey, scopeKeys2Remove);
        }
        // 清空redis缓存
        roleOpeScopeRedis.delRoleAllOpeScopes(roleId);
    }
 }
--- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java
+++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java
@ -3,7 +3,9 @@ package com.epmet.service.impl;
 import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.dao.AccessSettingDao;
 import com.epmet.dao.OperationScopeDao;
 import com.epmet.dto.result.AccessSettingResultDTO;
 import com.epmet.dto.result.RoleOpeScopeResultDTO;
 import com.epmet.redis.RoleAccessSettingRedis;
 import com.epmet.redis.RoleOpeScopeRedis;
@ -12,6 +14,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 import java.util.*;
@ -26,6 +29,9 @@ public class AccessServiceImpl implements AccessService {
    @Autowired
    private OperationScopeDao operationScopeDao;
    @Autowired
    private AccessSettingDao accessSettingDao;
    @Autowired
    private RoleOpeScopeRedis roleOpeScopeRedis;
@ -90,18 +96,21 @@ public class AccessServiceImpl implements AccessService {
     * @return
     */
    @Override
-    public Map<String, String> listAccessSettings(String roleId) {
+    public Map<String, String> listAccessSettings(String roleId, String operationKey) {
-        Map<String, String> settings = roleAccessSettingRedis.get(roleId);
+        Map<String, String> settings = roleAccessSettingRedis.get(roleId, operationKey);
        //if (CollectionUtils.isEmpty(settings)) {
        //    // 数据库查出来，放入redis一份。此处为权限过滤器用到，存在缓存穿透，所以不采用这种方式。
        //    // 改用为：变动setting的时候手动更新缓存的方式
        //    List<RoleAccessSettingResultDTO> settingsDB = roleAccessSettingDao.listRoleAccessSettingsByRoleId(roleId);
        //    if (!CollectionUtils.isEmpty(settingsDB)) {
        //        roleAccessSettingRedis.set(settingsDB, roleId);
        //    }
        //}
        if (settings == null) {
            settings = new HashMap<>();
            // 数据库查出来，放入redis一份。此处为权限过滤器用到
            List<AccessSettingResultDTO> accessSettingDtos = accessSettingDao.listAccessSettingsByRoleId(roleId, operationKey);
            if (!CollectionUtils.isEmpty(accessSettingDtos)) {
                for (AccessSettingResultDTO setting : accessSettingDtos) {
                    settings.put(setting.getSettingKey(), setting.getSettingValue());
                }
            } else {
                // 占位，否则空map存不到redis中
                settings.put("-", "-");
            }
            roleAccessSettingRedis.set(settings, roleId, operationKey);
        }
        return settings;
    }
@ -109,7 +118,6 @@ public class AccessServiceImpl implements AccessService {
    @Override
    public List<RoleOpeScopeResultDTO> listAllRoleOperationScopesByRoleId(String roleId) {
        List<RoleOpeScopeResultDTO> roleAllOpeScopes = roleOpeScopeRedis.getRoleAllOpeScopes(roleId);
        // 防止缓存穿透
        if (roleAllOpeScopes == null) {
            roleAllOpeScopes = operationScopeDao.listAllRoleOperationScopesByRoleId(roleId);
            roleOpeScopeRedis.setRoleAllOpeScopes(roleId, roleAllOpeScopes);
--- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml
+++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml
@ -28,7 +28,53 @@
        WHERE
            s.ROLE_ID = #{roleId}
            AND s.DEL_FLAG = 0
            AND s.OPERATION_KEY = #{operationKey}
            AND s.DEL_FLAG = 0
    </select>
    <!--权限配置：列出配置项-->
    <select id="listSettingOptionsForAccessConfig"
            resultType="com.epmet.dto.result.AccessConfigSettingResultDTO">
        SELECT opt.SETTING_KEY,
               opt.SETTING_NAME,
               s.ROLE_ID,
               CASE
                   WHEN s.ROLE_ID IS NULL THEN FALSE
                   ELSE TRUE END AS assigned,
               s.OPERATION_KEY
        FROM access_setting_options opt
                 LEFT JOIN access_setting s ON (s.DEL_FLAG = 0 AND opt.SETTING_KEY = s.SETTING_KEY AND s.ROLE_ID = #{roleId}
            AND s.OPERATION_KEY = #{operationKey})
        WHERE opt.DEL_FLAG = 0
        ORDER BY opt.SETTING_KEY ASC
    </select>
    <!--删除-->
    <delete id="delete">
        DELETE
        FROM access_setting
        WHERE ROLE_ID = #{roleId}
          AND OPERATION_KEY = #{operationKey}
          AND SETTING_KEY IN
          <foreach collection="settingKeys2Delete" item="settingKey" open="(" separator="," close=")">
              #{settingKey}
          </foreach>
    </delete>
    <select id="get" resultType="com.epmet.entity.AccessSettingEntity">
        SELECT s.*
        FROM access_setting s
        WHERE s.ROLE_ID = #{roleId}
          AND s.OPERATION_KEY = #{operationKey}
          AND s.SETTING_KEY = #{settingKey}
    </select>
    <!--启用-->
    <update id="enable">
        UPDATE access_setting s
        SET DEL_FLAG = 0
        WHERE s.ROLE_ID = #{roleId}
          AND s.OPERATION_KEY = #{operationKey}
          AND s.SETTING_KEY = #{settingKey}
    </update>
 </mapper>
--- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationDao.xml
+++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationDao.xml
@ -21,5 +21,12 @@
        FROM operation o
    </select>
    <select id="listAllValidOperationEntities" resultType="com.epmet.entity.OperationEntity">
        SELECT o.*
        FROM operation o
        WHERE
            o.DEL_FLAG=0
    </select>
 </mapper>
--- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleOperationDao.xml
+++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleOperationDao.xml
@ -31,5 +31,39 @@
            and o.DEL_FLAG = '0'
    </select>
    <select id="listOpesForAccessConfig" resultType="com.epmet.dto.result.AccessConfigOpesResultDTO">
        SELECT ope.OPERATION_KEY,
               ope.OPERATION_NAME,
               ope.BRIEF,
               CASE
                   WHEN ro.ROLE_ID IS NULL THEN FALSE
                   ELSE TRUE END AS assigned
        FROM operation ope
                 LEFT JOIN role_operation ro ON (ope.OPERATION_KEY = ro.OPERATION_KEY AND ro.ROLE_ID = #{roleId} AND ro.DEL_FLAG = 0)
        WHERE ope.DEL_FLAG = 0
        ORDER BY ope.OPERATION_NAME ASC
    </select>
    <delete id="deleteRoleOpe">
        UPDATE role_operation
        SET DEL_FLAG = 1
        WHERE ROLE_ID = #{roleId}
          AND OPERATION_KEY = #{opeKey}
    </delete>
 <!--    此处不加DEL_FLAG=0，在修改权限的时候用到，不管是否为0都查出来-->
    <select id="getRoleOpe" resultType="com.epmet.entity.RoleOperationEntity">
        SELECT *
        FROM role_operation
        WHERE
          ROLE_ID = #{roleId}
          AND OPERATION_KEY = #{opeKey}
    </select>
    <update id="enableRoleOpe">
        UPDATE role_operation
        SET DEL_FLAG = 0
        WHERE ROLE_ID = #{roleId}
          AND OPERATION_KEY = #{opeKey}
    </update>
 </mapper>
--- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml
+++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml
@ -16,5 +16,60 @@
        <result property="updatedTime" column="UPDATED_TIME"/>
    </resultMap>
    <!--权限配置：列出scope项-->
    <select id="listScopeOptionsForAccessConfig" resultType="com.epmet.dto.result.AccessConfigScopeResultDTO">
        SELECT os.SCOPE_KEY,
               os.SCOPE_NAME,
               os.SCOPE_INDEX,
               rs.OPERATION_KEY,
               rs.ROLE_ID,
               CASE
                   WHEN rs.ROLE_ID IS NULL
                       THEN FALSE
                   ELSE TRUE
                   END AS assigned
        FROM operation_scope os
                 LEFT JOIN role_scope rs
                 ON (os.SCOPE_KEY = rs.SCOPE_KEY AND rs.DEL_FLAG = 0 AND rs.ROLE_ID = #{roleId} AND
                                             OPERATION_KEY = #{operationKey})
        WHERE os.DEL_FLAG = 0
        ORDER BY SCOPE_KEY ASC
    </select>
    <!--根据角色ID和操作key删除-->
    <delete id="deleteByRoleIdAndOpeKey">
        DELETE
        FROM role_scope
        WHERE ROLE_ID = #{roleId}
          AND OPERATION_KEY = #{operationKey}
          AND SCOPE_KEY IN
          <foreach collection="scopeKeys2Remove" item="scopeKey" open="(" separator="," close=")">
              #{scopeKey}
          </foreach>
    </delete>
    <!--启用-->
    <update id="enableByRoleIdAndOpeKey">
        DELETE
        FROM role_scope
        WHERE ROLE_ID = #{roleId}
        AND OPERATION_KEY = #{operationKey}
        AND SCOPE_KEY = #{scopeKey}
    </update>
    <!--根据角色ID+操作key+范围Key查询。此处不要过滤DEL_FLAG-->
    <select id="getByRoleIdAndOpeKey" resultType="com.epmet.entity.RoleScopeEntity">
        SELECT ro.*
        FROM role_scope ro
        WHERE ro.ROLE_ID = #{roleId}
          AND ro.OPERATION_KEY = #{operationKey}
          AND ro.SCOPE_KEY = #{scopeKey}
    </select>
    <select id="listScopeEntities" resultType="com.epmet.entity.RoleScopeEntity">
        SELECT rs.*
        FROM role_scope rs
        WHERE rs.ROLE_ID = #{roleId}
          AND rs.OPERATION_KEY = #{operationKey}
    </select>
 </mapper>
--- a/epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java
+++ b/epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java
@ -25,13 +25,13 @@ public class AccessSettingTest {
    @Test
    public void addAccessSettings2Redis() {
-        List<AccessSettingResultDTO> settings = roleAccessSettingDao.listAccessSettingsByRoleId("1");
+        List<AccessSettingResultDTO> settings = roleAccessSettingDao.listAccessSettingsByRoleId("1", "org_staff_list");
-        HashMap<String, Object> objectObjectHashMap = new HashMap<>();
+        HashMap<String, String> objectObjectHashMap = new HashMap<>();
        settings.forEach(setting -> {
            objectObjectHashMap.put(setting.getSettingKey(), setting.getSettingValue());
        });
-        roleAccessSettingRedis.set(objectObjectHashMap, "1");
+        roleAccessSettingRedis.set(objectObjectHashMap, "1", "org_staff_list");
-        Map<String, String> map = roleAccessSettingRedis.get("1");
+        Map<String, String> map = roleAccessSettingRedis.get("1", "org_staff_list");
        System.out.println(map);
    }
--- a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java
+++ b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java
@ -83,6 +83,7 @@ public class AgencyController {
     * @Description 组织名称编辑
     */
    @PostMapping("editagency")
    //@RequirePermission(requirePermission = RequirePermissionEnum.ORG_AGENCY_UPDATE)
    public Result editAgency(@LoginUser TokenDto tokenDTO, @RequestBody EditAgencyFormDTO formDTO) {
        formDTO.setUserId(tokenDTO.getUserId());
        ValidatorUtils.validateEntity(formDTO);
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/RoleController.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/RoleController.java
@ -49,6 +49,19 @@ public class RoleController {
    @Autowired
    private RoleService roleService;
    /**
     * 根据客户ID查询该客户的角色列表
     * @param customerId
     * @return
     */
    @PostMapping("rolesbycustomer/{customerId}")
    public Result listRolesByCustomer(@PathVariable("customerId") String customerId) {
        List<RoleDTO> roleEntities = roleService.listRolesByCustomer(customerId);
        return new Result().ok(roleEntities);
    }
    @GetMapping("page")
    public Result<PageData<RoleDTO>> page(@RequestParam Map<String, Object> params){
        PageData<RoleDTO> page = roleService.page(params);
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/dao/RoleDao.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/dao/RoleDao.java
@ -18,8 +18,12 @@
 package com.epmet.dao;
 import com.epmet.commons.mybatis.dao.BaseDao;
 import com.epmet.dto.RoleDTO;
 import com.epmet.entity.RoleEntity;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 import java.util.List;
 /**
 * 角色表
@ -38,4 +42,10 @@ public interface RoleDao extends BaseDao<RoleEntity> {
 	 */
 	RoleEntity selectRoleByKey(RoleEntity param);
 	/**
 	 * 通过客户ID查询客户的角色列表
 	 * @param customerId
 	 * @return
 	 */
    List<RoleDTO> listRolesByCustomer(@Param("customerId") String customerId);
 }
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/RoleService.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/RoleService.java
@ -99,4 +99,6 @@ public interface RoleService extends BaseService<RoleEntity> {
     * @return RoleDTO
     */
    RoleDTO getRoleByKey(RoleDTO role);
    List<RoleDTO> listRolesByCustomer(String customerId);
 }
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/RoleServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/RoleServiceImpl.java
@ -107,4 +107,11 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleDao, RoleEntity> implem
        return ConvertUtils.sourceToTarget(entity, RoleDTO.class);
    }
    @Override
    public List<RoleDTO> listRolesByCustomer(String customerId) {
        return baseDao.listRolesByCustomer(customerId);
    }
 }
--- a/epmet-user/epmet-user-server/src/main/resources/mapper/RoleDao.xml
+++ b/epmet-user/epmet-user-server/src/main/resources/mapper/RoleDao.xml
@ -28,4 +28,10 @@
            and DEL_FLAG = 0
    </select>
    <select id="listRolesByCustomer" resultType="com.epmet.dto.RoleDTO">
        SELECT r.*
        FROM gov_staff_role r
        WHERE r.CUSTOMER_ID = #{customerId}
    </select>
 </mapper>