1.权限过滤-基本完成下级系列，阶段性提交

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java

@@ -1,19 +1,21 @@
 /**
  * Copyright (c) 2018 人人开源 All rights reserved.
- *
+ * <p>
  * https://www.renren.io
- *
+ * <p>
  * 版权所有，侵权必究！
  */
 
 package com.epmet.commons.mybatis.aspect;
 
+import com.epmet.commons.mybatis.constant.OpeScopeConstant;
+import com.epmet.commons.mybatis.dto.form.OperationScopeDTO;
+import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO;
 import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
 import com.epmet.commons.mybatis.entity.DataScope;
 import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
 import com.epmet.commons.tools.aspect.AccessOpeAspect;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
-import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.user.LoginUserUtil;
 import com.epmet.commons.tools.utils.Result;
@@ -27,9 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.CollectionUtils;
 
-import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 /**
  * 数据过滤，切面处理类
@@ -49,6 +49,8 @@ public class DataFilterAspect {
     @Autowired
     private GovAccessFeignClient govAccessFeignClient;
 
+    public static final String orgIdPathSpliter = ":";
+
     @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
     public void dataFilter(JoinPoint point) {
         // 反射的方式
@@ -60,20 +62,39 @@ public class DataFilterAspect {
         //    }
         //}
 
-        String reqiurePermission = AccessOpeAspect.requirePermissionTl.get();
+        String requirePermission = AccessOpeAspect.requirePermissionTl.get();
         // 没有配置所需权限，不做操作，打印提示日志
-        if (StringUtils.isBlank(reqiurePermission)) {
+        if (StringUtils.isBlank(requirePermission)) {
             log.warn("Api编码需要指定所需权限，请在Api上使用@RequirePermission注解完成所需权限配置");
             return;
         }
 
+        StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO();
+        staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp());
+        staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient());
+        staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId());
+        Result<StaffPermCacheResultDTO> result = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO);
+
+        if (result.getCode() != 0) {
+            // 查询不到权限，记录日志，抛出8000异常
+            log.error("调用Access查询权限失败:{}", result.getMsg());
+            throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
+        }
+
+        StaffPermCacheResultDTO permCacheResultDTO = result.getData();
+
+        if (permCacheResultDTO == null || CollectionUtils.isEmpty(permCacheResultDTO.getPermissions())) {
+            log.error("操作权限不足，查询不到权限");
+            throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode());
+        }
+
         // 校验操作权限
-        validateOpePermission(reqiurePermission);
+        validateOpePermission(permCacheResultDTO.getPermissions(), requirePermission);
 
         Object[] methodArgs = point.getArgs();
         for (Object methodArg : methodArgs) {
             if (methodArg instanceof DataScope) {
-                ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment());
+                ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment(permCacheResultDTO.getRoleIdList(), requirePermission, permCacheResultDTO.getOrgIdPath()));
                 return;
             }
         }
@@ -84,38 +105,187 @@ public class DataFilterAspect {
     /**
      * 校验操作权限
      */
-    private void validateOpePermission(String requirePermission) {
-        StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO();
-        staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp());
-        staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient());
-        staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId());
-        Result<Set<String>> permissions = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO);
-        if (permissions.getCode() != 0) {
-            // 查询不到权限，记录日志，抛出8000异常
-            log.error("调用Access查询权限失败:{}", permissions.getMsg());
-            throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
+    private void validateOpePermission(Set<String> permissions, String reqiurePermission) {
+        if (!permissions.contains(reqiurePermission)) {
+            // 权限不足
+            log.error("操作权限不足");
+            throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode());
         }
-
-        if (!CollectionUtils.isEmpty(permissions.getData()) && StringUtils.isNotBlank(requirePermission)
-                && permissions.getData().contains(requirePermission)) {
-            // 权限允许，正常结束
-            return;
-        }
-        // 权限不足抛出异常
-        throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode());
     }
 
     /**
      * 生成过滤sql片段
+     *
      * @return
      */
-    private String getSqlFilterSegment() {
+    private String getSqlFilterSegment(Set<String> roleIds, String reqiurePermission, String orgIdPath) {
         // 根据角色列表查询操作范围列表
+        // todo 暂停，先模拟数据
+        //roleIds.forEach(roleId -> {
+        //    OperationScopeFormDTO osformDto = new OperationScopeFormDTO();
+        //    osformDto.setRoleId(roleId);
+        //    osformDto.setOperationKey(reqiurePermission);
+        //    Result<List<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(osformDto);
+        //    List<OperationScopeDTO> scopeDTOS = result.getData();
+        //});
+        Set<OperationScopeDTO> scopeDTOS = genScopeDtos();
 
-        // 拼接sql语句
+        // 过滤有效范围
+        HashSet<String> scopes = filteScopes(scopeDTOS);
+
+        // 取出父组织ID path 和当前组织ID
+        String pOrgPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter));
+        String currOrgPath = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1);
 
+        StringBuilder sb = new StringBuilder(" AND (");
+        getOrgScopeSql(sb, scopes, currOrgPath, pOrgPath);
+        sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, "");
+        sb.append(") ");
+        // 拼接sql语句
+        sb.replace(141,142,"");
         // TODO
-        return "dept_id in (1,2,3)";
+        return "";
+    }
+
+    /**
+     * 计算范围过滤sql
+     * @param scopes
+     * @param currOrg
+     * @param pOrgPath
+     * @return
+     */
+    private void getOrgScopeSql(StringBuilder sb,HashSet<String> scopes, String currOrg, String pOrgPath) {
+        for (String scope : scopes) {
+            switch (scope) {
+                case OpeScopeConstant.ORG_CURR:
+                    getAgencyCurrScopedSql(sb, currOrg);
+                    sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_CURR_AND_SUB:
+                    getAgencyCurrAndSubScopedSql(sb, pOrgPath);
+                    sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_CURR_SUB:
+                    getAgencyCurrSubScopedSql(sb, pOrgPath, currOrg);
+                    sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_EQUAL:
+                    // todo 同级
+                    //sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_EQUAL_AND_SUB:
+                    // todo 同级及其子级
+                    //sb.append(" OR ");
+                    break;
+                case OpeScopeConstant.ORG_EQUAL_SUB:
+                    // todo 同级的子级
+                    //sb.append(" OR ");
+                    break;
+            }
+        }
+    }
+
+    /**
+     * 本身
+     * @param sb
+     * @param orgId
+     */
+    public void getAgencyCurrScopedSql(StringBuilder sb,String orgId) {
+        sb.append(" ORG_ID = ").append(orgId);
+    }
+
+    /**
+     * 本身及子级
+     * @param sb
+     * @param pOrgIdPath
+     */
+    public void getAgencyCurrAndSubScopedSql(StringBuilder sb,String pOrgIdPath) {
+        sb.append(" ORG_ID_PATH like '").append(pOrgIdPath).append("%'");
+    }
+
+    /**
+     * 子级组织(不含本身)
+     * @param sb
+     */
+    public void getAgencyCurrSubScopedSql(StringBuilder sb,String pOrgIdPath, String currOrgIdPath) {
+        sb.append("ORG_ID_PATH like '").append(pOrgIdPath).append(orgIdPathSpliter).append(currOrgIdPath).append("%'");
+    }
+
+    /**
+     * 过滤有效范围
+     *
+     * @param scopeDTOS
+     * @return
+     */
+    private HashSet<String> filteScopes(Set<OperationScopeDTO> scopeDTOS) {
+        HashMap<String, OperationScopeDTO> filtedScopes = new HashMap<>();
+
+        for (OperationScopeDTO scope : scopeDTOS) {
+            String scopeIndex = scope.getScopeIndex();
+            String[] currArr = scopeIndex.split("_");
+            if ("0".equals(currArr[1])) {
+                // 为0，说明没有包含关系，直接放入
+                filtedScopes.put(scopeIndex, scope);
+                continue;
+            }
+
+            OperationScopeDTO tempScope = filtedScopes.get(currArr[0]);
+            if (tempScope != null) {
+                // 已经有ac开头的了
+                String tempScopeIndex = tempScope.getScopeIndex();
+                if (Integer.valueOf(currArr[1]) < Integer.valueOf(tempScopeIndex.split("_")[1])) {
+                    filtedScopes.put(currArr[0], scope);
+                }
+            } else {
+                filtedScopes.put(currArr[0], scope);
+            }
+        }
+        HashSet<String> scopeStrs = new HashSet<>();
+        Set<Map.Entry<String, OperationScopeDTO>> entries = filtedScopes.entrySet();
+        for (Map.Entry<String, OperationScopeDTO> entry : entries) {
+            scopeStrs.add(entry.getValue().getScopeKey());
+        }
+        return scopeStrs;
+    }
+
+    /**
+     * 模拟范围数据
+     *
+     * @return
+     */
+    private Set<OperationScopeDTO> genScopeDtos() {
+        OperationScopeDTO scopeDTO1 = new OperationScopeDTO();
+        scopeDTO1.setScopeKey("org_curr");
+        scopeDTO1.setScopeName("本机关");
+        scopeDTO1.setScopeIndex("ac_0");
+
+        OperationScopeDTO scopeDTO2 = new OperationScopeDTO();
+        scopeDTO2.setScopeKey("org_curr_and_sub");
+        scopeDTO2.setScopeName("本机关及下级");
+        scopeDTO2.setScopeIndex("ac_501");
+
+        OperationScopeDTO scopeDTO3 = new OperationScopeDTO();
+        scopeDTO3.setScopeKey("org_curr_sub");
+        scopeDTO3.setScopeName("本机关的下级");
+        scopeDTO3.setScopeIndex("ac_502");
+
+        OperationScopeDTO scopeDTO4 = new OperationScopeDTO();
+        scopeDTO4.setScopeKey("org_equal_and_sub");
+        scopeDTO4.setScopeName("同级机关及下级");
+        scopeDTO4.setScopeIndex("ae_601");
+
+        OperationScopeDTO scopeDTO5 = new OperationScopeDTO();
+        scopeDTO5.setScopeKey("org_equal_sub");
+        scopeDTO5.setScopeName("同级机关的下级");
+        scopeDTO5.setScopeIndex("ae_602");
+
+        Set<OperationScopeDTO> scopeDTOS = new HashSet<>();
+        scopeDTOS.add(scopeDTO1);
+        scopeDTOS.add(scopeDTO2);
+        scopeDTOS.add(scopeDTO3);
+        scopeDTOS.add(scopeDTO4);
+        scopeDTOS.add(scopeDTO5);
+        return scopeDTOS;
     }
 
     ///**

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/OpeScopeConstant.java

@@ -0,0 +1,17 @@
+package com.epmet.commons.mybatis.constant;
+
+public class OpeScopeConstant {
+    //"同级组织的下级"
+    public static final String ORG_EQUAL_SUB = "org_equal_sub";
+    //"同级组织及下级"
+    public static final String ORG_EQUAL_AND_SUB = "org_equal_and_sub";
+    //"同级组织"
+    public static final String ORG_EQUAL = "org_equal";
+    //"本组织的下级"
+    public static final String ORG_CURR_SUB = "org_curr_sub";
+    //"本组织及下级"
+    public static final String ORG_CURR_AND_SUB = "org_curr_and_sub";
+    //"本组织"
+    public static final String ORG_CURR = "org_curr";
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java

@@ -0,0 +1,87 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.Date;
+
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+public class OperationScopeDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * id
+     */
+	private String id;
+
+    /**
+     * 范围key
+     */
+	private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+	private String scopeName;
+
+    /**
+     * 范围序号
+     */
+	private String scopeIndex;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeFormDTO.java

@@ -0,0 +1,18 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class OperationScopeFormDTO {
+
+    public interface ListOperationScopeGroup {}
+
+    @NotBlank(message = "角色ID不能为空", groups = {ListOperationScopeGroup.class})
+    private String roleId;
+
+    @NotBlank(message = "操作的key不能为空", groups = {ListOperationScopeGroup.class})
+    private String operationKey;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java

@@ -0,0 +1,25 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import java.util.Set;
+
+@Data
+public class StaffPermCacheResultDTO {
+
+    /**
+     * 权限列表
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色列表
+     */
+    private Set<String> roleIdList;
+
+    /**
+     * 机构Id
+     */
+    private String orgIdPath;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java

@@ -1,12 +1,17 @@
 package com.epmet.commons.mybatis.feign;
 
+import com.epmet.commons.mybatis.dto.form.OperationScopeDTO;
+import com.epmet.commons.mybatis.dto.form.OperationScopeFormDTO;
+import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO;
 import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
 import com.epmet.commons.mybatis.feign.fallback.GovAccessFeignClientFallback;
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.Result;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -17,10 +22,18 @@ import java.util.Set;
 public interface GovAccessFeignClient {
 
     /**
-     * 查询用户当前权限列表(DataFilterAspect中用到)
+     * 查询用户当前权限列表
      * @return
      */
     @PostMapping("/gov/access/access/getcurrpermissions")
-    Result<Set<String>> getStaffCurrPermissions(StaffPermissionFormDTO dto);
+    Result<StaffPermCacheResultDTO> getStaffCurrPermissions(StaffPermissionFormDTO dto);
+
+    /**
+     * 查询角色的操作key对应操作范围列表
+     * @param operationScopeFormDTO
+     * @return
+     */
+    @PostMapping("/gov/access/access/operationscopes")
+    Result<List<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO);
 
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java

@@ -1,5 +1,8 @@
 package com.epmet.commons.mybatis.feign.fallback;
 
+import com.epmet.commons.mybatis.dto.form.OperationScopeDTO;
+import com.epmet.commons.mybatis.dto.form.OperationScopeFormDTO;
+import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO;
 import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
 import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
 import com.epmet.commons.tools.constant.ServiceConstant;
@@ -7,7 +10,7 @@ import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
 import org.springframework.stereotype.Component;
 
-import java.util.Set;
+import java.util.List;
 
 /**
  * 调用政府端权限
@@ -19,7 +22,12 @@ import java.util.Set;
 public class GovAccessFeignClientFallback implements GovAccessFeignClient {
 
     @Override
-    public Result<Set<String>> getStaffCurrPermissions(StaffPermissionFormDTO dto) {
+    public Result<StaffPermCacheResultDTO> getStaffCurrPermissions(StaffPermissionFormDTO dto) {
         return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getStaffCurrPermissions", dto);
     }
+
+    @Override
+    public Result<List<OperationScopeDTO>> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getOperationScopesByRoleId", operationScopeFormDTO);
+    }
 }

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java

@@ -37,8 +37,6 @@ public class AccessOpeAspect {
         RequirePermission requirePermissionAnno = methodSignature.getMethod().getAnnotation(RequirePermission.class);
         String key = requirePermissionAnno.key();
         String desc = requirePermissionAnno.desc();
-        System.out.println(key);
-        System.out.println(desc);
 
         // 放入ThreadLocal，供DataFilterAspect中使用
         requirePermissionTl.set(key);

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java

@@ -34,6 +34,16 @@ public class GovTokenDto extends BaseTokenDto implements Serializable {
      */
     private String customerId;
 
+    /**
+     * 过期时间戳
+     */
+    private Long expireTime;
+
+    /**
+     * 最后一次更新时间
+     */
+    private long updateTime;
+
     /**
      * 当前登录的组织id(顶级)
      */
@@ -55,18 +65,13 @@ public class GovTokenDto extends BaseTokenDto implements Serializable {
     private List<String> deptIdList;
 
     /**
-     * 过期时间戳
-     */
-    private Long expireTime;
-
-    /**
-     * 最后一次更新时间
+     * 功能权限列表，实际上是gov_staff => staff_role => role_operation查询到的operationKey
      */
-    private long updateTime;
+    private Set<String> permissions;
 
     /**
-     * 功能权限列表，实际上是gov_staff => staff_role => role_operation查询到的operationKey
+     * 角色ID列表
      */
-    private Set<String> permissions;
+    private Set<String> roleIdList;
 }
 

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/OperationScopeDTO.java

@@ -0,0 +1,81 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto;
+
+import java.io.Serializable;
+import java.util.Date;
+import lombok.Data;
+
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+public class OperationScopeDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * id
+     */
+	private String id;
+
+    /**
+     * 范围key
+     */
+	private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+	private String scopeName;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleScopeDTO.java

@@ -0,0 +1,86 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dto;
+
+import java.io.Serializable;
+import java.util.Date;
+import lombok.Data;
+
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+public class RoleScopeDTO implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 
+     */
+	private String id;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 范围Key
+     */
+	private String scopeKey;
+
+    /**
+     * 是否删除，0：未删除，1：已删除
+     */
+	private Integer delFlag;
+
+    /**
+     * 乐观锁
+     */
+	private Integer revision;
+
+    /**
+     * 创建者id
+     */
+	private String createdBy;
+
+    /**
+     * 创建时间
+     */
+	private Date createdTime;
+
+    /**
+     * 更新者id
+     */
+	private String updatedBy;
+
+    /**
+     * 更新时间
+     */
+	private Date updatedTime;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/OperationScopeFormDTO.java

@@ -0,0 +1,18 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class OperationScopeFormDTO {
+
+    public interface ListOperationScopeGroup {}
+
+    @NotBlank(message = "角色ID不能为空", groups = {ListOperationScopeGroup.class})
+    private String roleId;
+
+    @NotBlank(message = "操作的key不能为空", groups = {ListOperationScopeGroup.class})
+    private String operationKey;
+
+}

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java

@@ -36,9 +36,19 @@ public class StaffPermCacheFormDTO {
     @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
     private String client;
 
+    /**
+     * 组织ID路径
+     */
+    private String orgIdPath;
+
     /**
      * 权限列表
      */
     private Set<String> permissions;
 
+    /**
+     * 角色列表
+     */
+    private Set<String> roleIdList;
+
 }

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java

@@ -0,0 +1,26 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Set;
+
+@Data
+public class StaffPermCacheResultDTO {
+
+    /**
+     * 权限列表
+     */
+    private Set<String> permissions;
+
+    /**
+     * 角色列表
+     */
+    private Set<String> roleIdList;
+
+    /**
+     * 组织ID
+     */
+    private String orgIdPath;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java

@@ -1,15 +1,20 @@
 package com.epmet.controller;
 
+import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
+import com.epmet.dto.OperationScopeDTO;
+import com.epmet.dto.form.OperationScopeFormDTO;
 import com.epmet.dto.form.StaffPermCacheFormDTO;
+import com.epmet.dto.result.StaffPermCacheResultDTO;
+import com.epmet.entity.OperationScopeEntity;
 import com.epmet.service.AccessService;
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -37,7 +42,9 @@ public class AccessController {
         String app = staffPermCacheFormDTO.getApp();
         String client = staffPermCacheFormDTO.getClient();
         Set<String> permissions = staffPermCacheFormDTO.getPermissions();
-        accessService.updatePermissionCache(staffId, app, client, permissions);
+        Set<String> roleIdList = staffPermCacheFormDTO.getRoleIdList();
+        String orgId = staffPermCacheFormDTO.getOrgIdPath();
+        accessService.updatePermissionCache(staffId, app, client, permissions, roleIdList, orgId);
         return new Result();
     }
 
@@ -46,9 +53,35 @@ public class AccessController {
      * @return
      */
     @PostMapping("getcurrpermissions")
-    public Result<Set<String>> getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) {
+    public Result<StaffPermCacheResultDTO> getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) {
         ValidatorUtils.validateEntity(dto, StaffPermCacheFormDTO.GetStaffCurrPermissions.class);
-        Set<String> permissions = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId());
-        return new Result<Set<String>>().ok(permissions);
+        GovTokenDto govTokenDto = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId());
+        StaffPermCacheResultDTO resultDTO = null;
+        if (govTokenDto != null) {
+            resultDTO = new StaffPermCacheResultDTO();
+            resultDTO.setPermissions(govTokenDto.getPermissions());
+            resultDTO.setRoleIdList(govTokenDto.getRoleIdList());
+            resultDTO.setOrgIdPath(govTokenDto.getOrgIdPath());
+        }
+        return new Result<StaffPermCacheResultDTO>().ok(resultDTO);
+    }
+
+    /**
+     * 查询角色的操作key对应操作范围列表(需要入缓存)
+     * @return
+     */
+    // todo 需要加缓存
+    @PostMapping("operationscopes")
+    public Result<List<OperationScopeDTO>> getOperationScopesByRoleId(@RequestBody OperationScopeFormDTO operationScopeFormDTO) {
+        ValidatorUtils.validateEntity(operationScopeFormDTO, OperationScopeFormDTO.ListOperationScopeGroup.class);
+        List<OperationScopeEntity> scopes = accessService.listOperationScopesByRoleId(operationScopeFormDTO.getRoleId(), operationScopeFormDTO.getOperationKey());
+        ArrayList<OperationScopeDTO> scopeDtos = new ArrayList<>();
+        scopes.forEach(scope -> {
+            OperationScopeDTO scopeDTO = new OperationScopeDTO();
+            BeanUtils.copyProperties(scope, scopeDTO);
+            scopeDtos.add(scopeDTO);
+        });
+
+        return new Result<List<OperationScopeDTO>>().ok(scopeDtos);
     }
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java

@@ -0,0 +1,45 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.entity.OperationScopeEntity;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.springframework.context.annotation.Scope;
+
+import java.util.List;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Mapper
+public interface OperationScopeDao extends BaseDao<OperationScopeEntity> {
+
+    /**
+     * 查询角色的操作key对应操作范围列表
+     * @param roleId 角色id
+     * @param operationKey 操作key
+     * @return
+     */
+    List<OperationScopeEntity> listOperationScopesByRoleId(@Param("roleId") String roleId,
+                                                           @Param("operationKey") String operationKey);
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.dao;
+
+import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.entity.RoleScopeEntity;
+import org.apache.ibatis.annotations.Mapper;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Mapper
+public interface RoleScopeDao extends BaseDao<RoleScopeEntity> {
+	
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/OperationScopeEntity.java

@@ -0,0 +1,51 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("operation_scope")
+public class OperationScopeEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 范围key
+     */
+	private String scopeKey;
+
+    /**
+     * 范围名称
+     */
+	private String scopeName;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleScopeEntity.java

@@ -0,0 +1,56 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+
+import com.epmet.commons.mybatis.entity.BaseEpmetEntity;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+import java.util.Date;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Data
+@EqualsAndHashCode(callSuper=false)
+@TableName("role_scope")
+public class RoleScopeEntity extends BaseEpmetEntity {
+
+	private static final long serialVersionUID = 1L;
+
+    /**
+     * 角色ID
+     */
+	private String roleId;
+
+    /**
+     * 操作key
+     */
+	private String operationKey;
+
+    /**
+     * 范围Key
+     */
+	private String scopeKey;
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java

@@ -0,0 +1,47 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.redis;
+
+import com.epmet.commons.tools.redis.RedisUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Component
+public class OperationScopeRedis {
+    @Autowired
+    private RedisUtils redisUtils;
+
+    public void delete(Object[] ids) {
+
+    }
+
+    public void set(){
+
+    }
+
+    public String get(String id){
+        return null;
+    }
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java

@@ -0,0 +1,47 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.redis;
+
+import com.epmet.commons.tools.redis.RedisUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Component
+public class RoleScopeRedis {
+    @Autowired
+    private RedisUtils redisUtils;
+
+    public void delete(Object[] ids) {
+
+    }
+
+    public void set(){
+
+    }
+
+    public String get(String id){
+        return null;
+    }
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java

@@ -1,5 +1,9 @@
 package com.epmet.service;
 
+import com.epmet.commons.tools.security.dto.GovTokenDto;
+import com.epmet.entity.OperationScopeEntity;
+
+import java.util.List;
 import java.util.Set;
 
 public interface AccessService {
@@ -8,11 +12,19 @@ public interface AccessService {
      * @param staffId
      * @param permissions
      */
-    void updatePermissionCache(String staffId, String app, String client, Set<String> permissions);
+    void updatePermissionCache(String staffId, String app, String client, Set<String> permissions, Set<String> roleIdList, String orgIdPath);
 
     /**
      * 查询用户当前权限列表
      * @return
      */
-    Set<String> listStaffCurrPermissions(String app, String client, String staffId);
+    GovTokenDto listStaffCurrPermissions(String app, String client, String staffId);
+
+    /**
+     * 查询角色的操作key对应操作范围列表
+     * @param roleId
+     * @param operationKey
+     * @return
+     */
+    List<OperationScopeEntity> listOperationScopesByRoleId(String roleId, String operationKey);
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/OperationScopeService.java

@@ -0,0 +1,95 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.service;
+
+import com.epmet.commons.mybatis.service.BaseService;
+import com.epmet.commons.tools.page.PageData;
+import com.epmet.dto.OperationScopeDTO;
+import com.epmet.entity.OperationScopeEntity;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+public interface OperationScopeService extends BaseService<OperationScopeEntity> {
+
+    /**
+     * 默认分页
+     *
+     * @param params
+     * @return PageData<OperationScopeDTO>
+     * @author generator
+     * @date 2020-04-24
+     */
+    PageData<OperationScopeDTO> page(Map<String, Object> params);
+
+    /**
+     * 默认查询
+     *
+     * @param params
+     * @return java.util.List<OperationScopeDTO>
+     * @author generator
+     * @date 2020-04-24
+     */
+    List<OperationScopeDTO> list(Map<String, Object> params);
+
+    /**
+     * 单条查询
+     *
+     * @param id
+     * @return OperationScopeDTO
+     * @author generator
+     * @date 2020-04-24
+     */
+    OperationScopeDTO get(String id);
+
+    /**
+     * 默认保存
+     *
+     * @param dto
+     * @return void
+     * @author generator
+     * @date 2020-04-24
+     */
+    void save(OperationScopeDTO dto);
+
+    /**
+     * 默认更新
+     *
+     * @param dto
+     * @return void
+     * @author generator
+     * @date 2020-04-24
+     */
+    void update(OperationScopeDTO dto);
+
+    /**
+     * 批量删除
+     *
+     * @param ids
+     * @return void
+     * @author generator
+     * @date 2020-04-24
+     */
+    void delete(String[] ids);
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/RoleScopeService.java

@@ -0,0 +1,95 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.service;
+
+import com.epmet.commons.mybatis.service.BaseService;
+import com.epmet.commons.tools.page.PageData;
+import com.epmet.dto.RoleScopeDTO;
+import com.epmet.entity.RoleScopeEntity;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+public interface RoleScopeService extends BaseService<RoleScopeEntity> {
+
+    /**
+     * 默认分页
+     *
+     * @param params
+     * @return PageData<RoleScopeDTO>
+     * @author generator
+     * @date 2020-04-24
+     */
+    PageData<RoleScopeDTO> page(Map<String, Object> params);
+
+    /**
+     * 默认查询
+     *
+     * @param params
+     * @return java.util.List<RoleScopeDTO>
+     * @author generator
+     * @date 2020-04-24
+     */
+    List<RoleScopeDTO> list(Map<String, Object> params);
+
+    /**
+     * 单条查询
+     *
+     * @param id
+     * @return RoleScopeDTO
+     * @author generator
+     * @date 2020-04-24
+     */
+    RoleScopeDTO get(String id);
+
+    /**
+     * 默认保存
+     *
+     * @param dto
+     * @return void
+     * @author generator
+     * @date 2020-04-24
+     */
+    void save(RoleScopeDTO dto);
+
+    /**
+     * 默认更新
+     *
+     * @param dto
+     * @return void
+     * @author generator
+     * @date 2020-04-24
+     */
+    void update(RoleScopeDTO dto);
+
+    /**
+     * 批量删除
+     *
+     * @param ids
+     * @return void
+     * @author generator
+     * @date 2020-04-24
+     */
+    void delete(String[] ids);
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java

@@ -2,6 +2,8 @@ package com.epmet.service.impl;
 
 import com.epmet.commons.tools.security.dto.GovTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
+import com.epmet.dao.OperationScopeDao;
+import com.epmet.entity.OperationScopeEntity;
 import com.epmet.service.AccessService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -10,6 +12,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
 
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 
 @Service
@@ -20,19 +23,25 @@ public class AccessServiceImpl implements AccessService {
     @Autowired
     private CpUserDetailRedis cpUserDetailRedis;
 
+    @Autowired
+    private OperationScopeDao operationScopeDao;
+
     /**
      * 更新权限缓存
      * @param staffId
      * @param permissions
      */
     @Override
-    public void updatePermissionCache(String staffId, String app, String client, Set<String> permissions) {
+    public void updatePermissionCache(String staffId, String app, String client, Set<String> permissions, Set<String> roleIdList, String orgIdPath) {
         GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class);
         if (govTokenDto == null) {
             logger.warn("更新[{}]用户缓存:Redis中不存在该用户TokenDto缓存信息", staffId);
             return ;
         }
+        // 将权限，角色列表，和当前组织ID存入TokenDto
         govTokenDto.setPermissions(permissions);
+        govTokenDto.setRoleIdList(roleIdList);
+        govTokenDto.setOrgIdPath(orgIdPath);
 
         // 将新的TokenDto更新到redis中
         long expire = cpUserDetailRedis.getExpire(app, client, staffId);
@@ -41,11 +50,17 @@ public class AccessServiceImpl implements AccessService {
     }
 
     @Override
-    public Set<String> listStaffCurrPermissions(String app, String client, String staffId) {
-        GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class);
-        if (govTokenDto == null || CollectionUtils.isEmpty(govTokenDto.getPermissions())) {
-            return new HashSet<>();
-        }
-        return new HashSet<>(govTokenDto.getPermissions());
+    public GovTokenDto listStaffCurrPermissions(String app, String client, String staffId) {
+        return cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class);
+    }
+
+    /**
+     * 查询角色的操作key对应操作范围列表
+     * @param roleId
+     * @param operationKey
+     * @return
+     */
+    public List<OperationScopeEntity> listOperationScopesByRoleId(String roleId, String operationKey) {
+        return operationScopeDao.listOperationScopesByRoleId(roleId, operationKey);
     }
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java

@@ -0,0 +1,104 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.service.impl;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
+import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.utils.ConvertUtils;
+import com.epmet.commons.tools.constant.FieldConstant;
+import com.epmet.dao.OperationScopeDao;
+import com.epmet.dto.OperationScopeDTO;
+import com.epmet.entity.OperationScopeEntity;
+import com.epmet.redis.OperationScopeRedis;
+import com.epmet.service.OperationScopeService;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 权限范围表
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Service
+public class OperationScopeServiceImpl extends BaseServiceImpl<OperationScopeDao, OperationScopeEntity> implements OperationScopeService {
+
+    @Autowired
+    private OperationScopeRedis operationScopeRedis;
+
+    @Override
+    public PageData<OperationScopeDTO> page(Map<String, Object> params) {
+        IPage<OperationScopeEntity> page = baseDao.selectPage(
+                getPage(params, FieldConstant.CREATED_TIME, false),
+                getWrapper(params)
+        );
+        return getPageData(page, OperationScopeDTO.class);
+    }
+
+    @Override
+    public List<OperationScopeDTO> list(Map<String, Object> params) {
+        List<OperationScopeEntity> entityList = baseDao.selectList(getWrapper(params));
+
+        return ConvertUtils.sourceToTarget(entityList, OperationScopeDTO.class);
+    }
+
+    private QueryWrapper<OperationScopeEntity> getWrapper(Map<String, Object> params){
+        String id = (String)params.get(FieldConstant.ID_HUMP);
+
+        QueryWrapper<OperationScopeEntity> wrapper = new QueryWrapper<>();
+        wrapper.eq(StringUtils.isNotBlank(id), FieldConstant.ID, id);
+
+        return wrapper;
+    }
+
+    @Override
+    public OperationScopeDTO get(String id) {
+        OperationScopeEntity entity = baseDao.selectById(id);
+        return ConvertUtils.sourceToTarget(entity, OperationScopeDTO.class);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void save(OperationScopeDTO dto) {
+        OperationScopeEntity entity = ConvertUtils.sourceToTarget(dto, OperationScopeEntity.class);
+        insert(entity);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void update(OperationScopeDTO dto) {
+        OperationScopeEntity entity = ConvertUtils.sourceToTarget(dto, OperationScopeEntity.class);
+        updateById(entity);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void delete(String[] ids) {
+        // 逻辑删除（@TableLogic 注解）
+        baseDao.deleteBatchIds(Arrays.asList(ids));
+    }
+
+}

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java

@@ -0,0 +1,104 @@
+/**
+ * Copyright 2018 人人开源 https://www.renren.io
+ * <p>
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.epmet.service.impl;
+
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
+import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.utils.ConvertUtils;
+import com.epmet.commons.tools.constant.FieldConstant;
+import com.epmet.dao.RoleScopeDao;
+import com.epmet.dto.RoleScopeDTO;
+import com.epmet.entity.RoleScopeEntity;
+import com.epmet.redis.RoleScopeRedis;
+import com.epmet.service.RoleScopeService;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 角色能操作哪些范围
+ *
+ * @author generator generator@elink-cn.com
+ * @since v1.0.0 2020-04-24
+ */
+@Service
+public class RoleScopeServiceImpl extends BaseServiceImpl<RoleScopeDao, RoleScopeEntity> implements RoleScopeService {
+
+    @Autowired
+    private RoleScopeRedis roleScopeRedis;
+
+    @Override
+    public PageData<RoleScopeDTO> page(Map<String, Object> params) {
+        IPage<RoleScopeEntity> page = baseDao.selectPage(
+                getPage(params, FieldConstant.CREATED_TIME, false),
+                getWrapper(params)
+        );
+        return getPageData(page, RoleScopeDTO.class);
+    }
+
+    @Override
+    public List<RoleScopeDTO> list(Map<String, Object> params) {
+        List<RoleScopeEntity> entityList = baseDao.selectList(getWrapper(params));
+
+        return ConvertUtils.sourceToTarget(entityList, RoleScopeDTO.class);
+    }
+
+    private QueryWrapper<RoleScopeEntity> getWrapper(Map<String, Object> params){
+        String id = (String)params.get(FieldConstant.ID_HUMP);
+
+        QueryWrapper<RoleScopeEntity> wrapper = new QueryWrapper<>();
+        wrapper.eq(StringUtils.isNotBlank(id), FieldConstant.ID, id);
+
+        return wrapper;
+    }
+
+    @Override
+    public RoleScopeDTO get(String id) {
+        RoleScopeEntity entity = baseDao.selectById(id);
+        return ConvertUtils.sourceToTarget(entity, RoleScopeDTO.class);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void save(RoleScopeDTO dto) {
+        RoleScopeEntity entity = ConvertUtils.sourceToTarget(dto, RoleScopeEntity.class);
+        insert(entity);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void update(RoleScopeDTO dto) {
+        RoleScopeEntity entity = ConvertUtils.sourceToTarget(dto, RoleScopeEntity.class);
+        updateById(entity);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void delete(String[] ids) {
+        // 逻辑删除（@TableLogic 注解）
+        baseDao.deleteBatchIds(Arrays.asList(ids));
+    }
+
+}

epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql

@@ -61,7 +61,8 @@ CREATE TABLE `role_operation`  (
 CREATE TABLE `role_scope`  (
   `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
   `ROLE_ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '角色ID',
-  `SCOPE_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围Key',
+  `OPERATION_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '操作Key',
+  `SCOPE_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围Key',
   `DEL_FLAG` tinyint(1) NULL DEFAULT NULL COMMENT '是否删除，0：未删除，1：已删除',
   `REVISION` int(10) NULL DEFAULT NULL COMMENT '乐观锁',
   `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '创建者id',

epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.epmet.dao.OperationScopeDao">
+
+    <resultMap type="com.epmet.entity.OperationScopeEntity" id="operationScopeMap">
+        <result property="id" column="ID"/>
+        <result property="scopeKey" column="SCOPE_KEY"/>
+        <result property="scopeName" column="SCOPE_NAME"/>
+        <result property="delFlag" column="DEL_FLAG"/>
+        <result property="revision" column="REVISION"/>
+        <result property="createdBy" column="CREATED_BY"/>
+        <result property="createdTime" column="CREATED_TIME"/>
+        <result property="updatedBy" column="UPDATED_BY"/>
+        <result property="updatedTime" column="UPDATED_TIME"/>
+    </resultMap>
+
+    <!--查询角色的操作key对应操作范围列表-->
+    <select id="listOperationScopesByRoleId" resultType="com.epmet.entity.OperationScopeEntity">
+        select os.*
+        from role_scope rs
+                 inner join operation_scope os
+                            on (rs.SCOPE_KEY = os.SCOPE_KEY)
+        where rs.ROLE_ID = #{roleId}
+            and rs.OPERATION_KEY = #{operationKey}
+    </select>
+
+
+</mapper>

epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="com.epmet.dao.RoleScopeDao">
+
+    <resultMap type="com.epmet.entity.RoleScopeEntity" id="roleScopeMap">
+        <result property="id" column="ID"/>
+        <result property="roleId" column="ROLE_ID"/>
+        <result property="operationKey" column="OPERATION_KEY"/>
+        <result property="scopeKey" column="SCOPE_KEY"/>
+        <result property="delFlag" column="DEL_FLAG"/>
+        <result property="revision" column="REVISION"/>
+        <result property="createdBy" column="CREATED_BY"/>
+        <result property="createdTime" column="CREATED_TIME"/>
+        <result property="updatedBy" column="UPDATED_BY"/>
+        <result property="updatedTime" column="UPDATED_TIME"/>
+    </resultMap>
+
+
+</mapper>

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java

@@ -30,7 +30,7 @@ public class AccessController {
     private AccessService accessService;
 
     /**
-     * 查询用户可操作功能列表(包含缓存)
+     * 查询用户可操作功能列表(同时更新缓存)
      * @param tokenDto
      * @param staffOperationDTO
      * @return

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovOrgFeignClient.java

@@ -2,6 +2,7 @@ package com.epmet.feign;
 
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.CustomerAgencyDTO;
 import com.epmet.dto.form.LatestGridFormDTO;
 import com.epmet.dto.result.CustomerGridByUserIdResultDTO;
 import com.epmet.dto.result.LatestCustomerResultDTO;
@@ -49,4 +50,11 @@ public interface GovOrgFeignClient {
     @PostMapping(value = "/gov/org/customerstaffgrid/getstaffgrid")
     Result<CustomerGridByUserIdResultDTO> getStaffGrid(@RequestBody LatestGridFormDTO latestGridFormDTO);
 
+    /**
+     * 根据Id查询agency
+     * @param agencyId
+     * @return
+     */
+    @PostMapping("/gov/org/agency/{agencyId}")
+    Result<CustomerAgencyDTO> getAgencyById(@PathVariable("agencyId") String agencyId);
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovOrgFeignClientFallBack.java

@@ -3,6 +3,7 @@ package com.epmet.feign.fallback;
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.CustomerAgencyDTO;
 import com.epmet.dto.form.LatestGridFormDTO;
 import com.epmet.dto.result.CustomerGridByUserIdResultDTO;
 import com.epmet.dto.result.LatestCustomerResultDTO;
@@ -28,6 +29,11 @@ public class GovOrgFeignClientFallBack implements GovOrgFeignClient {
         return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getStaffGrid",latestGridFormDTO);
     }
 
+    @Override
+    public Result<CustomerAgencyDTO> getAgencyById(String agencyId) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getAgencyById", agencyId);
+    }
+
     @Override
     public Result<LatestCustomerResultDTO> getLatestCustomer(String userId) {
         return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getLatestCustomer", userId);

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java

@@ -1,14 +1,20 @@
 package com.epmet.service.impl;
 
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.CustomerAgencyDTO;
 import com.epmet.dto.GovStaffRoleDTO;
 import com.epmet.dto.form.StaffPermCacheFormDTO;
 import com.epmet.dto.form.StaffRoleFormDTO;
 import com.epmet.dto.result.RoleOperationResultDTO;
 import com.epmet.feign.EpmetUserFeignClient;
 import com.epmet.feign.GovAccessFeignClient;
+import com.epmet.feign.GovOrgFeignClient;
 import com.epmet.service.AccessService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
@@ -21,12 +27,17 @@ import java.util.Set;
 @Service
 public class AccessServiceImpl implements AccessService {
 
+    private static Logger logger = LoggerFactory.getLogger(AccessServiceImpl.class);
+
     @Autowired
     private EpmetUserFeignClient userFeignClient;
 
     @Autowired
     private GovAccessFeignClient govAccessFeignClient;
 
+    @Autowired
+    private GovOrgFeignClient govOrgFeignClient;
+
     @Autowired
     private CpUserDetailRedis cpUserDetailRedis;
 
@@ -49,24 +60,46 @@ public class AccessServiceImpl implements AccessService {
             roleDTOS.addAll(gridResult.getData());
         }
 
-        // 拼装
+        // 拼装操作key列表
         Set<String> opeKeys = new HashSet<>();
+        // 角色ID列表
+        Set<String> roleIds = new HashSet<>();
         roleDTOS.forEach(roleDto -> {
             String roleId = roleDto.getId();
-            List<RoleOperationResultDTO> roleOperations = govAccessFeignClient.listOperationsByRoleId(roleId).getData();
-            roleOperations.forEach(roleOpe -> {
-                if (roleOpe != null) {
-                    opeKeys.add(roleOpe.getOperationKey());
-                }
-            });
+            Result<List<RoleOperationResultDTO>> result = govAccessFeignClient.listOperationsByRoleId(roleId);
+            if (result.getCode() != 0) {
+                // 获取operation异常
+                logger.error("调用GovAccess，根据RoleId查询Operation列表失败:{}", result.getMsg());
+                throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
+            }
+            List<RoleOperationResultDTO> roleOperations = result.getData();
+            // 角色id
+            roleIds.add(roleDto.getId());
+            if (!CollectionUtils.isEmpty(roleOperations)) {
+                roleOperations.forEach(roleOpe -> {
+                    if (roleOpe != null) {
+                        opeKeys.add(roleOpe.getOperationKey());
+                    }
+                });
+            }
         });
 
+        // 查询该直属机关的orgIdPath
+        Result<CustomerAgencyDTO> agencyById = govOrgFeignClient.getAgencyById(agencyId);
+        if (agencyById.getCode() != 0 || agencyById.getData() == null) {
+            logger.error("根据当前机构id[{}]查询pids失败:{}", agencyId, agencyById.getMsg());
+            throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
+        }
+
         // 将最新权限缓存到redis，为了尽量统一操作入口，调用gov-access接口实现
         StaffPermCacheFormDTO staffPermCacheFormDTO = new StaffPermCacheFormDTO();
         staffPermCacheFormDTO.setApp(app);
         staffPermCacheFormDTO.setClient(client);
         staffPermCacheFormDTO.setStaffId(staffId);
         staffPermCacheFormDTO.setPermissions(opeKeys);
+        staffPermCacheFormDTO.setRoleIdList(roleIds);
+        // 拼接orgIdPath
+        staffPermCacheFormDTO.setOrgIdPath(String.format("%s:%s", agencyById.getData().getPids(), agencyId));
         govAccessFeignClient.updatePermissionCache(staffPermCacheFormDTO);
         return opeKeys;
     }

epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java

@@ -18,17 +18,17 @@
 package com.epmet.controller;
 
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.CustomerAgencyDTO;
 import com.epmet.dto.form.*;
 import com.epmet.dto.result.AddAgencyResultDTO;
 import com.epmet.dto.result.AgencyListResultDTO;
 import com.epmet.dto.result.AgencysResultDTO;
 import com.epmet.dto.result.SubAgencyResultDTO;
+import com.epmet.entity.CustomerAgencyEntity;
 import com.epmet.service.AgencyService;
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
@@ -110,4 +110,21 @@ public class AgencyController {
     public Result<List<AgencyListResultDTO>> agencyList(@RequestBody AgencyListFormDTO formDTO) {
         return agencyService.agencyList(formDTO);
     }
+
+    /**
+     * 根据Id查询agency
+     * @param agencyId
+     * @return
+     */
+    @PostMapping("{agencyId}")
+    public Result<CustomerAgencyDTO> getAgencyById(@PathVariable("agencyId") String agencyId) {
+        CustomerAgencyEntity agency = agencyService.getAgencyById(agencyId);
+        CustomerAgencyDTO customerAgencyDTO = new CustomerAgencyDTO();
+        if (agency != null) {
+            BeanUtils.copyProperties(agency, customerAgencyDTO);
+            return new Result<CustomerAgencyDTO>().ok(customerAgencyDTO);
+        }
+        return new Result<CustomerAgencyDTO>();
+    }
+
 }

epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/AgencyService.java

@@ -23,6 +23,7 @@ import com.epmet.dto.result.AddAgencyResultDTO;
 import com.epmet.dto.result.AgencyListResultDTO;
 import com.epmet.dto.result.AgencysResultDTO;
 import com.epmet.dto.result.SubAgencyResultDTO;
+import com.epmet.entity.CustomerAgencyEntity;
 
 import java.util.List;
 
@@ -80,4 +81,11 @@ public interface AgencyService {
      * @Description 获取组织列表
      */
     Result<List<AgencyListResultDTO>> agencyList(AgencyListFormDTO formDTO);
+
+    /**
+     * 根据Id查询
+     * @param agencyId
+     * @return
+     */
+    CustomerAgencyEntity getAgencyById(String agencyId);
 }

epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/impl/AgencyServiceImpl.java

@@ -184,4 +184,9 @@ public class AgencyServiceImpl implements AgencyService {
         List<AgencyListResultDTO> agencyList = customerAgencyDao.selectAgencyList(formDTO.getAgencyId());
         return new Result<List<AgencyListResultDTO>>().ok(agencyList);
     }
+
+    @Override
+    public CustomerAgencyEntity getAgencyById(String agencyId) {
+        return customerAgencyDao.selectById(agencyId);
+    }
 }

epmet-module/gov-org/gov-org-server/src/main/resources/mapper/CustomerStaffDepartmentDao.xml

@@ -22,7 +22,7 @@
             customer_staff_department
         WHERE
             del_flag = '0'
-        AND department_id = #{}
+        AND department_id = #{departmentId}
 
     </select>
 

epmet-user/epmet-user-client/src/main/java/com/epmet/dto/GovStaffRoleDTO.java

@@ -23,7 +23,7 @@ import lombok.Data;
 
 
 /**
- * 政府端角色表
+ * 政府端角色字典表
  *
  * @author generator generator@elink-cn.com
  * @since v1.0.0 2020-04-22

epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java

@@ -1,5 +1,7 @@
 package com.epmet.controller;
 
+import com.epmet.commons.mybatis.entity.DataScope;
+import com.epmet.commons.tools.annotation.RequirePermission;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.GovStaffRoleDTO;
@@ -65,7 +67,7 @@ public class StaffRoleController {
         ValidatorUtils.validateEntity(staffRoleFormDTO, StaffRoleFormDTO.GetStaffsInRole.class);
         String roleKey = staffRoleFormDTO.getRoleKey();
         String orgId = staffRoleFormDTO.getOrgId();
-        List<GovStaffRoleResultDTO> staffRoleDTOS = staffRoleService.listStaffsInRole(roleKey, orgId);
+        List<GovStaffRoleResultDTO> staffRoleDTOS = staffRoleService.listStaffsInRole(roleKey, orgId , DataScope.getDefault());
         return new Result<List<GovStaffRoleResultDTO>>().ok(staffRoleDTOS);
     }
 

epmet-user/epmet-user-server/src/main/java/com/epmet/service/StaffRoleService.java

@@ -17,6 +17,7 @@
 
 package com.epmet.service;
 
+import com.epmet.commons.mybatis.entity.DataScope;
 import com.epmet.commons.mybatis.service.BaseService;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.dto.StaffRoleDTO;
@@ -100,7 +101,7 @@ public interface StaffRoleService extends BaseService<StaffRoleEntity> {
      * @param orgId
      * @return
      */
-    List<GovStaffRoleResultDTO> listStaffsInRole(String roleKey, String orgId);
+    List<GovStaffRoleResultDTO> listStaffsInRole(String roleKey, String orgId, DataScope dataScope);
 
     /**
      * 清空工作人员权限

epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java

@@ -19,6 +19,8 @@ package com.epmet.service.impl;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.epmet.commons.mybatis.annotation.DataFilter;
+import com.epmet.commons.mybatis.entity.DataScope;
 import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.utils.ConvertUtils;
@@ -110,7 +112,7 @@ public class StaffRoleServiceImpl extends BaseServiceImpl<StaffRoleDao, StaffRol
      */
     @Override
     //@DataFilter
-    public List<GovStaffRoleResultDTO> listStaffsInRole(String roleKey, String orgId) {
+    public List<GovStaffRoleResultDTO> listStaffsInRole(String roleKey, String orgId, DataScope dataScope) {
         return baseDao.listStaffIdsByRoleKeyAndOrgId(roleKey, orgId);
     }