1.增加DataFilter相关工具

2.实现了功能级RBAC

epmet-admin/epmet-admin-server/src/main/java/com/epmet/service/impl/NewsServiceImpl.java

@@ -31,7 +31,7 @@ public class NewsServiceImpl extends BaseServiceImpl<NewsDao, NewsEntity> implem
      * mybatis数据权限演示
      */
     @Override
-    @DataFilter(prefix = "AND", isPendingCreator = false)
+    //@DataFilter(prefix = "AND", isPendingCreator = false)
     public PageData<NewsDTO> page(Map<String, Object> params) {
         paramsToLike(params, "title");
 

epmet-auth/src/test/java/com/epmet/TokenGenTest.java

@@ -0,0 +1,63 @@
+package com.epmet;
+
+import com.epmet.common.token.constant.LoginConstant;
+import com.epmet.commons.tools.security.dto.GovTokenDto;
+import com.epmet.commons.tools.utils.CpUserDetailRedis;
+import com.epmet.jwt.JwtTokenProperties;
+import com.epmet.jwt.JwtTokenUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class TokenGenTest {
+
+    @Autowired
+    private JwtTokenProperties jwtTokenProperties;
+
+    @Autowired
+    private JwtTokenUtils jwtTokenUtils;
+
+    @Autowired
+    private CpUserDetailRedis cpUserDetailRedis;
+
+    @Test
+    public void genToken() {
+        String staffId = "wxz";
+        String tokenStr = generateGovWxmpToken(staffId);
+        int expire = jwtTokenProperties.getExpire();
+        GovTokenDto govTokenDto = new GovTokenDto();
+        govTokenDto.setApp(LoginConstant.APP_GOV);
+        govTokenDto.setClient(LoginConstant.CLIENT_WXMP);
+        govTokenDto.setUserId(staffId);
+        govTokenDto.setOpenId("");
+        govTokenDto.setSessionKey("");
+        govTokenDto.setUnionId("");
+        govTokenDto.setToken(tokenStr);
+        govTokenDto.setUpdateTime(System.currentTimeMillis());
+        govTokenDto.setExpireTime(jwtTokenUtils.getExpiration(tokenStr).getTime());
+        govTokenDto.setAgencyId("1");
+        govTokenDto.setCustomerId("f76def116c9c2dc0269cc17867af122c");
+        cpUserDetailRedis.set(govTokenDto, expire);
+    }
+
+    /**
+     * @Description 生成token
+     * @Date 2020/4/18 23:04
+     **/
+    private String generateGovWxmpToken(String staffId) {
+        Map<String, Object> map = new HashMap<>();
+        map.put("app", LoginConstant.APP_GOV);
+        map.put("client", LoginConstant.CLIENT_WXMP);
+        map.put("userId", staffId);
+        String token = jwtTokenUtils.createToken(map);
+        return token;
+    }
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/annotation/DataFilter.java

@@ -25,24 +25,4 @@ public @interface DataFilter {
      */
     String tableAlias() default "";
 
-    /**
-     * 查询条件前缀，可选值有：[where、and]
-     */
-    String prefix() default "";
-
-    /**
-     * 用户ID
-     */
-    String userId() default "creator";
-
-    /**
-     * 部门ID
-     */
-    String deptId() default "dept_id";
-
-    /**
-     * 是否拼接用户ID
-     */
-    boolean isPendingCreator() default true;
-
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java

@@ -8,25 +8,28 @@
 
 package com.epmet.commons.mybatis.aspect;
 
-import cn.hutool.core.collection.CollUtil;
+import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
-import com.epmet.commons.mybatis.annotation.DataFilter;
 import com.epmet.commons.mybatis.entity.DataScope;
-import com.epmet.commons.tools.constant.Constant;
+import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
-import com.epmet.commons.tools.enums.SuperAdminEnum;
+import com.epmet.commons.tools.aspect.AccessOpeAspect;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.exception.RenException;
-import com.epmet.commons.tools.security.user.SecurityUser;
+import com.epmet.commons.tools.security.user.LoginUserUtil;
-import com.epmet.commons.tools.security.user.UserDetail;
+import com.epmet.commons.tools.utils.Result;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
-import org.aspectj.lang.annotation.Pointcut;
+import org.slf4j.Logger;
-import org.aspectj.lang.reflect.MethodSignature;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
 
+import java.util.Arrays;
 import java.util.List;
-import java.util.Map;
+import java.util.Set;
 
 /**
  * 数据过滤，切面处理类
@@ -37,69 +40,124 @@ import java.util.Map;
 @Aspect
 @Component
 public class DataFilterAspect {
-    @Pointcut("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
-    public void dataFilterCut() {
 
-    }
+    private static final Logger log = LoggerFactory.getLogger(DataFilterAspect.class);
+
+    @Autowired
+    private LoginUserUtil loginUserUtil;
+
+    @Autowired
+    private GovAccessFeignClient govAccessFeignClient;
 
-    @Before("dataFilterCut()")
+    @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
     public void dataFilter(JoinPoint point) {
-        Object params = point.getArgs()[0];
+        // 反射的方式
-        if(params != null && params instanceof Map){
+        //MethodSignature signature = (MethodSignature) point.getSignature();
-            UserDetail user = SecurityUser.getUser();
+        //Class[] parameterTypes = signature.getParameterTypes();
-
+        //for (Class parameterType : parameterTypes) {
-            //如果不是超级管理员，则进行数据过滤
+        //    if (parameterType == DataScope.class) {
-            if(user.getSuperAdmin() == SuperAdminEnum.NO.value()){
+        //
-                Map map = (Map)params;
+        //    }
-                String sqlFilter = getSqlFilter(user, point);
+        //}
-                map.put(Constant.SQL_FILTER, new DataScope(sqlFilter));
+
-            }
+        String reqiurePermission = AccessOpeAspect.requirePermissionTl.get();
+        // 没有配置所需权限，不做操作，打印提示日志
+        if (StringUtils.isBlank(reqiurePermission)) {
+            log.warn("Api编码需要指定所需权限，请在Api上使用@RequirePermission注解完成所需权限配置");
+            return;
+        }
 
-            return ;
+        // 校验操作权限
+        validateOpePermission(reqiurePermission);
+
+        Object[] methodArgs = point.getArgs();
+        for (Object methodArg : methodArgs) {
+            if (methodArg instanceof DataScope) {
+                ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment());
+                return;
+            }
         }
 
-        throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR);
+        //throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR);
     }
 
     /**
-     * 获取数据过滤的SQL
+     * 校验操作权限
      */
-    private String getSqlFilter(UserDetail user, JoinPoint point){
+    private void validateOpePermission(String requirePermission) {
-        MethodSignature signature = (MethodSignature) point.getSignature();
+        StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO();
-        DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
+        staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp());
-        //获取表的别名
+        staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient());
-        String tableAlias = dataFilter.tableAlias();
+        staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId());
-        if(StringUtils.isNotBlank(tableAlias)){
+        Result<Set<String>> permissions = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO);
-            tableAlias +=  ".";
+        if (permissions.getCode() != 0) {
+            // 查询不到权限，记录日志，抛出8000异常
+            log.error("调用Access查询权限失败:{}", permissions.getMsg());
+            throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode());
         }
 
-        StringBuilder sqlFilter = new StringBuilder();
+        if (!CollectionUtils.isEmpty(permissions.getData()) && StringUtils.isNotBlank(requirePermission)
-
+                && permissions.getData().contains(requirePermission)) {
-        //查询条件前缀
+            // 权限允许，正常结束
-        String prefix = dataFilter.prefix();
+            return;
-        if(StringUtils.isNotBlank(prefix)){
-            sqlFilter.append(" ").append(prefix);
         }
+        // 权限不足抛出异常
+        throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode());
+    }
 
-        sqlFilter.append(" (");
+    /**
-
+     * 生成过滤sql片段
-        //部门ID列表
+     * @return
-        List<Long> deptIdList = user.getDeptIdList();
+     */
-        if(CollUtil.isNotEmpty(deptIdList)){
+    private String getSqlFilterSegment() {
-            sqlFilter.append(tableAlias).append(dataFilter.deptId());
+        // 根据角色列表查询操作范围列表
-
-            sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")");
-        }
 
-        //查询本人数据
+        // 拼接sql语句
-        if (dataFilter.isPendingCreator()) {
-            if(CollUtil.isNotEmpty(deptIdList)){
-                sqlFilter.append(" or ");
-            }
-            sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId());
-        }
-        sqlFilter.append(")");
 
-        return sqlFilter.toString();
+        // TODO
+        return "dept_id in (1,2,3)";
     }
+
+    ///**
+    // * 获取数据过滤的SQL
+    // */
+    //@Deprecated
+    //private String getSqlFilter(UserDetail user, JoinPoint point){
+    //    MethodSignature signature = (MethodSignature) point.getSignature();
+    //    DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
+    //    //获取表的别名
+    //    String tableAlias = dataFilter.tableAlias();
+    //    if(StringUtils.isNotBlank(tableAlias)){
+    //        tableAlias +=  ".";
+    //    }
+    //
+    //    StringBuilder sqlFilter = new StringBuilder();
+    //
+    //    //查询条件前缀
+    //    String prefix = dataFilter.prefix();
+    //    if(StringUtils.isNotBlank(prefix)){
+    //        sqlFilter.append(" ").append(prefix);
+    //    }
+    //
+    //    sqlFilter.append(" (");
+    //
+    //    //部门ID列表
+    //    List<Long> deptIdList = user.getDeptIdList();
+    //    if(CollUtil.isNotEmpty(deptIdList)){
+    //        sqlFilter.append(tableAlias).append(dataFilter.deptId());
+    //
+    //        sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")");
+    //    }
+    //
+    //    //查询本人数据
+    //    if (dataFilter.isPendingCreator()) {
+    //        if(CollUtil.isNotEmpty(deptIdList)){
+    //            sqlFilter.append(" or ");
+    //        }
+    //        sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId());
+    //    }
+    //    sqlFilter.append(")");
+    //
+    //    return sqlFilter.toString();
+    //}
 }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspectBak.java

@@ -0,0 +1,106 @@
+///**
+// * Copyright (c) 2018 人人开源 All rights reserved.
+// *
+// * https://www.renren.io
+// *
+// * 版权所有，侵权必究！
+// */
+//
+//package com.epmet.commons.mybatis.aspect;
+//
+//import cn.hutool.core.collection.CollUtil;
+//import com.epmet.commons.mybatis.annotation.DataFilter;
+//import com.epmet.commons.mybatis.entity.DataScope;
+//import com.epmet.commons.tools.constant.Constant;
+//import com.epmet.commons.tools.enums.SuperAdminEnum;
+//import com.epmet.commons.tools.exception.ErrorCode;
+//import com.epmet.commons.tools.exception.RenException;
+//import com.epmet.commons.tools.security.user.SecurityUser;
+//import com.epmet.commons.tools.security.user.UserDetail;
+//import org.apache.commons.lang3.StringUtils;
+//import org.aspectj.lang.JoinPoint;
+//import org.aspectj.lang.annotation.Aspect;
+//import org.aspectj.lang.annotation.Before;
+//import org.aspectj.lang.annotation.Pointcut;
+//import org.aspectj.lang.reflect.MethodSignature;
+//import org.springframework.stereotype.Component;
+//
+//import java.util.Arrays;
+//import java.util.List;
+//import java.util.Map;
+//
+///**
+// * 数据过滤，切面处理类
+// *
+// * @author Mark sunlightcs@gmail.com
+// * @since 1.0.0
+// */
+//@Aspect
+//@Component
+//public class DataFilterAspectBak {
+//    @Pointcut("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)")
+//    public void dataFilterCut() {
+//
+//    }
+//
+//    @Before("dataFilterCut()")
+//    public void dataFilter(JoinPoint point) {
+//        Object params = point.getArgs()[0];
+//        if(params != null && params instanceof Map){
+//            UserDetail user = SecurityUser.getUser();
+//
+//            //如果不是超级管理员，则进行数据过滤
+//            if(user.getSuperAdmin() == SuperAdminEnum.NO.value()){
+//                Map map = (Map)params;
+//                String sqlFilter = getSqlFilter(user, point);
+//                map.put(Constant.SQL_FILTER, new DataScope(sqlFilter));
+//            }
+//
+//            return ;
+//        }
+//
+//        throw new RenException(ErrorCode.DATA_SCOPE_PARAMS_ERROR);
+//    }
+//
+//    /**
+//     * 获取数据过滤的SQL
+//     */
+//    private String getSqlFilter(UserDetail user, JoinPoint point){
+//        MethodSignature signature = (MethodSignature) point.getSignature();
+//        DataFilter dataFilter = signature.getMethod().getAnnotation(DataFilter.class);
+//        //获取表的别名
+//        String tableAlias = dataFilter.tableAlias();
+//        if(StringUtils.isNotBlank(tableAlias)){
+//            tableAlias +=  ".";
+//        }
+//
+//        StringBuilder sqlFilter = new StringBuilder();
+//
+//        //查询条件前缀
+//        String prefix = dataFilter.prefix();
+//        if(StringUtils.isNotBlank(prefix)){
+//            sqlFilter.append(" ").append(prefix);
+//        }
+//
+//        sqlFilter.append(" (");
+//
+//        //部门ID列表
+//        List<Long> deptIdList = user.getDeptIdList();
+//        if(CollUtil.isNotEmpty(deptIdList)){
+//            sqlFilter.append(tableAlias).append(dataFilter.deptId());
+//
+//            sqlFilter.append(" in(").append(StringUtils.join(deptIdList, ",")).append(")");
+//        }
+//
+//        //查询本人数据
+//        if (dataFilter.isPendingCreator()) {
+//            if(CollUtil.isNotEmpty(deptIdList)){
+//                sqlFilter.append(" or ");
+//            }
+//            sqlFilter.append(tableAlias).append(dataFilter.userId()).append("=").append(user.getId());
+//        }
+//        sqlFilter.append(")");
+//
+//        return sqlFilter.toString();
+//    }
+//}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermissionFormDTO.java

@@ -0,0 +1,26 @@
+package com.epmet.commons.mybatis.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import java.util.Set;
+
+@Data
+public class StaffPermissionFormDTO {
+
+    /**
+     * 工作人员 id
+     */
+    private String staffId;
+
+    /**
+     * 登录头信息app
+     */
+    private String app;
+
+    /**
+     * 登录头信息client
+     */
+    private String client;
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/entity/DataScope.java

@@ -1,8 +1,8 @@
 /**
  * Copyright (c) 2018 人人开源 All rights reserved.
- *
+ * <p>
  * https://www.renren.io
- *
+ * <p>
  * 版权所有，侵权必究！
  */
 
@@ -15,8 +15,13 @@ package com.epmet.commons.mybatis.entity;
  * @since 1.0.0
  */
 public class DataScope {
+
     private String sqlFilter;
 
+    public static DataScope getDefault() {
+        return new DataScope("");
+    }
+
     public DataScope(String sqlFilter) {
         this.sqlFilter = sqlFilter;
     }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java

@@ -0,0 +1,26 @@
+package com.epmet.commons.mybatis.feign;
+
+import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
+import com.epmet.commons.mybatis.feign.fallback.GovAccessFeignClientFallback;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.Set;
+
+/**
+ * @Description
+ * @Author sun
+ */
+@FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class)
+public interface GovAccessFeignClient {
+
+    /**
+     * 查询用户当前权限列表(DataFilterAspect中用到)
+     * @return
+     */
+    @PostMapping("/gov/access/access/getcurrpermissions")
+    Result<Set<String>> getStaffCurrPermissions(StaffPermissionFormDTO dto);
+
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java

@@ -0,0 +1,25 @@
+package com.epmet.commons.mybatis.feign.fallback;
+
+import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO;
+import com.epmet.commons.mybatis.feign.GovAccessFeignClient;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.utils.ModuleUtils;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.stereotype.Component;
+
+import java.util.Set;
+
+/**
+ * 调用政府端权限
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/24 11:17
+ **/
+@Component
+public class GovAccessFeignClientFallback implements GovAccessFeignClient {
+
+    @Override
+    public Result<Set<String>> getStaffCurrPermissions(StaffPermissionFormDTO dto) {
+        return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getStaffCurrPermissions", dto);
+    }
+}

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/handler/FieldMetaObjectHandler.java

@@ -22,6 +22,7 @@ import com.epmet.commons.tools.security.user.SecurityUser;
 import com.epmet.commons.tools.security.user.UserDetail;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.ibatis.reflection.MetaObject;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import java.util.Date;
@@ -40,11 +41,14 @@ public class FieldMetaObjectHandler implements MetaObjectHandler {
     private final static String UPDATER = "updater";
     private final static String DEPT_ID = "deptId";
 
+    @Autowired
+    private LoginUserUtil loginUserUtil;
+
     @Override
     public void insertFill(MetaObject metaObject) {
         Date date = new Date();
         if (metaObject.getOriginalObject() instanceof BaseEpmetEntity) {
-            String loginUserId = LoginUserUtil.getLoginUserId();
+            String loginUserId = loginUserUtil.getLoginUserId();
             // epmet项目新增的
             loginUserId = StringUtils.isBlank(loginUserId) ? Constant.APP_USER_FLAG : loginUserId;
             //Long deptId = user == null ? null : user.getDeptId();
@@ -107,7 +111,7 @@ public class FieldMetaObjectHandler implements MetaObjectHandler {
             //更新时间
             setFieldValByName(UPDATE_DATE, new Date(), metaObject);
         } else if (fillEsuaEntity) {
-            String loginUserId = LoginUserUtil.getLoginUserId();
+            String loginUserId = loginUserUtil.getLoginUserId();
             String userId = StringUtils.isBlank(loginUserId) ? Constant.APP_USER_FLAG : loginUserId;
             setFieldValByName(FieldConstant.UPDATED_BY_HUMP, userId, metaObject);
             setFieldValByName(FieldConstant.UPDATED_TIME_HUMP, new Date(), metaObject);

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java

@@ -8,6 +8,7 @@
 
 package com.epmet.commons.mybatis.interceptor;
 
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
 import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
@@ -55,12 +56,17 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I
         // 判断参数里是否有DataScope对象
         DataScope scope = null;
         if (paramObj instanceof DataScope) {
+            // 直接传入DataScope，不分页？
             scope = (DataScope) paramObj;
         } else if (paramObj instanceof Map) {
+            // 入参是一个Map
             for (Object arg : ((Map) paramObj).values()) {
                 if (arg instanceof DataScope) {
                     scope = (DataScope) arg;
                     break;
+                } else if (arg instanceof QueryWrapper) {
+                    // 通过Mybatis-plus封装的通用方法进行查询
+                    break;
                 }
             }
         }

epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptorBak.java

@@ -0,0 +1,100 @@
+///**
+// * Copyright (c) 2018 人人开源 All rights reserved.
+// * <p>
+// * https://www.renren.io
+// * <p>
+// * 版权所有，侵权必究！
+// */
+//
+//package com.epmet.commons.mybatis.interceptor;
+//
+//import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
+//import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
+//import com.epmet.commons.mybatis.entity.DataScope;
+//import org.apache.ibatis.executor.statement.StatementHandler;
+//import org.apache.ibatis.mapping.BoundSql;
+//import org.apache.ibatis.mapping.MappedStatement;
+//import org.apache.ibatis.mapping.SqlCommandType;
+//import org.apache.ibatis.plugin.*;
+//import org.apache.ibatis.reflection.MetaObject;
+//import org.apache.ibatis.reflection.SystemMetaObject;
+//
+//import java.sql.Connection;
+//import java.util.Map;
+//import java.util.Properties;
+//
+///**
+// * 数据过滤
+// *
+// * @author Mark sunlightcs@gmail.com
+// * @since 1.0.0
+// */
+//@Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})})
+//public class DataFilterInterceptorBak extends AbstractSqlParserHandler implements Interceptor {
+//
+//    @Override
+//    public Object intercept(Invocation invocation) throws Throwable {
+//        StatementHandler statementHandler = (StatementHandler) PluginUtils.realTarget(invocation.getTarget());
+//        MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
+//
+//        // SQL解析
+//        this.sqlParser(metaObject);
+//
+//        // 先判断是不是SELECT操作
+//        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
+//        if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
+//            return invocation.proceed();
+//        }
+//
+//        // 针对定义了rowBounds，做为mapper接口方法的参数
+//        BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
+//        String originalSql = boundSql.getSql();
+//        Object paramObj = boundSql.getParameterObject();
+//
+//        // 判断参数里是否有DataScope对象
+//        DataScope scope = null;
+//        if (paramObj instanceof DataScope) {
+//            scope = (DataScope) paramObj;
+//        } else if (paramObj instanceof Map) {
+//            for (Object arg : ((Map) paramObj).values()) {
+//                if (arg instanceof DataScope) {
+//                    scope = (DataScope) arg;
+//                    break;
+//                }
+//            }
+//        }
+//
+//        // 不用数据过滤
+//        if (scope == null) {
+//            return invocation.proceed();
+//        }
+//
+//        // 拼接新SQL
+//        String orderBy = "ORDER BY";
+//        String groupBy = "GROUP BY";
+//        if (originalSql.indexOf(groupBy) > -1) {
+//            originalSql = originalSql.replace(groupBy, scope.getSqlFilter() + groupBy);
+//        } else if (originalSql.indexOf(orderBy) > -1) {
+//            originalSql = originalSql.replace(orderBy, scope.getSqlFilter() + orderBy);
+//        } else {
+//            originalSql = originalSql + scope.getSqlFilter();
+//        }
+//
+//        // 重写SQL
+//        metaObject.setValue("delegate.boundSql.sql", originalSql);
+//        return invocation.proceed();
+//    }
+//
+//    @Override
+//    public Object plugin(Object target) {
+//        if (target instanceof StatementHandler) {
+//            return Plugin.wrap(target, this);
+//        }
+//        return target;
+//    }
+//
+//    @Override
+//    public void setProperties(Properties properties) {
+//
+//    }
+//}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java

@@ -0,0 +1,36 @@
+/**
+ * Copyright 2018 人人开源 http://www.renren.io
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.epmet.commons.tools.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * 权限注解
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/23 16:17
+ **/
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface RequirePermission {
+
+    String key() default "";
+
+    String desc() default "";
+
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java

@@ -0,0 +1,46 @@
+/**
+ * Copyright (c) 2018 人人开源 All rights reserved.
+ *
+ * https://www.renren.io
+ *
+ * 版权所有，侵权必究！
+ */
+
+package com.epmet.commons.tools.aspect;
+
+import com.epmet.commons.tools.annotation.RequirePermission;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+
+/**
+ * 每次请求，过滤Api中配置的权限key出来
+ * @Author wxz
+ * @Description
+ * @Date 2020/4/23 16:16
+ **/
+@Aspect
+@Component
+public class AccessOpeAspect {
+
+    /**
+     * 存储所需操作权限的 ThreadLocal
+     */
+    public static final ThreadLocal<String> requirePermissionTl = new ThreadLocal<>();
+
+    @Before("@annotation(com.epmet.commons.tools.annotation.RequirePermission)")
+    public void before(JoinPoint point) throws Throwable {
+        // 取RequirePermission注解
+        MethodSignature methodSignature = (MethodSignature) point.getSignature();
+        RequirePermission requirePermissionAnno = methodSignature.getMethod().getAnnotation(RequirePermission.class);
+        String key = requirePermissionAnno.key();
+        String desc = requirePermissionAnno.desc();
+        System.out.println(key);
+        System.out.println(desc);
+
+        // 放入ThreadLocal，供DataFilterAspect中使用
+        requirePermissionTl.set(key);
+    }
+}

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/EpmetErrorCode.java

@@ -27,7 +27,8 @@ public enum EpmetErrorCode {
 	MESSAGE_SMS_SEND_ERROR(8105, "短信发送失败"),
 
     CANNOT_AUDIT_WARM(8201, "请完善居民信息"),
-	NOT_DEL_AGENCY(8202, "该机关存在下级机关，不允许删除");
+	NOT_DEL_AGENCY(8202, "该机关存在下级机关，不允许删除"),
+	REQUIRE_PERMISSION(8203, "没有足够的操作权限");
 
 
 	private int code;

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/exception/RenExceptionHandler.java

@@ -44,6 +44,8 @@ public class RenExceptionHandler {
 	private ModuleConfig moduleConfig;
 	@Autowired
 	private LogProducer logProducer;
+	@Autowired
+	private LoginUserUtil loginUserUtil;
 
 	/**
 	 * 处理自定义异常
@@ -120,7 +122,7 @@ public class RenExceptionHandler {
 
 		//登录用户ID
 
-		log.setCreator(LoginUserUtil.getLoginUserId());
+		log.setCreator(loginUserUtil.getLoginUserId());
 		//异常信息
 		log.setErrorInfo(ExceptionUtils.getErrorStackTrace(ex));
 

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java

@@ -67,6 +67,6 @@ public class GovTokenDto extends BaseTokenDto implements Serializable {
     /**
      * 功能权限列表，实际上是gov_staff => staff_role => role_operation查询到的operationKey
      */
-    private List<String> permissions;
+    private Set<String> permissions;
 }
 

epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/user/LoginUserUtil.java

@@ -1,33 +1,82 @@
 package com.epmet.commons.tools.security.user;
 
-import com.epmet.commons.tools.constant.Constant;
+import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.utils.HttpContextUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.stereotype.Component;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.List;
 
 /**
  * 登录用户相关工具
  */
+@Component
 public class LoginUserUtil {
 
+    //@Autowired
+    //private
+
     /**
      * 查询登录用户的id
      * @return
      */
-    public static String getLoginUserId() {
+    public String getLoginUserId() {
         HttpServletRequest request = HttpContextUtils.getHttpServletRequest();
         if (request == null) {
             return null;
         }
 
-        String userId = request.getHeader(Constant.USER_KEY);
+        String userId = request.getHeader(AppClientConstant.USER_ID);
         if (StringUtils.isBlank(userId)) {
             return null;
         }
         return userId;
     }
+
+    /**
+     * 登录用户的App头信息
+     * @return
+     */
+    public String getLoginUserApp() {
+        HttpServletRequest request = HttpContextUtils.getHttpServletRequest();
+        if (request == null) {
+            return null;
+        }
+
+        String app = request.getHeader(AppClientConstant.APP);
+        if (StringUtils.isBlank(app)) {
+            return null;
+        }
+        return app;
+    }
+
+    /**
+     * 获取登录用户client头信息
+     * @return
+     */
+    public String getLoginUserClient() {
+        HttpServletRequest request = HttpContextUtils.getHttpServletRequest();
+        if (request == null) {
+            return null;
+        }
+
+        String client = request.getHeader(AppClientConstant.CLIENT);
+        if (StringUtils.isBlank(client)) {
+            return null;
+        }
+        return client;
+    }
+
+    /**
+     * 获取用户的部门ID列表
+     * @return
+     */
+    public List<String> getLoginUserDepartments() {
+        String loginUserId = getLoginUserId();
+        String loginUserApp = getLoginUserApp();
+        String loginUserClient = getLoginUserClient();
+        // todo
+        return null;
+    }
 }

epmet-gateway/pom.xml

@@ -157,12 +157,12 @@
                 <gateway.routes.resi-partymember-server.uri>lb://resi-partymember-server</gateway.routes.resi-partymember-server.uri>
 
                 <!--18.政府端-权限-服务-->
-            <!--<gateway.routes.gov-access-server.uri>http://127.0.0.1:8099</gateway.routes.gov-access-server.uri>-->
+            <gateway.routes.gov-access-server.uri>http://127.0.0.1:8099</gateway.routes.gov-access-server.uri>
-                <gateway.routes.gov-access-server.uri>lb://gov-access-server</gateway.routes.gov-access-server.uri>
+                <!--<gateway.routes.gov-access-server.uri>lb://gov-access-server</gateway.routes.gov-access-server.uri>-->
 
                 <!--19.政府端-我的-服务-->
-            <!--<gateway.routes.gov-mine-server.uri>http://127.0.0.1:8098</gateway.routes.gov-mine-server.uri>-->
+            <gateway.routes.gov-mine-server.uri>http://127.0.0.1:8098</gateway.routes.gov-mine-server.uri>
-                <gateway.routes.gov-mine-server.uri>lb://gov-mine-server</gateway.routes.gov-mine-server.uri>
+                <!--<gateway.routes.gov-mine-server.uri>lb://gov-mine-server</gateway.routes.gov-mine-server.uri>-->
             </properties>
         </profile>
         <profile>

epmet-gateway/src/main/java/com/epmet/filter/FeignRequestFilter.java

@@ -1,5 +1,6 @@
 package com.epmet.filter;
 
+import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.Constant;
 import com.epmet.commons.tools.security.dto.BaseTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
@@ -54,7 +55,7 @@ public class FeignRequestFilter implements GlobalFilter, UserTokenFilter {
 
         if (baseTokenDto != null) {
             ServerHttpRequest build = exchange.getRequest().mutate()
-                    .header(Constant.USER_KEY, new String[]{baseTokenDto.getUserId()}).build();
+                    .header(AppClientConstant.USER_ID, new String[]{baseTokenDto.getUserId()}).build();
             return chain.filter(exchange.mutate().request(build).build());
         }
 

epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java

@@ -3,7 +3,7 @@ package com.epmet.dto.form;
 import lombok.Data;
 
 import javax.validation.constraints.NotBlank;
-import java.util.List;
+import java.util.Set;
 
 @Data
 public class StaffPermCacheFormDTO {
@@ -13,27 +13,32 @@ public class StaffPermCacheFormDTO {
      */
     public interface UpdatePermissionCache {}
 
+    /**
+     * 查询当前权限列表
+     */
+    public interface GetStaffCurrPermissions {}
+
     /**
      * 工作人员 id
      */
-    @NotBlank(message = "工作人员ID不能为空", groups = {UpdatePermissionCache.class})
+    @NotBlank(message = "工作人员ID不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
     private String staffId;
 
     /**
      * 登录头信息app
      */
-    @NotBlank(message = "登录头信息app不能为空", groups = {UpdatePermissionCache.class})
+    @NotBlank(message = "登录头信息app不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
     private String app;
 
     /**
      * 登录头信息client
      */
-    @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class})
+    @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class})
     private String client;
 
     /**
      * 权限列表
      */
-    private List<String> permissions;
+    private Set<String> permissions;
 
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java

@@ -10,7 +10,7 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
+import java.util.Set;
 
 /**
  * 权限相关Api
@@ -36,8 +36,19 @@ public class AccessController {
         String staffId = staffPermCacheFormDTO.getStaffId();
         String app = staffPermCacheFormDTO.getApp();
         String client = staffPermCacheFormDTO.getClient();
-        List<String> permissions = staffPermCacheFormDTO.getPermissions();
+        Set<String> permissions = staffPermCacheFormDTO.getPermissions();
         accessService.updatePermissionCache(staffId, app, client, permissions);
         return new Result();
     }
+
+    /**
+     * 查询用户当前权限列表(DataFilterAspect中用到)
+     * @return
+     */
+    @PostMapping("getcurrpermissions")
+    public Result<Set<String>> getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) {
+        ValidatorUtils.validateEntity(dto, StaffPermCacheFormDTO.GetStaffCurrPermissions.class);
+        Set<String> permissions = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId());
+        return new Result<Set<String>>().ok(permissions);
+    }
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java

@@ -1,6 +1,6 @@
 package com.epmet.service;
 
-import java.util.List;
+import java.util.Set;
 
 public interface AccessService {
     /**
@@ -8,5 +8,11 @@ public interface AccessService {
      * @param staffId
      * @param permissions
      */
-    void updatePermissionCache(String staffId, String app, String client, List<String> permissions);
+    void updatePermissionCache(String staffId, String app, String client, Set<String> permissions);
+
+    /**
+     * 查询用户当前权限列表
+     * @return
+     */
+    Set<String> listStaffCurrPermissions(String app, String client, String staffId);
 }

epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java

@@ -7,8 +7,10 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
 
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
 
 @Service
 public class AccessServiceImpl implements AccessService {
@@ -24,7 +26,7 @@ public class AccessServiceImpl implements AccessService {
      * @param permissions
      */
     @Override
-    public void updatePermissionCache(String staffId, String app, String client, List<String> permissions) {
+    public void updatePermissionCache(String staffId, String app, String client, Set<String> permissions) {
         GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class);
         if (govTokenDto == null) {
             logger.warn("更新[{}]用户缓存:Redis中不存在该用户TokenDto缓存信息", staffId);
@@ -37,4 +39,13 @@ public class AccessServiceImpl implements AccessService {
         cpUserDetailRedis.set(govTokenDto, expire);
         logger.warn("更新[{}]用户缓存成功。", staffId);
     }
+
+    @Override
+    public Set<String> listStaffCurrPermissions(String app, String client, String staffId) {
+        GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class);
+        if (govTokenDto == null || CollectionUtils.isEmpty(govTokenDto.getPermissions())) {
+            return new HashSet<>();
+        }
+        return new HashSet<>(govTokenDto.getPermissions());
+    }
 }

epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql

@@ -61,7 +61,7 @@ CREATE TABLE `role_operation`  (
 CREATE TABLE `role_scope`  (
   `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL,
   `ROLE_ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '角色ID',
-  `PERMISSION_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '权限key',
+  `SCOPE_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围Key',
   `DEL_FLAG` tinyint(1) NULL DEFAULT NULL COMMENT '是否删除，0：未删除，1：已删除',
   `REVISION` int(10) NULL DEFAULT NULL COMMENT '乐观锁',
   `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '创建者id',

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java

@@ -29,14 +29,21 @@ public class AccessController {
     @Autowired
     private AccessService accessService;
 
+    /**
+     * 查询用户可操作功能列表(包含缓存)
+     * @param tokenDto
+     * @param staffOperationDTO
+     * @return
+     */
     @PostMapping("getstaffoperations")
     public Result<Set<String>> getStaffOperations(@LoginUser TokenDto tokenDto, @RequestBody StaffOperationDTO staffOperationDTO) {
     //public Result<Set<String>> getStaffOperations(@RequestBody StaffOperationDTO staffOperationDTO) {
         String agencyId = staffOperationDTO.getAgencyId();
         String gridId = staffOperationDTO.getGridId();
         String staffId = tokenDto.getUserId();
-        Set<String> opeKeys = accessService.listOpeKeysByStaffId(staffId, agencyId, gridId);
+        String app = tokenDto.getApp();
+        String client = tokenDto.getClient();
+        Set<String> opeKeys = accessService.listOpeKeysByStaffId(app, client, staffId,agencyId, gridId);
         return new Result<Set<String>>().ok(opeKeys);
     }
-
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovAccessFeignClient.java

@@ -2,14 +2,13 @@ package com.epmet.feign;
 
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.Result;
-import com.epmet.dto.result.CustomerGridByUserIdResultDTO;
+import com.epmet.dto.form.StaffPermCacheFormDTO;
 import com.epmet.dto.result.RoleOperationResultDTO;
 import com.epmet.feign.fallback.GovAccessFeignClientFallback;
-import com.epmet.feign.fallback.GovOrgFeignClientFallBack;
 import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 
 import java.util.List;
 
@@ -20,6 +19,19 @@ import java.util.List;
 @FeignClient(name = ServiceConstant.GOV_ACCESS_SERVER, fallback = GovAccessFeignClientFallback.class)
 public interface GovAccessFeignClient {
 
+    /**
+     * 根据角色ID查询角色权限列表
+     * @param roleId
+     * @return
+     */
     @PostMapping("/gov/access/role/operations/{roleId}")
     Result<List<RoleOperationResultDTO>> listOperationsByRoleId(@PathVariable("roleId") String roleId);
+
+    /**
+     * 刷新用户权限缓存
+     * @param staffPermCacheFormDTO
+     * @return
+     */
+    @PostMapping("/gov/access/access/updatepermissioncache")
+    Result updatePermissionCache(@RequestBody StaffPermCacheFormDTO staffPermCacheFormDTO);
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovAccessFeignClientFallback.java

@@ -3,14 +3,11 @@ package com.epmet.feign.fallback;
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
-import com.epmet.dto.StaffRoleDTO;
+import com.epmet.dto.form.StaffPermCacheFormDTO;
-import com.epmet.dto.form.StaffRoleFormDTO;
-import com.epmet.dto.result.CustomerGridByUserIdResultDTO;
-import com.epmet.dto.result.LatestCustomerResultDTO;
 import com.epmet.dto.result.RoleOperationResultDTO;
-import com.epmet.feign.EpmetUserFeignClient;
 import com.epmet.feign.GovAccessFeignClient;
 import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.RequestBody;
 
 import java.util.List;
 
@@ -25,4 +22,14 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient {
 	public Result<List<RoleOperationResultDTO>> listOperationsByRoleId(String roleId) {
 		return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listOperationsByRoleId");
 	}
+
+	/**
+	 * 刷新用户权限缓存
+	 * @param staffPermCacheFormDTO
+	 * @return
+	 */
+	@Override
+	public Result updatePermissionCache(@RequestBody StaffPermCacheFormDTO staffPermCacheFormDTO) {
+		return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "updatePermissionCache");
+	}
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/AccessService.java

@@ -12,8 +12,7 @@ import java.util.Set;
 public interface AccessService {
     /**
      * 根据staffId查询角色Key列表
-     * @param staffId
      * @return
      */
-    Set<String> listOpeKeysByStaffId(String staffId, String agencyId, String gridId);
+    Set<String> listOpeKeysByStaffId(String app, String client, String staffId, String agencyId, String gridId);
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java

@@ -1,8 +1,9 @@
 package com.epmet.service.impl;
 
+import com.epmet.commons.tools.utils.CpUserDetailRedis;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.GovStaffRoleDTO;
-import com.epmet.dto.StaffRoleDTO;
+import com.epmet.dto.form.StaffPermCacheFormDTO;
 import com.epmet.dto.form.StaffRoleFormDTO;
 import com.epmet.dto.result.RoleOperationResultDTO;
 import com.epmet.feign.EpmetUserFeignClient;
@@ -26,8 +27,11 @@ public class AccessServiceImpl implements AccessService {
     @Autowired
     private GovAccessFeignClient govAccessFeignClient;
 
+    @Autowired
+    private CpUserDetailRedis cpUserDetailRedis;
+
     @Override
-    public Set<String> listOpeKeysByStaffId(String staffId, String agencyId, String gridId) {
+    public Set<String> listOpeKeysByStaffId(String app, String client, String staffId, String agencyId, String gridId) {
         List<GovStaffRoleDTO> roleDTOS = new ArrayList<>();
         // 查询机关单位权限
         StaffRoleFormDTO formDTO = new StaffRoleFormDTO();
@@ -56,6 +60,14 @@ public class AccessServiceImpl implements AccessService {
                 }
             });
         });
+
+        // 将最新权限缓存到redis，为了尽量统一操作入口，调用gov-access接口实现
+        StaffPermCacheFormDTO staffPermCacheFormDTO = new StaffPermCacheFormDTO();
+        staffPermCacheFormDTO.setApp(app);
+        staffPermCacheFormDTO.setClient(client);
+        staffPermCacheFormDTO.setStaffId(staffId);
+        staffPermCacheFormDTO.setPermissions(opeKeys);
+        govAccessFeignClient.updatePermissionCache(staffPermCacheFormDTO);
         return opeKeys;
     }
 }

epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java

@@ -60,6 +60,7 @@ public class StaffRoleController {
      * @return
      */
     @PostMapping("staffsinrole")
+    //@RequirePermission(key = "org_staff_list")
     public Result<List<StaffRoleDTO>> getStaffsInRole(@RequestBody StaffRoleFormDTO staffRoleFormDTO) {
         ValidatorUtils.validateEntity(staffRoleFormDTO, StaffRoleFormDTO.GetStaffsInRole.class);
         String roleKey = staffRoleFormDTO.getRoleKey();

epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java

@@ -108,6 +108,7 @@ public class StaffRoleServiceImpl extends BaseServiceImpl<StaffRoleDao, StaffRol
      * @return
      */
     @Override
+    //@DataFilter
     public List<StaffRoleDTO> listStaffsInRole(String roleKey, String orgId) {
         return baseDao.listStaffIdsByRoleKeyAndOrgId(roleKey, orgId);
     }