1.1.67 客户端菜单限制配置、按客户端限制过滤用户菜单权限。

3 weeks ago · 13202d8ff4
parent f16a1f2707
commit 13202d8ff4
6 changed files with 127 additions and 1 deletions
--- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
+++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
@ -132,6 +132,13 @@ public class LoginHelper {
        return Convert.toStr(getExtra(DEPT_CATEGORY_KEY));
    }

+    /**
+     * 获取客户端 ID
+     */
+    public static String getClientId() {
+        return Convert.toStr(getExtra(CLIENT_KEY));
+    }
+
    /**
     * 获取当前 Token 的扩展信息
     *
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/constant/ClientMenuConstants.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/constant/ClientMenuConstants.java
@ -0,0 +1,31 @@
+package org.dromara.system.constant;
+
+import java.util.List;
+
+/**
+ * 客户端菜单限制配置
+ */
+public final class ClientMenuConstants {
+
+    private ClientMenuConstants() {
+    }
+
+    /**
+     * 受限客户端 ID：仅展示指定菜单
+     */
+    public static final String RESTRICTED_CLIENT_ID = "20362542f27e164a8e70e1c1744f17dd";
+
+    /**
+     * 受限客户端允许展示的顶级菜单名称（含其全部子菜单）
+     */
+    public static final List<String> RESTRICTED_ALLOWED_ROOT_MENU_NAMES = List.of(
+        "我的任务",
+        "销售报价管理",
+        "销售合同管理",
+        "项目管理"
+    );
+
+    public static boolean isRestrictedClient(String clientId) {
+        return RESTRICTED_CLIENT_ID.equals(clientId);
+    }
+}
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysMenuController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysMenuController.java
@ -46,6 +46,7 @@ public class SysMenuController extends BaseController {
    @GetMapping("/getRouters")
    public R<List<RouterVo>> getRouters() {
        List<SysMenu> menus = menuService.selectMenuTreeByUserId(LoginHelper.getUserId());
+        menus = menuService.filterMenusByClient(menus, LoginHelper.getClientId());
        return R.ok(menuService.buildMenus(menus));
    }

--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysMenuService.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysMenuService.java
@ -160,4 +160,22 @@ public interface ISysMenuService {
     * @return 结果
     */
    boolean checkMenuNameUnique(SysMenuBo menu);
+
+    /**
+     * 按客户端限制过滤菜单树（仅保留允许的顶级菜单及其子菜单）
+     *
+     * @param menus    菜单树
+     * @param clientId 客户端 ID
+     * @return 过滤后的菜单树
+     */
+    List<SysMenu> filterMenusByClient(List<SysMenu> menus, String clientId);
+
+    /**
+     * 按客户端限制过滤用户菜单权限
+     *
+     * @param userId   用户 ID
+     * @param clientId 客户端 ID
+     * @return 权限标识集合
+     */
+    Set<String> selectMenuPermsByUserIdForClient(Long userId, String clientId);
 }
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysMenuServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysMenuServiceImpl.java
@ -13,6 +13,7 @@ import org.dromara.common.core.utils.StreamUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.core.utils.TreeBuildUtils;
 import org.dromara.common.satoken.utils.LoginHelper;
+import org.dromara.system.constant.ClientMenuConstants;
 import org.dromara.system.domain.SysMenu;
 import org.dromara.system.domain.SysRole;
 import org.dromara.system.domain.SysRoleMenu;
@ -385,4 +386,72 @@ public class SysMenuServiceImpl implements ISysMenuService {
        }
    }

+    /**
+     * 按客户端限制过滤菜单树
+     */
+    @Override
+    public List<SysMenu> filterMenusByClient(List<SysMenu> menus, String clientId) {
+        if (!ClientMenuConstants.isRestrictedClient(clientId) || CollUtil.isEmpty(menus)) {
+            return menus;
+        }
+        return menus.stream()
+            .filter(menu -> ClientMenuConstants.RESTRICTED_ALLOWED_ROOT_MENU_NAMES.contains(menu.getMenuName()))
+            .toList();
+    }
+
+    /**
+     * 按客户端限制过滤用户菜单权限
+     */
+    @Override
+    public Set<String> selectMenuPermsByUserIdForClient(Long userId, String clientId) {
+        if (!ClientMenuConstants.isRestrictedClient(clientId)) {
+            return selectMenuPermsByUserId(userId);
+        }
+        Set<Long> allowedMenuIds = getRestrictedClientAllowedMenuIds();
+        if (CollUtil.isEmpty(allowedMenuIds)) {
+            return Collections.emptySet();
+        }
+        List<String> list = baseMapper.selectObjs(
+            new LambdaQueryWrapper<SysMenu>()
+                .select(SysMenu::getPerms)
+                .inSql(SysMenu::getMenuId, baseMapper.buildMenuByUserSql(userId))
+                .in(SysMenu::getMenuId, allowedMenuIds)
+                .isNotNull(SysMenu::getPerms)
+        );
+        return new HashSet<>(StreamUtils.filter(list, StringUtils::isNotBlank));
+    }
+
+    /**
+     * 获取受限客户端允许访问的全部菜单 ID（含子菜单）
+     */
+    private Set<Long> getRestrictedClientAllowedMenuIds() {
+        List<SysMenu> rootMenus = baseMapper.selectList(
+            new LambdaQueryWrapper<SysMenu>()
+                .eq(SysMenu::getParentId, Constants.TOP_PARENT_ID)
+                .in(SysMenu::getMenuName, ClientMenuConstants.RESTRICTED_ALLOWED_ROOT_MENU_NAMES)
+        );
+        if (CollUtil.isEmpty(rootMenus)) {
+            return Collections.emptySet();
+        }
+        List<SysMenu> allMenus = baseMapper.selectList(
+            new LambdaQueryWrapper<SysMenu>()
+                .eq(SysMenu::getStatus, SystemConstants.NORMAL)
+        );
+        Set<Long> allowedMenuIds = new HashSet<>();
+        for (SysMenu rootMenu : rootMenus) {
+            allowedMenuIds.add(rootMenu.getMenuId());
+            collectDescendantMenuIds(allMenus, rootMenu.getMenuId(), allowedMenuIds);
+        }
+        return allowedMenuIds;
+    }
+
+    private void collectDescendantMenuIds(List<SysMenu> allMenus, Long parentId, Set<Long> allowedMenuIds) {
+        for (SysMenu menu : allMenus) {
+            if (parentId.equals(menu.getParentId())) {
+                allowedMenuIds.add(menu.getMenuId());
+                collectDescendantMenuIds(allMenus, menu.getMenuId(), allowedMenuIds);
+            }
+        }
+    }
+
 }
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysPermissionServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysPermissionServiceImpl.java
@ -54,7 +54,7 @@ public class SysPermissionServiceImpl implements ISysPermissionService {
        if (LoginHelper.isSuperAdmin(userId)) {
            perms.add("*:*:*");
        } else {
-            perms.addAll(menuService.selectMenuPermsByUserId(userId));
+            perms.addAll(menuService.selectMenuPermsByUserIdForClient(userId, LoginHelper.getClientId()));
        }
        return perms;
    }