diff --git a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java index 1bb39d4f..34ed1f65 100644 --- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java +++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java @@ -132,6 +132,13 @@ public class LoginHelper { return Convert.toStr(getExtra(DEPT_CATEGORY_KEY)); } + /** + * 获取客户端 ID + */ + public static String getClientId() { + return Convert.toStr(getExtra(CLIENT_KEY)); + } + /** * 获取当前 Token 的扩展信息 * diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/constant/ClientMenuConstants.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/constant/ClientMenuConstants.java new file mode 100644 index 00000000..b1280551 --- /dev/null +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/constant/ClientMenuConstants.java @@ -0,0 +1,31 @@ +package org.dromara.system.constant; + +import java.util.List; + +/** + * 客户端菜单限制配置 + */ +public final class ClientMenuConstants { + + private ClientMenuConstants() { + } + + /** + * 受限客户端 ID:仅展示指定菜单 + */ + public static final String RESTRICTED_CLIENT_ID = "20362542f27e164a8e70e1c1744f17dd"; + + /** + * 受限客户端允许展示的顶级菜单名称(含其全部子菜单) + */ + public static final List RESTRICTED_ALLOWED_ROOT_MENU_NAMES = List.of( + "我的任务", + "销售报价管理", + "销售合同管理", + "项目管理" + ); + + public static boolean isRestrictedClient(String clientId) { + return RESTRICTED_CLIENT_ID.equals(clientId); + } +} diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysMenuController.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysMenuController.java index 638b5aa1..7ccf1ebc 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysMenuController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysMenuController.java @@ -46,6 +46,7 @@ public class SysMenuController extends BaseController { @GetMapping("/getRouters") public R> getRouters() { List menus = menuService.selectMenuTreeByUserId(LoginHelper.getUserId()); + menus = menuService.filterMenusByClient(menus, LoginHelper.getClientId()); return R.ok(menuService.buildMenus(menus)); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysMenuService.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysMenuService.java index f972691b..e86c40ab 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysMenuService.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/ISysMenuService.java @@ -160,4 +160,22 @@ public interface ISysMenuService { * @return 结果 */ boolean checkMenuNameUnique(SysMenuBo menu); + + /** + * 按客户端限制过滤菜单树(仅保留允许的顶级菜单及其子菜单) + * + * @param menus 菜单树 + * @param clientId 客户端 ID + * @return 过滤后的菜单树 + */ + List filterMenusByClient(List menus, String clientId); + + /** + * 按客户端限制过滤用户菜单权限 + * + * @param userId 用户 ID + * @param clientId 客户端 ID + * @return 权限标识集合 + */ + Set selectMenuPermsByUserIdForClient(Long userId, String clientId); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysMenuServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysMenuServiceImpl.java index 6d4ab42a..43b14a0d 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysMenuServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysMenuServiceImpl.java @@ -13,6 +13,7 @@ import org.dromara.common.core.utils.StreamUtils; import org.dromara.common.core.utils.StringUtils; import org.dromara.common.core.utils.TreeBuildUtils; import org.dromara.common.satoken.utils.LoginHelper; +import org.dromara.system.constant.ClientMenuConstants; import org.dromara.system.domain.SysMenu; import org.dromara.system.domain.SysRole; import org.dromara.system.domain.SysRoleMenu; @@ -385,4 +386,72 @@ public class SysMenuServiceImpl implements ISysMenuService { } } + /** + * 按客户端限制过滤菜单树 + */ + @Override + public List filterMenusByClient(List menus, String clientId) { + if (!ClientMenuConstants.isRestrictedClient(clientId) || CollUtil.isEmpty(menus)) { + return menus; + } + return menus.stream() + .filter(menu -> ClientMenuConstants.RESTRICTED_ALLOWED_ROOT_MENU_NAMES.contains(menu.getMenuName())) + .toList(); + } + + /** + * 按客户端限制过滤用户菜单权限 + */ + @Override + public Set selectMenuPermsByUserIdForClient(Long userId, String clientId) { + if (!ClientMenuConstants.isRestrictedClient(clientId)) { + return selectMenuPermsByUserId(userId); + } + Set allowedMenuIds = getRestrictedClientAllowedMenuIds(); + if (CollUtil.isEmpty(allowedMenuIds)) { + return Collections.emptySet(); + } + List list = baseMapper.selectObjs( + new LambdaQueryWrapper() + .select(SysMenu::getPerms) + .inSql(SysMenu::getMenuId, baseMapper.buildMenuByUserSql(userId)) + .in(SysMenu::getMenuId, allowedMenuIds) + .isNotNull(SysMenu::getPerms) + ); + return new HashSet<>(StreamUtils.filter(list, StringUtils::isNotBlank)); + } + + /** + * 获取受限客户端允许访问的全部菜单 ID(含子菜单) + */ + private Set getRestrictedClientAllowedMenuIds() { + List rootMenus = baseMapper.selectList( + new LambdaQueryWrapper() + .eq(SysMenu::getParentId, Constants.TOP_PARENT_ID) + .in(SysMenu::getMenuName, ClientMenuConstants.RESTRICTED_ALLOWED_ROOT_MENU_NAMES) + ); + if (CollUtil.isEmpty(rootMenus)) { + return Collections.emptySet(); + } + List allMenus = baseMapper.selectList( + new LambdaQueryWrapper() + .eq(SysMenu::getStatus, SystemConstants.NORMAL) + ); + Set allowedMenuIds = new HashSet<>(); + for (SysMenu rootMenu : rootMenus) { + allowedMenuIds.add(rootMenu.getMenuId()); + collectDescendantMenuIds(allMenus, rootMenu.getMenuId(), allowedMenuIds); + } + return allowedMenuIds; + } + + private void collectDescendantMenuIds(List allMenus, Long parentId, Set allowedMenuIds) { + for (SysMenu menu : allMenus) { + if (parentId.equals(menu.getParentId())) { + allowedMenuIds.add(menu.getMenuId()); + collectDescendantMenuIds(allMenus, menu.getMenuId(), allowedMenuIds); + } + } + } + } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysPermissionServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysPermissionServiceImpl.java index 7ccae4bf..afc67039 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysPermissionServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysPermissionServiceImpl.java @@ -54,7 +54,7 @@ public class SysPermissionServiceImpl implements ISysPermissionService { if (LoginHelper.isSuperAdmin(userId)) { perms.add("*:*:*"); } else { - perms.addAll(menuService.selectMenuPermsByUserId(userId)); + perms.addAll(menuService.selectMenuPermsByUserIdForClient(userId, LoginHelper.getClientId())); } return perms; }