⚡ 登录时用户的数据权限填充

32a1ad61 · Hccake · e3a9995a · 32a1ad61 · 32a1ad61 · 32a1ad61
24 changed file
--- a/pig-common/pig-common-bom/pom.xml
+++ b/pig-common/pig-common-bom/pom.xml
@@ -40,6 +40,11 @@
 				<artifactId>pig-common-core</artifactId>
 				<version>${pig.common.version}</version>
 			</dependency>
+			<dependency>
+				<groupId>com.pig4cloud</groupId>
+				<artifactId>pig-common-datascope</artifactId>
+				<version>${pig.common.version}</version>
+			</dependency>
 			<dependency>
 				<groupId>com.pig4cloud</groupId>
 				<artifactId>pig-common-datasource</artifactId>

--- a/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/constant/enums/DataScopeTypeEnum.java
+++ b/pig-common/pig-common-core/src/main/java/com/pig4cloud/pig/common/core/constant/enums/DataScopeTypeEnum.java
+package com.pig4cloud.pig.common.core.constant.enums;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+/**
+ * 数据权限范围类型
+ * @author hccake
+ */
+@Getter
+@AllArgsConstructor
+public enum DataScopeTypeEnum {
+	/**
+	 * 查询全部数据
+	 */
+	ALL(0),
+	/**
+	 * 本人
+	 */
+	SELF(1),
+	/**
+	 * 本人及子级
+	 */
+	SELF_CHILD_LEVEL(2),
+	/**
+	 * 本级
+	 */
+	LEVEL(3),
+	/**
+	 * 本级及子级
+	 */
+	LEVEL_CHILD_LEVEL(4),
+	/**
+	 * 自定义
+	 */
+	CUSTOM(5);
+	/**
+	 * 类型
+	 */
+	private final Integer type;
+}
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigUserAuthenticationConverter.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/component/PigUserAuthenticationConverter.java
@@ -69,7 +69,8 @@ public class PigUserAuthenticationConverter implements UserAuthenticationConvert
 			String username = (String) map.get(SecurityConstants.DETAILS_USERNAME);
 			Integer id = (Integer) map.get(SecurityConstants.DETAILS_USER_ID);
 			Integer deptId = (Integer) map.get(SecurityConstants.DETAILS_DEPT_ID);
-			PigUser user = new PigUser(id, deptId, username, N_A, true, true, true, true, authorities);
+			// TODO 数据权限获取
+			PigUser user = new PigUser(id, deptId, username, N_A, true, true, true, true, authorities, null);
 			return new UsernamePasswordAuthenticationToken(user, N_A, authorities);
 		}
 		return null;

--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/datascope/DataScopeProcessor.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/datascope/DataScopeProcessor.java
+package com.pig4cloud.pig.common.security.datascope;
+import com.pig4cloud.pig.admin.api.entity.SysRole;
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+import java.util.List;
+/**
+ * @author hccake
+ */
+public interface DataScopeProcessor {
+	/**
+	 * 根据用户和角色信息，合并用户最终的数据权限
+	 * @param user 用户
+	 * @param roles 角色列表
+	 * @return UserDataScope
+	 */
+	UserDataScope mergeScopeType(SysUser user, List<SysRole> roles);
+}
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/datascope/PigDataScopeProcessor.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/datascope/PigDataScopeProcessor.java
+package com.pig4cloud.pig.common.security.datascope;
+import cn.hutool.core.collection.CollectionUtil;
+import cn.hutool.core.util.StrUtil;
+import com.pig4cloud.pig.admin.api.entity.SysRole;
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+import com.pig4cloud.pig.admin.api.feign.RemoteDeptService;
+import com.pig4cloud.pig.admin.api.feign.RemoteUserService;
+import com.pig4cloud.pig.common.core.constant.SecurityConstants;
+import com.pig4cloud.pig.common.core.constant.enums.DataScopeTypeEnum;
+import com.pig4cloud.pig.common.core.util.R;
+import lombok.RequiredArgsConstructor;
+import java.util.*;
+import java.util.stream.Collectors;
+/**
+ * @author hccake
+ */
+@RequiredArgsConstructor
+public class PigDataScopeProcessor implements DataScopeProcessor {
+	private final RemoteDeptService remoteDeptService;
+	private final RemoteUserService remoteUserService;
+	/**
+	 * 合并角色的数据权限类型，排除相同的权限后，大的权限覆盖小的
+	 * @param user 用户
+	 * @param roles 角色列表
+	 * @return List<Integer> 合并后的权限
+	 */
+	@Override
+	public UserDataScope mergeScopeType(SysUser user, List<SysRole> roles) {
+		UserDataScope userDataScope = new UserDataScope();
+		Set<Integer> scopeUserIds = userDataScope.getScopeUserIds();
+		Set<Integer> scopeDeptIds = userDataScope.getScopeDeptIds();
+		// 任何用户都应该可以看到自己的数据
+		Integer userId = user.getUserId();
+		scopeUserIds.add(userId);
+		if (CollectionUtil.isEmpty(roles)) {
+			return userDataScope;
+		}
+		// 根据角色的权限返回进行分组
+		Map<Integer, List<SysRole>> map = roles.stream().collect(Collectors.groupingBy(SysRole::getScopeType));
+		// 如果有全部权限，直接返回
+		if (map.containsKey(DataScopeTypeEnum.ALL.getType())) {
+			userDataScope.setAllScope(true);
+			return userDataScope;
+		}
+		// 如果有本级及子级，删除其包含的几类数据权限
+		boolean hasLevelChildLevel = map.containsKey(DataScopeTypeEnum.LEVEL_CHILD_LEVEL.getType());
+		if (hasLevelChildLevel) {
+			map.remove(DataScopeTypeEnum.SELF.getType());
+			map.remove(DataScopeTypeEnum.SELF_CHILD_LEVEL.getType());
+			map.remove(DataScopeTypeEnum.LEVEL.getType());
+		}
+		// 是否有本人及子级权限
+		boolean hasSelfChildLevel = map.containsKey(DataScopeTypeEnum.SELF_CHILD_LEVEL.getType());
+		// 是否有本级权限
+		boolean hasLevel = map.containsKey(DataScopeTypeEnum.LEVEL.getType());
+		if (hasSelfChildLevel || hasLevel) {
+			// 如果有本人及子级或者本级，都删除本人的数据权限
+			map.remove(DataScopeTypeEnum.SELF.getType());
+			// 如果同时拥有，则等于本级及子级权限
+			if (hasSelfChildLevel && hasLevel) {
+				map.remove(DataScopeTypeEnum.SELF_CHILD_LEVEL.getType());
+				map.remove(DataScopeTypeEnum.LEVEL.getType());
+				map.put(DataScopeTypeEnum.LEVEL_CHILD_LEVEL.getType(), new ArrayList<>());
+			}
+		}
+		// 这时如果仅仅只能看个人的，直接返回
+		if (map.size() == 1 && map.containsKey(DataScopeTypeEnum.SELF.getType())) {
+			userDataScope.setOnlySelf(true);
+			return userDataScope;
+		}
+		// 如果有 本级及子级 或者 本级，都把自己的 deptId 加进去
+		Integer deptId = user.getDeptId();
+		if (hasLevelChildLevel || hasLevel) {
+			scopeDeptIds.add(deptId);
+		}
+		// 如果有 本级及子级 或者 本人及子级，都把下级组织的 deptId 加进去
+		if (hasLevelChildLevel || hasSelfChildLevel) {
+			List<Integer> childDeptIdList = remoteDeptService.listChildDeptId(deptId, SecurityConstants.FROM_IN)
+					.getData();
+			if (CollectionUtil.isNotEmpty(childDeptIdList)) {
+				scopeDeptIds.addAll(childDeptIdList);
+			}
+		}
+		// 自定义部门
+		List<SysRole> sysRoles = map.get(DataScopeTypeEnum.CUSTOM.getType());
+		if (CollectionUtil.isNotEmpty(sysRoles)) {
+			Set<Integer> customDeptIds = sysRoles.stream().map(SysRole::getScopeResources).filter(Objects::nonNull)
+					.flatMap(x -> Arrays.stream(x.split(StrUtil.COMMA))).map(Integer::parseInt)
+					.collect(Collectors.toSet());
+			scopeDeptIds.addAll(customDeptIds);
+		}
+		// 把部门对应的用户id都放入集合中
+		if (CollectionUtil.isNotEmpty(scopeDeptIds)) {
+			R<List<Integer>> r = remoteUserService.listUserIdByDeptIds(scopeDeptIds, SecurityConstants.FROM_IN);
+			List<Integer> userIds = r.getData();
+			if (CollectionUtil.isNotEmpty(userIds)) {
+				scopeUserIds.addAll(userIds);
+			}
+		}
+		return userDataScope;
+	}
+}
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/datascope/UserDataScope.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/datascope/UserDataScope.java
+package com.pig4cloud.pig.common.security.datascope;
+import lombok.Data;
+import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
+/**
+ * @author hccake
+ */
+@Data
+public class UserDataScope implements Serializable {
+	/**
+	 * 是否是全部数据权限
+	 */
+	private boolean allScope = false;
+	/**
+	 * 是否仅能看自己
+	 */
+	private boolean onlySelf = false;
+	/**
+	 * 数据权限范围，用户所能查看的用户id 集合
+	 */
+	private Set<Integer> scopeUserIds = new HashSet<>();
+	/**
+	 * 数据权限范围，用户所能查看的部门id 集合
+	 */
+	private Set<Integer> scopeDeptIds = new HashSet<>();
+}
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUser.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUser.java
@@ -16,6 +16,7 @@
 package com.pig4cloud.pig.common.security.service;
+import com.pig4cloud.pig.common.security.datascope.UserDataScope;
 import lombok.Getter;
 import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
 import org.springframework.security.core.GrantedAuthority;
@@ -33,13 +34,19 @@ public class PigUser extends User {
 	 * 用户ID
 	 */
 	@Getter
-	private Integer id;
+	private final Integer id;
 	/**
 	 * 部门ID
 	 */
 	@Getter
-	private Integer deptId;
+	private final Integer deptId;
+	/**
+	 * 用户数据权限信息
+	 */
+	@Getter
+	private final UserDataScope userDataScope;
 	/**
 	 * Construct the <code>User</code> with the details required by
@@ -62,10 +69,11 @@ public class PigUser extends User {
 	 */
 	public PigUser(Integer id, Integer deptId, String username, String password, boolean enabled,
 			boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked,
-			Collection<? extends GrantedAuthority> authorities) {
+			Collection<? extends GrantedAuthority> authorities, UserDataScope userDataScope) {
 		super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
 		this.id = id;
 		this.deptId = deptId;
+		this.userDataScope = userDataScope;
 	}
 }
--- a/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUserDetailsServiceImpl.java
+++ b/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUserDetailsServiceImpl.java
@@ -25,6 +25,8 @@ import com.pig4cloud.pig.common.core.constant.CacheConstants;
 import com.pig4cloud.pig.common.core.constant.CommonConstants;
 import com.pig4cloud.pig.common.core.constant.SecurityConstants;
 import com.pig4cloud.pig.common.core.util.R;
+import com.pig4cloud.pig.common.security.datascope.DataScopeProcessor;
+import com.pig4cloud.pig.common.security.datascope.UserDataScope;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
@@ -45,7 +47,7 @@ import java.util.Set;
 /**
 * 用户详细信息
 *
- * @author lengleng
+ * @author lengleng hccake
 */
 @Slf4j
 @Service
@@ -56,6 +58,8 @@ public class PigUserDetailsServiceImpl implements UserDetailsService {
 	private final CacheManager cacheManager;
+	private final DataScopeProcessor dataScopeProcessor;
 	/**
 	 * 用户密码登录
 	 * @param username 用户名
@@ -80,7 +84,7 @@ public class PigUserDetailsServiceImpl implements UserDetailsService {
 	/**
 	 * 构建userdetails
 	 * @param result 用户信息
-	 * @return
+	 * @return UserDetails
 	 */
 	private UserDetails getUserDetails(R<UserInfo> result) {
 		if (result == null || result.getData() == null) {
@@ -100,10 +104,14 @@ public class PigUserDetailsServiceImpl implements UserDetailsService {
 				.createAuthorityList(dbAuthsSet.toArray(new String[0]));
 		SysUser user = info.getSysUser();
+		// 数据权限填充
+		UserDataScope userDataScope = dataScopeProcessor.mergeScopeType(user, info.getRoleList());
 		// 构造security用户
 		return new PigUser(user.getUserId(), user.getDeptId(), user.getUsername(),
 				SecurityConstants.BCRYPT + user.getPassword(),
-				StrUtil.equals(user.getLockFlag(), CommonConstants.STATUS_NORMAL), true, true, true, authorities);
+				StrUtil.equals(user.getLockFlag(), CommonConstants.STATUS_NORMAL), true, true, true, authorities,
+				userDataScope);
 	}
 }
--- a/pig-common/pig-common-security/src/main/resources/META-INF/spring.factories
+++ b/pig-common/pig-common-security/src/main/resources/META-INF/spring.factories
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
  com.pig4cloud.pig.common.security.service.PigUserDetailsServiceImpl,\
-  com.pig4cloud.pig.common.security.component.PigSecurityInnerAspect
+  com.pig4cloud.pig.common.security.component.PigSecurityInnerAspect,\
+  com.pig4cloud.pig.common.security.datascope.PigDataScopeProcessor
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/dto/UserInfo.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/dto/UserInfo.java
@@ -16,10 +16,14 @@
 package com.pig4cloud.pig.admin.api.dto;
+import com.pig4cloud.pig.admin.api.entity.SysMenu;
+import com.pig4cloud.pig.admin.api.entity.SysRole;
 import com.pig4cloud.pig.admin.api.entity.SysUser;
 import lombok.Data;
 import java.io.Serializable;
+import java.util.List;
+import java.util.Set;
 /**
 * @author lengleng
@@ -46,4 +50,9 @@ public class UserInfo implements Serializable {
 	 */
 	private Integer[] roles;
+	/**
+	 * 角色集合
+	 */
+	private List<SysRole> roleList;
 }
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/entity/SysRole.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/entity/SysRole.java
@@ -25,6 +25,7 @@ import lombok.Data;
 import lombok.EqualsAndHashCode;
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
 /**
 * <p>
@@ -56,6 +57,13 @@ public class SysRole extends BaseEntity {
 	@ApiModelProperty(value = "角色描述")
 	private String roleDesc;
+	@NotNull(message = "数据范围类型 不能为null")
+	@ApiModelProperty(value = "数据范围类型")
+	private Integer scopeType;
+	@ApiModelProperty(value = "数据范围资源")
+	private String scopeResources;
 	/**
 	 * 删除标识（0-正常,1-删除）
 	 */

--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/RemoteDeptService.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/RemoteDeptService.java
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.pig4cloud.pig.admin.api.feign;
+import com.pig4cloud.pig.admin.api.feign.factory.RemoteUserServiceFallbackFactory;
+import com.pig4cloud.pig.common.core.constant.SecurityConstants;
+import com.pig4cloud.pig.common.core.constant.ServiceNameConstants;
+import com.pig4cloud.pig.common.core.util.R;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestHeader;
+import java.util.List;
+/**
+ * @author hccake
+ */
+@FeignClient(contextId = "remoteDeptService", value = ServiceNameConstants.UMPS_SERVICE,
+		fallbackFactory = RemoteUserServiceFallbackFactory.class)
+public interface RemoteDeptService {
+	/**
+	 * 查收子级id列表
+	 * @return 返回子级id列表
+	 */
+	@GetMapping("/child-id/{deptId}")
+	R<List<Integer>> listChildDeptId(@PathVariable("deptId") Integer deptId,
+			@RequestHeader(SecurityConstants.FROM) String from);
+}
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/RemoteUserService.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/RemoteUserService.java
@@ -25,6 +25,10 @@ import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestParam;
+import java.util.List;
+import java.util.Set;
 /**
 * @author lengleng
@@ -51,4 +55,14 @@ public interface RemoteUserService {
 	@GetMapping("/social/info/{inStr}")
 	R<UserInfo> social(@PathVariable("inStr") String inStr);
+	/**
+	 * 根据部门id，查询对应的用户 id 集合
+	 * @param deptIds 部门id 集合
+	 * @param from 调用标志
+	 * @return 用户 id 集合
+	 */
+	@GetMapping("/user/ids")
+	R<List<Integer>> listUserIdByDeptIds(@RequestParam("deptIds") Set<Integer> deptIds,
+			@RequestHeader(SecurityConstants.FROM) String from);
 }
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/factory/RemoteDeptServiceFallbackFactory.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/factory/RemoteDeptServiceFallbackFactory.java
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.pig4cloud.pig.admin.api.feign.factory;
+import com.pig4cloud.pig.admin.api.feign.RemoteDeptService;
+import com.pig4cloud.pig.admin.api.feign.fallback.RemoteDeptServiceFallbackImpl;
+import org.springframework.cloud.openfeign.FallbackFactory;
+import org.springframework.stereotype.Component;
+/**
+ * @author hccake
+ */
+@Component
+public class RemoteDeptServiceFallbackFactory implements FallbackFactory<RemoteDeptService> {
+	@Override
+	public RemoteDeptService create(Throwable throwable) {
+		RemoteDeptServiceFallbackImpl remoteDeptServiceFallback = new RemoteDeptServiceFallbackImpl();
+		remoteDeptServiceFallback.setCause(throwable);
+		return remoteDeptServiceFallback;
+	}
+}
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/fallback/RemoteDeptServiceFallbackImpl.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/fallback/RemoteDeptServiceFallbackImpl.java
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.pig4cloud.pig.admin.api.feign.fallback;
+import com.pig4cloud.pig.admin.api.dto.UserInfo;
+import com.pig4cloud.pig.admin.api.feign.RemoteDeptService;
+import com.pig4cloud.pig.admin.api.feign.RemoteUserService;
+import com.pig4cloud.pig.common.core.util.R;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import java.util.List;
+/**
+ * @author hccake
+ */
+@Slf4j
+@Component
+public class RemoteDeptServiceFallbackImpl implements RemoteDeptService {
+	@Setter
+	private Throwable cause;
+	@Override
+	public R<List<Integer>> listChildDeptId(Integer deptId, String from) {
+		log.error("[listChildDeptId] feign 查询子级部门id列表失败", cause);
+		return null;
+	}
+}
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/fallback/RemoteUserServiceFallbackImpl.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/feign/fallback/RemoteUserServiceFallbackImpl.java
@@ -23,6 +23,9 @@ import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
+import java.util.List;
+import java.util.Set;
 /**
 * @author lengleng
 * @date 2019/2/1
@@ -57,4 +60,10 @@ public class RemoteUserServiceFallbackImpl implements RemoteUserService {
 		return null;
 	}
+	@Override
+	public R<List<Integer>> listUserIdByDeptIds(Set<Integer> deptIds, String from) {
+		log.error("feign 根据部门ids查询用户Id集合失败:{}", deptIds, cause);
+		return null;
+	}
 }
--- a/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/vo/UserInfoVO.java
+++ b/pig-upms/pig-upms-api/src/main/java/com/pig4cloud/pig/admin/api/vo/UserInfoVO.java
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.pig4cloud.pig.admin.api.vo;
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+import lombok.Data;
+import java.io.Serializable;
+/**
+ * @author lengleng
+ * @date 2019/2/1
+ * <p>
+ * commit('SET_ROLES', data) commit('SET_NAME', data) commit('SET_AVATAR', data)
+ * commit('SET_INTRODUCTION', data) commit('SET_PERMISSIONS', data)
+ */
+@Data
+public class UserInfoVO implements Serializable {
+	/**
+	 * 用户基本信息
+	 */
+	private SysUser sysUser;
+	/**
+	 * 权限标识集合
+	 */
+	private String[] permissions;
+	/**
+	 * 角色集合
+	 */
+	private Integer[] roles;
+}
--- a/pig-upms/pig-upms-biz/pom.xml
+++ b/pig-upms/pig-upms-biz/pom.xml
@@ -55,6 +55,11 @@
 			<groupId>com.pig4cloud</groupId>
 			<artifactId>pig-common-mybatis</artifactId>
 		</dependency>
+		<!--数据权限 模块-->
+		<dependency>
+			<groupId>com.pig4cloud</groupId>
+			<artifactId>pig-common-datascope</artifactId>
+		</dependency>
 		<!--注册中心客户端-->
 		<dependency>
 			<groupId>com.alibaba.cloud</groupId>

--- a/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/DeptController.java
+++ b/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/DeptController.java
@@ -20,6 +20,7 @@ import com.pig4cloud.pig.admin.api.entity.SysDept;
 import com.pig4cloud.pig.admin.service.SysDeptService;
 import com.pig4cloud.pig.common.core.util.R;
 import com.pig4cloud.pig.common.log.annotation.SysLog;
+import com.pig4cloud.pig.common.security.annotation.Inner;
 import io.swagger.annotations.Api;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -27,6 +28,7 @@ import org.springframework.web.bind.annotation.*;
 import javax.validation.Valid;
 import java.time.LocalDateTime;
+import java.util.List;
 /**
 * <p>
@@ -121,4 +123,14 @@ public class DeptController {
 		return R.ok(sysDeptService.getOne(new QueryWrapper<>(condition)));
 	}
+	/**
+	 * 查收子级id列表
+	 * @return 返回子级id列表
+	 */
+	@Inner
+	@GetMapping(value = "/child-id/{deptId}")
+	public R<List<Integer>> listChildDeptId(@PathVariable Integer deptId) {
+		return R.ok(sysDeptService.listChildDeptId(deptId));
+	}
 }
--- a/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/UserController.java
+++ b/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/UserController.java
@@ -20,8 +20,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.pig4cloud.pig.admin.api.dto.UserDTO;
+import com.pig4cloud.pig.admin.api.dto.UserInfo;
 import com.pig4cloud.pig.admin.api.entity.SysUser;
 import com.pig4cloud.pig.admin.api.vo.UserExcelVO;
+import com.pig4cloud.pig.admin.api.vo.UserInfoVO;
 import com.pig4cloud.pig.admin.service.SysUserService;
 import com.pig4cloud.pig.common.core.util.R;
 import com.pig4cloud.pig.common.log.annotation.SysLog;
@@ -33,10 +35,19 @@ import io.swagger.annotations.Api;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 import javax.validation.Valid;
 import java.util.List;
+import java.util.Set;
 /**
 * @author lengleng
@@ -61,7 +72,12 @@ public class UserController {
 		if (user == null) {
 			return R.failed("获取当前用户信息失败");
 		}
-		return R.ok(userService.getUserInfo(user));
+		UserInfo userInfo = userService.getUserInfo(user);
+		UserInfoVO vo = new UserInfoVO();
+		vo.setSysUser(userInfo.getSysUser());
+		vo.setRoles(userInfo.getRoles());
+		vo.setPermissions(userInfo.getPermissions());
+		return R.ok(vo);
 	}
 	/**
@@ -78,6 +94,17 @@ public class UserController {
 		return R.ok(userService.getUserInfo(user));
 	}
+	/**
+	 * 根据部门id，查询对应的用户 id 集合
+	 * @param deptIds 部门id 集合
+	 * @return 用户 id 集合
+	 */
+	@Inner
+	@GetMapping("/ids")
+	public R<List<Integer>> listUserIdByDeptIds(@RequestParam("deptIds") Set<Integer> deptIds) {
+		return R.ok(userService.listUserIdByDeptIds(deptIds));
+	}
 	/**
 	 * 通过ID查询用户信息
 	 * @param id ID

--- a/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/SysDeptService.java
+++ b/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/SysDeptService.java
@@ -65,4 +65,11 @@ public interface SysDeptService extends IService<SysDept> {
 	 */
 	Boolean updateDeptById(SysDept sysDept);
+	/**
+	 * 查找指定部门的子部门id列表
+	 * @param deptId 部门id
+	 * @return List<Integer>
+	 */
+	List<Integer> listChildDeptId(Integer deptId);
 }
--- a/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/SysUserService.java
+++ b/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/SysUserService.java
@@ -28,6 +28,7 @@ import com.pig4cloud.pig.common.core.util.R;
 import org.springframework.validation.BindingResult;
 import java.util.List;
+import java.util.Set;
 /**
 * @author lengleng
@@ -107,4 +108,11 @@ public interface SysUserService extends IService<SysUser> {
 	 */
 	R importUser(List<UserExcelVO> excelVOList, BindingResult bindingResult);
+	/**
+	 * 根据部门 id 列表查询对应的用户 id 集合
+	 * @param deptIds 部门 id 列表
+	 * @return userIdList
+	 */
+	List<Integer> listUserIdByDeptIds(Set<Integer> deptIds);
 }
--- a/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/impl/SysDeptServiceImpl.java
+++ b/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/impl/SysDeptServiceImpl.java
@@ -33,6 +33,7 @@ import org.springframework.beans.BeanUtils;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
@@ -108,6 +109,16 @@ public class SysDeptServiceImpl extends ServiceImpl<SysDeptMapper, SysDept> impl
 		return Boolean.TRUE;
 	}
+	@Override
+	public List<Integer> listChildDeptId(Integer deptId) {
+		List<SysDeptRelation> deptRelations = sysDeptRelationService
+				.list(Wrappers.<SysDeptRelation>lambdaQuery().eq(SysDeptRelation::getAncestor, deptId));
+		if (CollUtil.isNotEmpty(deptRelations)) {
+			return deptRelations.stream().map(SysDeptRelation::getDescendant).collect(Collectors.toList());
+		}
+		return new ArrayList<>();
+	}
 	/**
 	 * 查询全部部门树
 	 * @return 树

--- a/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/impl/SysUserServiceImpl.java
+++ b/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/service/impl/SysUserServiceImpl.java
@@ -25,7 +25,11 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.pig4cloud.pig.admin.api.dto.UserDTO;
 import com.pig4cloud.pig.admin.api.dto.UserInfo;
-import com.pig4cloud.pig.admin.api.entity.*;
+import com.pig4cloud.pig.admin.api.entity.SysDept;
+import com.pig4cloud.pig.admin.api.entity.SysMenu;
+import com.pig4cloud.pig.admin.api.entity.SysRole;
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+import com.pig4cloud.pig.admin.api.entity.SysUserRole;
 import com.pig4cloud.pig.admin.api.vo.UserExcelVO;
 import com.pig4cloud.pig.admin.api.vo.UserVO;
 import com.pig4cloud.pig.admin.mapper.SysDeptMapper;
@@ -107,9 +111,11 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 	public UserInfo getUserInfo(SysUser sysUser) {
 		UserInfo userInfo = new UserInfo();
 		userInfo.setSysUser(sysUser);
+		// 设置角色列表
+		List<SysRole> roleList = sysRoleMapper.listRolesByUserId(sysUser.getUserId());
+		userInfo.setRoleList(roleList);
 		// 设置角色列表 （ID）
-		List<Integer> roleIds = sysRoleMapper.listRolesByUserId(sysUser.getUserId()).stream().map(SysRole::getRoleId)
+		List<Integer> roleIds = roleList.stream().map(SysRole::getRoleId).collect(Collectors.toList());
-				.collect(Collectors.toList());
 		userInfo.setRoles(ArrayUtil.toArray(roleIds, Integer.class));
 		// 设置权限列表（menu.permission）
 		Set<String> permissions = sysMenuService.findMenuByRoleId(CollUtil.join(roleIds, StrUtil.COMMA)).stream()
@@ -117,6 +123,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 				.filter(m -> StrUtil.isNotBlank(m.getPermission())).map(SysMenu::getPermission)
 				.collect(Collectors.toSet());
 		userInfo.setPermissions(ArrayUtil.toArray(permissions, String.class));
 		return userInfo;
 	}
@@ -295,6 +302,13 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		return R.ok();
 	}
+	@Override
+	public List<Integer> listUserIdByDeptIds(Set<Integer> deptIds) {
+		return this.listObjs(
+				Wrappers.lambdaQuery(SysUser.class).select(SysUser::getUserId).in(SysUser::getDeptId, deptIds),
+				Integer.class::cast);
+	}
 	/**
 	 * 插入excel User
 	 */