From 95a488be120b742a21d1bf3884ae111bd6d8d5da Mon Sep 17 00:00:00 2001
From: wangys <3401275564@qq.com>
Date: Fri, 12 Dec 2025 11:46:55 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E5=A2=9E=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../.bin/mysql/sql/initMenuData.sql           |  1 +
 .../xyzh/system/mapper/DeptRoleMapper.java    |  3 ++-
 .../impl/SysDepartmentServiceImpl.java        |  4 ++-
 .../main/resources/mapper/DeptRoleMapper.xml  | 27 +++++++++++++++++++
 4 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/schoolNewsServ/.bin/mysql/sql/initMenuData.sql b/schoolNewsServ/.bin/mysql/sql/initMenuData.sql
index 3815655..e885532 100644
--- a/schoolNewsServ/.bin/mysql/sql/initMenuData.sql
+++ b/schoolNewsServ/.bin/mysql/sql/initMenuData.sql
@@ -240,6 +240,7 @@ INSERT INTO `tb_sys_role_permission` (id, role_id, permission_id, creator, creat
 ('118', 'admin', 'perm_view_message_detail', '1', now()),
 
 -- 超级管理员权限中普通管理员也需要的部分
+('139', 'admin', 'perm_admin_overview', '1', now()),
 ('119', 'admin', 'perm_admin_user_manage', '1', now()),
 ('120', 'admin', 'perm_admin_dept_manage', '1', now()),
 ('121', 'admin', 'perm_admin_role_manage', '1', now()),
diff --git a/schoolNewsServ/system/src/main/java/org/xyzh/system/mapper/DeptRoleMapper.java b/schoolNewsServ/system/src/main/java/org/xyzh/system/mapper/DeptRoleMapper.java
index 801adca..9b6428f 100644
--- a/schoolNewsServ/system/src/main/java/org/xyzh/system/mapper/DeptRoleMapper.java
+++ b/schoolNewsServ/system/src/main/java/org/xyzh/system/mapper/DeptRoleMapper.java
@@ -23,11 +23,12 @@ public interface DeptRoleMapper extends BaseMapper<TbSysDeptRole> {
 
     /**
      * @description 查询部门绑定角色列表（包含名称）
+     * @param userDeptRoles 用户部门角色列表（用于权限过滤）
      * @return List<UserDeptRoleVO> 部门角色列表
      * @author yslg
      * @since 2025-10-06
      */
-    List<UserDeptRoleVO> selectDeptRoleList();
+    List<UserDeptRoleVO> selectDeptRoleList(@Param("userDeptRoles") List<UserDeptRoleVO> userDeptRoles);
 
     /**
      * @description 批量绑定部门角色
diff --git a/schoolNewsServ/system/src/main/java/org/xyzh/system/service/department/service/impl/SysDepartmentServiceImpl.java b/schoolNewsServ/system/src/main/java/org/xyzh/system/service/department/service/impl/SysDepartmentServiceImpl.java
index eee73bd..07a64c9 100644
--- a/schoolNewsServ/system/src/main/java/org/xyzh/system/service/department/service/impl/SysDepartmentServiceImpl.java
+++ b/schoolNewsServ/system/src/main/java/org/xyzh/system/service/department/service/impl/SysDepartmentServiceImpl.java
@@ -97,7 +97,9 @@ public class SysDepartmentServiceImpl implements SysDepartmentService {
         ResultDomain<UserDeptRoleVO> resultDomain = new ResultDomain<>();
         try {
             logger.info("开始查询部门角色关联列表");
-            List<UserDeptRoleVO> deptRoles = deptRoleMapper.selectDeptRoleList();
+            // 获取当前用户的部门角色，用于权限过滤
+            List<UserDeptRoleVO> userDeptRoles = LoginUtil.getCurrentDeptRole();
+            List<UserDeptRoleVO> deptRoles = deptRoleMapper.selectDeptRoleList(userDeptRoles);
             logger.info("查询部门角色关联列表完成，共找到{}条记录", deptRoles.size());
             resultDomain.success("查询成功", deptRoles);
             return resultDomain;
diff --git a/schoolNewsServ/system/src/main/resources/mapper/DeptRoleMapper.xml b/schoolNewsServ/system/src/main/resources/mapper/DeptRoleMapper.xml
index ad739a6..3c40ef0 100644
--- a/schoolNewsServ/system/src/main/resources/mapper/DeptRoleMapper.xml
+++ b/schoolNewsServ/system/src/main/resources/mapper/DeptRoleMapper.xml
@@ -79,6 +79,33 @@
     FROM tb_sys_dept_role dr
     LEFT JOIN tb_sys_dept d ON dr.dept_id = d.dept_id AND d.deleted = 0
     LEFT JOIN tb_sys_role r ON dr.role_id = r.role_id AND r.deleted = 0
+    INNER JOIN tb_resource_permission rp ON d.dept_id = rp.resource_id 
+        AND rp.resource_type = 4 
+        AND rp.deleted = 0
+        AND rp.can_read = 1
+        AND (
+            -- 全局权限：所有用户可访问
+            (rp.dept_id IS NULL AND rp.role_id IS NULL)
+            <if test="userDeptRoles != null and userDeptRoles.size() > 0">
+                OR EXISTS (
+                    SELECT 1 
+                    FROM (
+                        <foreach collection="userDeptRoles" item="udr" separator=" UNION ALL ">
+                            SELECT #{udr.deptID} AS dept_id, #{udr.deptPath} AS dept_path, #{udr.roleID} AS role_id
+                        </foreach>
+                    ) user_roles
+                    LEFT JOIN tb_sys_dept perm_dept ON perm_dept.dept_id = rp.dept_id AND perm_dept.deleted = 0
+                    WHERE 
+                       -- 部门级权限：当前部门或父部门（通过dept_path判断继承关系）
+                       (rp.role_id IS NULL AND rp.dept_id IS NOT NULL 
+                           AND user_roles.dept_path LIKE CONCAT(perm_dept.dept_path, '%'))
+                       -- 角色级权限：跨部门的角色权限
+                       OR (rp.dept_id IS NULL AND rp.role_id = user_roles.role_id)
+                       -- 精确权限：特定部门的特定角色
+                       OR (rp.dept_id = user_roles.dept_id AND rp.role_id = user_roles.role_id)
+                )
+            </if>
+        )
     WHERE dr.deleted = 0
     ORDER BY dr.dept_id, dr.role_id, dr.create_time DESC
   </select>