角色管理：新增web课程菜单路由权限

字典：加入web菜单路由配置
web调取橘色权限、获取用户信息：配置web菜单路由权限数据

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/controller/admin/permission/PermissionController.java

@@ -107,6 +107,16 @@ public class PermissionController {
         return success(true);
     }
 
+    @PostMapping("/assign-role-web-menu-scope")
+    @Operation(summary = "赋予角色web菜单权限")
+    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-web-menu-scope')")//后续改成web菜单单独权限，目前没办法测试并更改租户默认管理员的权限
+    public CommonResult<Boolean> assignRoleWebMenuScope(@Valid @RequestBody PermissionAssignRoleWebMenuScopeReqVO reqVO) {
+        permissionService.assignRoleWebMenuScope(reqVO);
+        // 更新角色缓存
+//        roleService.getRoleFromCache(reqVO.getRoleId());
+        return success(true);
+    }
+
     @Operation(summary = "获得管理员拥有的角色编号列表")
     @Parameter(name = "userId", description = "用户编号", required = true)
     @GetMapping("/list-user-roles")

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/controller/admin/permission/vo/permission/PermissionAssignRoleWebMenuScopeReqVO.java

@@ -0,0 +1,25 @@
+package cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotNull;
+import lombok.Data;
+
+import java.util.Collections;
+import java.util.Set;
+
+@Schema(description = "管理后台 - 赋予角色web权限 Request VO")
+@Data
+public class PermissionAssignRoleWebMenuScopeReqVO {
+
+    @Schema(description = "角色编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "1")
+    @NotNull(message = "角色编号不能为空")
+    private Long roleId;
+
+    @Schema(description = "web路由列表，只有范围类型为 WEB_ROUTE_MENU_CUSTOM 时，该字段才需要", example = "1,3,5")
+    private Set<String> dataScopeWebRoute = Collections.emptySet();
+
+
+    @Schema(description = "web菜单路由列表，只有范围类型为 WEB_MENU_ROUTE_CUSTOM 时，该字段才需要", example = "1,3,5")
+    private Set<String> dataScopeWebMenuRoute = Collections.emptySet(); // 兜底
+
+}

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/controller/admin/permission/vo/role/RoleRespVO.java

@@ -3,8 +3,11 @@ package cn.iocoder.byzs.module.system.controller.admin.permission.vo.role;
 import cn.iocoder.byzs.framework.excel.core.annotations.DictFormat;
 import cn.iocoder.byzs.framework.excel.core.convert.DictConvert;
 import cn.iocoder.byzs.module.system.enums.DictTypeConstants;
+import cn.iocoder.byzs.module.system.enums.permission.DataScopeEnum;
 import com.alibaba.excel.annotation.ExcelIgnoreUnannotated;
 import com.alibaba.excel.annotation.ExcelProperty;
+import com.baomidou.mybatisplus.annotation.TableField;
+import com.baomidou.mybatisplus.extension.handlers.JacksonTypeHandler;
 import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.NotBlank;
 import lombok.Data;
@@ -57,6 +60,9 @@ public class RoleRespVO {
     @Schema(description = "平台范围(web平台数组)", example = "1")
     private Set<String> dataScopeWebRoute;
 
+    @Schema(description = "平台范围(web菜单路由数组)", example = "1")
+    private Set<String> dataScopeWebCourseMenuRoute;
+
 
     @Schema(description = "课程范围(指定课程数组)", example = "1")
     private Set<Long> dataScopeCourseIds;

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/dal/dataobject/permission/RoleDO.java

@@ -105,5 +105,13 @@ public class RoleDO extends TenantBaseDO {
     @TableField(typeHandler = JacksonTypeHandler.class)
     private Set<String> dataScopeWebRoute;
 
+    /**
+     * 数据范围(指定课程菜单路由数组)
+     *
+     * 适用于 {@link #dataScope} 的值为 {@link DataScopeEnum#WEB_COURSE_MENU_ROUTE_CUSTOM} 时
+     */
+    @TableField(typeHandler = JacksonTypeHandler.class)
+    private Set<String> dataScopeWebCourseMenuRoute;
+
 
 }

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/service/permission/PermissionService.java

@@ -1,6 +1,7 @@
 package cn.iocoder.byzs.module.system.service.permission;
 
 import cn.iocoder.byzs.framework.common.biz.system.permission.dto.DeptDataPermissionRespDTO;
+import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebMenuScopeReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebScopeReqVO;
 
 import java.util.Collection;
@@ -167,6 +168,13 @@ public interface PermissionService {
      */
     void assignRoleWebScope(PermissionAssignRoleWebScopeReqVO reqVO);
 
+    /**
+     * 设置角色的web菜单权限
+     *
+     * @param reqVO 角色web菜单权限请求VO
+     */
+    void assignRoleWebMenuScope(PermissionAssignRoleWebMenuScopeReqVO reqVO);
+
     /**
      * 获得登陆用户的部门数据权限
      *

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/service/permission/PermissionServiceImpl.java

@@ -8,6 +8,7 @@ import cn.iocoder.byzs.framework.common.enums.CommonStatusEnum;
 import cn.iocoder.byzs.framework.common.util.collection.CollectionUtils;
 import cn.iocoder.byzs.framework.datapermission.core.annotation.DataPermission;
 import cn.iocoder.byzs.framework.common.biz.system.permission.dto.DeptDataPermissionRespDTO;
+import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebMenuScopeReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebScopeReqVO;
 import cn.iocoder.byzs.module.system.dal.dataobject.permission.MenuDO;
 import cn.iocoder.byzs.module.system.dal.dataobject.permission.RoleDO;
@@ -293,6 +294,11 @@ public class PermissionServiceImpl implements PermissionService {
         roleService.updateRoleWebScope(reqVO);
     }
 
+    @Override
+    public void assignRoleWebMenuScope(PermissionAssignRoleWebMenuScopeReqVO reqVO) {
+        roleService.updateRoleWebMenuScope(reqVO);
+    }
+
     @Override
     @DataPermission(enable = false) // 关闭数据权限，不然就会出现递归获取数据权限的问题
     public DeptDataPermissionRespDTO getDeptDataPermission(Long userId) {

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/service/permission/RoleService.java

@@ -1,6 +1,7 @@
 package cn.iocoder.byzs.module.system.service.permission;
 
 import cn.iocoder.byzs.framework.common.pojo.PageResult;
+import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebMenuScopeReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebScopeReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.role.RolePageReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
@@ -79,6 +80,13 @@ public interface RoleService {
      */
     void updateRoleWebScope(PermissionAssignRoleWebScopeReqVO reqVO);
 
+    /**
+     * 设置角色的web菜单权限
+     *
+     * @param reqVO 角色web菜单权限请求VO
+     */
+    void updateRoleWebMenuScope(PermissionAssignRoleWebMenuScopeReqVO reqVO);
+
     /**
      * 获得角色
      *

byzs-module-system/src/main/java/cn/iocoder/byzs/module/system/service/permission/RoleServiceImpl.java

@@ -9,6 +9,7 @@ import cn.iocoder.byzs.framework.common.enums.CommonStatusEnum;
 import cn.iocoder.byzs.framework.common.pojo.PageResult;
 import cn.iocoder.byzs.framework.common.util.collection.CollectionUtils;
 import cn.iocoder.byzs.framework.common.util.object.BeanUtils;
+import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebMenuScopeReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleWebScopeReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.role.RolePageReqVO;
 import cn.iocoder.byzs.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
@@ -165,6 +166,19 @@ public class RoleServiceImpl implements RoleService {
         roleMapper.updateById(updateObject);
     }
 
+    @Override
+    public void updateRoleWebMenuScope(PermissionAssignRoleWebMenuScopeReqVO reqVO) {
+        // 校验是否可以更新
+        validateRoleForUpdate(reqVO.getRoleId());
+
+        // 更新web菜单权限
+        RoleDO updateObject = new RoleDO();
+        updateObject.setId(reqVO.getRoleId());
+        updateObject.setDataScopeWebRoute(reqVO.getDataScopeWebRoute());
+        updateObject.setDataScopeWebCourseMenuRoute(reqVO.getDataScopeWebMenuRoute());
+        roleMapper.updateById(updateObject);
+    }
+
     @Override
     @Transactional(rollbackFor = Exception.class)
     @CacheEvict(value = RedisKeyConstants.ROLE, key = "#id")

byzs-server/src/main/resources/application-prodDev.yaml

@@ -48,17 +48,24 @@ spring:
       primary: master
       datasource:
         master:
-          url: jdbc:mysql://59.110.91.129:3306/byzs-bjdx?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&useLegacyDatetimeCode=false
-          username: bjdx
-          password: 'u#&uwyW+K(66HG8'
+#          url: jdbc:mysql://59.110.91.129:3306/byzs-bjdx?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&useLegacyDatetimeCode=false
+#          username: bjdx
+#          password: 'u#&uwyW+K(66HG8'
+          url: jdbc:mysql://8.140.223.94/byzs-ai-course?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&useLegacyDatetimeCode=false
+          username: byzs-ai-course
+          password: 'byzs-ai-course'
 
   # Redis 配置。Redisson 默认的配置足够使用，一般不需要进行调优
   data:
     redis:
-      host: 127.0.0.1 # 地址
+#      host: 127.0.0.1 # 地址
+#      port: 6379 # 端口
+#      database: 0 # 数据库索引
+#      password: root # 密码，建议生产环境开启
+      host: 8.140.223.94 # 地址
       port: 6379 # 端口
-      database: 0 # 数据库索引
-      password: root # 密码，建议生产环境开启
+      database: 2 # 数据库索引
+      password: BYZS-redis@2026. # 密码，建议生产环境开启
 
 --- #################### 定时任务相关配置 ####################
 

byzs-server/src/main/resources/application.yaml

@@ -4,9 +4,9 @@ spring:
 
   profiles:
 #        active: local
-    active: localProd
+#    active: localProd
 #      active: prodDev
-#      active: prod
+      active: prod
 
   main:
     allow-circular-references: true # 允许循环依赖，因为项目是三层架构，无法避免这个情况。

byzs-web/src/main/java/cn/iocoder/byzs/module/web/controller/admin/login/WebLoginController.java

@@ -23,6 +23,7 @@ import cn.iocoder.byzs.module.system.service.tenant.TenantService;
 import cn.iocoder.byzs.module.system.service.user.AdminUserService;
 import cn.iocoder.byzs.module.web.controller.admin.login.vo.WebLoginVO;
 import cn.iocoder.byzs.module.web.controller.admin.login.vo.WebRegisterVO;
+import cn.iocoder.byzs.module.web.controller.admin.login.vo.WebRoleRouteVO;
 import cn.iocoder.byzs.module.web.service.login.WebLoginServiceImpl;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
@@ -117,9 +118,9 @@ public class WebLoginController {
 
     @GetMapping("/getRoleRoute")
     @Operation(summary = "根据用户ID，取角色路由")
-    public CommonResult<Set<String>> getRoleRoute() {
-        Set<String> roleRouteSet = webLoginServiceImpl.getRoleRoute(WebFrameworkUtils.getLoginUserId());
-        return success(roleRouteSet);
+    public CommonResult<WebRoleRouteVO> getRoleRoute() {
+        WebRoleRouteVO roleRouteVO = webLoginServiceImpl.getRoleRoute(WebFrameworkUtils.getLoginUserId());
+        return success(roleRouteVO);
     }
 
     // 填充租户

byzs-web/src/main/java/cn/iocoder/byzs/module/web/controller/admin/login/vo/WebLoginVO.java

@@ -6,7 +6,7 @@ import lombok.Data;
 import java.time.LocalDateTime;
 import java.util.Set;
 
-@Schema(description = "管理强泰 - 账号密码登录 Request VO")
+@Schema(description = "管理 - 账号密码登录 Request VO")
 @Data
 public class WebLoginVO {
 

byzs-web/src/main/java/cn/iocoder/byzs/module/web/controller/admin/login/vo/WebRoleRouteVO.java

@@ -0,0 +1,18 @@
+package cn.iocoder.byzs.module.web.controller.admin.login.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import java.time.LocalDateTime;
+import java.util.List;
+import java.util.Set;
+
+@Schema(description = "通识课菜单路由权限 Request VO")
+@Data
+public class WebRoleRouteVO {
+
+    private Set<String> routeList;
+
+    private Set<String> courseRouteMenuList;
+
+}

byzs-web/src/main/java/cn/iocoder/byzs/module/web/controller/admin/user/vo/WebUserVO.java

@@ -62,6 +62,10 @@ public class WebUserVO {
      * 角色路由
      */
     private Set<String> roleRouteSet;
+    /**
+     * web课程路由
+     */
+    private Set<String> roleRouteCourseMenuList;
 
     //课程权限过期时间
     @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")

byzs-web/src/main/java/cn/iocoder/byzs/module/web/service/login/WebLoginServiceImpl.java

@@ -19,6 +19,7 @@ import cn.iocoder.byzs.module.system.service.permission.RoleService;
 import cn.iocoder.byzs.module.system.service.user.AdminUserServiceImpl;
 import cn.iocoder.byzs.module.system.service.userwebexpiretime.UserWebExpireTimeService;
 import cn.iocoder.byzs.module.web.controller.admin.login.vo.WebRegisterVO;
+import cn.iocoder.byzs.module.web.controller.admin.login.vo.WebRoleRouteVO;
 import jakarta.annotation.Resource;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -127,17 +128,22 @@ public class WebLoginServiceImpl {
         return userId;
     }
 
-    public Set<String> getRoleRoute(Long userId) {
+    public WebRoleRouteVO getRoleRoute(Long userId) {
+        WebRoleRouteVO webRoleRouteVO = new WebRoleRouteVO();
         Set<Long> roleIds = permissionService.getUserRoleIdListByUserId(userId);
         List<RoleDO> roles = roleService.getRoleList(roleIds);
         roles.removeIf(role -> !CommonStatusEnum.ENABLE.getStatus().equals(role.getStatus())); // 移除禁用的角色
 
         // 填充角色路由
         Set<String> roleRouteSet = new HashSet<>();
+        Set<String> roleRouteMenuSet = new HashSet<>();
         for (RoleDO role : roles) {
             if(role.getDataScopeWebRoute() != null && !role.getDataScopeWebRoute().isEmpty()){
                 roleRouteSet.addAll(role.getDataScopeWebRoute());
             }
+            if(role.getDataScopeWebCourseMenuRoute() != null && !role.getDataScopeWebCourseMenuRoute().isEmpty()){
+                roleRouteMenuSet.addAll(role.getDataScopeWebCourseMenuRoute());
+            }
         }
         // 如果roleRoutes为空，则从字典中获取默认路由
         if (roleRouteSet.isEmpty()) {
@@ -148,24 +154,36 @@ public class WebLoginServiceImpl {
 
         // 获得用户激活的邀请码
         List<InviteCodeDO> inviteCodes = inviteCodeService.getInviteCodeByUserId(userId);
-        if (inviteCodes.isEmpty()) {
-            return roleRouteSet;
+        if (!inviteCodes.isEmpty()) {
+            //当前用户web过期时间
+            UserWebExpireTimeDO userWebExpireTime = userWebExpireTimeService.getUserWebExpireTime(userId);
+            if (userWebExpireTime != null) {
+                LocalDateTime now = LocalDateTime.now();
+                if(userWebExpireTime.getCourseExpireTime() == null || userWebExpireTime.getCourseExpireTime().isBefore(now)){
+                    roleRouteSet.remove("course");
+                }
+                if(userWebExpireTime.getBlocklyExpireTime() == null || userWebExpireTime.getBlocklyExpireTime().isBefore(now)){
+                    roleRouteSet.remove("blockly");
+                }
+                if(userWebExpireTime.getAiCourseExpireTime() == null || userWebExpireTime.getAiCourseExpireTime().isBefore(now)){
+                    roleRouteSet.remove("aiCourse");
+                }
+            }
         }
 
-        //当前用户web过期时间
-        UserWebExpireTimeDO userWebExpireTime = userWebExpireTimeService.getUserWebExpireTime(userId);
-        if (userWebExpireTime != null) {
-            LocalDateTime now = LocalDateTime.now();
-            if(userWebExpireTime.getCourseExpireTime() == null || userWebExpireTime.getCourseExpireTime().isBefore(now)){
-                roleRouteSet.remove("course");
-            }
-            if(userWebExpireTime.getBlocklyExpireTime() == null || userWebExpireTime.getBlocklyExpireTime().isBefore(now)){
-                roleRouteSet.remove("blockly");
-            }
-            if(userWebExpireTime.getAiCourseExpireTime() == null || userWebExpireTime.getAiCourseExpireTime().isBefore(now)){
-                roleRouteSet.remove("aiCourse");
+        //封装路由配置
+        webRoleRouteVO.setRouteList(roleRouteSet);
+        //存在课程就填充通识课路由权限
+        if (roleRouteSet.stream().anyMatch(s -> s.equals("course"))) {
+            if (!roleRouteMenuSet.isEmpty()){
+                webRoleRouteVO.setCourseRouteMenuList(roleRouteMenuSet);
+            }else{
+                List<DictDataDO> webRoleRoute = dictDataService.getDictDataListByDictType("web_course_menu_route");
+                Set<String> roleRoute = webRoleRoute.stream().map(DictDataDO::getValue).collect(Collectors.toSet());
+                webRoleRouteVO.setCourseRouteMenuList(roleRoute);
             }
         }
-        return roleRouteSet;
+
+        return webRoleRouteVO;
     }
-}
+}

byzs-web/src/main/java/cn/iocoder/byzs/module/web/service/role/WebAuthRoleServiceImpl.java

@@ -105,4 +105,28 @@ public class WebAuthRoleServiceImpl {
         }
         return allDataScopeAiCourseIds;
     }
+
+
+    /**
+     * 取通识课菜单路由权限
+     * @return
+     */
+    public Set<String> getCourseMenuRouteAuthRoleVO() {
+
+        // 获得角色列表
+        List<RoleDO> roles = getUserRoleList();
+
+        // 将所有角色的dataScopeCourseMenuRoute拼接成一个Set集合
+        Set<String> allDataScopeCourseMenuRoutes = new HashSet<>();
+        for (RoleDO role : roles) {
+            // 填充菜单路由权限
+            Set<String> dataScopeCourseMenuRoute = role.getDataScopeWebCourseMenuRoute();
+            if (dataScopeCourseMenuRoute != null && !dataScopeCourseMenuRoute.isEmpty()) {
+                allDataScopeCourseMenuRoutes.addAll(dataScopeCourseMenuRoute);
+            }else{
+                return new HashSet<>();
+            }
+        }
+        return allDataScopeCourseMenuRoutes;
+    }
 }

byzs-web/src/main/java/cn/iocoder/byzs/module/web/service/user/WebUserInfoServiceImpl.java

@@ -19,6 +19,7 @@ import cn.iocoder.byzs.module.system.service.permission.PermissionService;
 import cn.iocoder.byzs.module.system.service.permission.RoleService;
 import cn.iocoder.byzs.module.system.service.user.AdminUserServiceImpl;
 import cn.iocoder.byzs.module.system.service.userwebexpiretime.UserWebExpireTimeService;
+import cn.iocoder.byzs.module.web.controller.admin.login.vo.WebRoleRouteVO;
 import cn.iocoder.byzs.module.web.controller.admin.user.vo.WebUserVO;
 import cn.iocoder.byzs.module.web.service.login.WebLoginServiceImpl;
 import jakarta.annotation.Resource;
@@ -159,8 +160,9 @@ public class WebUserInfoServiceImpl {
         WebUserVO webUserVO = BeanUtils.toBean(user, WebUserVO.class);
 
         //平台角色路由
-        Set<String> roleRouteSet = webLoginServiceImpl.getRoleRoute(userId);
-        webUserVO.setRoleRouteSet(roleRouteSet);
+        WebRoleRouteVO roleRouteVO = webLoginServiceImpl.getRoleRoute(userId);
+        webUserVO.setRoleRouteSet(roleRouteVO.getRouteList());
+        webUserVO.setRoleRouteCourseMenuList(roleRouteVO.getCourseRouteMenuList());
 
         //是否是注册用户
         List<InviteCodeDO> inviteCodes = inviteCodeService.getInviteCodeByUserId(userId);