权限中台

common/src/main/java/com/pica/cloud/permission/permission/common/constants/ResourceTypeEnum.java

+package com.pica.cloud.permission.permission.common.constants;
+
+/**
+ * @author andong
+ * @create 2019/9/6
+ */
+@SuppressWarnings("unused")
+public enum ResourceTypeEnum {
+
+    //1系统 2页面 3菜单 4按钮 5接口 6文件
+
+    SYSTEM(1, "系统"), PAGE(2, "页面"), MENU(3, "菜单"),
+    BUTTON(4, "按钮"), API(5, "接口"), FILE(6, "文件");
+
+    private int code;
+    private String desc;
+
+    ResourceTypeEnum(int code, String desc) {
+        this.code = code;
+        this.desc = desc;
+    }
+
+    public int code() {
+        return this.code;
+    }
+
+    public String desc() {
+        return this.desc;
+    }
+
+}

server/src/main/java/com/pica/cloud/permission/permission/server/constants/Constants.java

@@ -12,9 +12,9 @@ public class Constants {
     public static final int DELETE_FLAG_INVALID = 2;
 
     //缓存KEY
-    public static final String KEY_DOCTOR_ROLE = "perm_doctor_role_";
-    public static final String KEY_ROLE_URL = "perm_role_url_";
-    public static final String KEY_ROLE_DATA = "perm_role_data_";
+    public static final String KEY_DOCTOR_ROLE = "perm_doctor_role_";  //医生-角色
+    public static final String KEY_ROLE_URL = "perm_role_url_";  //角色-资源
+    public static final String KEY_ROLE_DATA = "perm_role_data_";  //角色-资源-数据权限
 
     //数据分割符
     public static final String DATA_SPLIT = ";;;";

server/src/main/java/com/pica/cloud/permission/permission/server/mapper/RoleResourceMapper.java

@@ -9,6 +9,8 @@ import java.util.List;
 @Mapper
 public interface RoleResourceMapper {
 
+    RoleResource selectByPrimaryKey(int id);
+
     int insertSelective(RoleResource roleResource);
 
     List<RoleResourceDto> getByRoleId(int roleId);
@@ -19,4 +21,10 @@ public interface RoleResourceMapper {
 
     int checkResourceUsed(int resourceId);
 
+    int checkDataPrivilegeUsed(int dataPrivilegeId);
+
+    List<RoleResourceDto> getByResourceId(int resourceId);
+
+    List<RoleResourceDto> getList(@Param("productType") int productType, @Param("type") int type);
+
 }
\ No newline at end of file

server/src/main/java/com/pica/cloud/permission/permission/server/service/PermissionCacheService.java

 package com.pica.cloud.permission.permission.server.service;
 
+import com.pica.cloud.permission.permission.server.entity.DataPrivilege;
+import com.pica.cloud.permission.permission.server.entity.Resource;
+import com.pica.cloud.permission.permission.server.entity.RoleResource;
+import com.pica.cloud.permission.permission.server.entity.UserRole;
+
 /**
  * @author andong
  * @create 2019/9/5
  */
 public interface PermissionCacheService {
+
+    //添加角色-资源
+    void addRoleResource(RoleResource roleResource);
+
+    //删除角色-资源
+    void deleteRoleResource(RoleResource roleResource);
+
+    //删除角色下所有资源
+    void deleteAllRoleResource(int roleId);
+
+    //添加用户-角色
+    void addUserRole(UserRole userRole);
+
+    //删除用户-角色
+    void deleteUserRole(UserRole userRole);
+
+    //修改资源
+    void updateResource(Resource oldRes, Resource newRes);
+
+    //修改数据资源
+    void updateDataPrivilege(DataPrivilege oldDataPrivilege, DataPrivilege newDataPrivilege);
+
+    //初始化角色-资源（云鹊医产品系）
+    void initAllRoleResource();
+
+    //初始化用户-角色（云鹊医用户）
+    void initUserRole(int userId);
 }

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/DataPrivilegeServiceImpl.java

 package com.pica.cloud.permission.permission.server.service.impl;
 
+import com.pica.cloud.foundation.entity.PicaException;
+import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.permission.permission.server.constants.Constants;
 import com.pica.cloud.permission.permission.server.entity.DataPrivilege;
 import com.pica.cloud.permission.permission.server.mapper.DataPrivilegeMapper;
+import com.pica.cloud.permission.permission.server.mapper.RoleResourceMapper;
 import com.pica.cloud.permission.permission.server.service.DataPrivilegeService;
+import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -17,8 +21,12 @@ import java.util.List;
 @Service
 public class DataPrivilegeServiceImpl implements DataPrivilegeService {
 
+    @Autowired
+    private PermissionCacheService permissionCacheService;
     @Autowired
     private DataPrivilegeMapper dataPrivilegeMapper;
+    @Autowired
+    private RoleResourceMapper roleResourceMapper;
 
     @Override
     @Transactional
@@ -42,13 +50,20 @@ public class DataPrivilegeServiceImpl implements DataPrivilegeService {
     @Override
     @Transactional
     public void updateDataPrivilege(DataPrivilege dataPrivilege) {
+        DataPrivilege origin = dataPrivilegeMapper.selectByPrimaryKey(dataPrivilege.getId());
+        dataPrivilege.setResourceId(null);  //不支持修改资源ID
         dataPrivilege.setModifiedTime(new Date());
         dataPrivilegeMapper.updateByPrimaryKeySelective(dataPrivilege);
+        permissionCacheService.updateDataPrivilege(origin, dataPrivilege);  //更新缓存信息
     }
 
     @Override
     @Transactional
     public void deleteDataPrivilege(int id, int modifiedId) {
+        Integer pk = roleResourceMapper.checkDataPrivilegeUsed(id);
+        if (pk != null) {
+            throw new PicaException(PicaResultCode.DATA_EXCEPTION.code(), "数据权限已被使用，无法删除");
+        }
         DataPrivilege dataPrivilege = new DataPrivilege();
         dataPrivilege.setId(id);
         dataPrivilege.setDeleteFlag(Constants.DELETE_FLAG_INVALID);

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionCacheServiceImpl.java

 package com.pica.cloud.permission.permission.server.service.impl;
 
+import com.pica.cloud.foundation.redis.ICacheClient;
+import com.pica.cloud.permission.permission.common.constants.ProductTypeEnum;
+import com.pica.cloud.permission.permission.common.constants.ResourceTypeEnum;
+import com.pica.cloud.permission.permission.common.dto.RoleResourceDto;
+import com.pica.cloud.permission.permission.common.dto.UserRoleDto;
+import com.pica.cloud.permission.permission.server.constants.Constants;
+import com.pica.cloud.permission.permission.server.entity.*;
+import com.pica.cloud.permission.permission.server.mapper.*;
 import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import java.util.List;
 
 /**
  * @author andong
  * @create 2019/9/5
  */
+@Service
 public class PermissionCacheServiceImpl implements PermissionCacheService {
 
+    private Logger logger = LoggerFactory.getLogger(PermissionCacheServiceImpl.class);
+    @Autowired
+    private ICacheClient cacheClient;
+    @Autowired
+    private RoleMapper roleMapper;
+    @Autowired
+    private ResourceMapper resourceMapper;
+    @Autowired
+    private DataPrivilegeMapper dataPrivilegeMapper;
+    @Autowired
+    private RoleResourceMapper roleResourceMapper;
+    @Autowired
+    private UserRoleMapper userRoleMapper;
 
+    //添加角色-资源
+    public void addRoleResource(RoleResource roleResource) {
+        Role role = roleMapper.selectByPrimaryKey(roleResource.getRoleId());
+        //目前仅将云鹊医角色资源信息放入缓存
+        if (role.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
+            return;
+        }
+        Resource resource = resourceMapper.selectByPrimaryKey(roleResource.getResourceId());
+        DataPrivilege dataPrivilege = roleResource.getDataPrivilegeId() == null ? null : dataPrivilegeMapper.selectByPrimaryKey(roleResource.getDataPrivilegeId());
+        String url = resource.getUrl();
+        String config = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfig();
+        String configExt = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfigExt();
+        String dataValue = url + Constants.DATA_SPLIT + config + Constants.DATA_SPLIT + configExt;
+        try {
+            cacheClient.sadd(Constants.KEY_ROLE_URL + role.getCode(), url);
+            cacheClient.sadd(Constants.KEY_ROLE_DATA + role.getCode(), dataValue);
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //删除角色-资源
+    public void deleteRoleResource(RoleResource roleResource) {
+        Role role = roleMapper.selectByPrimaryKey(roleResource.getRoleId());
+        //目前仅更新云鹊医角色资源信息
+        if (role.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
+            return;
+        }
+        Resource resource = resourceMapper.selectByPrimaryKey(roleResource.getResourceId());
+        DataPrivilege dataPrivilege = roleResource.getDataPrivilegeId() == null ? null : dataPrivilegeMapper.selectByPrimaryKey(roleResource.getDataPrivilegeId());
+        String url = resource.getUrl();
+        String config = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfig();
+        String configExt = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfigExt();
+        String dataValue = url + Constants.DATA_SPLIT + config + Constants.DATA_SPLIT + configExt;
+        try {
+            cacheClient.srem(Constants.KEY_ROLE_URL + role.getCode(), url);
+            cacheClient.srem(Constants.KEY_ROLE_DATA + role.getCode(), dataValue);
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //删除角色下所有资源
+    public void deleteAllRoleResource(int roleId) {
+        Role role = roleMapper.selectByPrimaryKey(roleId);
+        //目前仅更新云鹊医角色资源信息
+        if (role.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
+            return;
+        }
+        try {
+            cacheClient.del(Constants.KEY_ROLE_URL + role.getCode());
+            cacheClient.del(Constants.KEY_ROLE_DATA + role.getCode());
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //添加用户-角色
+    public void addUserRole(UserRole userRole) {
+        //目前仅缓存云鹊医用户角色信息
+        if (userRole.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
+            return;
+        }
+        Role role = roleMapper.selectByPrimaryKey(userRole.getRoleId());
+        try {
+            cacheClient.sadd(Constants.KEY_DOCTOR_ROLE + userRole.getUserId(), role.getCode());
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //删除用户-角色
+    public void deleteUserRole(UserRole userRole) {
+        //目前仅缓存云鹊医用户角色信息
+        if (userRole.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
+            return;
+        }
+        Role role = roleMapper.selectByPrimaryKey(userRole.getRoleId());
+        try {
+            cacheClient.srem(Constants.KEY_DOCTOR_ROLE + userRole.getUserId(), role.getCode());
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //修改资源
+    public void updateResource(Resource oldRes, Resource newRes) {
+        //目前仅处理云鹊医API资源信息
+        if (oldRes.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()
+                || oldRes.getType().intValue() != ResourceTypeEnum.API.code()) {
+            return;
+        }
+        if (StringUtils.isBlank(newRes.getUrl())) {  //未修改url
+            return;
+        }
+        List<RoleResourceDto> list = roleResourceMapper.getByResourceId(oldRes.getId());
+        String oldUrl = oldRes.getUrl();
+        String newUrl = newRes.getUrl();
+        try {
+            for (RoleResourceDto dto : list) {
+                cacheClient.srem(Constants.KEY_ROLE_URL + dto.getRoleCode(), oldUrl);
+                cacheClient.sadd(Constants.KEY_ROLE_URL + dto.getRoleCode(), newUrl);
+            }
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //修改数据资源
+    public void updateDataPrivilege(DataPrivilege oldDataPrivilege, DataPrivilege newDataPrivilege) {
+        int dataPrivilegeId = oldDataPrivilege.getId().intValue();
+        int resourceId = oldDataPrivilege.getResourceId().intValue();
+        Resource resource = resourceMapper.selectByPrimaryKey(resourceId);
+        //目前仅处理云鹊医API数据权限信息
+        if (resource.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()
+                || resource.getType().intValue() != ResourceTypeEnum.API.code()) {
+            return;
+        }
+        //未修改配置信息
+        if (StringUtils.isBlank(newDataPrivilege.getConfig()) && StringUtils.isBlank(newDataPrivilege.getConfigExt())) {
+            return;
+        }
+        String url = resource.getUrl();
+        String oldConfig = oldDataPrivilege.getConfig();
+        String oldConfigExt = oldDataPrivilege.getConfigExt();
+        String oldDataValue = url + Constants.DATA_SPLIT + oldConfig + Constants.DATA_SPLIT + oldConfigExt;
+        String newConfig = StringUtils.isBlank(newDataPrivilege.getConfig()) ? oldConfig : newDataPrivilege.getConfig();
+        String newConfigExt = StringUtils.isBlank(newDataPrivilege.getConfigExt()) ? oldConfigExt : newDataPrivilege.getConfigExt();
+        String newDataValue = url + Constants.DATA_SPLIT + newConfig + Constants.DATA_SPLIT + newConfigExt;
+
+        List<RoleResourceDto> list = roleResourceMapper.getByResourceId(resourceId);
+        try {
+            for (RoleResourceDto dto : list) {
+                if (dto.getDataPrivilegeId().intValue() == dataPrivilegeId) {
+                    cacheClient.srem(Constants.KEY_ROLE_DATA + dto.getRoleCode(), oldDataValue);
+                    cacheClient.sadd(Constants.KEY_ROLE_DATA + dto.getRoleCode(), newDataValue);
+                }
+            }
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //初始化角色-资源（云鹊医产品系）
+    public void initAllRoleResource() {
+        List<RoleResourceDto> list = roleResourceMapper.getList(ProductTypeEnum.DOCTOR.code(), ResourceTypeEnum.API.code());
+        try {
+            for (RoleResourceDto dto : list) {
+                String roleCode = dto.getRoleCode();
+                String url = dto.getUrl();
+                String config = dto.getConfig() == null ? StringUtils.EMPTY : dto.getConfig();
+                String configExt = dto.getConfigExt() == null ? StringUtils.EMPTY : dto.getConfigExt();
+                String dataValue = url + Constants.DATA_SPLIT + config + Constants.DATA_SPLIT + configExt;
+                cacheClient.sadd(Constants.KEY_ROLE_URL + roleCode, url);
+                cacheClient.sadd(Constants.KEY_ROLE_DATA + roleCode, dataValue);
+            }
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
+
+    //初始化用户-角色（云鹊医用户）
+    public void initUserRole(int userId) {
+        List<UserRoleDto> list = userRoleMapper.getByUserId(userId, ProductTypeEnum.DOCTOR.code());
+        String key = Constants.KEY_DOCTOR_ROLE + userId;
+        try {
+            for (UserRoleDto dto : list) {
+                cacheClient.sadd(key, dto.getRoleCode());
+            }
+        } catch (Exception ex) {
+            logger.error(ex.getMessage(), ex);
+        }
+    }
 
 }

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/ResourceServiceImpl.java

@@ -6,6 +6,7 @@ import com.pica.cloud.permission.permission.server.constants.Constants;
 import com.pica.cloud.permission.permission.server.entity.Resource;
 import com.pica.cloud.permission.permission.server.mapper.ResourceMapper;
 import com.pica.cloud.permission.permission.server.mapper.RoleResourceMapper;
+import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
 import com.pica.cloud.permission.permission.server.service.ResourceService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -20,6 +21,8 @@ import java.util.List;
 @Service
 public class ResourceServiceImpl implements ResourceService {
 
+    @Autowired
+    private PermissionCacheService permissionCacheService;
     @Autowired
     private ResourceMapper resourceMapper;
     @Autowired
@@ -42,8 +45,12 @@ public class ResourceServiceImpl implements ResourceService {
     @Override
     @Transactional
     public void updateResource(Resource resource) {
+        Resource origin = resourceMapper.selectByPrimaryKey(resource.getId());
+        resource.setProductType(null);  //不支持修改产品线类型
+        resource.setType(null);  //不支持修改资源类型
         resource.setModifiedTime(new Date());
         resourceMapper.updateByPrimaryKeySelective(resource);
+        permissionCacheService.updateResource(origin, resource);  //更新缓存信息
     }
 
     @Override

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleResourceServiceImpl.java

 package com.pica.cloud.permission.permission.server.service.impl;
 
+import com.pica.cloud.foundation.entity.PicaException;
+import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.permission.permission.common.dto.RoleResourceDto;
 import com.pica.cloud.permission.permission.server.constants.Constants;
+import com.pica.cloud.permission.permission.server.entity.DataPrivilege;
+import com.pica.cloud.permission.permission.server.entity.Resource;
+import com.pica.cloud.permission.permission.server.entity.Role;
 import com.pica.cloud.permission.permission.server.entity.RoleResource;
+import com.pica.cloud.permission.permission.server.mapper.DataPrivilegeMapper;
+import com.pica.cloud.permission.permission.server.mapper.ResourceMapper;
+import com.pica.cloud.permission.permission.server.mapper.RoleMapper;
 import com.pica.cloud.permission.permission.server.mapper.RoleResourceMapper;
+import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
 import com.pica.cloud.permission.permission.server.service.RoleResourceService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -18,16 +27,46 @@ import java.util.List;
 @Service
 public class RoleResourceServiceImpl implements RoleResourceService {
 
+    @Autowired
+    private PermissionCacheService permissionCacheService;
     @Autowired
     private RoleResourceMapper roleResourceMapper;
+    @Autowired
+    private RoleMapper roleMapper;
+    @Autowired
+    private ResourceMapper resourceMapper;
+    @Autowired
+    private DataPrivilegeMapper dataPrivilegeMapper;
 
     @Override
     @Transactional
     public void addRoleResource(RoleResource roleResource) {
+        Role role = roleMapper.selectByPrimaryKey(roleResource.getRoleId());
+        if (role == null) {
+            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "角色ID不存在");
+        }
+        Resource resource = resourceMapper.selectByPrimaryKey(roleResource.getResourceId());
+        if (resource == null) {
+            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "资源ID不存在");
+        }
+        if (roleResource.getDataPrivilegeId() != null) {
+            DataPrivilege dataPrivilege = dataPrivilegeMapper.selectByPrimaryKey(roleResource.getDataPrivilegeId());
+            if (dataPrivilege == null) {
+                throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "数据权限ID不存在");
+            }
+            if (dataPrivilege.getResourceId().intValue() != roleResource.getResourceId().intValue()) {
+                throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "数据权限与资源不匹配");
+            }
+        }
+        if (role.getProductType().intValue() != resource.getProductType().intValue()) {
+            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "角色与资源产品线不匹配");
+        }
+
         roleResource.setModifiedId(roleResource.getCreatedId());
         roleResource.setCreatedTime(new Date());
         roleResource.setModifiedTime(roleResource.getCreatedTime());
         roleResourceMapper.insertSelective(roleResource);
+        permissionCacheService.addRoleResource(roleResource);  //更新缓存信息
     }
 
     @Override
@@ -38,17 +77,20 @@ public class RoleResourceServiceImpl implements RoleResourceService {
     @Override
     @Transactional
     public void deleteRoleResource(int id, int modifiedId) {
+        RoleResource origin = roleResourceMapper.selectByPrimaryKey(id);
         RoleResource roleResource = new RoleResource();
         roleResource.setId(id);
         roleResource.setDeleteFlag(Constants.DELETE_FLAG_INVALID);
         roleResource.setModifiedId(modifiedId);
         roleResource.setModifiedTime(new Date());
         roleResourceMapper.updateByPrimaryKeySelective(roleResource);
+        permissionCacheService.deleteRoleResource(origin);  //更新缓存信息
     }
 
     @Override
     @Transactional
     public void deleteAll(int roleId, int modifiedId) {
         roleResourceMapper.deleteAll(roleId, modifiedId);
+        permissionCacheService.deleteAllRoleResource(roleId);  //更新缓存信息
     }
 }

server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/UserRoleServiceImpl.java

@@ -13,7 +13,6 @@ import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
-
 import java.util.Date;
 import java.util.List;
 
@@ -32,15 +31,22 @@ public class UserRoleServiceImpl implements UserRoleService {
     @Override
     @Transactional
     public void addUserRole(UserRoleDto userRoleDto) {
+        Role role;
+        if (userRoleDto.getRoleId() != null) {
+            role = roleMapper.selectByPrimaryKey(userRoleDto.getRoleId());
+        } else {
+            role = roleMapper.getByCode(userRoleDto.getRoleCode());
+        }
+        if (role == null) {
+            throw new PicaException(PicaResultCode.RESULE_DATA_NONE.code(), "角色不存在");
+        }
+        if (role.getProductType().intValue() != userRoleDto.getProductType().intValue()) {
+            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "用户与角色产品线不匹配");
+        }
+
         UserRole userRole = new UserRole();
         BeanUtils.copyProperties(userRoleDto, userRole);
-        if (userRoleDto.getRoleId() == null) {
-            Role role = roleMapper.getByCode(userRoleDto.getRoleCode());
-            if (role == null) {
-                throw new PicaException(PicaResultCode.RESULE_DATA_NONE.code(), "角色编码不存在");
-            }
-            userRole.setRoleId(role.getId());
-        }
+        userRole.setRoleId(role.getId());
         userRole.setModifiedId(userRole.getCreatedId());
         userRole.setCreatedTime(new Date());
         userRole.setModifiedTime(userRole.getCreatedTime());

server/src/main/java/com/pica/cloud/permission/permission/server/validation/ResourceValidation.java

@@ -2,6 +2,7 @@ package com.pica.cloud.permission.permission.server.validation;
 
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResultCode;
+import com.pica.cloud.permission.permission.common.constants.ResourceTypeEnum;
 import com.pica.cloud.permission.permission.server.entity.Resource;
 import org.apache.commons.lang.StringUtils;
 
@@ -31,6 +32,9 @@ public class ResourceValidation {
         if (resource.getCreatedId() == null) {
             throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "操作人ID为空");
         }
+        if (resource.getType().intValue() == ResourceTypeEnum.API.code() && StringUtils.isBlank(resource.getUrl())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "API资源url不能为空");
+        }
     }
 
     //修改资源校验
@@ -41,8 +45,7 @@ public class ResourceValidation {
         if (resource.getModifiedId() == null) {
             throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "操作人ID为空");
         }
-        if (resource.getProductType() == null && resource.getCategory() == null
-                && resource.getType() == null && StringUtils.isBlank(resource.getCode())
+        if (resource.getCategory() == null && StringUtils.isBlank(resource.getCode())
                 && StringUtils.isBlank(resource.getName()) && StringUtils.isBlank(resource.getUrl())
                 && resource.getLevel() == null && resource.getParentId() == null) {
             throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "缺少必要参数");

server/src/main/resources/mybatis/RoleResourceMapper.xml

@@ -19,6 +19,13 @@
     modified_id, modified_time
   </sql>
 
+  <select id="selectByPrimaryKey" parameterType="java.lang.Integer" resultMap="BaseResultMap">
+    select
+    <include refid="Base_Column_List" />
+    from perm_role_resource
+    where id = #{id,jdbcType=INTEGER} and delete_flag = 1
+  </select>
+
   <select id="getByRoleId" resultType="com.pica.cloud.permission.permission.common.dto.RoleResourceDto" parameterType="java.lang.Integer">
     select rr.role_id as roleId, r.code as roleCode, r.name as roleName,
       re.id as resourceId, re.code as resourceCode, re.name as resourceName, re.url,
@@ -129,4 +136,28 @@
     limit 1
   </select>
 
+  <select id="checkDataPrivilegeUsed" resultType="java.lang.Integer" parameterType="java.lang.Integer">
+    select id
+    from perm_role_resource
+    where data_privilege_id = #{dataPrivilegeId} and delete_flag = 1
+    limit 1
+  </select>
+
+  <select id="getByResourceId" resultType="com.pica.cloud.permission.permission.common.dto.RoleResourceDto" parameterType="java.lang.Integer">
+    select r.id as roleId, r.code as roleCode, rr.data_privilege_id as dataPrivilegeId
+    from perm_role_resource rr join perm_role r on rr.role_id = r.id and r.delete_flag = 1
+    where rr.resource_id = #{resourceId} and rr.delete_flag = 1
+  </select>
+
+  <select id="getList" resultType="com.pica.cloud.permission.permission.common.dto.RoleResourceDto">
+    select rr.role_id as roleId, r.code as roleCode, r.name as roleName,
+      re.id as resourceId, re.code as resourceCode, re.name as resourceName, re.url,
+      dp.id as dataPrivilegeId, dp.description, dp.config, dp.config_ext as configExt
+    from perm_role_resource rr
+      join perm_role r on rr.role_id = r.id and r.delete_flag = 1
+      join perm_resource re on rr.resource_id = re.id and re.delete_flag = 1
+      left join perm_data_privilege dp on rr.data_privilege_id = dp.id and dp.delete_flag = 1
+    where rr.delete_flag = 1 and re.product_type = #{productType} and re.type = #{type}
+  </select>
+
 </mapper>
\ No newline at end of file