feat:(REQ-2699) 修改用户没角色时，不返回权限

tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java

@@ -941,12 +941,12 @@ public class PrivateController {
 
 
 
-        if (!Sets.difference(notAuthFeatureIds, productFeatureIds).isEmpty()) {
+        if (!Sets.intersection(notAuthFeatureIds, productFeatureIds).isEmpty()) {
             return FeatureCodeCheckResult.builder()
                     .authPermission(true)
                     .reasons(Lists.newArrayList("权限点是免授权"))
                     .build();
-        } else if (!Sets.difference(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) {
+        } else if (!Sets.intersection(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) {
             return FeatureCodeCheckResult.builder()
                     .authPermission(true)
                     .reasons(Lists.newArrayList("权限点的子节点是免授权"))
@@ -988,6 +988,14 @@ public class PrivateController {
                                 .build();
                     }
 
+                    if (CollectionUtils.isEmpty(roles)) {
+                        return FeatureCodeCheckResult.builder()
+                                .featureCode(featureCode)
+                                .authPermission(false)
+                                .reasons(Lists.newArrayList("用户在项目里没有任何角色"))
+                                .build();
+                    }
+
                     FeatureCodeCheckResult adminRoleCheckResult = resolveAdminRole(adminRoles, permissions);
 
                     FeatureCodeCheckResult normalRoleCheckResult = resolveNormalRole(normalRoles, permissions, rolePermissions, featureCode);
@@ -999,7 +1007,7 @@ public class PrivateController {
                             || BooleanUtils.isTrue(notAuthCheckResult.getAuthPermission());
 
                     List<String> adminRoleReasons = adminRoleCheckResult.getReasons();
-                    List<String> normalRoleReasons = adminRoleCheckResult.getReasons();
+                    List<String> normalRoleReasons = normalRoleCheckResult.getReasons();
                     List<String> notAuthReasons = notAuthCheckResult.getReasons();
 
                     adminRoleReasons.addAll(normalRoleReasons);

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java

@@ -188,11 +188,6 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
         //这里暂时硬编码-非OMS端鉴权请求 直接转老接口处理
         if (!StrUtil.equals("NT_OMS_WEB" ,req.getTerminal())
                 && !Objects.equals(TerminalInfo.NT_PC_GA_GENERAL, req.getTerminal())) {
-            if (USE_OLD_AUTH) {
-                log.info("user old auth");
-                return hasPermissionV2(req);
-            }
-            log.info("user new auth");
 
             // 为了兼容用户没有在企业中，但是需要看到企业类型的菜单，在调用相关接口时，忽略这些菜单的鉴权
             if (CollectionUtils.isNotEmpty(notAuthUniCodes)) {
@@ -202,6 +197,12 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
                 }
             }
 
+            if (USE_OLD_AUTH) {
+                log.info("user old auth");
+                return hasPermissionV2(req);
+            }
+            log.info("user new auth");
+
             List<CompletableFuture<Boolean>> authFutures = Lists.newArrayList();
             authFutures.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> saasAuthService.authPermission(req)), executor));
             authFutures.add(CompletableFuture.supplyAsync(TraceSupplier.create(() -> saasAuthService.authNewPermission(req)), executor));