feat:(REQ-3282) 收口查询人员权限接口

2024-12-16 15:57:32 +08:00 · 2024-12-16 15:57:32 +08:00 · 0e33a0a1dc
commit 0e33a0a1dc
parent 4930176eb2
30 changed files with 1096 additions and 121 deletions
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java
@ -69,4 +69,10 @@ public class ListSaasRoleGroupParam {
     */
    @CriteriaField(ignore = true)
    private Set<RoleTypeEnum> roleTypes;
+
+    /**
+     * 查找指定角色分组code层级及以下所有层级角色的用户
+     */
+    @CriteriaField(ignore = true)
+    private String ancestorRoleGroupCode;
 }
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasRoleGroupParam.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasRoleGroupParam.java
@ -2,12 +2,16 @@ package cn.axzo.tyr.client.model.req;

 import cn.axzo.foundation.dao.support.wrapper.CriteriaField;
 import cn.axzo.foundation.page.IPageReq;
+import cn.axzo.foundation.page.PageResp;
+import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import lombok.experimental.SuperBuilder;

+import java.util.Collections;
 import java.util.List;
+import java.util.Optional;


@SuperBuilder
@ -28,4 +32,14 @@ public class PageSaasRoleGroupParam extends ListSaasRoleGroupParam implements IP
    @CriteriaField(ignore = true)
    List<String> sort;

+    public PageResp<SaasRoleGroupDTO> toEmpty() {
+        return PageResp.<SaasRoleGroupDTO>builder()
+                .current(Optional.ofNullable(this.getPage())
+                        .orElse(DEFAULT_PAGE_NUMBER))
+                .size(Optional.ofNullable(this.getPageSize())
+                        .orElse(DEFAULT_PAGE_SIZE))
+                .total(0)
+                .data(Collections.emptyList())
+                .build();
+    }
 }
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java
@ -147,6 +147,26 @@ public class ListRoleUserRelationParam {
    @CriteriaField(ignore = true)
    private Set<RoleTypeEnum> roleTypes;

+    /**
+     * 查找指定角色分组code层级下角色的用户
+     */
+    @CriteriaField(ignore = true)
+    private String roleGroupCode;
+
+    /**
+     * 查找指定角色分组code层级及以下所有层级角色的用户
+     */
+    @CriteriaField(ignore = true)
+    private String ancestorRoleGroupCode;
+
+    /**
+     * 查询用户拥有的权限
+     * 跟needPermission的区别是：needPermission是查询角色关联的菜单组件
+     * needUserPermission是查询这个用户拥有的权限，要根据产品去匹配，
+     */
+    @CriteriaField(ignore = true)
+    private Boolean needUserPermission;
+
    @Data
    @Builder
    @NoArgsConstructor
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/api/RoleGroupApi.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/api/RoleGroupApi.java
@ -17,6 +17,6 @@ public interface RoleGroupApi {
     * @param req
     * @return
     */
-    @PostMapping("/api/roleGroup/page")
+    @PostMapping("/api/role-group/page")
    ApiResult<PageResp<RoleGroupResp>> page(@RequestBody @Validated PageRoleGroupReq req);
 }
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/api/RoleUserApi.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/api/RoleUserApi.java
@ -17,6 +17,6 @@ public interface RoleUserApi {
     * @param req
     * @return
     */
-    @PostMapping("/api/roleUser/page")
+    @PostMapping("/api/role-user/page")
    ApiResult<PageResp<RoleUserResp>> page(@RequestBody @Validated PageRoleUserReq req);
 }
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/api/UserPermissionApi.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/api/UserPermissionApi.java
@ -0,0 +1,18 @@
+package cn.axzo.tyr.feign.api;
+
+import cn.axzo.foundation.result.ApiResult;
+import cn.axzo.tyr.feign.req.ListUserPermissionReq;
+import cn.axzo.tyr.feign.resp.UserPermissionResp;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+
+@FeignClient(name = "tyr", url = "${axzo.service.tyr:http://tyr:8080}")
+public interface UserPermissionApi {
+
+    @PostMapping("/api/user-permission/list")
+    ApiResult<List<UserPermissionResp>> list(@RequestBody @Validated ListUserPermissionReq req);
+}
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/req/ListUserPermissionReq.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/req/ListUserPermissionReq.java
@ -0,0 +1,85 @@
+package cn.axzo.tyr.feign.req;
+
+import cn.axzo.tyr.feign.enums.IdentityTypeEnum;
+import cn.axzo.tyr.feign.enums.RolePermissionTagEnum;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotEmpty;
+import java.util.List;
+import java.util.Set;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class ListUserPermissionReq {
+
+    /**
+     * 人员id
+     * 根据personId查询权限或者根据identityId、identityType查询权限，不能同时都为空
+     */
+    private Long personId;
+
+    /**
+     * 身份id
+     */
+    private Long identityId;
+
+    /**
+     * 身份类型
+     */
+    private IdentityTypeEnum identityType;
+
+    /**
+     * 权限code
+     * 没有指定就查询所有的权限，指定了就查询指定code的权限
+     */
+    private Set<String> featureCodes;
+
+    /**
+     * 端信息
+     */
+    private String terminal;
+
+    /**
+     * 项目信息
+     */
+    @NotEmpty(message = "workspaceOuPairs不能为空")
+    private List<WorkspaceOuPair> workspaceOuPairs;
+
+    /**
+     * app类型（APP:原生，H5:h5页面）
+     */
+    private String appType;
+
+    /**
+     * 项目code（H5会拉取项目下所有的元素）
+     * APP上每个应用的code，数据库叫itemCode，保持一致
+     */
+    private String itemCode;
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class WorkspaceOuPair {
+        /**
+         * 租户id
+         */
+        private Long workspaceId;
+
+        /**
+         * 单位id
+         */
+        private Long ouId;
+
+        /**
+         * 根据权限标签去过滤角色对应的权限
+         * 如果没有指定值，则会根据用户在当前workspaceId和ouId在人岗架的状态来解析
+         */
+        private Set<RolePermissionTagEnum> permissionTags;
+    }
+}
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/req/PageRoleReq.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/req/PageRoleReq.java
@ -95,6 +95,7 @@ public class PageRoleReq {
    /**
     * 协同关系类型
     * 1:总包 2:建设单位 3:监理单位 4:劳务分包 5:专业分包 6:OMS通用 7:企业通用 8:企业内班组 9:项目内班组
+     * @see cn.axzo.maokai.common.enums.SaasCooperateShipCooperateTypeEnum
     */
    private Set<Integer> cooperateShipTypes;

--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/req/PageRoleUserReq.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/req/PageRoleUserReq.java
@ -164,6 +164,11 @@ public class PageRoleUserReq {
     */
    private String ancestorRoleGroupCode;

+    /**
+     * 查询用户拥有的权限
+     */
+    private Boolean needUserPermission;
+
    @Data
    @Builder
    @NoArgsConstructor
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/resp/PermissionResp.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/resp/PermissionResp.java
@ -0,0 +1,43 @@
+package cn.axzo.tyr.feign.resp;
+
+import cn.axzo.tyr.feign.enums.RolePermissionTagEnum;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.Set;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class PermissionResp {
+
+    /**
+     * 权限点id
+     */
+    private Long featureId;
+
+    /**
+     * 权限code
+     */
+    private String featureCode;
+
+    /**
+     * 新旧权限
+     * 0：表示id是saas_feature的id
+     * 1：表示id是saas_feature_resource的id
+     */
+    private Integer featureType;
+
+    /**
+     * 端信息
+     */
+    private String terminal;
+
+    /**
+     * 权限的标签
+     */
+    private Set<RolePermissionTagEnum> tags;
+}
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/resp/RoleUserResp.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/resp/RoleUserResp.java
@ -6,7 +6,7 @@ import lombok.Data;
 import lombok.NoArgsConstructor;

 import java.util.Date;
-import java.util.List;
+import java.util.Set;

@Data
@Builder
@ -82,4 +82,9 @@ public class RoleUserResp {
     * 角色信息
     */
    private RoleResp role;
+
+    /**
+     * 用户当前角色拥有的权限
+     */
+    private Set<PermissionResp> permissions;
 }
--- a/tyr-client/src/main/java/cn/axzo/tyr/feign/resp/UserPermissionResp.java
+++ b/tyr-client/src/main/java/cn/axzo/tyr/feign/resp/UserPermissionResp.java
@ -0,0 +1,54 @@
+package cn.axzo.tyr.feign.resp;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserPermissionResp {
+
+
+    /**
+     * 人员id
+     */
+    private Long personId;
+
+    /**
+     * 身份id
+     */
+    private Long identityId;
+
+    /**
+     * 身份类型
+     */
+    private String identityType;
+
+    /**
+     * 用户在项目的权限
+     */
+    private List<WorkspacePermission> workspacePermissions;
+
+    @Data
+    @Builder
+    @AllArgsConstructor
+    @NoArgsConstructor
+    public static class WorkspacePermission {
+
+        private Long workspaceId;
+
+        private Long ouId;
+
+        /**
+         * 是否是超管
+         */
+        private Boolean isSuperAdmin;
+
+        private List<PermissionResp> permissions;
+    }
+}
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java
@ -26,7 +26,7 @@ public enum BizResultCode implements IResultCode {
    PAGE_ELEMENT_CATEGORY_NOT_FOUND("100016", "资源分组数据不存在"),
    PAGE_ELEMENT_ERROR("100017", "资源分组错误:{}"),
    PAGE_CODE_DUPLICATE("100018", "资源元素code重复,重复的code:{}"),
-    PARAM_ERROR("100019", "参数错误"),
+    PARAM_ERROR("100019", "参数错误:{}"),
    FEATURE_NAME_EXIST("100020", "菜单组件名字已经存在:{}"),
    TERMINAL_CODE_EXIST("100021", "端code已经存在，请修改"),
    TERMINAL_NOT_FOUND("100022", "原端不存在:{}"),
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
@ -115,72 +115,38 @@ import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.
@RequiredArgsConstructor
 public class PrivateController {

-    @Autowired
-    private SaasCommonDictService saasCommonDictService;
-    @Autowired
-    private SaasRoleGroupService saasRoleGroupService;
-    @Autowired
-    private SaasRoleGroupRelationDao saasRoleGroupRelationDao;
-    @Autowired
-    private RoleService roleService;
-    @Autowired
-    private SaasFeatureResourceDao saasFeatureResourceDao;
-    @Autowired
-    private SaasFeatureResourceCacheService saasFeatureResourceCacheService;
-    @Autowired
-    private ProductPermissionCacheService productPermissionCacheService;
-    @Autowired
-    private TyrSaasAuthService tyrSaasAuthService;
-    @Autowired
-    private SaasFeatureDao saasFeatureDao;
-    @Autowired
-    private SaasPgroupPermissionRelationService saasPgroupPermissionRelationService;
-    @Autowired
-    private SaasRoleDao saasRoleDao;
-    @Autowired
-    private SaasPgroupRoleRelationDao saasPgroupRoleRelationDao;
-    @Autowired
-    private SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
-    @Autowired
-    private ProductFeatureRelationService productFeatureRelationService;
-    @Autowired
-    private FeatureCodeUtil featureCodeUtil;
-    @Autowired
-    private WorkspaceProductService workspaceProductService;
-    @Autowired
-    private CacheWorkspaceProductHandler cacheWorkspaceProductHandler;
-    @Autowired
-    private SaasRoleGroupDao saasRoleGroupDao;
-    @Autowired
-    private CacheProductPermissionJob cacheProductPermissionJob;
-    @Autowired
-    private CacheRolePermissionJob cacheRolePermissionJob;
-    @Autowired
-    private CacheSaasFeatureJob cacheSaasFeatureJob;
-    @Autowired
-    private CacheProductFeatureResourceJob cacheProductFeatureResourceJob;
-    @Autowired
-    private CacheRoleFeatureResourceJob cacheRoleFeatureResourceJob;
-    @Autowired
-    private SaasFeatureResourceService saasFeatureResourceService;
-    @Autowired
-    private RolePermissionCacheService rolePermissionCacheService;
-    @Autowired
-    private SaasPageElementDao saasPageElementDao;
-    @Autowired
-    private SaasPageElementFeatureResourceRelationDao saasPageElementFeatureResourceRelationDao;
-    @Autowired
-    private SaasRoleUserRelationService saasRoleUserRelationService;
-    @Autowired
-    private ProductModuleDao productModuleDao;
-    @Autowired
-    private CacheWorkspaceProductJob cacheWorkspaceProductJob;
-    @Autowired
-    private RoleSaasFeatureResourceCacheService roleSaasFeatureResourceCacheService;
-    @Autowired
-    private SendDingTalkHandler sendDingTalkHandler;
-    @Autowired
-    private ProductSaasFeatureResourceCacheService productSaasFeatureResourceCacheService;
+    private final SaasCommonDictService saasCommonDictService;
+    private final SaasRoleGroupService saasRoleGroupService;
+    private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
+    private final RoleService roleService;
+    private final SaasFeatureResourceDao saasFeatureResourceDao;
+    private final SaasFeatureResourceCacheService saasFeatureResourceCacheService;
+    private final ProductPermissionCacheService productPermissionCacheService;
+    private final SaasFeatureDao saasFeatureDao;
+    private final SaasPgroupPermissionRelationService saasPgroupPermissionRelationService;
+    private final SaasRoleDao saasRoleDao;
+    private final SaasPgroupRoleRelationDao saasPgroupRoleRelationDao;
+    private final SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
+    private final ProductFeatureRelationService productFeatureRelationService;
+    private final FeatureCodeUtil featureCodeUtil;
+    private final WorkspaceProductService workspaceProductService;
+    private final CacheWorkspaceProductHandler cacheWorkspaceProductHandler;
+    private final SaasRoleGroupDao saasRoleGroupDao;
+    private final CacheProductPermissionJob cacheProductPermissionJob;
+    private final CacheRolePermissionJob cacheRolePermissionJob;
+    private final CacheSaasFeatureJob cacheSaasFeatureJob;
+    private final CacheProductFeatureResourceJob cacheProductFeatureResourceJob;
+    private final CacheRoleFeatureResourceJob cacheRoleFeatureResourceJob;
+    private final SaasFeatureResourceService saasFeatureResourceService;
+    private final RolePermissionCacheService rolePermissionCacheService;
+    private final SaasPageElementDao saasPageElementDao;
+    private final SaasPageElementFeatureResourceRelationDao saasPageElementFeatureResourceRelationDao;
+    private final SaasRoleUserRelationService saasRoleUserRelationService;
+    private final ProductModuleDao productModuleDao;
+    private final CacheWorkspaceProductJob cacheWorkspaceProductJob;
+    private final RoleSaasFeatureResourceCacheService roleSaasFeatureResourceCacheService;
+    private final SendDingTalkHandler sendDingTalkHandler;
+    private final ProductSaasFeatureResourceCacheService productSaasFeatureResourceCacheService;

    /**
     * 统一层级的roleGroup按照id升序，sort从1递增
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/v2/UserPermissionController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/v2/UserPermissionController.java
@ -0,0 +1,76 @@
+package cn.axzo.tyr.server.controller.v2;
+
+import cn.axzo.foundation.exception.Axssert;
+import cn.axzo.foundation.result.ApiResult;
+import cn.axzo.tyr.client.model.enums.IdentityType;
+import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
+import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
+import cn.axzo.tyr.feign.api.UserPermissionApi;
+import cn.axzo.tyr.feign.req.ListUserPermissionReq;
+import cn.axzo.tyr.feign.resp.UserPermissionResp;
+import cn.axzo.tyr.server.service.PermissionService;
+import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.stream.Collectors;
+
+import static cn.axzo.tyr.server.config.exception.BizResultCode.PARAM_ERROR;
+
+@Slf4j
+@RestController
+public class UserPermissionController implements UserPermissionApi {
+
+    @Autowired
+    private PermissionService permissionService;
+    @Autowired
+    private SaasRoleUserRelationService saasRoleUserRelationService;
+
+    @Override
+    public ApiResult<List<UserPermissionResp>> list(ListUserPermissionReq req) {
+
+        check(req);
+
+        List<SaasRoleUserV2DTO> saasRoleUsers = listRoleUserRelation(req);
+
+
+        return null;
+    }
+
+    private void check(ListUserPermissionReq req) {
+
+        Axssert.check(Objects.nonNull(req.getPersonId()) || Objects.nonNull(req.getIdentityId()),
+                PARAM_ERROR, PARAM_ERROR.getErrorMessage(), "personId 和 identityId不能同时为空");
+
+        if (Objects.nonNull(req.getIdentityId())) {
+            Axssert.check(Objects.nonNull(req.getIdentityType()),
+                    PARAM_ERROR, PARAM_ERROR.getErrorMessage(), "identityType不能为空");
+        }
+    }
+
+    private List<SaasRoleUserV2DTO> listRoleUserRelation(ListUserPermissionReq req) {
+
+        ListRoleUserRelationParam listRoleUserRelationParam = ListRoleUserRelationParam.builder()
+                .personId(req.getPersonId())
+                .identityId(req.getIdentityId())
+                .identityType(Optional.ofNullable(req.getIdentityType())
+                        .map(e -> IdentityType.valueOf(e.name()))
+                        .orElse(null))
+                .workspaceOuPairs(req.getWorkspaceOuPairs().stream()
+                        .map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
+                                .workspaceId(e.getWorkspaceId())
+                                .ouId(e.getOuId())
+                                .build())
+                        .collect(Collectors.toList()))
+                .needRole(true)
+                .build();
+
+        return saasRoleUserRelationService.listV2(listRoleUserRelationParam).stream()
+                .filter(e -> e.getSaasRole() != null)
+                .collect(Collectors.toList());
+    }
+}
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionService.java
@ -0,0 +1,78 @@
+package cn.axzo.tyr.server.service;
+
+import cn.axzo.tyr.feign.enums.RolePermissionTagEnum;
+import cn.axzo.tyr.feign.enums.RoleTypeEnum;
+import cn.axzo.tyr.feign.resp.UserPermissionResp;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public interface PermissionService {
+
+    Map<Long, List<UserPermissionResp>> listUserPermission(ListUserPermissionParam param);
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    class ListUserPermissionParam {
+        private List<UserParam> users;
+
+        /**
+         * 权限code
+         * 没有指定就查询所有的权限，指定了就查询指定code的权限
+         */
+        private Set<String> featureCodes;
+
+        /**
+         * 端信息
+         */
+        private String terminal;
+
+        /**
+         * app类型（APP:原生，H5:h5页面）
+         */
+        private String appType;
+
+        /**
+         * 项目code（H5会拉取项目下所有的元素）
+         * APP上每个应用的code，数据库叫itemCode，保持一致
+         */
+        private String itemCode;
+    }
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    class UserParam {
+        private Long personId;
+
+        private Set<RolePermissionTagEnum> tags;
+
+        private Set<RoleParam> roles;
+
+        private Long workspaceId;
+    }
+
+    @Data
+    @Builder
+    @NoArgsConstructor
+    @AllArgsConstructor
+    class RoleParam {
+        private Long roleId;
+
+        private RoleTypeEnum roleType;
+
+        /**
+         * 产品单位类型
+         * 1:总包 2:建设单位 3:监理单位 4:劳务分包 5:专业分包 6:OMS通用 7:企业通用 8:企业内班组 9:项目内班组
+         */
+        private Integer cooperateShipTypes;
+    }
+}
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/ProductPermissionCacheService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/ProductPermissionCacheService.java
@ -62,6 +62,22 @@ public interface ProductPermissionCacheService {
        private Set<Long> productIds;

        private Set<String> featureCodes;
+
+        /**
+         * 端信息
+         */
+        private String terminal;
+
+        /**
+         * app类型（APP:原生，H5:h5页面）
+         */
+        private String appType;
+
+        /**
+         * 项目code（H5会拉取项目下所有的元素）
+         * APP上每个应用的code，数据库叫itemCode，保持一致
+         */
+        private String itemCode;
    }

    @Data
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/WorkspaceProductService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/WorkspaceProductService.java
@ -67,6 +67,22 @@ public interface WorkspaceProductService {
        private Set<Long> workspaceIds;

        private Set<String> featureCodes;
+
+        /**
+         * 端信息
+         */
+        private String terminal;
+
+        /**
+         * app类型（APP:原生，H5:h5页面）
+         */
+        private String appType;
+
+        /**
+         * 项目code（H5会拉取项目下所有的元素）
+         * APP上每个应用的code，数据库叫itemCode，保持一致
+         */
+        private String itemCode;
    }

    @Data
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionServiceImpl.java
@ -0,0 +1,290 @@
+package cn.axzo.tyr.server.service.impl;
+
+import cn.axzo.tyr.client.model.res.IdentityAuthRes;
+import cn.axzo.tyr.feign.enums.RolePermissionTagEnum;
+import cn.axzo.tyr.feign.resp.PermissionResp;
+import cn.axzo.tyr.feign.resp.UserPermissionResp;
+import cn.axzo.tyr.server.service.PermissionService;
+import cn.axzo.tyr.server.service.ProductPermissionCacheService;
+import cn.axzo.tyr.server.service.RolePermissionCacheService;
+import cn.axzo.tyr.server.service.SaasFeatureResourceService;
+import cn.axzo.tyr.server.service.WorkspaceProductService;
+import cn.hutool.core.collection.CollectionUtil;
+import com.google.common.collect.Sets;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.compress.utils.Lists;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+@Slf4j
+@Service
+public class PermissionServiceImpl implements PermissionService {
+
+    @Autowired
+    private RolePermissionCacheService rolePermissionCacheService;
+    @Autowired
+    private WorkspaceProductService workspaceProductService;
+    @Autowired
+    private SaasFeatureResourceService saasFeatureResourceService;
+
+    /**
+     * 1、查询用户的角色
+     * 2、查询角色的权限
+     * 3、查询项目的权限
+     * 4、查找项目权限的端的所有菜单、可能菜单已经被删除，需要需要校验有权限id是否存在
+     * 5、解析超管、管理员角色的权限
+     * 6、解析普通角色的权限
+     * 7、解析免授权的权限
+     * 8、合并5、6、7的权限并返回
+     * 因为角色的单位类型要跟产品的单位类型去匹配、超管|管理员角色的权限是对应的产品的权限、普通角色的权限需要跟产品匹配
+     * 权限点指定是全部角色，则只需要产品勾选了权限即有权限
+     *
+     */
+    @Override
+    public Map<Long, List<UserPermissionResp>> listUserPermission(ListUserPermissionParam param) {
+        if (CollectionUtils.isEmpty(param.getUsers())) {
+            return Collections.emptyMap();
+        }
+
+        // 查询项目的权限
+        Map<Long, List<ProductPermissionCacheService.PermissionDTO>> workspacePermissionMap = listWorkspacePermission(param);
+        if (Objects.isNull(workspacePermissionMap) || workspacePermissionMap.isEmpty()) {
+            return Collections.emptyMap();
+        }
+
+        // 查询产品的端的所有菜单信息
+        List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatureResources = listAllSaasFeature(workspacePermissionMap);
+        if (CollectionUtils.isEmpty(allFeatureResources)) {
+            return Collections.emptyMap();
+        }
+
+        // 查询角色的权限
+        Map<Long, List<RolePermissionCacheService.PermissionDTO>> rolePermissions = listRolePermission(param);
+
+        // 按照人去解析每个人的权限，因为每个人的tag可能不一样
+        param.getUsers().stream()
+                .map(user -> {
+                    if (CollectionUtils.isEmpty(user.getRoles())) {
+                        return null;
+                    }
+
+                    List<ProductPermissionCacheService.PermissionDTO> workspacePermissions = workspacePermissionMap.get(user.getWorkspaceId());
+                    if (CollectionUtils.isEmpty(workspacePermissions)) {
+                        return null;
+                    }
+
+                    // 用户在场时的管理员角色的权限
+                    Set<PermissionResp> adminRolePermission = resolveAdminRolePermission(workspacePermissions, user);
+
+                    // 用户普通角色的权限
+
+                })
+                .filter(Objects::nonNull)
+                .collect(Collectors.toList());
+
+
+
+        return null;
+    }
+
+    /**
+     * 只有查询在职权限时才能直接根据管理员角色和产品去匹配
+     * 因为离场权限，管理员角色会配置管理员角色对应的离场权限
+     * @param workspacePermissions
+     * @param userParam
+     * @return
+     */
+    private Set<PermissionResp> resolveAdminRolePermission(List<ProductPermissionCacheService.PermissionDTO> workspacePermissions,
+                                                           UserParam userParam) {
+
+        if (!CollectionUtils.isEmpty(userParam.getTags()) && !userParam.getTags().contains(RolePermissionTagEnum.JOINED)) {
+            log.info("admin role permission:tags not null and no joined tag");
+            return Collections.emptySet();
+        }
+
+        //超管和管理员角色
+        List<RoleParam> adminRoles = userParam.getRoles().stream()
+                .filter(role -> Objects.nonNull(role.getRoleType()) && role.getRoleType().isAdmin())
+                .collect(Collectors.toList());
+        if (CollectionUtil.isEmpty(adminRoles)) {
+            log.info("no admin roles");
+            return Collections.emptySet();
+        }
+
+        Set<String> cooperateShipTypes = adminRoles.stream()
+                .map(RoleParam::getCooperateShipTypes)
+                .map(String::valueOf)
+                .collect(Collectors.toSet());
+
+        return workspacePermissions.stream()
+                .filter(e -> cooperateShipTypes.contains(e.getCooperateType()))
+                .map(e -> PermissionResp.builder()
+                        .featureCode(e.getFeatureCode())
+                        .featureId(e.getFeatureId())
+                        .terminal(e.getTerminal())
+                        .featureType(e.getFeatureType())
+                        .build())
+                .collect(Collectors.toSet());
+    }
+
+
+    private Set<IdentityAuthRes.PermissionPoint> buildNoAuthPermission(List<ProductPermissionCacheService.PermissionDTO> productPermissions,
+                                                                       List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatures) {
+
+        // 因为有权授权权限的权限点，就需要有所有上层权限点的权限
+        Set<Long> notAuthFeatureIds = allFeatures.stream()
+                .filter(SaasFeatureResourceService.SaasFeatureResourceCache::isNotAuth)
+                .map(e -> Optional.ofNullable(e.getParentIds())
+                        .map(f -> {
+                            f.add(e.getFeatureId());
+                            return f;
+                        })
+                        .orElseGet(() -> Sets.newHashSet(e.getFeatureId())))
+                .flatMap(Collection::stream)
+                .collect(Collectors.toSet());
+
+        if (CollectionUtils.isEmpty(notAuthFeatureIds)) {
+            return Collections.emptySet();
+        }
+
+
+        return productPermissions.stream()
+                .filter(productPermission -> notAuthFeatureIds.contains(productPermission.getFeatureId()))
+                .map(e -> IdentityAuthRes.PermissionPoint.builder()
+                        .featureCode(e.getFeatureCode())
+                        .featureId(e.getFeatureId())
+                        .terminal(e.getTerminal())
+                        .featureType(e.getFeatureType())
+                        .build())
+                .collect(Collectors.toSet());
+    }
+
+    private Set<IdentityAuthRes.PermissionPoint> resolveNormalRolePermission(List<ProductPermissionCacheService.PermissionDTO> workspacePermissions,
+                                                                             UserParam userParam) {
+
+        // 普通角色
+        List<RoleParam> normalRoles = userParam.getRoles().stream()
+                .filter(role -> Objects.nonNull(role.getRoleType()) && !role.getRoleType().isAdmin())
+                .collect(Collectors.toList());
+        if (CollectionUtil.isEmpty(normalRoles)) {
+            log.info("no normal roles");
+            return Collections.emptySet();
+        }
+
+        return normalRoles.stream()
+                .map(role -> {
+
+                    Set<String> rolePermissionFeatureCodes = Optional.ofNullable(rolePermissionMap.get(role.getId()))
+                            .map(e -> e.stream()
+                                    .filter(Objects::nonNull)
+                                    .filter(rolePermission -> {
+                                        if (CollectionUtils.isEmpty(workspaceOuPair.getTags()) || CollectionUtils.isEmpty(rolePermission.getTags())) {
+                                            return true;
+                                        }
+
+                                        if (Sets.intersection(workspaceOuPair.getTags(), rolePermission.getTags()).isEmpty()) {
+                                            return false;
+                                        }
+
+                                        return true;
+                                    })
+                                    .map(RolePermissionCacheService.PermissionDTO::getFeatureCode)
+                                    .collect(Collectors.toSet()))
+                            .orElseGet(Sets::newHashSet);
+
+                    if (CollectionUtils.isEmpty(rolePermissionFeatureCodes)) {
+                        return null;
+                    }
+
+                    return productPermissions.stream()
+                            .filter(productPermission -> Objects.equals(productPermission.getCooperateType(), String.valueOf(role.getProductUnitType())))
+                            .filter(productPermission -> rolePermissionFeatureCodes.contains(productPermission.getFeatureCode()))
+                            .map(e -> IdentityAuthRes.PermissionPoint.builder()
+                                    .featureCode(e.getFeatureCode())
+                                    .featureId(e.getFeatureId())
+                                    .terminal(e.getTerminal())
+                                    .featureType(e.getFeatureType())
+                                    .build())
+                            .collect(Collectors.toSet());
+
+                })
+                .filter(Objects::nonNull)
+                .flatMap(Collection::stream)
+                .collect(Collectors.toSet());
+    }
+
+    private Map<Long, List<RolePermissionCacheService.PermissionDTO>> listRolePermission(ListUserPermissionParam param) {
+        Set<Long> roleIds = param.getUsers().stream()
+                .map(UserParam::getRoles)
+                .filter(Objects::nonNull)
+                .flatMap(Collection::stream)
+                .map(RoleParam::getRoleId)
+                .collect(Collectors.toSet());
+        if (CollectionUtils.isEmpty(roleIds)) {
+            return Collections.emptyMap();
+        }
+
+        RolePermissionCacheService.ListRolePermissionParam listRolePermissionParam = RolePermissionCacheService.ListRolePermissionParam.builder()
+                .roleIds(roleIds)
+                .featureCodes(param.getFeatureCodes())
+                .build();
+        return rolePermissionCacheService.list(listRolePermissionParam);
+    }
+
+    private Map<Long, List<ProductPermissionCacheService.PermissionDTO>> listWorkspacePermission(ListUserPermissionParam param) {
+
+        Set<Long> workspaceIds = param.getUsers().stream()
+                .map(UserParam::getWorkspaceId)
+                .filter(Objects::nonNull)
+                .collect(Collectors.toSet());
+        if (CollectionUtils.isEmpty(workspaceIds)) {
+            return Collections.emptyMap();
+        }
+
+        WorkspaceProductService.ListWorkspaceProductPermissionCacheParam listWorkspaceProductPermission = WorkspaceProductService.ListWorkspaceProductPermissionCacheParam.builder()
+                .workspaceIds(workspaceIds)
+                .featureCodes(param.getFeatureCodes())
+                .appType(param.getAppType())
+                .itemCode(param.getItemCode())
+                .terminal(param.getTerminal())
+                .build();
+        return workspaceProductService.listWorkspaceProductPermissionCached(listWorkspaceProductPermission)
+                .stream()
+                .collect(Collectors.toMap(WorkspaceProductService.WorkspaceProductPermission::getWorkspaceId,
+                        e -> Optional.ofNullable(e.getProductPermissions())
+                                .map(productPermissions -> productPermissions.stream()
+                                        .map(WorkspaceProductService.ProductPermission::getPermissions)
+                                        .filter(Objects::nonNull)
+                                        .flatMap(Collection::stream)
+                                        .collect(Collectors.toList()))
+                                .orElseGet(Lists::newArrayList)));
+    }
+
+    private List<SaasFeatureResourceService.SaasFeatureResourceCache> listAllSaasFeature(Map<Long, List<ProductPermissionCacheService.PermissionDTO>> workspacePermissions) {
+
+        Set<String> terminals = workspacePermissions.values().stream()
+                .flatMap(Collection::stream)
+                .map(ProductPermissionCacheService.PermissionDTO::getTerminal)
+                .filter(Objects::nonNull)
+                .collect(Collectors.toSet());
+
+        SaasFeatureResourceService.ListSaasFeatureResourceCache listSaasFeatureResourceCache = SaasFeatureResourceService.ListSaasFeatureResourceCache.builder()
+                .terminals(terminals)
+                .build();
+        return saasFeatureResourceService.listCache(listSaasFeatureResourceCache)
+                .values()
+                .stream()
+                .flatMap(Collection::stream)
+                .collect(Collectors.toList());
+    }
+}
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductPermissionCacheServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductPermissionCacheServiceImpl.java
@ -18,6 +18,7 @@ import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
 import org.springframework.stereotype.Service;
@ -85,18 +86,20 @@ public class ProductPermissionCacheServiceImpl implements ProductPermissionCache
                    .collect(Collectors.toMap(Map.Entry::getKey, e -> e.getValue().orElseGet(Lists::newArrayList)));
        } catch (ExecutionException ex) {
            log.error("list product cache permission error:{} error", param.getProductIds(), ex);
-            // 外面有做降级
            throw new ServiceException("查询产品权限缓存异常");
        }

-        if (CollectionUtils.isEmpty(param.getFeatureCodes())) {
-            return productPermissions;
-        }
-
        return productPermissions.entrySet()
                .stream()
                .map(e -> Pair.of(e.getKey(), e.getValue().stream()
-                        .filter(permission -> param.getFeatureCodes().contains(permission.getFeatureCode()))
+                        .filter(permission -> CollectionUtils.isEmpty(param.getFeatureCodes())
+                                || param.getFeatureCodes().contains(permission.getFeatureCode()))
+                        .filter(permission -> StringUtils.isBlank(param.getTerminal())
+                                || Objects.equals(permission.getTerminal(), param.getTerminal()))
+                        .filter(permission -> StringUtils.isBlank(param.getAppType())
+                                || Objects.equals(permission.getAppType(), param.getAppType()))
+                        .filter(permission -> StringUtils.isBlank(param.getItemCode())
+                                || Objects.equals(permission.getItemCode(), param.getItemCode()))
                        .collect(Collectors.toList()))
                )
                .filter(e -> !CollectionUtils.isEmpty(e.getValue()))
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationOperateLogServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationOperateLogServiceImpl.java
@ -18,12 +18,12 @@ import cn.axzo.tyr.server.util.RpcInternalUtil;
 import cn.azxo.framework.common.constatns.Constants;
 import com.alibaba.fastjson.JSONObject;
 import com.google.common.collect.Lists;
-import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.MDC;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

 import java.util.Collections;
@ -39,7 +39,6 @@ import java.util.stream.Collectors;
 */
@Slf4j
@Service
-@AllArgsConstructor
 public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPgroupPermissionRelationOperateLogService {

    public static final String TABLE_NAME_FEATURE_RESOURCE = "saas_feature_resource";
@ -50,10 +49,14 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
    public static final String TABLE_NAME_SAAS_ROLE_GROUP = "saas_role_group";
    public static final String TABLE_NAME_SAAS_FEATURE = "saas_feature";

-    private final SaasPgroupPermissionRelationOperateLogDao saasPgroupPermissionRelationOperateLogDao;
-    private final SaasRoleDao saasRoleDao;
-    private final UserProfileServiceApi userProfileServiceApi;
-    private final SaasRoleUserRelationService saasRoleUserRelationService;
+    @Autowired
+    private SaasPgroupPermissionRelationOperateLogDao saasPgroupPermissionRelationOperateLogDao;
+    @Autowired
+    private SaasRoleDao saasRoleDao;
+    @Autowired
+    private UserProfileServiceApi userProfileServiceApi;
+    @Autowired
+    private SaasRoleUserRelationService saasRoleUserRelationService;

    @Override
    public void batchSave(List<SaasPgroupPermissionRelationOperateLog> logs) {
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupRelationServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupRelationServiceImpl.java
@ -15,6 +15,7 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

@ -25,10 +26,10 @@ import java.util.stream.Collectors;

@Slf4j
@Service
-@RequiredArgsConstructor
 public class SaasRoleGroupRelationServiceImpl extends ServiceImpl<SaasRoleGroupRelationMapper, SaasRoleGroupRelation>
 		implements SaasRoleGroupRelationService {
-	private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
+	@Autowired
+	private SaasRoleGroupRelationDao saasRoleGroupRelationDao;

 	@Override
 	@Transactional(rollbackFor = Exception.class)
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
@ -46,6 +46,7 @@ import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.MDC;
 import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

@ -59,23 +60,29 @@ import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.Set;
 import java.util.function.Function;
 import java.util.stream.Collectors;

 import static cn.axzo.tyr.server.config.exception.BizResultCode.CANT_DELETE_ROLE_GROUP;

@Slf4j
-@RequiredArgsConstructor
@Service
 public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, SaasRoleGroup>
        implements SaasRoleGroupService {

-    private final SaasRoleGroupMapper saasRoleGroupMapper;
-    private final SaasRoleGroupDao saasRoleGroupDao;
-    private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
-    private final SaasRoleGroupRelationService saasRoleGroupRelationService;
-    private final RoleService roleService;
-    private final SaasPgroupPermissionRelationOperateLogService saasPgroupPermissionRelationOperateLogService;
+    @Autowired
+    private SaasRoleGroupMapper saasRoleGroupMapper;
+    @Autowired
+    private SaasRoleGroupDao saasRoleGroupDao;
+    @Autowired
+    private SaasRoleGroupRelationDao saasRoleGroupRelationDao;
+    @Autowired
+    private SaasRoleGroupRelationService saasRoleGroupRelationService;
+    @Autowired
+    private RoleService roleService;
+    @Autowired
+    private SaasPgroupPermissionRelationOperateLogService saasPgroupPermissionRelationOperateLogService;

    @Override
    public List<SaasRoleGroupVO> getList(QuerySaasRoleGroupReq req) {
@ -403,6 +410,11 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
            });
        }

+        Set<Long> idByAncestorRoleGroupCode = resolveIdByAncestorRoleGroupCode(param);
+        if (Objects.nonNull(param.getAncestorRoleGroupCode()) && CollectionUtils.isEmpty(idByAncestorRoleGroupCode)) {
+            return param.toEmpty();
+        }
+
        IPage<SaasRoleGroup> page = this.page(PageConverter.toMybatis(param, SaasRoleGroup.class), wrapper);

        Map<Long, List<SaasRoleRes>> roles = listRoles(param, page.getRecords());
@ -412,6 +424,28 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
        return PageConverter.toResp(page, (record) -> from(record, roles, roleGroupRelations));
    }

+    private Set<Long> resolveIdByAncestorRoleGroupCode(PageSaasRoleGroupParam param) {
+        if (Objects.isNull(param.getAncestorRoleGroupCode())) {
+            return Collections.emptySet();
+        }
+        List<SaasRoleGroup> saasRoleGroups = this.lambdaQuery()
+                .eq(SaasRoleGroup::getCode, param.getAncestorRoleGroupCode())
+                .list();
+        if (CollectionUtils.isEmpty(saasRoleGroups)) {
+            return Collections.emptySet();
+        }
+
+        return this.list(ListSaasRoleGroupParam.builder()
+                .paths(saasRoleGroups.stream()
+                        .map(SaasRoleGroup::getPath)
+                        .collect(Collectors.toSet()))
+                .build())
+                .stream()
+                .map(SaasRoleGroupDTO::getId)
+                .collect(Collectors.toSet());
+
+    }
+
    private SaasRoleGroupDTO from(SaasRoleGroup saasRoleGroup,
                                  Map<Long, List<SaasRoleRes>> roles,
                                  Map<Long, List<RoleGroupRelationRes>> roleGroupRelations) {
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java
@ -26,9 +26,12 @@ import cn.axzo.tyr.client.model.permission.IdentityKey;
 import cn.axzo.tyr.client.model.permission.QueryIdentityByPermissionDTO;
 import cn.axzo.tyr.client.model.permission.SaasUserRoleExBO;
 import cn.axzo.tyr.client.model.req.ListRoleReq;
+import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
 import cn.axzo.tyr.client.model.req.QuerySuperAdminReq;
 import cn.axzo.tyr.client.model.req.UpdateUserJobReq;
 import cn.axzo.tyr.client.model.req.WorkspaceUpdateUserRoleDTO;
+import cn.axzo.tyr.client.model.res.RoleGroupRelationRes;
+import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
 import cn.axzo.tyr.client.model.res.SaasRoleRes;
 import cn.axzo.tyr.client.model.res.SuperAminInfoResp;
 import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
@ -44,6 +47,7 @@ import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
 import cn.axzo.tyr.server.service.RoleService;
+import cn.axzo.tyr.server.service.SaasRoleGroupService;
 import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
 import cn.axzo.tyr.server.util.RpcInternalUtil;
 import cn.hutool.core.collection.CollectionUtil;
@ -51,6 +55,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.beans.BeanUtils;
@ -87,7 +92,6 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
    private SaasRoleUserRelationDao saasRoleUserRelationDao;
    @Autowired
    private SaasRoleDao saasRoleDao;
-
    @Autowired
    private UserProfileServiceApi userProfileServiceApi;
    @Autowired
@ -98,6 +102,9 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
    private IdentityProfileApi identityProfileApi;
    @Autowired
    private OrganizationalUnitApi organizationalUnitApi;
+    @Autowired
+    private SaasRoleGroupService saasRoleGroupService;
+
    private static final String TARGET_TYPE = "saasRoleUserRelationId";

    @Override
@ -137,10 +144,24 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
            return param.toEmpty();
        }

+        Set<Long> roleIdsByRoleGroupCode = resolveRoleIdsByRoleGroupCode(param);
+        if (Objects.nonNull(param.getRoleGroupCode()) && CollectionUtils.isEmpty(roleIdsByRoleGroupCode)) {
+            return param.toEmpty();
+        }
+
+        Set<Long> roleIdsByAncestorRoleGroupCode = resolveRoleIdsByAncestorRoleGroupCode(param);
+        if (Objects.nonNull(param.getAncestorRoleGroupCode()) && CollectionUtils.isEmpty(roleIdsByAncestorRoleGroupCode)) {
+            return param.toEmpty();
+        }
+
        wrapper.in(!CollectionUtils.isEmpty(roleIdsByRoleCodes), "role_id", roleIdsByRoleCodes);

        wrapper.in(!CollectionUtils.isEmpty(roleIdsByRoleTypes), "role_id", roleIdsByRoleTypes);

+        wrapper.in(!CollectionUtils.isEmpty(roleIdsByRoleGroupCode), "role_id", roleIdsByRoleGroupCode);
+
+        wrapper.in(!CollectionUtils.isEmpty(roleIdsByAncestorRoleGroupCode), "role_id", roleIdsByAncestorRoleGroupCode);
+
        assembleBatchPersonWrapper(param, wrapper);

        IPage<SaasRoleUserRelation> page = this.page(PageConverter.toMybatis(param, SaasRoleUserRelation.class), wrapper);
@ -619,4 +640,47 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
                .map(SaasRoleRes::getId)
                .collect(Collectors.toSet());
    }
+
+    private Set<Long> resolveRoleIdsByRoleGroupCode(PageRoleUserRelationParam param) {
+        if (Objects.isNull(param.getRoleGroupCode())) {
+            return Collections.emptySet();
+        }
+
+        return saasRoleGroupService.list(ListSaasRoleGroupParam.builder()
+                .roleGroupCodes(Sets.newHashSet(param.getRoleGroupCode()))
+                .needRoleGroupRelation(true)
+                .build())
+                .stream()
+                .map(SaasRoleGroupDTO::getRoleGroupRelations)
+                .filter(Objects::nonNull)
+                .flatMap(Collection::stream)
+                .map(RoleGroupRelationRes::getRoleId)
+                .collect(Collectors.toSet());
+    }
+
+    private Set<Long> resolveRoleIdsByAncestorRoleGroupCode(PageRoleUserRelationParam param) {
+        if (Objects.isNull(param.getAncestorRoleGroupCode())) {
+            return Collections.emptySet();
+        }
+
+        return saasRoleGroupService.list(ListSaasRoleGroupParam.builder()
+                        .ancestorRoleGroupCode(param.getAncestorRoleGroupCode())
+                        .needRoleGroupRelation(true)
+                        .build())
+                .stream()
+                .map(SaasRoleGroupDTO::getRoleGroupRelations)
+                .filter(Objects::nonNull)
+                .flatMap(Collection::stream)
+                .map(RoleGroupRelationRes::getRoleId)
+                .collect(Collectors.toSet());
+    }
+
+    private Map<Long, SaasRoleUserV2DTO.SaasRole> listUserPermission(PageRoleUserRelationParam param,
+                                                                     List<SaasRoleUserRelation> saasRoleUserRelations) {
+        if (CollectionUtils.isEmpty(saasRoleUserRelations) || BooleanUtils.isNotTrue(param.getNeedUserPermission())) {
+            return Collections.emptyMap();
+        }
+
+
+    }
 }
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@ -925,24 +925,24 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                .build()).collect(Collectors.toList()));

        return permissionInfo.stream()
-                .filter(e -> {
-                    PermissionTagService.ResolvePermissionDTO resolvePermission = personPermissionTags.get(e.getPersonId() + "_" + e.getOuId() + "_" + e.getWorkspaceId());
-                    if (Objects.isNull(resolvePermission)) {
-                        // 未解析到标签兼容历史情况
-                        return true;
-                    }
-
-                    Set<ListPermissionFromRoleGroupResp.FeatureInfo> featureInfos = authMap.get(NumberUtil.parseLong(e.getRoleId()));
-
-                    return featureInfos.stream()
-                            .anyMatch(permission -> permission.getTags()
-                                    .stream()
-                                    .anyMatch(tag -> !Sets.intersection(permission.getTags(), resolvePermission.getTags()).isEmpty()));
-                })
                .peek(e -> {
-                    e.setFeatureInfos(authMap.get(NumberUtil.parseLong(e.getRoleId())));
-                    e.setSimpleFeatureInfos(org.apache.commons.collections4.CollectionUtils.emptyIfNull(authMap.get(NumberUtil.parseLong(e.getRoleId())))
-                            .stream().map(ListPermissionFromRoleGroupResp.FeatureInfo::getFeatureId).collect(Collectors.toSet()));
+                    PermissionTagService.ResolvePermissionDTO resolvePermission = personPermissionTags.get(e.getPersonId() + "_" + e.getOuId() + "_" + e.getWorkspaceId());
+
+                    Set<ListPermissionFromRoleGroupResp.FeatureInfo> featureInfos = Optional.ofNullable(authMap.get(NumberUtil.parseLong(e.getRoleId())))
+                            .orElseGet(Sets::newHashSet)
+                            .stream()
+                            .filter(feature -> {
+                                if (Objects.isNull(resolvePermission)) {
+                                    // 未解析到标签兼容历史情况
+                                    return true;
+                                }
+                                return !Sets.intersection(feature.getTags(), resolvePermission.getTags()).isEmpty();
+                            })
+                            .collect(Collectors.toSet());
+                        e.setFeatureInfos(featureInfos);
+                        e.setSimpleFeatureInfos(featureInfos.stream()
+                                .map(ListPermissionFromRoleGroupResp.FeatureInfo::getFeatureId)
+                                .collect(Collectors.toSet()));
                })
                .collect(Collectors.toList());
    }
@ -1010,15 +1010,23 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                LogUtil.error(" find role info error,role id:{}", roleId);
                return Collections.emptySet();
            }
+            List<RolePermissionCacheService.PermissionDTO> permissionDTOS = rolePermissions.get(roleId);
+            if (CollectionUtils.isEmpty(permissionDTOS)) {
+                return Collections.emptySet();
+            }

-            Set<Long> productPermissionIds = workspaceProductPermissions.get(e.getWorkspaceId()).stream()
+            List<WorkspaceProductService.ProductPermission> productPermissions = workspaceProductPermissions.get(e.getWorkspaceId());
+            if (CollectionUtils.isEmpty(productPermissions)) {
+                return Collections.emptySet();
+            }
+            Set<Long> productPermissionIds = productPermissions.stream()
                    .map(WorkspaceProductService.ProductPermission::getPermissions)
                    .flatMap(Collection::stream)
                    .filter(productPermission -> Objects.equals(productPermission.getCooperateType(), String.valueOf(saasRole.getProductUnitType())))
                    .map(ProductPermissionCacheService.PermissionDTO::getFeatureId)
                    .collect(Collectors.toSet());

-            return rolePermissions.get(roleId).stream()
+            return permissionDTOS.stream()
                    .filter(rolePermission -> productPermissionIds.contains(rolePermission.getFeatureId()))
                    .collect(Collectors.toSet());
        }, (oldFeatureLists, newFeatureLists) -> {
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/WorkspaceProductServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/WorkspaceProductServiceImpl.java
@ -218,6 +218,9 @@ public class WorkspaceProductServiceImpl implements WorkspaceProductService {
        ProductPermissionCacheService.ListProductPermissionParam listProductPermissionParam = ProductPermissionCacheService.ListProductPermissionParam.builder()
                .productIds(productIds)
                .featureCodes(param.getFeatureCodes())
+                .appType(param.getAppType())
+                .itemCode(param.getItemCode())
+                .terminal(param.getTerminal())
                .build();
        Map<Long, List<ProductPermissionCacheService.PermissionDTO>> productPermissionMap = productPermissionCacheService.list(listProductPermissionParam);

--- a/tyr-server/src/test/java/cn/axzo/tyr/base/TestConfig.java
+++ b/tyr-server/src/test/java/cn/axzo/tyr/base/TestConfig.java
@ -4,6 +4,7 @@ import cn.axzo.apollo.workspace.api.workspace.WorkspaceApi;
 import cn.axzo.basics.profiles.api.UserProfileServiceApi;
 import cn.axzo.framework.rocketmq.Event;
 import cn.axzo.framework.rocketmq.EventProducer;
+import cn.axzo.maokai.api.client.OrgUserApi;
 import cn.axzo.thrones.client.saas.ServicePkgClient;
 import com.alibaba.fastjson.JSONObject;
 import lombok.extern.slf4j.Slf4j;
@ -49,6 +50,8 @@ public class TestConfig {
    private WorkspaceApi workspaceApi;
    @MockBean
    private UserProfileServiceApi userProfileServiceApi;
+    @MockBean
+    private OrgUserApi orgUserApi;

    @Bean
    @Primary
--- a/tyr-server/src/test/java/cn/axzo/tyr/server/controller/v2/RoleUserV2ControllerTest.java
+++ b/tyr-server/src/test/java/cn/axzo/tyr/server/controller/v2/RoleUserV2ControllerTest.java
@ -5,6 +5,13 @@ import cn.axzo.apollo.workspace.api.workspace.WorkspaceApi;
 import cn.axzo.apollo.workspace.api.workspace.res.SimpleWorkspaceRes;
 import cn.axzo.basics.profiles.api.UserProfileServiceApi;
 import cn.axzo.basics.profiles.dto.basic.PersonProfileDto;
+import cn.axzo.framework.domain.web.result.ApiListResult;
+import cn.axzo.maokai.api.client.OrgUserApi;
+import cn.axzo.maokai.api.vo.response.OrgUserRes;
+import cn.axzo.maokai.common.enums.OrgUserStatusEnum;
+import cn.axzo.thrones.client.saas.ServicePkgClient;
+import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
+import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
 import cn.axzo.tyr.base.BaseTest;
 import cn.axzo.tyr.base.MysqlDataLoader;
 import cn.axzo.tyr.client.common.enums.FeatureResourceType;
@ -60,6 +67,10 @@ class RoleUserV2ControllerTest extends BaseTest {
    private SaasRoleUserRelationService saasRoleUserRelationService;
    @Autowired
    private TyrSaasAuthService tyrSaasAuthService;
+    @Autowired
+    private OrgUserApi orgUserApi;
+    @Autowired
+    private ServicePkgClient servicePkgClient;

    @BeforeEach
    @Override
@ -1098,26 +1109,108 @@ class RoleUserV2ControllerTest extends BaseTest {
     */
    @Test
    void pageV2() {
+
+        Mockito.when(orgUserApi.listOrgUser(Mockito.any()))
+                .thenReturn(ApiListResult.ok(Lists.newArrayList(OrgUserRes.builder()
+                        .workspaceId(3L)
+                        .ouId(4L)
+                        .personId(3135L)
+                        .status(OrgUserStatusEnum.JOINED)
+                        .build(),
+                        OrgUserRes.builder()
+                                .workspaceId(3L)
+                                .ouId(4L)
+                                .personId(3470L)
+                                .status(OrgUserStatusEnum.LEAVE)
+                                .build())));
+        ServicePkgDetailRes servicePkgDetail = new ServicePkgDetailRes();
+        servicePkgDetail.setSpaceId(3L);
+        ServicePkgProduct servicePkgProduct = new ServicePkgProduct();
+        servicePkgProduct.setProductId(2L);
+        servicePkgDetail.setProducts(Lists.newArrayList(servicePkgProduct));
+        Mockito.when(servicePkgClient.getServicePkgDetailBySpaceId(Mockito.any()))
+                .thenReturn(CommonResponse.success(Lists.newArrayList(servicePkgDetail)));
        // old
        List<ListPermissionFromRoleGroupResp> listPermissionFromRoleGroupResps = tyrSaasAuthService.listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq.builder()
                .categoryCode("cms:zb_org_group")
                .categoryType(1)
+                .findFeatureInfo(true)
                .build());
        Assertions.assertEquals(listPermissionFromRoleGroupResps.size(), 2);
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getIdentityId(), 17L);
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getIdentityType(), 3);
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getPersonId(), 3135L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getIdentityId(), 17L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getIdentityType(), IdentityType.PRACTITIONER);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getPersonId(), 3135L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getOuId(), 4L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getWorkspaceId(), 3L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getTeamOuId(), 0L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getResourceId(), 0L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getResourceType(), 0);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getRoleGroupName(), "组织架构");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getRoleGroupCode(), "cms:zb_org_group");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getRoleId(), "100920");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getRoleName(), "工人管理");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getRoleCode(), "cms:zb_worker——management");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getPermissionGroupId(), 1211L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getSimpleFeatureInfos().size(), 3);
+        Assertions.assertTrue(listPermissionFromRoleGroupResps.get(1).getSimpleFeatureInfos().containsAll(Sets.newHashSet(101744L, 101745L, 101746L)));
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(1).getFeatureInfos().size(), 3);
+        Assertions.assertEquals(Lists.newArrayList(listPermissionFromRoleGroupResps.get(1).getFeatureInfos()).get(0).getFeatureId(), 101745L);
+        Assertions.assertEquals(Lists.newArrayList(listPermissionFromRoleGroupResps.get(1).getFeatureInfos()).get(0).getRelationType(), 1);
+        Assertions.assertEquals(Lists.newArrayList(listPermissionFromRoleGroupResps.get(1).getFeatureInfos()).get(0).getTags().size(), 1);
+        Assertions.assertTrue(Lists.newArrayList(listPermissionFromRoleGroupResps.get(1).getFeatureInfos()).get(0).getTags()
+                .containsAll(Sets.newHashSet(cn.axzo.tyr.client.model.enums.RolePermissionTagEnum.JOINED)));
+
+
+        listPermissionFromRoleGroupResps = tyrSaasAuthService.listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq.builder()
+                .categoryCode("cms:zb_cost_group")
+                .categoryType(2)
+                .findFeatureInfo(true)
+                .build());
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.size(), 9);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getIdentityId(), 36L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getIdentityType(), IdentityType.PRACTITIONER);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getPersonId(), 3470L);
        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getOuId(), 4L);
        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getWorkspaceId(), 3L);
        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getTeamOuId(), 0L);
        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getResourceId(), 0L);
        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getResourceType(), 0);
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleGroupName(), "组织架构");
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleGroupCode(), "cms:zb_org_group");
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleId(), 100920L);
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleName(), "工人管理");
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleCode(), 2);
-        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getPermissionGroupId(), 2);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleGroupName(), "成本管理");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleGroupCode(), "cms:zb_cost_group");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleId(), "100923");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleName(), "查看合约");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleCode(), "cms:zb_contact_view");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getPermissionGroupId(), 1214L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getSimpleFeatureInfos().size(), 0);
+
+        listPermissionFromRoleGroupResps = tyrSaasAuthService.listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq.builder()
+                .categoryCode("cms:zb_cost_group")
+                .categoryType(3)
+                .build());
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.size(), 8);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getIdentityId(), 14L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getIdentityType(), IdentityType.PRACTITIONER);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getPersonId(), 0L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getOuId(), 4L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getWorkspaceId(), 3L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getTeamOuId(), 0L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getResourceId(), 0L);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getResourceType(), 0);
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleGroupName(), "工人管理");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleGroupCode(), "cms:zb_cost_group2");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleId(), "100921");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleName(), "查看组织架构");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getRoleCode(), "cms:zb_org_view");
+        Assertions.assertEquals(listPermissionFromRoleGroupResps.get(0).getPermissionGroupId(), 1212L);
+
        // old
+
+        roleUserV2Controller.page(PageRoleUserReq.builder()
+                        .roleGroupCode("cms:zb_org_group")
+                        .needRole(true)
+                        .needFeatureResources(true)
+                        .build())
+                .getData()
+                .getData();
    }
 }
--- a/tyr-server/src/test/resources/mysql/RoleUserV2ControllerTest.sql
+++ b/tyr-server/src/test/resources/mysql/RoleUserV2ControllerTest.sql
@ -100,7 +100,76 @@ VALUES (104, '2', '1', '组织架构', -1, -1, 14, 4, 'cms:zb_org_group', '', 0,
 INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at, path)
 VALUES (105, '2', '1', '成本管理', -1, -1, 14, 5, 'cms:zb_cost_group', '', 0, '2024-09-25 11:51:55', '2024-09-25 11:51:55', '14,105,');
 INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at, path)
-VALUES (106, '2', '1', '工人管理', -1, -1, 105, 5, 'cms:zb_cost_group', '', 0, '2024-09-25 11:51:55', '2024-09-25 11:51:55', '14,105,106,');
+VALUES (106, '2', '1', '工人管理', -1, -1, 105, 5, 'cms:zb_cost_group2', '', 0, '2024-09-25 11:51:55', '2024-09-25 11:51:55', '14,105,106,');
+
+INSERT INTO product_module (id, icon, product_type, product_name, dict_workspace_type_id, dict_workspace_type_code, status, common_product, remark, auth_type, ou_type, is_delete, create_by, create_at, update_at, update_by, category, version, max_person_count, max_workspace_count, price, skus, material)
+VALUES (2, 'https://axzo-public.oss-cn-chengdu.aliyuncs.com/oms/test/1695286111017-Snipaste_09-13 16-24.png', 2, '项目基础', 2, '2', 1, 1, '', 1, null, 0, 0, '2022-08-17 19:46:11', '2024-12-12 15:37:27', 89601, 'GENERAL_SERVICE', 0, 0, 0, 0, NULL, NULL);
+
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257742, 2, 7, '1', 101744, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257743, 2, 7, '1', 101745, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257744, 2, 7, '1', 101746, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257745, 2, 7, '1', 4443, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257746, 2, 7, '1', 4416, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257747, 2, 7, '1', 4417, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257748, 2, 7, '1', 4418, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257749, 2, 7, '1', 4419, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257750, 2, 7, '1', 4420, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+INSERT INTO saas_product_module_feature_relation (id, product_module_id, dict_code_id, dict_code, feature_id, is_delete, create_at, update_at, create_by, update_by, type, feature_type, terminal)
+VALUES (1257751, 2, 7, '1', 912, 0, '2024-08-20 17:54:00', '2024-08-20 17:54:00', 0, 0, 1, 0, '');
+
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (14744, 'cms:pro_construction_contract_management', 'cms:pro_contract_management_7701', 1, 'NT_CMS_WEB_GENERAL', '2024-07-10 20:39:15', '2024-07-10 20:39:15', null, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (18070, 'cms:pro_construction_contract_management', 'cms:pro_contract_management_7701', 0, 'NT_CMS_WEB_GENERAL', '2024-07-16 09:56:12', '2024-07-16 09:56:11', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (18079, 'cms:pro_construction_contract_detail', 'cms:pro_contract_detail_7707', 0, 'NT_CMS_WEB_GENERAL', '2024-07-16 09:56:12', '2024-07-16 09:56:11', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (18080, 'cms:pro_construction_contract_detail_inventory_submit_audit', 'cms:pro_contract_detail_7707', 0, 'NT_CMS_WEB_GENERAL', '2024-07-16 09:56:12', '2024-07-16 09:56:11', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24219, 'h5:cmp_user_manage_worker_jump_to_team_btn', 'cmp:pro_team_list_0443', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24220, 'h5:cmp_user_manage_worker_page', 'cmp:pro_team_list_0443', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24221, 'h5:cmp_user_manage_worker_labor_audit_btn', 'cmp:pro_worker_invite_recorder_0445', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24222, 'h5:cmp_user_manage_worker_page', 'cmp:pro_worker_invite_recorder_0445', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24223, 'h5:cmp_user_manage_labor_audit_page', 'cmp:pro_worker_invite_recorder_0445', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24224, 'h5:cmp_user_manage_labor_audit_detail_btn', 'cmp:pro_worker_invite_recorder_0445', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+INSERT INTO saas_page_element_feature_resource_relation (id, page_element_code, feature_resource_uni_code, type, terminal, create_at, update_at, create_by, update_by, is_delete)
+VALUES (24225, 'h5:cmp_user_manage_worker_on_site_audit_btn', 'cmp:pro_team_leader_invite_recorder_0446', 0, 'NT_CMP_APP_GENERAL', '2024-08-28 10:53:36', '2024-08-28 10:53:36', 25923, null, 0);
+
+
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (718447, 'cms:pro_construction_contract_management', 'cms:pro_construction_contract_management', '合约管理', 'PAGE', '/netConstruction/construction/contract-manage', 'NT_CMS_WEB_GENERAL', '2024-10-29 15:07:38', '2024-12-03 14:55:23', 0, '杜才伟-18682489918', 'PC', 0, 'CMS_COMMON', '', '', '单位组织', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, 9000404098);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (718451, 'cms:pro_construction_contract_detail', 'cms:pro_construction_contract_detail', '合约详情', 'PAGE', '/netConstruction/construction/contract-manage/contract-detail', 'NT_CMS_WEB_GENERAL', '2024-10-29 15:07:38', '2024-12-03 14:55:23', 0, '杜才伟-18682489918', 'PC', 0, 'CMS_COMMON', '', '', '单位组织', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, 9000404098);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (718455, 'cms:pro_construction_contract_detail', 'cms:pro_construction_contract_detail_inventory_submit_audit', '合约详情-提交审批', 'COMPONENT', '', 'NT_CMS_WEB_GENERAL', '2024-10-29 15:07:38', '2024-12-03 14:55:25', 0, '杜才伟-18682489918', 'PC', 0, 'CMS_COMMON', '', '', '单位组织', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, 9000404098);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369205, 'h5:cmp_user_manage_worker_page', 'h5:cmp_user_manage_worker_jump_to_team_btn', '人员管理-施工人员-跳转班组', 'COMPONENT', '', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:41', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369197, 'h5:cmp_user_manage_worker_page', 'h5:cmp_user_manage_worker_page', '人员管理-施工人员', 'PAGE', '__UNI__D9B0186#/pages/worker/index', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:40', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369202, 'h5:cmp_user_manage_worker_page', 'h5:cmp_user_manage_worker_labor_audit_btn', '人员管理-施工人员-劳务审核', 'COMPONENT', '', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:41', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369218, 'h5:cmp_user_manage_labor_audit_page', 'h5:cmp_user_manage_labor_audit_page', '人员管理-劳务审核', 'PAGE', '__UNI__D9B0186#/pages/labour/verify/index', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:42', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369219, 'h5:cmp_user_manage_labor_audit_page', 'h5:cmp_user_manage_labor_audit_detail_btn', '人员管理-劳务审核-详情', 'COMPONENT', '', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:42', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369203, 'h5:cmp_user_manage_worker_page', 'h5:cmp_user_manage_worker_on_site_audit_btn', '人员管理-施工人员-进场审核', 'COMPONENT', '', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:41', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);
+INSERT INTO saas_page_element (id, group_code, code, name, type, link_url, terminal, create_at, update_at, is_delete, create_name, app_type, version, item_code, link_ext, app_id, item_name, ext, create_by, update_by)
+VALUES (369216, 'h5:cmp_user_manage_on_site_audit_page', 'h5:cmp_user_manage_on_site_audit_page', '人员管理-进场审核', 'PAGE', '__UNI__D9B0186#/pages/labour/enterAudit/index', 'NT_CMP_APP_GENERAL', '2024-08-29 09:18:42', '2024-11-28 16:09:41', 0, '', 'H5', 0, 'h5:user_manage_D9B0186', '', '__UNI__D9B0186', '人员管理H5', '{"applications": [{"type": "IOS", "minVersion": 0}, {"type": "ANDROID", "minVersion": 0}]}', null, null);


 #-->SaasRoleUserRelationServiceImplTest.sql
--- a/tyr-server/src/test/resources/mysql/schema.sql
+++ b/tyr-server/src/test/resources/mysql/schema.sql
@ -205,6 +205,7 @@ CREATE TABLE `saas_page_element_feature_resource_relation` (
                                                               `id` bigint NOT NULL AUTO_INCREMENT COMMENT '自增主键ID',
                                                               `page_element_code` varchar(64)  NOT NULL COMMENT '页面元素code',
                                                               `feature_resource_uni_code` varchar(64) NOT NULL COMMENT '菜单组件code',
+                                                               `type` tinyint default 0 not null comment '绑定类型：0（默认类型） 1(页面默认路由)',
                                                               `terminal` varchar(32) NOT NULL DEFAULT '' COMMENT '资源所属端',
                                                               `create_at` datetime DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
                                                               `update_at` datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',