Merge remote-tracking branch 'origin/feature/REQ-1502' into feature/REQ-1502

# Conflicts:
#	tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java

integration-test/src/test/resources/role-user.http

@@ -4,7 +4,7 @@ Accept: application/json
 Content-Type: application/json
 
 {
-
+  "identityIds": [809,631]
 }
 
 > reponse-check.js

tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java

@@ -8,6 +8,7 @@ import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
 import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
 import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
 import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
+import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
 import cn.axzo.tyr.client.model.res.RoleWithUserRes;
 import cn.axzo.tyr.client.model.vo.SaasRoleVO;
 import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
@@ -82,7 +83,7 @@ public interface TyrSaasRoleApi {
      * @return
      */
     @PostMapping("/api/saasRole/findRoleByName")
-    ApiResult<List<SaasRoleVO>> findRoleByName(@RequestBody @Valid QueryRoleByNameReq req);
+    ApiResult<List<QueryRoleByNameResp>> findRoleByName(@RequestBody @Valid QueryRoleByNameReq req);
 
 
     /** 分页查询角色含用户 **/

tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java

@@ -11,7 +11,7 @@ import org.springframework.web.bind.annotation.RequestBody;
 
 import cn.axzo.framework.domain.web.result.ApiResult;
 import cn.axzo.tyr.client.model.roleuser.dto.CreateAdminRoleDTO;
-import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
+import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
 import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
 import cn.axzo.tyr.client.model.roleuser.req.*;
 
@@ -33,7 +33,7 @@ public interface TyrSaasRoleUserApi {
      * @return
      */
     @PostMapping("/api/saas-role-user/list")
-    ApiResult<List<SaasRoleUserRelationDTO>> roleUserList(@RequestBody @Valid RoleUserParam param);
+    ApiResult<List<SaasRoleUserDTO>> roleUserList(@RequestBody @Valid RoleUserParam param);
 
     /**
      * 移除某个人在某个工作台的所有角色(除超管)

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/FeaturePermissionReq.java

@@ -1,5 +1,6 @@
 package cn.axzo.tyr.client.model.req;
 
+import cn.axzo.tyr.client.common.enums.WorkspaceJoinType;
 import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.Setter;
@@ -25,6 +26,19 @@ public class FeaturePermissionReq {
     @NotNull
     @Min(value = 1)
     Long workspaceId;
+
+    /**
+     * 工作台类型
+     */
+    @NotNull
+    private Integer workspaceType;
+
+    /**
+     * 使用{@link WorkspaceJoinType}
+     */
+    @NotNull
+    private Integer workspaceJoinType;
+
     /**
      * 单位id
      */

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/FeatureTreeReq.java

@@ -21,6 +21,16 @@ public class FeatureTreeReq {
      */
     private Long workspaceId;
 
+    /**
+     * 工作台类型
+     */
+    private Integer workspaceType;
+
+    /**
+     * 单位类型
+     */
+    private Integer ouTypeCode;
+
     /**
      * 单位Id
      */

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QueryRoleByNameReq.java

@@ -18,4 +18,9 @@ public class QueryRoleByNameReq extends BaseWorkspaceAndOuModel {
     @NotEmpty(message = "角色名字不能为空")
     private List<String> roleNames;
 
+    /**
+     * 单位类型字典code
+     */
+    private List<String> ouTypeCode;
+
 }

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/RoleWithUserQueryReq.java

@@ -3,6 +3,8 @@ package cn.axzo.tyr.client.model.req;
 import cn.axzo.basics.common.page.PageRequest;
 import lombok.Data;
 
+import java.util.List;
+
 /**
  * 角色-含用户查询参数
  *
@@ -21,4 +23,7 @@ public class RoleWithUserQueryReq extends PageRequest {
 
     /** 工作台ID **/
     private Long workspaceId;
+
+    /** 企业工作台参建类型 **/
+    private Integer workspaceJoinType;
 }

tyr-api/src/main/java/cn/axzo/tyr/client/model/res/QueryRoleByNameResp.java

@@ -0,0 +1,26 @@
+package cn.axzo.tyr.client.model.res;
+
+import lombok.Data;
+
+/**
+ * @author honghao.zhang
+ * @since 2023/10/19 11:38
+ */
+@Data
+public class QueryRoleByNameResp {
+
+    /**
+     * 角色名字
+     */
+    private String roleName;
+
+    /**
+     * 角色Id
+     */
+    private Long roleId;
+
+    /**
+     * 角色类型：common 普通角色 super_admin超级管理员(禁止删除) admin子管理员(禁止删除) init初始化内置角色
+     */
+    private String roleType;
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SaasRoleUserDTO.java

@@ -1,5 +1,6 @@
 package cn.axzo.tyr.client.model.roleuser.dto;
 
+import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
@@ -13,7 +14,7 @@ import lombok.NoArgsConstructor;
 @Builder
 @AllArgsConstructor
 @NoArgsConstructor
-public class SaasRoleUserRelationDTO {
+public class SaasRoleUserDTO {
     /**
      * 主键ID
      */
@@ -39,6 +40,21 @@ public class SaasRoleUserRelationDTO {
      */
     private Long naturalPersonId;
 
+    /**
+     * 角色名称
+     */
+    private String roleName;
+
+    /**
+     * 角色类型：common 普通角色 super_admin超级管理员(禁止删除) admin子管理员(禁止删除) init初始化内置角色
+     */
+    private RoleTypeEnum roleType;
+
+    /**
+     * 角色描述
+     */
+    private String description;
+
     /**
      * 创建者
      */

tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java

@@ -6,8 +6,6 @@ import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 
-import javax.validation.constraints.NotEmpty;
-import javax.validation.constraints.NotNull;
 import java.util.Set;
 
 /**
@@ -29,7 +27,6 @@ public class RoleUserParam {
      */
     private Long ouId;
 
-
     /**
      * personId
      */
@@ -50,4 +47,9 @@ public class RoleUserParam {
      * role ids
      */
     private Set<Long> roleIds;
+
+    /**
+     * identityIds
+     */
+    private Set<Long> identityIds;
 }

tyr-server/src/main/java/cn/axzo/tyr/server/TyrApplication.java

@@ -1,5 +1,6 @@
 package cn.axzo.tyr.server;
 
+import cn.axzo.tyr.server.job.CMSRoleJobHandler;
 import cn.hutool.extra.spring.SpringUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.mybatis.spring.annotation.MapperScan;
@@ -48,7 +49,7 @@ public class TyrApplication {
 	}
 
 //	public static void test() throws Exception {
-//		OMSRoleJobHandler executor = SpringUtil.getBean(OMSRoleJobHandler.class);
+//		CMSRoleJobHandler executor = SpringUtil.getBean(CMSRoleJobHandler.class);
 //		executor.execute(null);
 //	}
 }

tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java

@@ -10,6 +10,7 @@ import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
 import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
 import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
 import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
+import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
 import cn.axzo.tyr.client.model.res.RoleWithUserRes;
 import cn.axzo.tyr.client.model.vo.SaasRoleVO;
 import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
@@ -79,7 +80,7 @@ public class SaasRoleController implements TyrSaasRoleApi {
     }
 
     @Override
-    public ApiResult<List<SaasRoleVO>> findRoleByName(QueryRoleByNameReq req) {
+    public ApiResult<List<QueryRoleByNameResp>> findRoleByName(QueryRoleByNameReq req) {
         return ApiResult.ok(roleService.findRoleByName(req));
     }
 

tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java

@@ -35,7 +35,7 @@ public class RoleUserController implements TyrSaasRoleUserApi {
     }
 
     @Override
-    public ApiResult<List<SaasRoleUserRelationDTO>> roleUserList(@RequestBody @Valid RoleUserParam param) {
+    public ApiResult<List<SaasRoleUserDTO>> roleUserList(@RequestBody @Valid RoleUserParam param) {
         return ApiResult.ok(saasRoleUserRelationService.list(param));
     }
 

tyr-server/src/main/java/cn/axzo/tyr/server/job/CMSRoleJobHandler.java

@@ -30,7 +30,7 @@ import java.util.stream.Collectors;
  * 生产 项目 5 企业 23
  * pre 5 35
  * test 5 239
- * dev 5 40
+ * dev 5 43
  * @author cn
  * @version 1.0
  * @description
@@ -72,6 +72,10 @@ public class CMSRoleJobHandler extends IJobHandler {
 	@Autowired
 	SaasPreGroupRoleRelationDao saasPreGroupRoleRelationDao;
 
+	private Set<Long> deleteSaasPermissionGroupId;
+	private Set<Long> deletePgroupPermissionRelationId;
+	private Set<Long> deleteRoleId;
+
 	/**
 	 * 清洗CMS角色相关数据(注：先通过SQL检查和清除脏数据，要不然无法保证各个实体的关联关系)
 	 *
@@ -83,9 +87,14 @@ public class CMSRoleJobHandler extends IJobHandler {
 	@Override
 	@XxlJob("CMSRoleJobHandler")
 	public ReturnT<String> execute(String s) throws Exception {
+		// 每次执行都初始化待删除列表
+		deleteSaasPermissionGroupId = new HashSet<>();
+		deletePgroupPermissionRelationId = new HashSet<>();
+		deleteRoleId = new HashSet<>();
 		log.info("CMSRoleJobHandler start");
 		buildProjectRole(saasPreTempalteIdOfProject, "2");
 		buildOuRole(saasPreTempalteIdOfOu, "1");
+		delete(deleteSaasPermissionGroupId,deletePgroupPermissionRelationId,deleteRoleId);
 		log.info("CMSRoleJobHandler end");
 		return ReturnT.SUCCESS;
 	}
@@ -114,7 +123,7 @@ public class CMSRoleJobHandler extends IJobHandler {
 		// 根据模板id查询角色列表
 		List<SaasPreRole> role = saasPreRoleDao.lambdaQuery()
 			.in(SaasPreRole::getTemplateId, templateId)
-			.eq(SaasPreRole::getFitOuTypeBit, Arrays.asList(64))
+			.eq(SaasPreRole::getFitOuTypeBit, 64)
 			.eq(BaseEntity::getIsDelete,0)
 			.list();
 		saveRole(role,workspaceTypCode,"7","企业通用");
@@ -141,23 +150,32 @@ public class CMSRoleJobHandler extends IJobHandler {
 			// 根据角色id查询角色权限集关联关系
 			List<SaasPreGroupRoleRelation> pgroupRoleRelation = saasPreGroupRoleRelationDao.lambdaQuery()
 				.eq(SaasPreGroupRoleRelation::getPreRoleId, preRole.getId())
-				.eq(BaseEntity::getIsDelete, 0)
 				.list();
 			if (CollectionUtils.isEmpty(pgroupRoleRelation)) {
+				log.info("未查询到preRole 对应的权限集关联关系 preRole:{}",JSONUtil.toJsonStr(preRole));
 				return;
 			}
 			List<SaasPermissionGroup> oldPermissionGroup = saasPermissionGroupDao.lambdaQuery()
 				.in(BaseEntity::getId, pgroupRoleRelation.stream().map(SaasPreGroupRoleRelation::getGroupId).collect(Collectors.toList()))
-				.eq(BaseEntity::getIsDelete, 0)
 				.list();
+			if (CollectionUtils.isEmpty(oldPermissionGroup)) {
+				log.info("未查询到preRole 对应的权限集 preRole:{}",JSONUtil.toJsonStr(preRole));
+				return;
+			}
 			List<SaasPgroupPermissionRelation> oldPgroupPermissionRelation = pgroupPermissionRelationDao.lambdaQuery()
 				.in(SaasPgroupPermissionRelation::getGroupId, oldPermissionGroup.stream().map(BaseEntity::getId).collect(Collectors.toList()))
-				.eq(BaseEntity::getIsDelete, 0)
 				.list();
+			if (CollectionUtils.isEmpty(oldPgroupPermissionRelation)) {
+				log.info("未查询到权限集对应的权限点 oldPermissionGroup:{}",JSONUtil.toJsonStr(oldPermissionGroup));
+				return;
+			}
 			List<SaasFeature> feature = featureDao.lambdaQuery()
 				.in(BaseEntity::getId, oldPgroupPermissionRelation.stream().map(SaasPgroupPermissionRelation::getFeatureId).collect(Collectors.toList()))
-				.eq(BaseEntity::getIsDelete, 0)
 				.list();
+			if (CollectionUtils.isEmpty(feature)) {
+				log.info("未查询到权限点 oldPgroupPermissionRelation:{}",JSONUtil.toJsonStr(oldPgroupPermissionRelation));
+				return;
+			}
 
 			// 创建新的权限集
 			SaasPermissionGroup saasPermissionGroup = new SaasPermissionGroup();
@@ -169,14 +187,15 @@ public class CMSRoleJobHandler extends IJobHandler {
 			saasPermissionGroup.setIsCommon(1);
 			saasPermissionGroupDao.save(saasPermissionGroup);
 			// 创建新的权限集权限关联关系
-			feature.forEach(e -> {
+			List<SaasPgroupPermissionRelation> saasPgroupPermissionRelationList =  feature.stream().map(e -> {
 				SaasPgroupPermissionRelation saasPgroupPermissionRelation = new SaasPgroupPermissionRelation();
 				saasPgroupPermissionRelation.setGroupId(saasPermissionGroup.getId());
 				saasPgroupPermissionRelation.setFeatureId(e.getId());
 				saasPgroupPermissionRelation.setCreateBy(-1L);
 				saasPgroupPermissionRelation.setUpdateBy(-1L);
-				pgroupPermissionRelationDao.save(saasPgroupPermissionRelation);
+				return saasPgroupPermissionRelation;
-			});
+			}).collect(Collectors.toList());
+			pgroupPermissionRelationDao.saveBatch(saasPgroupPermissionRelationList);
 
 			// 创建角色:根据预设角色创建新的角色
 			SaasRole newRole = new SaasRole();
@@ -208,7 +227,7 @@ public class CMSRoleJobHandler extends IJobHandler {
 //			SELECT * FROM `saas_pgroup_role_relation` WHERE  `role_id` in (
 //				SELECT id FROM saas_role WHERE is_delete=0 and workspace_id != -1 and from_pre_role_id = 0 and role_type!='super_admin' and `NAME` not like '%代班长%' and `NAME` not like '%带班长%')
 			List<SaasRole> list = roleDao.lambdaQuery()
-				.eq(SaasRole::getFromPreRoleId, preRole)
+				.eq(SaasRole::getFromPreRoleId, preRole.getId())
 				.list();
 			if (CollectionUtils.isEmpty(list)) {
 				log.info("未找到preRole下发的role preRole:{}", JSONUtil.toJsonStr(preRole));
@@ -221,33 +240,42 @@ public class CMSRoleJobHandler extends IJobHandler {
 				.set(SaasRoleUserRelation::getRoleId,newRole.getId())
 				.update();
 
-			// 清除老的权限集
+			// 补充待删除数据
-			oldPermissionGroup.forEach(e ->{
+			deleteRoleId.addAll(list.stream().map(BaseEntity::getId).collect(Collectors.toSet()));
-				saasPermissionGroupDao.lambdaUpdate()
+			deleteSaasPermissionGroupId.addAll(oldPermissionGroup.stream().map(BaseEntity::getId).collect(Collectors.toSet()));
-					.eq(BaseEntity::getId, e.getId())
+			deletePgroupPermissionRelationId.addAll(oldPgroupPermissionRelation.stream().map(BaseEntity::getId).collect(Collectors.toSet()));
-					.set(BaseEntity::getIsDelete, e.getId())
-					.update();
-			});
-			// 清除老的权限集权限关联关系
-			oldPgroupPermissionRelation.forEach(e ->{
-				pgroupPermissionRelationDao.lambdaUpdate()
-					.eq(BaseEntity::getId, e.getId())
-					.set(BaseEntity::getIsDelete, e.getId())
-					.update();
-			});
-			// 清除老的角色
-			roleDao.lambdaUpdate()
-				.in(BaseEntity::getId,oldRoleId)
-				.set(BaseEntity::getIsDelete,1)
-				.update();
-			// 清除老的角色和权限集关联关系
-			roleGroupRelationDao.lambdaUpdate()
-				.in(SaasRoleGroupRelation::getRoleId,oldRoleId)
-				.set(BaseEntity::getIsDelete,1)
-				.update();
 		});
 	}
 
+	/**
+	 * 删除历史数据
+	 * @param deleteSaasPermissionGroupId
+	 * @param deletePgroupPermissionRelationId
+	 * @param deleteRoleId
+	 */
+	private void delete(Set<Long> deleteSaasPermissionGroupId, Set<Long> deletePgroupPermissionRelationId, Set<Long> deleteRoleId) {
+		// 清除老的权限集
+		saasPermissionGroupDao.lambdaUpdate()
+			.in(BaseEntity::getId,deleteSaasPermissionGroupId)
+			.set(BaseEntity::getIsDelete,1)
+			.update();
+		// 清除老的权限集权限关联关系
+		pgroupPermissionRelationDao.lambdaUpdate()
+			.in(BaseEntity::getId,deletePgroupPermissionRelationId)
+			.set(BaseEntity::getIsDelete,1)
+			.update();
+		// 清除老的角色
+		roleDao.lambdaUpdate()
+			.in(BaseEntity::getId,deleteRoleId)
+			.set(BaseEntity::getIsDelete,1)
+			.update();
+		// 清除老的角色和权限集关联关系
+		pgroupRoleRelationDao.lambdaUpdate()
+			.in(SaasPgroupRoleRelation::getRoleId,deleteRoleId)
+			.set(BaseEntity::getIsDelete,1)
+			.update();
+	}
+
 	private Integer tranceOuTypeBit(Long ouTypeBit) {
 		Integer ouType;
 		if (ouTypeBit == 1) {

tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java

@@ -4,10 +4,13 @@ import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.enums.IdentityType;
+import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
 import cn.axzo.tyr.server.repository.mapper.SaasRoleMapper;
 import cn.hutool.core.collection.CollUtil;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.stereotype.Repository;
@@ -81,14 +84,19 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
 				.list();
 	}
 
-	public List<SaasRole> findRoleByName(Long ouId, Long workspaceId,
+	public List<SaasRole> findRoleByName(Long ouId, Long workspaceId,List<Long> roleIds,
 										 List<String> roleNames) {
-		return this.lambdaQuery()
+		return this.lambdaQuery().select(SaasRole::getId, SaasRole::getName, SaasRole::getRoleType)
 				.eq(workspaceId != null && workspaceId != 0, SaasRole::getWorkspaceId, workspaceId)
 				.eq(ouId != null && ouId != 0, SaasRole::getOwnerOuId, ouId)
+				.in(CollectionUtils.isNotEmpty(roleIds), SaasRole::getId, roleIds)
 				.in(CollectionUtils.isNotEmpty(roleNames), SaasRole::getName, roleNames)
-				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
+				.list();
 	}
 
+	public Page<SaasRole> pageQueryForOUWorkspace(RoleWithUserQueryReq req) {
+		IPage<SaasRole> page = new Page<>(req.getPage(), req.getPageSize());
+		return this.baseMapper.pageQueryForOUWorkspace(page, req.getOuId(), req.getWorkspaceId(), req.getWorkspaceJoinType());
+	}
 }
 

tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleMapper.java

@@ -4,6 +4,8 @@ import cn.axzo.tyr.client.model.enums.IdentityType;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.apache.ibatis.annotations.Mapper;
 
 import java.util.List;
@@ -17,5 +19,7 @@ public interface SaasRoleMapper extends BaseMapper<SaasRole> {
     List<SaasRoleWithUser> listSuperAdminByWorkspace(List<Long> workspaceIds);
 
     List<SaasRoleWithUser> listRoleUserByPermissionGroup(List<Long> permissionGroupIds, Set<Long> workspaceIds);
+
+    Page<SaasRole> pageQueryForOUWorkspace(IPage<SaasRole> page, Long ouId, Long workspaceId, Integer workspaceJoinType);
 }
 

tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java

@@ -2,12 +2,10 @@ package cn.axzo.tyr.server.service;
 
 import cn.axzo.framework.domain.page.PageResp;
 import cn.axzo.tyr.client.model.enums.IdentityType;
-import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
+import cn.axzo.tyr.client.model.req.*;
-import cn.axzo.tyr.client.model.req.QueryRoleByNameReq;
-import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
-import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
 import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
 import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
+import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
 import cn.axzo.tyr.client.model.res.RoleWithUserRes;
 import cn.axzo.tyr.client.model.vo.SaasRoleVO;
 import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
@@ -59,7 +57,7 @@ public interface RoleService {
      * @param req
      * @return
      */
-    List<SaasRoleVO> findRoleByName(QueryRoleByNameReq req);
+    List<QueryRoleByNameResp> findRoleByName(QueryRoleByNameReq req);
 
     /** 分页查询角色含用户 **/
     PageResp<RoleWithUserRes> queryRoleWithUser(RoleWithUserQueryReq req);
@@ -71,4 +69,5 @@ public interface RoleService {
      * @return
      */
     List<SaasRoleVO> queryRoleByRoleTypes(QueryByIdentityIdTypeReq req, List<String> roleTypes);
+
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java

@@ -1,12 +1,8 @@
 package cn.axzo.tyr.server.service;
 
-import cn.axzo.tyr.client.model.enums.IdentityType;
+import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
-import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
-import cn.axzo.tyr.client.model.roleuser.req.DeleteRoleUserParam;
 import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
-import org.springframework.web.bind.annotation.RequestBody;
 
-import javax.validation.Valid;
 import java.util.List;
 
 /**
@@ -14,5 +10,5 @@ import java.util.List;
  * @date 2023/9/14
  */
 public interface SaasRoleUserRelationService {
-    List<SaasRoleUserRelationDTO> list(RoleUserParam param);
+    List<SaasRoleUserDTO> list(RoleUserParam param);
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java

@@ -9,13 +9,9 @@ import cn.axzo.tyr.client.model.enums.IdentityType;
 import cn.axzo.tyr.client.model.enums.PermissionGroupType;
 import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
 import cn.axzo.tyr.client.model.req.*;
-import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
-import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq;
-import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
-import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
-import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
 import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
 import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
+import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
 import cn.axzo.tyr.client.model.res.RoleWithUserRes;
 import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO;
 import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
@@ -86,7 +82,7 @@ public class RoleServiceImpl implements RoleService {
 		if (CollectionUtils.isEmpty(roleIds)) {
 			return new ArrayList<>();
 		}
-		return getByIds(roleIds, null, null,null, null);
+		return getByIds(roleIds, null, null,null, false);
 	}
 
 	/**
@@ -96,7 +92,7 @@ public class RoleServiceImpl implements RoleService {
 	 */
 	public List<SaasRoleVO> getByIds(List<Long> roleIds, Integer isCommon, List<Long> workspaceId, List<Long> ouId, Boolean includePermissionGroup) {
 		if (includePermissionGroup == null) {
-			includePermissionGroup = true;
+			includePermissionGroup = false;
 		}
 		if (CollectionUtils.isEmpty(roleIds)) {
 			return new ArrayList<>();
@@ -198,6 +194,7 @@ public class RoleServiceImpl implements RoleService {
 	@Override
 	public List<QueryBatchByIdentityIdTypeRes> queryBatchByIdentityIdType(List<QueryByIdentityIdTypeReq> req) {
 		List<QueryBatchByIdentityIdTypeRes> result = new ArrayList<>();
+
 		req.forEach(e -> {
 			result.add(QueryBatchByIdentityIdTypeRes.builder()
 				.identityId(e.getIdentityId())
@@ -447,13 +444,9 @@ public class RoleServiceImpl implements RoleService {
 
 	@Override
 	public PageResp<RoleWithUserRes> queryRoleWithUser(RoleWithUserQueryReq req) {
-		//按role进行分页查询
+		page2Default(req);
-		Page<SaasRole> rolePage = saasRoleDao
+		//按role进行分页查询 -
-				.page(new Page<>(req.getPage(), req.getPageSize()),
+		Page<SaasRole> rolePage = saasRoleDao.pageQueryForOUWorkspace(req);
-						new LambdaQueryWrapper<SaasRole>()
-								.eq(SaasRole::getOwnerOuId, req.getOuId())
-								.eq(SaasRole::getWorkspaceId, req.getWorkspaceId())
-								.ne(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue()));
 		if (CollectionUtil.isEmpty(rolePage.getRecords())) {
 			return PageResp.list(req.getPage(), req.getPageSize(), 0L, Collections.emptyList());
 		}
@@ -488,6 +481,15 @@ public class RoleServiceImpl implements RoleService {
 		return PageResp.list(req.getPage(), req.getPageSize(), rolePage.getTotal(), resultData);
 	}
 
+	private void page2Default(RoleWithUserQueryReq req) {
+		if (req.getPage() == null) {
+			req.setPage(1L);
+		}
+		if (req.getPageSize() == null) {
+			req.setPageSize(10L);
+		}
+	}
+
 	@Override
 	public List<SaasRoleVO>  queryRoleByRoleTypes(QueryByIdentityIdTypeReq req, List<String> roleTypes) {
 		List<Long> roleIds = roleUserRelationDao.query(req.getIdentityId(), req.getIdentityType(),
@@ -503,8 +505,30 @@ public class RoleServiceImpl implements RoleService {
 	}
 
 	@Override
-	public List<SaasRoleVO> findRoleByName(QueryRoleByNameReq req) {
+	public List<QueryRoleByNameResp> findRoleByName(QueryRoleByNameReq req) {
-		List<SaasRole> roleList = saasRoleDao.findRoleByName(req.getOuId(), req.getWorkspaceId(), req.getRoleNames());
+		List<Long> relationRoleIds = Lists.newArrayList();
-		return BeanUtil.copyToList(roleList, SaasRoleVO.class);
+		if (CollectionUtils.isNotEmpty(req.getOuTypeCode())) {
+			List<SaasRoleGroup> roleGroup = saasRoleGroupDao.query(QuerySaasRoleGroupReq.builder()
+					.ouTypeCode(req.getOuTypeCode())
+					.build());
+			if (CollectionUtils.isEmpty(roleGroup)) {
+				return new ArrayList<>();
+			}
+			List<SaasRoleGroupRelation> groupRelation = roleGroupRelationDao.lambdaQuery()
+					.in(SaasRoleGroupRelation::getSaasRoleGroupId, roleGroup.stream().map(BaseEntity::getId).collect(Collectors.toList()))
+					.list();
+			if (CollectionUtils.isEmpty(groupRelation)) {
+				return new ArrayList<>();
+			}
+			relationRoleIds = groupRelation.stream().map(SaasRoleGroupRelation::getRoleId).collect(Collectors.toList());
+		}
+		List<SaasRole> roleList = saasRoleDao.findRoleByName(req.getOuId(), req.getWorkspaceId(), relationRoleIds, req.getRoleNames());
+		return roleList.stream().map(item -> {
+			QueryRoleByNameResp resp = new QueryRoleByNameResp();
+			resp.setRoleName(item.getName());
+			resp.setRoleId(item.getId());
+			resp.setRoleType(item.getRoleType());
+			return resp;
+		}).collect(Collectors.toList());
 	}
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureServiceImpl.java

@@ -1,36 +1,22 @@
 package cn.axzo.tyr.server.service.impl;
 
-import cn.axzo.framework.domain.ServiceException;
+import cn.axzo.tyr.client.model.enums.IdentityType;
-import cn.axzo.thrones.client.saas.ServicePkgClient;
-import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
-import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.req.FeaturePermissionReq;
-import cn.axzo.tyr.client.model.req.FeatureTreeReq;
+import cn.axzo.tyr.client.model.req.IdentityAuthReq;
-import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
 import cn.axzo.tyr.client.model.res.FeaturePermissionRes;
-import cn.axzo.tyr.client.model.res.FeatureTreeResp;
+import cn.axzo.tyr.client.model.res.IdentityAuthRes;
-import cn.axzo.tyr.client.model.vo.SaasRoleVO;
-import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
-import cn.axzo.tyr.server.repository.entity.SaasFeature;
-import cn.axzo.tyr.server.service.RoleService;
 import cn.axzo.tyr.server.service.SaasFeatureService;
-import cn.axzo.tyr.server.util.IdPathUtil;
+import cn.axzo.tyr.server.service.TyrSaasAuthService;
-import cn.azxo.framework.common.logger.MethodAroundLog;
+import cn.hutool.core.collection.CollUtil;
-import cn.azxo.framework.common.model.CommonResponse;
-import cn.hutool.core.bean.BeanUtil;
-import cn.hutool.core.collection.CollectionUtil;
 import com.google.common.collect.Lists;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
-import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
 
-import java.util.*;
+import java.util.List;
-import java.util.function.Function;
 import java.util.stream.Collectors;
 
-import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;
-
 /**
  * @author honghao.zhang
  * @since 2023/10/18 18:26
@@ -40,163 +26,33 @@ import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;
 @RequiredArgsConstructor
 public class SaasFeatureServiceImpl implements SaasFeatureService {
 
-    private final RoleService roleService;
+    private final TyrSaasAuthService tyrSaasAuthService;
-    private final ServicePkgClient servicePkgClient;
-    private final SaasFeatureDao saasFeatureDao;
 
     @Override
     public FeaturePermissionRes listPermissionCodes(FeaturePermissionReq req) {
         FeaturePermissionRes featurePermissionRes = new FeaturePermissionRes();
-        QueryByIdentityIdTypeReq idTypeReq = QueryByIdentityIdTypeReq.builder()
+        IdentityAuthReq authReq = new IdentityAuthReq();
-                .identityId(req.getIdentityId()).identityType(req.getIdentityType())
+        if (StringUtils.hasText(req.getTerminal())) {
-                .ouId(req.getOuId()).workspaceId(req.getWorkspaceId())
+            authReq.setTerminal(Lists.newArrayList());
-                .build();
+        }
-        List<SaasRoleVO> saasRoleVOS = roleService.queryRoleByRoleTypes(idTypeReq, Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue(),
+        authReq.setIdentityId(req.getIdentityId());
-                RoleTypeEnum.ADMIN.getValue()));
+        authReq.setIdentityType(IdentityType.getIdentityType(req.getIdentityType()));
-        featurePermissionRes.setSuperAdmin(saasRoleVOS.stream().anyMatch(e -> RoleTypeEnum.SUPER_ADMIN.getValue().equals(e.getRoleType())));
+        IdentityAuthReq.WorkspaceOuPair workspaceOuPair = new IdentityAuthReq.WorkspaceOuPair();
-        FeatureTreeReq featureTreeReq = new FeatureTreeReq();
+        workspaceOuPair.setWorkspaceId(req.getWorkspaceId());
-        featureTreeReq.setIdentityId(req.getIdentityId());
+        workspaceOuPair.setOuId(req.getOuId());
-        featureTreeReq.setIdentityType(req.getIdentityType());
+        workspaceOuPair.setWorkspaceType(req.getWorkspaceType());
-        featureTreeReq.setWorkspaceId(req.getWorkspaceId());
+        workspaceOuPair.setWorkspaceJoinType(req.getWorkspaceJoinType());
-        featureTreeReq.setOuId(req.getOuId());
+        authReq.setWorkspaceOusPairs(Lists.newArrayList(workspaceOuPair));
-        featureTreeReq.setTerminal(req.getTerminal());
 
-        List<FeatureTreeResp> saasFeatureTreeResp = filterFeatureTree(featureTreeReq, !saasRoleVOS.isEmpty());
+        IdentityAuthRes identityAuthRes = tyrSaasAuthService.findIdentityAuth(authReq);
-        Map<Integer, List<FeatureTreeResp>> treeMap = groupByMenuType(
+        List<IdentityAuthRes.WorkspacePermission> workspacePermissionList = identityAuthRes.getPermissions();
-                saasFeatureTreeResp, 20);
+        if (CollUtil.isNotEmpty(workspacePermissionList)) {
-        featurePermissionRes.setPermissionCodes(treeMap.getOrDefault(3, Collections.emptyList()).stream().map(FeatureTreeResp::getCode)
+            IdentityAuthRes.WorkspacePermission workspacePermission = workspacePermissionList.get(0);
-                .collect(Collectors.toSet()));
+            featurePermissionRes.setSuperAdmin(workspacePermission.isSuperAdmin());
+            featurePermissionRes.setPermissionCodes(workspacePermission.getPermissionPoint()
+                    .stream().map(IdentityAuthRes.PermissionPoint::getFeatureCode).collect(Collectors.toSet()));
+        }
         return featurePermissionRes;
     }
 
-    @MethodAroundLog(value = "获取权限集树")
-    private List<FeatureTreeResp> filterFeatureTree(FeatureTreeReq req, boolean isAdmin) {
-        // 1. 根据这个用户的角色，找到对应的code，Admin/Common各自的拿法。
-        List<String> minFeatureCode = listFeatureCode(req, isAdmin);
-
-        log.info("产品对应的最小权限集:{}", minFeatureCode);
-        // 因为只能查出来最小功能FeatureCode,所以在递归查询出其上级.
-        List<SaasFeature> allFeature = saasFeatureDao.listFeatureByTerminal(req.getTerminal());
-        List<SaasFeature> featureTree = constructFeatureByMinFeatureCode(minFeatureCode, allFeature
-        );
-
-        // 2. 组织成一棵树
-        return formatToTreeAndSort(featureTree, req.getLimitFeatureTypeLevel());
-    }
-
-    private List<FeatureTreeResp> formatToTreeAndSort(List<SaasFeature> featureTree, Integer level) {
-        List<FeatureTreeResp> roots = new ArrayList<>();
-        Map<Long, FeatureTreeResp> map = new LinkedHashMap<>();
-
-        for (SaasFeature feature : featureTree) {
-            if (feature.getFeatureType() > level)
-                continue;
-            FeatureTreeResp resp = featureBOToResp(feature);
-            map.put(feature.getId(), resp);
-            if (feature.getFeatureType() == 0 || feature.getParentId() == 0) {
-                roots.add(resp);
-            }
-        }
-
-        for (FeatureTreeResp feature : map.values()) {
-            FeatureTreeResp parent = map.get(feature.getParentId());
-            if (null == parent) {
-                continue;
-            }
-            if (parent.getChildren() == null)
-                parent.setChildren(new ArrayList<>());
-            parent.getChildren().add(feature);
-        }
-        return roots;
-    }
-
-    private FeatureTreeResp featureBOToResp(SaasFeature feature) {
-        FeatureTreeResp resp = new FeatureTreeResp();
-        BeanUtil.copyProperties(feature, resp);
-        resp.setName(feature.getFeatureName());
-        resp.setCode(feature.getFeatureCode());
-        resp.setMenuType(feature.getFeatureType());
-        return resp;
-    }
-
-    private List<SaasFeature> constructFeatureByMinFeatureCode(List<String> minFeatureCode, List<SaasFeature> allFeature) {
-        List<SaasFeature> result = new ArrayList<>();
-        Map<Long, SaasFeature> featureMap = allFeature.stream()
-                .collect(Collectors.toMap(SaasFeature::getId, Function.identity()));
-        if (!CollectionUtils.isEmpty(minFeatureCode)) {
-            List<SaasFeature> minFeature = allFeature.stream()
-                    .filter(e -> org.apache.commons.lang3.StringUtils.isNotBlank(e.getFeatureCode())
-                            && minFeatureCode.contains(e.getFeatureCode())).collect(Collectors.toList());
-            result.addAll(minFeature);
-            Set<String> collect = minFeature.stream().map(SaasFeature::getPath)
-                    .collect(Collectors.toSet());
-            Set<Long> longs = IdPathUtil.featurePathsToIds(collect);
-            for (Long aLong : longs) {
-                SaasFeature saasFeatureBO = featureMap.get(aLong);
-                if (saasFeatureBO != null) {
-                    result.add(saasFeatureBO);
-                }
-            }
-        }
-        return getFeatureBOS(result);
-    }
-
-    private ArrayList<SaasFeature> getFeatureBOS(List<SaasFeature> result) {
-        return result.stream()
-                .collect(Collectors.collectingAndThen(
-                        Collectors.toCollection(
-                                () -> new TreeSet<>(Comparator.comparing(SaasFeature::getId))),
-                        ArrayList::new));
-    }
-
-    private List<String> listFeatureCode(FeatureTreeReq req, boolean isAdmin) {
-        List<Long> productIds = getProductIdsOfWorkspace(req.getWorkspaceId());
-        if (isAdmin) {
-            return listCodeByProductIdsAndTerminal(productIds, req.getTerminal());
-        }
-        return listCodeByProductIds(req, productIds);
-    }
-
-    private List<String> listCodeByProductIds(FeatureTreeReq req, List<Long> productIds) {
-        return saasFeatureDao.listCodeByProductIds(req, productIds);
-    }
-
-    private List<String> listCodeByProductIdsAndTerminal(List<Long> productIds, String terminal) {
-        return saasFeatureDao.listByProductIdsAndTerminal(productIds, terminal);
-    }
-
-    private Map<Integer, List<FeatureTreeResp>> groupByMenuType(List<FeatureTreeResp> saasFeatureTree, Integer maxDepth) {
-        HashMap<Integer, List<FeatureTreeResp>> result = new HashMap<>();
-        if (CollectionUtil.isEmpty(saasFeatureTree) || maxDepth <= 0) {
-            return result;
-        }
-        for (FeatureTreeResp featureTreeResp : saasFeatureTree) {
-
-            List<FeatureTreeResp> defaultLists = result.getOrDefault(featureTreeResp.getMenuType(), new ArrayList<>());
-            if (defaultLists.isEmpty()) {
-                result.put(featureTreeResp.getMenuType(), defaultLists);
-            }
-            defaultLists.add(featureTreeResp);
-            Map<Integer, List<FeatureTreeResp>> children = groupByMenuType(featureTreeResp.getChildren(), --maxDepth);
-            for (Integer childrenKey : children.keySet()) {
-                List<FeatureTreeResp> childList = result.getOrDefault(childrenKey, new ArrayList<>());
-                if (childList.isEmpty()) {
-                    result.put(childrenKey, childList);
-                }
-                childList.addAll(children.get(childrenKey));
-
-            }
-        }
-        return result;
-    }
-
-    public List<Long> getProductIdsOfWorkspace(Long workspaceId) {
-        CommonResponse<List<ServicePkgProduct>> servicePkgResponse = servicePkgClient.listProductInWorkSpace(workspaceId);
-        List<ServicePkgProduct> products = checkAndGetData(servicePkgResponse);
-        if (CollectionUtil.isEmpty(products)) {
-            log.warn("thrones:获取产品列表失败:workspaceId{}", workspaceId);
-            throw new ServiceException("当前工作台未找到任何的产品");
-        }
-        return products.stream().map(ServicePkgProduct::getProductId).collect(Collectors.toList());
-    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java

@@ -2,10 +2,11 @@ package cn.axzo.tyr.server.service.impl;
 
 import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
-import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
+import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
 import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
 import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
+import cn.axzo.tyr.server.repository.entity.SaasRole;
 import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
 import cn.hutool.core.bean.BeanUtil;
@@ -16,7 +17,9 @@ import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Objects;
+import java.util.function.Function;
 import java.util.stream.Collectors;
 
 /**
@@ -34,20 +37,32 @@ public class SaasRoleUserRelationServiceImpl implements SaasRoleUserRelationServ
     private SaasRoleDao saasRoleDao;
 
     @Override
-    public List<SaasRoleUserRelationDTO> list(RoleUserParam param) {
+    public List<SaasRoleUserDTO> list(RoleUserParam param) {
         List<SaasRoleUserRelation> saasRoleUserRelations = saasRoleUserRelationDao.lambdaQuery()
                 .eq(Objects.nonNull(param.getIdentityId()), SaasRoleUserRelation::getIdentityId, param.getIdentityId())
                 .eq(Objects.nonNull(param.getIdentityType()), SaasRoleUserRelation::getIdentityType, param.getIdentityType())
                 .eq(Objects.nonNull(param.getWorkspaceId()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId())
                 .eq(Objects.nonNull(param.getOuId()), SaasRoleUserRelation::getOuId, param.getOuId())
                 .in(CollectionUtil.isNotEmpty(param.getRoleIds()), SaasRoleUserRelation::getRoleId, param.getRoleIds())
+                .in(CollectionUtil.isNotEmpty(param.getIdentityIds()), SaasRoleUserRelation::getIdentityId, param.getIdentityIds())
                 .eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
                 .last("LIMIT 1000")
                 .list();
         if (CollectionUtil.isEmpty(saasRoleUserRelations)) {
             return Collections.emptyList();
         }
+        Map<Long, SaasRole> roleMap = saasRoleDao.lambdaQuery()
+                .in(SaasRole::getId, saasRoleUserRelations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toSet()))
+                .list().stream().collect(Collectors.toMap(SaasRole::getId, Function.identity()));
 
-        return saasRoleUserRelations.stream().map(e -> BeanUtil.copyProperties(e, SaasRoleUserRelationDTO.class)).collect(Collectors.toList());
+        return saasRoleUserRelations.stream().map(e -> {
+            SaasRoleUserDTO userRole = BeanUtil.copyProperties(e, SaasRoleUserDTO.class);
+            SaasRole role = roleMap.get(userRole.getRoleId());
+            if (Objects.nonNull(role)) {
+                userRole.setRoleName(role.getName());
+                userRole.setDescription(role.getDescription());
+            }
+            return userRole;
+        }).collect(Collectors.toList());
     }
 }

tyr-server/src/main/resources/mapper/SaasRoleMapper.xml

@@ -90,4 +90,20 @@
 
     </select>
 
+    <select id="pageQueryForOUWorkspace" resultType="cn.axzo.tyr.server.repository.entity.SaasRole">
+        SELECT
+        r.*
+        FROM
+        saas_role r
+        LEFT JOIN saas_role_group_relation rg ON r.id = rg.role_id
+        LEFT JOIN saas_role_group g ON rg.saas_role_group_id = g.id
+        WHERE
+        r.is_delete = 0
+        AND (
+        ( r.workspace_id = #{workspaceId} AND r.owner_ou_id = #{ouId} AND r.role_type = 'common' )
+        OR
+        ( r.owner_ou_id = - 1 AND FIND_IN_SET( #{workspaceJoinType},g.ou_type_code) > 0)
+        )
+    </select>
+
 </mapper>

tyr-server/src/test/java/cn/axzo/tyr/server/permission/RoleUserTest.java

@@ -10,8 +10,11 @@ import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
 import cn.axzo.tyr.client.model.res.RoleWithUserRes;
 import cn.axzo.tyr.server.controller.role.SaasRoleController;
 import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
+import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
+import cn.axzo.tyr.server.repository.entity.SaasRole;
 import com.alibaba.fastjson.JSON;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -36,6 +39,9 @@ public class RoleUserTest {
     @Autowired
     private SaasRoleController controller;
 
+    @Autowired
+    private SaasRoleDao saasRoleDao;
+
     @Test
     public void testList() {
         saasRoleUserRelationDao.deleteByUser(BaseWorkspaceModel.builder()
@@ -59,5 +65,17 @@ public class RoleUserTest {
         System.out.println(JSON.toJSONString(result));
     }
 
+    @Test
+    public void testPageQueryForOUWorkspace() {
+        RoleWithUserQueryReq req = new RoleWithUserQueryReq();
+        req.setOuId(5195L);
+        req.setWorkspaceId(371L);
+        req.setWorkspaceJoinType(2);
+        req.setPage(1L);
+        req.setPageSize(20L);
+        Page<SaasRole> page = saasRoleDao.pageQueryForOUWorkspace(req);
+        System.out.println(JSON.toJSONString(page));
+    }
+
 
 }