更新！

FullCardServer/src/main/java/com/zhongshu/card/server/core/controller/orgManager/RoleController.java

@@ -52,18 +52,14 @@ public class RoleController {
     @ResourceAuth(value = "user", type = AuthType.User)
     @Operation(summary = "角色管理列表-分页查询", description = "角色管理列表-分页查询")
     @RequestMapping(value = {"pageManager"}, method = {RequestMethod.POST})
-    public ResultContent<Page<RoleModel>> pageManager(
-            @Parameter(hidden = true) @PageableDefault(page = 0, size = 10) Pageable pageable,
-            @Parameter(required = false) RoleSearchParam param) {
+    public ResultContent<Page<RoleModel>> pageManager(@Parameter(hidden = true) @PageableDefault(page = 0, size = 10) Pageable pageable, @Parameter(required = false) RoleSearchParam param) {
         return roleService.page(param, pageable);
     }
 
     @ResourceAuth(value = "user", type = AuthType.User)
     @Operation(summary = "角色列表-分页查询", description = "角色列表-分页查询")
     @RequestMapping(value = {"page"}, method = {RequestMethod.POST})
-    public ResultContent<Page<RoleModel>> page(
-            @Parameter(hidden = true) @PageableDefault(page = 0, size = 10) Pageable pageable,
-            @Parameter(required = false) RoleSearchParam param) {
+    public ResultContent<Page<RoleModel>> page(@Parameter(hidden = true) @PageableDefault(page = 0, size = 10) Pageable pageable, @Parameter(required = false) RoleSearchParam param) {
         return roleService.page(param, pageable);
     }
 
@@ -106,9 +102,7 @@ public class RoleController {
     @Operation(summary = "获取角色的权限列表", description = "获取角色的权限列表")
     @RequestMapping(value = "getRoleAuthList", method = {RequestMethod.GET})
     @ResourceAuth(value = "user", type = AuthType.User)
-    public Object getRoleAuthList(
-            @Parameter(name = "roleId", description = "角色数据ID", example = "")
-            @RequestParam("roleId") String roleId) {
+    public Object getRoleAuthList(@Parameter(name = "roleId", description = "角色数据ID", example = "") @RequestParam("roleId") String roleId) {
         return roleService.getList(roleId);
     }
 
@@ -122,10 +116,15 @@ public class RoleController {
     @Operation(summary = "获取用户在当前结机构权限列表 （登录后加载）", description = "获取用户在当前结机构权限列表")
     @RequestMapping(value = "getOrganizationAuth", method = {RequestMethod.GET})
     @ResourceAuth(value = "user", type = AuthType.User)
-    public Object getOrganizationAuth(
-            @Parameter(name = "oid", description = "当前用户的机构oid", example = "", required = false)
-            @RequestParam("oid") String oid) {
+    public Object getOrganizationAuth(@Parameter(name = "oid", description = "当前用户的机构oid", example = "", required = false) @RequestParam("oid") String oid) {
         return roleService.getOrganizationAuth(oid, null);
     }
 
+    @Operation(summary = "得到用户项目的权限列表", description = "得到用户项目的权限列表")
+    @RequestMapping(value = "getCurrentUserProjectAuth", method = {RequestMethod.GET})
+    @ResourceAuth(value = "user", type = AuthType.User)
+    public ResultContent getCurrentUserProjectAuth(@Parameter(name = "projectOid", description = "当前选中的项目", example = "", required = false) @RequestParam("projectOid") String projectOid) {
+        return roleService.getCurrentUserProjectAuth(projectOid);
+    }
+
 }

FullCardServer/src/main/java/com/zhongshu/card/server/core/dao/org/OrganizationUserDao.java

@@ -55,4 +55,6 @@ public interface OrganizationUserDao extends MongoDao<OrganizationUser>, Organiz
     List<OrganizationUser> findByUserIdAndProjectOidAndIsOrg(String userId, String projectOid, Boolean isOrg);
 
     List<OrganizationUser> findByUserId(String userId);
+
+    List<OrganizationUser> findByUserIdAndProjectOid(String userId, String projectOid);
 }

FullCardServer/src/main/java/com/zhongshu/card/server/core/dao/org/extend/RoleDaoExtend.java

@@ -11,5 +11,7 @@ import org.springframework.data.domain.Pageable;
  * @Version: 1.0
  */
 public interface RoleDaoExtend {
+
     Page<Role> page(Pageable pageable, RoleSearchParam param);
+
 }

FullCardServer/src/main/java/com/zhongshu/card/server/core/dao/org/impl/RoleDaoImpl.java

@@ -62,6 +62,7 @@ public class RoleDaoImpl extends BaseImpl implements RoleDaoExtend {
         if (!CollectionUtils.isEmpty(criterias)) {
             criteria.andOperator(criterias.toArray(new Criteria[]{}));
         }
+
         criteria.and("isDelete").is(Boolean.FALSE);
         Sort sort = buildSort(param);
         Query query = Query.query(criteria);

FullCardServer/src/main/java/com/zhongshu/card/server/core/service/org/IndexService.java

@@ -245,15 +245,7 @@ public class IndexService {
         stopWatch.start("3");
         // 用户所有的权限
         Set<String> auth = roleServiceImpl.getUserAllAuths(userAccount.getUserId());
-        String aesStr = "";
-        if (auth != null && !auth.isEmpty()) {
-            try {
-                auth.add(AuthConstant.Admin);
-                aesStr = AesUtils.encrypt(String.join(",", auth), "lIllIIIllIIIllIl");
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-        }
+        String aesStr = AesUtils.encryptAuth(auth);
         commonModel.setAuths(auth);
         commonModel.setPermiss(aesStr);
         stopWatch.stop();

FullCardServer/src/main/java/com/zhongshu/card/server/core/service/org/OrganizationServiceImpl.java

@@ -203,8 +203,12 @@ public class OrganizationServiceImpl extends SuperService implements Organizatio
             organization.setCreateUserId(getCurrentUserId());
             organizationDao.save(organization);
         }
+        // 初始项目的默认管理员角色
+        roleServiceImpl.initOrgManagerRole(organization);
+
         //todo  同步名称至openApi网关
         signService.syncBusinessName(organization.getOid(), organization.getName());
+        // 把管理员用户
         organizationUserServiceImpl.orgBindManager(organization, userAccounts);
         com.github.microservice.netdisk.client.content.ResultContent<String> resultContent = netDiskAccountService.create(organization.getOid());
         log.info("创建文件账号： {}", resultContent.getState());

FullCardServer/src/main/java/com/zhongshu/card/server/core/service/user/RoleServiceImpl.java

@@ -7,10 +7,12 @@ import com.github.microservice.auth.client.model.RoleGroupModel;
 import com.github.microservice.auth.client.service.AuthResourcesNameService;
 import com.github.microservice.auth.security.type.AuthType;
 import com.github.microservice.components.data.base.util.PageEntityUtil;
-import com.google.common.collect.Lists;
-import com.zhongshu.card.client.model.org.*;
 import com.github.microservice.net.ResultContent;
 import com.github.microservice.net.ResultMessage;
+import com.google.common.collect.Lists;
+import com.zhongshu.card.client.model.org.AuthModel;
+import com.zhongshu.card.client.model.org.EditAuthParam;
+import com.zhongshu.card.client.model.org.ModularModel;
 import com.zhongshu.card.client.model.org.role.RoleAddParam;
 import com.zhongshu.card.client.model.org.role.RoleModel;
 import com.zhongshu.card.client.model.org.role.RoleQueryParam;
@@ -23,11 +25,13 @@ import com.zhongshu.card.server.core.dao.org.OrganizationDao;
 import com.zhongshu.card.server.core.dao.org.OrganizationUserDao;
 import com.zhongshu.card.server.core.dao.org.RoleDao;
 import com.zhongshu.card.server.core.dao.org.UserCountDao;
+import com.zhongshu.card.server.core.dataConfig.CardSystemDefault;
 import com.zhongshu.card.server.core.domain.org.Organization;
 import com.zhongshu.card.server.core.domain.org.OrganizationUser;
 import com.zhongshu.card.server.core.domain.org.Role;
 import com.zhongshu.card.server.core.domain.org.UserAccount;
 import com.zhongshu.card.server.core.service.base.SuperService;
+import com.zhongshu.card.server.core.util.AesUtils;
 import com.zhongshu.card.server.core.util.BeanUtils;
 import com.zhongshu.card.server.core.util.CommonUtil;
 import lombok.extern.slf4j.Slf4j;
@@ -35,9 +39,7 @@ import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
-import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
-import org.springframework.data.domain.Sort;
 import org.springframework.stereotype.Service;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@@ -420,9 +422,10 @@ public class RoleServiceImpl extends SuperService {
         } else {
             auth.removeAll(param.getAuths());
         }
-        Organization organization = organizationDao.findTopByOid(role.getOid());
+
         // 管理员角色默认有 管理员的权限
         if (role.getIsAdmin() != null && role.getIsAdmin()) {
+            Organization organization = organizationDao.findTopByOid(role.getOid());
             if (organization != null && organization.getAuthType() == AuthType.Platform) {
                 auth.add(AuthConstant.SuperAdmin);
             } else {
@@ -469,10 +472,50 @@ public class RoleServiceImpl extends SuperService {
             return auth;
         }
         for (OrganizationUser organizationUser : organizationUsers) {
-            Organization organization = organizationUser.getOrganization();
-            String oid = organization.getOid();
+            auth.addAll(getOrganizationUserAuths(organizationUser));
+        }
+        return auth;
+    }
 
-            List<Role> roles = organizationUser.getRoles();
+    /**
+     * 得到当前用户在 指定的项目权限（加密后）
+     *
+     * @param projectOid
+     * @return
+     */
+    public ResultContent getCurrentUserProjectAuth(String projectOid) {
+        Set<String> auths = getUserProjectAllAuths(projectOid, getCurrentUserId());
+        return ResultContent.buildSuccess(AesUtils.encryptAuth(auths));
+    }
+
+    public Set<String> getUserProjectAllAuths(String projectOid, String userId) {
+        Set<String> auth = new HashSet<>();
+        if (StringUtils.isEmpty(userId)) {
+            return auth;
+        }
+        UserAccount userAccount = userCountDao.findTopByUserId(userId);
+        if (ObjectUtils.isEmpty(userAccount)) {
+            return auth;
+        }
+        List<OrganizationUser> organizationUsers = organizationUserDao.findByUserIdAndProjectOid(userAccount.getUserId(), projectOid);
+        if (ObjectUtils.isEmpty(organizationUsers)) {
+            return auth;
+        }
+        for (OrganizationUser organizationUser : organizationUsers) {
+            auth.addAll(getOrganizationUserAuths(organizationUser));
+        }
+        return auth;
+    }
+
+    /**
+     * 得到机构用户数据权限
+     *
+     * @param organizationUser
+     * @return
+     */
+    public Set<String> getOrganizationUserAuths(OrganizationUser organizationUser) {
+        Set<String> auth = new HashSet<>();
+        if (ObjectUtils.isNotEmpty(organizationUser)) {
 
 //            var roleGroupModels = roleService.listRoleGroupFromOrganizationUser(oid, userId).getContent();
 //            if (!CollectionUtils.isEmpty(roleGroupModels)) {
@@ -488,7 +531,7 @@ public class RoleServiceImpl extends SuperService {
 //                });
 //            }
 
-
+            List<Role> roles = organizationUser.getRoles();
             if (ObjectUtils.isNotEmpty(roles)) {
                 roles.stream().forEach(tempRole -> {
                     var role = roleService.getRole(tempRole.getRoleId()).getContent();
@@ -496,7 +539,6 @@ public class RoleServiceImpl extends SuperService {
                         auth.addAll(role.getAuth());
                     }
                 });
-
                 List<Role> _list = roles.stream().filter(it -> {
                     return it.getIsAdmin();
                 }).collect(Collectors.toList());
@@ -614,6 +656,70 @@ public class RoleServiceImpl extends SuperService {
         return false;
     }
 
+    /**
+     * 初始机构的管理员角色
+     *
+     * @param organization
+     * @return
+     */
+    public ResultContent initOrgManagerRole(Organization organization) {
+        if (ObjectUtils.isNotEmpty(organization)) {
+            Role adminRole = roleDao.findTopByNameAndOid(CardSystemDefault.DEFAULT_ROLE_NAME, organization.getOid());
+            if (ObjectUtils.isEmpty(adminRole)) {
+                Set<String> auth = Set.of(AuthConstant.Admin);
+                if (organization.getAuthType().equals(AuthType.Platform)) {
+                    auth = Set.of(AuthConstant.SuperAdmin);
+                }
+
+                String defaultName = CardSystemDefault.DEFAULT_ROLE_NAME;
+                String defaultReMark = CardSystemDefault.DEFAULT_ROLE_NAME;
+                String oid = organization.getOid();
+                // 权限中心: 角色组
+                RoleGroupModel admin = new RoleGroupModel();
+                admin.setName(defaultName);
+                admin.setRemark(defaultReMark);
+                admin.setOrganizationId(oid);
+                admin.setIdentity(auth);
+                com.github.microservice.auth.client.content.ResultContent<String> updateRoleGroupAdmin = roleService.updateRoleGroup(admin);
+                String groupId = updateRoleGroupAdmin.getContent();
+                log.info("初始权限中心角色组成功：{}", groupId);
+
+                if (!StringUtils.isEmpty(groupId)) {
+                    // 权限中心: 角色信息
+                    com.github.microservice.auth.client.model.RoleModel roleModel = new com.github.microservice.auth.client.model.RoleModel();
+                    roleModel.setOrganizationId(oid);
+                    roleModel.setName(defaultName);
+                    roleModel.setRemark(defaultReMark);
+                    roleModel.setAuth(auth);
+                    com.github.microservice.auth.client.content.ResultContent<String> updateRole = roleService.updateRole(roleModel);
+
+                    log.info("权限中心：初始角色和角色组关系成功");
+                    String roleId = updateRole.getContent();
+                    roleService.addRoleToRoleGroup(groupId, new String[]{roleId});
+
+                    // 添加本地机构角色信息
+                    adminRole = new Role();
+                    if (organization.getAuthType().equals(AuthType.Platform)) {
+                        adminRole.setCode(AuthConstant.SuperAdmin);
+                    } else {
+                        adminRole.setCode(AuthConstant.Admin);
+                    }
+                    adminRole.setAuth(auth);
+                    adminRole.setOid(oid);
+                    adminRole.setRoleGroupId(groupId);
+                    adminRole.setName(defaultName);
+                    adminRole.setRemark(defaultReMark);
+                    adminRole.setRoleType(RoleType.BuildIn);
+                    adminRole.setIsAdmin(Boolean.TRUE);
+                    adminRole.setRoleId(roleId);
+                    adminRole.setAuthType(organization.getAuthType());
+                    roleDao.save(adminRole);
+                }
+            }
+        }
+        return ResultContent.buildSuccess();
+    }
+
     public List<RoleModel> toModels(List<Role> roles) {
         if (ObjectUtils.isNotEmpty(roles)) {
             return roles.stream().map(this::toModel).collect(Collectors.toList());

FullCardServer/src/main/java/com/zhongshu/card/server/core/util/AesUtils.java

@@ -19,6 +19,7 @@ import java.security.PublicKey;
 import java.security.Security;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
+import java.util.Set;
 
 import static org.apache.tomcat.util.buf.HexUtils.toHexString;
 
@@ -33,6 +34,17 @@ public class AesUtils {
         return toHexString(md.digest());
     }
 
+    public static String encryptAuth(Set<String> auth) {
+        try {
+            if (auth != null && auth.size() > 0) {
+                return encrypt(String.join(",", auth), "lIllIIIllIIIllIl");
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return "";
+    }
+
     public static String encrypt(String data, String SECRET_KEY) throws Exception {
         Cipher cipher = Cipher.getInstance("AES");
         SecretKeySpec secretKeySpec = new SecretKeySpec(SECRET_KEY.getBytes(), "AES");