角色权限变更后刷新所有持有该角色的在线用户权限

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java

@@ -19,10 +19,8 @@ import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.entity.SysDept;
 import com.ruoyi.common.core.domain.entity.SysRole;
 import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.domain.model.LoginUser;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
-import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.framework.web.service.SysPermissionService;
 import com.ruoyi.framework.web.service.TokenService;
@@ -128,14 +126,8 @@ public class SysRoleController extends BaseController
         
         if (roleService.updateRole(role) > 0)
         {
-            // 更新缓存用户权限
-            LoginUser loginUser = getLoginUser();
-            if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin())
-            {
-                loginUser.setUser(userService.selectUserByUserName(loginUser.getUser().getUserName()));
-                loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser()));
-                tokenService.setLoginUser(loginUser);
-            }
+            // 刷新所有持有该角色的在线用户权限
+            tokenService.refreshPermissionByRoleId(role.getRoleId(), permissionService);
             return success();
         }
         return error("修改角色'" + role.getRoleName() + "'失败，请联系管理员");

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java

@@ -1,9 +1,9 @@
 package com.ruoyi.framework.web.service;
 
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
-import jakarta.servlet.http.HttpServletRequest;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -22,6 +22,7 @@ import com.ruoyi.common.utils.uuid.IdUtils;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
+import jakarta.servlet.http.HttpServletRequest;
 
 /**
  * token验证处理
@@ -229,4 +230,41 @@ public class TokenService
     {
         return CacheConstants.LOGIN_TOKEN_KEY + uuid;
     }
+
+    /**
+     * 角色权限变更后，刷新所有持有该角色的在线用户权限
+     *
+     * @param roleId            变更的角色ID
+     * @param permissionService 权限服务
+     */
+    public void refreshPermissionByRoleId(Long roleId, SysPermissionService permissionService)
+    {
+        // 扫描所有在线 token
+        String pattern = CacheConstants.LOGIN_TOKEN_KEY + "*";
+        Collection<String> keys = redisCache.keys(pattern);
+        if (keys == null || keys.isEmpty())
+        {
+            return;
+        }
+        for (String key : keys)
+        {
+            LoginUser loginUser = redisCache.getCacheObject(key);
+            if (loginUser == null || loginUser.getUser() == null || loginUser.getUser().isAdmin())
+            {
+                // 管理员拥有所有权限，跳过
+                continue;
+            }
+            // 判断该用户是否拥有此角色
+            boolean hasRole = loginUser.getUser().getRoles() != null
+                    && loginUser.getUser().getRoles().stream().anyMatch(r -> roleId.equals(r.getRoleId()));
+            if (!hasRole)
+            {
+                continue;
+            }
+            // 刷新权限缓存
+            loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser()));
+            refreshToken(loginUser);
+            log.info("角色[{}]权限变更，已刷新在线用户[{}]的权限缓存", roleId, loginUser.getUsername());
+        }
+    }
 }