From dbe9834e4cf5185bca2e1e60a146925b2e38561a Mon Sep 17 00:00:00 2001 From: RuoYi Date: Thu, 16 Apr 2026 16:33:50 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=92=E8=89=B2=E6=9D=83=E9=99=90=E5=8F=98?= =?UTF-8?q?=E6=9B=B4=E5=90=8E=E5=88=B7=E6=96=B0=E6=89=80=E6=9C=89=E6=8C=81?= =?UTF-8?q?=E6=9C=89=E8=AF=A5=E8=A7=92=E8=89=B2=E7=9A=84=E5=9C=A8=E7=BA=BF?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/system/SysRoleController.java | 12 +----- .../framework/web/service/TokenService.java | 40 ++++++++++++++++++- 2 files changed, 41 insertions(+), 11 deletions(-) diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java index a794936d4a..cab230231b 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java @@ -19,10 +19,8 @@ import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.entity.SysDept; import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysUser; -import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.enums.BusinessType; -import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.framework.web.service.SysPermissionService; import com.ruoyi.framework.web.service.TokenService; @@ -128,14 +126,8 @@ public class SysRoleController extends BaseController if (roleService.updateRole(role) > 0) { - // 更新缓存用户权限 - LoginUser loginUser = getLoginUser(); - if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin()) - { - loginUser.setUser(userService.selectUserByUserName(loginUser.getUser().getUserName())); - loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser())); - tokenService.setLoginUser(loginUser); - } + // 刷新所有持有该角色的在线用户权限 + tokenService.refreshPermissionByRoleId(role.getRoleId(), permissionService); return success(); } return error("修改角色'" + role.getRoleName() + "'失败,请联系管理员"); diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java index d7bab088bb..0acae076fe 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java @@ -1,9 +1,9 @@ package com.ruoyi.framework.web.service; +import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; -import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -22,6 +22,7 @@ import com.ruoyi.common.utils.uuid.IdUtils; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; +import jakarta.servlet.http.HttpServletRequest; /** * token验证处理 @@ -229,4 +230,41 @@ public class TokenService { return CacheConstants.LOGIN_TOKEN_KEY + uuid; } + + /** + * 角色权限变更后,刷新所有持有该角色的在线用户权限 + * + * @param roleId 变更的角色ID + * @param permissionService 权限服务 + */ + public void refreshPermissionByRoleId(Long roleId, SysPermissionService permissionService) + { + // 扫描所有在线 token + String pattern = CacheConstants.LOGIN_TOKEN_KEY + "*"; + Collection keys = redisCache.keys(pattern); + if (keys == null || keys.isEmpty()) + { + return; + } + for (String key : keys) + { + LoginUser loginUser = redisCache.getCacheObject(key); + if (loginUser == null || loginUser.getUser() == null || loginUser.getUser().isAdmin()) + { + // 管理员拥有所有权限,跳过 + continue; + } + // 判断该用户是否拥有此角色 + boolean hasRole = loginUser.getUser().getRoles() != null + && loginUser.getUser().getRoles().stream().anyMatch(r -> roleId.equals(r.getRoleId())); + if (!hasRole) + { + continue; + } + // 刷新权限缓存 + loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser())); + refreshToken(loginUser); + log.info("角色[{}]权限变更,已刷新在线用户[{}]的权限缓存", roleId, loginUser.getUsername()); + } + } }