diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java index a794936d4a..cab230231b 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java @@ -19,10 +19,8 @@ import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.entity.SysDept; import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysUser; -import com.ruoyi.common.core.domain.model.LoginUser; import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.enums.BusinessType; -import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.framework.web.service.SysPermissionService; import com.ruoyi.framework.web.service.TokenService; @@ -128,14 +126,8 @@ public class SysRoleController extends BaseController if (roleService.updateRole(role) > 0) { - // 更新缓存用户权限 - LoginUser loginUser = getLoginUser(); - if (StringUtils.isNotNull(loginUser.getUser()) && !loginUser.getUser().isAdmin()) - { - loginUser.setUser(userService.selectUserByUserName(loginUser.getUser().getUserName())); - loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser())); - tokenService.setLoginUser(loginUser); - } + // 刷新所有持有该角色的在线用户权限 + tokenService.refreshPermissionByRoleId(role.getRoleId(), permissionService); return success(); } return error("修改角色'" + role.getRoleName() + "'失败,请联系管理员"); diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java index d7bab088bb..0acae076fe 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java @@ -1,9 +1,9 @@ package com.ruoyi.framework.web.service; +import java.util.Collection; import java.util.HashMap; import java.util.Map; import java.util.concurrent.TimeUnit; -import jakarta.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -22,6 +22,7 @@ import com.ruoyi.common.utils.uuid.IdUtils; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; +import jakarta.servlet.http.HttpServletRequest; /** * token验证处理 @@ -229,4 +230,41 @@ public class TokenService { return CacheConstants.LOGIN_TOKEN_KEY + uuid; } + + /** + * 角色权限变更后,刷新所有持有该角色的在线用户权限 + * + * @param roleId 变更的角色ID + * @param permissionService 权限服务 + */ + public void refreshPermissionByRoleId(Long roleId, SysPermissionService permissionService) + { + // 扫描所有在线 token + String pattern = CacheConstants.LOGIN_TOKEN_KEY + "*"; + Collection keys = redisCache.keys(pattern); + if (keys == null || keys.isEmpty()) + { + return; + } + for (String key : keys) + { + LoginUser loginUser = redisCache.getCacheObject(key); + if (loginUser == null || loginUser.getUser() == null || loginUser.getUser().isAdmin()) + { + // 管理员拥有所有权限,跳过 + continue; + } + // 判断该用户是否拥有此角色 + boolean hasRole = loginUser.getUser().getRoles() != null + && loginUser.getUser().getRoles().stream().anyMatch(r -> roleId.equals(r.getRoleId())); + if (!hasRole) + { + continue; + } + // 刷新权限缓存 + loginUser.setPermissions(permissionService.getMenuPermission(loginUser.getUser())); + refreshToken(loginUser); + log.info("角色[{}]权限变更,已刷新在线用户[{}]的权限缓存", roleId, loginUser.getUsername()); + } + } }