feat: 用户权限可被收回

2021-05-27 14:17:27 +08:00 · 2021-05-27 14:17:27 +08:00 · 1be642aeca
commit 1be642aeca
parent 83a243e193
9 changed files with 176 additions and 67 deletions
--- a/backend/src/main/java/io/dataease/base/mapper/ext/ExtVAuthModelMapper.xml
+++ b/backend/src/main/java/io/dataease/base/mapper/ext/ExtVAuthModelMapper.xml
@ -14,12 +14,12 @@
        authCount.children_count AS children_count,
        IF
        (( authCount.children_count > 0 ), 0, 1 ) AS leaf
-        FROM
-        ( SELECT * FROM v_auth_model
+        FROM (select get_grant_auths (#{modelType},#{createBy}) cids1) t1,
+        ( SELECT * FROM (select get_grant_auths (#{modelType},#{createBy}) cids2) t2 ,v_auth_model
        <where>
            model_type = #{modelType}
-            <if test="createBy != null">
-               and  FIND_IN_SET(v_auth_model.id,GET_V_AUTH_MODEL_WITH_PARENT ( (select GROUP_CONCAT(id) from v_auth_model where model_type = #{modelType} and create_by =#{createBy}) ,#{modelType}))
+            <if test="1== withAuth">
+               and  FIND_IN_SET(v_auth_model.id,GET_V_AUTH_MODEL_WITH_PARENT ( cids2 ,#{modelType}))
            </if>
            <if test="pid !=null">
                and v_auth_model.pid = #{pid}
@ -50,11 +50,11 @@
        count( 1 ) AS `children_count`,
        `authTemp`.`pid` AS `pid`
        FROM
-        ( SELECT * FROM v_auth_model
+        ( SELECT * FROM (select get_grant_auths (#{modelType},#{createBy}) cids3) t3,v_auth_model
        <where>
            model_type = #{modelType}
-            <if test="createBy != null">
-                and   FIND_IN_SET(v_auth_model.id,GET_V_AUTH_MODEL_WITH_PARENT ( (select GROUP_CONCAT(id) from v_auth_model where model_type = #{modelType} and create_by =#{createBy}) ,#{modelType}))
+            <if test="1== withAuth">
+                and   FIND_IN_SET(v_auth_model.id,GET_V_AUTH_MODEL_WITH_PARENT ( cids3 ,#{modelType}))
            </if>
        </where>
        ) authTemp
@ -63,8 +63,8 @@
        ) authCount ON
        auth.id = authCount.pid
        <where>
-            <if test="createBy != null">
-                (authCount.children_count>0 or auth.create_by = #{createBy})
+            <if test="1== withAuth">
+                (authCount.children_count>0 or FIND_IN_SET(auth.id,cids1) )
            </if>
        </where>

--- a/backend/src/main/java/io/dataease/controller/request/BaseTreeRequest.java
+++ b/backend/src/main/java/io/dataease/controller/request/BaseTreeRequest.java
@ -26,6 +26,9 @@ public class BaseTreeRequest {

    private String createBy;

+    private String withAuth;//需要根据权限返回
+
+
    public BaseTreeRequest() {
    }

--- a/backend/src/main/java/io/dataease/service/sys/SysAuthService.java
+++ b/backend/src/main/java/io/dataease/service/sys/SysAuthService.java
@ -40,18 +40,20 @@ public class SysAuthService {
    @Resource
    private ExtVAuthModelMapper extVAuthModelMapper;

-    private static List<String> PRI_MODEL_TYPE = Arrays.asList("link","dataset","chart","panel");
+    private static List<String> PRI_MODEL_TYPE = Arrays.asList("link","dataset","chart","panel","menu");


    /**
-     * @Description: 查询可见授权数据的数据如果是管理员（IsAdmin = true）且modelType 为link dataset chart panel可以查询到所有的数据，
+     * @Description: 查询可见授权数据的数据如果是管理员（IsAdmin = true）且modelType 为link dataset chart panel menu可以查询到所有的数据，
     * 如果是普通用户，只能查询到自己的数据；但是 node_type 为spine 时 节点也会返回
     **/
    public List<VAuthModelDTO> searchAuthModelTree(BaseTreeRequest request) {
        CurrentUserDto currentUserDto = AuthUtils.getUser();
-        request.setCreateBy(null);
+        request.setCreateBy(String.valueOf(currentUserDto.getUserId()));
        if(PRI_MODEL_TYPE.contains(request.getModelType())&&(currentUserDto.getIsAdmin() == null || !currentUserDto.getIsAdmin())){
-            request.setCreateBy(currentUserDto.getUsername());
+            request.setWithAuth("1");
+        }else{
+            request.setWithAuth("0");
        }
        return extVAuthModelMapper.searchTree(request);
    }
--- a/backend/src/main/resources/db/migration/V5__auth.sql
+++ b/backend/src/main/resources/db/migration/V5__auth.sql
@ -1,54 +1,13 @@

+
 SET NAMES utf8mb4;
 SET FOREIGN_KEY_CHECKS = 0;

-- ----------------------------
-- Table structure for sys_auth
-- ----------------------------
-DROP TABLE IF EXISTS `sys_auth`;
-CREATE TABLE `sys_auth`  (
-  `id` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
-  `auth_source` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权资产源 数据集 视图 仪表板',
-  `auth_source_type` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权资产类型 dataset 数据集 view 视图 panel 仪表板',
-  `auth_target` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权目标 用户 角色 组织 ',
-  `auth_target_type` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权目标类型 user 用户 role 角色 org dept 组织',
-  `auth_time` bigint(13) NULL DEFAULT NULL COMMENT '授权时间',
-  `auth_details` varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权明细 privilegename 名称 privilegeType 权限类型 1 查看 2 管理 3 导出 4 使用 ; privilegeValue 1 不可用 2 可用 3 部分可用',
-  `auth_user` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权人员',
-  `update_time` datetime(0) NULL DEFAULT NULL COMMENT '更新时间',
-  PRIMARY KEY (`id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci;
-
-- ----------------------------
-- Table structure for sys_auth_detail
-- ----------------------------
-DROP TABLE IF EXISTS `sys_auth_detail`;
-CREATE TABLE `sys_auth_detail`  (
-  `id` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
-  `auth_id` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
-  `privilege_name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '权限名称',
-  `privilege_type` int(6) NULL DEFAULT NULL COMMENT '权限类型',
-  `privilege_value` int(6) NULL DEFAULT NULL COMMENT '权限值 1 可用 2 不用',
-  `privilege_extend` varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '权限扩展',
-  `remark` varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',
-  `create_user` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
-  `create_time` bigint(13) NULL DEFAULT NULL,
-  `update_time` bigint(13) NULL DEFAULT NULL,
-  PRIMARY KEY (`id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci;
-
-- ----------------------------
-- Records of sys_auth_detail
-- ----------------------------
-BEGIN;
-INSERT INTO `sys_auth_detail` VALUES ('chart_manage', 'chart', 'i18n_auth_manage', 3, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('chart_use', 'chart', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('dataset_manege', 'dataset', 'i18n_auth_manage', 3, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('dataset_use', 'dataset', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('link_manage', 'link', 'i18n_auth_manage', 3, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('link_user', 'link', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('panel_export', 'panel', 'i18n_auth_export', 3, 0, 'export', '基础权限-导出', 'system', NULL, NULL), ('panel_manage', 'panel', 'i18n_auth_manage', 5, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('panel_user', 'panel', 'i18n_auth_view', 1, 0, 'view', '基础权限-查看', 'system', NULL, NULL);
-COMMIT;
-
 -- ----------------------------
 -- View structure for v_auth_model
 -- ----------------------------
 DROP VIEW IF EXISTS `v_auth_model`;
-CREATE ALGORITHM = UNDEFINED SQL SECURITY DEFINER VIEW `v_auth_model` AS select `sys_user`.`user_id` AS `id`,`sys_user`.`username` AS `name`,`sys_user`.`username` AS `label`,'0' AS `pid`,'leaf' AS `node_type`,'user' AS `model_type`,'user' AS `model_inner_type`,'target' AS `auth_type`,`sys_user`.`create_by` AS `create_by` from `sys_user` union all select `sys_role`.`role_id` AS `id`,`sys_role`.`name` AS `name`,`sys_role`.`name` AS `label`,'0' AS `pid`,'leaf' AS `node_type`,'role' AS `model_type`,'role' AS `model_inner_type`,'target' AS `auth_type`,`sys_role`.`create_by` AS `create_by` from `sys_role` union all select `sys_dept`.`dept_id` AS `id`,`sys_dept`.`name` AS `name`,`sys_dept`.`name` AS `lable`,cast(`sys_dept`.`pid` as char charset utf8mb4) AS `pid`,if((`sys_dept`.`sub_count` = 0),'leaf','spine') AS `node_type`,'dept' AS `model_type`,'dept' AS `model_inner_type`,'target' AS `auth_type`,`sys_dept`.`create_by` AS `create_by` from `sys_dept` union all select `datasource`.`id` AS `id`,`datasource`.`name` AS `NAME`,`datasource`.`name` AS `label`,'0' AS `pid`,'leaf' AS `node_type`,'link' AS `model_type`,`datasource`.`type` AS `model_inner_type`,'source' AS `auth_type`,`datasource`.`create_by` AS `create_by` from `datasource` union all select `dataset_group`.`id` AS `id`,`dataset_group`.`name` AS `NAME`,`dataset_group`.`name` AS `lable`,if(isnull(`dataset_group`.`pid`),'0',`dataset_group`.`pid`) AS `pid`,'spine' AS `node_type`,'dataset' AS `model_type`,`dataset_group`.`type` AS `model_inner_type`,'source' AS `auth_type`,`dataset_group`.`create_by` AS `create_by` from `dataset_group` union all select `dataset_table`.`id` AS `id`,`dataset_table`.`name` AS `NAME`,`dataset_table`.`name` AS `lable`,`dataset_table`.`scene_id` AS `pid`,'leaf' AS `node_type`,'dataset' AS `model_type`,`dataset_table`.`type` AS `model_inner_type`,'source' AS `auth_type`,`dataset_table`.`create_by` AS `create_by` from `dataset_table` union all select `chart_group`.`id` AS `id`,`chart_group`.`name` AS `name`,`chart_group`.`name` AS `label`,if(isnull(`chart_group`.`pid`),'0',`chart_group`.`pid`) AS `pid`,'spine' AS `node_type`,'chart' AS `model_type`,`chart_group`.`type` AS `model_inner_type`,'source' AS `auth_type`,`chart_group`.`create_by` AS `create_by` from `chart_group` union all select `chart_view`.`id` AS `id`,`chart_view`.`name` AS `name`,`chart_view`.`name` AS `label`,`chart_view`.`scene_id` AS `pid`,'leaf' AS `node_type`,'chart' AS `model_type`,`chart_view`.`type` AS `model_inner_type`,'source' AS `auth_type`,`chart_view`.`create_by` AS `create_by` from `chart_view` union all select `panel_group`.`id` AS `id`,`panel_group`.`name` AS `NAME`,`panel_group`.`name` AS `label`,(case `panel_group`.`id` when 'panel_list' then '0' when 'default_panel' then '0' else `panel_group`.`pid` end) AS `pid`,if((`panel_group`.`node_type` = 'folder'),'spine','leaf') AS `node_type`,'panel' AS `model_type`,`panel_group`.`panel_type` AS `model_inner_type`,'source' AS `auth_type`,`panel_group`.`create_by` AS `create_by` from `panel_group`;
+CREATE ALGORITHM = UNDEFINED SQL SECURITY DEFINER VIEW `v_auth_model` AS select `sys_user`.`user_id` AS `id`,`sys_user`.`username` AS `name`,`sys_user`.`username` AS `label`,'0' AS `pid`,'leaf' AS `node_type`,'user' AS `model_type`,'user' AS `model_inner_type`,'target' AS `auth_type`,`sys_user`.`create_by` AS `create_by` from `sys_user` union all select `sys_role`.`role_id` AS `id`,`sys_role`.`name` AS `name`,`sys_role`.`name` AS `label`,'0' AS `pid`,'leaf' AS `node_type`,'role' AS `model_type`,'role' AS `model_inner_type`,'target' AS `auth_type`,`sys_role`.`create_by` AS `create_by` from `sys_role` union all select `sys_dept`.`dept_id` AS `id`,`sys_dept`.`name` AS `name`,`sys_dept`.`name` AS `lable`,cast(`sys_dept`.`pid` as char charset utf8mb4) AS `pid`,if((`sys_dept`.`sub_count` = 0),'leaf','spine') AS `node_type`,'dept' AS `model_type`,'dept' AS `model_inner_type`,'target' AS `auth_type`,`sys_dept`.`create_by` AS `create_by` from `sys_dept` union all select `datasource`.`id` AS `id`,`datasource`.`name` AS `NAME`,`datasource`.`name` AS `label`,'0' AS `pid`,'leaf' AS `node_type`,'link' AS `model_type`,`datasource`.`type` AS `model_inner_type`,'source' AS `auth_type`,`datasource`.`create_by` AS `create_by` from `datasource` union all select `dataset_group`.`id` AS `id`,`dataset_group`.`name` AS `NAME`,`dataset_group`.`name` AS `lable`,if(isnull(`dataset_group`.`pid`),'0',`dataset_group`.`pid`) AS `pid`,'spine' AS `node_type`,'dataset' AS `model_type`,`dataset_group`.`type` AS `model_inner_type`,'source' AS `auth_type`,`dataset_group`.`create_by` AS `create_by` from `dataset_group` union all select `dataset_table`.`id` AS `id`,`dataset_table`.`name` AS `NAME`,`dataset_table`.`name` AS `lable`,`dataset_table`.`scene_id` AS `pid`,'leaf' AS `node_type`,'dataset' AS `model_type`,`dataset_table`.`type` AS `model_inner_type`,'source' AS `auth_type`,`dataset_table`.`create_by` AS `create_by` from `dataset_table` union all select `chart_group`.`id` AS `id`,`chart_group`.`name` AS `name`,`chart_group`.`name` AS `label`,if(isnull(`chart_group`.`pid`),'0',`chart_group`.`pid`) AS `pid`,'spine' AS `node_type`,'chart' AS `model_type`,`chart_group`.`type` AS `model_inner_type`,'source' AS `auth_type`,`chart_group`.`create_by` AS `create_by` from `chart_group` union all select `chart_view`.`id` AS `id`,`chart_view`.`name` AS `name`,`chart_view`.`name` AS `label`,`chart_view`.`scene_id` AS `pid`,'leaf' AS `node_type`,'chart' AS `model_type`,`chart_view`.`type` AS `model_inner_type`,'source' AS `auth_type`,`chart_view`.`create_by` AS `create_by` from `chart_view` union all select `panel_group`.`id` AS `id`,`panel_group`.`name` AS `NAME`,`panel_group`.`name` AS `label`,(case `panel_group`.`id` when 'panel_list' then '0' when 'default_panel' then '0' else `panel_group`.`pid` end) AS `pid`,if((`panel_group`.`node_type` = 'folder'),'spine','leaf') AS `node_type`,'panel' AS `model_type`,`panel_group`.`panel_type` AS `model_inner_type`,'source' AS `auth_type`,`panel_group`.`create_by` AS `create_by` from `panel_group` union all select `sys_menu`.`menu_id` AS `menu_id`,`sys_menu`.`title` AS `name`,`sys_menu`.`title` AS `label`,`sys_menu`.`pid` AS `pid`,if((`sys_menu`.`sub_count` > 0),'spine','leaf') AS `node_type`,'menu' AS `model_type`,(case `sys_menu`.`type` when 0 then 'folder' when 1 then 'menu' when 2 then 'button' end) AS `model_inner_type`,'source' AS `auth_type`,`sys_menu`.`create_by` AS `create_by` from `sys_menu` where (`sys_menu`.`hidden` = 0);

 -- ----------------------------
 -- View structure for v_auth_privilege
@ -176,14 +135,15 @@ delimiter ;
 -- ----------------------------
 DROP FUNCTION IF EXISTS `get_auths`;
 delimiter ;;
-CREATE  FUNCTION `get_auths`(authSource varchar(255),modelType varchar(255),userId varchar(255)) RETURNS longtext CHARSET utf8
+CREATE FUNCTION `get_auths`(authSource varchar(255),modelType varchar(255),userId varchar(255))
+ RETURNS longtext CHARSET utf8
  READS SQL DATA
 BEGIN

 DECLARE oTemp longtext;

 SELECT
-	group_concat( sys_auth_detail.privilege_extend) into oTemp
+	group_concat( DISTINCT sys_auth_detail.privilege_extend) into oTemp
 FROM
 	(
 		`sys_auth`
@ -216,6 +176,73 @@ END
 ;;
 delimiter ;

+-- ----------------------------
+-- Function structure for get_auth_children_count
+-- ----------------------------
+DROP FUNCTION IF EXISTS `get_auth_children_count`;
+delimiter ;;
+CREATE FUNCTION `get_auth_children_count`(pidInfo varchar(255),modelType varchar(255),userName varchar(255))
+ RETURNS varchar(255) CHARSET utf8
+  READS SQL DATA
+BEGIN
+
+DECLARE childrenCount INTEGER;
+
+select count(1)-1 into childrenCount from v_auth_model where FIND_IN_SET(
+		v_auth_model.id,
+	GET_V_AUTH_MODEL_WITH_CHILDREN ( pidInfo, modelType ))
+	AND create_by = userName
+	AND v_auth_model.node_type = 'leaf';
+
+RETURN childrenCount;
+
+END
+;;
+delimiter ;
+
+-- ----------------------------
+-- Function structure for get_grant_auths
+-- ----------------------------
+DROP FUNCTION IF EXISTS `get_grant_auths`;
+delimiter ;;
+CREATE FUNCTION `get_grant_auths`(modelType VARCHAR ( 255 ),
+	userId VARCHAR ( 255 ))
+ RETURNS longtext CHARSET utf8
+  READS SQL DATA
+BEGIN
+	DECLARE
+		oTemp LONGTEXT;
+	SELECT
+		GROUP_CONCAT( DISTINCT v_auth_model.id ) into oTemp
+	FROM
+		v_auth_model
+		LEFT JOIN sys_auth ON v_auth_model.id = sys_auth.auth_source
+		AND v_auth_model.model_type = sys_auth.auth_source_type
+		LEFT JOIN sys_auth_detail ON sys_auth.id = sys_auth_detail.auth_id
+	WHERE
+		privilege_type = 15
+		AND privilege_value = 1
+		AND v_auth_model.model_type = modelType
+		AND (
+			(
+				sys_auth.auth_target_type = 'dept'
+				AND sys_auth.auth_target IN ( SELECT dept_id FROM sys_user WHERE user_id = userId )
+			)
+			OR (
+				sys_auth.auth_target_type = 'user'
+				AND sys_auth.auth_target = userId
+			)
+			OR (
+				sys_auth.auth_target_type = 'role'
+				AND sys_auth.auth_target IN ( SELECT role_id FROM sys_users_roles WHERE user_id = userId )
+			)
+		);
+	RETURN oTemp;
+
+	END
+;;
+delimiter ;
+
 -- ----------------------------
 -- Function structure for GET_PANEL_GROUP_WITH_CHILDREN
 -- ----------------------------
@ -289,7 +316,8 @@ delimiter ;
 -- ----------------------------
 DROP FUNCTION IF EXISTS `GET_V_AUTH_MODEL_ID_P_USE`;
 delimiter ;;
-CREATE  FUNCTION `GET_V_AUTH_MODEL_ID_P_USE`(userId longtext,modelType varchar(255)) RETURNS longtext CHARSET utf8
+CREATE FUNCTION `GET_V_AUTH_MODEL_ID_P_USE`(userId longtext,modelType varchar(255))
+ RETURNS longtext CHARSET utf8
  READS SQL DATA
 BEGIN

@ -403,6 +431,53 @@ SET FOREIGN_KEY_CHECKS = 1;



+SET NAMES utf8mb4;
+SET FOREIGN_KEY_CHECKS = 0;
+
+-- ----------------------------
+-- Table structure for sys_auth
+-- ----------------------------
+DROP TABLE IF EXISTS `sys_auth`;
+CREATE TABLE `sys_auth`  (
+  `id` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+  `auth_source` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权资产源 数据集 视图 仪表板',
+  `auth_source_type` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权资产类型 dataset 数据集 view 视图 panel 仪表板',
+  `auth_target` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权目标 用户 角色 组织 ',
+  `auth_target_type` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权目标类型 user 用户 role 角色 org dept 组织',
+  `auth_time` bigint(13) NULL DEFAULT NULL COMMENT '授权时间',
+  `auth_details` varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权明细 privilegename 名称 privilegeType 权限类型 1 查看 2 管理 3 导出 4 使用 ; privilegeValue 1 不可用 2 可用 3 部分可用',
+  `auth_user` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '授权人员',
+  `update_time` datetime(0) NULL DEFAULT NULL COMMENT '更新时间',
+  PRIMARY KEY (`id`) USING BTREE
+) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci;
+
+-- ----------------------------
+-- Table structure for sys_auth_detail
+-- ----------------------------
+DROP TABLE IF EXISTS `sys_auth_detail`;
+CREATE TABLE `sys_auth_detail`  (
+  `id` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
+  `auth_id` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
+  `privilege_name` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '权限名称',
+  `privilege_type` int(6) NULL DEFAULT NULL COMMENT '权限类型',
+  `privilege_value` int(6) NULL DEFAULT NULL COMMENT '权限值 1 可用 2 不用',
+  `privilege_extend` varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '权限扩展',
+  `remark` varchar(2000) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',
+  `create_user` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
+  `create_time` bigint(13) NULL DEFAULT NULL,
+  `update_time` bigint(13) NULL DEFAULT NULL,
+  PRIMARY KEY (`id`) USING BTREE
+) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci;
+
+-- ----------------------------
+-- Records of sys_auth_detail
+-- ----------------------------
+BEGIN;
+INSERT INTO `sys_auth_detail` VALUES ('chart_grant', 'chart', 'i18n_auth_grant', 15, 0, 'grant', '基础权限-授权', 'system', NULL, NULL), ('chart_manage', 'chart', 'i18n_auth_manage', 3, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('chart_use', 'chart', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('dataset_grant', 'dataset', 'i18n_auth_grant', 15, 0, 'grant', '基础权限-授权', 'system', NULL, NULL), ('dataset_manege', 'dataset', 'i18n_auth_manage', 3, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('dataset_use', 'dataset', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('link_grant', 'link', 'i18n_auth_grant', 15, 0, 'grant', '基础权限-授权', 'system', NULL, NULL), ('link_manage', 'link', 'i18n_auth_manage', 3, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('link_use', 'link', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('menu_grant', 'menu', 'i18n_auth_grant', 15, 0, 'grant', '基础权限-授权', 'system', NULL, NULL), ('menu_use', 'menu', 'i18n_auth_use', 1, 0, 'use', '基础权限-使用', 'system', NULL, NULL), ('panel_export', 'panel', 'i18n_auth_export', 3, 0, 'export', '基础权限-导出', 'system', NULL, NULL), ('panel_grant', 'panel', 'i18n_auth_grant', 15, 0, 'grant', '基础权限-授权', 'system', NULL, NULL), ('panel_manage', 'panel', 'i18n_auth_manage', 5, 0, 'manage', '基础权限-管理', 'system', NULL, NULL), ('panel_use', 'panel', 'i18n_auth_view', 1, 0, 'view', '基础权限-查看', 'system', NULL, NULL);
+COMMIT;
+
+SET FOREIGN_KEY_CHECKS = 1;
+

 DROP TRIGGER if exists`new_auth_link`;
 DROP TRIGGER if exists`delete_auth_link`;
--- a/backend/src/main/resources/i18n/messages_en_US.properties
+++ b/backend/src/main/resources/i18n/messages_en_US.properties
@ -226,6 +226,7 @@ i18n_auth_view=View
 i18n_auth_use=Use
 i18n_auth_export=Export
 i18n_auth_manage=Manage
+i18n_auth_grant=Grant
 i18n_template_system=System Template
 i18n_template_self=Self Template
 i18n_name_cant_repeat_same_group=Name is already exists in the same group
--- a/backend/src/main/resources/i18n/messages_zh_CN.properties
+++ b/backend/src/main/resources/i18n/messages_zh_CN.properties
@ -227,6 +227,7 @@ i18n_auth_view=查看
 i18n_auth_use=使用
 i18n_auth_export=导出
 i18n_auth_manage=管理
+i18n_auth_grant=授权
 i18n_template_system=系统模板
 i18n_template_self=用户模板
 i18n_name_cant_repeat_same_group=同一分组下名称不能重复
--- a/backend/src/main/resources/i18n/messages_zh_TW.properties
+++ b/backend/src/main/resources/i18n/messages_zh_TW.properties
@ -227,6 +227,7 @@ i18n_auth_view=查看
 i18n_auth_use=使用
 i18n_auth_export=導出
 i18n_auth_manage=管理
+i18n_auth_grant=授权
 i18n_template_system=系統模板
 i18n_template_self=用戶模板
 i18n_name_cant_repeat_same_group=同一分組下名稱不能重復
--- a/frontend/src/lang/zh.js
+++ b/frontend/src/lang/zh.js
@ -940,6 +940,7 @@ export default {
    datasetAuth: '数据集权限',
    chartAuth: '视图权限',
    panelAuth: '仪表盘权限',
+    menuAuth: '菜单和操作权限',
    deptHead: '所有组织',
    roleHead: '所有角色',
    userHead: '所有用户',
@ -947,6 +948,7 @@ export default {
    datasetAuthHead: '所有数据',
    chartAuthHead: '所有视图',
    panelAuthHead: '所有仪表盘',
+    menuAuthHead: '所有菜单和操作',
    view: '查看',
    use: '使用',
    export: '导出',
--- a/frontend/src/views/system/authority/authConfig.vue
+++ b/frontend/src/views/system/authority/authConfig.vue
@ -27,7 +27,7 @@
        </el-input>
      </div>
      <el-tabs v-model="sourceActiveName" :class="{'de-search-header': showSourceSearchInput}" @tab-click="handleClick">
-        <el-tab-pane v-for="(sourceInfo, index) in sourceInfoArray" :key="index" :lazy="true" :label="sourceInfo.tabName" :name="sourceInfo.authType">
+        <el-tab-pane v-for="(sourceInfo, index) in sourceInfoTabs" :key="index" :lazy="true" :label="sourceInfo.tabName" :name="sourceInfo.authType">
          <lazy-tree
            v-if="authCondition"
            :active-name="sourceActiveName"
@ -86,26 +86,39 @@ export default {
            tabName: this.$t('auth.linkAuth'),
            head: this.$t('auth.linkAuthHead'),
            direction: 'source',
-            authType: 'link'
+            authType: 'link',
+            authTargets: 'dept,role,user'
          },
          {
            tabName: this.$t('auth.datasetAuth'),
            head: this.$t('auth.datasetAuthHead'),
            direction: 'source',
-            authType: 'dataset'
+            authType: 'dataset',
+            authTargets: 'dept,role,user'
          },
          {
            tabName: this.$t('auth.chartAuth'),
            head: this.$t('auth.linkAuthHead'),
            direction: 'source',
-            authType: 'chart'
+            authType: 'chart',
+            authTargets: 'dept,role,user'
          },
          {
            tabName: this.$t('auth.panelAuth'),
            head: this.$t('auth.panelAuthHead'),
            direction: 'source',
-            authType: 'panel'
-          }],
+            authType: 'panel',
+            authTargets: 'dept,role,user'
+          }
+          // ,
+          // {
+          //   tabName: this.$t('auth.menuAuth'),
+          //   head: this.$t('auth.menuAuthHead'),
+          //   direction: 'source',
+          //   authType: 'menu',
+          //   authTargets: 'role'
+          // }
+        ],
      targetActiveName: null,
      sourceActiveName: null,
      showSourceSearchInput: false,
@ -116,6 +129,17 @@ export default {
      authCondition: null
    }
  },
+  computed: {
+    sourceInfoTabs() {
+      const tabs = []
+      this.sourceInfoArray.forEach(item => {
+        if (item.authTargets.indexOf(this.targetActiveName) > -1) {
+          tabs.push(item)
+        }
+      })
+      return tabs
+    }
+  },
  created() {
    this.targetActiveName = this.targetInfoArray[0].authType
    this.sourceActiveName = this.sourceInfoArray[0].authType