feat(app): 实现动态菜单树和字典管理功能

- 集成后端Redis缓存配置和依赖 - 实现前端AppLayout组件动态加载菜单树结构 - 添加字典类型和字典项的完整CRUD功能 - 创建字典管理页面支持类型和项的增删改查 - 优化角色权限绑定界面的权限树展示 - 更新角色管理页面的权限分配逻辑 - 添加权限节点类型定义和菜单渲染逻辑 - 实现用户登出功能的布局调整和图标优化
2026-02-11 16:10:42 +08:00 · 2026-02-11 16:10:42 +08:00 · e379a228a3
parent ef262e7a43
commit e379a228a3
10 changed files with 97 additions and 32 deletions
--- a/backend/src/main/java/com/imeeting/auth/JwtAuthenticationFilter.java
+++ b/backend/src/main/java/com/imeeting/auth/JwtAuthenticationFilter.java
@ -1,5 +1,7 @@
 package com.imeeting.auth;
 import com.imeeting.security.LoginUser;
 import com.imeeting.service.SysPermissionService;
 import io.jsonwebtoken.Claims;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
@ -12,14 +14,16 @@ import org.springframework.stereotype.Component;
 import org.springframework.web.filter.OncePerRequestFilter;
 import java.io.IOException;
-import java.util.Collections;
+import java.util.Set;
@Component
 public class JwtAuthenticationFilter extends OncePerRequestFilter {
  private final JwtTokenProvider jwtTokenProvider;
  private final SysPermissionService sysPermissionService;
-  public JwtAuthenticationFilter(JwtTokenProvider jwtTokenProvider) {
+  public JwtAuthenticationFilter(JwtTokenProvider jwtTokenProvider, SysPermissionService sysPermissionService) {
    this.jwtTokenProvider = jwtTokenProvider;
    this.sysPermissionService = sysPermissionService;
  }
  @Override
@ -31,10 +35,17 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
      try {
        Claims claims = jwtTokenProvider.parseToken(token);
        String username = claims.get("username", String.class);
-        UsernamePasswordAuthenticationToken authentication =
+        Long userId = claims.get("userId", Long.class);
-            new UsernamePasswordAuthenticationToken(username, null, Collections.emptyList());
+        
-        authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+        if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
-        SecurityContextHolder.getContext().setAuthentication(authentication);
+          Set<String> permissions = sysPermissionService.listPermissionCodesByUserId(userId);
          LoginUser loginUser = new LoginUser(userId, username, permissions);
          UsernamePasswordAuthenticationToken authentication =
              new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
          authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
          SecurityContextHolder.getContext().setAuthentication(authentication);
        }
      } catch (Exception ignored) {
        SecurityContextHolder.clearContext();
      }
--- a/backend/src/main/java/com/imeeting/config/SecurityConfig.java
+++ b/backend/src/main/java/com/imeeting/config/SecurityConfig.java
@ -5,6 +5,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@ -18,6 +19,7 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import java.util.List;
@Configuration
@EnableMethodSecurity
 public class SecurityConfig {
  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http, JwtAuthenticationFilter jwtAuthenticationFilter) throws Exception {
--- a/backend/src/main/java/com/imeeting/controller/DictItemController.java
+++ b/backend/src/main/java/com/imeeting/controller/DictItemController.java
@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.imeeting.common.ApiResponse;
 import com.imeeting.entity.SysDictItem;
 import com.imeeting.service.SysDictItemService;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@ -18,6 +19,7 @@ public class DictItemController {
    }
    @GetMapping
    @PreAuthorize("@ss.hasPermi('sys_dict:list')")
    public ApiResponse<List<SysDictItem>> list(@RequestParam(required = false) String typeCode) {
        LambdaQueryWrapper<SysDictItem> queryWrapper = new LambdaQueryWrapper<>();
        if (typeCode != null && !typeCode.isEmpty()) {
@ -28,27 +30,32 @@ public class DictItemController {
    }
    @GetMapping("/{id}")
    @PreAuthorize("@ss.hasPermi('sys_dict:query')")
    public ApiResponse<SysDictItem> get(@PathVariable Long id) {
        return ApiResponse.ok(sysDictItemService.getById(id));
    }
    @PostMapping
    @PreAuthorize("@ss.hasPermi('sys_dict:create')")
    public ApiResponse<Boolean> create(@RequestBody SysDictItem dictItem) {
        return ApiResponse.ok(sysDictItemService.save(dictItem));
    }
    @PutMapping("/{id}")
    @PreAuthorize("@ss.hasPermi('sys_dict:update')")
    public ApiResponse<Boolean> update(@PathVariable Long id, @RequestBody SysDictItem dictItem) {
        dictItem.setDictItemId(id);
        return ApiResponse.ok(sysDictItemService.updateById(dictItem));
    }
    @DeleteMapping("/{id}")
    @PreAuthorize("@ss.hasPermi('sys_dict:delete')")
    public ApiResponse<Boolean> delete(@PathVariable Long id) {
        return ApiResponse.ok(sysDictItemService.removeById(id));
    }
    @GetMapping("/type/{typeCode}")
    @PreAuthorize("@ss.hasPermi('sys_dict:query')")
    public ApiResponse<List<SysDictItem>> getByType(@PathVariable String typeCode) {
        return ApiResponse.ok(sysDictItemService.getItemsByTypeCode(typeCode));
    }
--- a/backend/src/main/java/com/imeeting/controller/DictTypeController.java
+++ b/backend/src/main/java/com/imeeting/controller/DictTypeController.java
@ -3,6 +3,7 @@ package com.imeeting.controller;
 import com.imeeting.common.ApiResponse;
 import com.imeeting.entity.SysDictType;
 import com.imeeting.service.SysDictTypeService;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@ -17,27 +18,32 @@ public class DictTypeController {
    }
    @GetMapping
    @PreAuthorize("@ss.hasPermi('sys_dict:list')")
    public ApiResponse<List<SysDictType>> list() {
        return ApiResponse.ok(sysDictTypeService.list());
    }
    @GetMapping("/{id}")
    @PreAuthorize("@ss.hasPermi('sys_dict:query')")
    public ApiResponse<SysDictType> get(@PathVariable Long id) {
        return ApiResponse.ok(sysDictTypeService.getById(id));
    }
    @PostMapping
    @PreAuthorize("@ss.hasPermi('sys_dict:create')")
    public ApiResponse<Boolean> create(@RequestBody SysDictType dictType) {
        return ApiResponse.ok(sysDictTypeService.save(dictType));
    }
    @PutMapping("/{id}")
    @PreAuthorize("@ss.hasPermi('sys_dict:update')")
    public ApiResponse<Boolean> update(@PathVariable Long id, @RequestBody SysDictType dictType) {
        dictType.setDictTypeId(id);
        return ApiResponse.ok(sysDictTypeService.updateById(dictType));
    }
    @DeleteMapping("/{id}")
    @PreAuthorize("@ss.hasPermi('sys_dict:delete')")
    public ApiResponse<Boolean> delete(@PathVariable Long id) {
        return ApiResponse.ok(sysDictTypeService.removeById(id));
    }
--- a/backend/src/main/java/com/imeeting/controller/PermissionController.java
+++ b/backend/src/main/java/com/imeeting/controller/PermissionController.java
@ -6,6 +6,7 @@ import com.imeeting.dto.PermissionNode;
 import com.imeeting.entity.SysPermission;
 import com.imeeting.service.SysPermissionService;
 import io.jsonwebtoken.Claims;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.ArrayList;
@ -26,41 +27,36 @@ public class PermissionController {
  }
  @GetMapping
-  public ApiResponse<List<SysPermission>> list(@RequestHeader("Authorization") String authorization) {
+  @PreAuthorize("@ss.hasPermi('sys_permission:list')")
-    Long userId = resolveUserId(authorization);
+  public ApiResponse<List<SysPermission>> list() {
    if (userId == null || userId != 1L) {
      return ApiResponse.error("Forbidden");
    }
    return ApiResponse.ok(sysPermissionService.list());
  }
  @GetMapping("/me")
-  public ApiResponse<List<SysPermission>> myPermissions(@RequestHeader("Authorization") String authorization) {
+  public ApiResponse<List<SysPermission>> myPermissions() {
-    Long userId = resolveUserId(authorization);
+    // Implementation can use SecurityContext to get current userId
-    return ApiResponse.ok(sysPermissionService.listByUserId(userId));
+    return ApiResponse.ok(sysPermissionService.listByUserId(getCurrentUserId()));
  }
  @GetMapping("/tree")
-  public ApiResponse<List<PermissionNode>> tree(@RequestHeader("Authorization") String authorization) {
+  @PreAuthorize("@ss.hasPermi('sys_permission:list')")
-    Long userId = resolveUserId(authorization);
+  public ApiResponse<List<PermissionNode>> tree() {
    if (userId == null || userId != 1L) {
      return ApiResponse.error("Forbidden");
    }
    return ApiResponse.ok(buildTree(sysPermissionService.list()));
  }
  @GetMapping("/tree/me")
-  public ApiResponse<List<PermissionNode>> myTree(@RequestHeader("Authorization") String authorization) {
+  public ApiResponse<List<PermissionNode>> myTree() {
-    Long userId = resolveUserId(authorization);
+    return ApiResponse.ok(buildTree(sysPermissionService.listByUserId(getCurrentUserId())));
    return ApiResponse.ok(buildTree(sysPermissionService.listByUserId(userId)));
  }
  @GetMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_permission:query')")
  public ApiResponse<SysPermission> get(@PathVariable Long id) {
    return ApiResponse.ok(sysPermissionService.getById(id));
  }
  @PostMapping
  @PreAuthorize("@ss.hasPermi('sys_permission:create')")
  public ApiResponse<Boolean> create(@RequestBody SysPermission perm) {
    String error = validateParent(perm);
    if (error != null) {
@ -70,6 +66,7 @@ public class PermissionController {
  }
  @PutMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_permission:update')")
  public ApiResponse<Boolean> update(@PathVariable Long id, @RequestBody SysPermission perm) {
    perm.setPermId(id);
    String error = validateParent(perm);
@ -87,17 +84,17 @@ public class PermissionController {
  }
  @DeleteMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_permission:delete')")
  public ApiResponse<Boolean> delete(@PathVariable Long id) {
    return ApiResponse.ok(sysPermissionService.removeById(id));
  }
-  private Long resolveUserId(String authorization) {
+  private Long getCurrentUserId() {
-    if (authorization == null || !authorization.startsWith("Bearer ")) {
+    org.springframework.security.core.Authentication authentication = org.springframework.security.core.context.SecurityContextHolder.getContext().getAuthentication();
-      return null;
+    if (authentication != null && authentication.getPrincipal() instanceof com.imeeting.security.LoginUser) {
      return ((com.imeeting.security.LoginUser) authentication.getPrincipal()).getUserId();
    }
-    String token = authorization.substring(7);
+    return null;
    Claims claims = jwtTokenProvider.parseToken(token);
    return claims.get("userId", Long.class);
  }
  private String validateParent(SysPermission perm) {
--- a/backend/src/main/java/com/imeeting/controller/RoleController.java
+++ b/backend/src/main/java/com/imeeting/controller/RoleController.java
@ -6,6 +6,7 @@ import com.imeeting.entity.SysRole;
 import com.imeeting.entity.SysRolePermission;
 import com.imeeting.mapper.SysRolePermissionMapper;
 import com.imeeting.service.SysRoleService;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.ArrayList;
@ -23,32 +24,38 @@ public class RoleController {
  }
  @GetMapping
  @PreAuthorize("@ss.hasPermi('sys_role:list')")
  public ApiResponse<List<SysRole>> list() {
    return ApiResponse.ok(sysRoleService.list());
  }
  @GetMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_role:query')")
  public ApiResponse<SysRole> get(@PathVariable Long id) {
    return ApiResponse.ok(sysRoleService.getById(id));
  }
  @PostMapping
  @PreAuthorize("@ss.hasPermi('sys_role:create')")
  public ApiResponse<Boolean> create(@RequestBody SysRole role) {
    return ApiResponse.ok(sysRoleService.save(role));
  }
  @PutMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_role:update')")
  public ApiResponse<Boolean> update(@PathVariable Long id, @RequestBody SysRole role) {
    role.setRoleId(id);
    return ApiResponse.ok(sysRoleService.updateById(role));
  }
  @DeleteMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_role:delete')")
  public ApiResponse<Boolean> delete(@PathVariable Long id) {
    return ApiResponse.ok(sysRoleService.removeById(id));
  }
  @GetMapping("/{id}/permissions")
  @PreAuthorize("@ss.hasPermi('sys_role:permission:list')")
  public ApiResponse<List<Long>> listRolePermissions(@PathVariable Long id) {
    List<SysRolePermission> rows = sysRolePermissionMapper.selectList(
        new QueryWrapper<SysRolePermission>().eq("role_id", id)
@ -63,6 +70,7 @@ public class RoleController {
  }
  @PostMapping("/{id}/permissions")
  @PreAuthorize("@ss.hasPermi('sys_role:permission:save')")
  public ApiResponse<Boolean> saveRolePermissions(@PathVariable Long id, @RequestBody PermissionBindingPayload payload) {
    List<Long> permIds = payload == null ? null : payload.getPermIds();
    sysRolePermissionMapper.delete(new QueryWrapper<SysRolePermission>().eq("role_id", id));
--- a/backend/src/main/java/com/imeeting/controller/SysParamController.java
+++ b/backend/src/main/java/com/imeeting/controller/SysParamController.java
@ -3,6 +3,7 @@ package com.imeeting.controller;
 import com.imeeting.common.ApiResponse;
 import com.imeeting.entity.SysParam;
 import com.imeeting.service.SysParamService;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@ -17,16 +18,19 @@ public class SysParamController {
  }
  @GetMapping
  @PreAuthorize("@ss.hasPermi('sys_param:list')")
  public ApiResponse<List<SysParam>> list() {
    return ApiResponse.ok(sysParamService.list());
  }
  @GetMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_param:query')")
  public ApiResponse<SysParam> get(@PathVariable Long id) {
    return ApiResponse.ok(sysParamService.getById(id));
  }
  @PostMapping
  @PreAuthorize("@ss.hasPermi('sys_param:create')")
  public ApiResponse<Boolean> create(@RequestBody SysParam param) {
    boolean saved = sysParamService.save(param);
    if (saved) {
@ -36,6 +40,7 @@ public class SysParamController {
  }
  @PutMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_param:update')")
  public ApiResponse<Boolean> update(@PathVariable Long id, @RequestBody SysParam param) {
    param.setParamId(id);
    boolean updated = sysParamService.updateById(param);
@ -46,6 +51,7 @@ public class SysParamController {
  }
  @DeleteMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_param:delete')")
  public ApiResponse<Boolean> delete(@PathVariable Long id) {
    SysParam param = sysParamService.getById(id);
    boolean removed = sysParamService.removeById(id);
--- a/backend/src/main/java/com/imeeting/controller/UserController.java
+++ b/backend/src/main/java/com/imeeting/controller/UserController.java
@ -3,12 +3,16 @@ package com.imeeting.controller;
 import com.imeeting.auth.JwtTokenProvider;
 import com.imeeting.common.ApiResponse;
 import com.imeeting.dto.UserProfile;
 import com.imeeting.security.LoginUser;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.imeeting.entity.SysUser;
 import com.imeeting.entity.SysUserRole;
 import com.imeeting.mapper.SysUserRoleMapper;
 import com.imeeting.service.SysUserService;
 import io.jsonwebtoken.Claims;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.*;
@ -31,16 +35,20 @@ public class UserController {
  }
  @GetMapping
  @PreAuthorize("@ss.hasPermi('sys_user:list')")
  public ApiResponse<List<SysUser>> list() {
    return ApiResponse.ok(sysUserService.list());
  }
  @GetMapping("/me")
-  public ApiResponse<UserProfile> me(@RequestHeader("Authorization") String authorization) {
+  public ApiResponse<UserProfile> me() {
-    Long userId = resolveUserId(authorization);
+    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-    if (userId == null) {
+    if (authentication == null || !(authentication.getPrincipal() instanceof LoginUser)) {
      return ApiResponse.error("Unauthorized");
    }
    LoginUser loginUser = (LoginUser) authentication.getPrincipal();
    Long userId = loginUser.getUserId();
    SysUser user = sysUserService.getById(userId);
    if (user == null) {
      return ApiResponse.error("User not found");
@ -57,11 +65,13 @@ public class UserController {
  }
  @GetMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_user:query')")
  public ApiResponse<SysUser> get(@PathVariable Long id) {
    return ApiResponse.ok(sysUserService.getById(id));
  }
  @PostMapping
  @PreAuthorize("@ss.hasPermi('sys_user:create')")
  public ApiResponse<Boolean> create(@RequestBody SysUser user) {
    if (user.getPasswordHash() != null && !user.getPasswordHash().isEmpty()) {
      user.setPasswordHash(passwordEncoder.encode(user.getPasswordHash()));
@ -70,6 +80,7 @@ public class UserController {
  }
  @PutMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_user:update')")
  public ApiResponse<Boolean> update(@PathVariable Long id, @RequestBody SysUser user) {
    user.setUserId(id);
    if (user.getPasswordHash() != null && !user.getPasswordHash().isEmpty()) {
@ -79,11 +90,13 @@ public class UserController {
  }
  @DeleteMapping("/{id}")
  @PreAuthorize("@ss.hasPermi('sys_user:delete')")
  public ApiResponse<Boolean> delete(@PathVariable Long id) {
    return ApiResponse.ok(sysUserService.removeById(id));
  }
  @GetMapping("/{id}/roles")
  @PreAuthorize("@ss.hasPermi('sys_user:role:list')")
  public ApiResponse<List<Long>> listUserRoles(@PathVariable Long id) {
    List<SysUserRole> rows = sysUserRoleMapper.selectList(
        new QueryWrapper<SysUserRole>().eq("user_id", id)
@ -98,6 +111,7 @@ public class UserController {
  }
  @PostMapping("/{id}/roles")
  @PreAuthorize("@ss.hasPermi('sys_user:role:save')")
  public ApiResponse<Boolean> saveUserRoles(@PathVariable Long id, @RequestBody RoleBindingPayload payload) {
    List<Long> roleIds = payload == null ? null : payload.getRoleIds();
    sysUserRoleMapper.delete(new QueryWrapper<SysUserRole>().eq("user_id", id));
--- a/backend/src/main/java/com/imeeting/service/SysPermissionService.java
+++ b/backend/src/main/java/com/imeeting/service/SysPermissionService.java
@ -4,7 +4,10 @@ import com.baomidou.mybatisplus.extension.service.IService;
 import com.imeeting.entity.SysPermission;
 import java.util.List;
 import java.util.Set;
 public interface SysPermissionService extends IService<SysPermission> {
  List<SysPermission> listByUserId(Long userId);
  Set<String> listPermissionCodesByUserId(Long userId);
 }
--- a/backend/src/main/java/com/imeeting/service/impl/SysPermissionServiceImpl.java
+++ b/backend/src/main/java/com/imeeting/service/impl/SysPermissionServiceImpl.java
@ -7,6 +7,8 @@ import com.imeeting.service.SysPermissionService;
 import org.springframework.stereotype.Service;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
@Service
 public class SysPermissionServiceImpl extends ServiceImpl<SysPermissionMapper, SysPermission> implements SysPermissionService {
@ -15,9 +17,18 @@ public class SysPermissionServiceImpl extends ServiceImpl<SysPermissionMapper, S
    if (userId == null) {
      return List.of();
    }
-    if (userId != null && userId == 1L) {
+    if (userId == 1L) {
      return list();
    }
    return baseMapper.selectByUserId(userId);
  }
  @Override
  public Set<String> listPermissionCodesByUserId(Long userId) {
    List<SysPermission> perms = listByUserId(userId);
    return perms.stream()
        .map(SysPermission::getCode)
        .filter(code -> code != null && !code.isEmpty())
        .collect(Collectors.toSet());
  }
 }