优化数据权限

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/common/BpmConst.java

@@ -8,6 +8,8 @@ package cc.smtweb.system.bpm.web.common;
 public interface BpmConst {
 
     String DEF_PWD = "abc@123456"; //初始密码
+    String MENU_KEY = "__menuId";// 菜单ID key
+    String KEY_HEADER_MENU = "hmk"; // header中的菜单ID
 
     interface DataRight {
         public final static Long CUR_VALUE = 999L;//本机构，本部门

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/AbstractDynPageHandler.java

@@ -37,6 +37,7 @@ public abstract class AbstractDynPageHandler extends AbstractHandler {
 
         provider.pageId = form.getId();
         provider.datasets = datasets;
+        provider.us = us;
     }
 
     protected PageDataset findDataset(String name) {

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageHelper.java

@@ -13,6 +13,7 @@ import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.exception.SwException;
 import cc.smtweb.framework.core.mvc.service.SqlNamedPara;
 import cc.smtweb.framework.core.mvc.service.TreeHelper;
+import cc.smtweb.framework.core.session.UserSession;
 import cc.smtweb.framework.core.util.MapUtil;
 import cc.smtweb.framework.core.util.NumberUtil;
 import cc.smtweb.framework.core.util.SqlUtil;
@@ -83,21 +84,21 @@ public class DynPageHelper {
      * @param dataSet
      * @return
      */
-    public static SqlNamedPara buildSelectSql(PageDataset dataSet, Map<String, Object> params) {
-        return buildSelectSqlEx(dataSet, params, null);
+    public static SqlNamedPara buildSelectSql(PageDataset dataSet, SwMap params,UserSession us) {
+        return buildSelectSqlEx(dataSet, params,us,null);
     }
 
-    public static SqlNamedPara buildSelectSqlEx(PageDataset dataSet, Map<String, Object> params, IBuildSqlListener listener) {
-        SqlNamedPara sqlNamedPara = buildWhereSql(dataSet, params, listener);
+    public static SqlNamedPara buildSelectSqlEx(PageDataset dataSet,SwMap params,UserSession us, IBuildSqlListener listener) {
+        SqlNamedPara sqlNamedPara = buildWhereSql(dataSet, params,us, listener);
         buildSelectSql(dataSet, params, sqlNamedPara, listener);
         return sqlNamedPara;
     }
 
     //构建树型查询语句，插入parent_id=?
-    public static SqlNamedPara buildTreeSelectSql(PageDataset dataSet, SwMap params, long parentId) {
+    public static SqlNamedPara buildTreeSelectSql(PageDataset dataSet, SwMap params,UserSession us, long parentId) {
         ModelTable table = ModelTableCache.getInstance().get(dataSet.masterTable);
         if (table == null) throw new SwException("没有找到指定的表：" + dataSet.masterTable);
-        SqlNamedPara sqlNamedPara = buildWhereSql(dataSet, params, null);
+        SqlNamedPara sqlNamedPara = buildWhereSql(dataSet, params,us, null);
         if (table.getType() == SwEnum.TableType.TYPE_TREE.value) {//是树型结构，才做处理
             ModelField field = table.findFieldByType(SwEnum.FieldType.PARENT_ID.value);
             if (field == null) throw new SwException("树型表（" + table.getName() + "）未定义上级id字段！");
@@ -115,10 +116,10 @@ public class DynPageHelper {
     }
 
     //构建过滤查询语句
-    public static SqlNamedPara buildFilterSelectSql(PageDataset dataSet, SwMap params, String text) {
+    public static SqlNamedPara buildFilterSelectSql(PageDataset dataSet, SwMap params,UserSession us, String text) {
         ModelTable table = ModelTableCache.getInstance().get(dataSet.masterTable);
         if (table == null) throw new SwException("没有找到指定的表：" + dataSet.masterTable);
-        SqlNamedPara sqlNamedPara = buildWhereSql(dataSet, params, null);
+        SqlNamedPara sqlNamedPara = buildWhereSql(dataSet, params,us, null);
         if (StringUtils.isNotEmpty(text)) {//有文本信息
             StringBuilder sql = new StringBuilder(128);
             ModelField field = table.findFieldByType(SwEnum.FieldType.CODE.value);
@@ -247,7 +248,7 @@ public class DynPageHelper {
      * @param params
      * @return
      */
-    private static SqlNamedPara buildWhereSql(PageDataset dataSet, Map<String, Object> params, IBuildSqlListener listener) {
+    private static SqlNamedPara buildWhereSql(PageDataset dataSet, SwMap params,UserSession us, IBuildSqlListener listener) {
         StringBuilder sql = new StringBuilder(512);
         SwMap args = new SwMap();
 
@@ -260,7 +261,7 @@ public class DynPageHelper {
             setFixedFilter.add(filter.name);
         }
         if (!dataSet.dynCond.isEmpty()) {
-            String s = buildDynCondSql(dataSet, dataSet.dynCond, params, args, setFixedFilter);
+            String s = buildDynCondSql(dataSet, dataSet.dynCond, params,us, args, setFixedFilter);
             if (StringUtils.isNotEmpty(s)) {
                 if (sql.length() > 0) sql.append(" and ");
                 sql.append(s);
@@ -274,7 +275,8 @@ public class DynPageHelper {
         for (PageDatasetFilter filter : dataSet.filters) {
             if(!setFixedFilter.contains(filter.name))break;
             if(filter.dataRightType<=0L)break;
-            buildDataRight(filter.dataRightType,filter.sqlName,MapUtil.readString(params, filter.name, ""),sql,args);
+            if (sql.length() > 0) sql.append(" and ");
+            buildDataRight(filter.dataRightType,filter.sqlName,MapUtil.readString(params, filter.name, ""),sql,args,params,us);
         }
         return new SqlNamedPara(sql.toString(), args);
     }
@@ -285,18 +287,19 @@ public class DynPageHelper {
      * @param dataSet
      * @param dynCond
      * @param params
+     * @param us
      * @param args
      * @param setFixedFilter
      * @return
      */
-    private static String buildDynCondSql(PageDataset dataSet, PageDatasetDynCond dynCond, Map<String, Object> params, SwMap args, Set<String> setFixedFilter) {
+    private static String buildDynCondSql(PageDataset dataSet, PageDatasetDynCond dynCond, SwMap params,UserSession us, SwMap args, Set<String> setFixedFilter) {
         if (dynCond.isCondOpt()) {//是and/or
             if (dynCond.children == null || dynCond.children.isEmpty()) return "";
             StringBuilder sql = new StringBuilder(256);
             boolean b = false;
             //递归调用
             for (PageDatasetDynCond dc : dynCond.children) {
-                String s = buildDynCondSql(dataSet, dc, params, args, setFixedFilter);
+                String s = buildDynCondSql(dataSet, dc, params,us, args, setFixedFilter);
                 if (StringUtils.isEmpty(s)) continue;
 
                 if (b) sql.append(" ").append(dynCond.opt).append(" ");
@@ -325,7 +328,7 @@ public class DynPageHelper {
         if (value == null || StringUtils.isEmpty(value.toString())) {
             if(filter.dataRightType>0L){
                 StringBuilder frSql = new StringBuilder();
-                buildDataRight(filter.dataRightType,filter.sqlName,value.toString(),frSql,args);
+                buildDataRight(filter.dataRightType,filter.sqlName,"",frSql,args,params,us);
                 return frSql.toString();
             }
             if (filter.required) {
@@ -339,7 +342,7 @@ public class DynPageHelper {
         // 添加数据权限
         if(filter.dataRightType>0L){
            StringBuilder frSql = new StringBuilder();
-            buildDataRight(filter.dataRightType,filter.sqlName,value.toString(),frSql,args);
+            buildDataRight(filter.dataRightType,filter.sqlName,value.toString(),frSql,args,params,us);
             if(frSql.length()>0){
               if(StringUtil.isEmpty(optWhere)){
                   optWhere = frSql.toString();
@@ -371,13 +374,16 @@ public class DynPageHelper {
      * @param value 值
      * @param sql sql语句
      * @param args 参数
+     * @param params 参数
+     * @param us 用户session
      */
-    private static void buildDataRight(long dsType,String sqlField,String value,StringBuilder sql,SwMap args){
+    private static void buildDataRight(long dsType,String sqlField,String value,StringBuilder sql,SwMap args,SwMap params,UserSession us){
         DataRightDefine drd = DataRightDefineCache.getInstance().get(dsType);
         if(drd==null){return;}
         try{
             IDataRightHandler dataRightHandler = IDataRightTreeFactory.getInstance().getHandler(drd.getCode());
-            dataRightHandler.buildSqlWhere(true,sqlField,value,sql,args);
+            dataRightHandler.init(us,params);
+            dataRightHandler.buildSqlWhere(sqlField,value,sql,args);
         }catch (Exception e){
             log.error("加载数据权限失败：",e);
             throw new SwException(e);

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageListHandler.java

@@ -50,7 +50,7 @@ public class DynPageListHandler extends AbstractListHandler {
 
     @Override
     protected SqlPara buildSqlPara() {
-        return DynPageHelper.buildSelectSql(pageDataSet, filter);
+        return DynPageHelper.buildSelectSql(pageDataSet, filter,us);
     }
 
     @Override

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageLoadHandler.java

@@ -1,11 +1,15 @@
 package cc.smtweb.system.bpm.web.engine.dynPage;
 
 import cc.smtweb.framework.core.common.R;
+import cc.smtweb.framework.core.common.SwConsts;
 import cc.smtweb.framework.core.common.SwEnum;
 import cc.smtweb.framework.core.common.SwMap;
 import cc.smtweb.framework.core.mvc.service.SwListData;
+import cc.smtweb.system.bpm.web.common.BpmConst;
 import cc.smtweb.system.bpm.web.design.form.define.PageDataset;
 
+import static cc.smtweb.system.bpm.web.common.BpmConst.KEY_HEADER_MENU;
+
 /**
  * Created by Akmm at 2022/4/21 17:53
  */
@@ -102,9 +106,13 @@ public class DynPageLoadHandler extends AbstractDynPageHandler {
     public R loadOne() {
         //过滤条件
         SwMap filter = params.readMap("filter");
+        SwMap header = params.readMap(SwConsts.PARAMS_HEADER_KEY);
+        if(header!=null){
+            filter.put(BpmConst.MENU_KEY,header.get(KEY_HEADER_MENU));
+        }
         //对应的数据集定义
         PageDataset pageDataSet = readParamDs();
-        
+
         DynRetBean bean = null;
         if (SwEnum.DatasetType.LIST.value.equals(pageDataSet.type)) {//列表类
             bean = DynRetBean.createList(getListWorker(filter, pageDataSet).buildListData());
@@ -129,7 +137,10 @@ public class DynPageLoadHandler extends AbstractDynPageHandler {
         PageDataset pageDataSet = readParamDs();
         //过滤条件
         SwMap filter = params.readMap("filter");
-
+        SwMap header = params.readMap(SwConsts.PARAMS_HEADER_KEY);
+        if(header!=null){
+            filter.put(BpmConst.MENU_KEY,header.get(KEY_HEADER_MENU));
+        }
         return getListWorker(filter, pageDataSet).getTotal();
     }
 }

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageProvider.java

@@ -11,6 +11,7 @@ import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.exception.SwException;
 import cc.smtweb.framework.core.mvc.service.AbstractCompProvider;
 import cc.smtweb.framework.core.mvc.service.SqlNamedPara;
+import cc.smtweb.framework.core.session.UserSession;
 import cc.smtweb.system.bpm.web.design.form.define.PageDataset;
 import cc.smtweb.system.bpm.web.design.form.define.PageDatasets;
 
@@ -20,11 +21,12 @@ import cc.smtweb.system.bpm.web.design.form.define.PageDatasets;
 public class DynPageProvider extends AbstractCompProvider {
     protected long pageId;
     protected PageDatasets datasets;
+    protected UserSession us;
 
     //加载表单类数据集（单条）
     public SwMap loadData(SwMap filter, PageDataset pageDataSet) {
         return doGetData(pageDataSet.id, () -> {
-            SqlNamedPara sqlPara = DynPageHelper.buildSelectSql(pageDataSet, filter);
+            SqlNamedPara sqlPara = DynPageHelper.buildSelectSql(pageDataSet, filter,us);
             SwMap map = DbEngine.getInstance().queryEntityN(sqlPara.sql, sqlPara.mapParas, SwMap.class);
             if (map == null) {
                 return new SwMap();
@@ -43,7 +45,7 @@ public class DynPageProvider extends AbstractCompProvider {
             EntityDao<T> dao = DbEngine.getInstance().findDao(masterTable.getName());
             T bean = dao.createBean();
 
-            SqlNamedPara sqlPara = DynPageHelper.buildSelectSql(pageDataSet, filter);
+            SqlNamedPara sqlPara = DynPageHelper.buildSelectSql(pageDataSet, filter,us);
             SwMap map = DbEngine.getInstance().queryEntityN(sqlPara.sql, sqlPara.mapParas, SwMap.class);
             if (map == null) {
                 return bean;

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/dynPage/DynPageTreeHandler.java

@@ -54,7 +54,7 @@ public class DynPageTreeHandler extends AbstractTreeHandler<SwMap> {
      * @return
      */
     protected SqlNamedPara buildDataSqlPara(long id) {
-        return DynPageHelper.buildTreeSelectSql(pageDataSet, filter, id);
+        return DynPageHelper.buildTreeSelectSql(pageDataSet, filter,us, id);
     }
 
     /**
@@ -65,7 +65,7 @@ public class DynPageTreeHandler extends AbstractTreeHandler<SwMap> {
     protected SqlNamedPara buildFilterSqlPara(String text) {
         //
         filter.remove("parent_id");
-        return DynPageHelper.buildFilterSelectSql(pageDataSet, filter, text);
+        return DynPageHelper.buildFilterSelectSql(pageDataSet, filter,us, text);
     }
 
     @Override

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/model/common/FlowModelListHandler.java

@@ -21,7 +21,7 @@ public class FlowModelListHandler extends ModelListHandler {
     };
     @Override
     protected SqlPara buildSqlPara() {
-        return DynPageHelper.buildSelectSqlEx(pageDataSet, filter, sqlListener);
+        return DynPageHelper.buildSelectSqlEx(pageDataSet, filter,us, sqlListener);
     }
 
 }

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/engine/model/common/ModelListHandler.java

@@ -1,9 +1,11 @@
 package cc.smtweb.system.bpm.web.engine.model.common;
 
 import cc.smtweb.framework.core.common.R;
+import cc.smtweb.framework.core.common.SwConsts;
 import cc.smtweb.framework.core.common.SwMap;
 import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.session.UserSession;
+import cc.smtweb.system.bpm.web.common.BpmConst;
 import cc.smtweb.system.bpm.web.design.form.ModelForm;
 import cc.smtweb.system.bpm.web.design.form.ModelFormHelper;
 import cc.smtweb.system.bpm.web.design.form.define.PageDataset;
@@ -11,6 +13,8 @@ import cc.smtweb.system.bpm.web.design.form.define.PageDatasets;
 import cc.smtweb.system.bpm.web.engine.dynPage.DynPageListHandler;
 import cc.smtweb.system.bpm.web.engine.dynPage.DynRetBean;
 
+import static cc.smtweb.system.bpm.web.common.BpmConst.KEY_HEADER_MENU;
+
 /**
  * Created by Akmm at 2022-09-15 15:01
  * 模型列表handler
@@ -38,6 +42,10 @@ public class ModelListHandler extends DynPageListHandler {
         if (datasets == null || datasets.list == null) throw new BizException("没有找到页面定义的数据集数据(" + pageId + ")！");
 
         filter = params.readMap("filter");
+        SwMap header = params.readMap(SwConsts.PARAMS_HEADER_KEY);
+        if(header!=null){
+            filter.put(BpmConst.MENU_KEY,header.get(KEY_HEADER_MENU));
+        }
         pageDataSet = datasets.findByName(dsName);
     }
 

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/dev/ComboHandler.java

@@ -140,7 +140,7 @@ public class ComboHandler {
         protected SqlPara buildSqlPara() {
             SwMap swMap = (SwMap) filter.clone();
             swMap.remove("mf_right");
-            return DynPageHelper.buildSelectSql(pageDataSet, swMap);
+            return DynPageHelper.buildSelectSql(pageDataSet, swMap,us);
         }
 
         @Override

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/dataRightGroup/AbsTreeDataRightHandler.java

@@ -13,7 +13,6 @@ import java.util.Map;
  * 数据权限计算处理抽象类
  */
 public abstract class AbsTreeDataRightHandler implements IDataRightHandler{
-    protected final static String KEY_HEADER_MENU = "hmk";
     //权限查找结果常量定义
     protected final static int RIGHT_RET_NONE = 0; //未找到
     protected final static int RIGHT_RET_IN_CHILD = 1;//找到，包含，且含下级
@@ -38,18 +37,13 @@ public abstract class AbsTreeDataRightHandler implements IDataRightHandler{
     public void init(UserSession us,SwMap params) {
         this.us = us;
         this.params = params;
-        // 获取header中的菜单ID
-        SwMap header = params.readMap(SwConsts.PARAMS_HEADER_KEY);
-        long menuId = 0L;
-        if(header!=null){
-            menuId = header.readLong(KEY_HEADER_MENU);
-        }
+        long menuId = params.readLong(BpmConst.MENU_KEY,0L);
         if (us == null) return;
         this.isByRight = true;
         mapRight = DataRightHelper.getDataRightItemMap(getDataRightType(), menuId, us);
         if (mapRight == null) return;
         //将本单位处理下
-        DataRightGroupItem drgi = mapRight.remove(BpmConst.DataRight.CUR_VALUE);
+        DataRightGroupItem drgi = mapRight.remove(BpmConst.DataRight.CUR_VALUE+"");
         if (drgi != null) {
             DataRightGroupItem d = new DataRightGroupItem();
             d.getData().putAll(drgi.getData());

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/dataRightGroup/IDataRightHandler.java

@@ -12,5 +12,5 @@ import java.util.List;
 public interface IDataRightHandler {
     void init(UserSession us,SwMap params);
     //构建sql
-    boolean buildSqlWhere(boolean where, String sqlField, String value, StringBuilder sql, SwMap args);
+    void buildSqlWhere(String sqlField, String value, StringBuilder sql, SwMap args);
 }

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/dataRightGroup/impl/PartyDataRightHandler.java

@@ -4,6 +4,7 @@ import cc.smtweb.framework.core.common.SwConsts;
 import cc.smtweb.framework.core.common.SwMap;
 import cc.smtweb.framework.core.db.EntityHelper;
 import cc.smtweb.framework.core.util.CommUtil;
+import cc.smtweb.framework.core.util.StringUtil;
 import cc.smtweb.system.bpm.web.common.BpmConst;
 import cc.smtweb.system.bpm.web.common.BpmEnum;
 import cc.smtweb.system.bpm.web.sys.user.dataRightGroup.AbsTreeDataRightHandler;
@@ -33,8 +34,8 @@ public class PartyDataRightHandler extends AbsTreeDataRightHandler {
     }
 
     @Override
-    public boolean buildSqlWhere(boolean where, String sqlField, String value, StringBuilder sql, SwMap args) {
-        return false;
+    public void buildSqlWhere(String sqlField, String value, StringBuilder sql, SwMap args) {
+        buildSqlWhere(sqlField, StringUtil.isEmpty(value) ? 0L: Long.parseLong(value), true,true,sql,args);
     }
     /**
      * 根据菜单数据权限，找有权限的顶级机构列表
@@ -136,7 +137,6 @@ public class PartyDataRightHandler extends AbsTreeDataRightHandler {
     /**
      * 获取查询语句，使用子查询的方式，数据权限越复杂，构建的语句就越复杂
      *
-     * @param where       是否带的有where了，确定是where还是and
      * @param sqlField    查询的表的单位字段
      * @param partyId     查询条件机构的值，可以为空
      * @param qnext       是否带下级 注意：此方法仅单位管理使用。
@@ -144,30 +144,24 @@ public class PartyDataRightHandler extends AbsTreeDataRightHandler {
      * @param sql         sql
      * @param args        参数
      */
-    public boolean buildSqlWhere(boolean where, String sqlField, long partyId, boolean qnext,
+    public void buildSqlWhere(String sqlField, long partyId, boolean qnext,
                                  boolean includeSelf, StringBuilder sql, SwMap args) {
         if (partyId>0L) {//前端页面传入了单位id
             Party party = PartyCache.getInstance().get(partyId);
             if (isByRight&&party==null) {
-                if (where) sql.append(" and ");
-                else sql.append(" where ");
                 sql.append(" 1 <> 1 ");
-                return true;
+                return ;
             }
             if (party != null) {//单位不存在，则默认查所有，押后
                 int nret = hasRight(partyId);
                 if (nret == RIGHT_RET_IN_NOCHILD) {//不包含下级，则直接等于即可
-                    if (where) sql.append(" and ");
-                    else sql.append(" where ");
                     sql.append(" ").append(sqlField).append(" =:_dr_partyId ");
                     args.put("_dr_partyId",partyId);
-                    return true;
+                    return;
                 }
                 if (nret == RIGHT_RET_EX) {//不包含，直接用顶级单位的id来筛选，应该是无数据返回
-                    if (where) sql.append(" and ");
-                    else sql.append(" where ");
                     sql.append(" 1 <> 1 ");
-                    return true;
+                    return;
                 }
             } else {
                 partyId = SwConsts.DEF_ROOT_ID_LONG;
@@ -189,27 +183,22 @@ public class PartyDataRightHandler extends AbsTreeDataRightHandler {
         }
 
         if (sqlAnd.length() == 0 && sqlOr.length() == 0) {
-            return where;
+            return ;
         }
 
-        if (where) sql.append(" and ");
-        else sql.append(" where ");
+
 
         if (sqlOr.length() > 0) {
             sql.append("\nEXISTS(\n" +
-                    "  SELECT pt_id FROM " + EntityHelper.getSchemaTableName(Party.ENTITY_NAME) + " r2 WHERE r2.party_id=" + sqlField);
+                    "  SELECT pt_id FROM " + EntityHelper.getSchemaTableName(Party.ENTITY_NAME) + " r2 WHERE r2.pt_id=" + sqlField);
             sql.append(" and (").append(sqlOr.substring(4)).append("))");
-            return true;
+            return ;
         }
         if (sqlAnd.length() > 0) {
-            sql.append("\nand not EXISTS(\n" +
-                    "  SELECT pt_id FROM " + EntityHelper.getSchemaTableName(Party.ENTITY_NAME)+ " r2 WHERE r2.party_id=" + sqlField);
+            sql.append("\n not EXISTS(\n" +
+                    "  SELECT pt_id FROM " + EntityHelper.getSchemaTableName(Party.ENTITY_NAME)+ " r2 WHERE r2.pt_id=" + sqlField);
             sql.append(" and (").append(sqlAnd.substring(4)).append("))");
-            return true;
         }
-        return false;
-
-
     }
     private void addPartySql(long partyId, boolean isInclude, boolean hasChild, boolean qnext, boolean includeSelf, StringBuilder sqlAnd, StringBuilder sqlOr, SwMap args) {
         if (partyId<=0L) return;

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/menuPlan/MenuPlanHandler.java

@@ -7,6 +7,7 @@ import cc.smtweb.framework.core.db.jdbc.IDbWorker;
 import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.mvc.service.AbstractHandler;
 import cc.smtweb.framework.core.mvc.service.SwListData;
+import cc.smtweb.framework.core.session.UserSession;
 import cc.smtweb.framework.core.util.CommUtil;
 import cc.smtweb.framework.core.util.JsonUtil;
 import cc.smtweb.system.bpm.web.design.form.define.PageDataset;

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleHandler.java

@@ -6,6 +6,7 @@ import cc.smtweb.framework.core.common.SwMap;
 import cc.smtweb.framework.core.db.DbEngine;
 import cc.smtweb.framework.core.exception.BizException;
 import cc.smtweb.framework.core.mvc.service.SwListData;
+import cc.smtweb.framework.core.session.UserSession;
 import cc.smtweb.framework.core.util.StringUtil;
 import cc.smtweb.system.bpm.web.common.BpmEnum;
 import cc.smtweb.system.bpm.web.design.form.ModelForm;

smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/role/RoleRightContent.java

@@ -121,6 +121,7 @@ public class RoleRightContent {
      */
     public long getDataRightGroupId(long menuId, long dataRightId){
         RoleRight right = getRoleRight(menuId);
+        if(right ==null) return 0L;
         List<Map<String, Object>> list = right.getRightData();
         if(CommUtil.isEmpty(list))return 0L;
         for(Map<String,Object> map :list){