Merge branch 'master' into main_hhl0209

Reviewed-on: #20

doc/新增表和数据字段在此说明.txt

@@ -0,0 +1,10 @@
+日期：2026-02-20（新增表）
+新增表：xxx_demo（附件表说明到doc内）
+
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
+
+日期：2026-02-21（新增字段）
+表名：xxx_demo
+字段                     类型                   长度
+xx_aa                  varchar              20
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------

lidee-admin/src/main/resources/application-local.yaml

@@ -9,15 +9,23 @@ spring:
       datasource:
         master:
           # MYSQL数据库 主库，业务库
+          url: jdbc:mysql://127.0.0.1:3306/gr_report?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&rewriteBatchedStatements=true # MySQL Connector/J 8.X 连接的示例
           username: root
+          password: root
         lideeyunji: # 从库，框架库
+          url: jdbc:mysql://127.0.0.1:3306/gr_report?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true # MySQL Connector/J 8.X 连接的示例
           username: root
+          password: root
         slave: # 日志库单独
           lazy: true # 开启懒加载，保证启动速度
+          url: jdbc:mysql://127.0.0.1:3306/gr_report?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true # MySQL Connector/J 8.X 连接的示例
           username: root
+          password: root
   redis:
+    host: 127.0.0.1 # 地址
     port: 6379 # 端口
     database: 2 # 数据库索引
+    password: lidee@123 # 密码，建议生产环境开启
 
 --- #################### 地代码平台相关配置 ####################
 

lidee-core/src/main/java/com/lideeyunji/core/framework/adapter/FrameWorkAdapter.java

@@ -45,8 +45,6 @@ public class FrameWorkAdapter implements IlideeYunjiAdapter {
     @Autowired
     private IFrameSqlService sqlService;
 
-
-
     @Autowired
     private AdapterMapper adapterMapper;
 

lidee-core/src/main/java/com/lideeyunji/core/framework/entity/ReportFieldEntity.java

@@ -3,6 +3,7 @@ package com.lideeyunji.core.framework.entity;
 
 import com.baomidou.mybatisplus.annotation.TableName;
 import com.lideeyunji.tool.framework.yunji.model.global.BaseTenantEntity;
+import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 
@@ -97,5 +98,14 @@ public class ReportFieldEntity extends BaseTenantEntity {
     //是否隐藏维度
     private String isHideDimension;
 
+    //是否是固定列 Y|N
+    private String isFixedColumn;
+
+    //固定列的值
+    private  String fixedColumnValue;
+
+    //隐藏列的，表单不显示该字段
+    private String isHideCol;
+
 }
 

lidee-core/src/main/java/com/lideeyunji/core/framework/params/vo/ReportFieldVo.java

@@ -1,3 +1,4 @@
+
 package com.lideeyunji.core.framework.params.vo;
 
 import io.swagger.v3.oas.annotations.media.Schema;
@@ -61,5 +62,15 @@ public class ReportFieldVo extends ReportFieldIdVo {
 
     //是否隐藏维度
     private String isHideDimension;
+
+    //是否是固定列 Y|N
+    private String isFixedColumn;
+
+    //固定列的值
+    private String fixedColumnValue;
+
+    //隐藏列的，表单不显示该字段
+    private String isHideCol;
+
 }
 

lidee-core/src/main/java/com/lideeyunji/core/framework/service/impl/ReportServiceImpl.java

@@ -1,3 +1,4 @@
+
 package com.lideeyunji.core.framework.service.impl;
 
 import cn.hutool.core.bean.BeanUtil;
@@ -376,9 +377,11 @@ public class ReportServiceImpl extends ServiceImpl<ReportMapper, ReportEntity> i
             entity.setDictCode(vo.getDictCode());
             entity.setIsExport(vo.getIsExport());
             entity.setIsShowSort(vo.getIsShowSort());
-            entity.setIsShowSort(vo.getIsDimension());
             entity.setIsDimension(vo.getIsDimension());
             entity.setIsHideDimension(vo.getIsHideDimension());
+            entity.setIsFixedColumn(vo.getIsFixedColumn());   //2026-02-10  新增
+            entity.setFixedColumnValue(vo.getFixedColumnValue());  //2026-02-10  新增
+            entity.setIsHideCol(vo.getIsHideCol());  //2026.2.10  新增
             entity.setHasChildren(vo.getHasChildren());
             entity.setParentFieldCode(vo.getParentFieldCode());
             entity.setParentFieldName(vo.getParentFieldName());

lidee-dependencies/.flattened-pom.xml

@@ -9,18 +9,67 @@
   <name>${project.artifactId}</name>
   <description>基础 bom 文件，管理整个项目的依赖版本</description>
   <properties>
+    <servlet.version>4.0.4</servlet.version>
+    <tika-core.version>2.9.1</tika-core.version>
     <podam.version>7.2.11.RELEASE</podam.version>
+    <captcha-plus.version>1.0.10</captcha-plus.version>
+    <lidee.version>2.2.4</lidee.version>
+    <flatten-maven-plugin.version>1.5.0</flatten-maven-plugin.version>
+    <poi-ooxml.verion>4.1.2</poi-ooxml.verion>
+    <express.version>3.3.3</express.version>
+    <bizlog-sdk.version>3.0.6</bizlog-sdk.version>
+    <starter.validation.version>2.3.12.RELEASE</starter.validation.version>
+    <mapstruct.version>1.5.5.Final</mapstruct.version>
+    <fastjson.version>1.2.83</fastjson.version>
     <junit.version>4.13.2</junit.version>
+    <groovy.version>3.0.21</groovy.version>
+    <tencentcloud-sdk-java.version>3.1.880</tencentcloud-sdk-java.version>
+    <mybatis-plus-generator.version>3.5.5</mybatis-plus-generator.version>
+    <mybatis.version>3.5.15</mybatis.version>
+    <opentracing.version>0.33.0</opentracing.version>
     <jsqlparser.version>4.3</jsqlparser.version>
+    <dom4j.version>1.6.1</dom4j.version>
+    <screw.version>1.0.5</screw.version>
+    <mybatis-plus-join.version>1.4.10</mybatis-plus-join.version>
+    <kingbase.jdbc.version>8.6.0</kingbase.jdbc.version>
+    <aspectjweaver.version>1.9.7</aspectjweaver.version>
+    <aliyun-java-sdk-dysmsapi.version>2.2.1</aliyun-java-sdk-dysmsapi.version>
+    <revision>2.0.1-jdk8-snapshot</revision>
+    <jsch.version>0.1.55</jsch.version>
+    <xercesImpl.version>2.12.2</xercesImpl.version>
+    <ip2region.version>2.7.0</ip2region.version>
     <okio.version>3.5.0</okio.version>
+    <dynamic-datasource.version>4.3.0</dynamic-datasource.version>
+    <redisson.version>3.18.0</redisson.version>
+    <transmittable-thread-local.version>2.14.5</transmittable-thread-local.version>
+    <spring-boot-admin.version>2.7.15</spring-boot-admin.version>
     <guice.version>5.1.0</guice.version>
+    <minio.version>8.5.7</minio.version>
+    <aliyun-java-sdk-core.version>4.6.4</aliyun-java-sdk-core.version>
+    <jedis-mock.version>1.0.13</jedis-mock.version>
+    <spring.boot.version>2.7.18</spring.boot.version>
     <hutool.version>5.8.25</hutool.version>
+    <guava.version>33.0.0-jre</guava.version>
+    <servlet.versoin>2.5</servlet.versoin>
+    <springdoc.version>1.6.15</springdoc.version>
     <resilience4j.version>1.7.1</resilience4j.version>
+    <lock4j.version>2.2.7</lock4j.version>
+    <commons-io.version>2.15.1</commons-io.version>
+    <poi-scratchpad.verion>4.1.2</poi-scratchpad.verion>
     <okhttp3.version>4.9.3</okhttp3.version>
+    <commons-net.version>3.10.0</commons-net.version>
+    <jsoup.version>1.17.2</jsoup.version>
     <mybatis-plus.version>3.5.5</mybatis-plus.version>
+    <knife4j.version>4.3.0</knife4j.version>
+    <lombok.version>1.18.30</lombok.version>
     <easyexcel.verion>3.3.3</easyexcel.verion>
+    <flowable.version>6.8.0</flowable.version>
+    <druid.version>1.2.21</druid.version>
+    <skywalking.version>8.12.0</skywalking.version>
     <mockito-inline.version>4.11.0</mockito-inline.version>
+    <justauth.version>1.0.8</justauth.version>
     <dm8.jdbc.version>8.1.3.62</dm8.jdbc.version>
+    <velocity.version>2.3</velocity.version>
   </properties>
   <dependencyManagement>
     <dependencies>
@@ -42,6 +91,7 @@
         <version>${bizlog-sdk.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter</artifactId>
           </exclusion>
         </exclusions>
@@ -147,6 +197,7 @@
         <version>${redisson.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
           </exclusion>
         </exclusions>
@@ -177,6 +228,7 @@
         <version>${lock4j.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>org.redisson</groupId>
             <artifactId>redisson-spring-boot-starter</artifactId>
           </exclusion>
         </exclusions>
@@ -232,6 +284,7 @@
         <version>${spring-boot-admin.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>de.codecentric</groupId>
             <artifactId>spring-boot-admin-server-cloud</artifactId>
           </exclusion>
         </exclusions>
@@ -258,9 +311,11 @@
         <version>${spring.boot.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>org.ow2.asm</groupId>
             <artifactId>asm</artifactId>
           </exclusion>
           <exclusion>
+            <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
           </exclusion>
         </exclusions>
@@ -366,10 +421,12 @@
         <version>${screw.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>org.freemarker</groupId>
             <artifactId>freemarker</artifactId>
           </exclusion>
           <exclusion>
             <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
           </exclusion>
         </exclusions>
       </dependency>
@@ -434,10 +491,12 @@
         <version>${aliyun-java-sdk-core.version}</version>
         <exclusions>
           <exclusion>
+            <groupId>io.opentracing</groupId>
             <artifactId>opentracing-api</artifactId>
           </exclusion>
           <exclusion>
             <groupId>io.opentracing</groupId>
+            <artifactId>opentracing-util</artifactId>
           </exclusion>
         </exclusions>
       </dependency>
@@ -458,6 +517,7 @@
         <exclusions>
           <exclusion>
             <groupId>cn.hutool</groupId>
+            <artifactId>hutool-core</artifactId>
           </exclusion>
         </exclusions>
       </dependency>

lidee-service/lidee-service-infra-biz/src/main/java/com/lideeyunji/service/infra/controller/ConfigController.java

@@ -72,7 +72,7 @@ public class ConfigController {
 
     @GetMapping(value = "/get-value-by-key")
     @Operation(tags = "参数配置",summary = "根据参数键名查询参数值", description = "不可见的配置，不允许返回给前端")
-    @Parameter(name = "key", description = "参数键", required = true, example = "yunai.biz.username")
+    @Parameter(name = "key", description = "参数键", required = true, example = "lidee.biz.username")
     public CommonResult<String> getConfigKey(@RequestParam("key") String key) {
         ConfigDO config = configService.getConfigByKey(key);
         if (config == null) {

lidee-service/lidee-service-infra-biz/src/main/java/com/lideeyunji/service/infra/controller/vo/config/ConfigPageReqVO.java

@@ -20,7 +20,7 @@ public class ConfigPageReqVO extends PageParam {
     @Schema(description = "数据源名称，模糊匹配", example = "名称")
     private String name;
 
-    @Schema(description = "参数键名，模糊匹配", example = "yunai.db.username")
+    @Schema(description = "参数键名，模糊匹配", example = "lidee.db.username")
     private String key;
 
     @Schema(description = "参数类型，参见 SysConfigTypeEnum 枚举", example = "1")

lidee-service/lidee-service-infra-biz/src/main/java/com/lideeyunji/service/infra/controller/vo/config/ConfigRespVO.java

@@ -27,7 +27,7 @@ public class ConfigRespVO {
     @ExcelProperty("参数名称")
     private String name;
 
-    @Schema(description = "参数键名", requiredMode = Schema.RequiredMode.REQUIRED, example = "yunai.db.username")
+    @Schema(description = "参数键名", requiredMode = Schema.RequiredMode.REQUIRED, example = "lidee.db.username")
     @ExcelProperty("参数键名")
     private String key;
 

lidee-service/lidee-service-infra-biz/src/main/java/com/lideeyunji/service/infra/controller/vo/config/ConfigSaveReqVO.java

@@ -25,7 +25,7 @@ public class ConfigSaveReqVO {
     @Size(max = 100, message = "参数名称不能超过 100 个字符")
     private String name;
 
-    @Schema(description = "参数键名", requiredMode = Schema.RequiredMode.REQUIRED, example = "yunai.db.username")
+    @Schema(description = "参数键名", requiredMode = Schema.RequiredMode.REQUIRED, example = "lidee.db.username")
     @NotBlank(message = "参数键名长度不能为空")
     @Size(max = 100, message = "参数键名长度不能超过 100 个字符")
     private String key;

lidee-service/lidee-service-system-biz/pom.xml

@@ -120,6 +120,11 @@
             <groupId>com.tencentcloudapi</groupId>
             <artifactId>tencentcloud-sdk-java-sms</artifactId> <!-- 短信（腾讯云） -->
         </dependency>
+        <dependency>
+            <groupId>com.github.yulichang</groupId>
+            <artifactId>mybatis-plus-join-boot-starter</artifactId>
+            <version>1.4.11</version> <!-- 请查看最新版本 -->
+        </dependency>
 
         <!-- 低代码 -->
         <dependency>

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/OAuth2ClientController.java

@@ -1,13 +1,14 @@
 package com.lideeyunji.service.system.controller;
 
-import com.lideeyunji.tool.framework.common.pojo.CommonResult;
-import com.lideeyunji.tool.framework.common.pojo.PageResult;
-import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPageReqVO;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientRespVO;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientSaveReqVO;
 import com.lideeyunji.service.system.entity.OAuth2ClientDO;
+import com.lideeyunji.service.system.service.IAdminUserService;
 import com.lideeyunji.service.system.service.IOAuth2ClientService;
+import com.lideeyunji.tool.framework.common.pojo.CommonResult;
+import com.lideeyunji.tool.framework.common.pojo.PageResult;
+import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -70,4 +71,12 @@ public class OAuth2ClientController {
         return success(BeanUtils.toBean(pageResult, OAuth2ClientRespVO.class));
     }
 
+    @GetMapping("/myPage")
+    @Operation(tags = "OAuth2.0管理",summary = "获得用户角色下 OAuth2 客户端分页")
+    @PreAuthorize("@ss.hasPermission('system:oauth2-client:query')")
+    public CommonResult<PageResult<OAuth2ClientRespVO>> getMyPage(@Valid OAuth2ClientPageReqVO pageVO) {
+        PageResult<OAuth2ClientDO> pageResult = oAuth2ClientService.getMyPage(pageVO);
+        return success(BeanUtils.toBean(pageResult, OAuth2ClientRespVO.class));
+    }
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/PermissionController.java

@@ -1,6 +1,7 @@
 package com.lideeyunji.service.system.controller;
 
 import cn.hutool.core.collection.CollUtil;
+import com.lideeyunji.service.system.service.IClientPermissionService;
 import com.lideeyunji.tool.framework.common.pojo.CommonResult;
 import com.lideeyunji.service.system.controller.vo.permission.permission.PermissionAssignRoleDataScopeReqVO;
 import com.lideeyunji.service.system.controller.vo.permission.permission.PermissionAssignRoleMenuReqVO;
@@ -34,6 +35,8 @@ public class PermissionController {
     private IPermissionService permissionService;
     @Resource
     private ITenantService tenantService;
+    @Resource
+    private IClientPermissionService clientPermissionService;
 
     @Operation(tags = "菜单管理",summary = "获得角色拥有的菜单编号")
     @Parameter(name = "roleId", description = "角色编号", required = true)
@@ -79,4 +82,20 @@ public class PermissionController {
         return success(true);
     }
 
+    @PostMapping("/assign-role-client")
+    @Operation(tags = "角色管理",summary = "赋予角色应用")
+    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-app')")
+    public CommonResult<Boolean> assignRoleClient(@Validated @RequestBody PermissionAssignRoleMenuReqVO reqVO) {
+        permissionService.assignRoleClient(reqVO.getRoleId(), reqVO.getClientIds());
+        return success(true);
+    }
+
+    @Operation(tags = "角色管理",summary = "获得角色拥有的应用id")
+    @Parameter(name = "roleId", description = "角色编号", required = true)
+    @GetMapping("/list-role-clients")
+    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-app')")
+    public CommonResult<Set<Long>> getRoleClientList(Long roleId) {
+        return success(clientPermissionService.getRoleClientListByRoleId(roleId));
+    }
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientPageReqVO.java

@@ -4,6 +4,8 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.*;
 import com.lideeyunji.tool.framework.common.pojo.PageParam;
 
+import java.util.Set;
+
 @Schema(description = "管理后台 - OAuth2 客户端分页 Request VO")
 @Data
 @EqualsAndHashCode(callSuper = true)
@@ -16,4 +18,7 @@ public class OAuth2ClientPageReqVO extends PageParam {
     @Schema(description = "状态，参见 CommonStatusEnum 枚举", example = "1")
     private Integer status;
 
+    @Schema(description = "应用id", example = "[1]")
+    private Set<Long> ids;
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientRespVO.java

@@ -22,7 +22,10 @@ public class OAuth2ClientRespVO {
     @Schema(description = "应用名", requiredMode = Schema.RequiredMode.REQUIRED, example = "土豆")
     private String name;
 
-    @Schema(description = "应用图标", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.lidee.cn/xx.png")
+    @Schema(description = "应用分类", requiredMode = Schema.RequiredMode.REQUIRED, example = "category1")
+    private String category;
+
+    @Schema(description = "应用图标", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn/xx.png")
     private String logo;
 
     @Schema(description = "应用描述", example = "我是一个应用")
@@ -37,8 +40,11 @@ public class OAuth2ClientRespVO {
     @Schema(description = "刷新令牌的有效期", requiredMode = Schema.RequiredMode.REQUIRED, example = "8640000")
     private Integer refreshTokenValiditySeconds;
 
-    @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.lidee.cn")
-    private List<String> redirectUris;
+//    @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
+//    private List<String> redirectUris;
+
+    @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
+    private String redirectUris;
 
     @Schema(description = "授权类型，参见 OAuth2GrantTypeEnum 枚举", requiredMode = Schema.RequiredMode.REQUIRED, example = "password")
     private List<String> authorizedGrantTypes;
@@ -55,7 +61,10 @@ public class OAuth2ClientRespVO {
     @Schema(description = "资源", example = "1024")
     private List<String> resourceIds;
 
-    @Schema(description = "附加信息", example = "{yunai: true}")
+    @Schema(description = "回调URI地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
+    private String callbackUris;
+
+    @Schema(description = "附加信息", example = "{lidee: true}")
     private String additionalInformation;
 
     @Schema(description = "创建时间", requiredMode = Schema.RequiredMode.REQUIRED)

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientSaveReqVO.java

@@ -30,7 +30,11 @@ public class OAuth2ClientSaveReqVO {
     @NotNull(message = "应用名不能为空")
     private String name;
 
-    @Schema(description = "应用图标", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.lidee.cn/xx.png")
+    @Schema(description = "应用分类", requiredMode = Schema.RequiredMode.REQUIRED, example = "category1")
+    @NotNull(message = "应用分类不能为空")
+    private String category;
+
+    @Schema(description = "应用图标", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn/xx.png")
     @NotNull(message = "应用图标不能为空")
     @URL(message = "应用图标的地址不正确")
     private String logo;
@@ -46,14 +50,18 @@ public class OAuth2ClientSaveReqVO {
     @NotNull(message = "访问令牌的有效期不能为空")
     private Integer accessTokenValiditySeconds;
 
-
     @Schema(description = "刷新令牌的有效期", requiredMode = Schema.RequiredMode.REQUIRED, example = "8640000")
     @NotNull(message = "刷新令牌的有效期不能为空")
     private Integer refreshTokenValiditySeconds;
 
-    @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.lidee.cn")
+//    @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
+//    @NotNull(message = "可重定向的 URI 地址不能为空")
+//    private List<@NotEmpty(message = "重定向的 URI 不能为空") @URL(message = "重定向的 URI 格式不正确") String> redirectUris;
+
+
+    @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
     @NotNull(message = "可重定向的 URI 地址不能为空")
-    private List<@NotEmpty(message = "重定向的 URI 不能为空") @URL(message = "重定向的 URI 格式不正确") String> redirectUris;
+    private String redirectUris;
 
     @Schema(description = "授权类型，参见 OAuth2GrantTypeEnum 枚举", requiredMode = Schema.RequiredMode.REQUIRED, example = "password")
     @NotNull(message = "授权类型不能为空")
@@ -71,9 +79,12 @@ public class OAuth2ClientSaveReqVO {
     @Schema(description = "资源", example = "1024")
     private List<String> resourceIds;
 
-    @Schema(description = "附加信息", example = "{yunai: true}")
+    @Schema(description = "附加信息", example = "{lidee: true}")
     private String additionalInformation;
 
+    @Schema(description = "回调URI地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
+    private String callbackUris;
+
     @AssertTrue(message = "附加信息必须是 JSON 格式")
     public boolean isAdditionalInformationJson() {
         return StrUtil.isEmpty(additionalInformation) || JsonUtils.isJson(additionalInformation);

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/permission/permission/PermissionAssignRoleMenuReqVO.java

@@ -18,4 +18,7 @@ public class PermissionAssignRoleMenuReqVO {
     @Schema(description = "菜单编号列表", example = "1,3,5")
     private Set<Long> menuIds = Collections.emptySet(); // 兜底
 
+    @Schema(description = "应用id列表", example = "1,3,5")
+    private Set<Long> clientIds = Collections.emptySet();
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/OAuth2ClientDO.java

@@ -43,6 +43,11 @@ public class OAuth2ClientDO extends BaseDO {
      * 应用名
      */
     private String name;
+    /**
+     * 应用分类
+     */
+    private String category;
+
     /**
      * 应用图标
      */
@@ -65,11 +70,14 @@ public class OAuth2ClientDO extends BaseDO {
      * 刷新令牌的有效期
      */
     private Integer refreshTokenValiditySeconds;
-    /**
-     * 可重定向的 URI 地址
-     */
-    @TableField(typeHandler = JacksonTypeHandler.class)
-    private List<String> redirectUris;
+//    /**
+//     * 可重定向的 URI 地址
+//     */
+//    @TableField(typeHandler = JacksonTypeHandler.class)
+//    private List<String> redirectUris;
+
+    private String redirectUris;
+
     /**
      * 授权类型（模式）
      *
@@ -99,6 +107,12 @@ public class OAuth2ClientDO extends BaseDO {
      */
     @TableField(typeHandler = JacksonTypeHandler.class)
     private List<String> resourceIds;
+
+    /**
+     * 回调URI地址
+     */
+    private String callbackUris;
+
     /**
      * 附加信息，JSON 格式
      */

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/RoleOAuth2ClientDO.java

@@ -0,0 +1,34 @@
+package com.lideeyunji.service.system.entity;
+
+import com.baomidou.mybatisplus.annotation.KeySequence;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import com.lideeyunji.tool.framework.mybatis.core.dataobject.BaseDO;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * OAuth2 客户端和角色关联
+ *
+ */
+@TableName(value = "system_role_oauth2_client", autoResultMap = true)
+@KeySequence("system_role_oauth2_client_seq") // 用于 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库的主键自增。如果是 MySQL 等数据库，可不写。
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class RoleOAuth2ClientDO extends BaseDO {
+    /**
+     * 自增主键
+     */
+    @TableId
+    private Long id;
+
+    /**
+     * 角色ID
+     */
+    private Long roleId;
+    /**
+     * 菜单ID
+     */
+    private Long oauthClientId;
+
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientJoinMapper.java

@@ -0,0 +1,59 @@
+package com.lideeyunji.service.system.mapper;
+
+import com.github.yulichang.base.MPJBaseMapper;
+import com.github.yulichang.wrapper.MPJLambdaWrapper;
+import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPageReqVO;
+import com.lideeyunji.service.system.entity.DictDataDO;
+import com.lideeyunji.service.system.entity.OAuth2ClientDO;
+import com.lideeyunji.tool.framework.common.pojo.PageResult;
+import org.apache.ibatis.annotations.Mapper;
+
+@Mapper
+public interface OAuth2ClientJoinMapper extends MPJBaseMapper<OAuth2ClientDO> {
+
+    /**
+     * 分页查询（关联字典表）
+     */
+    default PageResult<OAuth2ClientDO> selectPage(OAuth2ClientPageReqVO reqVO) {
+        MPJLambdaWrapper<OAuth2ClientDO> wrapper = buildQueryWrapper(reqVO);
+
+        com.baomidou.mybatisplus.extension.plugins.pagination.Page<OAuth2ClientDO> page =
+                new com.baomidou.mybatisplus.extension.plugins.pagination.Page<>(
+                        reqVO.getPageNo(),
+                        reqVO.getPageSize()
+                );
+
+        com.baomidou.mybatisplus.extension.plugins.pagination.Page<OAuth2ClientDO> resultPage =
+                selectJoinPage(page, OAuth2ClientDO.class, wrapper);
+
+        return new PageResult<>(resultPage.getRecords(), resultPage.getTotal());
+    }
+
+
+    default MPJLambdaWrapper<OAuth2ClientDO> buildQueryWrapper(OAuth2ClientPageReqVO reqVO) {
+        MPJLambdaWrapper<OAuth2ClientDO> wrapper = new MPJLambdaWrapper<OAuth2ClientDO>()
+                .selectAll(OAuth2ClientDO.class)
+                .leftJoin(DictDataDO.class, on -> on
+                        .eq(DictDataDO::getValue, OAuth2ClientDO::getCategory)
+                        .eq(DictDataDO::getDictType, "app_category"));
+
+        applyQueryConditions(wrapper, reqVO);
+
+        wrapper.orderByAsc(DictDataDO::getSort)
+                .orderByDesc(OAuth2ClientDO::getId);
+
+        return wrapper;
+    }
+
+    default void applyQueryConditions(MPJLambdaWrapper<OAuth2ClientDO> wrapper, OAuth2ClientPageReqVO reqVO) {
+        if (reqVO.getName() != null && !reqVO.getName().isEmpty()) {
+            wrapper.like(OAuth2ClientDO::getName, reqVO.getName());
+        }
+        if (reqVO.getStatus() != null) {
+            wrapper.eq(OAuth2ClientDO::getStatus, reqVO.getStatus());
+        }
+        if (reqVO.getIds() != null && !reqVO.getIds().isEmpty()) {
+            wrapper.in(OAuth2ClientDO::getId, reqVO.getIds());
+        }
+    }
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientMapper.java

@@ -7,6 +7,8 @@ import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPag
 import com.lideeyunji.service.system.entity.OAuth2ClientDO;
 import org.apache.ibatis.annotations.Mapper;
 
+import java.util.List;
+
 
 /**
  * OAuth2 客户端 Mapper
@@ -20,6 +22,8 @@ public interface OAuth2ClientMapper extends BaseMapperX<OAuth2ClientDO> {
         return selectPage(reqVO, new LambdaQueryWrapperX<OAuth2ClientDO>()
                 .likeIfPresent(OAuth2ClientDO::getName, reqVO.getName())
                 .eqIfPresent(OAuth2ClientDO::getStatus, reqVO.getStatus())
+                .neIfPresent(OAuth2ClientDO::getClientId, "default")
+                .inIfPresent(OAuth2ClientDO::getId, reqVO.getIds())
                 .orderByDesc(OAuth2ClientDO::getId));
     }
 
@@ -27,4 +31,9 @@ public interface OAuth2ClientMapper extends BaseMapperX<OAuth2ClientDO> {
         return selectOne(OAuth2ClientDO::getClientId, clientId);
     }
 
+    default List<OAuth2ClientDO> selectEnableList() {
+        return selectList(new LambdaQueryWrapperX<OAuth2ClientDO>()
+                .eq(OAuth2ClientDO::getStatus, 0));
+    }
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/RoleOAuth2ClientMapper.java

@@ -0,0 +1,36 @@
+package com.lideeyunji.service.system.mapper;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.lideeyunji.service.system.entity.RoleOAuth2ClientDO;
+import com.lideeyunji.tool.framework.mybatis.core.mapper.BaseMapperX;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.Collection;
+import java.util.List;
+
+@Mapper
+public interface RoleOAuth2ClientMapper extends BaseMapperX<RoleOAuth2ClientDO> {
+
+    default List<RoleOAuth2ClientDO> selectListByRoleId(Long roleId) {
+        return selectList(RoleOAuth2ClientDO::getRoleId, roleId);
+    }
+
+    default List<RoleOAuth2ClientDO> selectListByRoleId(Collection<Long> roleIds) {
+        return selectList(RoleOAuth2ClientDO::getRoleId, roleIds);
+    }
+
+    default List<RoleOAuth2ClientDO> selectListByMenuId(Long clientId) {
+        return selectList(RoleOAuth2ClientDO::getOauthClientId, clientId);
+    }
+
+    default void deleteListByRoleIdAndOauthClientId(Long roleId, Collection<Long> clientIds) {
+        delete(new LambdaQueryWrapper<RoleOAuth2ClientDO>()
+                .eq(RoleOAuth2ClientDO::getRoleId, roleId)
+                .in(RoleOAuth2ClientDO::getOauthClientId, clientIds));
+    }
+
+    default void deleteListByRoleId(Long roleId) {
+        delete(new LambdaQueryWrapper<RoleOAuth2ClientDO>().eq(RoleOAuth2ClientDO::getRoleId, roleId));
+    }
+
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IClientPermissionService.java

@@ -0,0 +1,20 @@
+package com.lideeyunji.service.system.service;
+import java.util.Collection;
+import java.util.Set;
+import static java.util.Collections.singleton;
+/**
+ * 应用权限接口
+ */
+public interface IClientPermissionService {
+
+     /**
+     * 获得角色拥有的应用id集合
+     *
+     * @param roleId 角色编号
+     * @return 应用id集合
+     */
+    default Set<Long> getRoleClientListByRoleId(Long roleId) {
+        return getRoleClientListByRoleId(singleton(roleId));
+    }
+     Set<Long> getRoleClientListByRoleId(Collection<Long> roleIds);
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IOAuth2ClientService.java

@@ -7,6 +7,7 @@ import com.lideeyunji.service.system.entity.OAuth2ClientDO;
 
 import javax.validation.Valid;
 import java.util.Collection;
+import java.util.List;
 
 /**
  * OAuth2.0 Client Service 接口
@@ -63,6 +64,14 @@ public interface IOAuth2ClientService {
      */
     PageResult<OAuth2ClientDO> getOAuth2ClientPage(OAuth2ClientPageReqVO pageReqVO);
 
+    /**
+     * 获得 OAuth2 客户端分页
+     *
+     * @param pageReqVO 分页查询
+     * @return OAuth2 客户端分页
+     */
+    PageResult<OAuth2ClientDO> getMyPage(OAuth2ClientPageReqVO pageReqVO);
+
     /**
      * 从缓存中，校验客户端是否合法
      *
@@ -87,4 +96,10 @@ public interface IOAuth2ClientService {
     OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType,
                                              Collection<String> scopes, String redirectUri);
 
+    /**
+     * 获取所有启用应用
+     * @return 应用列表
+     */
+    List<OAuth2ClientDO> getAllEnableClient();
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IPermissionService.java

@@ -152,4 +152,12 @@ public interface IPermissionService {
     //清除缓存
     Boolean clearCache(Long userId);
 
+    /**
+     * 设置角色应用
+     *
+     * @param roleId  角色编号
+     * @param clientIds 应用集合id
+     */
+    void assignRoleClient(Long roleId, Set<Long> clientIds);
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/ClientPermissionServiceImpl.java

@@ -0,0 +1,51 @@
+package com.lideeyunji.service.system.service.impl;
+
+import cn.hutool.core.collection.CollUtil;
+import com.lideeyunji.service.system.entity.OAuth2ClientDO;
+import com.lideeyunji.service.system.entity.RoleOAuth2ClientDO;
+import com.lideeyunji.service.system.mapper.RoleOAuth2ClientMapper;
+import com.lideeyunji.service.system.service.IClientPermissionService;
+import com.lideeyunji.service.system.service.IOAuth2ClientService;
+import com.lideeyunji.service.system.service.IRoleService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.stereotype.Service;
+import org.springframework.validation.annotation.Validated;
+
+import javax.annotation.Resource;
+import java.util.*;
+import java.util.stream.Collectors;
+
+import static com.lideeyunji.tool.framework.common.util.collection.CollectionUtils.convertSet;
+
+@Service
+@Validated
+@Slf4j
+public class ClientPermissionServiceImpl implements IClientPermissionService {
+    @Resource
+    private RoleOAuth2ClientMapper roleOAuth2ClientMapper;
+    @Resource
+    private IRoleService roleService;
+
+    @Lazy
+    @Resource
+    private IOAuth2ClientService ioAuth2ClientService;
+
+    public Set<Long> getRoleClientListByRoleId(Collection<Long> roleIds) {
+        if (CollUtil.isEmpty(roleIds)) {
+            return Collections.emptySet();
+        }
+
+        if (roleService.hasAnySuperAdmin(roleIds)) {
+            List<OAuth2ClientDO> allEnableClient = ioAuth2ClientService.getAllEnableClient();
+            return Optional.ofNullable(allEnableClient)
+                    .map(all -> all.stream()
+                            .map(OAuth2ClientDO::getId)
+                            .collect(Collectors.toSet()))
+                    .orElse(new HashSet<>());
+        }
+
+        return convertSet(roleOAuth2ClientMapper.selectListByRoleId(roleIds),
+                RoleOAuth2ClientDO::getOauthClientId);
+    }
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/OAuth2ClientServiceImpl.java

@@ -4,17 +4,22 @@ import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.spring.SpringUtil;
-import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum;
-import com.lideeyunji.tool.framework.common.pojo.PageResult;
-import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
-import com.lideeyunji.tool.framework.common.util.string.StrUtils;
+import com.google.common.annotations.VisibleForTesting;
+import com.lideeyunji.service.system.config.redis.RedisKeyConstants;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPageReqVO;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientSaveReqVO;
 import com.lideeyunji.service.system.entity.OAuth2ClientDO;
+import com.lideeyunji.service.system.entity.UserRoleDO;
+import com.lideeyunji.service.system.mapper.OAuth2ClientJoinMapper;
 import com.lideeyunji.service.system.mapper.OAuth2ClientMapper;
-import com.lideeyunji.service.system.config.redis.RedisKeyConstants;
+import com.lideeyunji.service.system.service.IAdminUserService;
+import com.lideeyunji.service.system.service.IClientPermissionService;
 import com.lideeyunji.service.system.service.IOAuth2ClientService;
-import com.google.common.annotations.VisibleForTesting;
+import com.lideeyunji.service.system.service.IPermissionService;
+import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum;
+import com.lideeyunji.tool.framework.common.pojo.PageResult;
+import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
+import com.lideeyunji.tool.framework.security.core.LoginUser;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
@@ -23,9 +28,14 @@ import org.springframework.validation.annotation.Validated;
 
 import javax.annotation.Resource;
 import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
-import static com.lideeyunji.tool.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.lideeyunji.service.system.constant.ErrorCodeConstants.*;
+import static com.lideeyunji.tool.framework.common.exception.util.ServiceExceptionUtil.exception;
+import static com.lideeyunji.tool.framework.security.core.util.SecurityFrameworkUtils.*;
 
 /**
  * OAuth2.0 Client Service 实现类
@@ -40,6 +50,16 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService {
     @Resource
     private OAuth2ClientMapper oauth2ClientMapper;
 
+    @Resource
+    private OAuth2ClientJoinMapper oAuth2ClientJoinMapper;
+
+    @Resource
+    private IClientPermissionService clientPermissionService;
+    @Resource
+    private IAdminUserService userService;
+    @Resource
+    private IPermissionService permissionService;
+
     @Override
     public Long createOAuth2Client(OAuth2ClientSaveReqVO createReqVO) {
         validateClientIdExists(null, createReqVO.getClientId());
@@ -111,6 +131,41 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService {
         return oauth2ClientMapper.selectPage(pageReqVO);
     }
 
+    @Override
+    public PageResult<OAuth2ClientDO> getMyPage(OAuth2ClientPageReqVO pageReqVO) {
+        LoginUser loginUser = getLoginUser();
+        if (loginUser == null) {
+            return new PageResult<>();
+        }
+        boolean supAdminFlag = userService.isSupAdmin(loginUser.getId());//是否是超级管理员
+        boolean tenantAdminFlag = userService.isTenantAdmin(loginUser.getId());//是否是租户管理员
+
+        //获取当前登录部门和角色
+        Long loginDeptId = getLoginDeptId();
+        Long loginRoleId = getLoginRoleId();
+
+        Set<Long> roleIds = new HashSet<>();
+        if (supAdminFlag || tenantAdminFlag) {//超级管理员 或者租户管理员，直接查自身的所有权限
+            roleIds = permissionService.getUserRoleIdListByUserId(getLoginUserId());
+        } else {
+            if (loginRoleId != null) {//当前登录有角色
+                if (loginRoleId == -1) {//该部门下的所有角色
+                    List<UserRoleDO> userRoleList = userService.getUserRoleList(loginUser.getId(), loginDeptId);
+                    roleIds = userRoleList.stream()
+                            .map(UserRoleDO::getRoleId)
+                            .collect(Collectors.toSet());
+                } else {
+                    roleIds.add(loginRoleId);
+                }
+            }
+        }
+        if (!CollUtil.isEmpty(roleIds)) {
+            Set<Long> clientIds = clientPermissionService.getRoleClientListByRoleId(roleIds);
+            pageReqVO.setIds(clientIds);
+        }
+        return oAuth2ClientJoinMapper.selectPage(pageReqVO);
+    }
+
     @Override
     public OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType,
                                                     Collection<String> scopes, String redirectUri) {
@@ -136,12 +191,20 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService {
             throw exception(OAUTH2_CLIENT_SCOPE_OVER);
         }
         // 校验回调地址
-        if (StrUtil.isNotEmpty(redirectUri) && !StrUtils.startWithAny(redirectUri, client.getRedirectUris())) {
+//        if (StrUtil.isNotEmpty(redirectUri) && !StrUtils.startWithAny(redirectUri, client.getRedirectUris())) {
+//            throw exception(OAUTH2_CLIENT_REDIRECT_URI_NOT_MATCH, redirectUri);
+//        }
+        if (StrUtil.isNotEmpty(redirectUri) && ObjectUtil.notEqual(client.getRedirectUris(), redirectUri)) {
             throw exception(OAUTH2_CLIENT_REDIRECT_URI_NOT_MATCH, redirectUri);
         }
         return client;
     }
 
+    @Override
+    public List<OAuth2ClientDO> getAllEnableClient() {
+        return oauth2ClientMapper.selectEnableList();
+    }
+
     /**
      * 获得自身的代理对象，解决 AOP 生效问题
      *

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/PermissionServiceImpl.java

@@ -9,12 +9,10 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.Sets;
 import com.lideeyunji.service.system.config.redis.RedisKeyConstants;
 import com.lideeyunji.service.system.dto.DeptDataPermissionRespDTO;
-import com.lideeyunji.service.system.entity.MenuDO;
-import com.lideeyunji.service.system.entity.RoleDO;
-import com.lideeyunji.service.system.entity.RoleMenuDO;
-import com.lideeyunji.service.system.entity.UserRoleDO;
+import com.lideeyunji.service.system.entity.*;
 import com.lideeyunji.service.system.enums.DataScopeEnum;
 import com.lideeyunji.service.system.mapper.RoleMenuMapper;
+import com.lideeyunji.service.system.mapper.RoleOAuth2ClientMapper;
 import com.lideeyunji.service.system.mapper.UserRoleMapper;
 import com.lideeyunji.service.system.service.*;
 import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum;
@@ -33,6 +31,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import javax.annotation.Resource;
 import java.util.*;
+import java.util.stream.Collectors;
 
 import static com.lideeyunji.tool.framework.common.util.collection.CollectionUtils.convertSet;
 import static com.lideeyunji.tool.framework.common.util.json.JsonUtils.toJsonString;
@@ -50,6 +49,8 @@ public class PermissionServiceImpl implements IPermissionService {
     private RoleMenuMapper roleMenuMapper;
     @Resource
     private UserRoleMapper userRoleMapper;
+    @Resource
+    private RoleOAuth2ClientMapper roleOAuth2ClientMapper;
 
     @Resource
     private IRoleService roleService;
@@ -409,6 +410,25 @@ public class PermissionServiceImpl implements IPermissionService {
         return true;
     }
 
+    @Override
+    @DSTransactional
+    public void assignRoleClient(Long roleId, Set<Long> clientIds) {
+        Set<Long> dbMenuIds = convertSet(roleOAuth2ClientMapper.selectListByRoleId(roleId), RoleOAuth2ClientDO::getOauthClientId);
+        Set<Long> menuIdList = CollUtil.emptyIfNull(clientIds);
+        Collection<Long> createMenuIds = CollUtil.subtract(menuIdList, dbMenuIds);
+        Collection<Long> deleteMenuIds = CollUtil.subtract(dbMenuIds, menuIdList);
+        if (CollUtil.isNotEmpty(createMenuIds)) {
+            roleOAuth2ClientMapper.insertBatch(CollectionUtils.convertList(createMenuIds, clientId -> {
+                RoleOAuth2ClientDO entity = new RoleOAuth2ClientDO();
+                entity.setRoleId(roleId);
+                entity.setOauthClientId(clientId);
+                return entity;
+            }));
+        }
+        if (CollUtil.isNotEmpty(deleteMenuIds)) {
+            roleOAuth2ClientMapper.deleteListByRoleIdAndOauthClientId(roleId, deleteMenuIds);
+        }
+    }
 
 
     /**