From 99a7654b9300ec1e673e94ca95d263ad056f4cdd Mon Sep 17 00:00:00 2001
From: kalencaya <1942460489@qq.com>
Date: Wed, 15 Nov 2023 19:25:07 +0800
Subject: [PATCH] [Feature][scaleph-security] add security web resource and
 role relation api (#644)

* fix: seatunnel base image

* feature: add resource-web and role relation api
---
 .../admin/SecAuthorizeController.java         | 70 ++++++++++++-
 .../master/security/SecResourceWebVO.java     | 27 +++++
 .../security/SecResourceWebRoleMapper.java    |  9 +-
 .../master/security/SecResourceWebMapper.xml  | 35 ++++---
 .../security/SecResourceWebRoleMapper.xml     | 34 ++++---
 .../security/service/SecAuthorizeService.java | 50 ++++++++++
 .../SecResourceWebWithAuthorizeConvert.java   | 46 +++++++++
 .../dto/SecResourceWebWithAuthorizeDTO.java   | 70 +++++++++++++
 .../service/impl/SecAuthorizeServiceImpl.java | 98 +++++++++++++++++++
 ...ResourceWebBatchAuthorizeForRoleParam.java | 38 +++++++
 .../param/SecResourceWebListByRoleParam.java  | 32 ++++++
 ...RoleBatchAuthorizeForResourceWebParam.java | 38 +++++++
 .../param/SecRoleListByResourceWebParam.java  | 40 ++++++++
 13 files changed, 555 insertions(+), 32 deletions(-)
 create mode 100644 scaleph-dao/src/main/java/cn/sliew/scaleph/dao/entity/master/security/SecResourceWebVO.java
 create mode 100644 scaleph-security/src/main/java/cn/sliew/scaleph/security/service/convert/SecResourceWebWithAuthorizeConvert.java
 create mode 100644 scaleph-security/src/main/java/cn/sliew/scaleph/security/service/dto/SecResourceWebWithAuthorizeDTO.java
 create mode 100644 scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebBatchAuthorizeForRoleParam.java
 create mode 100644 scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebListByRoleParam.java
 create mode 100644 scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleBatchAuthorizeForResourceWebParam.java
 create mode 100644 scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleListByResourceWebParam.java

diff --git a/scaleph-api/src/main/java/cn/sliew/scaleph/api/controller/admin/SecAuthorizeController.java b/scaleph-api/src/main/java/cn/sliew/scaleph/api/controller/admin/SecAuthorizeController.java
index ac1c26d29..b475864b2 100644
--- a/scaleph-api/src/main/java/cn/sliew/scaleph/api/controller/admin/SecAuthorizeController.java
+++ b/scaleph-api/src/main/java/cn/sliew/scaleph/api/controller/admin/SecAuthorizeController.java
@@ -20,16 +20,23 @@
 
 import cn.sliew.scaleph.api.annotation.Logging;
 import cn.sliew.scaleph.security.service.SecAuthorizeService;
+import cn.sliew.scaleph.security.service.dto.SecResourceWebWithAuthorizeDTO;
+import cn.sliew.scaleph.security.service.dto.SecRoleDTO;
 import cn.sliew.scaleph.security.service.dto.UmiRoute;
+import cn.sliew.scaleph.security.service.param.SecResourceWebBatchAuthorizeForRoleParam;
+import cn.sliew.scaleph.security.service.param.SecResourceWebListByRoleParam;
+import cn.sliew.scaleph.security.service.param.SecRoleBatchAuthorizeForResourceWebParam;
+import cn.sliew.scaleph.security.service.param.SecRoleListByResourceWebParam;
+import cn.sliew.scaleph.system.model.ResponseVO;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
+import javax.validation.Valid;
 import java.util.List;
 
 @RestController
@@ -47,4 +54,61 @@ public ResponseEntity<List<UmiRoute>> getUmiRoutes() {
         List<UmiRoute> routes = secAuthorizeService.getWebRoute();
         return new ResponseEntity<>(routes, HttpStatus.OK);
     }
+
+    @Logging
+    @GetMapping("resource-web/authorized-roles")
+    @Operation(summary = "查询 资源-web 绑定角色列表", description = "查询 资源-web 绑定角色列表")
+    public ResponseEntity<Page<SecRoleDTO>> listAuthorizedRolesByResourceWebId(@Valid SecRoleListByResourceWebParam param) {
+        Page<SecRoleDTO> result = secAuthorizeService.listAuthorizedRolesByResourceWebId(param);
+        return new ResponseEntity<>(result, HttpStatus.OK);
+    }
+
+    @Logging
+    @GetMapping("resource-web/unauthorized-roles")
+    @Operation(summary = "查询 资源-web 未绑定角色列表", description = "查询 资源-web 未绑定角色列表")
+    public ResponseEntity<Page<SecRoleDTO>> listUnauthorizedRolesByResourceWebId(@Valid SecRoleListByResourceWebParam param) {
+        Page<SecRoleDTO> result = secAuthorizeService.listUnauthorizedRolesByResourceWebId(param);
+        return new ResponseEntity<>(result, HttpStatus.OK);
+    }
+
+    @Logging
+    @PutMapping("resource-web/roles")
+    @Operation(summary = "批量为 资源-web 绑定角色", description = "批量为 资源-web 绑定角色")
+    public ResponseEntity<ResponseVO> authorize(@Valid @RequestBody SecRoleBatchAuthorizeForResourceWebParam param) {
+        secAuthorizeService.authorize(param);
+        return new ResponseEntity<>(ResponseVO.success(), HttpStatus.OK);
+    }
+
+    @Logging
+    @DeleteMapping("resource-web/roles")
+    @Operation(summary = "批量为 资源-web 解除角色绑定", description = "批量为 资源-web 解除角色绑定")
+    public ResponseEntity<ResponseVO> unauthorize(@Valid @RequestBody SecRoleBatchAuthorizeForResourceWebParam param) {
+        secAuthorizeService.unauthorize(param);
+        return new ResponseEntity<>(ResponseVO.success(), HttpStatus.OK);
+    }
+
+    @Logging
+    @GetMapping("role/resource-webs")
+    @Operation(summary = "查询所有 资源-web 和指定角色绑定状态", description = "查询所有 资源-web 和指定角色绑定状态")
+    public ResponseEntity<List<SecResourceWebWithAuthorizeDTO>> listResourceWebsByRole(@Valid SecResourceWebListByRoleParam param) {
+        List<SecResourceWebWithAuthorizeDTO> result = secAuthorizeService.listResourceWebsByRoleId(param);
+        return new ResponseEntity<>(result, HttpStatus.OK);
+    }
+
+    @Logging
+    @PutMapping("role/resource-webs")
+    @Operation(summary = "批量为角色绑定 资源-web", description = "批量为角色绑定 资源-web")
+    public ResponseEntity<ResponseVO> authorize(@Valid @RequestBody SecResourceWebBatchAuthorizeForRoleParam param) {
+        secAuthorizeService.authorize(param);
+        return new ResponseEntity<>(ResponseVO.success(), HttpStatus.OK);
+    }
+
+    @Logging
+    @DeleteMapping("role/resource-webs")
+    @Operation(summary = "批量为角色解除 资源-web 绑定", description = "批量为角色解除 资源-web 绑定")
+    public ResponseEntity<ResponseVO> unauthorize(@Valid @RequestBody SecResourceWebBatchAuthorizeForRoleParam param) {
+        secAuthorizeService.unauthorize(param);
+        return new ResponseEntity<>(ResponseVO.success(), HttpStatus.OK);
+    }
+
 }
diff --git a/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/entity/master/security/SecResourceWebVO.java b/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/entity/master/security/SecResourceWebVO.java
new file mode 100644
index 000000000..3c4fa6c4b
--- /dev/null
+++ b/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/entity/master/security/SecResourceWebVO.java
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.dao.entity.master.security;
+
+import lombok.Data;
+
+@Data
+public class SecResourceWebVO extends SecResourceWeb {
+
+    private Long roleId;
+}
diff --git a/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.java b/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.java
index e9b883fd8..b68f0fe38 100644
--- a/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.java
+++ b/scaleph-dao/src/main/java/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.java
@@ -19,14 +19,16 @@
 package cn.sliew.scaleph.dao.mapper.master.security;
 
 import cn.sliew.scaleph.common.dict.security.RoleStatus;
-import cn.sliew.scaleph.dao.entity.master.security.SecResourceWeb;
 import cn.sliew.scaleph.dao.entity.master.security.SecResourceWebRole;
+import cn.sliew.scaleph.dao.entity.master.security.SecResourceWebVO;
 import cn.sliew.scaleph.dao.entity.master.security.SecRole;
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.apache.ibatis.annotations.Param;
 import org.springframework.stereotype.Repository;
 
+import java.util.List;
+
 /**
  * 资源-web与角色关联表 Mapper 接口
  */
@@ -49,5 +51,8 @@ Page<SecRole> selectUnrelatedRolesByWebResource(Page page,
                                                     @Param("status") RoleStatus status,
                                                     @Param("name") String name);
 
-    Page<SecResourceWeb> selectAllResourceWebWithAuthorizeStatus(@Param("roleId") Long roleId);
+    /**
+     * 查询所有 资源-web，包含角色关联信息
+     */
+    List<SecResourceWebVO> selectAllResourceWebWithAuthorizeStatus(@Param("roleId") Long roleId, @Param("pid") Long pid);
 }
diff --git a/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebMapper.xml b/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebMapper.xml
index 803e97ed0..2f0d9bbff 100644
--- a/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebMapper.xml
+++ b/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebMapper.xml
@@ -18,23 +18,27 @@
 
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="cn.sliew.scaleph.dao.mapper.master.security.SecResourceWebMapper">
-
     <!-- 通用查询映射结果 -->
     <resultMap id="BaseResultMap" type="cn.sliew.scaleph.dao.entity.master.security.SecResourceWeb">
-        <result column="id" property="id" />
-        <result column="creator" property="creator" />
-        <result column="create_time" property="createTime" />
-        <result column="editor" property="editor" />
-        <result column="update_time" property="updateTime" />
-        <result column="type" property="type" />
-        <result column="pid" property="pid" />
-        <result column="name" property="name" />
-        <result column="path" property="path" />
-        <result column="redirect" property="redirect" />
-        <result column="layout" property="layout" />
-        <result column="icon" property="icon" />
-        <result column="component" property="component" />
-        <result column="remark" property="remark" />
+        <result column="id" property="id"/>
+        <result column="creator" property="creator"/>
+        <result column="create_time" property="createTime"/>
+        <result column="editor" property="editor"/>
+        <result column="update_time" property="updateTime"/>
+        <result column="type" property="type"/>
+        <result column="pid" property="pid"/>
+        <result column="name" property="name"/>
+        <result column="path" property="path"/>
+        <result column="redirect" property="redirect"/>
+        <result column="layout" property="layout"/>
+        <result column="icon" property="icon"/>
+        <result column="component" property="component"/>
+        <result column="remark" property="remark"/>
+    </resultMap>
+
+    <resultMap id="SecResourceWebVOMap" type="cn.sliew.scaleph.dao.entity.master.security.SecResourceWebVO"
+               extends="BaseResultMap">
+        <result column="role_id" property="roleId"/>
     </resultMap>
 
     <!-- 通用查询结果列 -->
@@ -46,5 +50,4 @@
         update_time,
         `type`, pid, `name`, `path`, redirect, layout, icon, `component`, remark
     </sql>
-
 </mapper>
diff --git a/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.xml b/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.xml
index fdb65d1b7..637d22134 100644
--- a/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.xml
+++ b/scaleph-dao/src/main/resources/cn/sliew/scaleph/dao/mapper/master/security/SecResourceWebRoleMapper.xml
@@ -18,16 +18,15 @@
 
 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
 <mapper namespace="cn.sliew.scaleph.dao.mapper.master.security.SecResourceWebRoleMapper">
-
     <!-- 通用查询映射结果 -->
     <resultMap id="BaseResultMap" type="cn.sliew.scaleph.dao.entity.master.security.SecResourceWebRole">
-        <result column="id" property="id" />
-        <result column="creator" property="creator" />
-        <result column="create_time" property="createTime" />
-        <result column="editor" property="editor" />
-        <result column="update_time" property="updateTime" />
-        <result column="resource_web_id" property="resourceWebId" />
-        <result column="role_id" property="roleId" />
+        <result column="id" property="id"/>
+        <result column="creator" property="creator"/>
+        <result column="create_time" property="createTime"/>
+        <result column="editor" property="editor"/>
+        <result column="update_time" property="updateTime"/>
+        <result column="resource_web_id" property="resourceWebId"/>
+        <result column="role_id" property="roleId"/>
     </resultMap>
 
     <!-- 通用查询结果列 -->
@@ -40,7 +39,8 @@
         resource_web_id, role_id
     </sql>
 
-    <select id="selectRelatedRolesByWebResource" resultMap="cn.sliew.scaleph.dao.mapper.master.security.SecRoleMapper.SecRoleMap">
+    <select id="selectRelatedRolesByWebResource"
+            resultMap="cn.sliew.scaleph.dao.mapper.master.security.SecRoleMapper.SecRoleMap">
         SELECT
         t1.*
         FROM
@@ -58,7 +58,8 @@
         t1.`code`
     </select>
 
-    <select id="selectUnrelatedRolesByWebResource" resultMap="cn.sliew.scaleph.dao.mapper.master.security.SecRoleMapper.SecRoleMap">
+    <select id="selectUnrelatedRolesByWebResource"
+            resultMap="cn.sliew.scaleph.dao.mapper.master.security.SecRoleMapper.SecRoleMap">
         SELECT
         t1.*
         FROM
@@ -70,9 +71,20 @@
         <if test="name != null and name != ''">
             AND t1.`name` like concat('%',#{name},'%')
         </if>
-        AND NOT EXISTS ( SELECT * FROM sec_resource_web_role t2 WHERE t1.id = t2.role_id AND t2.resource_web_id = #{resourceWebId} )
+        AND NOT EXISTS ( SELECT * FROM sec_resource_web_role t2 WHERE t1.id = t2.role_id AND t2.resource_web_id =
+        #{resourceWebId} )
         ORDER BY
         t1.`code`
     </select>
 
+    <select id="selectAllResourceWebWithAuthorizeStatus"
+            resultMap="cn.sliew.scaleph.dao.mapper.master.security.SecResourceWebMapper.SecResourceWebVOMap">
+        SELECT t1.*,
+               t2.role_id
+        FROM sec_resource_web t1
+                 LEFT JOIN sec_resource_web_role t2 ON t1.id = t2.resource_web_id
+            AND t2.role_id = #{roleId}
+        WHERE
+            t1.pid = #{pid}
+    </select>
 </mapper>
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/SecAuthorizeService.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/SecAuthorizeService.java
index e5d42f2fb..c38cd1c82 100644
--- a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/SecAuthorizeService.java
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/SecAuthorizeService.java
@@ -18,7 +18,14 @@
 
 package cn.sliew.scaleph.security.service;
 
+import cn.sliew.scaleph.security.service.dto.SecResourceWebWithAuthorizeDTO;
+import cn.sliew.scaleph.security.service.dto.SecRoleDTO;
 import cn.sliew.scaleph.security.service.dto.UmiRoute;
+import cn.sliew.scaleph.security.service.param.SecResourceWebBatchAuthorizeForRoleParam;
+import cn.sliew.scaleph.security.service.param.SecResourceWebListByRoleParam;
+import cn.sliew.scaleph.security.service.param.SecRoleBatchAuthorizeForResourceWebParam;
+import cn.sliew.scaleph.security.service.param.SecRoleListByResourceWebParam;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 
 import java.util.List;
 
@@ -28,4 +35,47 @@ public interface SecAuthorizeService {
      * 将用户拥有的前端资源转化为 umi.js 的 route 配置
      */
     List<UmiRoute> getWebRoute();
+
+    // -------------------------------------------------------------------------------------------
+    // resource-web -> role
+    // -------------------------------------------------------------------------------------------
+
+    /**
+     * 查询 资源-web 绑定角色列表
+     */
+    Page<SecRoleDTO> listAuthorizedRolesByResourceWebId(SecRoleListByResourceWebParam param);
+
+    /**
+     * 查询 资源-web 未绑定角色列表
+     */
+    Page<SecRoleDTO> listUnauthorizedRolesByResourceWebId(SecRoleListByResourceWebParam param);
+
+    /**
+     * 批量为 资源-web 绑定角色
+     */
+    void authorize(SecRoleBatchAuthorizeForResourceWebParam param);
+
+    /**
+     * 批量为 资源-web 解除角色绑定
+     */
+    void unauthorize(SecRoleBatchAuthorizeForResourceWebParam param);
+
+    // -------------------------------------------------------------------------------------------
+    // role -> resource-web
+    // -------------------------------------------------------------------------------------------
+    /**
+     * 查询所有 资源-web 和指定角色绑定状态
+     */
+    List<SecResourceWebWithAuthorizeDTO> listResourceWebsByRoleId(SecResourceWebListByRoleParam param);
+
+    /**
+     * 批量为角色绑定 资源-web
+     */
+    void authorize(SecResourceWebBatchAuthorizeForRoleParam param);
+
+    /**
+     * 批量为角色解除 资源-web 绑定
+     */
+    void unauthorize(SecResourceWebBatchAuthorizeForRoleParam param);
+
 }
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/convert/SecResourceWebWithAuthorizeConvert.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/convert/SecResourceWebWithAuthorizeConvert.java
new file mode 100644
index 000000000..6234c42f9
--- /dev/null
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/convert/SecResourceWebWithAuthorizeConvert.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.security.service.convert;
+
+import cn.sliew.scaleph.common.convert.BaseConvert;
+import cn.sliew.scaleph.common.dict.common.YesOrNo;
+import cn.sliew.scaleph.dao.entity.master.security.SecResourceWebVO;
+import cn.sliew.scaleph.security.service.dto.SecResourceWebWithAuthorizeDTO;
+import org.mapstruct.Mapper;
+import org.mapstruct.factory.Mappers;
+import org.springframework.beans.BeanUtils;
+
+@Mapper
+public interface SecResourceWebWithAuthorizeConvert extends BaseConvert<SecResourceWebVO, SecResourceWebWithAuthorizeDTO> {
+
+    SecResourceWebWithAuthorizeConvert INSTANCE = Mappers.getMapper(SecResourceWebWithAuthorizeConvert.class);
+
+    @Override
+    default SecResourceWebVO toDo(SecResourceWebWithAuthorizeDTO dto) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Override
+    default SecResourceWebWithAuthorizeDTO toDto(SecResourceWebVO entity) {
+        SecResourceWebWithAuthorizeDTO dto = new SecResourceWebWithAuthorizeDTO();
+        BeanUtils.copyProperties(SecResourceWebConvert.INSTANCE.toDto(entity), dto);
+        dto.setAuthorized(entity.getRoleId() != null ? YesOrNo.YES : YesOrNo.NO);
+        return dto;
+    }
+}
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/dto/SecResourceWebWithAuthorizeDTO.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/dto/SecResourceWebWithAuthorizeDTO.java
new file mode 100644
index 000000000..d1067e36e
--- /dev/null
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/dto/SecResourceWebWithAuthorizeDTO.java
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.security.service.dto;
+
+import cn.sliew.scaleph.common.dict.common.YesOrNo;
+import cn.sliew.scaleph.common.dict.security.ResourceType;
+import cn.sliew.scaleph.system.model.BaseDTO;
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * 资源-web
+ */
+@Data
+@Schema(name = "SecResourceWebWithAuthorize对象", description = "资源-web 相关授权状态")
+public class SecResourceWebWithAuthorizeDTO extends BaseDTO {
+
+    private static final long serialVersionUID = 1L;
+
+    @Schema(description = "资源类型。导航，菜单，页面，按钮")
+    private ResourceType type;
+
+    @Schema(description = "上级资源id")
+    private Long pid;
+
+    @Schema(description = "前端名称")
+    private String name;
+
+    @Schema(description = "前端路由路径")
+    private String path;
+
+    @Schema(description = "前端重定向路径")
+    private String redirect;
+
+    @Schema(description = "前端全局布局显示。只在一级生效")
+    private Boolean layout;
+
+    @Schema(description = "前端 icon")
+    private String icon;
+
+    @Schema(description = "前端组件")
+    private String component;
+
+    @Schema(description = "备注")
+    private String remark;
+
+    @Schema(description = "下级资源")
+    private List<SecResourceWebWithAuthorizeDTO> children;
+
+    @Schema(description = "授权状态")
+    private YesOrNo authorized;
+}
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/impl/SecAuthorizeServiceImpl.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/impl/SecAuthorizeServiceImpl.java
index 63a37fba3..935857fc0 100644
--- a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/impl/SecAuthorizeServiceImpl.java
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/impl/SecAuthorizeServiceImpl.java
@@ -18,10 +18,25 @@
 
 package cn.sliew.scaleph.security.service.impl;
 
+import cn.sliew.scaleph.dao.entity.master.security.SecResourceWebRole;
+import cn.sliew.scaleph.dao.entity.master.security.SecResourceWebVO;
+import cn.sliew.scaleph.dao.entity.master.security.SecRole;
+import cn.sliew.scaleph.dao.mapper.master.security.SecResourceWebRoleMapper;
 import cn.sliew.scaleph.security.service.SecAuthorizeService;
 import cn.sliew.scaleph.security.service.SecResourceWebService;
+import cn.sliew.scaleph.security.service.convert.SecResourceWebWithAuthorizeConvert;
+import cn.sliew.scaleph.security.service.convert.SecRoleConvert;
 import cn.sliew.scaleph.security.service.dto.SecResourceWebDTO;
+import cn.sliew.scaleph.security.service.dto.SecResourceWebWithAuthorizeDTO;
+import cn.sliew.scaleph.security.service.dto.SecRoleDTO;
 import cn.sliew.scaleph.security.service.dto.UmiRoute;
+import cn.sliew.scaleph.security.service.param.SecResourceWebBatchAuthorizeForRoleParam;
+import cn.sliew.scaleph.security.service.param.SecResourceWebListByRoleParam;
+import cn.sliew.scaleph.security.service.param.SecRoleBatchAuthorizeForResourceWebParam;
+import cn.sliew.scaleph.security.service.param.SecRoleListByResourceWebParam;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
@@ -34,6 +49,8 @@ public class SecAuthorizeServiceImpl implements SecAuthorizeService {
 
     @Autowired
     private SecResourceWebService secResourceWebService;
+    @Autowired
+    private SecResourceWebRoleMapper secResourceWebRoleMapper;
 
     /**
      * fixme 这里没有获取用户自己的资源，先获取的所有资源
@@ -61,4 +78,85 @@ private List<UmiRoute> buildRouteByPid(Long pid) {
         }
         return routes;
     }
+
+    @Override
+    public Page<SecRoleDTO> listAuthorizedRolesByResourceWebId(SecRoleListByResourceWebParam param) {
+        Page page = new Page(param.getCurrent(), param.getPageSize());
+        Page<SecRole> secRolePage = secResourceWebRoleMapper.selectRelatedRolesByWebResource(page, param.getResourceWebId(), param.getStatus(), param.getName());
+        Page<SecRoleDTO> result = new Page<>(secRolePage.getCurrent(), secRolePage.getSize(), secRolePage.getTotal());
+        List<SecRoleDTO> secRoleDTOS = SecRoleConvert.INSTANCE.toDto(secRolePage.getRecords());
+        result.setRecords(secRoleDTOS);
+        return result;
+    }
+
+    @Override
+    public Page<SecRoleDTO> listUnauthorizedRolesByResourceWebId(SecRoleListByResourceWebParam param) {
+        Page page = new Page(param.getCurrent(), param.getPageSize());
+        Page<SecRole> secRolePage = secResourceWebRoleMapper.selectUnrelatedRolesByWebResource(page, param.getResourceWebId(), param.getStatus(), param.getName());
+        Page<SecRoleDTO> result = new Page<>(secRolePage.getCurrent(), secRolePage.getSize(), secRolePage.getTotal());
+        List<SecRoleDTO> secRoleDTOS = SecRoleConvert.INSTANCE.toDto(secRolePage.getRecords());
+        result.setRecords(secRoleDTOS);
+        return result;
+    }
+
+    @Override
+    public void authorize(SecRoleBatchAuthorizeForResourceWebParam param) {
+        for (Long roleId : param.getRoleIds()) {
+            SecResourceWebRole record = new SecResourceWebRole();
+            record.setResourceWebId(param.getResourceWebId());
+            record.setRoleId(roleId);
+            secResourceWebRoleMapper.insert(record);
+        }
+    }
+
+    @Override
+    public void unauthorize(SecRoleBatchAuthorizeForResourceWebParam param) {
+        for (Long roleId : param.getRoleIds()) {
+            LambdaQueryWrapper<SecResourceWebRole> queryWrapper = Wrappers.lambdaQuery(SecResourceWebRole.class)
+                    .eq(SecResourceWebRole::getResourceWebId, param.getResourceWebId())
+                    .eq(SecResourceWebRole::getRoleId, roleId);
+            secResourceWebRoleMapper.delete(queryWrapper);
+        }
+    }
+
+    @Override
+    public List<SecResourceWebWithAuthorizeDTO> listResourceWebsByRoleId(SecResourceWebListByRoleParam param) {
+        List<SecResourceWebVO> secResourceWebVOS = secResourceWebRoleMapper.selectAllResourceWebWithAuthorizeStatus(param.getRoleId(), 0L);
+        List<SecResourceWebWithAuthorizeDTO> result = SecResourceWebWithAuthorizeConvert.INSTANCE.toDto(secResourceWebVOS);
+        result.forEach(dto -> recurse(param.getRoleId(), dto));
+        return result;
+    }
+
+    private void recurse(Long roleId, SecResourceWebWithAuthorizeDTO resourceWebDTO) {
+        List<SecResourceWebWithAuthorizeDTO> children = listResourceWebsByRoleIdAndPid(roleId, resourceWebDTO.getId());
+        if (CollectionUtils.isEmpty(children) == false) {
+            resourceWebDTO.setChildren(children);
+            children.forEach(child -> recurse(roleId, child));
+        }
+    }
+
+    private List<SecResourceWebWithAuthorizeDTO> listResourceWebsByRoleIdAndPid(Long roleId, Long pid) {
+        List<SecResourceWebVO> secResourceWebVOS = secResourceWebRoleMapper.selectAllResourceWebWithAuthorizeStatus(roleId, pid);
+        return SecResourceWebWithAuthorizeConvert.INSTANCE.toDto(secResourceWebVOS);
+    }
+
+    @Override
+    public void authorize(SecResourceWebBatchAuthorizeForRoleParam param) {
+        for (Long resourceWebId : param.getResourceWebIds()) {
+            SecResourceWebRole record = new SecResourceWebRole();
+            record.setResourceWebId(resourceWebId);
+            record.setRoleId(param.getRoleId());
+            secResourceWebRoleMapper.insert(record);
+        }
+    }
+
+    @Override
+    public void unauthorize(SecResourceWebBatchAuthorizeForRoleParam param) {
+        for (Long resourceWebId : param.getResourceWebIds()) {
+            LambdaQueryWrapper<SecResourceWebRole> queryWrapper = Wrappers.lambdaQuery(SecResourceWebRole.class)
+                    .eq(SecResourceWebRole::getResourceWebId, resourceWebId)
+                    .eq(SecResourceWebRole::getRoleId, param.getRoleId());
+            secResourceWebRoleMapper.delete(queryWrapper);
+        }
+    }
 }
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebBatchAuthorizeForRoleParam.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebBatchAuthorizeForRoleParam.java
new file mode 100644
index 000000000..da436bf0e
--- /dev/null
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebBatchAuthorizeForRoleParam.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.security.service.param;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import java.util.List;
+
+@Data
+public class SecResourceWebBatchAuthorizeForRoleParam {
+
+    @NotNull
+    @Schema(description = "角色 id")
+    private Long roleId;
+
+    @NotEmpty
+    @Schema(description = "待授权/取消授权 资源-web id 列表")
+    private List<Long> resourceWebIds;
+}
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebListByRoleParam.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebListByRoleParam.java
new file mode 100644
index 000000000..129740061
--- /dev/null
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecResourceWebListByRoleParam.java
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.security.service.param;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import javax.validation.constraints.NotNull;
+
+@Data
+public class SecResourceWebListByRoleParam {
+
+    @NotNull
+    @Schema(description = "角色 id")
+    private Long roleId;
+}
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleBatchAuthorizeForResourceWebParam.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleBatchAuthorizeForResourceWebParam.java
new file mode 100644
index 000000000..486ae8062
--- /dev/null
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleBatchAuthorizeForResourceWebParam.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.security.service.param;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import java.util.List;
+
+@Data
+public class SecRoleBatchAuthorizeForResourceWebParam {
+
+    @NotNull
+    @Schema(description = "资源-web id")
+    private Long resourceWebId;
+
+    @NotEmpty
+    @Schema(description = "待授权/取消授权角色 id 列表")
+    private List<Long> roleIds;
+}
diff --git a/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleListByResourceWebParam.java b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleListByResourceWebParam.java
new file mode 100644
index 000000000..d835a3dea
--- /dev/null
+++ b/scaleph-security/src/main/java/cn/sliew/scaleph/security/service/param/SecRoleListByResourceWebParam.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cn.sliew.scaleph.security.service.param;
+
+import cn.sliew.scaleph.common.dict.security.RoleStatus;
+import cn.sliew.scaleph.system.model.PaginationParam;
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import javax.validation.constraints.NotNull;
+
+@Data
+public class SecRoleListByResourceWebParam extends PaginationParam {
+
+    @NotNull
+    @Schema(description = "资源-web id")
+    private Long resourceWebId;
+
+    @Schema(description = "角色状态")
+    private RoleStatus status;
+
+    @Schema(description = "角色名称。支持搜索")
+    private String name;
+}