From 214b677f6386d71c17301c3e8e611b0b1ff45242 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=96=B5=E4=BD=A0=E4=B8=AA=E6=B1=AA=E5=91=80?=
 <jason-dom@qq.com>
Date: Wed, 3 Sep 2025 19:21:24 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=8D=92=20fix(Auth):=20=E4=BF=AE=E5=A4=8DM?=
 =?UTF-8?q?ysql=E4=B8=8D=E6=94=AF=E6=8C=81FullJoin=E8=AF=AD=E5=8F=A5?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C=E4=BC=98=E5=8C=96`?=
 =?UTF-8?q?=E6=9C=AC=E9=83=A8=E9=97=A8=E5=8F=8A=E4=BB=A5=E4=B8=8B=E6=9C=BA?=
 =?UTF-8?q?=E6=9E=84`=E6=9F=A5=E8=AF=A2=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
index fd6db69e..91b9413b 100644
--- a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
+++ b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
@@ -609,9 +609,9 @@ public class SysAuthService : IDynamicApiController, ITransient
                 // 获取用户角色关联的机构Id
                 db.Queryable<SysRoleOrg>().InnerJoin<SysUserRole>((u, a) => u.RoleId == a.RoleId).Select((u, a) => new { a.UserId, u.OrgId }),
                 // 获取包含全部数据权限的机构Id
-                db.Queryable<SysOrg>().IgnoreTenant().FullJoin<SysUserRole>((u, a) => a.SysRole.DataScope == DataScopeEnum.All).Select((u, a) => new { a.UserId, OrgId = u.Id }),
+                db.Queryable<SysOrg>().IgnoreTenant().Where(u => SqlFunc.Subqueryable<SysUserRole>().InnerJoin<SysRole>((x, y) => x.RoleId == y.Id).Where((x, y) => x.UserId == user.Id && y.DataScope == DataScopeEnum.All).Any()).Select(u => new { UserId = user.Id, OrgId = u.Id }),
                 // 超管获取全部机构Id
-                db.Queryable<SysOrg>().IgnoreTenant().FullJoin<SysUser>((u, a) => a.AccountType == AccountTypeEnum.SuperAdmin).Select((u, a) => new { UserId = a.Id, OrgId = u.Id }))
+                db.Queryable<SysOrg>().IgnoreTenant().Where(u => user.AccountType == AccountTypeEnum.SuperAdmin).Select(u => new { UserId = user.Id, OrgId = u.Id }))
             .Where(u => SqlFunc.IsNull(u.OrgId, 0) != 0 && u.UserId == user.Id)
             .Select(u => u.OrgId)
             .Distinct()
@@ -619,7 +619,7 @@ public class SysAuthService : IDynamicApiController, ITransient
 
         // 如果存在本部门及以下，则获取本部门及以下机构的Id
         var dataScopes = db.Queryable<SysRole>().Where(u => roleIds.Contains(u.Id)).Select(u => u.DataScope).Distinct().ToList();
-        if (dataScopes.Any(u => u == DataScopeEnum.DeptChild))
+        if (dataScopes.All(u => u != DataScopeEnum.All) && dataScopes.Any(u => u == DataScopeEnum.DeptChild))
         {
             var childOrg = db.Queryable<SysOrg>().IgnoreTenant().ToTree(u => u.Children, u => u.Pid, user.OrgId);
             if (childOrg == null || childOrg.Count > 0) return orgIds;