diff --git a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs index fd6db69e..91b9413b 100644 --- a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs +++ b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs @@ -609,9 +609,9 @@ public class SysAuthService : IDynamicApiController, ITransient // 获取用户角色关联的机构Id db.Queryable().InnerJoin((u, a) => u.RoleId == a.RoleId).Select((u, a) => new { a.UserId, u.OrgId }), // 获取包含全部数据权限的机构Id - db.Queryable().IgnoreTenant().FullJoin((u, a) => a.SysRole.DataScope == DataScopeEnum.All).Select((u, a) => new { a.UserId, OrgId = u.Id }), + db.Queryable().IgnoreTenant().Where(u => SqlFunc.Subqueryable().InnerJoin((x, y) => x.RoleId == y.Id).Where((x, y) => x.UserId == user.Id && y.DataScope == DataScopeEnum.All).Any()).Select(u => new { UserId = user.Id, OrgId = u.Id }), // 超管获取全部机构Id - db.Queryable().IgnoreTenant().FullJoin((u, a) => a.AccountType == AccountTypeEnum.SuperAdmin).Select((u, a) => new { UserId = a.Id, OrgId = u.Id })) + db.Queryable().IgnoreTenant().Where(u => user.AccountType == AccountTypeEnum.SuperAdmin).Select(u => new { UserId = user.Id, OrgId = u.Id })) .Where(u => SqlFunc.IsNull(u.OrgId, 0) != 0 && u.UserId == user.Id) .Select(u => u.OrgId) .Distinct() @@ -619,7 +619,7 @@ public class SysAuthService : IDynamicApiController, ITransient // 如果存在本部门及以下,则获取本部门及以下机构的Id var dataScopes = db.Queryable().Where(u => roleIds.Contains(u.Id)).Select(u => u.DataScope).Distinct().ToList(); - if (dataScopes.Any(u => u == DataScopeEnum.DeptChild)) + if (dataScopes.All(u => u != DataScopeEnum.All) && dataScopes.Any(u => u == DataScopeEnum.DeptChild)) { var childOrg = db.Queryable().IgnoreTenant().ToTree(u => u.Children, u => u.Pid, user.OrgId); if (childOrg == null || childOrg.Count > 0) return orgIds;