From 3f5ec6b1c7b377c59c8966a668356ff09a21ea88 Mon Sep 17 00:00:00 2001
From: yumoqing <yumoqing@gmail.com>
Date: Thu, 25 Dec 2025 15:41:24 +0800
Subject: [PATCH] bugfix

---
 rbac/check_perm.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rbac/check_perm.py b/rbac/check_perm.py
index 4da90c3..8290de5 100644
--- a/rbac/check_perm.py
+++ b/rbac/check_perm.py
@@ -15,7 +15,7 @@ from ahserver.globalEnv import password_encode
 from ahserver.serverenv import ServerEnv, get_serverenv, set_serverenv
 
 async def get_user_roles(userid):
-	sql = "select concat(b.orgtypeid, '.', b.name) as name from userrole a, role b where a.userid=${userid}$ and a.roleid = b.id"
+	sql = "select b.orgtypeid, concat(b.orgtypeid, '.', b.name) as name from userrole a, role b where a.userid=${userid}$ and a.roleid = b.id"
 	db = DBPools()
 	roles = []
 	dbname = get_dbname()
@@ -23,7 +23,11 @@ async def get_user_roles(userid):
 		recs = await sor.sqlExe(sql, {'userid':userid})
 		if len(recs) < 1:
 			return roles
+		orgtypes = []
 		for r in recs:
+			if r.orgtypeid not in orgtypes:
+				orgtypes.append(r.orgtypeid)
+				roles.append(r.orgtypeid + '.*')
 			roles.append(r.name)
 	return roles