feat: 支持工作流插件复用与试运行

- 新增工作流插件类型、发布快照同步、实时可用性与下线影响检查

- 收口绑定候选、分类权限、间接环路校验与运行态优雅降级

- 补齐管理端工作流插件配置、详情与试运行界面及定向测试

easyflow-modules/easyflow-module-system/src/main/java/tech/easyflow/system/service/CategoryPermissionService.java

@@ -1,5 +1,6 @@
 package tech.easyflow.system.service;
 
+import tech.easyflow.common.entity.LoginAccount;
 import tech.easyflow.system.entity.vo.RoleCategoryAccessSnapshot;
 
 import java.math.BigInteger;
@@ -9,11 +10,17 @@ public interface CategoryPermissionService {
 
     boolean isCurrentSuperAdmin();
 
+    boolean isSuperAdmin(LoginAccount loginAccount);
+
     RoleCategoryAccessSnapshot getCurrentAccess(String resourceType);
 
+    RoleCategoryAccessSnapshot getAccess(String resourceType, LoginAccount loginAccount);
+
     Set<BigInteger> getCurrentVisibleCategoryIds(String resourceType);
 
     boolean canAccessCategory(String resourceType, BigInteger createdBy, BigInteger categoryId);
 
+    boolean canAccessCategory(LoginAccount loginAccount, String resourceType, BigInteger createdBy, BigInteger categoryId);
+
     void assertCategoryResourceVisible(String resourceType, BigInteger createdBy, BigInteger categoryId, String message);
 }

easyflow-modules/easyflow-module-system/src/main/java/tech/easyflow/system/service/ResourceAccessService.java

@@ -1,5 +1,6 @@
 package tech.easyflow.system.service;
 
+import tech.easyflow.common.entity.LoginAccount;
 import tech.easyflow.system.enums.CategoryResourceType;
 import tech.easyflow.system.enums.ResourceAction;
 import tech.easyflow.system.permission.resource.VisibilityResource;
@@ -8,5 +9,7 @@ public interface ResourceAccessService {
 
     boolean canAccess(CategoryResourceType resourceType, VisibilityResource resource, ResourceAction action);
 
+    boolean canAccess(LoginAccount loginAccount, CategoryResourceType resourceType, VisibilityResource resource, ResourceAction action);
+
     void assertAccess(CategoryResourceType resourceType, VisibilityResource resource, ResourceAction action, String message);
 }

easyflow-modules/easyflow-module-system/src/main/java/tech/easyflow/system/service/impl/CategoryPermissionServiceImpl.java

@@ -44,6 +44,11 @@ public class CategoryPermissionServiceImpl implements CategoryPermissionService
             return false;
         }
         LoginAccount loginAccount = SaTokenUtil.getLoginAccount();
+        return isSuperAdmin(loginAccount);
+    }
+
+    @Override
+    public boolean isSuperAdmin(LoginAccount loginAccount) {
         return loginAccount != null && isSuperAdmin(loginAccount.getId());
     }
 
@@ -53,6 +58,11 @@ public class CategoryPermissionServiceImpl implements CategoryPermissionService
             return new RoleCategoryAccessSnapshot(resourceType, null, false, true, Collections.emptySet());
         }
         LoginAccount loginAccount = SaTokenUtil.getLoginAccount();
+        return getAccess(resourceType, loginAccount);
+    }
+
+    @Override
+    public RoleCategoryAccessSnapshot getAccess(String resourceType, LoginAccount loginAccount) {
         if (loginAccount == null) {
             return new RoleCategoryAccessSnapshot(resourceType, null, false, true, Collections.emptySet());
         }
@@ -100,6 +110,12 @@ public class CategoryPermissionServiceImpl implements CategoryPermissionService
         return snapshot.canAccess(createdBy, categoryId);
     }
 
+    @Override
+    public boolean canAccessCategory(LoginAccount loginAccount, String resourceType, BigInteger createdBy, BigInteger categoryId) {
+        RoleCategoryAccessSnapshot snapshot = getAccess(resourceType, loginAccount);
+        return snapshot.canAccess(createdBy, categoryId);
+    }
+
     @Override
     public void assertCategoryResourceVisible(String resourceType, BigInteger createdBy, BigInteger categoryId, String message) {
         if (!canAccessCategory(resourceType, createdBy, categoryId)) {

easyflow-modules/easyflow-module-system/src/main/java/tech/easyflow/system/service/impl/ResourceAccessServiceImpl.java

@@ -26,15 +26,19 @@ public class ResourceAccessServiceImpl implements ResourceAccessService {
 
     @Override
     public boolean canAccess(CategoryResourceType resourceType, VisibilityResource resource, ResourceAction action) {
+        return canAccess(SaTokenUtil.getLoginAccount(), resourceType, resource, action);
+    }
+
+    @Override
+    public boolean canAccess(LoginAccount loginAccount, CategoryResourceType resourceType, VisibilityResource resource, ResourceAction action) {
         if (resource == null) {
             return false;
         }
-        LoginAccount loginAccount = SaTokenUtil.getLoginAccount();
         if (loginAccount == null || loginAccount.getId() == null) {
             return false;
         }
         BigInteger accountId = loginAccount.getId();
-        if (categoryPermissionService.isCurrentSuperAdmin()) {
+        if (categoryPermissionService.isSuperAdmin(loginAccount)) {
             return true;
         }
         if (accountId.equals(resource.getCreatedBy())) {
@@ -43,7 +47,7 @@ public class ResourceAccessServiceImpl implements ResourceAccessService {
         if (ResourceAction.MANAGE == action) {
             return false;
         }
-        if (!categoryPermissionService.canAccessCategory(resourceType.getCode(), resource.getCreatedBy(), resource.getCategoryId())) {
+        if (!categoryPermissionService.canAccessCategory(loginAccount, resourceType.getCode(), resource.getCreatedBy(), resource.getCategoryId())) {
             return false;
         }
         VisibilityScope scope = VisibilityScope.fromOrDefault(resource.getVisibilityScope(), VisibilityScope.PRIVATE);