From 010d16c495459c84525c6de4878aaef89a47eab2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=87=91=E6=B5=B7=E6=B4=8B?= Date: Thu, 26 Oct 2023 18:06:32 +0800 Subject: [PATCH 01/27] =?UTF-8?q?listByRoleIds=20=E5=A2=9E=E5=8A=A0workspa?= =?UTF-8?q?ce=20id?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java | 4 +++- .../axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java index ac4a41f9..87ec7290 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java @@ -1,12 +1,12 @@ package cn.axzo.tyr.client.model.vo; -import cn.axzo.trade.datasecurity.core.annotation.control.DisableCrypt; import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode; import cn.hutool.core.collection.CollectionUtil; import lombok.AllArgsConstructor; import lombok.Builder; import lombok.Data; import lombok.NoArgsConstructor; +import lombok.extern.slf4j.Slf4j; import java.util.ArrayList; import java.util.Collection; @@ -21,6 +21,7 @@ import java.util.stream.Collectors; @AllArgsConstructor @NoArgsConstructor @Builder +@Slf4j public class SaasRoleVO { private Long id; @@ -125,6 +126,7 @@ public class SaasRoleVO { } } + log.info("+======permissionPoint: {}", permissionPoint); return new ArrayList<>((Collection) permissionPoint); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 8ed97f33..5d756db2 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -600,6 +600,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { .anyMatch(f -> featureIds.contains(f.getPermissionPointId()))) .collect(Collectors.toList()); + log.info("-======matchedRoleList: {}", matchedRoleList); log.info("====计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色:{}===",featureIds); //查询角色下用户 List matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList()); From 13dc89cff82d0b1ff3a5f768e549dd24c7c305b2 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Thu, 26 Oct 2023 18:10:40 +0800 Subject: [PATCH 02/27] debug(permission-check): log --- .../service/impl/TyrSaasAuthServiceImpl.java | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index cb5dd543..884735d7 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -48,6 +48,7 @@ import cn.hutool.core.date.StopWatch; import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.StrUtil; import cn.hutool.json.JSONUtil; +import com.alibaba.fastjson.JSON; import com.google.common.collect.Lists; import lombok.Data; import lombok.RequiredArgsConstructor; @@ -595,10 +596,17 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { log.info("====查询角色及权限:{}===",rolePermissions); //计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色 Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); - List matchedRoleList = rolePermissions.stream() - .filter(rp -> rp.getMatchFeature(workspaceId, ouId).stream() - .anyMatch(f -> featureIds.contains(f.getPermissionPointId()))) - .collect(Collectors.toList()); + + List matchedRoleList = new ArrayList<>(); + for (SaasRoleVO rolePermission : rolePermissions) { + List filterFeature = rolePermission.getMatchFeature(workspaceId, ouId); + if (filterFeature.stream().anyMatch(f -> featureIds.contains(f.getPermissionPointId()))) { + log.info("=====match role:{}", rolePermission.getId()); + matchedRoleList.add(rolePermission); + } else { + log.warn("=========not match role:{}", JSON.toJSONString(rolePermission)); + } + } log.info("====计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色:{}===",featureIds); //查询角色下用户 From 65478bfd363cd628b36bc9bba93c61f963f10f36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=87=91=E6=B5=B7=E6=B4=8B?= Date: Thu, 26 Oct 2023 18:19:26 +0800 Subject: [PATCH 03/27] add log --- .../axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 490ed11d..7c8238bc 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -604,7 +604,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { log.info("=====match role:{}", rolePermission.getId()); matchedRoleList.add(rolePermission); } else { - log.warn("=========not match role:{}", JSON.toJSONString(rolePermission)); + log.info("=====not_match-role-id:{}", rolePermission.getId()); + log.warn("=========not match role: {}",JSON.toJSONString(rolePermission)); } } From b8f4b5d26039c365be08307d88702f8269790f8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=87=91=E6=B5=B7=E6=B4=8B?= Date: Fri, 27 Oct 2023 09:38:07 +0800 Subject: [PATCH 04/27] review log --- .../service/impl/TyrSaasAuthServiceImpl.java | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 7c8238bc..be78daad 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -588,15 +588,14 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { //查询OU-工作台下的角色 List roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType()); - log.info("====查询OU-工作台下的角色:{}===",roleList); + List roleIds = roleList.stream().map(SaasRole::getId).distinct().collect(Collectors.toList()); + log.info("====getUsersFromRole--roleList:{}===", JSON.toJSONString(roleIds)); //查询角色及权限 - List rolePermissions = roleService.getByIds(roleList.stream().map(SaasRole::getId).collect(Collectors.toList()), + List rolePermissions = roleService.getByIds(roleIds, null, Lists.newArrayList(workspaceId), Lists.newArrayList(ouId), true); - log.info("====查询角色及权限:{}===",rolePermissions); //计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色 Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); - List matchedRoleList = new ArrayList<>(); for (SaasRoleVO rolePermission : rolePermissions) { List filterFeature = rolePermission.getMatchFeature(workspaceId, ouId); @@ -605,15 +604,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { matchedRoleList.add(rolePermission); } else { log.info("=====not_match-role-id:{}", rolePermission.getId()); - log.warn("=========not match role: {}",JSON.toJSONString(rolePermission)); } } - - log.info("-======matchedRoleList: {}", matchedRoleList); - log.info("====计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色:{}===",featureIds); //查询角色下用户 List matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList()); - log.info("====查询角色下用户:{}===",matchedRoleIds); + log.info("====matched-role-ids:{}===",matchedRoleIds); //追加工作台超管 Set superAdmins = roleList .stream() @@ -621,9 +616,9 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { .map(SaasRole::getId) .collect(Collectors.toSet()); matchedRoleIds.addAll(superAdmins); - log.info("====追加工作台超管:{}===",superAdmins); + log.info("====superAdmins:{}===", JSON.toJSONString(superAdmins)); List relationList = roleUserService.listByRoleIds(matchedRoleIds, workspaceId); - log.info("====追加工作台超管:{}===",relationList); + log.info("====matched-role-user-relation:{}===", JSON.toJSONString(relationList.stream().map(SaasRoleUserRelation::getId).collect(Collectors.toList()))); //构建用户-去重(identityId-identityType) List users = new ArrayList<>(); Set filterSet = new HashSet<>(); From 74545ff496ee5b1d9b21df1ded2c9fe4c3c5990e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E7=BB=B4=E4=BC=9F?= Date: Fri, 27 Oct 2023 19:29:18 +0800 Subject: [PATCH 05/27] =?UTF-8?q?CMS=E8=A7=92=E8=89=B2=E6=B8=85=E6=B4=97jo?= =?UTF-8?q?b-=E5=B0=86=E5=9B=9E=E6=BA=AF=E4=B8=8D=E4=BA=86=E7=9A=84?= =?UTF-8?q?=E8=A7=92=E8=89=B2=E6=B4=97=E6=88=90=E5=85=B6=E4=BB=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/job/CMSOtherRoleJobHandler.java | 142 ++++++++++++++++++ .../server/repository/entity/SaasRole.java | 7 + tyr-server/src/main/resources/bootstrap.yml | 4 +- 3 files changed, 151 insertions(+), 2 deletions(-) create mode 100644 tyr-server/src/main/java/cn/axzo/tyr/server/job/CMSOtherRoleJobHandler.java diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/job/CMSOtherRoleJobHandler.java b/tyr-server/src/main/java/cn/axzo/tyr/server/job/CMSOtherRoleJobHandler.java new file mode 100644 index 00000000..7f61d3c8 --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/job/CMSOtherRoleJobHandler.java @@ -0,0 +1,142 @@ +package cn.axzo.tyr.server.job; + +import cn.axzo.basics.common.constant.enums.OrganizationalUnitTypeEnum; +import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; +import cn.axzo.tyr.server.repository.dao.*; +import cn.axzo.tyr.server.repository.entity.SaasRole; +import cn.axzo.tyr.server.repository.entity.SaasRoleGroup; +import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation; +import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation; +import com.xxl.job.core.biz.model.ReturnT; +import com.xxl.job.core.handler.IJobHandler; +import com.xxl.job.core.handler.annotation.XxlJob; +import lombok.AllArgsConstructor; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.collections4.CollectionUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.cloud.context.config.annotation.RefreshScope; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +/** + * CMS角色清洗job-将回溯不了的角色洗成其他 + * @description + * @date 2021/9/13 11:31 + */ +@Component +@AllArgsConstructor +@Slf4j +@RefreshScope +@RequiredArgsConstructor +public class CMSOtherRoleJobHandler extends IJobHandler { + + @Autowired + SaasRoleGroupDao roleGroupDao; + @Autowired + SaasRoleDao roleDao; + @Autowired + SaasPermissionGroupDao saasPermissionGroupDao; + @Autowired + SaasFeatureDao featureDao; + @Autowired + SaasRoleGroupRelationDao roleGroupRelationDao; + @Autowired + SaasRoleUserRelationDao roleUserRelationDao; + @Autowired + SaasPgroupRoleRelationDao pgroupRoleRelationDao; + @Autowired + SaasPgroupPermissionRelationDao pgroupPermissionRelationDao; + @Autowired + SaasPreRoleDao saasPreRoleDao; + @Autowired + SaasPreTemplateDao saasPreTemplateDao; + @Autowired + SaasPreGroupRoleRelationDao saasPreGroupRoleRelationDao; + + /** + * CMS角色清洗job-将回溯不了的角色洗成其他 + * + * @param s + * @return + * @throws Exception + */ + @Transactional // 在一个事务里面做,一起提交 + @Override + @XxlJob("CMSOtherRoleJobHandler") + public ReturnT execute(String s) throws Exception { + log.info("CMSOtherRoleJobHandler start"); + // 查询无法回溯的角色 + List oldRole = roleDao.lambdaQuery() + .ne(SaasRole::getWorkspaceId, -1l) + .eq(SaasRole::getRoleType, "init") + .in(SaasRole::getFitOuTypeBit, Arrays.asList(1, 2, 4, 8, 16)) + .eq(SaasRole::getFromPreRoleId, 0l) + .eq(BaseEntity::getIsDelete, 0) + .list(); + if (CollectionUtils.isEmpty(oldRole)) { + log.info("未找到回溯不了的角色"); + } + // 根据单位类型分组 + Map> ouTypeMap = oldRole.stream().collect(Collectors.groupingBy(e -> e.getFitOuTypeBit())); + Set ouType = ouTypeMap.keySet(); + ouType.forEach(e -> { + // 获取"其他"角色id + Long newRoleId = getNewRoleId(e); + // 更用户角色关联关系 + roleUserRelationDao.lambdaUpdate() + .in(SaasRoleUserRelation::getRoleId,ouTypeMap.get(e).stream().map(BaseEntity::getId).collect(Collectors.toList())) + .set(SaasRoleUserRelation::getRoleId,newRoleId) + .update(); + }); + log.info("CMSOtherRoleJobHandler end"); + return ReturnT.SUCCESS; + } + + /** + * 查询新角色"其他" id + * @return + */ + private Long getNewRoleId(Long ouType) { + // 根据单位类型查询权限分组 + SaasRoleGroup roleGroup = roleGroupDao.lambdaQuery().eq(SaasRoleGroup::getOuTypeCode, String.valueOf(tranceOuTypeBit(ouType))).one(); + // 查询权限分组下的角色 + List roleGroupRelation = roleGroupRelationDao.lambdaQuery() + .eq(SaasRoleGroupRelation::getSaasRoleGroupId, roleGroup.getId()) + .eq(BaseEntity::getIsDelete, 0) + .list(); + // 查询权限分组下的"其他"角色 + SaasRole otherRole = roleDao.lambdaQuery() + .in(BaseEntity::getId, roleGroupRelation.stream().map(SaasRoleGroupRelation::getRoleId).collect(Collectors.toList())) + .eq(SaasRole::getName, "其他") + .eq(BaseEntity::getIsDelete, 0) + .one(); + return otherRole.getId(); + } + + private Integer tranceOuTypeBit(Long ouTypeBit) { + Integer ouType; + if (ouTypeBit == 1) { + ouType = OrganizationalUnitTypeEnum.PRIMARY_CONTRACTING_UNIT.getValue(); + } else if (ouTypeBit == 2) { + ouType = OrganizationalUnitTypeEnum.CONSTRUCTION_UNIT.getValue(); + } else if (ouTypeBit == 4) { + ouType = OrganizationalUnitTypeEnum.SUPERVISION_UNIT.getValue(); + } else if (ouTypeBit == 8) { + ouType = OrganizationalUnitTypeEnum.LABOR_SUBCONTRACTING.getValue(); + } else if (ouTypeBit == 16) { + ouType = OrganizationalUnitTypeEnum.PROFESSIONAL_SUBCONTRACTING.getValue(); + } else { + throw new IllegalStateException("ouTypeBit 错误: " + ouTypeBit); + } + return ouType; + } + + +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRole.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRole.java index e42a2b68..a23854aa 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRole.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRole.java @@ -64,6 +64,13 @@ public class SaasRole extends BaseEntity { @Deprecated private Long fromPreRoleId; + /** + * 适用单位类型 1:总包 2:建设单位 4:监理单位 8:劳务分包 16:专业分包 0都可以用 只会挂在最末级 + * (1052上线后可删除) + */ + @Deprecated + private Long fitOuTypeBit; + /** * 获取主键值 * diff --git a/tyr-server/src/main/resources/bootstrap.yml b/tyr-server/src/main/resources/bootstrap.yml index 08d64163..9bf74eb2 100644 --- a/tyr-server/src/main/resources/bootstrap.yml +++ b/tyr-server/src/main/resources/bootstrap.yml @@ -47,7 +47,7 @@ spring: cloud: nacos: config: - server-addr: ${NACOS_HOST:dev-nacos.axzo.cn}:${NACOS_PORT:80} + server-addr: ${NACOS_HOST:https://dev-nacos.axzo.cn}:${NACOS_PORT:443} file-extension: yaml namespace: ${NACOS_NAMESPACE_ID:f82179f1-81a9-41a1-a489-4f9ab5660a6e} logging: @@ -62,7 +62,7 @@ spring: cloud: nacos: config: - server-addr: ${NACOS_HOST:dev-nacos.axzo.cn}:${NACOS_PORT:80} + server-addr: ${NACOS_HOST:https://dev-nacos.axzo.cn}:${NACOS_PORT:443} file-extension: yaml namespace: ${NACOS_NAMESPACE_ID:35eada10-9574-4db8-9fea-bc6a4960b6c7} --- From aaf42d769416d82f5b06c8496a70f7b7d29836b9 Mon Sep 17 00:00:00 2001 From: wangjibo Date: Mon, 30 Oct 2023 16:16:51 +0800 Subject: [PATCH 06/27] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E9=97=AE=E9=A2=98=E4=BF=AE=E5=A4=8D=201.=E5=8F=AA=E6=9C=89?= =?UTF-8?q?=E8=B6=85=E7=AE=A1=E7=9A=84=E6=83=85=E5=86=B5=E4=B8=8B=EF=BC=8C?= =?UTF-8?q?=E4=BC=9A=E5=AF=BC=E8=87=B4=E5=B0=86=E8=B6=85=E7=AE=A1=E8=A7=92?= =?UTF-8?q?=E8=89=B2=E6=9B=BF=E6=8D=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/tyr/server/service/impl/RoleUserService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java index ea95ca6c..4048d97c 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java @@ -77,7 +77,7 @@ public class RoleUserService implements SaasRoleUserService { .build(); // 删除现有非管理员的角色 - if (CollectionUtils.isNotEmpty(existsRoleUser)) { + if (CollectionUtils.isNotEmpty(notAdminRole)) { roleUserRelationDao.deleteByUser(workspaceModel, notAdminRole); } // 清空所有角色 From 96d616afd0bf18614eea3ad2ca6b364ce1ea6151 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Fri, 3 Nov 2023 09:38:34 +0800 Subject: [PATCH 07/27] =?UTF-8?q?refactor(permission-check):=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E6=97=A5=E5=BF=97=EF=BC=9B=E4=BA=A7=E5=93=81=E6=9D=83?= =?UTF-8?q?=E9=99=90=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../axzo/tyr/client/feign/TyrSaasAuthApi.java | 2 +- .../entity/ProductFeatureQuery.java | 2 + .../service/impl/TyrSaasAuthServiceImpl.java | 66 ++++++++++--------- 3 files changed, 38 insertions(+), 32 deletions(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java index f4142e85..46941e35 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java @@ -81,7 +81,7 @@ public interface TyrSaasAuthApi { * @return */ @PostMapping("/api/v2/auth/listIdentityFromPermission") - ApiResult listIdentityFromPermission(@RequestBody ListIdentityFromPermissionReq req); + ApiResult listIdentityFromPermission(@RequestBody @Valid ListIdentityFromPermissionReq req); @PostMapping("/api/v2/auth/batchListIdentityFromPermission") ApiResult> batchListIdentityFromPermission(@RequestBody List req); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/ProductFeatureQuery.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/ProductFeatureQuery.java index 327656f9..b72f1969 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/ProductFeatureQuery.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/ProductFeatureQuery.java @@ -22,4 +22,6 @@ public class ProductFeatureQuery { private String terminal; private Integer workspaceJoinType; + + private Set featureIds; } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 7c8238bc..691ee698 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -534,86 +534,86 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { result.setWorkspaceId(req.getWorkspaceId()); //code查询权限点信息 + log.info("------trace-L-I-F-P---->"); List features = permissionPointService.listNodeWithChildrenByCode(req.getFeatureCode(), req.getTerminal()); + Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); + log.info("------trace-L-I-F-P----> features need to check:{}", featureIds); //权限匹配 - 工作台是否有指定权限 - List matchedFeature = matchWorkspaceFeature(req.getWorkspaceId(), req.getWorkspaceJoinType(), features); - if (CollectionUtil.isEmpty(matchedFeature)) { - log.warn("no matched feature in workspace"); + Set matchedFeatureIds = matchWorkspaceFeature(req.getWorkspaceId(), req.getWorkspaceJoinType(), featureIds); + if (CollectionUtil.isEmpty(matchedFeatureIds)) { + log.warn("------trace-L-I-F-P----> no matched feature in workspace"); return result; } + log.info("------trace-L-I-F-P----> matched feature in workspace:{}", matchedFeatureIds); //是否免授权权限点 - Optional freeFeature = matchedFeature.stream() + Optional freeFeature = features.stream() + .filter(f -> matchedFeatureIds.contains(f.getId())) .filter(f -> DelegatedType.NO_NEED.sameCode(f.getDelegatedType())) .findAny(); if (freeFeature.isPresent()) { - log.warn("free feature found"); + log.warn("------trace-L-I-F-P----> free feature found :{}", freeFeature.get().getId()); result.setFreePermission(true); return result; } //从相关角色查询用户-超管和普通角色 - List users = getUsersFromRole(req, matchedFeature); + List users = getUsersFromRole(req, matchedFeatureIds); result.setUsers(users); return result; } - private List matchWorkspaceFeature(Long workspaceId, Integer workspaceJoinType, List features) { + private Set matchWorkspaceFeature(Long workspaceId, Integer workspaceJoinType, Set featureIds) { //查询工作台下产品 List productList = checkAndGetData(servicePkgClient.listProductInWorkSpace(workspaceId)); if (CollectionUtil.isEmpty(productList)) { - log.warn("no product found for workspace:{}", workspaceId); - return new ArrayList<>(); + log.warn("------trace-L-I-F-P----> no product found for workspace"); + return Collections.emptySet(); } - //产品包含的权限-过滤参建类型 - Set workspaceFeatures = productFeatureRelationService.queryOnCondition(ProductFeatureQuery.builder() + //产品包含的权限-过滤参建类型 和 feature + return productFeatureRelationService.queryOnCondition(ProductFeatureQuery.builder() .productIds(productList.stream() .map(ServicePkgProduct::getProductId) .collect(Collectors.toSet())) .workspaceJoinType(workspaceJoinType) + .featureIds(featureIds) .build()) .stream() .map(SaasProductModuleFeatureRelation::getFeatureId) .collect(Collectors.toSet()); - - //权限匹配 - return features.stream() - .filter(x -> workspaceFeatures.contains(x.getId())) - .collect(Collectors.toList()); } - private List getUsersFromRole(ListIdentityFromPermissionReq req, List features) { + private List getUsersFromRole(ListIdentityFromPermissionReq req, Set featureIds) { Long ouId = req.getOuId(); Long workspaceId = req.getWorkspaceId(); - //查询OU-工作台下的角色 + //查询OU-工作台下的角色-含superAdmin List roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType()); - log.info("====查询OU-工作台下的角色:{}===",roleList); + log.info("------trace-L-I-F-P---->"); + List roleIds = roleList.stream().map(SaasRole::getId).collect(Collectors.toList()); + log.info("------trace-L-I-F-P----> roles from ou-workspace:{}", roleIds); + if (CollectionUtil.isEmpty(roleList)) { + log.info("------trace-L-I-F-P----> no role found for ou-workspace and type"); + return Collections.emptyList(); + } //查询角色及权限 - List rolePermissions = roleService.getByIds(roleList.stream().map(SaasRole::getId).collect(Collectors.toList()), + List rolePermissions = roleService.getByIds(roleIds, null, Lists.newArrayList(workspaceId), Lists.newArrayList(ouId), true); - log.info("====查询角色及权限:{}===",rolePermissions); //计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色 - Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); - List matchedRoleList = new ArrayList<>(); for (SaasRoleVO rolePermission : rolePermissions) { List filterFeature = rolePermission.getMatchFeature(workspaceId, ouId); if (filterFeature.stream().anyMatch(f -> featureIds.contains(f.getPermissionPointId()))) { - log.info("=====match role:{}", rolePermission.getId()); + log.info("------trace-L-I-F-P----> matched role:{}", rolePermission.getId()); matchedRoleList.add(rolePermission); } else { - log.info("=====not_match-role-id:{}", rolePermission.getId()); - log.warn("=========not match role: {}",JSON.toJSONString(rolePermission)); + log.info("------trace-L-I-F-P----> not matched role:{}", rolePermission.getId()); } } - log.info("-======matchedRoleList: {}", matchedRoleList); - log.info("====计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色:{}===",featureIds); //查询角色下用户 List matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList()); - log.info("====查询角色下用户:{}===",matchedRoleIds); //追加工作台超管 Set superAdmins = roleList .stream() @@ -621,9 +621,13 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { .map(SaasRole::getId) .collect(Collectors.toSet()); matchedRoleIds.addAll(superAdmins); - log.info("====追加工作台超管:{}===",superAdmins); + log.info("------trace-L-I-F-P----> append super admins:{}, final roles:{}", superAdmins, matchedRoleIds); + if (CollectionUtil.isEmpty(matchedRoleIds)) { + log.info("------trace-L-I-F-P----> no matched role found for feature"); + return Collections.emptyList(); + } + List relationList = roleUserService.listByRoleIds(matchedRoleIds, workspaceId); - log.info("====追加工作台超管:{}===",relationList); //构建用户-去重(identityId-identityType) List users = new ArrayList<>(); Set filterSet = new HashSet<>(); From f240176451b5df4087713fdb05a91c314131a0d5 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Fri, 3 Nov 2023 09:42:22 +0800 Subject: [PATCH 08/27] =?UTF-8?q?refactor(permission-check):=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E6=97=A5=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 691ee698..d963818f 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -534,7 +534,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { result.setWorkspaceId(req.getWorkspaceId()); //code查询权限点信息 - log.info("------trace-L-I-F-P---->"); List features = permissionPointService.listNodeWithChildrenByCode(req.getFeatureCode(), req.getTerminal()); Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); log.info("------trace-L-I-F-P----> features need to check:{}", featureIds); @@ -589,7 +588,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { //查询OU-工作台下的角色-含superAdmin List roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType()); - log.info("------trace-L-I-F-P---->"); List roleIds = roleList.stream().map(SaasRole::getId).collect(Collectors.toList()); log.info("------trace-L-I-F-P----> roles from ou-workspace:{}", roleIds); if (CollectionUtil.isEmpty(roleList)) { From 3872f8cd008a9a1653a87b7d3f23a4016ff23400 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Fri, 3 Nov 2023 10:09:30 +0800 Subject: [PATCH 09/27] =?UTF-8?q?refactor(permission-check):=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E6=97=A5=E5=BF=97+1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java index 87ec7290..44b9705d 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java @@ -126,8 +126,7 @@ public class SaasRoleVO { } } - log.info("+======permissionPoint: {}", permissionPoint); - return new ArrayList<>((Collection) permissionPoint); + return new ArrayList<>(permissionPoint); } private boolean match(boolean isMatch, Set source, Collection target, Long scopeId, Long workspaceId) { @@ -138,6 +137,7 @@ public class SaasRoleVO { source.addAll(target); return true; } + log.warn("------trace-L-I-F-P----> not match permission scope:{}", scopeId); return false; } } From 1227e0a94fd0770019c6193a4f648d357fd720c0 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Fri, 3 Nov 2023 11:52:43 +0800 Subject: [PATCH 10/27] =?UTF-8?q?refactor(permission-tree):=20=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E6=94=AF=E6=8C=81=E6=98=AF=E5=90=A6=E8=BF=87=E6=BB=A4?= =?UTF-8?q?=E5=AD=90=E8=8A=82=E7=82=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../model/permission/PermissionPointTreeQueryReq.java | 3 +++ .../server/service/impl/PermissionPointServiceImpl.java | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/permission/PermissionPointTreeQueryReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/permission/PermissionPointTreeQueryReq.java index 231b78a4..6506f93b 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/permission/PermissionPointTreeQueryReq.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/permission/PermissionPointTreeQueryReq.java @@ -48,4 +48,7 @@ public class PermissionPointTreeQueryReq { /** featureType 层级过滤-过滤掉featureType大于该值的数据 **/ private Integer maxFeatureType; + + /** 节点匹配后是否继续匹配子节点 **/ + private boolean fiterChildren = false; } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java index c891cabb..a67e6457 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java @@ -243,13 +243,14 @@ public class PermissionPointServiceImpl implements PermissionPointService { //条件匹配 - ID boolean matchId = CollectionUtil.isEmpty(request.getIds()) || request.getIds().contains(node.getPermissionPointId()); - if (matchKeyword && matchDelegateType && matchId) { - //如果匹配直接返回,否则过滤子节点 + boolean matched = matchKeyword && matchDelegateType && matchId; + if (matched && !request.isFiterChildren()) { + //如果匹配且不需要过滤子节点,直接返回,否则过滤子节点 return true; } if (CollectionUtil.isEmpty(node.getChildren())) { - return false; + return matched; } //过滤子节点 - 递归 - 必要时改为循环 List filterChildren = node.getChildren().stream() From aa2a098e78a41fab40f184220b11c41d24fcdc3d Mon Sep 17 00:00:00 2001 From: zhansihu Date: Fri, 3 Nov 2023 12:04:18 +0800 Subject: [PATCH 11/27] =?UTF-8?q?refactor(permission-tree):=20=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E6=94=AF=E6=8C=81=E6=98=AF=E5=90=A6=E8=BF=87=E6=BB=A4?= =?UTF-8?q?=E5=AD=90=E8=8A=82=E7=82=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/service/impl/PermissionPointServiceImpl.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java index a67e6457..d461cbf8 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java @@ -256,11 +256,11 @@ public class PermissionPointServiceImpl implements PermissionPointService { List filterChildren = node.getChildren().stream() .filter(x -> recursionFilter(request, x)) .collect(Collectors.toList()); - - if (CollectionUtil.isEmpty(filterChildren)) { - return false; - } + //重置子节点 node.setChildren(filterChildren); + if (CollectionUtil.isEmpty(filterChildren)) { + return matched; + } return true; } From c900dce3394f4751be7767db9eb7319d77db00e6 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Tue, 7 Nov 2023 17:35:37 +0800 Subject: [PATCH 12/27] =?UTF-8?q?fix(listIdentity):=20=E8=A1=A5=E5=85=85?= =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E6=9D=A1=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/service/impl/ProductFeatureRelationServiceImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java index c9f6d499..11a3788b 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java @@ -156,7 +156,8 @@ public class ProductFeatureRelationServiceImpl implements ProductFeatureRelation .in(CollectionUtil.isNotEmpty(condition.getProductIds()), SaasProductModuleFeatureRelation::getProductModuleId, condition.getProductIds()) .eq(Objects.nonNull(condition.getWorkspaceJoinType()), - SaasProductModuleFeatureRelation::getDictCode, condition.getWorkspaceJoinType()); + SaasProductModuleFeatureRelation::getDictCode, condition.getWorkspaceJoinType()) + .in(CollectionUtil.isNotEmpty(condition.getFeatureIds()), SaasProductModuleFeatureRelation::getFeatureId, condition.getFeatureIds()); return this.saasProductModuleFeatureRelationDao.list(wrapper); } From ea3cf99883b511f7b3de53d49de3fdc944d67da8 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Wed, 8 Nov 2023 13:38:23 +0800 Subject: [PATCH 13/27] =?UTF-8?q?fix(listIdentity):=20=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E6=9D=83=E9=99=90=E5=A2=9E=E5=8A=A0=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/tyr/server/service/SaasRoleUserService.java | 2 +- .../java/cn/axzo/tyr/server/service/impl/RoleUserService.java | 3 ++- .../axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java index 2b0c4771..2a0335bf 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java @@ -63,7 +63,7 @@ public interface SaasRoleUserService { */ List batchSuperAdminList(List param); - List listByRoleIds(List roleIds, Long workspaceId); + List listByRoleIds(List roleIds, Long ouId, Long workspaceId); /** * 删除单位参与的工作台的所有的人员与角色。 目前主要是用于移除参与单位的地方 diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java index 4048d97c..46108f1b 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java @@ -227,11 +227,12 @@ public class RoleUserService implements SaasRoleUserService { } @Override - public List listByRoleIds(List roleIds, Long workspaceId) { + public List listByRoleIds(List roleIds, Long ouId, Long workspaceId) { if (CollectionUtil.isEmpty(roleIds)) { return new ArrayList<>(); } return roleUserRelationDao.list(new LambdaQueryWrapper() + .eq(SaasRoleUserRelation::getOuId, ouId) .eq(SaasRoleUserRelation::getWorkspaceId, workspaceId) .in(SaasRoleUserRelation::getRoleId, roleIds)); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index d963818f..7399d88b 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -625,7 +625,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { return Collections.emptyList(); } - List relationList = roleUserService.listByRoleIds(matchedRoleIds, workspaceId); + List relationList = roleUserService.listByRoleIds(matchedRoleIds, ouId, workspaceId); //构建用户-去重(identityId-identityType) List users = new ArrayList<>(); Set filterSet = new HashSet<>(); From 5918b1b308dcbd04c5a42364e24ecfb7cdd94f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=87=91=E6=B5=B7=E6=B4=8B?= Date: Fri, 10 Nov 2023 10:58:34 +0800 Subject: [PATCH 14/27] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E7=9A=84=E6=9D=83=E9=99=90=E7=A0=81=E4=B9=9F=E8=83=BD=E6=9F=A5?= =?UTF-8?q?=E5=88=B0=E4=BA=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/impl/TyrSaasAuthServiceImpl.java | 32 ++++--------------- 1 file changed, 6 insertions(+), 26 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 7399d88b..1d2bd05e 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -15,25 +15,12 @@ import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest; import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode; import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq; import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO; -import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq; -import cn.axzo.tyr.client.model.req.IdentityAuthReq; -import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq; -import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq; -import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq; -import cn.axzo.tyr.client.model.req.OUWorkspacePair; -import cn.axzo.tyr.client.model.req.QuerySaasRoleReq; +import cn.axzo.tyr.client.model.req.*; import cn.axzo.tyr.client.model.res.IdentityAuthRes; import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp; import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp; import cn.axzo.tyr.client.model.vo.SaasRoleVO; -import cn.axzo.tyr.server.repository.entity.ProductFeatureInfo; -import cn.axzo.tyr.server.repository.entity.ProductFeatureQuery; -import cn.axzo.tyr.server.repository.entity.RolePermission; -import cn.axzo.tyr.server.repository.entity.SaasFeature; -import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation; -import cn.axzo.tyr.server.repository.entity.SaasRole; -import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation; -import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser; +import cn.axzo.tyr.server.repository.entity.*; import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper; import cn.axzo.tyr.server.service.PermissionPointService; import cn.axzo.tyr.server.service.ProductFeatureRelationService; @@ -48,7 +35,6 @@ import cn.hutool.core.date.StopWatch; import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.StrUtil; import cn.hutool.json.JSONUtil; -import com.alibaba.fastjson.JSON; import com.google.common.collect.Lists; import lombok.Data; import lombok.RequiredArgsConstructor; @@ -57,16 +43,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Service; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Objects; -import java.util.Optional; -import java.util.Set; +import java.util.*; import java.util.concurrent.CompletableFuture; import java.util.concurrent.Executor; import java.util.concurrent.TimeUnit; @@ -535,6 +512,9 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { //code查询权限点信息 List features = permissionPointService.listNodeWithChildrenByCode(req.getFeatureCode(), req.getTerminal()); + if (CollectionUtil.isEmpty(features)) { + return result; + } Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); log.info("------trace-L-I-F-P----> features need to check:{}", featureIds); //权限匹配 - 工作台是否有指定权限 From 66327320a9db93b325868390f4fc3891603780c0 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 11:06:27 +0800 Subject: [PATCH 15/27] =?UTF-8?q?refactor(listIdentity):=20=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0stopwatch=EF=BC=9B=E8=B0=83=E6=95=B4=E7=BA=BF=E7=A8=8B?= =?UTF-8?q?=E6=B1=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tyr/server/config/ExecutorConfig.java | 8 +++----- .../impl/PermissionPointServiceImpl.java | 2 +- .../service/impl/TyrSaasAuthServiceImpl.java | 20 ++++++++++++++++++- 3 files changed, 23 insertions(+), 7 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java index 758d0048..7bcccf63 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java @@ -24,11 +24,9 @@ public class ExecutorConfig { @Bean public ExecutorService authExecutor() { new ThreadPoolExecutor.CallerRunsPolicy(); - int coreSize = Runtime.getRuntime() - .availableProcessors() < 4 ? Runtime.getRuntime().availableProcessors() * 4 - : Runtime.getRuntime().availableProcessors(); - ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, coreSize * 4, 60, TimeUnit.SECONDS, - new ArrayBlockingQueue<>(1), r -> new Thread(r, "TYR-AUTH-EXECUTOR"), new ThreadPoolExecutor.CallerRunsPolicy() { + int coreSize = 5; + ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, 20, 60, TimeUnit.SECONDS, + new ArrayBlockingQueue<>(100), r -> new Thread(r, "TYR-AUTH-EXECUTOR"), new ThreadPoolExecutor.CallerRunsPolicy() { @Override public void rejectedExecution(Runnable r, ThreadPoolExecutor executor) { log.warn("auth executor rejected , use caller runs"); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java index d461cbf8..2f2c660a 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java @@ -568,7 +568,7 @@ public class PermissionPointServiceImpl implements PermissionPointService { List currentFeatrureList = saasFeatureDao.list(new LambdaQueryWrapper() .eq(SaasFeature::getFeatureCode, featureCode) .eq(StrUtil.isNotBlank(terminal), SaasFeature::getTerminal, terminal)); - //button过滤减少查询 + //button过滤-如果全是按钮则不查子级 Set pathsWithoutButton = currentFeatrureList.stream() .filter(f -> !BUTTON.sameCode(f.getFeatureType())) .map(SaasFeature::getPath) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 1d2bd05e..b7226831 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -510,15 +510,21 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { result.setOuId(req.getOuId()); result.setWorkspaceId(req.getWorkspaceId()); + StopWatch watch = StopWatch.create("listIdentityFromPermission"); //code查询权限点信息 + watch.start("listNodeWithChildrenByCode"); List features = permissionPointService.listNodeWithChildrenByCode(req.getFeatureCode(), req.getTerminal()); + watch.stop(); if (CollectionUtil.isEmpty(features)) { + log.warn("------trace-L-I-F-P----> no features found for:{}", req.getFeatureCode()); return result; } Set featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet()); log.info("------trace-L-I-F-P----> features need to check:{}", featureIds); //权限匹配 - 工作台是否有指定权限 + watch.start("matchWorkspaceFeature"); Set matchedFeatureIds = matchWorkspaceFeature(req.getWorkspaceId(), req.getWorkspaceJoinType(), featureIds); + watch.stop(); if (CollectionUtil.isEmpty(matchedFeatureIds)) { log.warn("------trace-L-I-F-P----> no matched feature in workspace"); return result; @@ -537,7 +543,10 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { } //从相关角色查询用户-超管和普通角色 + watch.start("getUsersFromRole"); List users = getUsersFromRole(req, matchedFeatureIds); + watch.stop(); + watch.prettyPrint(TimeUnit.MILLISECONDS); result.setUsers(users); return result; } @@ -565,9 +574,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { private List getUsersFromRole(ListIdentityFromPermissionReq req, Set featureIds) { Long ouId = req.getOuId(); Long workspaceId = req.getWorkspaceId(); - + StopWatch watch = StopWatch.create("getUsersFromRole"); //查询OU-工作台下的角色-含superAdmin + watch.start("listForOUWorkspace"); List roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType()); + watch.stop(); List roleIds = roleList.stream().map(SaasRole::getId).collect(Collectors.toList()); log.info("------trace-L-I-F-P----> roles from ou-workspace:{}", roleIds); if (CollectionUtil.isEmpty(roleList)) { @@ -576,9 +587,12 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { } //查询角色及权限 + watch.start("roleService.getByIds"); List rolePermissions = roleService.getByIds(roleIds, null, Lists.newArrayList(workspaceId), Lists.newArrayList(ouId), true); + watch.stop(); //计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色 + watch.start("filterMatchFeature"); List matchedRoleList = new ArrayList<>(); for (SaasRoleVO rolePermission : rolePermissions) { List filterFeature = rolePermission.getMatchFeature(workspaceId, ouId); @@ -589,8 +603,10 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { log.info("------trace-L-I-F-P----> not matched role:{}", rolePermission.getId()); } } + watch.stop(); //查询角色下用户 + watch.start("roleUserService.listByRoleIds"); List matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList()); //追加工作台超管 Set superAdmins = roleList @@ -606,6 +622,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { } List relationList = roleUserService.listByRoleIds(matchedRoleIds, ouId, workspaceId); + watch.stop(); //构建用户-去重(identityId-identityType) List users = new ArrayList<>(); Set filterSet = new HashSet<>(); @@ -618,6 +635,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { users.add(user); } } + watch.prettyPrint(TimeUnit.MILLISECONDS); return users; } From 390ae73f50a73c4132174c47c05f9d8a51dba201 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 13:49:19 +0800 Subject: [PATCH 16/27] =?UTF-8?q?refactor(listIdentity):=20=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0stopwatch=EF=BC=9B=E8=B0=83=E6=95=B4=E7=BA=BF=E7=A8=8B?= =?UTF-8?q?=E6=B1=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/tyr/server/config/ExecutorConfig.java | 4 ++-- .../tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 9 ++++++++- .../java/cn/axzo/tyr/server/permission/SimpleTest.java | 3 +++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java index 7bcccf63..ecda477a 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java @@ -25,8 +25,8 @@ public class ExecutorConfig { public ExecutorService authExecutor() { new ThreadPoolExecutor.CallerRunsPolicy(); int coreSize = 5; - ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, 20, 60, TimeUnit.SECONDS, - new ArrayBlockingQueue<>(100), r -> new Thread(r, "TYR-AUTH-EXECUTOR"), new ThreadPoolExecutor.CallerRunsPolicy() { + ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, 30, 60, TimeUnit.SECONDS, + new ArrayBlockingQueue<>(50), r -> new Thread(r, "TYR-AUTH-EXECUTOR"), new ThreadPoolExecutor.CallerRunsPolicy() { @Override public void rejectedExecution(Runnable r, ThreadPoolExecutor executor) { log.warn("auth executor rejected , use caller runs"); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index b7226831..af03bf0d 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -642,10 +642,16 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { @Override public List batchListIdentityFromPermission(List reqList) { //异步处理 + StopWatch watch = StopWatch.create("batchListIdentityFromPermission"); List> futureList = new ArrayList<>(); for (ListIdentityFromPermissionReq req : reqList) { CompletableFuture future = CompletableFuture.supplyAsync( - () -> this.listIdentityFromPermission(req), executor); + () -> { + watch.start("batchListIdentityFromPermission-task-" + req.getFeatureCode()); + ListIdentityFromPermissionResp resp = this.listIdentityFromPermission(req); + watch.stop(); + return resp; + }, executor); futureList.add(future); } @@ -653,6 +659,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { for (CompletableFuture future : futureList) { result.add(future.join()); } + watch.prettyPrint(TimeUnit.MILLISECONDS); return result; } diff --git a/tyr-server/src/test/java/cn/axzo/tyr/server/permission/SimpleTest.java b/tyr-server/src/test/java/cn/axzo/tyr/server/permission/SimpleTest.java index 6f379ddc..5b27c8d6 100644 --- a/tyr-server/src/test/java/cn/axzo/tyr/server/permission/SimpleTest.java +++ b/tyr-server/src/test/java/cn/axzo/tyr/server/permission/SimpleTest.java @@ -1,8 +1,11 @@ package cn.axzo.tyr.server.permission; import cn.axzo.tyr.client.model.permission.PermissionPointVO; +import cn.hutool.core.date.StopWatch; import org.junit.Test; +import java.util.concurrent.TimeUnit; + /** * @version V1.0 * @author: ZhanSiHu From fbc10c2323c3735c6b519e154dedef003628cedd Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 14:07:00 +0800 Subject: [PATCH 17/27] =?UTF-8?q?refactor(listIdentity):=20=E6=97=B6?= =?UTF-8?q?=E9=97=B4=E5=88=86=E6=AE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index af03bf0d..33d73507 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -643,22 +643,26 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { public List batchListIdentityFromPermission(List reqList) { //异步处理 StopWatch watch = StopWatch.create("batchListIdentityFromPermission"); + watch.start("addFeature"); List> futureList = new ArrayList<>(); for (ListIdentityFromPermissionReq req : reqList) { CompletableFuture future = CompletableFuture.supplyAsync( () -> { - watch.start("batchListIdentityFromPermission-task-" + req.getFeatureCode()); + long start = System.currentTimeMillis(); ListIdentityFromPermissionResp resp = this.listIdentityFromPermission(req); - watch.stop(); + log.info("------trace-B-L-I-F-P----> task cost:{}", System.currentTimeMillis() - start); return resp; }, executor); futureList.add(future); } + watch.stop(); List result = new ArrayList<>(); + watch.start("collectResult"); for (CompletableFuture future : futureList) { result.add(future.join()); } + watch.stop(); watch.prettyPrint(TimeUnit.MILLISECONDS); return result; From 54b2ecf0308a03ff1e3aa017bd18a9e4a23ea205 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 14:07:57 +0800 Subject: [PATCH 18/27] =?UTF-8?q?refactor(listIdentity):=20=E6=97=B6?= =?UTF-8?q?=E9=97=B4=E5=88=86=E6=AE=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 33d73507..fbe05160 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -650,7 +650,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { () -> { long start = System.currentTimeMillis(); ListIdentityFromPermissionResp resp = this.listIdentityFromPermission(req); - log.info("------trace-B-L-I-F-P----> task cost:{}", System.currentTimeMillis() - start); + log.info("------trace-B-L-I-F-P----> code:{},task cost:{}", req.getFeatureCode(), System.currentTimeMillis() - start); return resp; }, executor); futureList.add(future); From a354d44b39cca1d6cef42685e0c9cbd760d7b37e Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 16:13:58 +0800 Subject: [PATCH 19/27] =?UTF-8?q?refactor(listIdentity):=20=E8=B0=83?= =?UTF-8?q?=E6=95=B4=E8=AE=A1=E6=97=B6=EF=BC=9Btrace=E8=B7=A8=E7=BA=BF?= =?UTF-8?q?=E7=A8=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/impl/TyrSaasAuthServiceImpl.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index fbe05160..f2490cd0 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -4,6 +4,7 @@ import cn.axzo.basics.common.BeanMapper; import cn.axzo.basics.common.util.AssertUtil; import cn.axzo.framework.domain.ServiceException; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; +import cn.axzo.pokonyan.util.TraceSupplier; import cn.axzo.thrones.client.saas.ServicePkgClient; import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct; import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes; @@ -643,16 +644,15 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { public List batchListIdentityFromPermission(List reqList) { //异步处理 StopWatch watch = StopWatch.create("batchListIdentityFromPermission"); - watch.start("addFeature"); + watch.start("addFuture"); List> futureList = new ArrayList<>(); for (ListIdentityFromPermissionReq req : reqList) { - CompletableFuture future = CompletableFuture.supplyAsync( - () -> { - long start = System.currentTimeMillis(); - ListIdentityFromPermissionResp resp = this.listIdentityFromPermission(req); - log.info("------trace-B-L-I-F-P----> code:{},task cost:{}", req.getFeatureCode(), System.currentTimeMillis() - start); - return resp; - }, executor); + long start = System.currentTimeMillis(); + CompletableFuture future = CompletableFuture.supplyAsync(TraceSupplier.create(() -> { + ListIdentityFromPermissionResp resp = this.listIdentityFromPermission(req); + log.info("------trace-B-L-I-F-P----> code:{},task cost:{}", req.getFeatureCode(), System.currentTimeMillis() - start); + return resp; + }), executor); futureList.add(future); } watch.stop(); From 39a89c9f22e2554af9ec14b2c83f7daa59fbf34b Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 16:29:24 +0800 Subject: [PATCH 20/27] =?UTF-8?q?refactor(listIdentity):=20=E7=BA=BF?= =?UTF-8?q?=E7=A8=8B=E6=B1=A0=E5=91=BD=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../main/java/cn/axzo/tyr/server/config/ExecutorConfig.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java index ecda477a..ea3d2321 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java @@ -1,5 +1,6 @@ package cn.axzo.tyr.server.config; +import cn.hutool.core.thread.NamedThreadFactory; import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -26,7 +27,7 @@ public class ExecutorConfig { new ThreadPoolExecutor.CallerRunsPolicy(); int coreSize = 5; ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, 30, 60, TimeUnit.SECONDS, - new ArrayBlockingQueue<>(50), r -> new Thread(r, "TYR-AUTH-EXECUTOR"), new ThreadPoolExecutor.CallerRunsPolicy() { + new ArrayBlockingQueue<>(50), new NamedThreadFactory("TYR-AUTH-EXECUTOR", false), new ThreadPoolExecutor.CallerRunsPolicy() { @Override public void rejectedExecution(Runnable r, ThreadPoolExecutor executor) { log.warn("auth executor rejected , use caller runs"); From 666b9344b79e61736a8273148472fc921edf27ac Mon Sep 17 00:00:00 2001 From: zhansihu Date: Mon, 13 Nov 2023 17:08:11 +0800 Subject: [PATCH 21/27] =?UTF-8?q?refactor(listIdentity):=20=E7=BA=BF?= =?UTF-8?q?=E7=A8=8B=E6=B1=A0=E5=91=BD=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java index ea3d2321..774b1a55 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/config/ExecutorConfig.java @@ -27,7 +27,7 @@ public class ExecutorConfig { new ThreadPoolExecutor.CallerRunsPolicy(); int coreSize = 5; ThreadPoolExecutor executor = new ThreadPoolExecutor(coreSize, 30, 60, TimeUnit.SECONDS, - new ArrayBlockingQueue<>(50), new NamedThreadFactory("TYR-AUTH-EXECUTOR", false), new ThreadPoolExecutor.CallerRunsPolicy() { + new ArrayBlockingQueue<>(50), new NamedThreadFactory("TYR-AUTH-EXECUTOR-", false), new ThreadPoolExecutor.CallerRunsPolicy() { @Override public void rejectedExecution(Runnable r, ThreadPoolExecutor executor) { log.warn("auth executor rejected , use caller runs"); From 4dfb9efbf8c5202ae01ab78ae3723d92d8ef1450 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Tue, 14 Nov 2023 17:06:59 +0800 Subject: [PATCH 22/27] =?UTF-8?q?feat(role-user):=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E8=A7=92=E8=89=B2=E7=94=A8=E6=88=B7=E5=88=86=E9=A1=B5=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tyr/client/feign/TyrSaasRoleUserApi.java | 6 +++ .../model/roleuser/req/RoleUserParam.java | 3 +- .../roleuser/RoleUserController.java | 6 +++ .../service/SaasRoleUserRelationService.java | 3 ++ .../impl/SaasRoleUserRelationServiceImpl.java | 47 +++++++++++++++---- 5 files changed, 54 insertions(+), 11 deletions(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java index 1aeb1884..130bd8c2 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java @@ -1,5 +1,7 @@ package cn.axzo.tyr.client.feign; +import cn.axzo.basics.common.page.PageRequest; +import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO; import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp; @@ -68,4 +70,8 @@ public interface TyrSaasRoleUserApi { @PostMapping("/api/saas-role-user/batch-super-admin-list") ApiResult> batchSuperAdminList(@RequestBody @Valid List param); + /** 分页查询角色用户数据 多条件 最大分页100**/ + @PostMapping("/api/saas-role-user/page") + ApiPageResult pageQuery(@RequestBody @Valid RoleUserParam param); + } diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java index 312670cc..22dc33af 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java @@ -1,5 +1,6 @@ package cn.axzo.tyr.client.model.roleuser.req; +import cn.axzo.basics.common.page.PageRequest; import cn.axzo.tyr.client.model.enums.IdentityType; import lombok.AllArgsConstructor; import lombok.Builder; @@ -16,7 +17,7 @@ import java.util.Set; @Builder @AllArgsConstructor @NoArgsConstructor -public class RoleUserParam { +public class RoleUserParam extends PageRequest { /** * 工作台id */ diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java index 84d43554..c941ff53 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java @@ -1,5 +1,6 @@ package cn.axzo.tyr.server.controller.roleuser; +import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.feign.TyrSaasRoleUserApi; import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO; @@ -75,4 +76,9 @@ public class RoleUserController implements TyrSaasRoleUserApi { } return ApiResult.ok(saasRoleUserService.batchSuperAdminList(param)); } + + @Override + public ApiPageResult pageQuery(RoleUserParam param) { + return ApiPageResult.ok(saasRoleUserRelationService.pageQuery(param)); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java index bbab71d6..b757d02d 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java @@ -1,5 +1,6 @@ package cn.axzo.tyr.server.service; +import cn.axzo.framework.domain.page.PageResp; import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO; import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam; @@ -11,4 +12,6 @@ import java.util.List; */ public interface SaasRoleUserRelationService { List list(RoleUserParam param); + + PageResp pageQuery(RoleUserParam param); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java index c980d89c..71721883 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java @@ -1,6 +1,8 @@ package cn.axzo.tyr.server.service.impl; +import cn.axzo.basics.common.BeanMapper; import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum; +import cn.axzo.framework.domain.page.PageResp; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO; import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam; @@ -11,6 +13,9 @@ import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation; import cn.axzo.tyr.server.service.SaasRoleUserRelationService; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.collection.CollectionUtil; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper; +import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; @@ -39,16 +44,8 @@ public class SaasRoleUserRelationServiceImpl implements SaasRoleUserRelationServ @Override public List list(RoleUserParam param) { // TODO jhy 角色查询 需要验证标准角色和自定义角色的查询逻辑 - List saasRoleUserRelations = saasRoleUserRelationDao.lambdaQuery() - .eq(Objects.nonNull(param.getIdentityId()), SaasRoleUserRelation::getIdentityId, param.getIdentityId()) - .eq(Objects.nonNull(param.getIdentityType()), SaasRoleUserRelation::getIdentityType, param.getIdentityType()) - .eq(Objects.nonNull(param.getWorkspaceId()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId()) - .eq(Objects.nonNull(param.getOuId()), SaasRoleUserRelation::getOuId, param.getOuId()) - .in(CollectionUtil.isNotEmpty(param.getRoleIds()), SaasRoleUserRelation::getRoleId, param.getRoleIds()) - .in(CollectionUtil.isNotEmpty(param.getIdentityIds()), SaasRoleUserRelation::getIdentityId, param.getIdentityIds()) - .eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value) - .last("LIMIT 1000") - .list(); + LambdaQueryChainWrapper wrapper = buildWrapper(param); + List saasRoleUserRelations = wrapper.last("LIMIT 1000").list(); if (CollectionUtil.isEmpty(saasRoleUserRelations)) { return Collections.emptyList(); } @@ -66,4 +63,34 @@ public class SaasRoleUserRelationServiceImpl implements SaasRoleUserRelationServ return userRole; }).collect(Collectors.toList()); } + + private LambdaQueryChainWrapper buildWrapper(RoleUserParam param) { + return saasRoleUserRelationDao.lambdaQuery() + .eq(Objects.nonNull(param.getIdentityId()), SaasRoleUserRelation::getIdentityId, param.getIdentityId()) + .eq(Objects.nonNull(param.getIdentityType()), SaasRoleUserRelation::getIdentityType, param.getIdentityType()) + .eq(Objects.nonNull(param.getWorkspaceId()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId()) + .eq(Objects.nonNull(param.getOuId()), SaasRoleUserRelation::getOuId, param.getOuId()) + .in(CollectionUtil.isNotEmpty(param.getRoleIds()), SaasRoleUserRelation::getRoleId, param.getRoleIds()) + .in(CollectionUtil.isNotEmpty(param.getIdentityIds()), SaasRoleUserRelation::getIdentityId, param.getIdentityIds()) + .eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value); + } + + @Override + public PageResp pageQuery(RoleUserParam param) { + //限制分页100 + if (param.getPageSize() != null && param.getPageSize().compareTo(200L) > 0) { + param.setPageSize(100L); + } + //查询条件构造 - ID升序 + LambdaQueryChainWrapper wrapper = buildWrapper(param) + .orderByAsc(SaasRoleUserRelation::getId); + IPage page = wrapper.page(param.toPage()); + if (CollectionUtil.isEmpty(page.getRecords())) { + return PageResp.zero(param.getPage(), param.getPageSize()); + } + List list = page.getRecords().stream() + .map(r -> BeanMapper.copyBean(r, SaasRoleUserDTO.class)) + .collect(Collectors.toList()); + return PageResp.list(param.getPage(), param.getPageSize(), page.getTotal(), list); + } } From eb0fa082eb531f8f236e6b0283690c6d851bd6f7 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Wed, 15 Nov 2023 14:01:23 +0800 Subject: [PATCH 23/27] =?UTF-8?q?feat(base-dict):=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AD=97=E5=85=B8=E7=B1=BB=E5=9E=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/tyr/client/model/enums/DictTypeFiledEnum.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/DictTypeFiledEnum.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/DictTypeFiledEnum.java index 2e803d2a..2010ace3 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/DictTypeFiledEnum.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/DictTypeFiledEnum.java @@ -28,7 +28,8 @@ public enum DictTypeFiledEnum { /** * 工作台 */ - WORKSPACE("workspace","工作台") + WORKSPACE("workspace","工作台"), + IDENTITY("identity","身份"), ; @EnumValue From ebd693a7816fd0381655ac50df694743905a5bcb Mon Sep 17 00:00:00 2001 From: zhansihu Date: Wed, 15 Nov 2023 17:22:05 +0800 Subject: [PATCH 24/27] =?UTF-8?q?feat(base-dict):=20=E5=AD=97=E5=85=B8?= =?UTF-8?q?=E5=8F=82=E6=95=B0=E6=8F=8F=E8=BF=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../axzo/tyr/client/model/dict/response/BasicDictNodeResp.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/dict/response/BasicDictNodeResp.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/dict/response/BasicDictNodeResp.java index e96801db..6a3acf18 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/dict/response/BasicDictNodeResp.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/dict/response/BasicDictNodeResp.java @@ -22,7 +22,7 @@ public class BasicDictNodeResp { private String workspaceType; /** - * 类型,"ouType", "terminal" + * 类型,"ouType", "terminal" identity */ private String type; From 0c69e67c09d02f7b7ce6229a00d7c1a1e9333afb Mon Sep 17 00:00:00 2001 From: TanJ Date: Thu, 16 Nov 2023 17:09:04 +0800 Subject: [PATCH 25/27] =?UTF-8?q?feat(1609):=20=E5=B7=A5=E4=BD=9C=E5=8F=B0?= =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E8=A7=92=E8=89=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../axzo/tyr/client/feign/TyrSaasRoleApi.java | 11 +++++ .../client/model/vo/SaasRoleAndGroupVO.java | 31 +++++++++++++ .../controller/role/SaasRoleController.java | 6 +++ .../dao/SaasRoleGroupRelationDao.java | 6 +++ .../axzo/tyr/server/service/RoleService.java | 4 ++ .../server/service/impl/RoleServiceImpl.java | 44 +++++++++++++++++++ 6 files changed, 102 insertions(+) create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleAndGroupVO.java diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java index c8d2eff3..dc37b8d5 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java @@ -10,6 +10,7 @@ import cn.axzo.tyr.client.model.res.IsSuperAdminRes; import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes; import cn.axzo.tyr.client.model.res.QueryRoleByNameResp; import cn.axzo.tyr.client.model.res.RoleWithUserRes; +import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; import org.springframework.cloud.openfeign.FeignClient; @@ -90,4 +91,14 @@ public interface TyrSaasRoleApi { @PostMapping("/api/saasRole/queryWithUser") ApiPageResult queryRoleWithUser(@RequestBody RoleWithUserQueryReq req); + + + /** + * + * 通过工作台类型获取对应的标准角 + * + * */ + @GetMapping("/api/saasRole/queryByWorkspaceType") + ApiResult> queryInitRoleByWorkspaceId(@RequestParam ("workspaceType")String workspaceType); + } diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleAndGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleAndGroupVO.java new file mode 100644 index 00000000..2144adeb --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleAndGroupVO.java @@ -0,0 +1,31 @@ +package cn.axzo.tyr.client.model.vo; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +/** + * @author tanjie@axzo.cn + * @date 2023/11/16 16:25 + */ +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +public class SaasRoleAndGroupVO { + /** + * 单位类型CODE + */ + private String ouTypeCode; + /** + * 单位类型名称 + */ + private String ouTypeName; + /** + * 对应角色,不包括权限 + */ + private List simpleSaasRole; +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java index a4005286..fcea4acc 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java @@ -12,6 +12,7 @@ import cn.axzo.tyr.client.model.res.IsSuperAdminRes; import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes; import cn.axzo.tyr.client.model.res.QueryRoleByNameResp; import cn.axzo.tyr.client.model.res.RoleWithUserRes; +import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; import cn.axzo.tyr.server.service.RoleService; @@ -92,4 +93,9 @@ public class SaasRoleController implements TyrSaasRoleApi { return ApiPageResult.ok(roleService.queryRoleWithUser(req)); } + @Override + public ApiResult> queryInitRoleByWorkspaceId(String workspaceType) { + return ApiResult.ok(roleService.queryInitRoleByWorkspaceId(workspaceType)); + + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupRelationDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupRelationDao.java index c9dd7f87..09908b8a 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupRelationDao.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupRelationDao.java @@ -25,5 +25,11 @@ public class SaasRoleGroupRelationDao extends ServiceImpl getByGroupIds(List groupIds) { + return lambdaQuery().in(SaasRoleGroupRelation::getSaasRoleGroupId, groupIds) + .eq(BaseEntity::getIsDelete, 0) + .list(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java index d75588bc..2c4e0607 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java @@ -7,6 +7,7 @@ import cn.axzo.tyr.client.model.res.IsSuperAdminRes; import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes; import cn.axzo.tyr.client.model.res.QueryRoleByNameResp; import cn.axzo.tyr.client.model.res.RoleWithUserRes; +import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; import cn.axzo.tyr.server.repository.entity.SaasRole; @@ -74,4 +75,7 @@ public interface RoleService { List queryRoleByRoleTypes(QueryByIdentityIdTypeReq req, List roleTypes); List listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType); + + + List queryInitRoleByWorkspaceId(String workspaceType); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java index da45c04a..a70d1723 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java @@ -14,6 +14,7 @@ import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes; import cn.axzo.tyr.client.model.res.QueryRoleByNameResp; import cn.axzo.tyr.client.model.res.RoleWithUserRes; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; @@ -22,6 +23,8 @@ import cn.axzo.tyr.server.repository.entity.*; import cn.axzo.tyr.server.service.*; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.collection.CollectionUtil; +import cn.hutool.core.collection.ListUtil; +import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.google.common.collect.Lists; @@ -540,4 +543,45 @@ public class RoleServiceImpl implements RoleService { return resp; }).collect(Collectors.toList()); } + + @Override + public List queryInitRoleByWorkspaceId(String workspaceType) { + if (StrUtil.isEmpty(workspaceType)) { + return new ArrayList<>(); + } + List query = saasRoleGroupDao.query(QuerySaasRoleGroupReq.builder() + .workspaceTypeCode(ListUtil.of(workspaceType)) + .build()); + + if (CollectionUtils.isEmpty(query)) { + return Collections.emptyList(); + } + + List roleGroupRelation = roleGroupRelationDao.getByGroupIds(query.stream().map(BaseEntity::getId).collect(Collectors.toList())); + if (CollectionUtils.isEmpty(roleGroupRelation)) { + return Collections.emptyList(); + } + Map> groupIdMap = roleGroupRelation.stream().collect(Collectors.groupingBy(SaasRoleGroupRelation::getSaasRoleGroupId)); + + ArrayList result = new ArrayList<>(); + + query.forEach(e->{ + List saasRoleGroupRelations = groupIdMap.get(e.getId()); + if (CollectionUtils.isEmpty(saasRoleGroupRelations)) { + return; + } + + List roles = saasRoleDao.listByIds(saasRoleGroupRelations.stream().map(SaasRoleGroupRelation::getRoleId).collect(Collectors.toList())); + result.add(SaasRoleAndGroupVO.builder() + .ouTypeName(e.getName()) + .ouTypeCode(e.getOuTypeCode()) + .simpleSaasRole(roles.stream().map(role -> SaasRoleVO.builder() + .roleType(role.getRoleType()) + .id(role.getId()) + .name(role.getName()) + .build()).collect(Collectors.toList())) + .build()); + }); + return result; + } } From e1177f20e887049251de3dd02b0fdc6897f1e9c4 Mon Sep 17 00:00:00 2001 From: zhansihu Date: Tue, 21 Nov 2023 17:11:02 +0800 Subject: [PATCH 26/27] =?UTF-8?q?feat(flow):=20=E5=A2=9E=E5=8A=A0=E6=94=AF?= =?UTF-8?q?=E6=8C=81=E5=A4=9Aou=E5=92=8Cworkspace?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/tyr/client/model/req/OUWorkspacePair.java | 2 +- .../axzo/tyr/client/model/roleuser/req/RoleUserParam.java | 7 +++++++ .../service/impl/SaasRoleUserRelationServiceImpl.java | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/OUWorkspacePair.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/OUWorkspacePair.java index ed8ac15d..901d68d8 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/OUWorkspacePair.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/OUWorkspacePair.java @@ -5,7 +5,7 @@ import lombok.Data; import javax.validation.constraints.NotNull; /** - * OU和wokspace对 + * OU和workspace对 * * @version V1.0 * @author: ZhanSiHu diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java index 312670cc..12b1086d 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/RoleUserParam.java @@ -6,6 +6,7 @@ import lombok.Builder; import lombok.Data; import lombok.NoArgsConstructor; +import java.util.List; import java.util.Set; /** @@ -52,4 +53,10 @@ public class RoleUserParam { * identityIds */ private Set identityIds; + + /** ouId列表**/ + private List ouIds; + + /** 工作台ID列表 **/ + private List workspaceIds; } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java index c980d89c..8579e038 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java @@ -44,6 +44,8 @@ public class SaasRoleUserRelationServiceImpl implements SaasRoleUserRelationServ .eq(Objects.nonNull(param.getIdentityType()), SaasRoleUserRelation::getIdentityType, param.getIdentityType()) .eq(Objects.nonNull(param.getWorkspaceId()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId()) .eq(Objects.nonNull(param.getOuId()), SaasRoleUserRelation::getOuId, param.getOuId()) + .in(CollectionUtil.isNotEmpty(param.getOuIds()), SaasRoleUserRelation::getOuId, param.getOuIds()) + .in(CollectionUtil.isNotEmpty(param.getWorkspaceIds()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId()) .in(CollectionUtil.isNotEmpty(param.getRoleIds()), SaasRoleUserRelation::getRoleId, param.getRoleIds()) .in(CollectionUtil.isNotEmpty(param.getIdentityIds()), SaasRoleUserRelation::getIdentityId, param.getIdentityIds()) .eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value) From 7f5bc29ce1547577684756ad07612231902dee86 Mon Sep 17 00:00:00 2001 From: TanJ Date: Thu, 23 Nov 2023 16:53:00 +0800 Subject: [PATCH 27/27] =?UTF-8?q?fix(1609):=20=E6=8E=A5=E5=8F=A3=E5=91=BD?= =?UTF-8?q?=E5=90=8DBUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java index 44b9705d..40e24dcf 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java @@ -65,7 +65,7 @@ public class SaasRoleVO { * * @return */ - public List getFeature() { + public List currentFeature() { return this.permissionGroup.stream().map(SaasPermissionGroupVO::getFeature).flatMap(List::stream).distinct().collect(Collectors.toList()); }