wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: (feature/REQ-2595) 修改权限相关接口支持tags查询

Browse Source
This commit is contained in:
lilong 2024-11-04 15:57:53 +08:00
parent 8bb439593b
commit 0e3aa801fa
9 changed files with 445 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/GetUserHasPermissionPageElementReq.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.client.model.req; package cn.axzo.tyr.client.model.req;
import cn.axzo.tyr.client.model.enums.RolePermissionTagEnum;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Builder; import lombok.Builder;
import lombok.Data; import lombok.Data;
@ -8,6 +9,7 @@ import lombok.NoArgsConstructor;
import javax.validation.constraints.Min; import javax.validation.constraints.Min;
import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import java.util.Set;
/** /**
* @author likunpeng * @author likunpeng
@ -42,4 +44,9 @@ public class GetUserHasPermissionPageElementReq {
@NotNull(message = "租户ID不能为空") @NotNull(message = "租户ID不能为空")
@Min(value = 1, message = "租户ID有误") @Min(value = 1, message = "租户ID有误")
private Long workspaceId; private Long workspaceId;
/**
* 权限标签默认是根据personId在当前项目的状态解析的
*/
private Set<RolePermissionTagEnum> tags;
} }

68
tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateRoleController.java
View File

@ -5,11 +5,11 @@ import cn.axzo.framework.rocketmq.Event;
import cn.axzo.maokai.common.enums.SaasCooperateShipCooperateTypeEnum; import cn.axzo.maokai.common.enums.SaasCooperateShipCooperateTypeEnum;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum; import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum; import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
import cn.axzo.tyr.client.model.enums.PermissionGroupType;
import cn.axzo.tyr.client.model.enums.PermissionType; import cn.axzo.tyr.client.model.enums.PermissionType;
import cn.axzo.tyr.client.model.enums.WorkspaceTypeCodeEnum; import cn.axzo.tyr.client.model.enums.WorkspaceTypeCodeEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq; import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam; import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PagePgroupPermissionRelationReq;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq; import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp; import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO; import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
@ -21,10 +21,11 @@ import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
import cn.axzo.tyr.server.config.MqProducer; import cn.axzo.tyr.server.config.MqProducer;
import cn.axzo.tyr.server.event.payload.RolePermissionCreatedPayload; import cn.axzo.tyr.server.event.payload.RolePermissionCreatedPayload;
import cn.axzo.tyr.server.model.ResourcePermission; import cn.axzo.tyr.server.repository.dao.SaasPermissionGroupDao;
import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao; import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleDao; import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao; import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup;
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation;
import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation; import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation;
import cn.axzo.tyr.server.repository.entity.SaasRole; import cn.axzo.tyr.server.repository.entity.SaasRole;
@ -47,6 +48,7 @@ import com.alibaba.excel.metadata.CellExtra;
import com.google.common.collect.Lists; import com.google.common.collect.Lists;
import com.google.common.collect.Maps; import com.google.common.collect.Maps;
import com.google.common.collect.Sets; import com.google.common.collect.Sets;
import com.google.common.collect.Streams;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.Builder; import lombok.Builder;
import lombok.Data; import lombok.Data;
@ -105,6 +107,8 @@ public class PrivateRoleController {
private SaasPgroupRoleRelationDao saasPgroupRoleRelationDao; private SaasPgroupRoleRelationDao saasPgroupRoleRelationDao;
@Autowired @Autowired
private MqProducer mqProducer; private MqProducer mqProducer;
@Autowired
private SaasPermissionGroupDao saasPermissionGroupDao;
private static final String TARGET_TYPE = "saasFeatureResourceId"; private static final String TARGET_TYPE = "saasFeatureResourceId";
@ -664,6 +668,66 @@ public class PrivateRoleController {
return "ok"; return "ok";
} }
@PostMapping("/api/private/superAdmin/pgroupPermission/init")
public Object createSuperAdminPgroupPermission() {
ListRoleReq listRoleReq = ListRoleReq.builder()
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.build();
List<SaasRoleRes> allSuperAdminRoles = roleService.list(listRoleReq).stream()
.filter(e -> e.getWorkspaceId() == 0L)
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(allSuperAdminRoles)) {
return "ok";
}
Set<Long> hasRoleIds = saasPgroupRoleRelationDao.lambdaQuery()
.in(SaasPgroupRoleRelation::getRoleId, Lists.transform(allSuperAdminRoles, SaasRoleRes::getId))
.list()
.stream()
.map(SaasPgroupRoleRelation::getRoleId)
.collect(Collectors.toSet());
List<SaasRoleRes> initRoles = allSuperAdminRoles.stream()
.filter(role -> !hasRoleIds.contains(role.getId()))
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(initRoles)) {
return "ok";
}
List<SaasPermissionGroup> saasPermissionGroups = initRoles.stream()
.map(role -> {
SaasPermissionGroup saasPermissionGroup = new SaasPermissionGroup();
saasPermissionGroup.setName("通用权限");
saasPermissionGroup.setIsCommon(PermissionGroupType.COMMON.getCode());
saasPermissionGroup.setCreateBy(154587L);
saasPermissionGroup.setCreatorName("王今");
saasPermissionGroup.setUpdateBy(154587L);
saasPermissionGroup.setUpdatorName("王今");
saasPermissionGroup.setType("feature");
return saasPermissionGroup;
})
.collect(Collectors.toList());
saasPermissionGroupDao.saveBatch(saasPermissionGroups);
List<SaasPgroupRoleRelation> saasPgroupRoleRelations = Streams.zip(initRoles.stream(), saasPermissionGroups.stream(),
(role, pgroup) -> {
SaasPgroupRoleRelation saasPgroupRoleRelation = new SaasPgroupRoleRelation();
saasPgroupRoleRelation.setRoleId(role.getId());
saasPgroupRoleRelation.setGroupId(pgroup.getId());
saasPgroupRoleRelation.setCreateBy(154587L);
saasPgroupRoleRelation.setUpdateBy(154587L);
saasPgroupRoleRelation.setCreateAt(new Date());
saasPgroupRoleRelation.setUpdateAt(new Date());
return saasPgroupRoleRelation;
})
.collect(Collectors.toList());
saasPgroupRoleRelationDao.saveBatch(saasPgroupRoleRelations);
return "ok";
}
@Data @Data
@Builder @Builder
@NoArgsConstructor @NoArgsConstructor

4
tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java
View File

@ -25,8 +25,4 @@ public class FilterRoleAuth {
private Long roleId; private Long roleId;
private Long workspaceId; private Long workspaceId;
private Long ouId;
private Set<RolePermissionTagEnum> tags;
} }

53
tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionTagService.java Normal file
View File

@ -0,0 +1,53 @@
package cn.axzo.tyr.server.service;
import cn.axzo.tyr.client.model.enums.RolePermissionTagEnum;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Set;
public interface PermissionTagService {
List<ResolvePermissionDTO> resolvePermissionTag(ResolvePermissionTagParam param);
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class ResolvePermissionTagParam {
private List<PersonPermission> personPermissions;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class PersonPermission {
private Long workspaceId;
private Long ouId;
private Long personId;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class ResolvePermissionDTO {
private Long workspaceId;
private Long ouId;
private Long personId;
private Set<RolePermissionTagEnum> tags;
}
}

44
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java
View File

@ -48,6 +48,7 @@ import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao; import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource; import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import cn.axzo.tyr.server.service.PermissionQueryService; import cn.axzo.tyr.server.service.PermissionQueryService;
import cn.axzo.tyr.server.service.PermissionTagService;
import cn.axzo.tyr.server.service.ProductFeatureRelationService; import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.ProductSaasFeatureResourceCacheService; import cn.axzo.tyr.server.service.ProductSaasFeatureResourceCacheService;
import cn.axzo.tyr.server.service.RoleSaasFeatureResourceCacheService; import cn.axzo.tyr.server.service.RoleSaasFeatureResourceCacheService;
@ -109,6 +110,7 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
private final SaasRoleUserRelationService saasRoleUserRelationService; private final SaasRoleUserRelationService saasRoleUserRelationService;
private final WorkspaceProductService workspaceProductService; private final WorkspaceProductService workspaceProductService;
private final RoleSaasFeatureResourceCacheService roleSaasFeatureResourceCacheService; private final RoleSaasFeatureResourceCacheService roleSaasFeatureResourceCacheService;
private final PermissionTagService permissionTagService;
@Value("${not.auth.uniCodes:}") @Value("${not.auth.uniCodes:}")
private Set<String> notAuthUniCodes; private Set<String> notAuthUniCodes;
@ -715,6 +717,46 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
.orElse(Collections.emptyList()); .orElse(Collections.emptyList());
} }
private void assembleTag(TreePermissionReq treePermissionReq) {
if (CollectionUtils.isEmpty(treePermissionReq.getWorkspaceOUPairs())) {
return;
}
List<WorkspaceOUPair> needResolveTags = treePermissionReq.getWorkspaceOUPairs().stream()
.filter(e -> CollectionUtils.isEmpty(e.getTags()))
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(needResolveTags)) {
return;
}
PermissionTagService.ResolvePermissionTagParam resolvePermissionTagParam = PermissionTagService.ResolvePermissionTagParam.builder()
.personPermissions(needResolveTags.stream()
.map(e -> PermissionTagService.PersonPermission.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.personId(treePermissionReq.getPersonId())
.build())
.collect(Collectors.toList()))
.build();
Map<String, PermissionTagService.ResolvePermissionDTO> resolvePermissions = permissionTagService.resolvePermissionTag(resolvePermissionTagParam).stream()
.collect(Collectors.toMap(e -> e.getOuId() + "_" + e.getWorkspaceId(), Function.identity()));
treePermissionReq.getWorkspaceOUPairs().forEach(e -> {
if (CollectionUtils.isNotEmpty(e.getTags())) {
return;
}
PermissionTagService.ResolvePermissionDTO resolvePermissionDTO = resolvePermissions.get(e.buildKey());
if (Objects.isNull(resolvePermissionDTO)) {
return;
}
e.setTags(resolvePermissionDTO.getTags());
});
}
/** /**
* 用户可能只有子节点的权限但是要构建这个菜单树所以需要先查询这个端的所有菜单然后根据用户的权限找到对应的父节点构建树 * 用户可能只有子节点的权限但是要构建这个菜单树所以需要先查询这个端的所有菜单然后根据用户的权限找到对应的父节点构建树
* @param treePermissionReq * @param treePermissionReq
@ -728,6 +770,8 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
return Collections.emptySet(); return Collections.emptySet();
} }
assembleTag(treePermissionReq);
List<SaasRoleUserV2DTO> saasRoleUsers = listUserPermission(treePermissionReq); List<SaasRoleUserV2DTO> saasRoleUsers = listUserPermission(treePermissionReq);
if (CollectionUtils.isEmpty(saasRoleUsers)) { if (CollectionUtils.isEmpty(saasRoleUsers)) {
return Collections.emptySet(); return Collections.emptySet();

85
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionTagServiceImpl.java Normal file
View File

@ -0,0 +1,85 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.maokai.api.client.OrgUserApi;
import cn.axzo.maokai.api.vo.request.OrgUserListReq;
import cn.axzo.maokai.api.vo.request.WorkspaceOuPair;
import cn.axzo.maokai.api.vo.response.OrgUserRes;
import cn.axzo.maokai.common.enums.OrgUserStatusEnum;
import cn.axzo.tyr.client.model.enums.RolePermissionTagEnum;
import cn.axzo.tyr.server.service.PermissionTagService;
import cn.axzo.tyr.server.utils.RpcInternalUtil;
import com.google.common.collect.Maps;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.compress.utils.Sets;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
@Slf4j
@Service
public class PermissionTagServiceImpl implements PermissionTagService {
@Autowired
private OrgUserApi orgUserApi;
private static final Map<OrgUserStatusEnum, RolePermissionTagEnum> ORG_USER_TAGS = Maps.newHashMap();
static {
// 除了用户在项目下是离场状态要取离场权限其他为了兼容都取在场权限因为人岗架可能会新增状态其他删除这些状态会删除用户角色
ORG_USER_TAGS.put(OrgUserStatusEnum.LEAVE, RolePermissionTagEnum.LEAVE);
}
@Override
public List<ResolvePermissionDTO> resolvePermissionTag(ResolvePermissionTagParam param) {
if (CollectionUtils.isEmpty(param.getPersonPermissions())) {
return Collections.emptyList();
}
List<Long> personIds = param.getPersonPermissions().stream()
.map(PersonPermission::getPersonId)
.collect(Collectors.toList());
List<WorkspaceOuPair> workspaceOuPairs = param.getPersonPermissions().stream()
.map(e -> WorkspaceOuPair.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.build())
.collect(Collectors.toList());
// 因为底层接口实现没有根据personId和workspaceOu去匹配查询可能会多返回数据所以这里要过滤
OrgUserListReq orgUserListReq = OrgUserListReq.builder()
.personIds(personIds)
.ouWorkspacePairs(workspaceOuPairs)
.build();
List<OrgUserRes> orgUserRes = RpcInternalUtil.rpcApiListResultProcessor(() -> orgUserApi.listOrgUser(orgUserListReq),
"查询人员在项目的状态", orgUserListReq).getData();
if (CollectionUtils.isEmpty(orgUserRes)) {
return Collections.emptyList();
}
Set<String> keys = param.getPersonPermissions().stream()
.map(e -> e.getOuId() + "_" + e.getWorkspaceId() + "_" + e.getPersonId())
.collect(Collectors.toSet());
return orgUserRes.stream()
.filter(e -> keys.contains(e.getOuId() + "_" + e.getWorkspaceId() + "_" + e.getPersonId()))
.map(e -> ResolvePermissionDTO.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.personId(e.getPersonId())
.tags(Optional.ofNullable(ORG_USER_TAGS.get(e.getStatus()))
.map(Sets::newHashSet)
.orElseGet(() -> Sets.newHashSet(RolePermissionTagEnum.JOINED)))
.build())
.collect(Collectors.toList());
}
}

8
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementServiceImpl.java
View File

@ -318,9 +318,15 @@ public class SaasPageElementServiceImpl extends ServiceImpl<SaasPageElementMappe
} }
// 过滤用户有权限的featureCodes // 过滤用户有权限的featureCodes
List<IdentityAuthReq.WorkspaceOuPair> workspaceOuPairs = Lists.newArrayList(IdentityAuthReq.WorkspaceOuPair.builder()
.ouId(request.getOuId())
.workspaceId(request.getWorkspaceId())
.tags(request.getTags())
.build());
IdentityAuthRes res = tyrSaasAuthService.findIdentityAuthMix(IdentityAuthReq.builder() IdentityAuthRes res = tyrSaasAuthService.findIdentityAuthMix(IdentityAuthReq.builder()
.personId(request.getPersonId()) .personId(request.getPersonId())
.workspaceOusPairs(Lists.newArrayList(IdentityAuthReq.WorkspaceOuPair.builder().ouId(request.getOuId()).workspaceId(request.getWorkspaceId()).build())) .workspaceOusPairs(workspaceOuPairs)
.terminal(Lists.newArrayList(request.getTerminal())) .terminal(Lists.newArrayList(request.getTerminal()))
.featureCode(resultRelations.stream().map(SaasPageElementFeatureResourceRelation::getPageElementCode).collect(Collectors.toSet())) .featureCode(resultRelations.stream().map(SaasPageElementFeatureResourceRelation::getPageElementCode).collect(Collectors.toSet()))
.build()); .build());

191
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -42,6 +42,7 @@ import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper; import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper; import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
import cn.axzo.tyr.server.service.PermissionPointService; import cn.axzo.tyr.server.service.PermissionPointService;
import cn.axzo.tyr.server.service.PermissionTagService;
import cn.axzo.tyr.server.service.ProductPermissionCacheService; import cn.axzo.tyr.server.service.ProductPermissionCacheService;
import cn.axzo.tyr.server.service.RolePermissionCacheService; import cn.axzo.tyr.server.service.RolePermissionCacheService;
import cn.axzo.tyr.server.service.RoleService; import cn.axzo.tyr.server.service.RoleService;
@ -68,6 +69,7 @@ import lombok.Data;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeanUtils; import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -124,6 +126,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private final FeatureCodeUtil featureCodeUtil; private final FeatureCodeUtil featureCodeUtil;
private final RolePermissionCacheService rolePermissionCacheService; private final RolePermissionCacheService rolePermissionCacheService;
private final SaasRoleUserRelationMapper saasRoleUserRelationMapper; private final SaasRoleUserRelationMapper saasRoleUserRelationMapper;
private final PermissionTagService permissionTagService;
/** /**
* 通过身份查询人员权限 * 通过身份查询人员权限
@ -539,7 +542,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private Set<Long> resolvePermissionAdminLeaveRole(List<SaasRoleRes> adminRoles, private Set<Long> resolvePermissionAdminLeaveRole(List<SaasRoleRes> adminRoles,
List<ProductPermissionCacheService.PermissionDTO> productPermissions, List<ProductPermissionCacheService.PermissionDTO> productPermissions,
ListPermissionUser listPermissionUser, ListPermissionUser listPermissionUser,
Set<Long> featureIds) { Set<Long> featureIds,
Map<Long, List<RolePermissionCacheService.PermissionDTO>> allRolePermissionMap) {
if (CollectionUtil.isEmpty(adminRoles)) { if (CollectionUtil.isEmpty(adminRoles)) {
log.info("no admin roles"); log.info("no admin roles");
@ -557,7 +561,9 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.map(ProductPermissionCacheService.PermissionDTO::getFeatureCode) .map(ProductPermissionCacheService.PermissionDTO::getFeatureCode)
.collect(Collectors.toSet())) .collect(Collectors.toSet()))
.build(); .build();
Map<Long, List<RolePermissionCacheService.PermissionDTO>> adminRolePermissionMap = rolePermissionCacheService.list(listRolePermissionParam); Map<Long, List<RolePermissionCacheService.PermissionDTO>> adminRolePermissionMap = adminRoles.stream()
.filter(e -> allRolePermissionMap.containsKey(e.getId()))
.collect(Collectors.toMap(SaasRoleRes::getId, e -> allRolePermissionMap.get(e.getId())));
Set<Long> adminRoleIds = adminRolePermissionMap.entrySet().stream() Set<Long> adminRoleIds = adminRolePermissionMap.entrySet().stream()
.filter(e -> !CollectionUtils.isEmpty(e.getValue())) .filter(e -> !CollectionUtils.isEmpty(e.getValue()))
@ -598,7 +604,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private Set<Long> resolvePermissionNormalRole(List<SaasRoleRes> allRoles, private Set<Long> resolvePermissionNormalRole(List<SaasRoleRes> allRoles,
ListPermissionUser req, ListPermissionUser req,
List<ProductPermissionCacheService.PermissionDTO> productPermissions, List<ProductPermissionCacheService.PermissionDTO> productPermissions,
Set<Long> featureIds) { Set<Long> featureIds,
Map<Long, List<RolePermissionCacheService.PermissionDTO>> allRolePermissionMap) {
List<SaasRoleRes> normalRoles = allRoles.stream() List<SaasRoleRes> normalRoles = allRoles.stream()
.filter(e -> !RoleTypeEnum.isAdmin(e.getRoleType())) .filter(e -> !RoleTypeEnum.isAdmin(e.getRoleType()))
@ -615,13 +622,9 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.collect(Collectors.groupingBy(ProductPermissionCacheService.PermissionDTO::getFeatureCode, .collect(Collectors.groupingBy(ProductPermissionCacheService.PermissionDTO::getFeatureCode,
Collectors.mapping(ProductPermissionCacheService.PermissionDTO::getCooperateType, Collectors.toSet()))); Collectors.mapping(ProductPermissionCacheService.PermissionDTO::getCooperateType, Collectors.toSet())));
RolePermissionCacheService.ListRolePermissionParam listRolePermissionParam = RolePermissionCacheService.ListRolePermissionParam.builder() Map<Long, List<RolePermissionCacheService.PermissionDTO>> normalRolePermissionMap = normalRoleMap.entrySet().stream()
.roleIds(normalRoles.stream().map(SaasRoleRes::getId).collect(Collectors.toSet())) .filter(e -> allRolePermissionMap.containsKey(e.getKey()))
.featureCodes(productPermissions.stream() .collect(Collectors.toMap(Map.Entry::getKey, e -> allRolePermissionMap.get(e.getKey())));
.map(ProductPermissionCacheService.PermissionDTO::getFeatureCode)
.collect(Collectors.toSet()))
.build();
Map<Long, List<RolePermissionCacheService.PermissionDTO>> normalRolePermissionMap = rolePermissionCacheService.list(listRolePermissionParam);
return normalRolePermissionMap.entrySet().stream() return normalRolePermissionMap.entrySet().stream()
.filter(e -> !CollectionUtils.isEmpty(e.getValue())) .filter(e -> !CollectionUtils.isEmpty(e.getValue()))
@ -665,14 +668,22 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return Collections.emptyList(); return Collections.emptyList();
} }
RolePermissionCacheService.ListRolePermissionParam listRolePermissionParam = RolePermissionCacheService.ListRolePermissionParam.builder()
.roleIds(allRoleIds)
.featureCodes(productPermissions.stream()
.map(ProductPermissionCacheService.PermissionDTO::getFeatureCode)
.collect(Collectors.toSet()))
.build();
Map<Long, List<RolePermissionCacheService.PermissionDTO>> allRolePermissionMap = rolePermissionCacheService.list(listRolePermissionParam);
//超管和管理员 //超管和管理员
List<SaasRoleRes> adminRoles = allRoles.stream() List<SaasRoleRes> adminRoles = allRoles.stream()
.filter(e -> RoleTypeEnum.isAdmin(e.getRoleType())) .filter(e -> RoleTypeEnum.isAdmin(e.getRoleType()))
.collect(Collectors.toList()); .collect(Collectors.toList());
Set<Long> adminPermissionRoleIds = resolvePermissionAdminRole(adminRoles, productPermissions, req); Set<Long> adminPermissionRoleIds = resolvePermissionAdminRole(adminRoles, productPermissions, req);
Set<Long> normalPermissionRoleIds = resolvePermissionNormalRole(allRoles, req, productPermissions, featureIds); Set<Long> normalPermissionRoleIds = resolvePermissionNormalRole(allRoles, req, productPermissions, featureIds, allRolePermissionMap);
Set<Long> adminLeavePermissionRoleIds = resolvePermissionAdminLeaveRole(adminRoles, productPermissions, req, featureIds); Set<Long> adminLeavePermissionRoleIds = resolvePermissionAdminLeaveRole(adminRoles, productPermissions, req, featureIds, allRolePermissionMap);
Set<Long> roleIds = Sets.newHashSet(); Set<Long> roleIds = Sets.newHashSet();
roleIds.addAll(adminPermissionRoleIds); roleIds.addAll(adminPermissionRoleIds);
@ -699,6 +710,8 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return Collections.emptyList(); return Collections.emptyList();
} }
Map<Long, PermissionTagService.ResolvePermissionDTO> personTags = resolveTags(req, saasRoleUsers);
Set<Long> superAdminRoleIds = adminRoles.stream() Set<Long> superAdminRoleIds = adminRoles.stream()
.filter(r -> RoleTypeEnum.SUPER_ADMIN.getValue().equals(r.getRoleType())) .filter(r -> RoleTypeEnum.SUPER_ADMIN.getValue().equals(r.getRoleType()))
.map(SaasRoleRes::getId) .map(SaasRoleRes::getId)
@ -710,6 +723,29 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
// copy原代码 // copy原代码
for (SaasRoleUserV2DTO relation : saasRoleUsers) { for (SaasRoleUserV2DTO relation : saasRoleUsers) {
SaasRoleUserV2DTO.SaasRoleUser saasRoleUser = relation.getSaasRoleUser(); SaasRoleUserV2DTO.SaasRoleUser saasRoleUser = relation.getSaasRoleUser();
// 如果用户在岗位那边的状态没有当前权限点的标签的权限则需要过滤掉
PermissionTagService.ResolvePermissionDTO personTag = personTags.get(saasRoleUser.getPersonId());
if (CollectionUtils.isEmpty(req.getTags())
&& Objects.nonNull(personTag)
&& !CollectionUtils.isEmpty(personTag.getTags())) {
List<RolePermissionCacheService.PermissionDTO> permissionDTOS = allRolePermissionMap.get(relation.getRoleId());
if (CollectionUtils.isEmpty(permissionDTOS)) {
continue;
}
boolean matchedTags = permissionDTOS.stream()
.anyMatch(permission -> permission.getTags()
.stream()
.anyMatch(tag -> !Sets.intersection(permission.getTags(), personTag.getTags()).isEmpty()));
if (BooleanUtils.isNotTrue(matchedTags)) {
continue;
}
}
String key = KeyUtil.buildKeyBySeparator(saasRoleUser.getOuId(), saasRoleUser.getIdentityId(), saasRoleUser.getIdentityType()); String key = KeyUtil.buildKeyBySeparator(saasRoleUser.getOuId(), saasRoleUser.getIdentityId(), saasRoleUser.getIdentityType());
ListIdentityFromPermissionResp.UserVO user = distinctMap.get(key); ListIdentityFromPermissionResp.UserVO user = distinctMap.get(key);
if (user == null) { if (user == null) {
@ -730,6 +766,24 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return Lists.newArrayList(distinctMap.values()); return Lists.newArrayList(distinctMap.values());
} }
private Map<Long, PermissionTagService.ResolvePermissionDTO> resolveTags(ListPermissionUser req, List<SaasRoleUserV2DTO> saasRoleUsers) {
// 如果没有指定标签需要根据查询出来的用户去找到当前的状态来过滤权限
if (!CollectionUtils.isEmpty(req.getTags())) {
return Collections.emptyMap();
}
PermissionTagService.ResolvePermissionTagParam resolvePermissionTagParam = PermissionTagService.ResolvePermissionTagParam.builder()
.personPermissions(saasRoleUsers.stream()
.map(e -> PermissionTagService.PersonPermission.builder()
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.personId(e.getSaasRoleUser().getPersonId())
.build())
.collect(Collectors.toList()))
.build();
return permissionTagService.resolvePermissionTag(resolvePermissionTagParam).stream()
.collect(Collectors.toMap(PermissionTagService.ResolvePermissionDTO::getPersonId, Function.identity()));
}
@Override @Override
public List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> reqList) { public List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> reqList) {
//异步处理 //异步处理
@ -758,9 +812,51 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return result; return result;
} }
private void assembleTag(IdentityAuthReq req) {
if (CollectionUtils.isEmpty(req.getWorkspaceOusPairs())) {
return;
}
List<IdentityAuthReq.WorkspaceOuPair> needResolveTags = req.getWorkspaceOusPairs().stream()
.filter(e -> CollectionUtils.isEmpty(e.getTags()))
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(needResolveTags)) {
return;
}
PermissionTagService.ResolvePermissionTagParam resolvePermissionTagParam = PermissionTagService.ResolvePermissionTagParam.builder()
.personPermissions(needResolveTags.stream()
.map(e -> PermissionTagService.PersonPermission.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.personId(req.getPersonId())
.build())
.collect(Collectors.toList()))
.build();
Map<String, PermissionTagService.ResolvePermissionDTO> resolvePermissions = permissionTagService.resolvePermissionTag(resolvePermissionTagParam).stream()
.collect(Collectors.toMap(e -> e.getOuId() + "_" + e.getWorkspaceId(), Function.identity()));
req.getWorkspaceOusPairs().forEach(e -> {
if (!CollectionUtils.isEmpty(e.getTags())) {
return;
}
PermissionTagService.ResolvePermissionDTO resolvePermissionDTO = resolvePermissions.get(e.buildOuWorkspaceKey());
if (Objects.isNull(resolvePermissionDTO)) {
return;
}
e.setTags(resolvePermissionDTO.getTags());
});
}
@Override @Override
public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) { public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) {
assembleTag(req);
//请求参数去重: ou-workspace //请求参数去重: ou-workspace
req.distinctOUWorkspacePair(); req.distinctOUWorkspacePair();
@ -827,16 +923,59 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
if (!listPermissionFromRoleGroupReq.getFindFeatureInfo()) { if (!listPermissionFromRoleGroupReq.getFindFeatureInfo()) {
return permissionInfo; return permissionInfo;
} }
Map<String, PermissionTagService.ResolvePermissionDTO> personPermissionTags = resolveTags(permissionInfo);
Map<Long, Set<ListPermissionFromRoleGroupResp.FeatureInfo>> authMap = filterAuthByRoleAndProduct(permissionInfo.stream().map(e -> FilterRoleAuth.builder() Map<Long, Set<ListPermissionFromRoleGroupResp.FeatureInfo>> authMap = filterAuthByRoleAndProduct(permissionInfo.stream().map(e -> FilterRoleAuth.builder()
.roleId(NumberUtil.parseLong(e.getRoleId())) .roleId(NumberUtil.parseLong(e.getRoleId()))
.workspaceId(e.getWorkspaceId()) .workspaceId(e.getWorkspaceId())
.build()).collect(Collectors.toList())); .build()).collect(Collectors.toList()));
permissionInfo.forEach(e -> e.setFeatureInfos(authMap.get(NumberUtil.parseLong(e.getRoleId())))); return permissionInfo.stream()
permissionInfo.forEach(e -> e.setSimpleFeatureInfos(org.apache.commons.collections4.CollectionUtils.emptyIfNull(authMap.get(NumberUtil.parseLong(e.getRoleId()))) .filter(e -> {
.stream().map(ListPermissionFromRoleGroupResp.FeatureInfo::getFeatureId).collect(Collectors.toSet()))); PermissionTagService.ResolvePermissionDTO resolvePermission = personPermissionTags.get(e.getPersonId() + "_" + e.getOuId() + "_" + e.getWorkspaceId());
if (Objects.isNull(resolvePermission)) {
// 未解析到标签兼容历史情况
return true;
}
return permissionInfo; Set<ListPermissionFromRoleGroupResp.FeatureInfo> featureInfos = authMap.get(NumberUtil.parseLong(e.getRoleId()));
return featureInfos.stream()
.anyMatch(permission -> permission.getTags()
.stream()
.anyMatch(tag -> !Sets.intersection(permission.getTags(), resolvePermission.getTags()).isEmpty()));
})
.peek(e -> {
e.setFeatureInfos(authMap.get(NumberUtil.parseLong(e.getRoleId())));
e.setSimpleFeatureInfos(org.apache.commons.collections4.CollectionUtils.emptyIfNull(authMap.get(NumberUtil.parseLong(e.getRoleId())))
.stream().map(ListPermissionFromRoleGroupResp.FeatureInfo::getFeatureId).collect(Collectors.toSet()));
})
.collect(Collectors.toList());
}
/**
* 解析用户在项目的标签
* keypersonId_ouId_workspaceId
* @param permissionInfo
* @return
*/
private Map<String, PermissionTagService.ResolvePermissionDTO> resolveTags(List<ListPermissionFromRoleGroupResp> permissionInfo) {
List<PermissionTagService.PersonPermission> personPermissions = permissionInfo.stream()
.map(e -> PermissionTagService.PersonPermission.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.personId(e.getPersonId())
.build())
.distinct()
.collect(Collectors.toList());
PermissionTagService.ResolvePermissionTagParam resolvePermissionTagParam = PermissionTagService.ResolvePermissionTagParam.builder()
.personPermissions(personPermissions)
.build();
return permissionTagService.resolvePermissionTag(resolvePermissionTagParam).stream()
.collect(Collectors.toMap(e -> e.getPersonId() + "_" + e.getOuId() + "_" + e.getWorkspaceId(), Function.identity()));
} }
/** /**
@ -871,7 +1010,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
WorkspaceProductService.WorkspaceProductPermission::getProductPermissions)); WorkspaceProductService.WorkspaceProductPermission::getProductPermissions));
// intersection auth from role and product // intersection auth from role and product
Map<Long, Set<Long>> map = filterRoleAuths.stream().collect(Collectors.toMap(FilterRoleAuth::getRoleId, e -> { Map<Long, Set<RolePermissionCacheService.PermissionDTO>> map = filterRoleAuths.stream().collect(Collectors.toMap(FilterRoleAuth::getRoleId, e -> {
Long roleId = e.getRoleId(); Long roleId = e.getRoleId();
SaasRoleRes saasRole = roles.get(e.getRoleId()); SaasRoleRes saasRole = roles.get(e.getRoleId());
if (null == saasRole) { if (null == saasRole) {
@ -879,11 +1018,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return Collections.emptySet(); return Collections.emptySet();
} }
Set<Long> rolePermissionIds = rolePermissions.get(roleId)
.stream()
.map(RolePermissionCacheService.PermissionDTO::getFeatureId)
.collect(Collectors.toSet());
Set<Long> productPermissionIds = workspaceProductPermissions.get(e.getWorkspaceId()).stream() Set<Long> productPermissionIds = workspaceProductPermissions.get(e.getWorkspaceId()).stream()
.map(WorkspaceProductService.ProductPermission::getPermissions) .map(WorkspaceProductService.ProductPermission::getPermissions)
.flatMap(Collection::stream) .flatMap(Collection::stream)
@ -891,22 +1025,23 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.map(ProductPermissionCacheService.PermissionDTO::getFeatureId) .map(ProductPermissionCacheService.PermissionDTO::getFeatureId)
.collect(Collectors.toSet()); .collect(Collectors.toSet());
return new HashSet<>(CollectionUtil.intersection(productPermissionIds, rolePermissionIds)); return rolePermissions.get(roleId).stream()
.filter(rolePermission -> productPermissionIds.contains(rolePermission.getFeatureId()))
.collect(Collectors.toSet());
}, (oldFeatureLists, newFeatureLists) -> { }, (oldFeatureLists, newFeatureLists) -> {
oldFeatureLists.addAll(newFeatureLists); oldFeatureLists.addAll(newFeatureLists);
return oldFeatureLists; return oldFeatureLists;
})); }));
Map<Long, Set<ListPermissionFromRoleGroupResp.FeatureInfo>> featureMap = Maps.newHashMap(); Map<Long, Set<ListPermissionFromRoleGroupResp.FeatureInfo>> featureMap = Maps.newHashMap();
for (Map.Entry<Long, Set<Long>> entry : map.entrySet()) { for (Map.Entry<Long, Set<RolePermissionCacheService.PermissionDTO>> entry : map.entrySet()) {
Set<ListPermissionFromRoleGroupResp.FeatureInfo> featureInfos = org.apache.commons.collections4.CollectionUtils.emptyIfNull(entry.getValue()).stream().map(e -> ListPermissionFromRoleGroupResp.FeatureInfo.builder() Set<ListPermissionFromRoleGroupResp.FeatureInfo> featureInfos = org.apache.commons.collections4.CollectionUtils.emptyIfNull(entry.getValue()).stream().map(e -> ListPermissionFromRoleGroupResp.FeatureInfo.builder()
.featureId(e) .featureId(e.getFeatureId())
.tags(e.getTags())
// 因为CMSCMP端saas_feature_resouce表的id从100000开始自增 // 因为CMSCMP端saas_feature_resouce表的id从100000开始自增
// 不会跟saas_feature有冲突项企分离后旧的saas_feature表不会再使用所以这里直接根据featureId < 100000 // 不会跟saas_feature有冲突项企分离后旧的saas_feature表不会再使用所以这里直接根据featureId < 100000
// 来判断relationType是saas_feature还是saas_feature_resource不增加到缓存里是减少io量 // 来判断relationType是saas_feature还是saas_feature_resource不增加到缓存里是减少io量
.relationType(e < 100000 ? OLD_FEATURE : NEW_FEATURE) .relationType(e.getFeatureId() < 100000 ? OLD_FEATURE : NEW_FEATURE)
.build()).collect(Collectors.toSet()); .build()).collect(Collectors.toSet());
featureMap.put(entry.getKey(), featureInfos); featureMap.put(entry.getKey(), featureInfos);
} }

20
tyr-server/src/main/java/cn/axzo/tyr/server/utils/RpcInternalUtil.java
View File

@ -82,6 +82,26 @@ public class RpcInternalUtil {
return result; return result;
} }
public static <T> ApiListResult<T> rpcApiListResultProcessor(Supplier<ApiListResult<T>> supplier, String operationType, Object... param) {
return rpcApiListResultProcessorMayThrow(supplier, operationType, (commonResponse) -> {
throw new ServiceException(commonResponse.getMsg());
}, param);
}
public static <T> ApiListResult<T> rpcApiListResultProcessorMayThrow(Supplier<ApiListResult<T>> supplier, String operationType, Consumer<ApiListResult<T>> throwConsumer, Object... param) {
AssertUtil.notNull(throwConsumer, "自定义的异常处理不可为空");
log.info(operationType + "-Param: " + JSONUtil.toJsonStr(param));
ApiListResult<T> result = supplier.get();
log.info(operationType + "-Result: " + JSONUtil.toJsonStr(result));
Assert.notNull(result, "服务调用异常");
// 200自定义处理
if (HttpStatus.HTTP_OK != result.getCode()) {
throwConsumer.accept(result);
}
return result;
}
public static <T> T checkAndGetData(ApiResult<T> result) { public static <T> T checkAndGetData(ApiResult<T> result) {
if (result.isError()) { if (result.isError()) {
throw new BizException(result.getRespCode(), result.getMsg()); throw new BizException(result.getRespCode(), result.getMsg());