fix(2227-permissionQuery): 增加用户功能鉴权接口
This commit is contained in:
zhansihu
parent
0aeae35a1a
commit
107b6f784b
@ -2,6 +2,7 @@ package cn.axzo.tyr.client.feign;
|
||||
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import org.springframework.cloud.openfeign.FeignClient;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
@ -20,7 +21,11 @@ import java.util.List;
|
||||
@FeignClient(name = "tyr", url = "${axzo.service.tyr:http://tyr:8080}")
|
||||
public interface PermissionQueryApi {
|
||||
|
||||
/** 返回导航菜单页面 **/
|
||||
/** 返回有权限的导航菜单页面 **/
|
||||
@PostMapping(value = "/api/v3/permission/query/getNavTree")
|
||||
ApiResult<List<NavTreeResp>> getNavTree(@RequestBody @Valid NavTreeReq req);
|
||||
|
||||
/** 鉴权接口 **/
|
||||
@PostMapping(value = "/api/v3/permission/query/hasPermission")
|
||||
ApiResult<Boolean> hasPermission(PermissionCheckReq req);
|
||||
}
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 权限校验请求
|
||||
*
|
||||
* @version V1.0
|
||||
* @author: ZhanSiHu
|
||||
* @date: 2024/4/9 14:17
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class PermissionCheckReq {
|
||||
|
||||
@NotNull(message = "人员ID不能为空")
|
||||
private Long personId;
|
||||
|
||||
@NotEmpty(message = "权限code不能为空")
|
||||
private List<String> featureCodes;
|
||||
|
||||
@NotNull(message = "单位ID不能为空")
|
||||
private Long ouId;
|
||||
|
||||
@NotNull(message = "租户ID不能为空")
|
||||
private Long workspaceId;
|
||||
|
||||
/** 登录端 **/
|
||||
private String terminal;
|
||||
}
|
||||
@ -31,8 +31,6 @@ public class PermissionQueryReq {
|
||||
|
||||
private String terminal;
|
||||
|
||||
private List<Integer> featureTypes;
|
||||
|
||||
private List<String> featureCodes;
|
||||
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ package cn.axzo.tyr.server.controller.permission;
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.feign.PermissionQueryApi;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import cn.axzo.tyr.server.service.PermissionQueryService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -29,4 +30,9 @@ public class PermissionQueryController implements PermissionQueryApi {
|
||||
public ApiResult<List<NavTreeResp>> getNavTree(NavTreeReq req) {
|
||||
return ApiResult.ok(permissionService.getNavTree(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<Boolean> hasPermission(PermissionCheckReq req) {
|
||||
return ApiResult.ok(permissionService.hasPermission(req));
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
@ -37,4 +38,19 @@ public class PermissionQueryContext {
|
||||
/** 资源ID **/
|
||||
private Set<Long> featureIds;
|
||||
|
||||
public PermissionQueryContext appendPersonId(Long personId) {
|
||||
if (this.userIdentity == null) {
|
||||
this.userIdentity = new UserIdentity();
|
||||
}
|
||||
this.userIdentity.setPersonId(personId);
|
||||
return this;
|
||||
}
|
||||
|
||||
public PermissionQueryContext appendOuWorkspace(Long ouId, Long workspaceId) {
|
||||
if (this.workspaceOUPairs == null) {
|
||||
this.workspaceOUPairs = new ArrayList<>();
|
||||
}
|
||||
this.workspaceOUPairs.add(WorkspaceOUPair.builder().ouId(ouId).workspaceId(workspaceId).build());
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,6 +24,8 @@ public class ResourcePermissionQueryDTO {
|
||||
|
||||
private List<Integer> featureTypes;
|
||||
|
||||
private List<String> featureCodes;
|
||||
|
||||
private List<String> terminals;
|
||||
|
||||
private List<Integer> authType;
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package cn.axzo.tyr.server.service;
|
||||
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
|
||||
import java.util.List;
|
||||
@ -16,4 +17,6 @@ public interface PermissionQueryService {
|
||||
|
||||
/** 获取导航菜单页面 **/
|
||||
List<NavTreeResp> getNavTree(NavTreeReq req);
|
||||
|
||||
boolean hasPermission(PermissionCheckReq req);
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@ import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
|
||||
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import cn.axzo.tyr.server.model.PermissionDO;
|
||||
import cn.axzo.tyr.server.model.PermissionQueryContext;
|
||||
@ -58,7 +59,12 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
@Override
|
||||
public List<NavTreeResp> getNavTree(NavTreeReq req) {
|
||||
//构造参数
|
||||
PermissionQueryContext context = BeanMapper.copyBean(req, PermissionQueryContext.class);
|
||||
PermissionQueryContext context = PermissionQueryContext.builder()
|
||||
.terminal(req.getTerminal())
|
||||
.workspaceOUPairs(req.getWorkspaceOUPairs())
|
||||
.build()
|
||||
.appendPersonId(req.getPersonId());
|
||||
|
||||
|
||||
//查询权限
|
||||
List<PermissionDO> permissions = queryUserPermission(context);
|
||||
@ -75,6 +81,26 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
return TreeUtil.buildTree(BeanMapper.copyList(resourceList, NavTreeResp.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasPermission(PermissionCheckReq req) {
|
||||
//权限编码转ID
|
||||
List<ResourcePermission> resourcePermissions = featureResourceService.permissionQuery(
|
||||
ResourcePermissionQueryDTO.builder().featureCodes(req.getFeatureCodes()).build());
|
||||
if (CollectionUtil.isEmpty(resourcePermissions)) {
|
||||
log.warn("no feature resource found for codes:{}", req.getFeatureCodes());
|
||||
return false;
|
||||
}
|
||||
PermissionQueryContext context = PermissionQueryContext.builder()
|
||||
.terminal(req.getTerminal())
|
||||
.build()
|
||||
.appendPersonId(req.getPersonId())
|
||||
.appendOuWorkspace(req.getOuId(), req.getWorkspaceId());
|
||||
//查询权限
|
||||
List<PermissionDO> permissions = queryUserPermission(context);
|
||||
Set<Long> featureIds = permissions.stream().map(PermissionDO::getFeatureIds).flatMap(Set::stream).collect(Collectors.toSet());
|
||||
//是否任意一个有授权
|
||||
return resourcePermissions.stream().anyMatch(r -> featureIds.contains(r.getId()));
|
||||
}
|
||||
|
||||
|
||||
private List<PermissionDO> queryUserPermission(PermissionQueryContext context) {
|
||||
|
||||
@ -66,6 +66,7 @@ public class SaasFeatureResourceServiceImpl implements SaasFeatureResourceServic
|
||||
SaasFeatureResource::getAuthType)
|
||||
.in(CollectionUtil.isNotEmpty(param.getIds()), SaasFeatureResource::getId, param.getIds())
|
||||
.in(CollectionUtil.isNotEmpty(param.getFeatureTypes()), SaasFeatureResource::getFeatureType, param.getFeatureTypes())
|
||||
.in(CollectionUtil.isNotEmpty(param.getFeatureCodes()), SaasFeatureResource::getFeatureCode, param.getFeatureCodes())
|
||||
.in(CollectionUtil.isNotEmpty(param.getTerminals()), SaasFeatureResource::getTerminal, param.getTerminals())
|
||||
.list();
|
||||
return BeanMapper.copyList(resourceList, ResourcePermission.class);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user