fix(2227-permissionQuery): 增加用户功能鉴权接口

tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionQueryApi.java

@@ -2,6 +2,7 @@ package cn.axzo.tyr.client.feign;
 
 import cn.axzo.framework.domain.web.result.ApiResult;
 import cn.axzo.tyr.client.model.req.NavTreeReq;
+import cn.axzo.tyr.client.model.req.PermissionCheckReq;
 import cn.axzo.tyr.client.model.res.NavTreeResp;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -20,7 +21,11 @@ import java.util.List;
 @FeignClient(name = "tyr", url = "${axzo.service.tyr:http://tyr:8080}")
 public interface PermissionQueryApi {
 
-    /** 返回导航菜单页面 **/
+    /** 返回有权限的导航菜单页面 **/
     @PostMapping(value = "/api/v3/permission/query/getNavTree")
     ApiResult<List<NavTreeResp>> getNavTree(@RequestBody @Valid NavTreeReq req);
+
+    /** 鉴权接口 **/
+    @PostMapping(value = "/api/v3/permission/query/hasPermission")
+    ApiResult<Boolean> hasPermission(PermissionCheckReq req);
 }

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PermissionCheckReq.java

@@ -0,0 +1,39 @@
+package cn.axzo.tyr.client.model.req;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.NotNull;
+import java.util.List;
+
+/**
+ * 权限校验请求
+ *
+ * @version V1.0
+ * @author: ZhanSiHu
+ * @date: 2024/4/9 14:17
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class PermissionCheckReq {
+
+    @NotNull(message = "人员ID不能为空")
+    private Long personId;
+
+    @NotEmpty(message = "权限code不能为空")
+    private List<String> featureCodes;
+
+    @NotNull(message = "单位ID不能为空")
+    private Long ouId;
+
+    @NotNull(message = "租户ID不能为空")
+    private Long workspaceId;
+
+    /** 登录端 **/
+    private String terminal;
+}

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PermissionQueryReq.java

@@ -31,8 +31,6 @@ public class PermissionQueryReq {
 
     private String terminal;
 
-    private List<Integer> featureTypes;
-
     private List<String> featureCodes;
 
 }

tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionQueryController.java

@@ -3,6 +3,7 @@ package cn.axzo.tyr.server.controller.permission;
 import cn.axzo.framework.domain.web.result.ApiResult;
 import cn.axzo.tyr.client.feign.PermissionQueryApi;
 import cn.axzo.tyr.client.model.req.NavTreeReq;
+import cn.axzo.tyr.client.model.req.PermissionCheckReq;
 import cn.axzo.tyr.client.model.res.NavTreeResp;
 import cn.axzo.tyr.server.service.PermissionQueryService;
 import lombok.RequiredArgsConstructor;
@@ -29,4 +30,9 @@ public class PermissionQueryController implements PermissionQueryApi {
     public ApiResult<List<NavTreeResp>> getNavTree(NavTreeReq req) {
         return ApiResult.ok(permissionService.getNavTree(req));
     }
+
+    @Override
+    public ApiResult<Boolean> hasPermission(PermissionCheckReq req) {
+        return ApiResult.ok(permissionService.hasPermission(req));
+    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/model/PermissionQueryContext.java

@@ -8,6 +8,7 @@ import lombok.NoArgsConstructor;
 
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
@@ -37,4 +38,19 @@ public class PermissionQueryContext {
     /** 资源ID **/
     private Set<Long> featureIds;
 
+    public PermissionQueryContext appendPersonId(Long personId) {
+        if (this.userIdentity == null) {
+            this.userIdentity = new UserIdentity();
+        }
+        this.userIdentity.setPersonId(personId);
+        return this;
+    }
+
+    public PermissionQueryContext appendOuWorkspace(Long ouId, Long workspaceId) {
+        if (this.workspaceOUPairs == null) {
+            this.workspaceOUPairs = new ArrayList<>();
+        }
+        this.workspaceOUPairs.add(WorkspaceOUPair.builder().ouId(ouId).workspaceId(workspaceId).build());
+        return this;
+    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/model/ResourcePermissionQueryDTO.java

@@ -24,6 +24,8 @@ public class ResourcePermissionQueryDTO {
 
     private List<Integer> featureTypes;
 
+    private List<String> featureCodes;
+
     private List<String> terminals;
 
     private List<Integer> authType;

tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionQueryService.java

@@ -1,6 +1,7 @@
 package cn.axzo.tyr.server.service;
 
 import cn.axzo.tyr.client.model.req.NavTreeReq;
+import cn.axzo.tyr.client.model.req.PermissionCheckReq;
 import cn.axzo.tyr.client.model.res.NavTreeResp;
 
 import java.util.List;
@@ -16,4 +17,6 @@ public interface PermissionQueryService {
 
     /** 获取导航菜单页面 **/
     List<NavTreeResp> getNavTree(NavTreeReq req);
+
+    boolean hasPermission(PermissionCheckReq req);
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java

@@ -9,6 +9,7 @@ import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
 import cn.axzo.tyr.client.model.enums.IdentityType;
 import cn.axzo.tyr.client.model.req.NavTreeReq;
+import cn.axzo.tyr.client.model.req.PermissionCheckReq;
 import cn.axzo.tyr.client.model.res.NavTreeResp;
 import cn.axzo.tyr.server.model.PermissionDO;
 import cn.axzo.tyr.server.model.PermissionQueryContext;
@@ -58,7 +59,12 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
     @Override
     public List<NavTreeResp> getNavTree(NavTreeReq req) {
         //构造参数
-        PermissionQueryContext context = BeanMapper.copyBean(req, PermissionQueryContext.class);
+        PermissionQueryContext context = PermissionQueryContext.builder()
+                .terminal(req.getTerminal())
+                .workspaceOUPairs(req.getWorkspaceOUPairs())
+                .build()
+                .appendPersonId(req.getPersonId());
+
 
         //查询权限
         List<PermissionDO> permissions = queryUserPermission(context);
@@ -75,6 +81,26 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
         return TreeUtil.buildTree(BeanMapper.copyList(resourceList, NavTreeResp.class));
     }
 
+    @Override
+    public boolean hasPermission(PermissionCheckReq req) {
+        //权限编码转ID
+        List<ResourcePermission> resourcePermissions = featureResourceService.permissionQuery(
+                ResourcePermissionQueryDTO.builder().featureCodes(req.getFeatureCodes()).build());
+        if (CollectionUtil.isEmpty(resourcePermissions)) {
+            log.warn("no feature resource found for codes:{}", req.getFeatureCodes());
+            return false;
+        }
+        PermissionQueryContext context = PermissionQueryContext.builder()
+                .terminal(req.getTerminal())
+                .build()
+                .appendPersonId(req.getPersonId())
+                .appendOuWorkspace(req.getOuId(), req.getWorkspaceId());
+        //查询权限
+        List<PermissionDO> permissions = queryUserPermission(context);
+        Set<Long> featureIds = permissions.stream().map(PermissionDO::getFeatureIds).flatMap(Set::stream).collect(Collectors.toSet());
+        //是否任意一个有授权
+        return resourcePermissions.stream().anyMatch(r -> featureIds.contains(r.getId()));
+    }
 
 
     private List<PermissionDO> queryUserPermission(PermissionQueryContext context) {

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java

@@ -66,6 +66,7 @@ public class SaasFeatureResourceServiceImpl implements SaasFeatureResourceServic
                         SaasFeatureResource::getAuthType)
                 .in(CollectionUtil.isNotEmpty(param.getIds()), SaasFeatureResource::getId, param.getIds())
                 .in(CollectionUtil.isNotEmpty(param.getFeatureTypes()), SaasFeatureResource::getFeatureType, param.getFeatureTypes())
+                .in(CollectionUtil.isNotEmpty(param.getFeatureCodes()), SaasFeatureResource::getFeatureCode, param.getFeatureCodes())
                 .in(CollectionUtil.isNotEmpty(param.getTerminals()), SaasFeatureResource::getTerminal, param.getTerminals())
                 .list();
         return BeanMapper.copyList(resourceList, ResourcePermission.class);