diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionQueryApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionQueryApi.java index f6bd0aa6..fb50a884 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionQueryApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionQueryApi.java @@ -1,6 +1,7 @@ package cn.axzo.tyr.client.feign; import cn.axzo.framework.domain.web.result.ApiResult; +import cn.axzo.tyr.client.model.req.BatchPermissionCheckReq; import cn.axzo.tyr.client.model.req.ListPermissionFeatureReq; import cn.axzo.tyr.client.model.req.NavTreeReq; import cn.axzo.tyr.client.model.req.PagePermissionReq; @@ -8,6 +9,7 @@ import cn.axzo.tyr.client.model.req.PagePermissionResp; import cn.axzo.tyr.client.model.req.PermissionCheckReq; import cn.axzo.tyr.client.model.req.TreePermissionReq; import cn.axzo.tyr.client.model.req.TreeProductFeatureResourceReq; +import cn.axzo.tyr.client.model.res.BatchPermissionCheckRes; import cn.axzo.tyr.client.model.res.FeatureResourceDTO; import cn.axzo.tyr.client.model.res.ListPermissionFeatureResp; import cn.axzo.tyr.client.model.res.NavTreeResp; @@ -44,6 +46,14 @@ public interface PermissionQueryApi { @PostMapping(value = "/api/v3/permission/query/hasPermission") ApiResult hasPermission(@RequestBody @Valid PermissionCheckReq req); + /** + * 批量鉴权 + * @param req + * @return + */ + @PostMapping(value = "/api/v3/permission/query/hasPermission/batch") + ApiResult hasPermissionBatch(@RequestBody @Valid BatchPermissionCheckReq req); + /** * 查询租户的权限树 * @param request diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java index 9e351c72..013ac1e8 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java @@ -107,9 +107,13 @@ public interface TyrSaasRoleApi { * * @return */ + @Deprecated @PostMapping("/api/saasRole/queryBatchByIdentityIdType") ApiResult> queryBatchByIdentityIdType(@RequestBody List req); + @PostMapping("/api/saasRole/queryBatchByIdentityIdType/v2") + ApiResult> queryBatchByIdentityIdTypeV2(@RequestBody List req); + /** * 根据身份id身份类型查询是否为超管 * diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/BatchPermissionCheckReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/BatchPermissionCheckReq.java new file mode 100644 index 00000000..3267bcdc --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/BatchPermissionCheckReq.java @@ -0,0 +1,28 @@ +package cn.axzo.tyr.client.model.req; + +import cn.axzo.tyr.client.model.base.WorkspaceOUPair; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; +import java.util.List; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class BatchPermissionCheckReq { + + @NotNull(message = "personId不能为空") + private Long personId; + + @NotEmpty(message = "workspaceOUPairs不能为空") + private List workspaceOUPairs; + + @NotBlank(message = "itemCode不能为空") + private String itemCode; +} diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QueryByIdentityIdTypeReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QueryByIdentityIdTypeReq.java index 1ff9f4db..41bc5268 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QueryByIdentityIdTypeReq.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QueryByIdentityIdTypeReq.java @@ -9,6 +9,10 @@ import lombok.*; @EqualsAndHashCode public class QueryByIdentityIdTypeReq { + /** + * personId跟identityId、identityType不能混用 + * 只存在使用personId或者identityId\identityType + */ Long identityId; /** diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/BatchPermissionCheckRes.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/BatchPermissionCheckRes.java new file mode 100644 index 00000000..ab3adfec --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/BatchPermissionCheckRes.java @@ -0,0 +1,34 @@ +package cn.axzo.tyr.client.model.res; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +public class BatchPermissionCheckRes { + + private List workspaceOuPermissions; + + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + public static class WorkspaceOuPermission { + private Long ouId; + + private Long workspaceId; + + /** + * true表示有权限 + * false表示没权限 + */ + private Boolean permissionResult; + } +} + diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java index b5e6a2f0..f4ae20ca 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java @@ -113,6 +113,9 @@ public class ListRoleUserRelationParam { @CriteriaField(ignore = true) private Set roleCodes; + @CriteriaField(ignore = true) + private List batchPersons; + @Data @Builder @NoArgsConstructor @@ -130,4 +133,23 @@ public class ListRoleUserRelationParam { private Long ouId; } + @Data + @Builder + @NoArgsConstructor + @AllArgsConstructor + public static class BatchPerson { + private Long identityId; + + /** + * 身份类型 1:工人 2:班组长 3:从业人员 4:监管人员 5:运营人员 + */ + private Integer identityType; + + private Long workspaceId; + + private Long ouId; + + private Long personId; + } + } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionQueryController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionQueryController.java index 01c7b990..bbcd3653 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionQueryController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionQueryController.java @@ -1,7 +1,10 @@ package cn.axzo.tyr.server.controller.permission; +import cn.axzo.basics.common.BeanMapper; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.feign.PermissionQueryApi; +import cn.axzo.tyr.client.model.req.BatchPermissionCheckReq; +import cn.axzo.tyr.client.model.req.IdentityAuthReq; import cn.axzo.tyr.client.model.req.ListPermissionFeatureReq; import cn.axzo.tyr.client.model.req.NavTreeReq; import cn.axzo.tyr.client.model.req.PagePermissionReq; @@ -9,17 +12,22 @@ import cn.axzo.tyr.client.model.req.PagePermissionResp; import cn.axzo.tyr.client.model.req.PermissionCheckReq; import cn.axzo.tyr.client.model.req.TreePermissionReq; import cn.axzo.tyr.client.model.req.TreeProductFeatureResourceReq; +import cn.axzo.tyr.client.model.res.BatchPermissionCheckRes; import cn.axzo.tyr.client.model.res.FeatureResourceDTO; +import cn.axzo.tyr.client.model.res.IdentityAuthRes; import cn.axzo.tyr.client.model.res.ListPermissionFeatureResp; import cn.axzo.tyr.client.model.res.NavTreeResp; import cn.axzo.tyr.client.model.res.ProductFeatureResourceResp; import cn.axzo.tyr.client.model.res.TreePermissionResp; import cn.axzo.tyr.server.service.PermissionQueryService; +import cn.axzo.tyr.server.service.TyrSaasAuthService; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.collections.CollectionUtils; import org.springframework.web.bind.annotation.RestController; import java.util.List; +import java.util.stream.Collectors; /** * 权限接口实现 @@ -34,6 +42,7 @@ import java.util.List; public class PermissionQueryController implements PermissionQueryApi { private final PermissionQueryService permissionService; + private final TyrSaasAuthService tyrSaasAuthService; @Override public ApiResult> getNavTree(NavTreeReq req) { @@ -50,6 +59,27 @@ public class PermissionQueryController implements PermissionQueryApi { return ApiResult.ok(permissionService.hasPermission(req)); } + @Override + public ApiResult hasPermissionBatch(BatchPermissionCheckReq req) { + + IdentityAuthReq request = IdentityAuthReq.builder().build(); + request.setPersonId(req.getPersonId()); + List pairs = BeanMapper.copyList(req.getWorkspaceOUPairs(), IdentityAuthReq.WorkspaceOuPair.class); + request.setWorkspaceOusPairs(pairs); + request.setItemCode(req.getItemCode()); + IdentityAuthRes authRes = tyrSaasAuthService.findIdentityAuthMix(request); + + return ApiResult.ok(BatchPermissionCheckRes.builder() + .workspaceOuPermissions(authRes.getPermissions().stream() + .map(e -> BatchPermissionCheckRes.WorkspaceOuPermission.builder() + .workspaceId(e.getWorkspaceId()) + .ouId(e.getOuId()) + .permissionResult(CollectionUtils.isNotEmpty(e.getPermissionPoint())) + .build()) + .collect(Collectors.toList())) + .build()); + } + @Override public ApiResult> treeProduct(TreeProductFeatureResourceReq request) { return ApiResult.ok(permissionService.treeProduct(request)); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java index c2f8cabb..d380b81b 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java @@ -173,6 +173,11 @@ public class SaasRoleController implements TyrSaasRoleApi { return ApiResult.ok(roleService.queryBatchByIdentityIdType(req)); } + @Override + public ApiResult> queryBatchByIdentityIdTypeV2(List req) { + return ApiResult.ok(roleService.queryBatchByIdentityIdTypeV2(req)); + } + @Override public ApiResult> isSuperAdmin(List req) { return ApiResult.ok(roleService.isSuperAdmin(req)); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java index 2274e702..3174d2f0 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java @@ -55,8 +55,11 @@ public interface RoleService extends IService { List query(QuerySaasRoleReq req); + @Deprecated List queryBatchByIdentityIdType(List req); + List queryBatchByIdentityIdTypeV2(List req); + Long saveOrUpdate(SaveOrUpdateRoleVO saveOrUpdateRole); List isSuperAdmin(List req); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java index aa7d50e2..65366659 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java @@ -46,11 +46,14 @@ import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; import cn.axzo.tyr.server.config.MqProducer; import cn.axzo.tyr.server.event.payload.RolePermissionCreatedPayload; import cn.axzo.tyr.server.event.payload.SaasFeatureResourceUpsertPayload; +import cn.axzo.tyr.server.model.RelationOperateLogResourceBindRoleDO; +import cn.axzo.tyr.server.model.RelationOperateLogRoleBindResourceDO; import cn.axzo.tyr.server.model.ResourcePermission; import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO; import cn.axzo.tyr.server.model.RoleFeatureRelation; import cn.axzo.tyr.server.model.RoleWithFeature; import cn.axzo.tyr.server.repository.dao.SaasFeatureDao; +import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao; import cn.axzo.tyr.server.repository.dao.SaasPermissionGroupDao; import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationDao; import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao; @@ -62,17 +65,22 @@ import cn.axzo.tyr.server.repository.entity.SaasFeature; import cn.axzo.tyr.server.repository.entity.SaasFeatureResource; import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup; import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; +import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelationOperateLog; import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation; import cn.axzo.tyr.server.repository.entity.SaasRole; import cn.axzo.tyr.server.repository.entity.SaasRoleGroup; import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation; import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation; import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser; -import cn.axzo.tyr.server.model.*; -import cn.axzo.tyr.server.repository.dao.*; -import cn.axzo.tyr.server.repository.entity.*; import cn.axzo.tyr.server.repository.mapper.SaasRoleMapper; -import cn.axzo.tyr.server.service.*; +import cn.axzo.tyr.server.service.PermissionGroupService; +import cn.axzo.tyr.server.service.RoleService; +import cn.axzo.tyr.server.service.SaasFeatureResourceService; +import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService; +import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService; +import cn.axzo.tyr.server.service.SaasRoleGroupRelationService; +import cn.axzo.tyr.server.service.SaasRoleGroupService; +import cn.axzo.tyr.server.service.SaasRoleUserRelationService; import cn.axzo.tyr.server.util.RpcInternalUtil; import cn.azxo.framework.common.constatns.Constants; import cn.hutool.core.bean.BeanUtil; @@ -355,6 +363,71 @@ public class RoleServiceImpl extends ServiceImpl return result; } + @Override + public List queryBatchByIdentityIdTypeV2(List req) { + // 一起查询,减少数据库io,原来入参过多时,接口性能很差 + List batchPersons = req.stream() + .distinct() + .map(e -> { + ListRoleUserRelationParam.BatchPerson batchPerson = ListRoleUserRelationParam.BatchPerson.builder().build(); + BeanUtils.copyProperties(e, batchPerson); + return batchPerson; + }) + .collect(Collectors.toList()); + List saasRoleUsers = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder() + .batchPersons(batchPersons) + .build()); + + List allRoleIds = saasRoleUsers.stream() + .map(SaasRoleUserV2DTO::getRoleId) + .distinct() + .collect(Collectors.toList()); + + // 这里使用原来代码的查询角色信息的接口,因为接口返回的对象使用的这个接口返回对象 + Map saasRoles = getByIds(allRoleIds, null, null, null, false, null) + .stream() + .collect(Collectors.toMap(SaasRoleVO::getId, Function.identity())); + + return batchPersons.stream() + .map(e -> { + QueryBatchByIdentityIdTypeRes result = QueryBatchByIdentityIdTypeRes.builder().build(); + BeanUtils.copyProperties(e, result); + // 原代码是入参有personId就使用personId查询,不能同时使用personId和identityId、identityType + // 因为入参workspaceId和ouId不一定都有,所以不好转成map去取,只能遍历,数据量不大,所以还好 + Set roleIds = saasRoleUsers.stream() + .filter(role -> { + if (Objects.nonNull(e.getIdentityType()) && !Objects.equals(e.getIdentityType(), role.getSaasRoleUser().getIdentityType())) { + return false; + } + + if (Objects.nonNull(e.getIdentityId()) && !Objects.equals(e.getIdentityId(), role.getSaasRoleUser().getIdentityId())) { + return false; + } + + if (Objects.nonNull(e.getPersonId()) && !Objects.equals(e.getPersonId(), role.getSaasRoleUser().getPersonId())) { + return false; + } + + if (Objects.nonNull(e.getWorkspaceId()) && !Objects.equals(e.getWorkspaceId(), role.getSaasRoleUser().getWorkspaceId())) { + return false; + } + + if (Objects.nonNull(e.getOuId()) && !Objects.equals(e.getOuId(), role.getSaasRoleUser().getOuId())) { + return false; + } + return true; + }) + .map(SaasRoleUserV2DTO::getRoleId) + .collect(Collectors.toSet()); + + if (CollectionUtils.isNotEmpty(roleIds)) { + result.setRole(roleIds.stream().map(saasRoles::get).filter(Objects::nonNull).collect(Collectors.toList())); + } + return result; + }) + .collect(Collectors.toList()); + } + @Override @Transactional(rollbackFor = Exception.class) public Long saveOrUpdate(SaveOrUpdateRoleVO saveOrUpdateRole) { diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java index afb3981c..3aac5869 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java @@ -925,7 +925,11 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl { + f.addAll(s); + return f; + })); } private List resolveSaasFeature(Set terminals) { diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java index 77b7a3d4..5ef40ac8 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java @@ -161,6 +161,8 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl page = this.page(PageConverter.toMybatis(param, SaasRoleUserRelation.class), wrapper); Map saasRoleUsers = listSaasRoleUser(param, page.getRecords()); @@ -170,6 +172,26 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl from(record, saasRoleUsers, saasRoles)); } + private void assembleBatchPersonWrapper(PageRoleUserRelationParam param, + QueryWrapper wrapper) { + + if (CollectionUtils.isEmpty(param.getBatchPersons())) { + return; + } + + wrapper.and(j -> { + for (ListRoleUserRelationParam.BatchPerson batchPerson : param.getBatchPersons()) { + j.or(k -> { + k.eq(Objects.nonNull(batchPerson.getPersonId()), "natural_person_id", batchPerson.getPersonId()); + k.eq(Objects.nonNull(batchPerson.getIdentityId()), "identity_id", batchPerson.getIdentityId()); + k.eq(Objects.nonNull(batchPerson.getIdentityType()), "identity_type", batchPerson.getIdentityType()); + k.eq(Objects.nonNull(batchPerson.getWorkspaceId()), "workspace_id", batchPerson.getWorkspaceId()); + k.eq(Objects.nonNull(batchPerson.getOuId()), "ou_id", batchPerson.getOuId()); + }); + } + }); + } + private Set resolveRoleIds(PageRoleUserRelationParam param) { if (CollectionUtils.isEmpty(param.getRoleCodes())) { return Optional.ofNullable(param.getRoleIds()) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 1fbeaa3e..2bf4f827 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -814,7 +814,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { try { return findIdentityAuthV2(req).getPermissions(); } catch (Exception ex) { - log.error("查询权限异常,执行降级处理"); + log.error("查询权限异常,执行降级处理,", ex); return findIdentityAuth(req).getPermissions(); } }