Merge remote-tracking branch 'origin/feature/REQ-3068' into release/20241016
This commit is contained in:
lilong
commit
2ae3650cd4
@ -1,6 +1,7 @@
|
||||
package cn.axzo.tyr.client.feign;
|
||||
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.model.req.BatchPermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFeatureReq;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionReq;
|
||||
@ -8,6 +9,7 @@ import cn.axzo.tyr.client.model.req.PagePermissionResp;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.req.TreePermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.TreeProductFeatureResourceReq;
|
||||
import cn.axzo.tyr.client.model.res.BatchPermissionCheckRes;
|
||||
import cn.axzo.tyr.client.model.res.FeatureResourceDTO;
|
||||
import cn.axzo.tyr.client.model.res.ListPermissionFeatureResp;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
@ -44,6 +46,14 @@ public interface PermissionQueryApi {
|
||||
@PostMapping(value = "/api/v3/permission/query/hasPermission")
|
||||
ApiResult<Boolean> hasPermission(@RequestBody @Valid PermissionCheckReq req);
|
||||
|
||||
/**
|
||||
* 批量鉴权
|
||||
* @param req
|
||||
* @return
|
||||
*/
|
||||
@PostMapping(value = "/api/v3/permission/query/hasPermission/batch")
|
||||
ApiResult<BatchPermissionCheckRes> hasPermissionBatch(@RequestBody @Valid BatchPermissionCheckReq req);
|
||||
|
||||
/**
|
||||
* 查询租户的权限树
|
||||
* @param request
|
||||
|
||||
@ -107,9 +107,13 @@ public interface TyrSaasRoleApi {
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@Deprecated
|
||||
@PostMapping("/api/saasRole/queryBatchByIdentityIdType")
|
||||
ApiResult<List<QueryBatchByIdentityIdTypeRes>> queryBatchByIdentityIdType(@RequestBody List<QueryByIdentityIdTypeReq> req);
|
||||
|
||||
@PostMapping("/api/saasRole/queryBatchByIdentityIdType/v2")
|
||||
ApiResult<List<QueryBatchByIdentityIdTypeRes>> queryBatchByIdentityIdTypeV2(@RequestBody List<QueryByIdentityIdTypeReq> req);
|
||||
|
||||
/**
|
||||
* 根据身份id身份类型查询是否为超管
|
||||
*
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotBlank;
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class BatchPermissionCheckReq {
|
||||
|
||||
@NotNull(message = "personId不能为空")
|
||||
private Long personId;
|
||||
|
||||
@NotEmpty(message = "workspaceOUPairs不能为空")
|
||||
private List<WorkspaceOUPair> workspaceOUPairs;
|
||||
|
||||
@NotBlank(message = "itemCode不能为空")
|
||||
private String itemCode;
|
||||
}
|
||||
@ -9,6 +9,10 @@ import lombok.*;
|
||||
@EqualsAndHashCode
|
||||
public class QueryByIdentityIdTypeReq {
|
||||
|
||||
/**
|
||||
* personId跟identityId、identityType不能混用
|
||||
* 只存在使用personId或者identityId\identityType
|
||||
*/
|
||||
Long identityId;
|
||||
|
||||
/**
|
||||
|
||||
@ -0,0 +1,34 @@
|
||||
package cn.axzo.tyr.client.model.res;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class BatchPermissionCheckRes {
|
||||
|
||||
private List<WorkspaceOuPermission> workspaceOuPermissions;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public static class WorkspaceOuPermission {
|
||||
private Long ouId;
|
||||
|
||||
private Long workspaceId;
|
||||
|
||||
/**
|
||||
* true表示有权限
|
||||
* false表示没权限
|
||||
*/
|
||||
private Boolean permissionResult;
|
||||
}
|
||||
}
|
||||
|
||||
@ -113,6 +113,9 @@ public class ListRoleUserRelationParam {
|
||||
@CriteriaField(ignore = true)
|
||||
private Set<String> roleCodes;
|
||||
|
||||
@CriteriaField(ignore = true)
|
||||
private List<BatchPerson> batchPersons;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@ -130,4 +133,23 @@ public class ListRoleUserRelationParam {
|
||||
private Long ouId;
|
||||
}
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public static class BatchPerson {
|
||||
private Long identityId;
|
||||
|
||||
/**
|
||||
* 身份类型 1:工人 2:班组长 3:从业人员 4:监管人员 5:运营人员
|
||||
*/
|
||||
private Integer identityType;
|
||||
|
||||
private Long workspaceId;
|
||||
|
||||
private Long ouId;
|
||||
|
||||
private Long personId;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
package cn.axzo.tyr.server.controller.permission;
|
||||
|
||||
import cn.axzo.basics.common.BeanMapper;
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.feign.PermissionQueryApi;
|
||||
import cn.axzo.tyr.client.model.req.BatchPermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.req.IdentityAuthReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFeatureReq;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionReq;
|
||||
@ -9,17 +12,22 @@ import cn.axzo.tyr.client.model.req.PagePermissionResp;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.req.TreePermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.TreeProductFeatureResourceReq;
|
||||
import cn.axzo.tyr.client.model.res.BatchPermissionCheckRes;
|
||||
import cn.axzo.tyr.client.model.res.FeatureResourceDTO;
|
||||
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
||||
import cn.axzo.tyr.client.model.res.ListPermissionFeatureResp;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import cn.axzo.tyr.client.model.res.ProductFeatureResourceResp;
|
||||
import cn.axzo.tyr.client.model.res.TreePermissionResp;
|
||||
import cn.axzo.tyr.server.service.PermissionQueryService;
|
||||
import cn.axzo.tyr.server.service.TyrSaasAuthService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.collections.CollectionUtils;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 权限接口实现
|
||||
@ -34,6 +42,7 @@ import java.util.List;
|
||||
public class PermissionQueryController implements PermissionQueryApi {
|
||||
|
||||
private final PermissionQueryService permissionService;
|
||||
private final TyrSaasAuthService tyrSaasAuthService;
|
||||
|
||||
@Override
|
||||
public ApiResult<List<NavTreeResp>> getNavTree(NavTreeReq req) {
|
||||
@ -50,6 +59,27 @@ public class PermissionQueryController implements PermissionQueryApi {
|
||||
return ApiResult.ok(permissionService.hasPermission(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<BatchPermissionCheckRes> hasPermissionBatch(BatchPermissionCheckReq req) {
|
||||
|
||||
IdentityAuthReq request = IdentityAuthReq.builder().build();
|
||||
request.setPersonId(req.getPersonId());
|
||||
List<IdentityAuthReq.WorkspaceOuPair> pairs = BeanMapper.copyList(req.getWorkspaceOUPairs(), IdentityAuthReq.WorkspaceOuPair.class);
|
||||
request.setWorkspaceOusPairs(pairs);
|
||||
request.setItemCode(req.getItemCode());
|
||||
IdentityAuthRes authRes = tyrSaasAuthService.findIdentityAuthMix(request);
|
||||
|
||||
return ApiResult.ok(BatchPermissionCheckRes.builder()
|
||||
.workspaceOuPermissions(authRes.getPermissions().stream()
|
||||
.map(e -> BatchPermissionCheckRes.WorkspaceOuPermission.builder()
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.ouId(e.getOuId())
|
||||
.permissionResult(CollectionUtils.isNotEmpty(e.getPermissionPoint()))
|
||||
.build())
|
||||
.collect(Collectors.toList()))
|
||||
.build());
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<List<ProductFeatureResourceResp>> treeProduct(TreeProductFeatureResourceReq request) {
|
||||
return ApiResult.ok(permissionService.treeProduct(request));
|
||||
|
||||
@ -173,6 +173,11 @@ public class SaasRoleController implements TyrSaasRoleApi {
|
||||
return ApiResult.ok(roleService.queryBatchByIdentityIdType(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<List<QueryBatchByIdentityIdTypeRes>> queryBatchByIdentityIdTypeV2(List<QueryByIdentityIdTypeReq> req) {
|
||||
return ApiResult.ok(roleService.queryBatchByIdentityIdTypeV2(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<List<IsSuperAdminRes>> isSuperAdmin(List<QueryByIdentityIdTypeReq> req) {
|
||||
return ApiResult.ok(roleService.isSuperAdmin(req));
|
||||
|
||||
@ -55,8 +55,11 @@ public interface RoleService extends IService<SaasRole> {
|
||||
|
||||
List<SaasRoleVO> query(QuerySaasRoleReq req);
|
||||
|
||||
@Deprecated
|
||||
List<QueryBatchByIdentityIdTypeRes> queryBatchByIdentityIdType(List<QueryByIdentityIdTypeReq> req);
|
||||
|
||||
List<QueryBatchByIdentityIdTypeRes> queryBatchByIdentityIdTypeV2(List<QueryByIdentityIdTypeReq> req);
|
||||
|
||||
Long saveOrUpdate(SaveOrUpdateRoleVO saveOrUpdateRole);
|
||||
|
||||
List<IsSuperAdminRes> isSuperAdmin(List<QueryByIdentityIdTypeReq> req);
|
||||
|
||||
@ -46,11 +46,14 @@ import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
|
||||
import cn.axzo.tyr.server.config.MqProducer;
|
||||
import cn.axzo.tyr.server.event.payload.RolePermissionCreatedPayload;
|
||||
import cn.axzo.tyr.server.event.payload.SaasFeatureResourceUpsertPayload;
|
||||
import cn.axzo.tyr.server.model.RelationOperateLogResourceBindRoleDO;
|
||||
import cn.axzo.tyr.server.model.RelationOperateLogRoleBindResourceDO;
|
||||
import cn.axzo.tyr.server.model.ResourcePermission;
|
||||
import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO;
|
||||
import cn.axzo.tyr.server.model.RoleFeatureRelation;
|
||||
import cn.axzo.tyr.server.model.RoleWithFeature;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasPermissionGroupDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
|
||||
@ -62,17 +65,22 @@ import cn.axzo.tyr.server.repository.entity.SaasFeature;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelationOperateLog;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRole;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
|
||||
import cn.axzo.tyr.server.model.*;
|
||||
import cn.axzo.tyr.server.repository.dao.*;
|
||||
import cn.axzo.tyr.server.repository.entity.*;
|
||||
import cn.axzo.tyr.server.repository.mapper.SaasRoleMapper;
|
||||
import cn.axzo.tyr.server.service.*;
|
||||
import cn.axzo.tyr.server.service.PermissionGroupService;
|
||||
import cn.axzo.tyr.server.service.RoleService;
|
||||
import cn.axzo.tyr.server.service.SaasFeatureResourceService;
|
||||
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
|
||||
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleGroupRelationService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleGroupService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||
import cn.axzo.tyr.server.util.RpcInternalUtil;
|
||||
import cn.azxo.framework.common.constatns.Constants;
|
||||
import cn.hutool.core.bean.BeanUtil;
|
||||
@ -355,6 +363,71 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<QueryBatchByIdentityIdTypeRes> queryBatchByIdentityIdTypeV2(List<QueryByIdentityIdTypeReq> req) {
|
||||
// 一起查询,减少数据库io,原来入参过多时,接口性能很差
|
||||
List<ListRoleUserRelationParam.BatchPerson> batchPersons = req.stream()
|
||||
.distinct()
|
||||
.map(e -> {
|
||||
ListRoleUserRelationParam.BatchPerson batchPerson = ListRoleUserRelationParam.BatchPerson.builder().build();
|
||||
BeanUtils.copyProperties(e, batchPerson);
|
||||
return batchPerson;
|
||||
})
|
||||
.collect(Collectors.toList());
|
||||
List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.batchPersons(batchPersons)
|
||||
.build());
|
||||
|
||||
List<Long> allRoleIds = saasRoleUsers.stream()
|
||||
.map(SaasRoleUserV2DTO::getRoleId)
|
||||
.distinct()
|
||||
.collect(Collectors.toList());
|
||||
|
||||
// 这里使用原来代码的查询角色信息的接口,因为接口返回的对象使用的这个接口返回对象
|
||||
Map<Long, SaasRoleVO> saasRoles = getByIds(allRoleIds, null, null, null, false, null)
|
||||
.stream()
|
||||
.collect(Collectors.toMap(SaasRoleVO::getId, Function.identity()));
|
||||
|
||||
return batchPersons.stream()
|
||||
.map(e -> {
|
||||
QueryBatchByIdentityIdTypeRes result = QueryBatchByIdentityIdTypeRes.builder().build();
|
||||
BeanUtils.copyProperties(e, result);
|
||||
// 原代码是入参有personId就使用personId查询,不能同时使用personId和identityId、identityType
|
||||
// 因为入参workspaceId和ouId不一定都有,所以不好转成map去取,只能遍历,数据量不大,所以还好
|
||||
Set<Long> roleIds = saasRoleUsers.stream()
|
||||
.filter(role -> {
|
||||
if (Objects.nonNull(e.getIdentityType()) && !Objects.equals(e.getIdentityType(), role.getSaasRoleUser().getIdentityType())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Objects.nonNull(e.getIdentityId()) && !Objects.equals(e.getIdentityId(), role.getSaasRoleUser().getIdentityId())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Objects.nonNull(e.getPersonId()) && !Objects.equals(e.getPersonId(), role.getSaasRoleUser().getPersonId())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Objects.nonNull(e.getWorkspaceId()) && !Objects.equals(e.getWorkspaceId(), role.getSaasRoleUser().getWorkspaceId())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Objects.nonNull(e.getOuId()) && !Objects.equals(e.getOuId(), role.getSaasRoleUser().getOuId())) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
})
|
||||
.map(SaasRoleUserV2DTO::getRoleId)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
if (CollectionUtils.isNotEmpty(roleIds)) {
|
||||
result.setRole(roleIds.stream().map(saasRoles::get).filter(Objects::nonNull).collect(Collectors.toList()));
|
||||
}
|
||||
return result;
|
||||
})
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public Long saveOrUpdate(SaveOrUpdateRoleVO saveOrUpdateRole) {
|
||||
|
||||
@ -925,7 +925,11 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
|
||||
}
|
||||
|
||||
return resolveSaasFeature(Sets.newHashSet(terminals)).stream()
|
||||
.collect(Collectors.toMap(SaasFeatureResourceDTO::getTerminal, SaasFeatureResourceDTO::getFeatures));
|
||||
.collect(Collectors.toMap(SaasFeatureResourceDTO::getTerminal, SaasFeatureResourceDTO::getFeatures,
|
||||
(f, s) -> {
|
||||
f.addAll(s);
|
||||
return f;
|
||||
}));
|
||||
}
|
||||
|
||||
private List<SaasFeatureResourceDTO> resolveSaasFeature(Set<String> terminals) {
|
||||
|
||||
@ -161,6 +161,8 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
|
||||
}
|
||||
wrapper.in(!CollectionUtils.isEmpty(roleIds), "role_id", roleIds);
|
||||
|
||||
assembleBatchPersonWrapper(param, wrapper);
|
||||
|
||||
IPage<SaasRoleUserRelation> page = this.page(PageConverter.toMybatis(param, SaasRoleUserRelation.class), wrapper);
|
||||
|
||||
Map<Long, SaasRoleUserV2DTO.SaasRoleUser> saasRoleUsers = listSaasRoleUser(param, page.getRecords());
|
||||
@ -170,6 +172,26 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
|
||||
return PageConverter.toResp(page, (record) -> from(record, saasRoleUsers, saasRoles));
|
||||
}
|
||||
|
||||
private void assembleBatchPersonWrapper(PageRoleUserRelationParam param,
|
||||
QueryWrapper<SaasRoleUserRelation> wrapper) {
|
||||
|
||||
if (CollectionUtils.isEmpty(param.getBatchPersons())) {
|
||||
return;
|
||||
}
|
||||
|
||||
wrapper.and(j -> {
|
||||
for (ListRoleUserRelationParam.BatchPerson batchPerson : param.getBatchPersons()) {
|
||||
j.or(k -> {
|
||||
k.eq(Objects.nonNull(batchPerson.getPersonId()), "natural_person_id", batchPerson.getPersonId());
|
||||
k.eq(Objects.nonNull(batchPerson.getIdentityId()), "identity_id", batchPerson.getIdentityId());
|
||||
k.eq(Objects.nonNull(batchPerson.getIdentityType()), "identity_type", batchPerson.getIdentityType());
|
||||
k.eq(Objects.nonNull(batchPerson.getWorkspaceId()), "workspace_id", batchPerson.getWorkspaceId());
|
||||
k.eq(Objects.nonNull(batchPerson.getOuId()), "ou_id", batchPerson.getOuId());
|
||||
});
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private Set<Long> resolveRoleIds(PageRoleUserRelationParam param) {
|
||||
if (CollectionUtils.isEmpty(param.getRoleCodes())) {
|
||||
return Optional.ofNullable(param.getRoleIds())
|
||||
|
||||
@ -814,7 +814,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
try {
|
||||
return findIdentityAuthV2(req).getPermissions();
|
||||
} catch (Exception ex) {
|
||||
log.error("查询权限异常,执行降级处理");
|
||||
log.error("查询权限异常,执行降级处理,", ex);
|
||||
return findIdentityAuth(req).getPermissions();
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user