feat:(REQ-2750) 去掉saasRoleUserRelation的重复查询代码,切换到新的统一查询接口
This commit is contained in:
lilong
parent
4082c9d8ce
commit
360fd31bec
@ -45,6 +45,26 @@ public class SaasRoleUserV2DTO {
|
||||
*/
|
||||
private Long roleId;
|
||||
|
||||
/**
|
||||
* 单位Id
|
||||
*/
|
||||
private Long ouId;
|
||||
|
||||
/**
|
||||
* 项目id
|
||||
*/
|
||||
private Long workspaceId;
|
||||
|
||||
/**
|
||||
* 身份Id
|
||||
*/
|
||||
private Long identityId;
|
||||
|
||||
/**
|
||||
* 身份类型 1:工人 2:从业人员 3:班组长 4:运营人员 5:政务人员
|
||||
*/
|
||||
private Integer identityType;
|
||||
|
||||
private SaasRoleUser saasRoleUser;
|
||||
|
||||
private SaasRoleRes saasRole;
|
||||
|
||||
@ -37,6 +37,15 @@ public class ListRoleUserRelationParam {
|
||||
@CriteriaField(field = "workspaceId", operator = Operator.IN)
|
||||
private Set<Long> workspaceIds;
|
||||
|
||||
@CriteriaField(field = "resourceType", operator = Operator.EQ)
|
||||
private Integer resourceType;
|
||||
|
||||
/**
|
||||
* 资源Id
|
||||
*/
|
||||
@CriteriaField(field = "resourceId", operator = Operator.EQ)
|
||||
private Long resourceId;
|
||||
|
||||
/**
|
||||
* 是否显示
|
||||
*/
|
||||
|
||||
@ -1,208 +0,0 @@
|
||||
package cn.axzo.tyr.server.job;
|
||||
|
||||
import cn.axzo.basics.common.BeanMapper;
|
||||
import cn.axzo.basics.common.util.NumberUtil;
|
||||
import cn.axzo.maokai.api.client.CooperateShipQueryApi;
|
||||
import cn.axzo.maokai.api.vo.request.PersonIdentityCheckReq;
|
||||
import cn.axzo.pokonyan.config.redis.RedisClient;
|
||||
import cn.axzo.pokonyan.config.redis.RedisUtil;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.util.RpcInternalUtil;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.hutool.core.date.StopWatch;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import com.xxl.job.core.biz.model.ReturnT;
|
||||
import com.xxl.job.core.handler.IJobHandler;
|
||||
import com.xxl.job.core.handler.annotation.XxlJob;
|
||||
import com.xxl.job.core.log.XxlJobLogger;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.CompletableFuture;
|
||||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
* 用户角色关系清理任务
|
||||
*
|
||||
* @version V1.0
|
||||
* @author: ZhanSiHu
|
||||
* @date: 2024/3/4 10:09
|
||||
*/
|
||||
@Slf4j
|
||||
@Component
|
||||
public class UserRoleRelationCleanJob extends IJobHandler {
|
||||
|
||||
private static final String CACHE_KEY = "tyr:job:u-r-r-c";
|
||||
private volatile boolean runFlag = false;
|
||||
|
||||
@Qualifier("userRoleCleanExecutor")
|
||||
@Autowired
|
||||
private ExecutorService userRoleCleanExecutor;
|
||||
|
||||
@Autowired
|
||||
private SaasRoleUserRelationDao roleUserRelationDao;
|
||||
|
||||
@Autowired
|
||||
private CooperateShipQueryApi cooperateShipQueryApi;
|
||||
|
||||
|
||||
|
||||
@XxlJob("userRoleRelationCleanJob")
|
||||
@Override
|
||||
public ReturnT<String> execute(String param) throws Exception {
|
||||
StopWatch watch = new StopWatch("userRoleRelationCleanJob");
|
||||
XxlJobLogger.log("start user role relation clean job param:{}", param);
|
||||
CleanTarget cleanParam = parseParam(param);
|
||||
//加载待处理数据
|
||||
watch.start("load and check data");
|
||||
loadCleanTarget(cleanParam);
|
||||
watch.stop();
|
||||
|
||||
watch.start("do clean");
|
||||
runFlag = true;
|
||||
XxlJobLogger.log("start to clean user role relation");
|
||||
while (runFlag) {
|
||||
CleanTarget target = getTarget();
|
||||
if (target == null) {
|
||||
XxlJobLogger.log("all clean target are processed");
|
||||
break;
|
||||
}
|
||||
//防数据库锁竞争 删除不做并发
|
||||
doClean(target);
|
||||
}
|
||||
watch.stop();
|
||||
|
||||
XxlJobLogger.log("user role relation clean job finish, cost:{} seconds", watch.getTotalTimeSeconds());
|
||||
return ReturnT.SUCCESS;
|
||||
}
|
||||
|
||||
private CleanTarget getTarget() {
|
||||
try {
|
||||
String cacheTarget = RedisClient.ListOps.lRightPop(CACHE_KEY);
|
||||
XxlJobLogger.log("---------> user role relation need to clean for:{} <----------", cacheTarget);
|
||||
return StrUtil.isBlank(cacheTarget) ? null : JSON.parseObject(cacheTarget, CleanTarget.class);
|
||||
} catch (Exception ex) {
|
||||
XxlJobLogger.log("get cached data error:{}", ex.getMessage());
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void destroy() throws InvocationTargetException, IllegalAccessException {
|
||||
this.runFlag = false;
|
||||
super.destroy();
|
||||
}
|
||||
|
||||
private void doClean(CleanTarget target) {
|
||||
try {
|
||||
roleUserRelationDao.cleanTargetRelation(target);
|
||||
} catch (Exception ex) {
|
||||
XxlJobLogger.log("clean target:{} error", JSON.toJSONString(target));
|
||||
log.warn("clean target:{} error", JSON.toJSONString(target), ex);
|
||||
}
|
||||
}
|
||||
|
||||
private void loadCleanTarget(CleanTarget cleanParam) throws InterruptedException {
|
||||
XxlJobLogger.log("clear cache data");
|
||||
RedisClient.KeyOps.delete(CACHE_KEY);
|
||||
|
||||
XxlJobLogger.log("load and check clean target data from db");
|
||||
SaasRoleUserRelation condition = new SaasRoleUserRelation();
|
||||
condition.setOuId(cleanParam.getOuId());
|
||||
condition.setWorkspaceId(cleanParam.getWorkspaceId());
|
||||
condition.setNaturalPersonId(cleanParam.getPersonId());
|
||||
|
||||
Page<SaasRoleUserRelation> countInfo = roleUserRelationDao.batListCleanRelation(condition, new Page<>(1, 10));
|
||||
if (!NumberUtil.isPositiveNumber(countInfo.getTotal())) {
|
||||
XxlJobLogger.log("no data found to check");
|
||||
return;
|
||||
}
|
||||
final CountDownLatch latch = new CountDownLatch((int) countInfo.getTotal());
|
||||
|
||||
int page = 1;
|
||||
while (true) {
|
||||
XxlJobLogger.log(" load data page:{} ", page);
|
||||
Page<SaasRoleUserRelation> pageResult = roleUserRelationDao.batListCleanRelation(condition, new Page<>(page++, cleanParam.getPageSize()));
|
||||
List<SaasRoleUserRelation> records = pageResult.getRecords();
|
||||
if (CollectionUtil.isEmpty(records)) {
|
||||
break;
|
||||
}
|
||||
for (SaasRoleUserRelation relation : records) {
|
||||
CompletableFuture.runAsync(() -> checkAndCache(relation, latch), userRoleCleanExecutor);
|
||||
}
|
||||
}
|
||||
|
||||
//等数据检查完成
|
||||
latch.await(30, TimeUnit.MINUTES);
|
||||
|
||||
}
|
||||
|
||||
private void checkAndCache(SaasRoleUserRelation relation, CountDownLatch latch) {
|
||||
//检查person profile是否存在 ?
|
||||
//检查人是否还在工作台
|
||||
try {
|
||||
CleanTarget target = CleanTarget.builder()
|
||||
.ouId(relation.getOuId())
|
||||
.workspaceId(relation.getWorkspaceId())
|
||||
.personId(relation.getNaturalPersonId())
|
||||
.identityId(relation.getIdentityId())
|
||||
.identityType(relation.getIdentityType())
|
||||
.build();
|
||||
PersonIdentityCheckReq checkReq = BeanMapper.copyBean(target, PersonIdentityCheckReq.class);
|
||||
Boolean exists = RpcInternalUtil.rpcProcessor(() -> cooperateShipQueryApi.checkPersonIdentity(checkReq),
|
||||
"check identity in workspace", checkReq).getData();
|
||||
if (exists) {
|
||||
return;
|
||||
}
|
||||
//直接删除会导致分页不准
|
||||
RedisClient.ListOps.lLeftPush(CACHE_KEY, JSON.toJSONString(target));
|
||||
} catch (Exception ex) {
|
||||
XxlJobLogger.log("check user role relation error:{}", ex.getMessage());
|
||||
} finally {
|
||||
latch.countDown();
|
||||
}
|
||||
}
|
||||
|
||||
private CleanTarget parseParam(String param) {
|
||||
if (StrUtil.isBlank(param)) {
|
||||
return new CleanTarget();
|
||||
}
|
||||
CleanTarget jobParam = JSON.parseObject(param, CleanTarget.class);
|
||||
if (!NumberUtil.isPositiveNumber(jobParam.getPageSize())) {
|
||||
jobParam.setPageSize(100);
|
||||
}
|
||||
return jobParam;
|
||||
}
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public static class CleanTarget {
|
||||
|
||||
private Long ouId;
|
||||
|
||||
private Long workspaceId;
|
||||
|
||||
private Long personId;
|
||||
|
||||
private Long identityId;
|
||||
|
||||
private Integer identityType;
|
||||
|
||||
private Integer pageSize = 20;
|
||||
}
|
||||
}
|
||||
@ -2,51 +2,25 @@ package cn.axzo.tyr.server.repository.dao;
|
||||
|
||||
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
|
||||
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
||||
import cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum;
|
||||
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
|
||||
import cn.axzo.tyr.server.job.UserRoleRelationCleanJob;
|
||||
import cn.axzo.tyr.server.model.RoleUserInfo;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@Repository
|
||||
public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMapper, SaasRoleUserRelation> {
|
||||
|
||||
public List<SaasRoleUserRelation> query(Long identityId, Integer identityType, Long workspaceId, Long ouId) {
|
||||
return this.lambdaQuery()
|
||||
.eq(SaasRoleUserRelation::getIdentityId, identityId)
|
||||
.eq(SaasRoleUserRelation::getIdentityType, identityType)
|
||||
.eq(null != workspaceId, SaasRoleUserRelation::getWorkspaceId, workspaceId)
|
||||
.eq(null != ouId, SaasRoleUserRelation::getOuId, ouId)
|
||||
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
|
||||
.list();
|
||||
}
|
||||
|
||||
public List<SaasRoleUserRelation> queryByPersonId(Long personId, Long workspaceId, Long ouId) {
|
||||
return this.lambdaQuery()
|
||||
.eq(SaasRoleUserRelation::getNaturalPersonId, personId)
|
||||
.eq(null != workspaceId, SaasRoleUserRelation::getWorkspaceId, workspaceId)
|
||||
.eq(null != ouId, SaasRoleUserRelation::getOuId, ouId)
|
||||
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
|
||||
.list();
|
||||
}
|
||||
|
||||
|
||||
public void deleteByRoleId(List<Long> roleId) {
|
||||
lambdaUpdate()
|
||||
.in(SaasRoleUserRelation::getRoleId,roleId)
|
||||
@ -81,30 +55,6 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
* 查询人所在的工作台或者单位中的数据
|
||||
* 注意:
|
||||
* 这里的workspaceId与ouId不是一一对应的: {@code where ((workspaceId = A and ouId = B ) or (workapceId = xx and ouId = xx )})
|
||||
* 如果需要一一对应请在代码中匹配
|
||||
* </pre>
|
||||
* @param identityId
|
||||
* @param identityType
|
||||
* @param workspaceIds
|
||||
* @param ouIds
|
||||
* @return
|
||||
*/
|
||||
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
|
||||
return lambdaQuery()
|
||||
.eq(Objects.nonNull(personId), SaasRoleUserRelation::getNaturalPersonId, personId)
|
||||
.eq(Objects.nonNull(identityId), SaasRoleUserRelation::getIdentityId, identityId)
|
||||
.eq(Objects.nonNull(identityType), SaasRoleUserRelation::getIdentityType, identityType)
|
||||
.in(CollectionUtil.isNotEmpty(workspaceIds), SaasRoleUserRelation::getWorkspaceId, workspaceIds)
|
||||
.in(CollectionUtil.isNotEmpty(ouIds), SaasRoleUserRelation::getOuId, ouIds)
|
||||
.list();
|
||||
}
|
||||
|
||||
|
||||
public void removeWorkspaceOuAllUserRole(Long workspaceId, Long ouId) {
|
||||
lambdaUpdate()
|
||||
.eq(SaasRoleUserRelation::getWorkspaceId, workspaceId)
|
||||
@ -146,16 +96,6 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
|
||||
.list();
|
||||
}
|
||||
|
||||
public List<SaasRoleUserRelation> findValidByNodeResource(Long personId, Long nodeId, Long roleId) {
|
||||
return lambdaQuery()
|
||||
.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value)
|
||||
.eq(SaasRoleUserRelation::getResourceType, RoleResourceTypeEnum.NODE.code)
|
||||
.eq(Objects.nonNull(nodeId), SaasRoleUserRelation::getResourceId, nodeId)
|
||||
.eq(Objects.nonNull(personId), SaasRoleUserRelation::getNaturalPersonId, personId)
|
||||
.eq(Objects.nonNull(roleId), SaasRoleUserRelation::getRoleId, roleId)
|
||||
.list();
|
||||
}
|
||||
|
||||
public void removeByResource(RemoveRoleUserByResource req) {
|
||||
List<Long> identityId = req.getIdentityId();
|
||||
lambdaUpdate()
|
||||
@ -169,18 +109,5 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
|
||||
.setSql(" is_delete = id").update();
|
||||
|
||||
}
|
||||
|
||||
public Page<SaasRoleUserRelation> batListCleanRelation(SaasRoleUserRelation cleanParam, IPage<SaasRoleUserRelation> page) {
|
||||
|
||||
return this.baseMapper.batListCleanRelation(page, cleanParam);
|
||||
}
|
||||
|
||||
public void cleanTargetRelation(UserRoleRelationCleanJob.CleanTarget target) {
|
||||
this.remove(new LambdaQueryWrapper<SaasRoleUserRelation>()
|
||||
.eq(SaasRoleUserRelation::getOuId, target.getOuId())
|
||||
.eq(SaasRoleUserRelation::getWorkspaceId, target.getWorkspaceId())
|
||||
.eq(SaasRoleUserRelation::getIdentityId, target.getIdentityId())
|
||||
.eq(SaasRoleUserRelation::getIdentityType, target.getIdentityType()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -2,8 +2,6 @@ package cn.axzo.tyr.server.repository.mapper;
|
||||
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
@ -16,8 +14,6 @@ import java.util.Set;
|
||||
@Mapper
|
||||
public interface SaasRoleUserRelationMapper extends BaseMapper<SaasRoleUserRelation> {
|
||||
|
||||
Page<SaasRoleUserRelation> batListCleanRelation(IPage<SaasRoleUserRelation> page, @Param("param") SaasRoleUserRelation cleanParam);
|
||||
|
||||
/**
|
||||
* 现在没有数据可以查询项目的角色
|
||||
* 通过权限点找有权限的人,需要这个接口
|
||||
|
||||
@ -21,32 +21,6 @@ public interface SaasRoleUserService {
|
||||
|
||||
void saveOrUpdate(RoleUserReq req);
|
||||
|
||||
/**
|
||||
* 是超管
|
||||
*
|
||||
* @param identityId
|
||||
* @param workspaceId
|
||||
* @param ouId
|
||||
* @return
|
||||
*/
|
||||
boolean isSuperAdmin(Long identityId, IdentityType identityType, Long workspaceId, Long ouId);
|
||||
|
||||
/**
|
||||
* <pre>
|
||||
* 查询人所在的工作台或者单位中的数据
|
||||
* 注意:
|
||||
* 这里的workspaceId与ouId不是一一对应的: {@code where ((workspaceId = A and ouId = B ) or (workapceId = xx and ouId = xx )})
|
||||
* 如果需要一一对应请在代码中匹配
|
||||
* </pre>
|
||||
*
|
||||
* @param identityId
|
||||
* @param identityType
|
||||
* @param workspaceIds
|
||||
* @param ouIds
|
||||
* @return
|
||||
*/
|
||||
List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds);
|
||||
|
||||
/**
|
||||
* workpaceId + ownerOuId + roleId + 手机号 + 姓名 赋予角色(支持角色赋予的同时 角色创建)
|
||||
* work for: 组织 + 服务包
|
||||
|
||||
@ -52,7 +52,6 @@ import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.service.PermissionQueryService;
|
||||
import cn.axzo.tyr.server.service.ProductFeatureRelationService;
|
||||
import cn.axzo.tyr.server.service.ProductSaasFeatureResourceCacheService;
|
||||
@ -62,7 +61,6 @@ import cn.axzo.tyr.server.service.SaasFeatureResourceService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||
import cn.axzo.tyr.server.service.TyrSaasAuthService;
|
||||
import cn.axzo.tyr.server.service.WorkspaceProductService;
|
||||
import cn.axzo.tyr.server.util.KeyUtil;
|
||||
import cn.axzo.tyr.server.utils.RpcInternalUtil;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
@ -649,21 +647,21 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
|
||||
private List<PermissionDO> queryUserPermission(PermissionQueryContext context) {
|
||||
//查询用户具有的角色
|
||||
List<SaasRoleUserRelation> userRoleRelations = listRoleUserRelations(context);
|
||||
List<SaasRoleUserV2DTO> userRoleRelations = listRoleUserRelations(context);
|
||||
if (CollectionUtil.isEmpty(userRoleRelations)) {
|
||||
log.warn("no user role relation found");
|
||||
return Collections.emptyList();
|
||||
}
|
||||
//查询租户产品权限点
|
||||
List<WorkspaceFeatureRelation> workspaceFeatureRelations = listWorkspaceFeatureRelations(context);
|
||||
Set<Long> roleIds = userRoleRelations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toSet());
|
||||
Set<Long> roleIds = userRoleRelations.stream().map(SaasRoleUserV2DTO::getRoleId).collect(Collectors.toSet());
|
||||
//查询角色权限
|
||||
List<RoleWithFeature> roles = roleService.listWithFeatures(roleIds, context.getFeatureIds());
|
||||
//取交集确定权限
|
||||
return buildFinalPermission(userRoleRelations, workspaceFeatureRelations, roles);
|
||||
}
|
||||
|
||||
private List<PermissionDO> buildFinalPermission(List<SaasRoleUserRelation> userRoleRelations,
|
||||
private List<PermissionDO> buildFinalPermission(List<SaasRoleUserV2DTO> userRoleRelations,
|
||||
List<WorkspaceFeatureRelation> workspaceFeatureRelations,
|
||||
List<RoleWithFeature> roles) {
|
||||
|
||||
@ -676,7 +674,7 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
Set<Long> authFreeFeatureIds = featureResourceService.listAuthFree();
|
||||
//按拥有的角色构建权限结果
|
||||
Map<String, PermissionDO> result = new HashMap<>();
|
||||
for (SaasRoleUserRelation relation : userRoleRelations) {
|
||||
for (SaasRoleUserV2DTO relation : userRoleRelations) {
|
||||
RoleWithFeature role = roleMap.get(relation.getRoleId());
|
||||
if (role == null) {
|
||||
log.warn("no role found for id:{}", relation.getRoleId());
|
||||
@ -780,43 +778,34 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
return result;
|
||||
}
|
||||
|
||||
private List<SaasRoleUserRelation> listRoleUserRelations(PermissionQueryContext context) {
|
||||
private List<SaasRoleUserV2DTO> listRoleUserRelations(PermissionQueryContext context) {
|
||||
if (CollectionUtil.isNotEmpty(context.getPreviewRoleIds())) {
|
||||
//指定了角色 则不需要去查用户角色关系
|
||||
log.info("mock specify roles relation");
|
||||
return mockRoleUserRelation(context);
|
||||
}
|
||||
//查询人员角色关系
|
||||
Set<Long> workspaceIds = new HashSet<>();
|
||||
Set<Long> ouIds = new HashSet<>();
|
||||
Set<String> owKeys = new HashSet<>();
|
||||
List<WorkspaceOUPair> workspaceOUPairs = context.getWorkspaceOUPairs();
|
||||
workspaceOUPairs.forEach(ow -> {
|
||||
workspaceIds.add(ow.getWorkspaceId());
|
||||
ouIds.add(ow.getOuId());
|
||||
owKeys.add(KeyUtil.buildKeyBySeparator(ow.getWorkspaceId(), ow.getOuId()));
|
||||
});
|
||||
UserIdentity userIdentity = context.getUserIdentity();
|
||||
List<SaasRoleUserRelation> relations = roleUserService.queryByWorkspaceIdOrOu(userIdentity.getPersonId(),
|
||||
userIdentity.getIdentityId(), IdentityType.getIdentityType(userIdentity.getIdentityType()), workspaceIds, ouIds);
|
||||
if (CollectionUtil.isEmpty(relations)) {
|
||||
log.warn("no user role relations found");
|
||||
return relations;
|
||||
}
|
||||
//工作台和单位需成对查询, 对结果二次过滤
|
||||
return relations.stream()
|
||||
.filter(roleUserService -> owKeys.contains(
|
||||
KeyUtil.buildKeyBySeparator(roleUserService.getWorkspaceId(), roleUserService.getOuId())))
|
||||
.collect(Collectors.toList());
|
||||
|
||||
return saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(userIdentity.getPersonId())
|
||||
.identityId(userIdentity.getIdentityId())
|
||||
.identityType(IdentityType.getIdentityType(userIdentity.getIdentityType()))
|
||||
.workspaceOuPairs(context.getWorkspaceOUPairs().stream()
|
||||
.map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.ouId(e.getOuId())
|
||||
.build())
|
||||
.collect(Collectors.toList()))
|
||||
.build());
|
||||
}
|
||||
|
||||
private List<SaasRoleUserRelation> mockRoleUserRelation(PermissionQueryContext context) {
|
||||
final List<SaasRoleUserRelation> relations = new ArrayList<>();
|
||||
private List<SaasRoleUserV2DTO> mockRoleUserRelation(PermissionQueryContext context) {
|
||||
final List<SaasRoleUserV2DTO> relations = new ArrayList<>();
|
||||
List<WorkspaceOUPair> workspaceOUPairs = context.getWorkspaceOUPairs();
|
||||
// mock 看做已有指定的角色
|
||||
for (WorkspaceOUPair ow : workspaceOUPairs) {
|
||||
List<SaasRoleUserRelation> mockRelations = context.getPreviewRoleIds().stream().map(id -> {
|
||||
SaasRoleUserRelation relation = new SaasRoleUserRelation();
|
||||
List<SaasRoleUserV2DTO> mockRelations = context.getPreviewRoleIds().stream().map(id -> {
|
||||
SaasRoleUserV2DTO relation = SaasRoleUserV2DTO.builder().build();
|
||||
relation.setRoleId(id);
|
||||
relation.setOuId(ow.getOuId());
|
||||
relation.setWorkspaceId(ow.getWorkspaceId());
|
||||
|
||||
@ -198,7 +198,18 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
|
||||
@Override
|
||||
public List<SaasRoleVO> queryByIdentityIdType(Long identityId, Integer identityType, Long workspaceId, Long ouId, Boolean includePermissionGroup) {
|
||||
// 查询人关联的角色id
|
||||
List<Long> roleIds = roleUserRelationDao.query(identityId, identityType, workspaceId, ouId).stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
|
||||
// 去掉原代码,切换至统一查询接口
|
||||
List<Long> roleIds = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.identityId(identityId)
|
||||
.identityType(Optional.ofNullable(identityType)
|
||||
.map(IdentityType::getIdentityType)
|
||||
.orElse(null))
|
||||
.workspaceId(workspaceId)
|
||||
.ouId(ouId)
|
||||
.build())
|
||||
.stream()
|
||||
.map(SaasRoleUserV2DTO::getRoleId)
|
||||
.collect(Collectors.toList());
|
||||
if (CollectionUtils.isEmpty(roleIds)) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
@ -328,9 +339,14 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
|
||||
List<QueryBatchByIdentityIdTypeRes> result = new ArrayList<>();
|
||||
req.stream().distinct().forEach(e -> {
|
||||
if (e.getPersonId() != null) {
|
||||
List<Long> roleIds = roleUserRelationDao.queryByPersonId(e.getPersonId(), e.getWorkspaceId(), e.getOuId())
|
||||
// 去掉重复查询,切换至统一查询
|
||||
List<Long> roleIds = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(e.getPersonId())
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.ouId(e.getOuId())
|
||||
.build())
|
||||
.stream()
|
||||
.map(SaasRoleUserRelation::getRoleId)
|
||||
.map(SaasRoleUserV2DTO::getRoleId)
|
||||
.collect(Collectors.toList());
|
||||
List<SaasRoleVO> saasRoles = getByIds(roleIds, null, null, null, false, null);
|
||||
result.add(QueryBatchByIdentityIdTypeRes.builder()
|
||||
@ -532,7 +548,17 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
|
||||
public List<IsSuperAdminRes> isSuperAdmin(List<QueryByIdentityIdTypeReq> req) {
|
||||
List<IsSuperAdminRes> result = new ArrayList<>();
|
||||
req.forEach(e -> {
|
||||
List<Long> roleIds = roleUserRelationDao.query(e.getIdentityId(), e.getIdentityType(), e.getWorkspaceId(), e.getOuId()).stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
|
||||
List<Long> roleIds = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.identityId(e.getIdentityId())
|
||||
.identityType(Optional.ofNullable(e.getIdentityType())
|
||||
.map(IdentityType::getIdentityType)
|
||||
.orElse(null))
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.ouId(e.getOuId())
|
||||
.build())
|
||||
.stream()
|
||||
.map(SaasRoleUserV2DTO::getRoleId)
|
||||
.collect(Collectors.toList());
|
||||
List<SaasRole> list = new ArrayList<>();
|
||||
if (CollectionUtils.isNotEmpty(roleIds)) {
|
||||
list = saasRoleDao.lambdaQuery()
|
||||
@ -1086,7 +1112,19 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
|
||||
List<Long> baseRoleIds = voList.get(0).getRoleInfos().stream().map(SaasRoleVO::getId).collect(Collectors.toList());
|
||||
|
||||
List<SaasRoleUserRelation> userRelationList = reqs.stream().map(req -> {
|
||||
List<SaasRoleUserRelation> nowRelations = saasRoleUserRelationDao.findValidByNodeResource(req.getGroupLeaderPersonId(), req.getGroupNodeId(), null);
|
||||
|
||||
List<SaasRoleUserRelation> nowRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(req.getGroupLeaderPersonId())
|
||||
.resourceType(RoleResourceTypeEnum.NODE.code)
|
||||
.resourceId(req.getGroupNodeId())
|
||||
.build())
|
||||
.stream()
|
||||
.map(e -> {
|
||||
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
|
||||
BeanUtils.copyProperties(e, saasRoleUserRelation);
|
||||
return saasRoleUserRelation;
|
||||
})
|
||||
.collect(Collectors.toList());
|
||||
Map<Long, SaasRoleUserRelation> relationMap = nowRelations.stream().collect(Collectors.toMap(SaasRoleUserRelation::getRoleId, Function.identity(), (a, b) -> a));
|
||||
List<Long> roleIdList = req.getRoleIdList();
|
||||
if (CollUtil.isNotEmpty(roleIdList)) {
|
||||
|
||||
@ -12,17 +12,18 @@ import cn.axzo.tyr.client.model.BaseWorkspaceModel;
|
||||
import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
|
||||
import cn.axzo.tyr.client.model.res.SaasRoleRes;
|
||||
import cn.axzo.tyr.client.model.roleuser.RoleUserUpdateReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.GetUserAutoOwnRoleResp;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.GetUserFeatureResourceIdsResp;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.GetUserAutoOwnRoleReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.GetUserFeatureResourceIdsReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
|
||||
@ -39,8 +40,8 @@ import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRole;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.service.RoleService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleGroupService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserService;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
@ -86,7 +87,7 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
private final SaasRoleGroupService saasRoleGroupService;
|
||||
private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
|
||||
private final SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
|
||||
private final RoleService roleService;
|
||||
private final SaasRoleUserRelationService saasRoleUserRelationService;
|
||||
|
||||
// 单位类型默认角色关系,后面可以座位管理员的逻辑进行迭代
|
||||
@Value("#{${participateUnitDefaultRoleId:{}}}")
|
||||
@ -127,11 +128,18 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
}
|
||||
|
||||
// 查询用户所有角色
|
||||
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.query(req.getIdentityId(), req.getIdentityType().getCode(), req.getWorkspaceId(), req.getOuId());
|
||||
// 切换至统一查询接口,原代码去掉
|
||||
List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.identityId(req.getIdentityId())
|
||||
.identityType(req.getIdentityType())
|
||||
.workspaceId(req.getWorkspaceId())
|
||||
.ouId(req.getOuId())
|
||||
.build());
|
||||
|
||||
// 当前用户非超管、自定义的角色
|
||||
List<Long> notAdminAndAutoOwnRole = Collections.emptyList();
|
||||
if (CollectionUtils.isNotEmpty(existsRoleUser)) {
|
||||
List<SaasRole> existsRole = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()));
|
||||
if (CollectionUtils.isNotEmpty(saasRoleUsers)) {
|
||||
List<SaasRole> existsRole = saasRoleDao.listByIds(saasRoleUsers.stream().mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList()));
|
||||
// 管理员角色
|
||||
List<Long> adminRole = existsRole.stream().filter(e -> RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole()).mapToLong(SaasRole::getId).boxed().collect(Collectors.toList());
|
||||
// 自定义角色
|
||||
@ -142,8 +150,8 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
// 特殊角色,因为特殊角色不会在用户端回显,编辑后会被覆盖导致角色错误
|
||||
Set<Long> specialRoleIds = new HashSet<>(this.getSpecialRole());
|
||||
|
||||
notAdminAndAutoOwnRole = existsRoleUser.stream()
|
||||
.mapToLong(SaasRoleUserRelation::getRoleId)
|
||||
notAdminAndAutoOwnRole = saasRoleUsers.stream()
|
||||
.mapToLong(SaasRoleUserV2DTO::getRoleId)
|
||||
.boxed()
|
||||
.filter(roleId -> !adminRole.contains(roleId))
|
||||
.filter(roleId -> !autoOwnRole.equals(roleId))
|
||||
@ -197,27 +205,6 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSuperAdmin(Long identityId, IdentityType identityType, Long workspaceId, Long ouId) {
|
||||
List<SaasRole> roleList = saasRoleDao.lambdaQuery()
|
||||
.eq(SaasRole::getOwnerOuId, ouId)
|
||||
.eq(SaasRole::getWorkspaceId, workspaceId)
|
||||
.eq(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue())
|
||||
.list();
|
||||
List<Long> roleIds = roleList.stream().map(SaasRole::getId).collect(Collectors.toList());
|
||||
List<SaasRoleUserRelation> saasRoleUserRelations = roleUserRelationDao.lambdaQuery().eq(SaasRoleUserRelation::getIdentityId, identityId)
|
||||
.eq(SaasRoleUserRelation::getIdentityType, identityType.getCode())
|
||||
.eq(SaasRoleUserRelation::getWorkspaceId, workspaceId)
|
||||
.eq(SaasRoleUserRelation::getOuId, ouId)
|
||||
.in(SaasRoleUserRelation::getRoleId, roleIds).last("limit 1").list();
|
||||
return saasRoleUserRelations.size() > 0;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
|
||||
return roleUserRelationDao.queryByWorkspaceIdOrOu(personId, identityId, identityType, workspaceIds, ouIds);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public void createSuperAdminRole(CreateSuperAdminRoleParam param) {
|
||||
@ -506,10 +493,14 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
AssertUtil.notNull(role, "未配置自定义角色");
|
||||
AssertUtil.isTrue(RoleTypeEnum.AUTO_OWN.equals(RoleTypeEnum.getRoleType(role.getRoleType())), "未配置自定义角色");
|
||||
// 查询用户已存在角色
|
||||
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.queryByPersonId(req.getPersonId(), req.getWorkspaceId(), req.getOuId());
|
||||
List<SaasRoleUserV2DTO> existsRoleUser = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(req.getPersonId())
|
||||
.workspaceId(req.getWorkspaceId())
|
||||
.ouId(req.getOuId())
|
||||
.build());
|
||||
Long autoOwnRoleId = null;
|
||||
if (CollectionUtils.isNotEmpty(existsRoleUser)) {
|
||||
List<Long> autoOwnRoles = existsRoleUser.stream().filter(e -> role.getId().equals(e.getRoleId())).mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList());
|
||||
List<Long> autoOwnRoles = existsRoleUser.stream().filter(e -> role.getId().equals(e.getRoleId())).mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList());
|
||||
if (CollectionUtils.isNotEmpty(autoOwnRoles)) {
|
||||
autoOwnRoleId = autoOwnRoles.get(0);
|
||||
if (autoOwnRoles.size() > 1) {
|
||||
@ -557,11 +548,15 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
@Override
|
||||
public GetUserAutoOwnRoleResp getUserAutoOwnRole(GetUserAutoOwnRoleReq req) {
|
||||
// 查询用户所有角色
|
||||
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.queryByPersonId(req.getPersonId(), req.getWorkspaceId(), req.getOuId());
|
||||
List<SaasRoleUserV2DTO> existsRoleUser = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(req.getPersonId())
|
||||
.workspaceId(req.getWorkspaceId())
|
||||
.ouId(req.getOuId())
|
||||
.build());
|
||||
if (CollectionUtils.isEmpty(existsRoleUser)) {
|
||||
return GetUserAutoOwnRoleResp.EMPTY;
|
||||
}
|
||||
List<SaasRole> existsAutoOwnRoles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()))
|
||||
List<SaasRole> existsAutoOwnRoles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList()))
|
||||
.stream().filter(e -> RoleTypeEnum.AUTO_OWN.equals(RoleTypeEnum.getRoleType(e.getRoleType()))).collect(Collectors.toList());
|
||||
if (CollectionUtils.isEmpty(existsAutoOwnRoles)) {
|
||||
log.info("personId:{} ouId:{} workspaceId:{} has not auto_own roles", req.getPersonId(), req.getOuId(), req.getWorkspaceId());
|
||||
@ -586,11 +581,15 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
@Override
|
||||
public GetUserFeatureResourceIdsResp getUserFeatureResourceIds(GetUserFeatureResourceIdsReq req) {
|
||||
// 查询用户所有角色
|
||||
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.queryByPersonId(req.getPersonId(), req.getWorkspaceId(), req.getOuId());
|
||||
List<SaasRoleUserV2DTO> existsRoleUser = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(req.getPersonId())
|
||||
.workspaceId(req.getWorkspaceId())
|
||||
.ouId(req.getOuId())
|
||||
.build());
|
||||
if (CollectionUtils.isEmpty(existsRoleUser)) {
|
||||
return null;
|
||||
}
|
||||
List<SaasRole> roles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()))
|
||||
List<SaasRole> roles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList()))
|
||||
.stream().filter(e -> CollectionUtils.isEmpty(req.getRoleIds()) || req.getRoleIds().contains(e.getId())).collect(Collectors.toList());
|
||||
if (CollectionUtils.isEmpty(roles)) {
|
||||
return null;
|
||||
|
||||
@ -5,17 +5,15 @@ import cn.axzo.basics.profiles.dto.basic.PersonProfileDto;
|
||||
import cn.axzo.framework.auth.domain.ContextInfo;
|
||||
import cn.axzo.framework.auth.domain.ContextInfoHolder;
|
||||
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
||||
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
|
||||
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
|
||||
import cn.axzo.tyr.server.model.BasicRoleDO;
|
||||
import cn.axzo.tyr.server.model.RelationOperateLogProductBindResourceDO;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationOperateLogDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelationOperateLog;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||
import cn.axzo.tyr.server.util.RpcInternalUtil;
|
||||
import cn.azxo.framework.common.constatns.Constants;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
@ -53,9 +51,9 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
|
||||
public static final String TABLE_NAME_SAAS_FEATURE = "saas_feature";
|
||||
|
||||
private final SaasPgroupPermissionRelationOperateLogDao saasPgroupPermissionRelationOperateLogDao;
|
||||
private final SaasRoleUserRelationDao roleUserRelationDao;
|
||||
private final SaasRoleDao saasRoleDao;
|
||||
private final UserProfileServiceApi userProfileServiceApi;
|
||||
private final SaasRoleUserRelationService saasRoleUserRelationService;
|
||||
|
||||
@Override
|
||||
public void batchSave(List<SaasPgroupPermissionRelationOperateLog> logs) {
|
||||
@ -75,12 +73,16 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
|
||||
log.warn("no contextInfo, personId:{}", personId);
|
||||
return Collections.emptyList();
|
||||
}
|
||||
List<SaasRoleUserRelation> relations = roleUserRelationDao.queryByPersonId(personId, contextInfo.getWorkspaceId(), contextInfo.getOuId());
|
||||
List<SaasRoleUserV2DTO> relations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(personId)
|
||||
.workspaceId(contextInfo.getWorkspaceId())
|
||||
.ouId(contextInfo.getOuId())
|
||||
.build());
|
||||
if (CollectionUtils.isEmpty(relations)) {
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
return saasRoleDao.lambdaQuery().in(BaseEntity::getId, relations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList())).list()
|
||||
return saasRoleDao.lambdaQuery().in(BaseEntity::getId, relations.stream().map(SaasRoleUserV2DTO::getRoleId).collect(Collectors.toList())).list()
|
||||
.stream().map(e -> BasicRoleDO.builder().roleId(e.getId()).roleCode(e.getRoleCode()).roleName(e.getName()).build()).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
|
||||
@ -1747,13 +1747,13 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
|
||||
private IdentityAuthRes findIdentityAuth(IdentityAuthReq identityAuthReq) {
|
||||
//用户角色关系
|
||||
List<SaasRoleUserRelation> saasRoleUserRelations = listRoleUserRelations(identityAuthReq);
|
||||
List<SaasRoleUserV2DTO> saasRoleUserRelations = listRoleUserRelations(identityAuthReq);
|
||||
if (CollectionUtils.isEmpty(saasRoleUserRelations)) {
|
||||
log.warn("no user role relations found");
|
||||
return identityAuthReq.toEmpty();
|
||||
}
|
||||
|
||||
Set<Long> realWorkspaceId = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getWorkspaceId).collect(Collectors.toSet());
|
||||
Set<Long> realWorkspaceId = saasRoleUserRelations.stream().map(SaasRoleUserV2DTO::getWorkspaceId).collect(Collectors.toSet());
|
||||
//工作台对应产品 key = workspaceId
|
||||
CompletableFuture<List<WorkspaceProductService.WorkspaceProduct>> workspacePermissionPointFuture = CompletableFuture
|
||||
.supplyAsync(TraceSupplier.create(() -> {
|
||||
@ -1791,40 +1791,31 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
return result;
|
||||
}
|
||||
|
||||
private List<SaasRoleUserRelation> listRoleUserRelations(IdentityAuthReq identityAuthReq) {
|
||||
private List<SaasRoleUserV2DTO> listRoleUserRelations(IdentityAuthReq identityAuthReq) {
|
||||
if (CollectionUtil.isNotEmpty(identityAuthReq.getSpecifyRoleIds())) {
|
||||
//指定了角色 则不需要去查用户角色关系
|
||||
log.info("mock specify roles relation");
|
||||
return mockRoleUserRelation(identityAuthReq);
|
||||
}
|
||||
//查询人员角色关系
|
||||
Set<Long> workspaceIds = new HashSet<>();
|
||||
Set<Long> ouIds = new HashSet<>();
|
||||
Set<String> owKeys = new HashSet<>();
|
||||
identityAuthReq.getWorkspaceOusPairs().forEach(ow -> {
|
||||
workspaceIds.add(ow.getWorkspaceId());
|
||||
ouIds.add(ow.getOuId());
|
||||
owKeys.add(KeyUtil.buildKeyBySeparator(ow.getWorkspaceId(), ow.getOuId()));
|
||||
});
|
||||
List<SaasRoleUserRelation> relations = roleUserService.queryByWorkspaceIdOrOu(identityAuthReq.getPersonId(),
|
||||
identityAuthReq.getIdentityId(), identityAuthReq.getIdentityType(), workspaceIds, ouIds);
|
||||
if (CollectionUtil.isEmpty(relations)) {
|
||||
log.warn("no user role relations found");
|
||||
return relations;
|
||||
}
|
||||
//工作台和单位需成对查询, 对结果二次过滤
|
||||
return relations.stream()
|
||||
.filter(roleUserService -> owKeys.contains(
|
||||
KeyUtil.buildKeyBySeparator(roleUserService.getWorkspaceId(), roleUserService.getOuId())))
|
||||
.collect(Collectors.toList());
|
||||
return saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(identityAuthReq.getPersonId())
|
||||
.identityId(identityAuthReq.getIdentityId())
|
||||
.identityType(identityAuthReq.getIdentityType())
|
||||
.workspaceOuPairs(identityAuthReq.getWorkspaceOusPairs().stream()
|
||||
.map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.ouId(e.getOuId())
|
||||
.build())
|
||||
.collect(Collectors.toList()))
|
||||
.build());
|
||||
}
|
||||
|
||||
private List<SaasRoleUserRelation> mockRoleUserRelation(IdentityAuthReq identityAuthReq) {
|
||||
final List<SaasRoleUserRelation> relations = new ArrayList<>();
|
||||
private List<SaasRoleUserV2DTO> mockRoleUserRelation(IdentityAuthReq identityAuthReq) {
|
||||
final List<SaasRoleUserV2DTO> relations = new ArrayList<>();
|
||||
// mock 看做已有指定的角色
|
||||
for (IdentityAuthReq.WorkspaceOuPair ow : identityAuthReq.getWorkspaceOusPairs()) {
|
||||
List<SaasRoleUserRelation> mockRelations = identityAuthReq.getSpecifyRoleIds().stream().map(id -> {
|
||||
SaasRoleUserRelation relation = new SaasRoleUserRelation();
|
||||
List<SaasRoleUserV2DTO> mockRelations = identityAuthReq.getSpecifyRoleIds().stream().map(id -> {
|
||||
SaasRoleUserV2DTO relation = SaasRoleUserV2DTO.builder().build();
|
||||
relation.setRoleId(id);
|
||||
relation.setOuId(ow.getOuId());
|
||||
relation.setWorkspaceId(ow.getWorkspaceId());
|
||||
@ -1852,13 +1843,13 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
private Integer type;
|
||||
}
|
||||
|
||||
private List<OUWRoleInfo> listRolesWithPermission(List<SaasRoleUserRelation> roleUserRelations, IdentityAuthReq identityAuthReq) {
|
||||
private List<OUWRoleInfo> listRolesWithPermission(List<SaasRoleUserV2DTO> roleUserRelations, IdentityAuthReq identityAuthReq) {
|
||||
|
||||
//拼装参数
|
||||
Set<Long> roleIds = new HashSet<>();
|
||||
//按ow分组角色ID: workspaceId-ouId --> roleIds
|
||||
Map<String, Set<Long>> owRoleIdMap = new HashMap<>();
|
||||
for (SaasRoleUserRelation relation : roleUserRelations) {
|
||||
for (SaasRoleUserV2DTO relation : roleUserRelations) {
|
||||
roleIds.add(relation.getRoleId());
|
||||
String key = KeyUtil.buildKeyBySeparator(relation.getWorkspaceId(), relation.getOuId());
|
||||
Set<Long> owRoleIds = owRoleIdMap.getOrDefault(key, new HashSet<>());
|
||||
|
||||
@ -3,23 +3,6 @@
|
||||
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
|
||||
<mapper namespace="cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper">
|
||||
|
||||
<select id="batListCleanRelation" resultType="cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation">
|
||||
SELECT DISTINCT ou_id AS ouId, workspace_id AS workspaceId,
|
||||
natural_person_id AS naturalPersonId,
|
||||
identity_id AS identityId, identity_type AS identityType
|
||||
FROM saas_role_user_relation
|
||||
WHERE is_delete = 0
|
||||
<if test="param.ouId !=0 and param.ouId != null">
|
||||
AND ou_id = #{param.ouId}
|
||||
</if>
|
||||
<if test="param.workspaceId !=0 and param.workspaceId != null">
|
||||
AND workspace_id = #{param.workspaceId}
|
||||
</if>
|
||||
<if test="param.naturalPersonId !=0 and param.naturalPersonId != null">
|
||||
AND natural_person_id = #{param.naturalPersonId}
|
||||
</if>
|
||||
</select>
|
||||
|
||||
<select id="listRoleIds" resultType="java.lang.Long">
|
||||
SELECT DISTINCT role_id
|
||||
FROM saas_role_user_relation
|
||||
|
||||
@ -4,11 +4,14 @@ import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.base.BaseTest;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
|
||||
import cn.axzo.tyr.server.controller.roleuser.RoleUserController;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||
import cn.hutool.http.HttpStatus;
|
||||
import com.google.common.collect.Sets;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
@ -31,6 +34,8 @@ public class RoleUserControllerTest extends BaseTest {
|
||||
private RoleUserController roleUserController;
|
||||
@Autowired
|
||||
private SaasRoleUserRelationDao saasRoleUserRelationDao;
|
||||
@Autowired
|
||||
private SaasRoleUserRelationService saasRoleUserRelationService;
|
||||
|
||||
@Test
|
||||
@Rollback
|
||||
@ -50,7 +55,13 @@ public class RoleUserControllerTest extends BaseTest {
|
||||
ApiResult<Void> apiResult = roleUserController.saveOrUpdate(req);
|
||||
Assertions.assertEquals(apiResult.getCode(), HttpStatus.HTTP_OK, "保存用户权限误");
|
||||
|
||||
List<SaasRoleUserRelation> saasRoleUserRelations = saasRoleUserRelationDao.query(identityId, identityType.getCode(), workspaceId, ouId);
|
||||
|
||||
List<SaasRoleUserV2DTO> saasRoleUserRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.identityId(identityId)
|
||||
.identityType(identityType)
|
||||
.workspaceId(workspaceId)
|
||||
.ouId(ouId)
|
||||
.build());
|
||||
Assertions.assertTrue(CollectionUtils.isNotEmpty(saasRoleUserRelations), "用户权限未保存成功");
|
||||
}
|
||||
|
||||
@ -75,9 +86,13 @@ public class RoleUserControllerTest extends BaseTest {
|
||||
ApiResult<Void> apiResult = roleUserController.grantOrUngrantWorkerLeader(req);
|
||||
Assertions.assertEquals(apiResult.getCode(), HttpStatus.HTTP_OK, "授权平台班组长角色有误");
|
||||
|
||||
List<SaasRoleUserRelation> saasRoleUserRelations = saasRoleUserRelationDao.queryByPersonId(personId, workspaceId, ouId);
|
||||
List<SaasRoleUserV2DTO> saasRoleUserRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(personId)
|
||||
.workspaceId(workspaceId)
|
||||
.ouId(ouId)
|
||||
.build());
|
||||
Assertions.assertTrue(CollectionUtils.isNotEmpty(saasRoleUserRelations), "授权平台班组长角色有误");
|
||||
List<Long> roleIds = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
|
||||
List<Long> roleIds = saasRoleUserRelations.stream().map(SaasRoleUserV2DTO::getRoleId).collect(Collectors.toList());
|
||||
Assertions.assertTrue(roleIds.contains(roleId), "授权平台班组长角色有误");
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,11 +1,12 @@
|
||||
package cn.axzo.tyr.server.permission;
|
||||
|
||||
import cn.axzo.tyr.base.BaseTest;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasFeature;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.junit.Assert;
|
||||
import org.junit.jupiter.api.Assertions;
|
||||
@ -13,7 +14,6 @@ import org.junit.jupiter.api.Test;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.test.annotation.Rollback;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
public class DemoTest extends BaseTest {
|
||||
@ -22,6 +22,8 @@ public class DemoTest extends BaseTest {
|
||||
private SaasFeatureDao saasFeatureDao;
|
||||
@Autowired
|
||||
private SaasRoleUserRelationDao saasRoleUserRelationDao;
|
||||
@Autowired
|
||||
private SaasRoleUserRelationService saasRoleUserRelationService;
|
||||
|
||||
@Test
|
||||
void test() {
|
||||
@ -37,12 +39,20 @@ public class DemoTest extends BaseTest {
|
||||
Long personId = 1L;
|
||||
Long workspaceId = 1L;
|
||||
Long ouId = 1L;
|
||||
List<SaasRoleUserRelation> roleUserRelations = saasRoleUserRelationDao.queryByPersonId(personId, workspaceId, ouId);
|
||||
List<SaasRoleUserV2DTO> roleUserRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(personId)
|
||||
.workspaceId(workspaceId)
|
||||
.ouId(ouId)
|
||||
.build());
|
||||
Assertions.assertEquals(roleUserRelations.size(), 1, "personId:[" + personId + "]的权限数据有误");
|
||||
|
||||
saasRoleUserRelationDao.removeWorkspaceOuAllUserRole(workspaceId, ouId);
|
||||
|
||||
List<SaasRoleUserRelation> roleUserRelations2 = saasRoleUserRelationDao.queryByPersonId(personId, workspaceId, ouId);
|
||||
List<SaasRoleUserV2DTO> roleUserRelations2 = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
|
||||
.personId(personId)
|
||||
.workspaceId(workspaceId)
|
||||
.ouId(ouId)
|
||||
.build());;
|
||||
Assertions.assertTrue(CollectionUtils.isEmpty(roleUserRelations2), "ouId:[" + ouId + "] workspaceId:[" + workspaceId + "]的权限数据有误");
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user