diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java index 7d808f60..917a99f1 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java @@ -3,7 +3,9 @@ package cn.axzo.tyr.client.feign; import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; +import cn.axzo.tyr.client.model.vo.DeletePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.PostMapping; @@ -20,10 +22,10 @@ import java.util.List; public interface SaasPermissionGroupApi { /** - * 保存/更新 + * 保存/更新 例外 */ - @PostMapping("/api/saasPermissionGoup/saveOrUpdate") - ApiResult saveOrUpdate(@RequestBody SaasPermissionGroupVO req); + @PostMapping("/api/saasPermissionGoup/saveOrUpdateSpecial") + ApiResult saveOrUpdateSpecial(@RequestBody @Valid SaveOrUpdatePermissionGroupVO permissionGroup); /** * 根据id查询详情 @@ -47,4 +49,7 @@ public interface SaasPermissionGroupApi { @PostMapping("/api/saasPermissionGoup/savePermissionPoints") ApiResult savePermissionPoints(@RequestBody@Valid SavePermissionGroupPPVO save); + + @PostMapping("/api/saasPermissionGoup/deletePermissionGroupSpecial") + ApiResult deletePermissionGroupSpecial(@RequestBody @Valid DeletePermissionGroupVO group); } diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java new file mode 100644 index 00000000..a799cc85 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java @@ -0,0 +1,29 @@ +package cn.axzo.tyr.client.model.enums; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import java.util.HashMap; +import java.util.Map; + +@Getter +@AllArgsConstructor +public enum PermissionType { + FEATURE("feature", "功能"), + DATA("data", "数据"), + ; + + private String code; + private String desc; + + private static final Map MAPPING = new HashMap<>(); + static { + for (PermissionType type : PermissionType.values()) { + MAPPING.put(type.code, type); + } + } + + public static PermissionType apply(Integer code) { + return code == null ? null :MAPPING.get(code); + } +} diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java new file mode 100644 index 00000000..edbe49c9 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java @@ -0,0 +1,27 @@ +package cn.axzo.tyr.client.model.vo; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; +import java.util.List; + +@Data +@AllArgsConstructor +@NoArgsConstructor +@Builder +public class DeletePermissionGroupVO { + @NotNull + private Long roleId; + + @NotEmpty + private List specialPermissionGroupIds; + + @NotNull + private Long operatorId; + + private String operatorName; +} diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java new file mode 100644 index 00000000..de5f234e --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java @@ -0,0 +1,62 @@ +package cn.axzo.tyr.client.model.vo; + +import lombok.Data; + +import javax.validation.Valid; +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotNull; +import java.util.List; + +@Data +public class SaveOrUpdatePermissionGroupVO { + + /** + * 权限集id(例外) + */ + private Long id; + + @NotNull + private Long roleId; + /** + * 权限集名称 + */ + @NotBlank + private String name; + + private String description; + + @NotNull + private Long operatorId; + + private String operatorName; + + @NotNull + private String type; + + /** + * 已选择的项目部 + */ + @Valid + private List selectedWorkspace; + + /** + * 已选择的单位 + */ + @Valid + private List selectedOu; + + @Data + public static class PermissionGroupScopeVO { + /** + * 选择类型 1:正选(指定组织适用) 2:反选(指定组织不适用) + */ + @NotNull + private Integer type; + /** + * 作为范围id(workspaceId/ouId) + */ + @NotNull + private Long scopeId; + } + +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java index 98f5b878..161902ef 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java @@ -7,7 +7,9 @@ import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.feign.SaasPermissionGroupApi; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; +import cn.axzo.tyr.client.model.vo.DeletePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; import cn.axzo.tyr.server.repository.service.SaasPermissionGroupDao; import cn.axzo.tyr.server.repository.service.SaasPermissionGroupScopeDao; @@ -33,8 +35,8 @@ public class SaasPermissionGroupController implements SaasPermissionGroupApi { private final PermissionGroupService permissionGroupService; @Override - public ApiResult saveOrUpdate(SaasPermissionGroupVO req) { - return null; + public ApiResult saveOrUpdateSpecial(SaveOrUpdatePermissionGroupVO permissionGroup) { + return ApiResult.ok(permissionGroupService.saveOrUpdateScope(permissionGroup)); } @Override @@ -69,4 +71,10 @@ public class SaasPermissionGroupController implements SaasPermissionGroupApi { return ApiResult.ok(); } + @Override + public ApiResult deletePermissionGroupSpecial(DeletePermissionGroupVO group) { + permissionGroupService.deletePermissionGroupSpecial(group); + return ApiResult.ok(); + } + } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java index ad530253..0b3f1a5e 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java @@ -8,6 +8,7 @@ import lombok.EqualsAndHashCode; import lombok.experimental.Accessors; import java.io.Serializable; +import java.util.Objects; /** * 权限集作用范围 @@ -56,5 +57,15 @@ public class SaasPermissionGroupScope extends BaseEntity idList) { + if (CollectionUtils.isEmpty(idList)) { + return false; + } + return lambdaUpdate() + .in(SaasPermissionGroupScope::getId,idList) + .set(BaseEntity::getIsDelete, TableIsDeleteEnum.DELETE.value) + .update(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java index 05eba429..292c13db 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java @@ -2,13 +2,17 @@ package cn.axzo.tyr.server.repository.service; import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; +import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; import cn.axzo.tyr.server.repository.entity.SaasRoleGroup; import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation; import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupMapper; import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupRelationMapper; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import org.apache.commons.collections.CollectionUtils; import org.springframework.stereotype.Repository; +import java.io.Serializable; +import java.util.Collection; import java.util.List; @Repository @@ -21,5 +25,15 @@ public class SaasRoleGroupRelationDao extends ServiceImpl idList) { + if (CollectionUtils.isEmpty(idList)) { + return false; + } + return lambdaUpdate() + .in(SaasRoleGroupRelation::getId,idList) + .set(BaseEntity::getIsDelete, TableIsDeleteEnum.DELETE.value) + .update(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java index ae9e1e26..92a562a3 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java @@ -1,9 +1,13 @@ package cn.axzo.tyr.server.service; import cn.axzo.framework.domain.page.PageResp; +import cn.axzo.tyr.client.model.enums.PermissionGroupType; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; +import cn.axzo.tyr.client.model.vo.DeletePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; +import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup; import java.util.List; @@ -25,4 +29,14 @@ public interface PermissionGroupService { void savePermissionPoints(SavePermissionGroupPPVO save); + /** + * 新增或者编辑例外权限 + * @param permissionGroup + * @return + */ + Long saveOrUpdateScope(SaveOrUpdatePermissionGroupVO permissionGroup); + + SaasPermissionGroup getRequiredPermissionGroup(Long permissionGroupId, PermissionGroupType type); + + void deletePermissionGroupSpecial(DeletePermissionGroupVO group); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java new file mode 100644 index 00000000..068d87ea --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java @@ -0,0 +1,9 @@ +package cn.axzo.tyr.server.service; + +import cn.axzo.tyr.server.repository.entity.SaasPermissionGroupScope; + +import java.util.List; + +public interface SaasPermissionGroupScopeService { + void saveOrUpdate(List scopes); +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java index 2202ab1f..cf0f19d6 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java @@ -7,22 +7,16 @@ import cn.axzo.framework.domain.web.BizException; import cn.axzo.framework.domain.web.code.BaseCode; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; import cn.axzo.tyr.client.model.enums.PermissionGroupType; +import cn.axzo.tyr.client.model.enums.PermissionScope; import cn.axzo.tyr.client.model.enums.PermissionScopeType; import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; -import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; -import cn.axzo.tyr.client.model.vo.SaasRolePermissionScopeVO; -import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; -import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup; -import cn.axzo.tyr.server.repository.entity.SaasPermissionGroupScope; -import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; -import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation; -import cn.axzo.tyr.server.repository.service.SaasPermissionGroupDao; -import cn.axzo.tyr.server.repository.service.SaasPermissionGroupScopeDao; -import cn.axzo.tyr.server.repository.service.SaasPgroupPermissionRelationDao; -import cn.axzo.tyr.server.repository.service.SaasPgroupRoleRelationDao; +import cn.axzo.tyr.client.model.vo.*; +import cn.axzo.tyr.server.repository.entity.*; +import cn.axzo.tyr.server.repository.service.*; import cn.axzo.tyr.server.service.PermissionGroupService; import cn.axzo.tyr.server.service.PermissionPointService; +import cn.axzo.tyr.server.service.SaasPermissionGroupScopeService; import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService; import com.baomidou.mybatisplus.core.metadata.IPage; import lombok.RequiredArgsConstructor; @@ -33,10 +27,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; -import java.util.Optional; +import java.util.*; import java.util.stream.Collectors; /** @@ -63,6 +54,10 @@ public class PermissionGroupImpl implements PermissionGroupService { SaasPermissionGroupScopeDao saasPermissionGroupScopeDao; @Autowired SaasPgroupPermissionRelationService saasPgroupPermissionRelationService; + @Autowired + SaasRoleDao saasRoleDao; + @Autowired + SaasPermissionGroupScopeService saasPermissionGroupScopeService; @Override public List query(QuerySaasPermissionGroupReq req) { @@ -237,16 +232,7 @@ public class PermissionGroupImpl implements PermissionGroupService { @Override @Transactional(rollbackFor = Exception.class) public void savePermissionPoints(SavePermissionGroupPPVO save) { - List groups = permissionGroupDao.lambdaQuery() - .eq(SaasPermissionGroup::getId, save.getId()) - .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); - if (CollectionUtils.isEmpty(groups)) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); - } - SaasPermissionGroup saasPermissionGroup = groups.get(0); - if (!Objects.equals(saasPermissionGroup.getIsCommon(), PermissionGroupType.COMMON.getCode())) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不是通用权限集"); - } + SaasPermissionGroup saasPermissionGroup = getRequiredPermissionGroup(save.getId(), PermissionGroupType.COMMON); List pgpRelations = Optional.ofNullable(save.getSelectedPPIds()).orElse(new ArrayList<>()).stream().map(ppId -> { SaasPgroupPermissionRelation target = new SaasPgroupPermissionRelation(); target.setGroupId(saasPermissionGroup.getId()); @@ -257,4 +243,164 @@ public class PermissionGroupImpl implements PermissionGroupService { }).collect(Collectors.toList()); saasPgroupPermissionRelationService.saveOrUpdate(pgpRelations); } + + @Override + @Transactional(rollbackFor = Exception.class) + public Long saveOrUpdateScope(SaveOrUpdatePermissionGroupVO permissionGroup) { + SaasPermissionGroup saasPermissionGroup; + validSaasPermissionGroup(permissionGroup); + Date now = new Date(); + if (Objects.nonNull(permissionGroup.getId())) { + saasPermissionGroup = getRequiredPermissionGroup(permissionGroup.getId(), PermissionGroupType.SPECIAL); + } else { + saasPermissionGroup = new SaasPermissionGroup(); + saasPermissionGroup.setCreateBy(permissionGroup.getOperatorId()); + saasPermissionGroup.setCreatorName(Optional.ofNullable(permissionGroup.getOperatorName()).orElse("")); + saasPermissionGroup.setIsCommon(PermissionGroupType.SPECIAL.getCode()); + saasPermissionGroup.setCreateAt(now); + } + saasPermissionGroup.setType(permissionGroup.getType()); + saasPermissionGroup.setName(permissionGroup.getName()); + saasPermissionGroup.setUpdateBy(permissionGroup.getOperatorId()); + saasPermissionGroup.setUpdatorName(Optional.ofNullable(permissionGroup.getOperatorName()).orElse("")); + saasPermissionGroup.setDescription(permissionGroup.getDescription()); + saasPermissionGroup.setUpdateAt(now); + permissionGroupDao.saveOrUpdate(saasPermissionGroup); + if (Objects.isNull(permissionGroup.getId())) { + SaasPgroupRoleRelation roleRelation = new SaasPgroupRoleRelation(); + roleRelation.setRoleId(permissionGroup.getRoleId()); + roleRelation.setGroupId(saasPermissionGroup.getId()); + roleRelation.setCreateBy(permissionGroup.getOperatorId()); + roleRelation.setUpdateBy(permissionGroup.getOperatorId()); + roleRelation.setCreateAt(now); + roleRelation.setUpdateAt(now); + roleRelationDao.save(roleRelation); + } + List scopes = new ArrayList<>(); + if (CollectionUtils.isNotEmpty(permissionGroup.getSelectedWorkspace())) { + scopes.addAll(permissionGroup.getSelectedWorkspace().stream().map(w -> { + SaasPermissionGroupScope scope = new SaasPermissionGroupScope(); + scope.setPgroupId(saasPermissionGroup.getId()); + scope.setType(w.getType()); + scope.setScopeType(PermissionScopeType.WORKSPACE.getCode()); + scope.setScopeId(w.getScopeId()); + scope.setCreateAt(now); + scope.setUpdateAt(now); + return scope; + }).collect(Collectors.toList())); + } + if (CollectionUtils.isNotEmpty(permissionGroup.getSelectedOu())) { + scopes.addAll(permissionGroup.getSelectedOu().stream().map(w -> { + SaasPermissionGroupScope scope = new SaasPermissionGroupScope(); + scope.setPgroupId(saasPermissionGroup.getId()); + scope.setType(w.getType()); + scope.setScopeType(PermissionScopeType.OU.getCode()); + scope.setScopeId(w.getScopeId()); + scope.setCreateAt(now); + scope.setUpdateAt(now); + return scope; + }).collect(Collectors.toList())); + } + saasPermissionGroupScopeService.saveOrUpdate(scopes); + return saasPermissionGroup.getId(); + } + + @Override + public SaasPermissionGroup getRequiredPermissionGroup(Long permissionGroupId, PermissionGroupType type) { + List groups = permissionGroupDao.lambdaQuery() + .eq(SaasPermissionGroup::getId, permissionGroupId) + .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (CollectionUtils.isEmpty(groups)) { + throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); + } + SaasPermissionGroup saasPermissionGroup = groups.get(0); + if (!Objects.equals(saasPermissionGroup.getIsCommon(), type.getCode())) { + throw new BizException(BaseCode.BAD_REQUEST, String.format("权限集不是%s权限集", type.getDesc())); + } + return saasPermissionGroup; + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void deletePermissionGroupSpecial(DeletePermissionGroupVO group) { + List relations = roleRelationDao.lambdaQuery().eq(SaasPgroupRoleRelation::getRoleId, group.getRoleId()) + .in(SaasPgroupRoleRelation::getGroupId, group.getSpecialPermissionGroupIds()) + .eq(SaasPgroupRoleRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (CollectionUtils.isEmpty(relations)) { + throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); + } + List deleteGroupIds = relations.stream().map(SaasPgroupRoleRelation::getGroupId).sorted().collect(Collectors.toList()); + List groups = permissionGroupDao.lambdaQuery() + .in(SaasPermissionGroup::getId, deleteGroupIds) + .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (groups.stream().anyMatch(e -> !Objects.equals(e.getIsCommon(), PermissionGroupType.SPECIAL.getCode()))) { + throw new BizException(BaseCode.BAD_REQUEST, "只能删除例外权限集"); + } + //删除角色关联 + roleRelationDao.removeByIds(relations.stream().map(SaasPgroupRoleRelation::getId).sorted().collect(Collectors.toList())); + List scopes = saasPermissionGroupScopeDao.lambdaQuery().in(SaasPermissionGroupScope::getPgroupId, deleteGroupIds) + .eq(SaasPermissionGroupScope::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (CollectionUtils.isNotEmpty(scopes)) { + // 删除例外scope + saasPermissionGroupScopeDao.removeByIds(scopes.stream().map(SaasPermissionGroupScope::getId).sorted().collect(Collectors.toList())); + } + // 删除通用权限集 + permissionGroupDao.lambdaUpdate() + .in(BaseEntity::getId,deleteGroupIds) + .set(BaseEntity::getIsDelete, TableIsDeleteEnum.DELETE.value) + .set(BaseEntity::getUpdateAt, new Date()) + .set(SaasPermissionGroup::getUpdateBy, group.getOperatorId()) + .set(SaasPermissionGroup::getUpdatorName, group.getOperatorName()) + .update(); + } + + private void validSaasPermissionGroup(SaveOrUpdatePermissionGroupVO permissionGroup) { + SaasRole saasRole = saasRoleDao.getById(permissionGroup.getRoleId()); + if (Objects.isNull(saasRole)) { + throw new BizException(BaseCode.BAD_REQUEST, "角色不存在"); + } + if (Objects.nonNull(permissionGroup.getId())) { + int relationCount = roleRelationDao.lambdaQuery().eq(SaasPgroupRoleRelation::getRoleId, permissionGroup.getRoleId()) + .eq(SaasPgroupRoleRelation::getGroupId, permissionGroup.getId()) + .eq(SaasPgroupRoleRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).count(); + if (relationCount == 0) { + throw new BizException(BaseCode.BAD_REQUEST, "角色和权限组不存在关联关系"); + } + } + List selectedWorkspace = permissionGroup.getSelectedWorkspace(); + List selectedOu = permissionGroup.getSelectedOu(); + Set scopeTypes = new HashSet<>(); + if (CollectionUtils.isEmpty(selectedWorkspace) && CollectionUtils.isEmpty(selectedOu)) { + throw new BizException(BaseCode.BAD_REQUEST, "例外不能为空"); + } + if (CollectionUtils.isNotEmpty(selectedWorkspace)) { + Map> selectedWorkspaceMap = selectedWorkspace.stream() + .collect(Collectors.groupingBy(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType)); + List includeScopes = Optional.ofNullable(selectedWorkspaceMap.get(PermissionScope.INCLUDE)).orElse(new ArrayList<>()); + List excludeScopes = Optional.ofNullable(selectedWorkspaceMap.get(PermissionScope.EXCLUDE)).orElse(new ArrayList<>()); + if (includeScopes.size() + excludeScopes.size() != selectedWorkspace.size()) { + throw new BizException(BaseCode.BAD_REQUEST, "选择类型设置错误"); + } + if (CollectionUtils.containsAny(includeScopes, excludeScopes)) { + throw new BizException(BaseCode.BAD_REQUEST, "项目部例外设置冲突"); + } + scopeTypes.addAll(selectedWorkspace.stream().map(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType).collect(Collectors.toSet())); + } + if (CollectionUtils.isNotEmpty(selectedOu)) { + Map> selectedOuMap = selectedOu.stream() + .collect(Collectors.groupingBy(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType)); + List includeScopes = Optional.ofNullable(selectedOuMap.get(PermissionScope.INCLUDE)).orElse(new ArrayList<>()); + List excludeScopes = Optional.ofNullable(selectedOuMap.get(PermissionScope.EXCLUDE)).orElse(new ArrayList<>()); + if (includeScopes.size() + excludeScopes.size() != selectedWorkspace.size()) { + throw new BizException(BaseCode.BAD_REQUEST, "选择类型设置错误"); + } + if (CollectionUtils.containsAny(includeScopes, excludeScopes)) { + throw new BizException(BaseCode.BAD_REQUEST, "单位例外设置冲突"); + } + scopeTypes.addAll(selectedOu.stream().map(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType).collect(Collectors.toSet())); + } + if (scopeTypes.size() > 1) { + throw new BizException(BaseCode.BAD_REQUEST, "例外类型不能同时指定适用与不适用"); + } + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java index 1b2b3445..89e3dd60 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java @@ -286,16 +286,7 @@ public class RoleServiceImpl implements RoleService { saasPermissionGroup.setCreateBy(saveOrUpdateRole.getOperatorId()); saasPermissionGroup.setCreatorName(saveOrUpdateRole.getOperatorName()); } else { - List groups = saasPermissionGroupDao.lambdaQuery() - .eq(SaasPermissionGroup::getId, saveOrUpdateRole.getPermissionGroupId()) - .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); - if (CollectionUtils.isEmpty(groups)) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); - } - saasPermissionGroup = groups.get(0); - if (!Objects.equals(saasPermissionGroup.getIsCommon(), PermissionGroupType.COMMON.getCode())) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不是通用权限集"); - } + saasPermissionGroup = permissionGroupService.getRequiredPermissionGroup(saveOrUpdateRole.getPermissionGroupId(), PermissionGroupType.COMMON); } saasPermissionGroup.setName(saveOrUpdateRole.getPermissionGroupName()); saasPermissionGroup.setDescription(saveOrUpdateRole.getPermissionGroupDescription()); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java new file mode 100644 index 00000000..e1d5f5b6 --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java @@ -0,0 +1,40 @@ +package cn.axzo.tyr.server.service.impl; + +import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum; +import cn.axzo.tyr.server.repository.entity.SaasPermissionGroupScope; +import cn.axzo.tyr.server.repository.service.SaasPermissionGroupScopeDao; +import cn.axzo.tyr.server.service.SaasPermissionGroupScopeService; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.collections.CollectionUtils; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; + +@Slf4j +@Service +@RequiredArgsConstructor +public class SaasPermissionGroupScopeServiceImpl implements SaasPermissionGroupScopeService { + private final SaasPermissionGroupScopeDao saasPermissionGroupScopeDao; + @Override + @Transactional(rollbackFor = Exception.class) + public void saveOrUpdate(List scopes) { + if (CollectionUtils.isNotEmpty(scopes)) { + return; + } + List exists = saasPermissionGroupScopeDao.lambdaQuery() + .in(SaasPermissionGroupScope::getPgroupId, scopes.stream().map(SaasPermissionGroupScope::getPgroupId).distinct().sorted().collect(Collectors.toList())) + .eq(SaasPermissionGroupScope::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + Collection insertList = CollectionUtils.subtract(scopes, exists); + Collection deleteList = CollectionUtils.subtract(exists, scopes); + if (CollectionUtils.isNotEmpty(insertList)) { + saasPermissionGroupScopeDao.saveBatch(insertList); + } + if (CollectionUtils.isNotEmpty(deleteList)) { + saasPermissionGroupScopeDao.removeByIds(deleteList.stream().map(SaasPermissionGroupScope::getId).sorted().collect(Collectors.toList())); + } + } +}