From 609aaddc28a90913b1b53f8f2fe3ca8f128a8b1d Mon Sep 17 00:00:00 2001 From: yangsong Date: Wed, 13 Sep 2023 20:24:24 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E4=BE=8B=E5=A4=96=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E4=BF=9D=E5=AD=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../client/feign/SaasPermissionGroupApi.java | 7 +- .../client/model/enums/PermissionType.java | 29 ++++ .../vo/SaveOrUpdatePermissionGroupVO.java | 62 +++++++ .../role/SaasPermissionGroupController.java | 5 +- .../entity/SaasPermissionGroupScope.java | 11 ++ .../service/SaasPermissionGroupScopeDao.java | 16 +- .../service/SaasRoleGroupRelationDao.java | 14 ++ .../service/PermissionGroupService.java | 12 ++ .../SaasPermissionGroupScopeService.java | 9 + .../service/impl/PermissionGroupImpl.java | 159 +++++++++++++++--- .../server/service/impl/RoleServiceImpl.java | 11 +- .../SaasPermissionGroupScopeServiceImpl.java | 40 +++++ 12 files changed, 336 insertions(+), 39 deletions(-) create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java create mode 100644 tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java create mode 100644 tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java index 7d808f60..2fcabc6c 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java @@ -4,6 +4,7 @@ import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.PostMapping; @@ -20,10 +21,10 @@ import java.util.List; public interface SaasPermissionGroupApi { /** - * 保存/更新 + * 保存/更新 例外 */ - @PostMapping("/api/saasPermissionGoup/saveOrUpdate") - ApiResult saveOrUpdate(@RequestBody SaasPermissionGroupVO req); + @PostMapping("/api/saasPermissionGoup/saveOrUpdateScope") + ApiResult saveOrUpdateScope(@RequestBody @Valid SaveOrUpdatePermissionGroupVO permissionGroup); /** * 根据id查询详情 diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java new file mode 100644 index 00000000..a799cc85 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/enums/PermissionType.java @@ -0,0 +1,29 @@ +package cn.axzo.tyr.client.model.enums; + +import lombok.AllArgsConstructor; +import lombok.Getter; + +import java.util.HashMap; +import java.util.Map; + +@Getter +@AllArgsConstructor +public enum PermissionType { + FEATURE("feature", "功能"), + DATA("data", "数据"), + ; + + private String code; + private String desc; + + private static final Map MAPPING = new HashMap<>(); + static { + for (PermissionType type : PermissionType.values()) { + MAPPING.put(type.code, type); + } + } + + public static PermissionType apply(Integer code) { + return code == null ? null :MAPPING.get(code); + } +} diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java new file mode 100644 index 00000000..de5f234e --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdatePermissionGroupVO.java @@ -0,0 +1,62 @@ +package cn.axzo.tyr.client.model.vo; + +import lombok.Data; + +import javax.validation.Valid; +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotNull; +import java.util.List; + +@Data +public class SaveOrUpdatePermissionGroupVO { + + /** + * 权限集id(例外) + */ + private Long id; + + @NotNull + private Long roleId; + /** + * 权限集名称 + */ + @NotBlank + private String name; + + private String description; + + @NotNull + private Long operatorId; + + private String operatorName; + + @NotNull + private String type; + + /** + * 已选择的项目部 + */ + @Valid + private List selectedWorkspace; + + /** + * 已选择的单位 + */ + @Valid + private List selectedOu; + + @Data + public static class PermissionGroupScopeVO { + /** + * 选择类型 1:正选(指定组织适用) 2:反选(指定组织不适用) + */ + @NotNull + private Integer type; + /** + * 作为范围id(workspaceId/ouId) + */ + @NotNull + private Long scopeId; + } + +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java index 98f5b878..bc0684b7 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java @@ -8,6 +8,7 @@ import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.feign.SaasPermissionGroupApi; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; import cn.axzo.tyr.server.repository.service.SaasPermissionGroupDao; import cn.axzo.tyr.server.repository.service.SaasPermissionGroupScopeDao; @@ -33,8 +34,8 @@ public class SaasPermissionGroupController implements SaasPermissionGroupApi { private final PermissionGroupService permissionGroupService; @Override - public ApiResult saveOrUpdate(SaasPermissionGroupVO req) { - return null; + public ApiResult saveOrUpdateScope(SaveOrUpdatePermissionGroupVO permissionGroup) { + return ApiResult.ok(permissionGroupService.saveOrUpdateScope(permissionGroup)); } @Override diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java index ad530253..0b3f1a5e 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPermissionGroupScope.java @@ -8,6 +8,7 @@ import lombok.EqualsAndHashCode; import lombok.experimental.Accessors; import java.io.Serializable; +import java.util.Objects; /** * 权限集作用范围 @@ -56,5 +57,15 @@ public class SaasPermissionGroupScope extends BaseEntity idList) { + if (CollectionUtils.isEmpty(idList)) { + return false; + } + return lambdaUpdate() + .in(SaasPermissionGroupScope::getId,idList) + .set(BaseEntity::getIsDelete, TableIsDeleteEnum.DELETE.value) + .update(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java index 05eba429..292c13db 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasRoleGroupRelationDao.java @@ -2,13 +2,17 @@ package cn.axzo.tyr.server.repository.service; import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; +import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; import cn.axzo.tyr.server.repository.entity.SaasRoleGroup; import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation; import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupMapper; import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupRelationMapper; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import org.apache.commons.collections.CollectionUtils; import org.springframework.stereotype.Repository; +import java.io.Serializable; +import java.util.Collection; import java.util.List; @Repository @@ -21,5 +25,15 @@ public class SaasRoleGroupRelationDao extends ServiceImpl idList) { + if (CollectionUtils.isEmpty(idList)) { + return false; + } + return lambdaUpdate() + .in(SaasRoleGroupRelation::getId,idList) + .set(BaseEntity::getIsDelete, TableIsDeleteEnum.DELETE.value) + .update(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java index ae9e1e26..1cabc230 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionGroupService.java @@ -1,9 +1,12 @@ package cn.axzo.tyr.server.service; import cn.axzo.framework.domain.page.PageResp; +import cn.axzo.tyr.client.model.enums.PermissionGroupType; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; +import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup; import java.util.List; @@ -25,4 +28,13 @@ public interface PermissionGroupService { void savePermissionPoints(SavePermissionGroupPPVO save); + /** + * 新增或者编辑例外权限 + * @param permissionGroup + * @return + */ + Long saveOrUpdateScope(SaveOrUpdatePermissionGroupVO permissionGroup); + + SaasPermissionGroup getRequiredPermissionGroup(Long permissionGroupId, PermissionGroupType type); + } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java new file mode 100644 index 00000000..068d87ea --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasPermissionGroupScopeService.java @@ -0,0 +1,9 @@ +package cn.axzo.tyr.server.service; + +import cn.axzo.tyr.server.repository.entity.SaasPermissionGroupScope; + +import java.util.List; + +public interface SaasPermissionGroupScopeService { + void saveOrUpdate(List scopes); +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java index 2202ab1f..d656da7f 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionGroupImpl.java @@ -7,22 +7,19 @@ import cn.axzo.framework.domain.web.BizException; import cn.axzo.framework.domain.web.code.BaseCode; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; import cn.axzo.tyr.client.model.enums.PermissionGroupType; +import cn.axzo.tyr.client.model.enums.PermissionScope; import cn.axzo.tyr.client.model.enums.PermissionScopeType; import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasRolePermissionScopeVO; +import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; -import cn.axzo.tyr.server.repository.entity.SaasPermissionGroup; -import cn.axzo.tyr.server.repository.entity.SaasPermissionGroupScope; -import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation; -import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation; -import cn.axzo.tyr.server.repository.service.SaasPermissionGroupDao; -import cn.axzo.tyr.server.repository.service.SaasPermissionGroupScopeDao; -import cn.axzo.tyr.server.repository.service.SaasPgroupPermissionRelationDao; -import cn.axzo.tyr.server.repository.service.SaasPgroupRoleRelationDao; +import cn.axzo.tyr.server.repository.entity.*; +import cn.axzo.tyr.server.repository.service.*; import cn.axzo.tyr.server.service.PermissionGroupService; import cn.axzo.tyr.server.service.PermissionPointService; +import cn.axzo.tyr.server.service.SaasPermissionGroupScopeService; import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationService; import com.baomidou.mybatisplus.core.metadata.IPage; import lombok.RequiredArgsConstructor; @@ -33,10 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; -import java.util.Optional; +import java.util.*; import java.util.stream.Collectors; /** @@ -63,6 +57,10 @@ public class PermissionGroupImpl implements PermissionGroupService { SaasPermissionGroupScopeDao saasPermissionGroupScopeDao; @Autowired SaasPgroupPermissionRelationService saasPgroupPermissionRelationService; + @Autowired + SaasRoleDao saasRoleDao; + @Autowired + SaasPermissionGroupScopeService saasPermissionGroupScopeService; @Override public List query(QuerySaasPermissionGroupReq req) { @@ -237,16 +235,7 @@ public class PermissionGroupImpl implements PermissionGroupService { @Override @Transactional(rollbackFor = Exception.class) public void savePermissionPoints(SavePermissionGroupPPVO save) { - List groups = permissionGroupDao.lambdaQuery() - .eq(SaasPermissionGroup::getId, save.getId()) - .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); - if (CollectionUtils.isEmpty(groups)) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); - } - SaasPermissionGroup saasPermissionGroup = groups.get(0); - if (!Objects.equals(saasPermissionGroup.getIsCommon(), PermissionGroupType.COMMON.getCode())) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不是通用权限集"); - } + SaasPermissionGroup saasPermissionGroup = getRequiredPermissionGroup(save.getId(), PermissionGroupType.COMMON); List pgpRelations = Optional.ofNullable(save.getSelectedPPIds()).orElse(new ArrayList<>()).stream().map(ppId -> { SaasPgroupPermissionRelation target = new SaasPgroupPermissionRelation(); target.setGroupId(saasPermissionGroup.getId()); @@ -257,4 +246,130 @@ public class PermissionGroupImpl implements PermissionGroupService { }).collect(Collectors.toList()); saasPgroupPermissionRelationService.saveOrUpdate(pgpRelations); } + + @Override + @Transactional(rollbackFor = Exception.class) + public Long saveOrUpdateScope(SaveOrUpdatePermissionGroupVO permissionGroup) { + SaasPermissionGroup saasPermissionGroup; + validSaasPermissionGroup(permissionGroup); + Date now = new Date(); + if (Objects.nonNull(permissionGroup.getId())) { + saasPermissionGroup = getRequiredPermissionGroup(permissionGroup.getId(), PermissionGroupType.SPECIAL); + } else { + saasPermissionGroup = new SaasPermissionGroup(); + saasPermissionGroup.setCreateBy(permissionGroup.getOperatorId()); + saasPermissionGroup.setCreatorName(Optional.ofNullable(permissionGroup.getOperatorName()).orElse("")); + saasPermissionGroup.setIsCommon(PermissionGroupType.SPECIAL.getCode()); + saasPermissionGroup.setCreateAt(now); + } + saasPermissionGroup.setType(permissionGroup.getType()); + saasPermissionGroup.setName(permissionGroup.getName()); + saasPermissionGroup.setUpdateBy(permissionGroup.getOperatorId()); + saasPermissionGroup.setUpdatorName(Optional.ofNullable(permissionGroup.getOperatorName()).orElse("")); + saasPermissionGroup.setDescription(permissionGroup.getDescription()); + saasPermissionGroup.setUpdateAt(now); + permissionGroupDao.saveOrUpdate(saasPermissionGroup); + if (Objects.isNull(permissionGroup.getId())) { + SaasPgroupRoleRelation roleRelation = new SaasPgroupRoleRelation(); + roleRelation.setRoleId(permissionGroup.getRoleId()); + roleRelation.setGroupId(saasPermissionGroup.getId()); + roleRelation.setCreateBy(permissionGroup.getOperatorId()); + roleRelation.setUpdateBy(permissionGroup.getOperatorId()); + roleRelation.setCreateAt(now); + roleRelation.setUpdateAt(now); + roleRelationDao.save(roleRelation); + } + List scopes = new ArrayList<>(); + if (CollectionUtils.isNotEmpty(permissionGroup.getSelectedWorkspace())) { + scopes.addAll(permissionGroup.getSelectedWorkspace().stream().map(w -> { + SaasPermissionGroupScope scope = new SaasPermissionGroupScope(); + scope.setPgroupId(saasPermissionGroup.getId()); + scope.setType(w.getType()); + scope.setScopeType(PermissionScopeType.WORKSPACE.getCode()); + scope.setScopeId(w.getScopeId()); + scope.setCreateAt(now); + scope.setUpdateAt(now); + return scope; + }).collect(Collectors.toList())); + } + if (CollectionUtils.isNotEmpty(permissionGroup.getSelectedOu())) { + scopes.addAll(permissionGroup.getSelectedOu().stream().map(w -> { + SaasPermissionGroupScope scope = new SaasPermissionGroupScope(); + scope.setPgroupId(saasPermissionGroup.getId()); + scope.setType(w.getType()); + scope.setScopeType(PermissionScopeType.OU.getCode()); + scope.setScopeId(w.getScopeId()); + scope.setCreateAt(now); + scope.setUpdateAt(now); + return scope; + }).collect(Collectors.toList())); + } + saasPermissionGroupScopeService.saveOrUpdate(scopes); + return saasPermissionGroup.getId(); + } + + @Override + public SaasPermissionGroup getRequiredPermissionGroup(Long permissionGroupId, PermissionGroupType type) { + List groups = permissionGroupDao.lambdaQuery() + .eq(SaasPermissionGroup::getId, permissionGroupId) + .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (CollectionUtils.isEmpty(groups)) { + throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); + } + SaasPermissionGroup saasPermissionGroup = groups.get(0); + if (!Objects.equals(saasPermissionGroup.getIsCommon(), type.getCode())) { + throw new BizException(BaseCode.BAD_REQUEST, String.format("权限集不是%s权限集", type.getDesc())); + } + return saasPermissionGroup; + } + + private void validSaasPermissionGroup(SaveOrUpdatePermissionGroupVO permissionGroup) { + SaasRole saasRole = saasRoleDao.getById(permissionGroup.getRoleId()); + if (Objects.isNull(saasRole)) { + throw new BizException(BaseCode.BAD_REQUEST, "角色不存在"); + } + if (Objects.nonNull(permissionGroup.getId())) { + int relationCount = roleRelationDao.lambdaQuery().eq(SaasPgroupRoleRelation::getRoleId, permissionGroup.getRoleId()) + .eq(SaasPgroupRoleRelation::getGroupId, permissionGroup.getId()) + .eq(SaasPgroupRoleRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).count(); + if (relationCount == 0) { + throw new BizException(BaseCode.BAD_REQUEST, "角色和权限组不存在关联关系"); + } + } + List selectedWorkspace = permissionGroup.getSelectedWorkspace(); + List selectedOu = permissionGroup.getSelectedOu(); + Set scopeTypes = new HashSet<>(); + if (CollectionUtils.isEmpty(selectedWorkspace) && CollectionUtils.isEmpty(selectedOu)) { + throw new BizException(BaseCode.BAD_REQUEST, "例外不能为空"); + } + if (CollectionUtils.isNotEmpty(selectedWorkspace)) { + Map> selectedWorkspaceMap = selectedWorkspace.stream() + .collect(Collectors.groupingBy(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType)); + List includeScopes = Optional.ofNullable(selectedWorkspaceMap.get(PermissionScope.INCLUDE)).orElse(new ArrayList<>()); + List excludeScopes = Optional.ofNullable(selectedWorkspaceMap.get(PermissionScope.EXCLUDE)).orElse(new ArrayList<>()); + if (includeScopes.size() + excludeScopes.size() != selectedWorkspace.size()) { + throw new BizException(BaseCode.BAD_REQUEST, "选择类型设置错误"); + } + if (CollectionUtils.containsAny(includeScopes, excludeScopes)) { + throw new BizException(BaseCode.BAD_REQUEST, "项目部例外设置冲突"); + } + scopeTypes.addAll(selectedWorkspace.stream().map(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType).collect(Collectors.toSet())); + } + if (CollectionUtils.isNotEmpty(selectedOu)) { + Map> selectedOuMap = selectedOu.stream() + .collect(Collectors.groupingBy(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType)); + List includeScopes = Optional.ofNullable(selectedOuMap.get(PermissionScope.INCLUDE)).orElse(new ArrayList<>()); + List excludeScopes = Optional.ofNullable(selectedOuMap.get(PermissionScope.EXCLUDE)).orElse(new ArrayList<>()); + if (includeScopes.size() + excludeScopes.size() != selectedWorkspace.size()) { + throw new BizException(BaseCode.BAD_REQUEST, "选择类型设置错误"); + } + if (CollectionUtils.containsAny(includeScopes, excludeScopes)) { + throw new BizException(BaseCode.BAD_REQUEST, "单位例外设置冲突"); + } + scopeTypes.addAll(selectedOu.stream().map(SaveOrUpdatePermissionGroupVO.PermissionGroupScopeVO::getType).collect(Collectors.toSet())); + } + if (scopeTypes.size() > 1) { + throw new BizException(BaseCode.BAD_REQUEST, "例外类型不能同时指定适用与不适用"); + } + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java index 1b2b3445..89e3dd60 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java @@ -286,16 +286,7 @@ public class RoleServiceImpl implements RoleService { saasPermissionGroup.setCreateBy(saveOrUpdateRole.getOperatorId()); saasPermissionGroup.setCreatorName(saveOrUpdateRole.getOperatorName()); } else { - List groups = saasPermissionGroupDao.lambdaQuery() - .eq(SaasPermissionGroup::getId, saveOrUpdateRole.getPermissionGroupId()) - .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); - if (CollectionUtils.isEmpty(groups)) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); - } - saasPermissionGroup = groups.get(0); - if (!Objects.equals(saasPermissionGroup.getIsCommon(), PermissionGroupType.COMMON.getCode())) { - throw new BizException(BaseCode.BAD_REQUEST, "权限集不是通用权限集"); - } + saasPermissionGroup = permissionGroupService.getRequiredPermissionGroup(saveOrUpdateRole.getPermissionGroupId(), PermissionGroupType.COMMON); } saasPermissionGroup.setName(saveOrUpdateRole.getPermissionGroupName()); saasPermissionGroup.setDescription(saveOrUpdateRole.getPermissionGroupDescription()); diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java new file mode 100644 index 00000000..e1d5f5b6 --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPermissionGroupScopeServiceImpl.java @@ -0,0 +1,40 @@ +package cn.axzo.tyr.server.service.impl; + +import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum; +import cn.axzo.tyr.server.repository.entity.SaasPermissionGroupScope; +import cn.axzo.tyr.server.repository.service.SaasPermissionGroupScopeDao; +import cn.axzo.tyr.server.service.SaasPermissionGroupScopeService; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.collections.CollectionUtils; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; + +@Slf4j +@Service +@RequiredArgsConstructor +public class SaasPermissionGroupScopeServiceImpl implements SaasPermissionGroupScopeService { + private final SaasPermissionGroupScopeDao saasPermissionGroupScopeDao; + @Override + @Transactional(rollbackFor = Exception.class) + public void saveOrUpdate(List scopes) { + if (CollectionUtils.isNotEmpty(scopes)) { + return; + } + List exists = saasPermissionGroupScopeDao.lambdaQuery() + .in(SaasPermissionGroupScope::getPgroupId, scopes.stream().map(SaasPermissionGroupScope::getPgroupId).distinct().sorted().collect(Collectors.toList())) + .eq(SaasPermissionGroupScope::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + Collection insertList = CollectionUtils.subtract(scopes, exists); + Collection deleteList = CollectionUtils.subtract(exists, scopes); + if (CollectionUtils.isNotEmpty(insertList)) { + saasPermissionGroupScopeDao.saveBatch(insertList); + } + if (CollectionUtils.isNotEmpty(deleteList)) { + saasPermissionGroupScopeDao.removeByIds(deleteList.stream().map(SaasPermissionGroupScope::getId).sorted().collect(Collectors.toList())); + } + } +} From 22d6900246c826f3d1c93a9e1fb7cf7d185ba4c2 Mon Sep 17 00:00:00 2001 From: yangsong Date: Wed, 13 Sep 2023 21:04:01 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=88=A0=E9=99=A4=E4=BE=8B=E5=A4=96?= =?UTF-8?q?=E6=9D=83=E9=99=90=E9=9B=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../client/feign/SaasPermissionGroupApi.java | 8 +++- .../model/vo/DeletePermissionGroupVO.java | 27 +++++++++++++ .../role/SaasPermissionGroupController.java | 9 ++++- .../service/SaasPermissionGroupDao.java | 2 + .../service/PermissionGroupService.java | 2 + .../service/impl/PermissionGroupImpl.java | 39 +++++++++++++++++-- 6 files changed, 80 insertions(+), 7 deletions(-) create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java index 2fcabc6c..917a99f1 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasPermissionGroupApi.java @@ -3,6 +3,7 @@ package cn.axzo.tyr.client.feign; import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; +import cn.axzo.tyr.client.model.vo.DeletePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; @@ -23,8 +24,8 @@ public interface SaasPermissionGroupApi { /** * 保存/更新 例外 */ - @PostMapping("/api/saasPermissionGoup/saveOrUpdateScope") - ApiResult saveOrUpdateScope(@RequestBody @Valid SaveOrUpdatePermissionGroupVO permissionGroup); + @PostMapping("/api/saasPermissionGoup/saveOrUpdateSpecial") + ApiResult saveOrUpdateSpecial(@RequestBody @Valid SaveOrUpdatePermissionGroupVO permissionGroup); /** * 根据id查询详情 @@ -48,4 +49,7 @@ public interface SaasPermissionGroupApi { @PostMapping("/api/saasPermissionGoup/savePermissionPoints") ApiResult savePermissionPoints(@RequestBody@Valid SavePermissionGroupPPVO save); + + @PostMapping("/api/saasPermissionGoup/deletePermissionGroupSpecial") + ApiResult deletePermissionGroupSpecial(@RequestBody @Valid DeletePermissionGroupVO group); } diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java new file mode 100644 index 00000000..edbe49c9 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/DeletePermissionGroupVO.java @@ -0,0 +1,27 @@ +package cn.axzo.tyr.client.model.vo; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; +import java.util.List; + +@Data +@AllArgsConstructor +@NoArgsConstructor +@Builder +public class DeletePermissionGroupVO { + @NotNull + private Long roleId; + + @NotEmpty + private List specialPermissionGroupIds; + + @NotNull + private Long operatorId; + + private String operatorName; +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java index bc0684b7..161902ef 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasPermissionGroupController.java @@ -7,6 +7,7 @@ import cn.axzo.framework.domain.web.result.ApiPageResult; import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.tyr.client.feign.SaasPermissionGroupApi; import cn.axzo.tyr.client.model.req.QuerySaasPermissionGroupReq; +import cn.axzo.tyr.client.model.vo.DeletePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdatePermissionGroupVO; import cn.axzo.tyr.client.model.vo.SavePermissionGroupPPVO; @@ -34,7 +35,7 @@ public class SaasPermissionGroupController implements SaasPermissionGroupApi { private final PermissionGroupService permissionGroupService; @Override - public ApiResult saveOrUpdateScope(SaveOrUpdatePermissionGroupVO permissionGroup) { + public ApiResult saveOrUpdateSpecial(SaveOrUpdatePermissionGroupVO permissionGroup) { return ApiResult.ok(permissionGroupService.saveOrUpdateScope(permissionGroup)); } @@ -70,4 +71,10 @@ public class SaasPermissionGroupController implements SaasPermissionGroupApi { return ApiResult.ok(); } + @Override + public ApiResult deletePermissionGroupSpecial(DeletePermissionGroupVO group) { + permissionGroupService.deletePermissionGroupSpecial(group); + return ApiResult.ok(); + } + } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasPermissionGroupDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasPermissionGroupDao.java index a08eaf07..a5ff031d 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasPermissionGroupDao.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/service/SaasPermissionGroupDao.java @@ -17,5 +17,7 @@ public class SaasPermissionGroupDao extends ServiceImpl relations = roleRelationDao.lambdaQuery().eq(SaasPgroupRoleRelation::getRoleId, group.getRoleId()) + .in(SaasPgroupRoleRelation::getGroupId, group.getSpecialPermissionGroupIds()) + .eq(SaasPgroupRoleRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (CollectionUtils.isEmpty(relations)) { + throw new BizException(BaseCode.BAD_REQUEST, "权限集不存在"); + } + List deleteGroupIds = relations.stream().map(SaasPgroupRoleRelation::getGroupId).sorted().collect(Collectors.toList()); + List groups = permissionGroupDao.lambdaQuery() + .in(SaasPermissionGroup::getId, deleteGroupIds) + .eq(SaasPermissionGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (groups.stream().anyMatch(e -> !Objects.equals(e.getIsCommon(), PermissionGroupType.SPECIAL.getCode()))) { + throw new BizException(BaseCode.BAD_REQUEST, "只能删除例外权限集"); + } + //删除角色关联 + roleRelationDao.removeByIds(relations.stream().map(SaasPgroupRoleRelation::getId).sorted().collect(Collectors.toList())); + List scopes = saasPermissionGroupScopeDao.lambdaQuery().in(SaasPermissionGroupScope::getPgroupId, deleteGroupIds) + .eq(SaasPermissionGroupScope::getIsDelete, TableIsDeleteEnum.NORMAL.value).list(); + if (CollectionUtils.isNotEmpty(scopes)) { + // 删除例外scope + saasPermissionGroupScopeDao.removeByIds(scopes.stream().map(SaasPermissionGroupScope::getId).sorted().collect(Collectors.toList())); + } + // 删除通用权限集 + permissionGroupDao.lambdaUpdate() + .in(BaseEntity::getId,deleteGroupIds) + .set(BaseEntity::getIsDelete, TableIsDeleteEnum.DELETE.value) + .set(BaseEntity::getUpdateAt, new Date()) + .set(SaasPermissionGroup::getUpdateBy, group.getOperatorId()) + .set(SaasPermissionGroup::getUpdatorName, group.getOperatorName()) + .update(); + } + private void validSaasPermissionGroup(SaveOrUpdatePermissionGroupVO permissionGroup) { SaasRole saasRole = saasRoleDao.getById(permissionGroup.getRoleId()); if (Objects.isNull(saasRole)) {