feat(permission): 增加person查询权限;重构权限点查询
This commit is contained in:
zhansihu
parent
5f9bf8f710
commit
5884bd1edc
@ -28,11 +28,14 @@ import java.util.Set;
|
|||||||
@NoArgsConstructor
|
@NoArgsConstructor
|
||||||
public class IdentityAuthReq {
|
public class IdentityAuthReq {
|
||||||
|
|
||||||
@NotNull
|
/** 身份ID - 不能和人员ID同时为空**/
|
||||||
private Long identityId;
|
private Long identityId;
|
||||||
@NotNull
|
/** 身份类型 **/
|
||||||
private IdentityType identityType;
|
private IdentityType identityType;
|
||||||
|
|
||||||
|
/** 人员ID 优先于身份- 不能和身份同时为空 **/
|
||||||
|
private Long personId;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*<pre>
|
*<pre>
|
||||||
* 防止数据量过多,工作台与单位必传
|
* 防止数据量过多,工作台与单位必传
|
||||||
|
|||||||
@ -0,0 +1,38 @@
|
|||||||
|
package cn.axzo.tyr.client.model.req;
|
||||||
|
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
|
import javax.validation.constraints.NotEmpty;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 根据ID查询权限点
|
||||||
|
*
|
||||||
|
* @version V1.0
|
||||||
|
* @author: ZhanSiHu
|
||||||
|
* @date: 2024/1/3 13:57
|
||||||
|
*/
|
||||||
|
@Data
|
||||||
|
@Builder
|
||||||
|
@NoArgsConstructor
|
||||||
|
@AllArgsConstructor
|
||||||
|
public class QueryPermissionByIdsReq {
|
||||||
|
|
||||||
|
@NotEmpty(message = "权限点ID不能为空")
|
||||||
|
private Set<Long> ids;
|
||||||
|
|
||||||
|
/** 是否包含父节点 - 默认false **/
|
||||||
|
@Builder.Default
|
||||||
|
private boolean includeParent = false;
|
||||||
|
|
||||||
|
/** 是否包含子节点 - 默认false **/
|
||||||
|
@Builder.Default
|
||||||
|
private boolean includeChildren = false;
|
||||||
|
|
||||||
|
/** 是否构建树型结构 - 默认false **/
|
||||||
|
@Builder.Default
|
||||||
|
private boolean buildTree = false;
|
||||||
|
}
|
||||||
@ -24,6 +24,7 @@ import java.util.List;
|
|||||||
public class IdentityAuthRes {
|
public class IdentityAuthRes {
|
||||||
private Long identity;
|
private Long identity;
|
||||||
private IdentityType identityType;
|
private IdentityType identityType;
|
||||||
|
private Long personId;
|
||||||
@Builder.Default
|
@Builder.Default
|
||||||
private List<WorkspacePermission> permissions=new ArrayList<>();
|
private List<WorkspacePermission> permissions=new ArrayList<>();
|
||||||
|
|
||||||
|
|||||||
@ -0,0 +1,67 @@
|
|||||||
|
package cn.axzo.tyr.client.model.res;
|
||||||
|
|
||||||
|
import cn.axzo.basics.common.model.IBaseTree;
|
||||||
|
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 权限点 - 字段简化
|
||||||
|
*
|
||||||
|
* @version V1.0
|
||||||
|
* @author: ZhanSiHu
|
||||||
|
* @date: 2024/1/3 11:52
|
||||||
|
*/
|
||||||
|
@Data
|
||||||
|
@Builder
|
||||||
|
@NoArgsConstructor
|
||||||
|
@AllArgsConstructor
|
||||||
|
public class SimplePermissionPointResp implements IBaseTree<SimplePermissionPointResp, Long> {
|
||||||
|
|
||||||
|
/** 权限点ID **/
|
||||||
|
private Long id;
|
||||||
|
|
||||||
|
/** 权限点名称 **/
|
||||||
|
private String name;
|
||||||
|
|
||||||
|
/** 权限点编码 **/
|
||||||
|
private String code;
|
||||||
|
|
||||||
|
/** 权限点所属端 **/
|
||||||
|
private String terminal;
|
||||||
|
|
||||||
|
/** 上级权限点ID **/
|
||||||
|
private Long parentId;
|
||||||
|
|
||||||
|
/** 子节点 **/
|
||||||
|
private List<SimplePermissionPointResp> children;
|
||||||
|
|
||||||
|
@JsonIgnore
|
||||||
|
@Override
|
||||||
|
public Long getNodeCode() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
@JsonIgnore
|
||||||
|
@Override
|
||||||
|
public Long getParentNodeCode() {
|
||||||
|
return parentId;
|
||||||
|
}
|
||||||
|
|
||||||
|
@JsonIgnore
|
||||||
|
@Override
|
||||||
|
public List<SimplePermissionPointResp> getNodeChildren() {
|
||||||
|
return children;
|
||||||
|
}
|
||||||
|
|
||||||
|
@JsonIgnore
|
||||||
|
@Override
|
||||||
|
public void setNodeChildren(List<SimplePermissionPointResp> nodeChildren) {
|
||||||
|
this.children = nodeChildren;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -1,5 +1,6 @@
|
|||||||
package cn.axzo.tyr.server.controller.auth;
|
package cn.axzo.tyr.server.controller.auth;
|
||||||
|
|
||||||
|
import cn.axzo.basics.common.util.AssertUtil;
|
||||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||||
import cn.axzo.tyr.client.feign.TyrSaasAuthApi;
|
import cn.axzo.tyr.client.feign.TyrSaasAuthApi;
|
||||||
import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
|
import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
|
||||||
@ -47,6 +48,11 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public ApiResult<IdentityAuthRes> findIdentityAuth(@Valid IdentityAuthReq identityAuthReq) {
|
public ApiResult<IdentityAuthRes> findIdentityAuth(@Valid IdentityAuthReq identityAuthReq) {
|
||||||
|
//单独做下参数校验
|
||||||
|
if (identityAuthReq.getPersonId() == null
|
||||||
|
&& (identityAuthReq.getIdentityId() == null || identityAuthReq.getIdentityType() == null)) {
|
||||||
|
AssertUtil.fail("自然人ID和身份ID/Type不能同时为空");
|
||||||
|
}
|
||||||
return ApiResult.ok(tyrSaasAuthService.findIdentityAuthMix(identityAuthReq));
|
return ApiResult.ok(tyrSaasAuthService.findIdentityAuthMix(identityAuthReq));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -0,0 +1,36 @@
|
|||||||
|
package cn.axzo.tyr.server.model;
|
||||||
|
|
||||||
|
import cn.axzo.tyr.server.util.KeyUtil;
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 权限缓存key
|
||||||
|
*
|
||||||
|
* @version V1.0
|
||||||
|
* @author: ZhanSiHu
|
||||||
|
* @date: 2024/1/2 18:36
|
||||||
|
*/
|
||||||
|
@Data
|
||||||
|
@Builder
|
||||||
|
@NoArgsConstructor
|
||||||
|
@AllArgsConstructor
|
||||||
|
public class AuthPermissionCacheKey {
|
||||||
|
|
||||||
|
private Long personId;
|
||||||
|
|
||||||
|
private Long identityId;
|
||||||
|
|
||||||
|
private Integer identityType;
|
||||||
|
|
||||||
|
private Long workspaceId;
|
||||||
|
|
||||||
|
private Long ouId;
|
||||||
|
|
||||||
|
public String buildKey() {
|
||||||
|
return personId == null ? KeyUtil.buildKeyBySeparator("auth-i", identityId, identityType, ouId, workspaceId)
|
||||||
|
: KeyUtil.buildKeyBySeparator("auth-p", personId, ouId, workspaceId);
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -12,6 +12,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
|||||||
import org.springframework.stereotype.Repository;
|
import org.springframework.stereotype.Repository;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
@Repository
|
@Repository
|
||||||
@ -63,9 +64,11 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
|
|||||||
* @param ouIds
|
* @param ouIds
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
|
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
|
||||||
return lambdaQuery().eq(SaasRoleUserRelation::getIdentityId, identityId)
|
return lambdaQuery()
|
||||||
.eq(SaasRoleUserRelation::getIdentityType, identityType)
|
.eq(Objects.nonNull(personId), SaasRoleUserRelation::getNaturalPersonId, personId)
|
||||||
|
.eq(Objects.nonNull(identityId), SaasRoleUserRelation::getIdentityId, identityId)
|
||||||
|
.eq(Objects.nonNull(identityType), SaasRoleUserRelation::getIdentityType, identityType)
|
||||||
.in(CollectionUtil.isNotEmpty(workspaceIds), SaasRoleUserRelation::getWorkspaceId, workspaceIds)
|
.in(CollectionUtil.isNotEmpty(workspaceIds), SaasRoleUserRelation::getWorkspaceId, workspaceIds)
|
||||||
.in(CollectionUtil.isNotEmpty(ouIds), SaasRoleUserRelation::getOuId, ouIds)
|
.in(CollectionUtil.isNotEmpty(ouIds), SaasRoleUserRelation::getOuId, ouIds)
|
||||||
.list();
|
.list();
|
||||||
|
|||||||
@ -1,6 +1,7 @@
|
|||||||
package cn.axzo.tyr.server.repository.entity;
|
package cn.axzo.tyr.server.repository.entity;
|
||||||
|
|
||||||
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
||||||
|
import cn.hutool.core.util.StrUtil;
|
||||||
import com.baomidou.mybatisplus.annotation.TableName;
|
import com.baomidou.mybatisplus.annotation.TableName;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Builder;
|
import lombok.Builder;
|
||||||
@ -8,6 +9,11 @@ import lombok.Data;
|
|||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
import java.io.Serializable;
|
import java.io.Serializable;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
@ -166,4 +172,13 @@ public class SaasFeature extends BaseEntity<SaasFeature> implements Serializable
|
|||||||
private Integer delegatedType;
|
private Integer delegatedType;
|
||||||
|
|
||||||
|
|
||||||
|
public Set<Long> splitPath() {
|
||||||
|
if (StrUtil.isBlank(this.path)) {
|
||||||
|
return Collections.emptySet();
|
||||||
|
}
|
||||||
|
return StrUtil.split(this.path, "/").stream()
|
||||||
|
.filter(id -> StrUtil.equals(id, "0"))
|
||||||
|
.map(Long::valueOf)
|
||||||
|
.collect(Collectors.toSet());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -6,6 +6,8 @@ import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
|
|||||||
import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
|
import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
|
||||||
import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq;
|
import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq;
|
||||||
import cn.axzo.tyr.client.model.permission.PermissionPointVO;
|
import cn.axzo.tyr.client.model.permission.PermissionPointVO;
|
||||||
|
import cn.axzo.tyr.client.model.req.QueryPermissionByIdsReq;
|
||||||
|
import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
|
||||||
import cn.axzo.tyr.server.repository.entity.SaasFeature;
|
import cn.axzo.tyr.server.repository.entity.SaasFeature;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -68,4 +70,7 @@ public interface PermissionPointService {
|
|||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
List<PermissionPointDTO> getChildByParentId(Long parentId);
|
List<PermissionPointDTO> getChildByParentId(Long parentId);
|
||||||
|
|
||||||
|
/** 根据ID查询权限点 **/
|
||||||
|
List<SimplePermissionPointResp> listPermissionByIds(QueryPermissionByIdsReq req);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -42,7 +42,7 @@ public interface SaasRoleUserService {
|
|||||||
* @param ouIds
|
* @param ouIds
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds);
|
List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* workpaceId + ownerOuId + roleId + 手机号 + 姓名 赋予角色(支持角色赋予的同时 角色创建)
|
* workpaceId + ownerOuId + roleId + 手机号 + 姓名 赋予角色(支持角色赋予的同时 角色创建)
|
||||||
|
|||||||
@ -9,6 +9,9 @@ import java.util.function.Function;
|
|||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import cn.axzo.tyr.client.model.enums.FeatureDataType;
|
import cn.axzo.tyr.client.model.enums.FeatureDataType;
|
||||||
|
import cn.axzo.tyr.client.model.req.QueryPermissionByIdsReq;
|
||||||
|
import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
|
||||||
|
import cn.hutool.core.date.StopWatch;
|
||||||
import cn.hutool.core.lang.Opt;
|
import cn.hutool.core.lang.Opt;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
@ -600,4 +603,55 @@ public class PermissionPointServiceImpl implements PermissionPointService {
|
|||||||
List<SaasFeature> feature = saasFeatureDao.getChildByParentId(parentId);
|
List<SaasFeature> feature = saasFeatureDao.getChildByParentId(parentId);
|
||||||
return BeanMapper.copyList(feature, PermissionPointDTO.class);
|
return BeanMapper.copyList(feature, PermissionPointDTO.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<SimplePermissionPointResp> listPermissionByIds(QueryPermissionByIdsReq req) {
|
||||||
|
//查所有节点 - 按需过滤
|
||||||
|
List<SimplePermissionPointResp> result = new ArrayList<>();
|
||||||
|
List<SaasFeature> allPermissions = saasFeatureDao.list(new LambdaQueryWrapper<SaasFeature>()
|
||||||
|
.select(SaasFeature::getId,
|
||||||
|
SaasFeature::getFeatureCode,
|
||||||
|
SaasFeature::getFeatureName,
|
||||||
|
SaasFeature::getParentId,
|
||||||
|
SaasFeature::getTerminal));
|
||||||
|
|
||||||
|
Set<Long> parentIds = new HashSet<>();
|
||||||
|
for (SaasFeature permission : allPermissions) {
|
||||||
|
if (req.getIds().contains(permission.getId())) {
|
||||||
|
//匹配查询的节点ID
|
||||||
|
result.add(toSimplePermission(permission));
|
||||||
|
|
||||||
|
if (req.isIncludeParent()) {
|
||||||
|
//通过path汇总parent
|
||||||
|
parentIds.addAll(permission.splitPath());
|
||||||
|
}
|
||||||
|
} else if (req.isIncludeChildren()) {
|
||||||
|
//path匹配查询节点ID - 子节点
|
||||||
|
boolean isChildren = permission.splitPath().stream().anyMatch(id -> req.getIds().contains(id));
|
||||||
|
if (isChildren) {
|
||||||
|
result.add(toSimplePermission(permission));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!parentIds.isEmpty()) {
|
||||||
|
//加入所有父级节点
|
||||||
|
result.addAll(allPermissions.stream()
|
||||||
|
.filter(p -> parentIds.contains(p.getId()))
|
||||||
|
.map(this::toSimplePermission)
|
||||||
|
.collect(Collectors.toList()));
|
||||||
|
}
|
||||||
|
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
private SimplePermissionPointResp toSimplePermission(SaasFeature permission) {
|
||||||
|
return SimplePermissionPointResp.builder()
|
||||||
|
.id(permission.getId())
|
||||||
|
.code(permission.getFeatureCode())
|
||||||
|
.name(permission.getFeatureName())
|
||||||
|
.parentId(permission.getParentId())
|
||||||
|
.terminal(permission.getTerminal())
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -149,8 +149,8 @@ public class RoleUserService implements SaasRoleUserService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
|
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
|
||||||
return roleUserRelationDao.queryByWorkspaceIdOrOu(identityId, identityType, workspaceIds, ouIds);
|
return roleUserRelationDao.queryByWorkspaceIdOrOu(personId, identityId, identityType, workspaceIds, ouIds);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@ -21,7 +21,9 @@ import cn.axzo.tyr.client.model.req.*;
|
|||||||
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
||||||
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
|
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
|
||||||
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
|
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
|
||||||
|
import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
|
||||||
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
|
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
|
||||||
|
import cn.axzo.tyr.server.model.AuthPermissionCacheKey;
|
||||||
import cn.axzo.tyr.server.repository.entity.*;
|
import cn.axzo.tyr.server.repository.entity.*;
|
||||||
import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
|
import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
|
||||||
import cn.axzo.tyr.server.service.PermissionPointService;
|
import cn.axzo.tyr.server.service.PermissionPointService;
|
||||||
@ -347,7 +349,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
|||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
stopWatch.start("query role user relation");
|
stopWatch.start("query role user relation");
|
||||||
List<SaasRoleUserRelation> relations = roleUserService.queryByWorkspaceIdOrOu(identityAuthReq.getIdentityId(), identityAuthReq.getIdentityType(), queryWorkspace, queryOuId);
|
List<SaasRoleUserRelation> relations = roleUserService.queryByWorkspaceIdOrOu(identityAuthReq.getPersonId(), identityAuthReq.getIdentityId(), identityAuthReq.getIdentityType(), queryWorkspace, queryOuId);
|
||||||
stopWatch.stop();
|
stopWatch.stop();
|
||||||
if (CollectionUtil.isEmpty(relations)) {
|
if (CollectionUtil.isEmpty(relations)) {
|
||||||
return result;
|
return result;
|
||||||
@ -440,15 +442,17 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
//通过子级查询父级并打平树型结构
|
//查询权限点及父级权限点
|
||||||
List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
|
List<SimplePermissionPointResp> allPermissionPoint = permissionPointService.listPermissionByIds(
|
||||||
.ids(buttonPermissionPointId)
|
QueryPermissionByIdsReq.builder()
|
||||||
.build());
|
.ids(buttonPermissionPointId)
|
||||||
|
.includeParent(true)
|
||||||
|
.build());
|
||||||
|
|
||||||
workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
||||||
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
||||||
.featureCode(permissionPointTreeNode.getCode())
|
.featureCode(permissionPointTreeNode.getCode())
|
||||||
.featureId(permissionPointTreeNode.getPermissionPointId())
|
.featureId(permissionPointTreeNode.getId())
|
||||||
.terminal(permissionPointTreeNode.getTerminal())
|
.terminal(permissionPointTreeNode.getTerminal())
|
||||||
// .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
|
// .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
|
||||||
.build())
|
.build())
|
||||||
@ -476,15 +480,17 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
|||||||
permissions.add(workspacePermission);
|
permissions.add(workspacePermission);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
//通过子级查询父级并平铺菜单
|
//查询权限点及父级权限点
|
||||||
List<PermissionPointTreeNode> allPermissionPoint = permissionPointService.listTreeNodesFlatChild(PermissionPointTreeQueryReq.builder()
|
List<SimplePermissionPointResp> allPermissionPoint = permissionPointService.listPermissionByIds(
|
||||||
.ids(new HashSet<>(resultHashAuthPointId))
|
QueryPermissionByIdsReq.builder()
|
||||||
.build());
|
.ids(new HashSet<>(resultHashAuthPointId))
|
||||||
|
.includeParent(true)
|
||||||
|
.build());
|
||||||
|
|
||||||
workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
workspacePermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
||||||
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
||||||
.featureCode(permissionPointTreeNode.getCode())
|
.featureCode(permissionPointTreeNode.getCode())
|
||||||
.featureId(permissionPointTreeNode.getPermissionPointId())
|
.featureId(permissionPointTreeNode.getId())
|
||||||
.terminal(permissionPointTreeNode.getTerminal())
|
.terminal(permissionPointTreeNode.getTerminal())
|
||||||
// .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
|
// .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
|
||||||
.build())
|
.build())
|
||||||
@ -744,8 +750,14 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
|||||||
} else {
|
} else {
|
||||||
//从缓存取权限,并记录缓存中没有的OW
|
//从缓存取权限,并记录缓存中没有的OW
|
||||||
req.getWorkspaceOusPairs().forEach(ow -> {
|
req.getWorkspaceOusPairs().forEach(ow -> {
|
||||||
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId());
|
IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(AuthPermissionCacheKey.builder()
|
||||||
IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key);
|
.personId(req.getPersonId())
|
||||||
|
.identityId(req.getIdentityId())
|
||||||
|
.identityType(req.getIdentityType().getCode())
|
||||||
|
.ouId(ow.getOuId())
|
||||||
|
.workspaceId(ow.getWorkspaceId())
|
||||||
|
.build()
|
||||||
|
.buildKey());
|
||||||
if (permission == null) {
|
if (permission == null) {
|
||||||
needQueryPairs.add(ow);
|
needQueryPairs.add(ow);
|
||||||
} else {
|
} else {
|
||||||
@ -760,20 +772,25 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
|||||||
req.setWorkspaceOusPairs(needQueryPairs);
|
req.setWorkspaceOusPairs(needQueryPairs);
|
||||||
List<IdentityAuthRes.WorkspacePermission> authPermission = findIdentityPermission(req);
|
List<IdentityAuthRes.WorkspacePermission> authPermission = findIdentityPermission(req);
|
||||||
permissions.addAll(authPermission);
|
permissions.addAll(authPermission);
|
||||||
if (CollectionUtil.isEmpty(authPermission)) {
|
//缓存结果 - 无权限的缓存空权限对象
|
||||||
//没有权限构建空权限对象进行缓存
|
Map<String, IdentityAuthRes.WorkspacePermission> permissionMap = authPermission.stream()
|
||||||
authPermission = needQueryPairs.stream()
|
.collect(Collectors.toMap(p -> p.getOuId() + "-" + p.getWorkspaceId(), Function.identity()));
|
||||||
.map(p -> IdentityAuthRes.WorkspacePermission.builder()
|
needQueryPairs.forEach(p -> {
|
||||||
|
IdentityAuthRes.WorkspacePermission permission = permissionMap.getOrDefault(p.getOuId() + "-" + p.getWorkspaceId(),
|
||||||
|
IdentityAuthRes.WorkspacePermission.builder()//空权限对象
|
||||||
.ouId(p.getOuId())
|
.ouId(p.getOuId())
|
||||||
.workspaceId(p.getWorkspaceId())
|
.workspaceId(p.getWorkspaceId())
|
||||||
.isSuperAdmin(false)
|
.isSuperAdmin(false)
|
||||||
.permissionPoint(Collections.emptyList())
|
.permissionPoint(Collections.emptyList())
|
||||||
.build())
|
.build());
|
||||||
.collect(Collectors.toList());
|
cacheIdentityAuth(AuthPermissionCacheKey.builder()
|
||||||
}
|
.personId(req.getPersonId())
|
||||||
authPermission.forEach(p -> {
|
.identityId(req.getIdentityId())
|
||||||
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), p.getOuId(), p.getWorkspaceId());
|
.identityType(req.getIdentityType().getCode())
|
||||||
cacheIdentityAuth(key, p);
|
.ouId(p.getOuId())
|
||||||
|
.workspaceId(p.getWorkspaceId())
|
||||||
|
.build()
|
||||||
|
.buildKey(), permission);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -781,6 +798,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private boolean needRefreshAuth(Long identityId, IdentityType identityType) {
|
private boolean needRefreshAuth(Long identityId, IdentityType identityType) {
|
||||||
|
//TODO:@Zhan 触发刷新逻辑检测
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user