Merge branch 'feature/REQ-2227' of https://axzsource.com/universal/infrastructure/backend/tyr into feature/REQ-2227
This commit is contained in:
lvshaohua
commit
5f884c4beb
@ -2,6 +2,9 @@ package cn.axzo.tyr.client.feign;
|
||||
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionResp;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import org.springframework.cloud.openfeign.FeignClient;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
@ -20,7 +23,15 @@ import java.util.List;
|
||||
@FeignClient(name = "tyr", url = "${axzo.service.tyr:http://tyr:8080}")
|
||||
public interface PermissionQueryApi {
|
||||
|
||||
/** 返回导航菜单页面 **/
|
||||
/** 返回有权限的导航菜单页面 **/
|
||||
@PostMapping(value = "/api/v3/permission/query/getNavTree")
|
||||
ApiResult<List<NavTreeResp>> getNavTree(@RequestBody @Valid NavTreeReq req);
|
||||
|
||||
/** 页面权限详情:页面自身及所有下级 **/
|
||||
@PostMapping(value = "/api/v3/permission/query/getPagePermission")
|
||||
ApiResult<List<PagePermissionResp>> getPagePermission(@RequestBody @Valid PagePermissionReq req);
|
||||
|
||||
/** 鉴权接口 **/
|
||||
@PostMapping(value = "/api/v3/permission/query/hasPermission")
|
||||
ApiResult<Boolean> hasPermission(PermissionCheckReq req);
|
||||
}
|
||||
|
||||
@ -0,0 +1,38 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 页面权限查询请求
|
||||
*
|
||||
* @version V1.0
|
||||
* @author: ZhanSiHu
|
||||
* @date: 2024/4/9 16:09
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class PagePermissionReq {
|
||||
|
||||
@NotNull(message = "权限码不能为空")
|
||||
private String featureCode;
|
||||
|
||||
@NotNull(message = "人员ID不能为空")
|
||||
private Long personId;
|
||||
/** 登录端 **/
|
||||
@NotNull(message = "登录端不能为空")
|
||||
private String terminal;
|
||||
|
||||
@NotEmpty(message = "单位标识对不能为空")
|
||||
private List<WorkspaceOUPair> workspaceOUPairs;
|
||||
|
||||
}
|
||||
@ -0,0 +1,26 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
/**
|
||||
* 页面权限查询响应
|
||||
*
|
||||
* @version V1.0
|
||||
* @author: ZhanSiHu
|
||||
* @date: 2024/4/9 16:14
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class PagePermissionResp {
|
||||
|
||||
/** 权限ID **/
|
||||
private Long featureId;
|
||||
/** 权限编码 **/
|
||||
private String featureCode;
|
||||
|
||||
}
|
||||
@ -0,0 +1,39 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 权限校验请求
|
||||
*
|
||||
* @version V1.0
|
||||
* @author: ZhanSiHu
|
||||
* @date: 2024/4/9 14:17
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class PermissionCheckReq {
|
||||
|
||||
@NotNull(message = "人员ID不能为空")
|
||||
private Long personId;
|
||||
|
||||
@NotEmpty(message = "权限code不能为空")
|
||||
private List<String> featureCodes;
|
||||
|
||||
@NotNull(message = "单位ID不能为空")
|
||||
private Long ouId;
|
||||
|
||||
@NotNull(message = "租户ID不能为空")
|
||||
private Long workspaceId;
|
||||
|
||||
/** 登录端 **/
|
||||
private String terminal;
|
||||
}
|
||||
@ -31,8 +31,6 @@ public class PermissionQueryReq {
|
||||
|
||||
private String terminal;
|
||||
|
||||
private List<Integer> featureTypes;
|
||||
|
||||
private List<String> featureCodes;
|
||||
|
||||
}
|
||||
|
||||
@ -3,6 +3,9 @@ package cn.axzo.tyr.server.controller.permission;
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.feign.PermissionQueryApi;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionResp;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import cn.axzo.tyr.server.service.PermissionQueryService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -29,4 +32,14 @@ public class PermissionQueryController implements PermissionQueryApi {
|
||||
public ApiResult<List<NavTreeResp>> getNavTree(NavTreeReq req) {
|
||||
return ApiResult.ok(permissionService.getNavTree(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<List<PagePermissionResp>> getPagePermission(PagePermissionReq req) {
|
||||
return ApiResult.ok(permissionService.getPagePermission(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<Boolean> hasPermission(PermissionCheckReq req) {
|
||||
return ApiResult.ok(permissionService.hasPermission(req));
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotEmpty;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
@ -37,4 +38,19 @@ public class PermissionQueryContext {
|
||||
/** 资源ID **/
|
||||
private Set<Long> featureIds;
|
||||
|
||||
public PermissionQueryContext appendPersonId(Long personId) {
|
||||
if (this.userIdentity == null) {
|
||||
this.userIdentity = new UserIdentity();
|
||||
}
|
||||
this.userIdentity.setPersonId(personId);
|
||||
return this;
|
||||
}
|
||||
|
||||
public PermissionQueryContext appendOuWorkspace(Long ouId, Long workspaceId) {
|
||||
if (this.workspaceOUPairs == null) {
|
||||
this.workspaceOUPairs = new ArrayList<>();
|
||||
}
|
||||
this.workspaceOUPairs.add(WorkspaceOUPair.builder().ouId(ouId).workspaceId(workspaceId).build());
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,8 +24,13 @@ public class ResourcePermissionQueryDTO {
|
||||
|
||||
private List<Integer> featureTypes;
|
||||
|
||||
private List<String> featureCodes;
|
||||
|
||||
private List<String> terminals;
|
||||
|
||||
private List<Integer> authType;
|
||||
|
||||
/** 路径包含 **/
|
||||
private Long inPath;
|
||||
|
||||
}
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
package cn.axzo.tyr.server.service;
|
||||
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionResp;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
|
||||
import java.util.List;
|
||||
@ -16,4 +19,8 @@ public interface PermissionQueryService {
|
||||
|
||||
/** 获取导航菜单页面 **/
|
||||
List<NavTreeResp> getNavTree(NavTreeReq req);
|
||||
|
||||
boolean hasPermission(PermissionCheckReq req);
|
||||
|
||||
List<PagePermissionResp> getPagePermission(PagePermissionReq req);
|
||||
}
|
||||
|
||||
@ -35,4 +35,6 @@ public interface SaasFeatureResourceService {
|
||||
|
||||
/** 是否免授权 **/
|
||||
boolean isAuthFree(Long featureId);
|
||||
|
||||
SaasFeatureResource getByCode(String featureCode);
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package cn.axzo.tyr.server.service.impl;
|
||||
|
||||
import cn.axzo.basics.common.BeanMapper;
|
||||
import cn.axzo.basics.common.util.AssertUtil;
|
||||
import cn.axzo.basics.common.util.NumberUtil;
|
||||
import cn.axzo.basics.common.util.TreeUtil;
|
||||
import cn.axzo.framework.auth.domain.TerminalInfo;
|
||||
@ -9,6 +10,9 @@ import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
|
||||
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.req.NavTreeReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.PagePermissionResp;
|
||||
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
|
||||
import cn.axzo.tyr.client.model.res.NavTreeResp;
|
||||
import cn.axzo.tyr.server.model.PermissionDO;
|
||||
import cn.axzo.tyr.server.model.PermissionQueryContext;
|
||||
@ -58,7 +62,12 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
@Override
|
||||
public List<NavTreeResp> getNavTree(NavTreeReq req) {
|
||||
//构造参数
|
||||
PermissionQueryContext context = BeanMapper.copyBean(req, PermissionQueryContext.class);
|
||||
PermissionQueryContext context = PermissionQueryContext.builder()
|
||||
.terminal(req.getTerminal())
|
||||
.workspaceOUPairs(req.getWorkspaceOUPairs())
|
||||
.build()
|
||||
.appendPersonId(req.getPersonId());
|
||||
|
||||
|
||||
//查询权限
|
||||
List<PermissionDO> permissions = queryUserPermission(context);
|
||||
@ -75,6 +84,54 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|
||||
return TreeUtil.buildTree(BeanMapper.copyList(resourceList, NavTreeResp.class));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasPermission(PermissionCheckReq req) {
|
||||
//权限编码转ID
|
||||
List<ResourcePermission> resourcePermissions = featureResourceService.permissionQuery(
|
||||
ResourcePermissionQueryDTO.builder().featureCodes(req.getFeatureCodes()).build());
|
||||
if (CollectionUtil.isEmpty(resourcePermissions)) {
|
||||
log.warn("no feature resource found for codes:{}", req.getFeatureCodes());
|
||||
return false;
|
||||
}
|
||||
PermissionQueryContext context = PermissionQueryContext.builder()
|
||||
.terminal(req.getTerminal())
|
||||
.build()
|
||||
.appendPersonId(req.getPersonId())
|
||||
.appendOuWorkspace(req.getOuId(), req.getWorkspaceId());
|
||||
//查询权限
|
||||
List<PermissionDO> permissions = queryUserPermission(context);
|
||||
Set<Long> featureIds = permissions.stream().map(PermissionDO::getFeatureIds).flatMap(Set::stream).collect(Collectors.toSet());
|
||||
//是否任意一个有授权
|
||||
return resourcePermissions.stream().anyMatch(r -> featureIds.contains(r.getId()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<PagePermissionResp> getPagePermission(PagePermissionReq req) {
|
||||
//这里没有区分是否为页面的组件或菜单树下级 同时包含了页面自身
|
||||
//权限编码转ID
|
||||
SaasFeatureResource page = featureResourceService.getByCode(req.getFeatureCode());
|
||||
AssertUtil.notNull(page, "权限码不存在");
|
||||
|
||||
//所有子级
|
||||
ResourcePermissionQueryDTO param = ResourcePermissionQueryDTO.builder().inPath(page.getId()).build();
|
||||
List<ResourcePermission> resourceList = featureResourceService.permissionQuery(param);
|
||||
|
||||
PermissionQueryContext context = PermissionQueryContext.builder()
|
||||
.terminal(req.getTerminal())
|
||||
.workspaceOUPairs(req.getWorkspaceOUPairs())
|
||||
.build()
|
||||
.appendPersonId(req.getPersonId());
|
||||
//查询权限
|
||||
List<PermissionDO> permissions = queryUserPermission(context);
|
||||
Set<Long> featureIds = permissions.stream().map(PermissionDO::getFeatureIds).flatMap(Set::stream).collect(Collectors.toSet());
|
||||
//权限过滤
|
||||
return resourceList.stream()
|
||||
.filter(r -> featureIds.contains(r.getId()))
|
||||
.map(r -> PagePermissionResp.builder()
|
||||
.featureId(r.getId())
|
||||
.featureCode(r.getFeatureCode()).build())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
|
||||
private List<PermissionDO> queryUserPermission(PermissionQueryContext context) {
|
||||
|
||||
@ -75,7 +75,9 @@ public class SaasFeatureResourceServiceImpl implements SaasFeatureResourceServic
|
||||
SaasFeatureResource::getAuthType)
|
||||
.in(CollectionUtil.isNotEmpty(param.getIds()), SaasFeatureResource::getId, param.getIds())
|
||||
.in(CollectionUtil.isNotEmpty(param.getFeatureTypes()), SaasFeatureResource::getFeatureType, param.getFeatureTypes())
|
||||
.in(CollectionUtil.isNotEmpty(param.getFeatureCodes()), SaasFeatureResource::getFeatureCode, param.getFeatureCodes())
|
||||
.in(CollectionUtil.isNotEmpty(param.getTerminals()), SaasFeatureResource::getTerminal, param.getTerminals())
|
||||
.apply(Objects.nonNull(param.getInPath()), " FIND_IN_SET(" + param.getInPath() + ", path)")
|
||||
.list();
|
||||
return BeanMapper.copyList(resourceList, ResourcePermission.class);
|
||||
}
|
||||
@ -100,6 +102,11 @@ public class SaasFeatureResourceServiceImpl implements SaasFeatureResourceServic
|
||||
return RedisClient.SetOps.sIsMember(KEY_AUTH_FREE, featureId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SaasFeatureResource getByCode(String featureCode) {
|
||||
return featureResourceDao.getByCode(featureCode);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void saveOrUpdateMenu(FeatureResourceTreeSaveReq req) {
|
||||
SaasFeatureResource baseResource = BeanMapper.copyBean(req, SaasFeatureResource.class);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user