refactor(permission): 增加权限缓存开关,调整默认值
This commit is contained in:
zhansihu
parent
f482b0370f
commit
5f9bf8f710
@ -60,8 +60,7 @@ public class IdentityAuthReq {
|
||||
private Set<Long> specifyRoleIds;
|
||||
|
||||
/** 是否使用缓存 **/
|
||||
@Builder.Default
|
||||
private boolean useCache = false;
|
||||
private Boolean useCache;
|
||||
|
||||
|
||||
@Data
|
||||
|
||||
@ -35,6 +35,7 @@ import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.hutool.core.collection.ListUtil;
|
||||
import cn.hutool.core.date.StopWatch;
|
||||
import cn.hutool.core.util.ArrayUtil;
|
||||
import cn.hutool.core.util.BooleanUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.json.JSONUtil;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
@ -45,6 +46,8 @@ import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.cloud.context.config.annotation.RefreshScope;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.*;
|
||||
@ -60,11 +63,16 @@ import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;
|
||||
* @author tanjie@axzo.cn
|
||||
* @date 2023/10/7 10:03
|
||||
*/
|
||||
@RefreshScope
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
@Slf4j
|
||||
public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
|
||||
/** 缓存权限信息开关 **/
|
||||
@Value("${axzo.cache.auth.enable:true}")
|
||||
private boolean authCache = true;
|
||||
|
||||
private final TyrSaasAuthMapper saasAuthMapper;
|
||||
|
||||
private final RoleService roleService;
|
||||
@ -687,8 +695,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
@Override
|
||||
public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) {
|
||||
List<IdentityAuthRes.WorkspacePermission> permissions = null;
|
||||
if (!req.isUseCache() || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds())) {
|
||||
//不走缓存 或者 角色预览
|
||||
//不走缓存的情况:关闭缓存开关 - 请求指明不走缓存 - 角色预览操作
|
||||
boolean notUseCache = !authCache
|
||||
|| BooleanUtil.isFalse(req.getUseCache())
|
||||
|| CollectionUtil.isNotEmpty(req.getSpecifyRoleIds());
|
||||
if (notUseCache) {
|
||||
permissions = findIdentityPermission(req);
|
||||
} else {
|
||||
permissions = findIdentityPermissionFromCache(req);
|
||||
@ -726,24 +737,40 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
private List<IdentityAuthRes.WorkspacePermission> findIdentityPermissionFromCache(IdentityAuthReq req) {
|
||||
//服务包产品变化 - 角色配置的权限变化 - 用户角色变化
|
||||
List<IdentityAuthRes.WorkspacePermission> permissions = new ArrayList<>();
|
||||
//从缓存取权限,并记录缓存中没有的OW
|
||||
List<IdentityAuthReq.WorkspaceOuPair> needQueryPairs = new ArrayList<>();
|
||||
req.getWorkspaceOusPairs().forEach(ow -> {
|
||||
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId());
|
||||
IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key);
|
||||
if (permission == null) {
|
||||
needQueryPairs.add(ow);
|
||||
} else {
|
||||
//加入返回
|
||||
permissions.add(permission);
|
||||
}
|
||||
});
|
||||
if (needRefreshAuth(req.getIdentityId(), req.getIdentityType())) {
|
||||
//缓存需要刷新 - 直接走原查询逻辑
|
||||
needQueryPairs.addAll(req.getWorkspaceOusPairs());
|
||||
} else {
|
||||
//从缓存取权限,并记录缓存中没有的OW
|
||||
req.getWorkspaceOusPairs().forEach(ow -> {
|
||||
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId());
|
||||
IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key);
|
||||
if (permission == null) {
|
||||
needQueryPairs.add(ow);
|
||||
} else {
|
||||
//加入返回
|
||||
permissions.add(permission);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
if (CollectionUtil.isNotEmpty(needQueryPairs)) {
|
||||
//有需要从数据库查询的数据 - 走原查询逻辑 并缓存结果
|
||||
req.setWorkspaceOusPairs(needQueryPairs);
|
||||
List<IdentityAuthRes.WorkspacePermission> authPermission = findIdentityPermission(req);
|
||||
permissions.addAll(authPermission);
|
||||
if (CollectionUtil.isEmpty(authPermission)) {
|
||||
//没有权限构建空权限对象进行缓存
|
||||
authPermission = needQueryPairs.stream()
|
||||
.map(p -> IdentityAuthRes.WorkspacePermission.builder()
|
||||
.ouId(p.getOuId())
|
||||
.workspaceId(p.getWorkspaceId())
|
||||
.isSuperAdmin(false)
|
||||
.permissionPoint(Collections.emptyList())
|
||||
.build())
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
authPermission.forEach(p -> {
|
||||
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), p.getOuId(), p.getWorkspaceId());
|
||||
cacheIdentityAuth(key, p);
|
||||
@ -753,14 +780,18 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
return permissions;
|
||||
}
|
||||
|
||||
private boolean needRefreshAuth(Long identityId, IdentityType identityType) {
|
||||
return false;
|
||||
}
|
||||
|
||||
private void cacheIdentityAuth(String key, IdentityAuthRes.WorkspacePermission permission) {
|
||||
RedisUtil.StringOps.setEx(key, JSONObject.toJSONString(permission, SerializerFeature.DisableCircularReferenceDetect),
|
||||
RedisUtil.StringValueOps.setEx(key, JSONObject.toJSONString(permission, SerializerFeature.DisableCircularReferenceDetect),
|
||||
30L, TimeUnit.MINUTES);
|
||||
}
|
||||
|
||||
private IdentityAuthRes.WorkspacePermission getIdentityAuthFromCache(String key) {
|
||||
String permission = RedisUtil.StringOps.get(key);
|
||||
return permission == null ? null : JSONObject.parseObject(StrUtil.unWrap(permission, '"', '"'),
|
||||
String permission = RedisUtil.StringValueOps.get(key);
|
||||
return permission == null ? null : JSONObject.parseObject(permission,
|
||||
IdentityAuthRes.WorkspacePermission.class);
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user