From 5f9bf8f710a81145760784326f563f566f18dac3 Mon Sep 17 00:00:00 2001
From: zhansihu <zhansihu@axzo.cn>
Date: Tue, 2 Jan 2024 17:47:54 +0800
Subject: [PATCH] =?UTF-8?q?refactor(permission):=20=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E7=BC=93=E5=AD=98=E5=BC=80=E5=85=B3=EF=BC=8C?=
 =?UTF-8?q?=E8=B0=83=E6=95=B4=E9=BB=98=E8=AE=A4=E5=80=BC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../tyr/client/model/req/IdentityAuthReq.java |  3 +-
 .../service/impl/TyrSaasAuthServiceImpl.java  | 63 ++++++++++++++-----
 2 files changed, 48 insertions(+), 18 deletions(-)

diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
index 0c8f837d..ec517d8f 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
@@ -60,8 +60,7 @@ public class IdentityAuthReq {
     private Set<Long> specifyRoleIds;
 
     /** 是否使用缓存 **/
-    @Builder.Default
-    private boolean useCache = false;
+    private Boolean useCache;
 
 
     @Data
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
index 4d69293f..3df411dc 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@@ -35,6 +35,7 @@ import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.collection.ListUtil;
 import cn.hutool.core.date.StopWatch;
 import cn.hutool.core.util.ArrayUtil;
+import cn.hutool.core.util.BooleanUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
 import com.alibaba.fastjson.JSONObject;
@@ -45,6 +46,8 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
 import org.springframework.stereotype.Service;
 
 import java.util.*;
@@ -60,11 +63,16 @@ import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;
  * @author tanjie@axzo.cn
  * @date 2023/10/7 10:03
  */
+@RefreshScope
 @Service
 @RequiredArgsConstructor
 @Slf4j
 public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
 
+    /** 缓存权限信息开关 **/
+    @Value("${axzo.cache.auth.enable:true}")
+    private boolean authCache = true;
+
     private final TyrSaasAuthMapper saasAuthMapper;
 
     private final RoleService roleService;
@@ -687,8 +695,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
     @Override
     public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) {
         List<IdentityAuthRes.WorkspacePermission> permissions = null;
-        if (!req.isUseCache() || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds())) {
-            //不走缓存 或者 角色预览
+        //不走缓存的情况：关闭缓存开关  - 请求指明不走缓存 - 角色预览操作
+        boolean notUseCache = !authCache
+                || BooleanUtil.isFalse(req.getUseCache())
+                || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds());
+        if (notUseCache) {
             permissions = findIdentityPermission(req);
         } else {
             permissions = findIdentityPermissionFromCache(req);
@@ -726,24 +737,40 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
     private List<IdentityAuthRes.WorkspacePermission> findIdentityPermissionFromCache(IdentityAuthReq req) {
         //服务包产品变化  -  角色配置的权限变化 - 用户角色变化
         List<IdentityAuthRes.WorkspacePermission> permissions = new ArrayList<>();
-        //从缓存取权限，并记录缓存中没有的OW
         List<IdentityAuthReq.WorkspaceOuPair> needQueryPairs = new ArrayList<>();
-        req.getWorkspaceOusPairs().forEach(ow -> {
-            String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId());
-            IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key);
-            if (permission == null) {
-                needQueryPairs.add(ow);
-            } else {
-                //加入返回
-                permissions.add(permission);
-            }
-        });
+        if (needRefreshAuth(req.getIdentityId(), req.getIdentityType())) {
+            //缓存需要刷新 - 直接走原查询逻辑
+            needQueryPairs.addAll(req.getWorkspaceOusPairs());
+        } else {
+            //从缓存取权限，并记录缓存中没有的OW
+            req.getWorkspaceOusPairs().forEach(ow -> {
+                String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId());
+                IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key);
+                if (permission == null) {
+                    needQueryPairs.add(ow);
+                } else {
+                    //加入返回
+                    permissions.add(permission);
+                }
+            });
+        }
 
         if (CollectionUtil.isNotEmpty(needQueryPairs)) {
             //有需要从数据库查询的数据 - 走原查询逻辑 并缓存结果
             req.setWorkspaceOusPairs(needQueryPairs);
             List<IdentityAuthRes.WorkspacePermission> authPermission = findIdentityPermission(req);
             permissions.addAll(authPermission);
+            if (CollectionUtil.isEmpty(authPermission)) {
+                //没有权限构建空权限对象进行缓存
+                authPermission = needQueryPairs.stream()
+                        .map(p -> IdentityAuthRes.WorkspacePermission.builder()
+                                .ouId(p.getOuId())
+                                .workspaceId(p.getWorkspaceId())
+                                .isSuperAdmin(false)
+                                .permissionPoint(Collections.emptyList())
+                                .build())
+                        .collect(Collectors.toList());
+            }
             authPermission.forEach(p -> {
                 String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), p.getOuId(), p.getWorkspaceId());
                 cacheIdentityAuth(key, p);
@@ -753,14 +780,18 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         return permissions;
     }
 
+    private boolean needRefreshAuth(Long identityId, IdentityType identityType) {
+        return false;
+    }
+
     private void cacheIdentityAuth(String key, IdentityAuthRes.WorkspacePermission permission) {
-        RedisUtil.StringOps.setEx(key, JSONObject.toJSONString(permission, SerializerFeature.DisableCircularReferenceDetect),
+        RedisUtil.StringValueOps.setEx(key, JSONObject.toJSONString(permission, SerializerFeature.DisableCircularReferenceDetect),
                 30L, TimeUnit.MINUTES);
     }
 
     private IdentityAuthRes.WorkspacePermission getIdentityAuthFromCache(String key) {
-        String permission = RedisUtil.StringOps.get(key);
-        return permission == null ? null : JSONObject.parseObject(StrUtil.unWrap(permission, '"', '"'),
+        String permission = RedisUtil.StringValueOps.get(key);
+        return permission == null ? null : JSONObject.parseObject(permission,
                 IdentityAuthRes.WorkspacePermission.class);
     }