wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(permission): 增加权限缓存开关,调整默认值

Browse Source
This commit is contained in:
zhansihu 2024-01-02 17:47:54 +08:00
parent f482b0370f
commit 5f9bf8f710
2 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
View File

@ -60,8 +60,7 @@ public class IdentityAuthReq {
private Set<Long> specifyRoleIds; private Set<Long> specifyRoleIds;
/** 是否使用缓存 **/ /** 是否使用缓存 **/
@Builder.Default private Boolean useCache;
private boolean useCache = false;
@Data @Data

63
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -35,6 +35,7 @@ import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.collection.ListUtil; import cn.hutool.core.collection.ListUtil;
import cn.hutool.core.date.StopWatch; import cn.hutool.core.date.StopWatch;
import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.BooleanUtil;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONUtil; import cn.hutool.json.JSONUtil;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
@ -45,6 +46,8 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.util.*; import java.util.*;
@ -60,11 +63,16 @@ import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;
* @author tanjie@axzo.cn * @author tanjie@axzo.cn
* @date 2023/10/7 10:03 * @date 2023/10/7 10:03
*/ */
@RefreshScope
@Service @Service
@RequiredArgsConstructor @RequiredArgsConstructor
@Slf4j @Slf4j
public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
/** 缓存权限信息开关 **/
@Value("${axzo.cache.auth.enable:true}")
private boolean authCache = true;
private final TyrSaasAuthMapper saasAuthMapper; private final TyrSaasAuthMapper saasAuthMapper;
private final RoleService roleService; private final RoleService roleService;
@ -687,8 +695,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
@Override @Override
public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) { public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) {
List<IdentityAuthRes.WorkspacePermission> permissions = null; List<IdentityAuthRes.WorkspacePermission> permissions = null;
if (!req.isUseCache() || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds())) { //不走缓存的情况关闭缓存开关 - 请求指明不走缓存 - 角色预览操作
//不走缓存 或者 角色预览 boolean notUseCache = !authCache
|| BooleanUtil.isFalse(req.getUseCache())
|| CollectionUtil.isNotEmpty(req.getSpecifyRoleIds());
if (notUseCache) {
permissions = findIdentityPermission(req); permissions = findIdentityPermission(req);
} else { } else {
permissions = findIdentityPermissionFromCache(req); permissions = findIdentityPermissionFromCache(req);
@ -726,24 +737,40 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private List<IdentityAuthRes.WorkspacePermission> findIdentityPermissionFromCache(IdentityAuthReq req) { private List<IdentityAuthRes.WorkspacePermission> findIdentityPermissionFromCache(IdentityAuthReq req) {
//服务包产品变化 - 角色配置的权限变化 - 用户角色变化 //服务包产品变化 - 角色配置的权限变化 - 用户角色变化
List<IdentityAuthRes.WorkspacePermission> permissions = new ArrayList<>(); List<IdentityAuthRes.WorkspacePermission> permissions = new ArrayList<>();
//从缓存取权限并记录缓存中没有的OW
List<IdentityAuthReq.WorkspaceOuPair> needQueryPairs = new ArrayList<>(); List<IdentityAuthReq.WorkspaceOuPair> needQueryPairs = new ArrayList<>();
req.getWorkspaceOusPairs().forEach(ow -> { if (needRefreshAuth(req.getIdentityId(), req.getIdentityType())) {
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId()); //缓存需要刷新 - 直接走原查询逻辑
IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key); needQueryPairs.addAll(req.getWorkspaceOusPairs());
if (permission == null) { } else {
needQueryPairs.add(ow); //从缓存取权限并记录缓存中没有的OW
} else { req.getWorkspaceOusPairs().forEach(ow -> {
//加入返回 String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), ow.getOuId(), ow.getWorkspaceId());
permissions.add(permission); IdentityAuthRes.WorkspacePermission permission = getIdentityAuthFromCache(key);
} if (permission == null) {
}); needQueryPairs.add(ow);
} else {
//加入返回
permissions.add(permission);
}
});
}
if (CollectionUtil.isNotEmpty(needQueryPairs)) { if (CollectionUtil.isNotEmpty(needQueryPairs)) {
//有需要从数据库查询的数据 - 走原查询逻辑 并缓存结果 //有需要从数据库查询的数据 - 走原查询逻辑 并缓存结果
req.setWorkspaceOusPairs(needQueryPairs); req.setWorkspaceOusPairs(needQueryPairs);
List<IdentityAuthRes.WorkspacePermission> authPermission = findIdentityPermission(req); List<IdentityAuthRes.WorkspacePermission> authPermission = findIdentityPermission(req);
permissions.addAll(authPermission); permissions.addAll(authPermission);
if (CollectionUtil.isEmpty(authPermission)) {
//没有权限构建空权限对象进行缓存
authPermission = needQueryPairs.stream()
.map(p -> IdentityAuthRes.WorkspacePermission.builder()
.ouId(p.getOuId())
.workspaceId(p.getWorkspaceId())
.isSuperAdmin(false)
.permissionPoint(Collections.emptyList())
.build())
.collect(Collectors.toList());
}
authPermission.forEach(p -> { authPermission.forEach(p -> {
String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), p.getOuId(), p.getWorkspaceId()); String key = KeyUtil.buildKeyBySeparator("auth", req.getIdentityId(), req.getIdentityType().getCode(), p.getOuId(), p.getWorkspaceId());
cacheIdentityAuth(key, p); cacheIdentityAuth(key, p);
@ -753,14 +780,18 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return permissions; return permissions;
} }
private boolean needRefreshAuth(Long identityId, IdentityType identityType) {
return false;
}
private void cacheIdentityAuth(String key, IdentityAuthRes.WorkspacePermission permission) { private void cacheIdentityAuth(String key, IdentityAuthRes.WorkspacePermission permission) {
RedisUtil.StringOps.setEx(key, JSONObject.toJSONString(permission, SerializerFeature.DisableCircularReferenceDetect), RedisUtil.StringValueOps.setEx(key, JSONObject.toJSONString(permission, SerializerFeature.DisableCircularReferenceDetect),
30L, TimeUnit.MINUTES); 30L, TimeUnit.MINUTES);
} }
private IdentityAuthRes.WorkspacePermission getIdentityAuthFromCache(String key) { private IdentityAuthRes.WorkspacePermission getIdentityAuthFromCache(String key) {
String permission = RedisUtil.StringOps.get(key); String permission = RedisUtil.StringValueOps.get(key);
return permission == null ? null : JSONObject.parseObject(StrUtil.unWrap(permission, '"', '"'), return permission == null ? null : JSONObject.parseObject(permission,
IdentityAuthRes.WorkspacePermission.class); IdentityAuthRes.WorkspacePermission.class);
} }