From 7009b404447267656b284cbbf649a0027babe490 Mon Sep 17 00:00:00 2001
From: zhansihu <zhansihu@axzo.cn>
Date: Thu, 19 Oct 2023 10:16:06 +0800
Subject: [PATCH] =?UTF-8?q?feature(permission-query):=20=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E6=A3=80=E6=9F=A5=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../axzo/tyr/client/feign/TyrSaasAuthApi.java |  2 +-
 .../auth/TyrSaasAuthController.java           |  6 ++--
 .../server/service/TyrSaasAuthService.java    |  3 ++
 .../service/impl/TyrSaasAuthServiceImpl.java  | 30 +++++++++++++++++++
 4 files changed, 36 insertions(+), 5 deletions(-)

diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
index 56247eaf..f006bc9d 100644
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
@@ -77,7 +77,7 @@ public interface TyrSaasAuthApi {
      * @param req
      * @return
      */
-    @PostMapping("/api/v2/auth/listPermissionFromFeature")
+    @PostMapping("/api/v2/auth/listIdentityFromPermission")
     ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(@RequestBody ListPermissionFromFeatureReq req);
 
 
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
index 4c5c1dcf..2ff3bd76 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
@@ -49,14 +49,12 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
 
     @Override
     public ApiResult<Boolean> hasPermissionForIdentityV2(CheckIdentityPermissionReq req) {
-        //TODO:@Zhan
-        return null;
+        return ApiResult.ok(tyrSaasAuthService.hasPermissionForIdentityV2(req));
     }
 
     @Override
     public ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
-        //TODO:@Zhan
-        return null;
+        return ApiResult.ok(tyrSaasAuthService.listIdentityFromPermissionV2(req));
     }
 
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
index 8ca641b7..4da38b6d 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
@@ -31,4 +31,7 @@ public interface TyrSaasAuthService {
      */
     IdentityAuthRes findIdentityAuth(IdentityAuthReq identityAuthReq);
 
+    boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req);
+
+    List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req);
 }
diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
index 307e7045..28d1c47c 100644
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@@ -52,6 +52,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -499,6 +500,35 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         return result;
     }
 
+    @Override
+    public boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req) {
+        if (CollectionUtil.isEmpty(req.getCodes())) {
+            return true;
+        }
+        IdentityAuthReq request = new IdentityAuthReq();
+        request.setIdentityId(req.getIdentityId());
+        request.setIdentityType(req.getIdentityType());
+        if (StrUtil.isNotBlank(req.getTerminal())) {
+            request.setTerminal(Collections.singletonList(req.getTerminal()));
+        }
+        IdentityAuthRes authRes = this.findIdentityAuth(request);
+        HashSet<String> codeSet = new HashSet<>(req.getCodes());
+        //比较code
+        return authRes.getPermissions().stream()
+                .anyMatch(e -> e.getPermissionPoint()
+                .stream()
+                .anyMatch(p -> codeSet.contains(p.getFeatureCode())));
+    }
+
+    @Override
+    public List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
+        //TODO:@Zhan
+        //超管 - 保持原逻辑
+        //非超管   权限code+terminal -> feature -> 权限集 -> 例外权限集作用范围过滤 --> 权限集角色-角色组匹配OU类型资质（OU参建单位）
+        //免授权型 - 没有意义
+        return null;
+    }
+
     @Data
     public static class UserRoleInfoMap {