feature(permission-query): 权限检查接口

tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java

@@ -77,7 +77,7 @@ public interface TyrSaasAuthApi {
      * @param req
      * @return
      */
-    @PostMapping("/api/v2/auth/listPermissionFromFeature")
+    @PostMapping("/api/v2/auth/listIdentityFromPermission")
     ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(@RequestBody ListPermissionFromFeatureReq req);
 
 

tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java

@@ -49,14 +49,12 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
 
     @Override
     public ApiResult<Boolean> hasPermissionForIdentityV2(CheckIdentityPermissionReq req) {
-        //TODO:@Zhan
+        return ApiResult.ok(tyrSaasAuthService.hasPermissionForIdentityV2(req));
-        return null;
     }
 
     @Override
     public ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
-        //TODO:@Zhan
+        return ApiResult.ok(tyrSaasAuthService.listIdentityFromPermissionV2(req));
-        return null;
     }
 
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java

@@ -31,4 +31,7 @@ public interface TyrSaasAuthService {
      */
     IdentityAuthRes findIdentityAuth(IdentityAuthReq identityAuthReq);
 
+    boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req);
+
+    List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req);
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java

@@ -52,6 +52,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -499,6 +500,35 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         return result;
     }
 
+    @Override
+    public boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req) {
+        if (CollectionUtil.isEmpty(req.getCodes())) {
+            return true;
+        }
+        IdentityAuthReq request = new IdentityAuthReq();
+        request.setIdentityId(req.getIdentityId());
+        request.setIdentityType(req.getIdentityType());
+        if (StrUtil.isNotBlank(req.getTerminal())) {
+            request.setTerminal(Collections.singletonList(req.getTerminal()));
+        }
+        IdentityAuthRes authRes = this.findIdentityAuth(request);
+        HashSet<String> codeSet = new HashSet<>(req.getCodes());
+        //比较code
+        return authRes.getPermissions().stream()
+                .anyMatch(e -> e.getPermissionPoint()
+                .stream()
+                .anyMatch(p -> codeSet.contains(p.getFeatureCode())));
+    }
+
+    @Override
+    public List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
+        //TODO:@Zhan
+        //超管 - 保持原逻辑
+        //非超管   权限code+terminal -> feature -> 权限集 -> 例外权限集作用范围过滤 --> 权限集角色-角色组匹配OU类型资质（OU参建单位）
+        //免授权型 - 没有意义
+        return null;
+    }
+
     @Data
     public static class UserRoleInfoMap {