feature(permission-query): 权限检查接口

2023-10-19 10:16:06 +08:00 · 2023-10-19 10:16:06 +08:00 · 7009b40444
commit 7009b40444
parent eb7d2e3005
4 changed files with 36 additions and 5 deletions
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
@ -77,7 +77,7 @@ public interface TyrSaasAuthApi {
     * @param req
     * @return
     */
-    @PostMapping("/api/v2/auth/listPermissionFromFeature")
+    @PostMapping("/api/v2/auth/listIdentityFromPermission")
    ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(@RequestBody ListPermissionFromFeatureReq req);


--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
@ -49,14 +49,12 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {

    @Override
    public ApiResult<Boolean> hasPermissionForIdentityV2(CheckIdentityPermissionReq req) {
-        //TODO:@Zhan
-        return null;
+        return ApiResult.ok(tyrSaasAuthService.hasPermissionForIdentityV2(req));
    }

    @Override
    public ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
-        //TODO:@Zhan
-        return null;
+        return ApiResult.ok(tyrSaasAuthService.listIdentityFromPermissionV2(req));
    }

 }
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
@ -31,4 +31,7 @@ public interface TyrSaasAuthService {
     */
    IdentityAuthRes findIdentityAuth(IdentityAuthReq identityAuthReq);

+    boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req);
+
+    List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req);
 }
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@ -52,6 +52,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;

 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@ -499,6 +500,35 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
        return result;
    }

+    @Override
+    public boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req) {
+        if (CollectionUtil.isEmpty(req.getCodes())) {
+            return true;
+        }
+        IdentityAuthReq request = new IdentityAuthReq();
+        request.setIdentityId(req.getIdentityId());
+        request.setIdentityType(req.getIdentityType());
+        if (StrUtil.isNotBlank(req.getTerminal())) {
+            request.setTerminal(Collections.singletonList(req.getTerminal()));
+        }
+        IdentityAuthRes authRes = this.findIdentityAuth(request);
+        HashSet<String> codeSet = new HashSet<>(req.getCodes());
+        //比较code
+        return authRes.getPermissions().stream()
+                .anyMatch(e -> e.getPermissionPoint()
+                .stream()
+                .anyMatch(p -> codeSet.contains(p.getFeatureCode())));
+    }
+
+    @Override
+    public List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
+        //TODO:@Zhan
+        //超管 - 保持原逻辑
+        //非超管   权限code+terminal -> feature -> 权限集 -> 例外权限集作用范围过滤 --> 权限集角色-角色组匹配OU类型资质（OU参建单位）
+        //免授权型 - 没有意义
+        return null;
+    }
+
    @Data
    public static class UserRoleInfoMap {