wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/REQ-2545' into feature/REQ-2545

Browse Source
This commit is contained in:
李昆鹏 2024-07-02 18:26:04 +08:00
commit 7364478ef4
1 changed files with 33 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -1346,23 +1346,27 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
*/
@Override
public boolean authNewPermission(PermissionCheckReq req) {
StopWatch watch = StopWatch.create("authPermission:new");
watch.start("authPermission:select feature");
ListSaasFeatureResourceParam listSaasFeatureResourceParam = ListSaasFeatureResourceParam.builder()
.featureCodes(Sets.newHashSet(req.getFeatureCodes()))
.terminal(req.getTerminal())
.build();
List<SaasFeatureResourceResp> saasFeatureResources = listSaasFeatureResource(listSaasFeatureResourceParam);
watch.stop();
if (CollectionUtils.isEmpty(saasFeatureResources)) {
log.info("featureCode not found in featureResource:{}", req.getFeatureCodes());
return false;
}
watch.start("authPermission:select role");
//用户角色关系以及对应角色的权限点
List<SaasRoleUserV2DTO> saasRoleUserRelations = listRoleUserRelationsNew(req, saasFeatureResources);
watch.stop();
if (CollectionUtils.isEmpty(saasRoleUserRelations)) {
return false;
}
watch.start("authPermission:select workspace product");
Set<Long> featureIds = saasFeatureResources.stream()
.map(SaasFeatureResourceResp::getId)
.collect(Collectors.toSet());
@ -1379,26 +1383,34 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.flatMap(Collection::stream)
.collect(Collectors.toSet());
watch.stop();
if (CollectionUtils.isEmpty(workspaceProductFeatures)) {
log.info("product not found:{}", req.getWorkspaceId());
return false;
}
watch.start("authPermission:match no auth feature");
// 是否有免授权的权限码且在租户开通了这个产品
boolean matchedNoNeedAuthFeature = matchNoAuthFeatureNew(saasFeatureResources, workspaceProductFeatures);
watch.stop();
if (BooleanUtil.isTrue(matchedNoNeedAuthFeature)) {
log.info("has no need auth feature:{}", req.getWorkspaceId());
return true;
}
watch.start("authPermission:match admin role");
// 是否有管理员角色且租户开通了管理员角色的单位类型对应的产品权限码
boolean matchedAdminRole = matchAdminRole(saasRoleUserRelations, workspaceProductFeatures);
watch.stop();
if (BooleanUtil.isTrue(matchedAdminRole)) {
log.info("admin role has permission:{}", req.getWorkspaceId());
return true;
}
return matchNormalRole(saasRoleUserRelations, workspaceProductFeatures);
watch.start("authPermission:match normal role");
boolean result = matchNormalRole(saasRoleUserRelations, workspaceProductFeatures);
watch.stop();
watch.prettyPrint(TimeUnit.MILLISECONDS);
return result;
}
/**
@ -1408,23 +1420,29 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
*/
@Override
public boolean authPermission(PermissionCheckReq req) {
StopWatch watch = StopWatch.create("authPermission:old");
watch.start("authPermission:select feature");
// saas_feature表会被废弃所以直接查询没提供统一的查询
List<SaasFeature> saasFeatures = saasFeatureDao.lambdaQuery()
.in(SaasFeature::getFeatureCode, req.getFeatureCodes())
.eq(SaasFeature::getIsDelete, TableIsDeleteEnum.NORMAL.value)
.eq(StringUtils.isNotBlank(req.getTerminal()), SaasFeature::getTerminal, req.getTerminal())
.list();
watch.stop();
if (CollectionUtils.isEmpty(saasFeatures)) {
log.info("featureCode not found in saasFeature:{}", req.getFeatureCodes());
return false;
}
watch.start("authPermission:select role");
//用户角色关系以及对应角色的权限点
List<SaasRoleUserV2DTO> saasRoleUserRelations = listRoleUserRelations(req, saasFeatures);
watch.stop();
if (CollectionUtils.isEmpty(saasRoleUserRelations)) {
return false;
}
watch.start("authPermission:select workspace product");
Set<Long> featureIds = saasFeatures.stream()
.map(SaasFeature::getId)
.collect(Collectors.toSet());
@ -1432,7 +1450,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder()
.workspaceIds(Sets.newHashSet(req.getWorkspaceId()))
.featureIdPairs(Lists.newArrayList(
FeatureIdPair.builder().featureIds(featureIds).type(NEW_FEATURE).build()
FeatureIdPair.builder().featureIds(featureIds).type(OLD_FEATURE).build()
))
.build();
Set<SaasProductModuleFeatureRelation> workspaceProductFeatures = workspaceProductService.listWorkspaceProduct(workspaceProductParam).stream()
@ -1440,27 +1458,33 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toSet());
watch.stop();
if (CollectionUtils.isEmpty(workspaceProductFeatures)) {
log.info("product not found:{}", req.getWorkspaceId());
return false;
}
watch.start("authPermission:match no auth feature");
// 是否有免授权的权限码且在租户开通了这个产品
boolean matchedNoNeedAuthFeature = matchNoAuthFeature(saasFeatures, workspaceProductFeatures);
watch.stop();
if (BooleanUtil.isTrue(matchedNoNeedAuthFeature)) {
log.info("has no need auth feature:{}", req.getWorkspaceId());
return true;
}
watch.start("authPermission:match admin role");
// 是否有管理员角色且租户开通了管理员角色的单位类型对应的产品权限码
boolean matchedAdminRole = matchAdminRole(saasRoleUserRelations, workspaceProductFeatures);
watch.stop();
if (BooleanUtil.isTrue(matchedAdminRole)) {
log.info("admin role has permission:{}", req.getWorkspaceId());
return true;
}
return matchNormalRole(saasRoleUserRelations, workspaceProductFeatures);
watch.start("authPermission:match normal role");
boolean result = matchNormalRole(saasRoleUserRelations, workspaceProductFeatures);
watch.stop();
watch.prettyPrint(TimeUnit.MILLISECONDS);
return result;
}
private boolean matchNormalRole(List<SaasRoleUserV2DTO> saasRoleUserRelations,