feat(code2identity): 实现权限查人接口
This commit is contained in:
zhansihu
parent
9b18ac15c8
commit
7bee500ca2
@ -3,9 +3,12 @@ package cn.axzo.tyr.client.feign;
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.IdentityAuthReq;
|
||||
import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
|
||||
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
||||
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
|
||||
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
|
||||
import org.springframework.cloud.openfeign.FeignClient;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
@ -78,7 +81,10 @@ public interface TyrSaasAuthApi {
|
||||
* @return
|
||||
*/
|
||||
@PostMapping("/api/v2/auth/listIdentityFromPermission")
|
||||
ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(@RequestBody ListPermissionFromFeatureReq req);
|
||||
ApiResult<ListIdentityFromPermissionResp> listIdentityFromPermission(@RequestBody ListIdentityFromPermissionReq req);
|
||||
|
||||
@PostMapping("/api/v2/auth/batchListIdentityFromPermission")
|
||||
ApiResult<List<ListIdentityFromPermissionResp>> batchListIdentityFromPermission(@RequestBody List<ListIdentityFromPermissionReq> req);
|
||||
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,36 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* 根据权限查询人请求
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class BatchListIdentityFromPermissionReq {
|
||||
|
||||
/** 权限码:有任一权限码有即命中查询 **/
|
||||
@NotNull(message = "权限码不能为空")
|
||||
private List<String> featureCodes;
|
||||
|
||||
/**
|
||||
* 工作台Id
|
||||
*/
|
||||
@NotNull(message = "工作台不能为空")
|
||||
private List<OUWorkspacePair> workspaceAndOU;
|
||||
|
||||
/**
|
||||
* 指定端的权限
|
||||
*/
|
||||
private String terminal;
|
||||
|
||||
}
|
||||
@ -0,0 +1,43 @@
|
||||
package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* 根据权限查询人请求
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class ListIdentityFromPermissionReq {
|
||||
|
||||
/** 权限码:有任一权限码有即命中查询 **/
|
||||
@NotNull(message = "权限码不能为空")
|
||||
private String featureCode;
|
||||
|
||||
/** 企业组织ID **/
|
||||
@NotNull(message = "企业组织ID不能为空")
|
||||
private Long ouId;
|
||||
/**
|
||||
* 工作台Id
|
||||
*/
|
||||
@NotNull(message = "工作台不能为空")
|
||||
private Long workspaceId;
|
||||
|
||||
/** 参建单位类型 **/
|
||||
@NotNull(message = "参建单位类型不能为空")
|
||||
private Integer workspaceJoinType;
|
||||
|
||||
/**
|
||||
* 指定端的权限
|
||||
*/
|
||||
private String terminal;
|
||||
|
||||
}
|
||||
@ -2,6 +2,8 @@ package cn.axzo.tyr.client.model.req;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
|
||||
/**
|
||||
* OU和wokspace对
|
||||
*
|
||||
@ -11,6 +13,13 @@ import lombok.Data;
|
||||
*/
|
||||
@Data
|
||||
public class OUWorkspacePair {
|
||||
/** 工作台ID **/
|
||||
@NotNull
|
||||
private Long workspaceId;
|
||||
/** 企业组织ID **/
|
||||
@NotNull
|
||||
private Long ouId;
|
||||
/** 参建类型 **/
|
||||
@NotNull
|
||||
private Integer workspaceJoinType;
|
||||
}
|
||||
|
||||
@ -0,0 +1,37 @@
|
||||
package cn.axzo.tyr.client.model.res;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 权限查人响应
|
||||
*
|
||||
* @version V1.0
|
||||
* @author: ZhanSiHu
|
||||
* @date: 2023/10/20 18:03
|
||||
*/
|
||||
@Data
|
||||
public class ListIdentityFromPermissionResp {
|
||||
|
||||
private Long ouId;
|
||||
|
||||
private Long workspaceId;
|
||||
|
||||
private boolean freePermission = false;
|
||||
|
||||
private List<UserVO> users;
|
||||
|
||||
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
public static class UserVO {
|
||||
|
||||
private Long identityId;
|
||||
|
||||
private Integer identityType;
|
||||
|
||||
private boolean isSuperAdmin;
|
||||
}
|
||||
}
|
||||
@ -17,6 +17,9 @@ public class QueryIdentityByPermissionResp {
|
||||
|
||||
private Long ouId;
|
||||
|
||||
/** 是否包含免授权功能 - 免授权功能企业下所有用户都有权限, 不返回用户信息 **/
|
||||
private boolean hasFreePermission;
|
||||
|
||||
private Boolean isSuperAdmin = false;
|
||||
|
||||
private List<String> featureCode;
|
||||
|
||||
@ -4,9 +4,12 @@ import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.tyr.client.feign.TyrSaasAuthApi;
|
||||
import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.IdentityAuthReq;
|
||||
import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
|
||||
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
||||
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
|
||||
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
|
||||
import cn.axzo.tyr.server.service.TyrSaasAuthService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -53,8 +56,13 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<List<QueryIdentityByPermissionResp>> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
|
||||
return ApiResult.ok(tyrSaasAuthService.listIdentityFromPermissionV2(req));
|
||||
public ApiResult<ListIdentityFromPermissionResp> listIdentityFromPermission(ListIdentityFromPermissionReq req) {
|
||||
return ApiResult.ok(tyrSaasAuthService.listIdentityFromPermission(req));
|
||||
}
|
||||
|
||||
@Override
|
||||
public ApiResult<List<ListIdentityFromPermissionResp>> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> req) {
|
||||
return ApiResult.ok(tyrSaasAuthService.batchListIdentityFromPermission(req));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -93,5 +93,9 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
|
||||
IPage<SaasRole> page = new Page<>(req.getPage(), req.getPageSize());
|
||||
return this.baseMapper.pageQueryForOUWorkspace(page, req.getOuId(), req.getWorkspaceId(), req.getWorkspaceJoinType());
|
||||
}
|
||||
|
||||
public List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType) {
|
||||
return this.baseMapper.listForOUWorkspace(ouId, workspaceId, workspaceJoinType);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -21,5 +21,7 @@ public interface SaasRoleMapper extends BaseMapper<SaasRole> {
|
||||
List<SaasRoleWithUser> listRoleUserByPermissionGroup(List<Long> permissionGroupIds, Set<Long> workspaceIds);
|
||||
|
||||
Page<SaasRole> pageQueryForOUWorkspace(IPage<SaasRole> page, Long ouId, Long workspaceId, Integer workspaceJoinType);
|
||||
|
||||
List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType);
|
||||
}
|
||||
|
||||
|
||||
@ -6,6 +6,7 @@ import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
|
||||
import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
|
||||
import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq;
|
||||
import cn.axzo.tyr.client.model.permission.PermissionPointVO;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasFeature;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -54,4 +55,6 @@ public interface PermissionPointService {
|
||||
*/
|
||||
List<PermissionPointTreeNode> listTreeNodesFlatChild(PermissionPointTreeQueryReq request);
|
||||
|
||||
/** 根据code查询权限点, terminal可为空- 直查 **/
|
||||
List<SaasFeature> listNodeByCode(String featureCode, String terminal);
|
||||
}
|
||||
|
||||
@ -9,6 +9,7 @@ import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
|
||||
import cn.axzo.tyr.client.model.res.RoleWithUserRes;
|
||||
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
|
||||
import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRole;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
|
||||
import cn.axzo.tyr.server.service.impl.TyrSaasAuthServiceImpl;
|
||||
|
||||
@ -27,6 +28,8 @@ public interface RoleService {
|
||||
|
||||
List<SaasRoleVO> queryByIdentityIdType(Long identityId, Integer identityType,Long workspaceId,Long ouId, Boolean includePermissionGroup);
|
||||
|
||||
List<SaasRoleVO> getByIds(List<Long> roleIds, Integer isCommon, List<Long> workspaceId, List<Long> ouId, Boolean includePermissionGroup);
|
||||
|
||||
List<SaasRoleVO> query(QuerySaasRoleReq req);
|
||||
|
||||
List<QueryBatchByIdentityIdTypeRes> queryBatchByIdentityIdType(List<QueryByIdentityIdTypeReq> req);
|
||||
@ -70,4 +73,9 @@ public interface RoleService {
|
||||
*/
|
||||
List<SaasRoleVO> queryRoleByRoleTypes(QueryByIdentityIdTypeReq req, List<String> roleTypes);
|
||||
|
||||
List<SaasRole> listRoleFromFeature(List<String> featureCodes, List<Long> workspaceIds);
|
||||
|
||||
List<SaasRole> listByOUWorkspace(Long ouId, Long workspaceId);
|
||||
|
||||
List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType);
|
||||
}
|
||||
|
||||
@ -83,4 +83,6 @@ public interface SaasRoleUserService {
|
||||
* @param param
|
||||
*/
|
||||
void createAgencyAdminRole(CreateAgencyAdminRoleParam param);
|
||||
|
||||
List<SaasRoleUserRelation> listByRoleIds(List<Long> matchedRoleIds);
|
||||
}
|
||||
@ -2,9 +2,12 @@ package cn.axzo.tyr.server.service;
|
||||
|
||||
import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.IdentityAuthReq;
|
||||
import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
|
||||
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
||||
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
|
||||
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
|
||||
|
||||
import java.util.List;
|
||||
@ -33,5 +36,7 @@ public interface TyrSaasAuthService {
|
||||
|
||||
boolean hasPermissionForIdentityV2(CheckIdentityPermissionReq req);
|
||||
|
||||
List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req);
|
||||
ListIdentityFromPermissionResp listIdentityFromPermission(ListIdentityFromPermissionReq req);
|
||||
List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> req);
|
||||
|
||||
}
|
||||
|
||||
@ -558,4 +558,11 @@ public class PermissionPointServiceImpl implements PermissionPointService {
|
||||
}).flatMap(List::stream).collect(Collectors.toList());
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasFeature> listNodeByCode(String featureCode, String terminal) {
|
||||
return saasFeatureDao.list(new LambdaQueryWrapper<SaasFeature>()
|
||||
.eq(SaasFeature::getFeatureCode, featureCode)
|
||||
.eq(StrUtil.isNotBlank(terminal), SaasFeature::getTerminal, terminal));
|
||||
}
|
||||
}
|
||||
|
||||
@ -90,6 +90,7 @@ public class RoleServiceImpl implements RoleService {
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@Override
|
||||
public List<SaasRoleVO> getByIds(List<Long> roleIds, Integer isCommon, List<Long> workspaceId, List<Long> ouId, Boolean includePermissionGroup) {
|
||||
if (includePermissionGroup == null) {
|
||||
includePermissionGroup = false;
|
||||
@ -506,6 +507,23 @@ public class RoleServiceImpl implements RoleService {
|
||||
return BeanUtil.copyToList(list, SaasRoleVO.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRole> listRoleFromFeature(List<String> featureCodes, List<Long> workspaceIds) {
|
||||
//TODO:@Zhan
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRole> listByOUWorkspace(Long ouId, Long workspaceId) {
|
||||
//TODO:@Zhan
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType) {
|
||||
return saasRoleDao.listForOUWorkspace(ouId, workspaceId, workspaceJoinType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<QueryRoleByNameResp> findRoleByName(QueryRoleByNameReq req) {
|
||||
List<Long> relationRoleIds = Lists.newArrayList();
|
||||
|
||||
@ -277,6 +277,12 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
roleUserRelationDao.saveBatch(newUserRoleRelations);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRoleUserRelation> listByRoleIds(List<Long> matchedRoleIds) {
|
||||
//TODO:@Zhan
|
||||
return null;
|
||||
}
|
||||
|
||||
private List<SaasRoleGroupRelation> filterAgencyAdminRoleGroupRelation(CreateAgencyAdminRoleParam param) {
|
||||
// 根据传入的角色id筛选出内置角色
|
||||
List<SaasRole> saasRoles = saasRoleDao.lambdaQuery().in(SaasRole::getId, param.getUpdateRoleIds())
|
||||
|
||||
@ -3,6 +3,7 @@ package cn.axzo.tyr.server.service.impl;
|
||||
import cn.axzo.basics.common.BeanMapper;
|
||||
import cn.axzo.basics.common.util.AssertUtil;
|
||||
import cn.axzo.framework.domain.ServiceException;
|
||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
||||
import cn.axzo.thrones.client.saas.ServicePkgClient;
|
||||
import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
|
||||
@ -10,7 +11,6 @@ import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
|
||||
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
|
||||
import cn.axzo.tyr.client.common.enums.WorkspaceJoinType;
|
||||
import cn.axzo.tyr.client.model.enums.DelegatedType;
|
||||
import cn.axzo.tyr.client.model.enums.FeatureType;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
|
||||
import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
|
||||
@ -18,16 +18,21 @@ import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq;
|
||||
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
|
||||
import cn.axzo.tyr.client.model.req.CheckIdentityPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.IdentityAuthReq;
|
||||
import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
|
||||
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
|
||||
import cn.axzo.tyr.client.model.req.OUWorkspacePair;
|
||||
import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
|
||||
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
|
||||
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
|
||||
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
|
||||
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
|
||||
import cn.axzo.tyr.server.repository.entity.ProductFeatureInfo;
|
||||
import cn.axzo.tyr.server.repository.entity.ProductFeatureQuery;
|
||||
import cn.axzo.tyr.server.repository.entity.RolePermission;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasFeature;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRole;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
||||
import cn.axzo.tyr.server.repository.entity.SaasRoleWithUser;
|
||||
import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
|
||||
@ -44,6 +49,7 @@ import cn.hutool.core.date.StopWatch;
|
||||
import cn.hutool.core.util.ArrayUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.json.JSONUtil;
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import lombok.Data;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -52,7 +58,6 @@ import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
@ -521,11 +526,88 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<QueryIdentityByPermissionResp> listIdentityFromPermissionV2(ListPermissionFromFeatureReq req) {
|
||||
//TODO:@Zhan
|
||||
//超管 - 保持原逻辑
|
||||
//非超管 权限code+terminal -> feature -> 权限集 -> 例外权限集作用范围过滤 --> 权限集角色-角色组匹配OU类型资质(OU参建单位)
|
||||
//免授权型 - 没有意义
|
||||
public ListIdentityFromPermissionResp listIdentityFromPermission(ListIdentityFromPermissionReq req) {
|
||||
Long ouId = req.getOuId();
|
||||
Long workspaceId = req.getWorkspaceId();
|
||||
ListIdentityFromPermissionResp result = new ListIdentityFromPermissionResp();
|
||||
result.setOuId(ouId);
|
||||
result.setWorkspaceId(workspaceId);
|
||||
result.setUsers(new ArrayList<>());
|
||||
|
||||
//查询工作台下产品-产品包含的权限
|
||||
Set<Long> workspaceFeatureIds = listWorkspaceFeatures(req.getWorkspaceId());
|
||||
//code查询权限点信息
|
||||
List<SaasFeature> features = permissionPointService.listNodeByCode(req.getFeatureCode(), req.getTerminal());
|
||||
//权限匹配
|
||||
boolean matched = false;
|
||||
for (SaasFeature feature : features) {
|
||||
if (workspaceFeatureIds.contains(feature.getId())) {
|
||||
matched = true;
|
||||
if (DelegatedType.NO_NEED.sameCode(feature.getDelegatedType())) {
|
||||
//免授权 -直接返回
|
||||
log.info("free permission point:{}", feature.getId());
|
||||
result.setFreePermission(true);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!matched) {
|
||||
//工作台没权限
|
||||
log.warn("no feature found in workspace");
|
||||
return result;
|
||||
}
|
||||
|
||||
//查询OU-工作台下的角色
|
||||
List<SaasRole> roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType());
|
||||
//工作台超管
|
||||
Set<Long> superAdmins = roleList
|
||||
.stream()
|
||||
.filter(r -> r.getRoleType().equals(RoleTypeEnum.SUPER_ADMIN.getValue()))
|
||||
.map(SaasRole::getId)
|
||||
.collect(Collectors.toSet());
|
||||
//查询角色及权限
|
||||
List<SaasRoleVO> rolePermissions = roleService.getByIds(roleList.stream().map(SaasRole::getId).collect(Collectors.toList()),
|
||||
null, Collections.singletonList(workspaceId), Collections.singletonList(ouId), true);
|
||||
Set<Long> featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet());
|
||||
//计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色
|
||||
List<SaasRoleVO> matchedRoleList = rolePermissions.stream()
|
||||
.filter(rp -> rp.getMatchFeature(workspaceId, ouId).stream()
|
||||
.anyMatch(f -> featureIds.contains(f.getPermissionPointId())))
|
||||
.collect(Collectors.toList());
|
||||
//查询角色下用户
|
||||
List<Long> matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList());
|
||||
matchedRoleIds.addAll(superAdmins);
|
||||
List<SaasRoleUserRelation> relationList = roleUserService.listByRoleIds(matchedRoleIds);
|
||||
Set<String> filterSet = new HashSet<>();
|
||||
for (SaasRoleUserRelation relation : relationList) {
|
||||
//构建用户 - 去重
|
||||
String key = relation.getIdentityId() + "-" + relation.getIdentityType();
|
||||
if (!filterSet.contains(key)) {
|
||||
filterSet.add(key);
|
||||
ListIdentityFromPermissionResp.UserVO user = new ListIdentityFromPermissionResp.UserVO(relation.getIdentityId(),
|
||||
relation.getIdentityType(), superAdmins.contains(relation.getIdentityId()));
|
||||
result.getUsers().add(user);
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
private Set<Long> listWorkspaceFeatures(Long workspaceId) {
|
||||
List<ServicePkgProduct> productList = checkAndGetData(servicePkgClient.listProductInWorkSpace(workspaceId));
|
||||
if (CollectionUtil.isEmpty(productList)) {
|
||||
log.warn("no product found for workspace:{}", workspaceId);
|
||||
return new HashSet<>();
|
||||
}
|
||||
List<ProductFeatureRelationVO> features = checkAndGetData(productFeatureRelationService.featureListByProduct(productList.stream()
|
||||
.map(ServicePkgProduct::getProductId)
|
||||
.collect(Collectors.toList())));
|
||||
return features.stream().map(ProductFeatureRelationVO::getFeatureId).collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> req) {
|
||||
//异步处理
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -90,7 +90,7 @@
|
||||
|
||||
</select>
|
||||
|
||||
<select id="pageQueryForOUWorkspace" resultType="cn.axzo.tyr.server.repository.entity.SaasRole">
|
||||
<sql id="sql-queryForOUWorkspace">
|
||||
SELECT
|
||||
r.*
|
||||
FROM
|
||||
@ -100,10 +100,18 @@
|
||||
WHERE
|
||||
r.is_delete = 0
|
||||
AND (
|
||||
( r.workspace_id = #{workspaceId} AND r.owner_ou_id = #{ouId} AND r.role_type = 'common' )
|
||||
( r.workspace_id = #{workspaceId} AND r.owner_ou_id = #{ouId} AND (r.role_type = 'common' OR r.role_type = 'super_admin') )
|
||||
OR
|
||||
( r.owner_ou_id = - 1 AND FIND_IN_SET( #{workspaceJoinType},g.ou_type_code) > 0)
|
||||
)
|
||||
</sql>
|
||||
|
||||
<select id="pageQueryForOUWorkspace" resultType="cn.axzo.tyr.server.repository.entity.SaasRole">
|
||||
<include refid="sql-queryForOUWorkspace"/>
|
||||
</select>
|
||||
|
||||
<select id="listForOUWorkspace" resultType="cn.axzo.tyr.server.repository.entity.SaasRole">
|
||||
<include refid="sql-queryForOUWorkspace"/>
|
||||
</select>
|
||||
|
||||
</mapper>
|
||||
Loading…
Reference in New Issue
Block a user