Merge remote-tracking branch 'origin/master' into feature/REQ-2046

# Conflicts: # tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java # tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java # tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java # tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java # tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java # tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java # tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
2024-02-01 10:05:42 +08:00 · 2024-02-01 10:05:42 +08:00 · 86dcb10442
commit 86dcb10442
parent cc703294fc f3fd1ea4a4
13 changed files with 165 additions and 25 deletions
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
@ -8,6 +8,7 @@ import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
 import cn.axzo.tyr.client.model.req.PermissionCacheReq;
+import cn.axzo.tyr.client.model.req.WorkspacePermissionIdentityReq;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
 import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
@ -88,6 +89,10 @@ public interface TyrSaasAuthApi {
    @PostMapping("/api/v2/auth/batchListIdentityFromPermission")
    ApiResult<List<ListIdentityFromPermissionResp>> batchListIdentityFromPermission(@RequestBody List<ListIdentityFromPermissionReq> req);

+    /** 查询工作台下有权限的人 **/
+    @PostMapping("/api/v2/auth/listWorkspacePermissionIdentity")
+    ApiResult<List<ListIdentityFromPermissionResp>> listWorkspacePermissionIdentity(@RequestBody WorkspacePermissionIdentityReq req);
+
    /** 暂时禁用权限缓存，至缓存失效 - 实现刷新 **/
    @PostMapping("/api/v2/auth/tempDisableAuthCache")
    ApiResult<Void> tempDisableAuthCache(@Valid @RequestBody PermissionCacheReq req);
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/WorkspacePermissionIdentityReq.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/WorkspacePermissionIdentityReq.java
@ -0,0 +1,23 @@
+package cn.axzo.tyr.client.model.req;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotNull;
+import java.util.List;
+
+/**
+ * @version V1.0
+ * @author: ZhanSiHu
+ * @date: 2024/1/17 11:03
+ */
+@Data
+public class WorkspacePermissionIdentityReq {
+
+    /** 工作台ID **/
+    @NotNull
+    private Long workspaceId;
+
+    /** 权限点CODE **/
+    @NotNull
+    private List<String> featureCodes;
+}
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListIdentityFromPermissionResp.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListIdentityFromPermissionResp.java
@ -1,9 +1,11 @@
 package cn.axzo.tyr.client.model.res;

 import lombok.AllArgsConstructor;
+import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;

+import java.util.ArrayList;
 import java.util.List;

 /**
@ -14,6 +16,7 @@ import java.util.List;
 * @date: 2023/10/20 18:03
 */
@Data
+@Builder
@NoArgsConstructor
@AllArgsConstructor
 public class ListIdentityFromPermissionResp {
@ -22,12 +25,15 @@ public class ListIdentityFromPermissionResp {

    private Long workspaceId;

+    @Builder.Default
    private boolean freePermission = false;

-    private List<UserVO> users;
+    @Builder.Default
+    private List<UserVO> users = new ArrayList<>();


    @Data
+    @Builder
    @AllArgsConstructor
    @NoArgsConstructor
    public static class  UserVO {
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
@ -12,6 +12,7 @@ import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
 import cn.axzo.tyr.client.model.req.PermissionCacheReq;
+import cn.axzo.tyr.client.model.req.WorkspacePermissionIdentityReq;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
 import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
@ -78,6 +79,10 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
        return ApiResult.ok(tyrSaasAuthService.batchListIdentityFromPermission(req));
    }

+    @Override
+    public ApiResult<List<ListIdentityFromPermissionResp>> listWorkspacePermissionIdentity(WorkspacePermissionIdentityReq req) {
+        return ApiResult.ok(tyrSaasAuthService.listWorkspacePermissionIdentity(req));
+    }
    @Override
    public ApiResult<Void> tempDisableAuthCache(PermissionCacheReq req) {
        permissionCacheService.markTempDisable(PermissionCacheKey.builder()
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleMapper.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleMapper.java
@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;

 import java.util.List;
 import java.util.Set;
@ -23,5 +24,7 @@ public interface SaasRoleMapper extends BaseMapper<SaasRole> {
    Page<SaasRole> pageQueryForOUWorkspace(IPage<SaasRole> page, Long ouId, Long workspaceId, Integer workspaceJoinType);

    List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType);
+
+    List<SaasRole> listRoleByFeatures(@Param("featureIds") Set<Long> featureIds);
 }

--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionPointService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionPointService.java
@ -58,6 +58,8 @@ public interface PermissionPointService {
    /** 根据code查询权限点, terminal可为空 **/
    List<SaasFeature> listNodeWithChildrenByCode(String featureCode, String terminal);

+    List<SaasFeature> listNodeWithChildrenByCodes(List<String> featureCodes, String terminal);
+
    /**
     * 根据CODE查询详情
     * @param code
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java
@ -89,6 +89,8 @@ public interface RoleService {
     */
    void deleteRole(List<Long> roleIds,Long workSpaceId,Long outId);

+    List<SaasRole> queryRoleByFeatures(Set<Long> matchedFeatureIds);
+
    List<SaasRole> getByIds(Set<Long> ids);

    List<SaasRoleCategoryVO> queryByCategoryCode(List<String> categoryCodes);
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
@ -8,6 +8,7 @@ import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
 import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
+import cn.axzo.tyr.client.model.req.WorkspacePermissionIdentityReq;
 import cn.axzo.tyr.client.model.res.IdentityAuthRes;
 import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
 import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
@ -43,6 +44,7 @@ public interface TyrSaasAuthService {
     */
    IdentityAuthRes findIdentityAuthMix(IdentityAuthReq identityAuthReq);

+    List<ListIdentityFromPermissionResp> listWorkspacePermissionIdentity(WorkspacePermissionIdentityReq req);
    /**
     *  通过资源信息获取权限
     * @param listPermissionFromRoleGroupReq
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java
@ -23,10 +23,6 @@ import cn.axzo.basics.common.BeanMapper;
 import cn.axzo.basics.common.util.StopWatchUtil;
 import cn.axzo.basics.common.util.TreeUtil;
 import cn.axzo.framework.domain.web.code.BaseCode;
-import cn.axzo.framework.domain.web.result.ApiResult;
-import cn.axzo.thrones.client.saas.ServicePkgClient;
-import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
-import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
 import cn.axzo.tyr.client.model.dict.request.BasicDictNodeReq;
 import cn.axzo.tyr.client.model.dict.request.BasicDictQueryReq;
 import cn.axzo.tyr.client.model.dict.response.BasicDictNodeResp;
@ -35,31 +31,18 @@ import cn.axzo.tyr.client.model.enums.DictTypeFiledEnum;
 import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
 import cn.axzo.tyr.client.model.enums.FeatureType;
 import cn.axzo.tyr.client.model.permission.*;
-import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
 import cn.axzo.tyr.server.common.util.Throws;
 import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
 import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationDao;
 import cn.axzo.tyr.server.repository.dao.SaasProductModuleFeatureRelationDao;
 import cn.axzo.tyr.server.repository.entity.SaasFeature;
 import cn.axzo.tyr.server.service.PermissionPointService;
-import cn.axzo.tyr.server.service.ProductFeatureRelationService;
 import cn.axzo.tyr.server.service.SaasBasicDictService;
 import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.util.StrUtil;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;

-import java.util.*;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.TimeUnit;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-
-import static cn.axzo.tyr.client.model.enums.FeatureType.BUTTON;
-import static cn.axzo.tyr.client.model.enums.FeatureType.MODULE;
-import static cn.axzo.tyr.server.common.constants.PermissionConstant.*;
 import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;

 /**
@ -568,8 +551,13 @@ public class PermissionPointServiceImpl implements PermissionPointService {

    @Override
    public List<SaasFeature> listNodeWithChildrenByCode(String featureCode, String terminal) {
+        return listNodeWithChildrenByCodes(Collections.singletonList(featureCode), terminal);
+    }
+
+    @Override
+    public List<SaasFeature> listNodeWithChildrenByCodes(List<String> featureCodes, String terminal) {
        List<SaasFeature> currentFeatrureList = saasFeatureDao.list(new LambdaQueryWrapper<SaasFeature>()
-                .eq(SaasFeature::getFeatureCode, featureCode)
+                .in(SaasFeature::getFeatureCode, featureCodes)
                .eq(StrUtil.isNotBlank(terminal), SaasFeature::getTerminal, terminal));
        //button过滤-如果全是按钮则不查子级
        Set<String> pathsWithoutButton = currentFeatrureList.stream()
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
@ -736,6 +736,11 @@ public class RoleServiceImpl implements RoleService {
        roleGroupRelationDao.deleteGroupRelation(roleIds);
    }

+    @Override
+    public List<SaasRole> queryRoleByFeatures(Set<Long> matchedFeatureIds) {
+        return saasRoleDao.getBaseMapper().listRoleByFeatures(matchedFeatureIds);
+    }
+
    @Override
    public List<SaasRole> getByIds(Set<Long> ids) {
        return saasRoleDao.listByIds(ids);
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
@ -111,10 +111,6 @@ public class RoleUserService implements SaasRoleUserService {
            List<Long> adminRole = existsRole.stream().filter(e -> RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole()).mapToLong(SaasRole::getId).boxed().collect(Collectors.toList());
            // 排除管理员角色(普通角色) 这里用过滤的方式，是为了防止脏数据产生(saas_role_user_relation表有用户数据但是角色表已经被删除)
            notAdminRole = existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().filter(roleId -> !adminRole.contains(roleId)).collect(Collectors.toList());
-			// 排除分包负责人等角色
-			if (CollectionUtils.isNotEmpty(notAdminRole) && participateUnitDefaultRoleId != null && participateUnitDefaultRoleId.size() > 0) {
-				notAdminRole = notAdminRole.stream().filter(e-> !participateUnitDefaultRoleId.values().contains(e)).collect(Collectors.toList());
-			}
        }
        BaseWorkspaceModel workspaceModel = BaseWorkspaceModel.builder()
                .workspaceId(req.getWorkspaceId()).ouId(req.getOuId())
@ -291,8 +287,8 @@ public class RoleUserService implements SaasRoleUserService {
            return new ArrayList<>();
        }
        return roleUserRelationDao.list(new LambdaQueryWrapper<SaasRoleUserRelation>()
-                .eq(SaasRoleUserRelation::getOuId, ouId)
-                .eq(SaasRoleUserRelation::getWorkspaceId, workspaceId)
+                .eq(Objects.nonNull(ouId), SaasRoleUserRelation::getOuId, ouId)
+                .eq(Objects.nonNull(workspaceId), SaasRoleUserRelation::getWorkspaceId, workspaceId)
                .in(SaasRoleUserRelation::getRoleId, roleIds));
    }

--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
@ -23,6 +23,8 @@ import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
 import cn.axzo.tyr.client.model.res.SimpleFeatureInfo;
 import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
 import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO;
+import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
+import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
 import cn.axzo.tyr.client.model.vo.SaasRoleVO;
 import cn.axzo.tyr.server.model.FilterRoleAuth;
 import cn.axzo.tyr.server.model.PermissionCacheKey;
@ -949,6 +951,96 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {

    }

+    @Override
+    public List<ListIdentityFromPermissionResp> listWorkspacePermissionIdentity(WorkspacePermissionIdentityReq req) {

+        //code查询权限点信息
+        List<SaasFeature> features = permissionPointService.listNodeWithChildrenByCodes(req.getFeatureCodes(), null);
+        if (CollectionUtil.isEmpty(features)) {
+            log.warn("no features found for:{}", req.getFeatureCodes());
+            return Collections.emptyList();
+        }
+        Set<Long> featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet());
+        //权限匹配 - 工作台是否有指定权限
+        Set<Long> matchedFeatureIds = matchWorkspaceFeature(req.getWorkspaceId(), null, featureIds);
+        if (CollectionUtil.isEmpty(matchedFeatureIds)) {
+            log.warn("------trace-L-I-F-P----> no matched feature in workspace");
+            return Collections.emptyList();
+        }

+        //是否免授权权限点
+        Optional<SaasFeature> freeFeature = features.stream()
+                .filter(f -> matchedFeatureIds.contains(f.getId()))
+                .filter(f -> DelegatedType.NO_NEED.sameCode(f.getDelegatedType()))
+                .findAny();
+        if (freeFeature.isPresent()) {
+            throw new ServiceException("免授权权限点调用查人接口");
+        }
+
+        //从相关角色查询用户-超管和普通角色
+        Map<Long, ListIdentityFromPermissionResp> respMap = getWorkspaceUser(req, matchedFeatureIds);
+        return new ArrayList<>(respMap.values());
+    }
+
+    private Map<Long, ListIdentityFromPermissionResp> getWorkspaceUser(WorkspacePermissionIdentityReq req, Set<Long> matchedFeatureIds) {
+        Map<Long, ListIdentityFromPermissionResp> result = new HashMap<>();
+        Map<Long, Set<String>> distinctMap = new HashMap<>();
+        //超管
+        List<SaasRoleWithUser> superAdmins = roleService.listSuperAdminByWorkspace(Collections.singletonList(req.getWorkspaceId()));
+        for (SaasRoleWithUser superAdmin : superAdmins) {
+            Set<String> distinctSet = distinctMap.getOrDefault(superAdmin.getOuId(), new HashSet<>());
+            boolean suc = distinctSet.add(superAdmin.getIdentityId() + "-" + superAdmin.getIdentityType());
+            distinctMap.put(superAdmin.getOuId(), distinctSet);
+            if (!suc) {
+                continue;
+            }
+            ListIdentityFromPermissionResp resp = result.getOrDefault(superAdmin.getOuId(), new ListIdentityFromPermissionResp());
+            ListIdentityFromPermissionResp.UserVO user = ListIdentityFromPermissionResp.UserVO.builder()
+                    .isSuperAdmin(true)
+                    .identityId(superAdmin.getIdentityId())
+                    .identityType(superAdmin.getIdentityType())
+                    .personalId(superAdmin.getNaturalPersonId())
+                    .build();
+            resp.setOuId(superAdmin.getOuId());
+            resp.getUsers().add(user);
+            result.put(superAdmin.getOuId(), resp);
+        }
+
+        //权限点查角色  -- 不考虑 角色权限集例外
+        List<SaasRole> roles = roleService.queryRoleByFeatures(matchedFeatureIds);
+        if (CollectionUtil.isEmpty(roles)) {
+            log.warn("no role found for featureIds:{}", matchedFeatureIds);
+            return result;
+        }
+        //角色查人
+        List<Long> roleIds = roles.stream()
+                .map(SaasRole::getId)
+                .collect(Collectors.toList());
+        List<SaasRoleUserRelation> relations = roleUserService.listByRoleIds(roleIds, null, req.getWorkspaceId());
+        if (CollectionUtil.isEmpty(relations)) {
+            log.warn("no user role relation found. roleIds:{}, workspaceId:{}", roleIds, req.getWorkspaceId());
+            return result;
+        }
+
+        for (SaasRoleUserRelation relation : relations) {
+            Set<String> distinctSet = distinctMap.getOrDefault(relation.getOuId(), new HashSet<>());
+            boolean suc = distinctSet.add(relation.getIdentityId() + "-" + relation.getIdentityType());
+            distinctMap.put(relation.getOuId(), distinctSet);
+            if (!suc) {
+                continue;
+            }
+
+            ListIdentityFromPermissionResp resp = result.getOrDefault(relation.getOuId(), new ListIdentityFromPermissionResp());
+            ListIdentityFromPermissionResp.UserVO user = ListIdentityFromPermissionResp.UserVO.builder()
+                    .identityId(relation.getIdentityId())
+                    .identityType(relation.getIdentityType())
+                    .personalId(relation.getNaturalPersonId())
+                    .build();
+            resp.setOuId(relation.getOuId());
+            resp.getUsers().add(user);
+            result.put(relation.getOuId(), resp);
+        }
+
+        return result;
+    }
 }
--- a/tyr-server/src/main/resources/mapper/SaasRoleMapper.xml
+++ b/tyr-server/src/main/resources/mapper/SaasRoleMapper.xml
@ -114,4 +114,15 @@
        <include refid="sql-queryForOUWorkspace"/>
    </select>

+    <select id="listRoleByFeatures" resultType="cn.axzo.tyr.server.repository.entity.SaasRole">
+        SELECT DISTINCT r.id, r.`NAME`
+        FROM saas_pgroup_permission_relation pg, saas_pgroup_role_relation rg, saas_role r
+        WHERE pg.is_delete = 0 AND rg.is_delete = 0 AND r.is_delete = 0
+        AND pg.group_id = rg.group_id AND rg.role_id = r.id
+        AND pg.feature_id IN
+        <foreach collection="featureIds" open="(" close=")" separator="," index="index" item="item">
+            #{item, jdbcType=NUMERIC}
+        </foreach>
+    </select>
+
 </mapper>