wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(2046) 添加班组管理员、代班长、查询 权限信息

Browse Source
This commit is contained in:
TanJ 2024-01-08 14:55:45 +08:00
parent 4b1d49f1a9
commit abe02d21b8
11 changed files with 189 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java
View File

@ -35,6 +35,9 @@ public class ListPermissionFromRoleGroupReq {
private List<WorkspaceOuPair> workspaceOuPairs;
@Builder.Default
private Boolean findFeatureInfo = false;
@Data
@Builder
@AllArgsConstructor

12
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java
View File

@ -1,12 +1,10 @@
package cn.axzo.tyr.client.model.res;
import cn.axzo.tyr.client.model.enums.IdentityType;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Set;
/**
* 通过角色分组及分类查询人员的权限
@ -59,5 +57,13 @@ public class ListPermissionFromRoleGroupResp {
private Long permissionGroupId;
/**
* 权限点信息 按钮级别
*/
private Set<Long> simpleFeatureInfos;
}

21
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SimpleFeatureInfo.java Normal file
View File

@ -0,0 +1,21 @@
package cn.axzo.tyr.client.model.res;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* 权限点基础信息
* @author tanjie@axzo.cn
*/
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class SimpleFeatureInfo {
private Long featureId;
private String featureCode;
}

5
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java
View File

@ -31,6 +31,11 @@ public class SaasRoleVO {
*/
private String name;
/**
* 角色所对应的产品属性
*/
private Integer productUnitType;
/**
* 角色类型 init 标准 common 自定义角色 admin管理员 super_admin 超管
*/

27
tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java Normal file
View File

@ -0,0 +1,27 @@
package cn.axzo.tyr.server.model;
import cn.axzo.tyr.server.service.impl.TyrSaasAuthServiceImpl;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
/**
* 通过工作台过滤角色的权限
* #{@link TyrSaasAuthServiceImpl#filterAuthByRoleAndProduct()}
* @author tanjie@axzo.cn
* @date 2024/1/8 14:16
*/
@AllArgsConstructor
@Data
@NoArgsConstructor
@Builder
public class FilterRoleAuth {
private Long roleId;
private Long workspaceId;
}

2
tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java
View File

@ -86,4 +86,6 @@ public interface RoleService {
* @param outId 待删除角色所属单位ID
*/
void deleteRole(List<Long> roleIds,Long workSpaceId,Long outId);
List<SaasRole> getByIds(Set<Long> ids);
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
View File

@ -43,5 +43,10 @@ public interface TyrSaasAuthService {
*/
IdentityAuthRes findIdentityAuthMix(IdentityAuthReq identityAuthReq);
/**
* 通过资源信息获取权限
* @param listPermissionFromRoleGroupReq
* @return
*/
List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq);
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java
View File

@ -31,6 +31,8 @@ import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -93,6 +95,9 @@ public class ProductFeatureRelationServiceImpl implements ProductFeatureRelation
@Override
public ApiResult<List<ProductFeatureRelationVO>> featureListByProduct(List<Long> productIds) {
if (CollectionUtil.isEmpty(productIds)) {
return ApiResult.ok(Collections.emptyList());
}
List<SaasProductModuleFeatureRelation> list = saasProductModuleFeatureRelationDao.lambdaQuery()
.select(SaasProductModuleFeatureRelation::getFeatureId
,SaasProductModuleFeatureRelation::getProductModuleId

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
View File

@ -709,4 +709,9 @@ public class RoleServiceImpl implements RoleService {
roleUserRelationDao.deleteByRoldId(roleIds);
roleGroupRelationDao.deleteGroupRelation(roleIds);
}
@Override
public List<SaasRole> getByIds(Set<Long> ids) {
return saasRoleDao.listByIds(ids);
}
}

77
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -2,6 +2,7 @@ package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.BeanMapper;
import cn.axzo.framework.domain.ServiceException;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.pokonyan.util.TraceSupplier;
import cn.axzo.thrones.client.saas.ServicePkgClient;
@ -19,8 +20,11 @@ import cn.axzo.tyr.client.model.res.IdentityAuthRes;
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
import cn.axzo.tyr.client.model.res.SimpleFeatureInfo;
import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO;
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
import cn.axzo.tyr.server.model.FilterRoleAuth;
import cn.axzo.tyr.server.model.PermissionCacheKey;
import cn.axzo.tyr.server.repository.entity.*;
import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
@ -30,6 +34,8 @@ import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.RoleService;
import cn.axzo.tyr.server.service.TyrSaasAuthService;
import cn.axzo.tyr.server.util.KeyUtil;
import cn.axzo.tyr.server.utils.RpcExternalUtil;
import cn.axzo.tyr.server.utils.RpcInternalUtil;
import cn.azxo.framework.common.model.CommonResponse;
import cn.azxo.framework.common.utils.LogUtil;
import cn.hutool.core.collection.CollectionUtil;
@ -37,6 +43,7 @@ import cn.hutool.core.collection.ListUtil;
import cn.hutool.core.date.StopWatch;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.BooleanUtil;
import cn.hutool.core.util.NumberUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONUtil;
import com.google.common.collect.Lists;
@ -793,7 +800,75 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
@Override
public List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
return saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq);
List<ListPermissionFromRoleGroupResp> permissionInfo = saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq);
if (CollectionUtil.isEmpty(permissionInfo)) {
return new ArrayList<>();
}
if (!listPermissionFromRoleGroupReq.getFindFeatureInfo()) {
return permissionInfo;
}
Map<Long, Set<Long>> authMap = filterAuthByRoleAndProduct(permissionInfo.stream().map(e -> FilterRoleAuth.builder()
.roleId(NumberUtil.parseLong(e.getRoleId()))
.workspaceId(e.getWorkspaceId())
.build()).collect(Collectors.toList()));
permissionInfo.forEach(e -> e.setSimpleFeatureInfos(authMap.get(NumberUtil.parseLong(e.getRoleId()))));
return permissionInfo;
}
/**
* 通过工作台ID过滤指定角色的权限
* @param filterRoleAuths
* @return
*/
public Map<Long, Set<Long>> filterAuthByRoleAndProduct(List<FilterRoleAuth> filterRoleAuths) {
List<Long> roleIds = filterRoleAuths.stream().map(FilterRoleAuth::getRoleId).distinct().collect(Collectors.toList());
List<SaasRoleVO> query = roleService.query(QuerySaasRoleReq.builder()
.ids(roleIds)
.build());
Map<Long, SaasRoleVO> roleMap = query.stream().collect(Collectors.toMap(SaasRoleVO::getId, Function.identity(), (a, b) -> a));
// find product by workspace
Set<Long> workspaceId = filterRoleAuths.stream().map(FilterRoleAuth::getWorkspaceId).collect(Collectors.toSet());
List<ServicePkgDetailRes> servicePkgDetailRes = RpcExternalUtil.rpcProcessor(() -> servicePkgClient.getServicePkgDetailBySpaceId(workspaceId), "find product ", workspaceId);
Map<Long, List<ServicePkgProduct>> productMap = servicePkgDetailRes.stream().collect(Collectors.toMap(ServicePkgDetailRes::getSpaceId, ServicePkgDetailRes::getProducts, (a, b) -> a));
// find permission point by product
List<Long> productIds = productMap.values().stream().flatMap(List::stream).map(ServicePkgProduct::getProductId).distinct().collect(Collectors.toList());
List<ProductFeatureRelationVO> productsDetail = RpcExternalUtil.rpcApiResultProcessor(() -> productFeatureRelationService.featureListByProduct(productIds), " find permission point by product ", productIds);
Map<Long, ProductFeatureRelationVO> productDetailMap = productsDetail.stream().collect(Collectors.toMap(ProductFeatureRelationVO::getId, Function.identity(), (a, b) -> a));
// intersection auth from role and product
return filterRoleAuths.stream().collect(Collectors.toMap(FilterRoleAuth::getRoleId, e -> {
Long roleId = e.getRoleId();
SaasRoleVO saasRole = roleMap.get(e.getRoleId());
if (null == saasRole) {
LogUtil.error(" find role info error,role id:{}", roleId);
return Collections.emptySet();
}
Integer productUnitType = saasRole.getProductUnitType();
List<ServicePkgProduct> productsInfo = productMap.get(e.getWorkspaceId());
List<Long> allFeatureIds = productsInfo.stream().map(productSimpleInfo -> {
ProductFeatureRelationVO productDetail = productDetailMap.get(productSimpleInfo.getProductId());
if (!Objects.equals(productUnitType.toString(), productDetail.getDictCode())) {
return null;
}
return productDetail.getFeatureId();
}).filter(Objects::nonNull).distinct().collect(Collectors.toList());
List<Long> currentPermissionId = saasRole.getMatchFeature(e.getWorkspaceId(), null).stream().map(PermissionPointTreeNode::getPermissionPointId).distinct().collect(Collectors.toList());
return new HashSet<>(CollectionUtil.intersection(allFeatureIds, currentPermissionId));
},(a,b)->{
a.addAll(b);
return a;
}
));
}

33
tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml
View File

@ -76,6 +76,33 @@
</foreach>
</select>
<resultMap id="workerPositionEx"
type="cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp">
<result property="identityId" column="identityId"/>
<result property="identityType" column="identityType"/>
<result property="personId" column="personId"/>
<result property="ouId" column="ouId"/>
<result property="workspaceId" column="workspaceId"/>
<result property="teamOuId" column="teamOuId"/>
<result property="roleGroupName" column="roleGroupName"/>
<result property="roleGroupCode" column="roleGroupCode"/>
<result property="roleGroupName" column="roleGroupName"/>
<result property="roleId" column="roleId"/>
<result property="roleName" column="roleName"/>
<result property="permissionGroupId" column="permissionGroupId"/>
<collection property="simpleFeatureInfos"
ofType="cn.axzo.tyr.client.model.res.SimpleFeatureInfo">
<result property="featureId" column="featureId"/>
<result property="featureCode" column="featureCode"/>
</collection>
</resultMap>
<select id="listAuthByResourceAndRoleGroup" resultType="cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp">
SELECT
t5.identity_id identityId,
@ -89,14 +116,16 @@
t1.name roleGroupName,
t1.code roleGroupCode,
t3.id roleId,
t3.name roleName;
t4.group_id permissionGroupId;
t3.name roleName,
t4.group_id permissionGroupId
FROM
saas_role_group t1
INNER JOIN saas_role_group_relation t2 ON t1.id = t2.saas_role_group_id
INNER JOIN saas_role t3 ON t2.role_id = t3.id
INNER JOIN saas_pgroup_role_relation T4 ON t3.id = t4.role_id
INNER JOIN saas_role_user_relation t5 ON t3.id = t5.role_id
WHERE
t1.category_code = #{req.categoryCode}