From abe02d21b8e20007fe806092d2050051fdffcd06 Mon Sep 17 00:00:00 2001 From: TanJ Date: Mon, 8 Jan 2024 14:55:45 +0800 Subject: [PATCH] =?UTF-8?q?feat(2046)=20=E6=B7=BB=E5=8A=A0=E7=8F=AD?= =?UTF-8?q?=E7=BB=84=E7=AE=A1=E7=90=86=E5=91=98=E3=80=81=E4=BB=A3=E7=8F=AD?= =?UTF-8?q?=E9=95=BF=E3=80=81=E6=9F=A5=E8=AF=A2=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../req/ListPermissionFromRoleGroupReq.java | 3 + .../res/ListPermissionFromRoleGroupResp.java | 12 ++- .../client/model/res/SimpleFeatureInfo.java | 21 +++++ .../axzo/tyr/client/model/vo/SaasRoleVO.java | 5 ++ .../axzo/tyr/server/model/FilterRoleAuth.java | 27 +++++++ .../axzo/tyr/server/service/RoleService.java | 2 + .../server/service/TyrSaasAuthService.java | 5 ++ .../ProductFeatureRelationServiceImpl.java | 5 ++ .../server/service/impl/RoleServiceImpl.java | 5 ++ .../service/impl/TyrSaasAuthServiceImpl.java | 77 ++++++++++++++++++- .../resources/mapper/TyrSaasAuthMapper.xml | 33 +++++++- 11 files changed, 189 insertions(+), 6 deletions(-) create mode 100644 tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SimpleFeatureInfo.java create mode 100644 tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java index 05bb5800..d42f7542 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java @@ -35,6 +35,9 @@ public class ListPermissionFromRoleGroupReq { private List workspaceOuPairs; + @Builder.Default + private Boolean findFeatureInfo = false; + @Data @Builder @AllArgsConstructor diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java index b7403395..b961c1ac 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java @@ -1,12 +1,10 @@ package cn.axzo.tyr.client.model.res; import cn.axzo.tyr.client.model.enums.IdentityType; -import lombok.AllArgsConstructor; -import lombok.Builder; import lombok.Data; -import lombok.NoArgsConstructor; import java.util.List; +import java.util.Set; /** * 通过角色分组及分类查询人员的权限 @@ -59,5 +57,13 @@ public class ListPermissionFromRoleGroupResp { private Long permissionGroupId; + /** + * 权限点信息 (按钮级别) + */ + private Set simpleFeatureInfos; + + + } + diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SimpleFeatureInfo.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SimpleFeatureInfo.java new file mode 100644 index 00000000..a41d5ef3 --- /dev/null +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SimpleFeatureInfo.java @@ -0,0 +1,21 @@ +package cn.axzo.tyr.client.model.res; + +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * 权限点基础信息 + * @author tanjie@axzo.cn + */ +@Data +@Builder +@AllArgsConstructor +@NoArgsConstructor +public class SimpleFeatureInfo { + private Long featureId; + + private String featureCode; + +} \ No newline at end of file diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java index 40e24dcf..a8905b26 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java @@ -31,6 +31,11 @@ public class SaasRoleVO { */ private String name; + /** + * 角色所对应的产品属性 + */ + private Integer productUnitType; + /** * 角色类型: init 标准 common 自定义角色 admin管理员 super_admin 超管 */ diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java b/tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java new file mode 100644 index 00000000..9a6a146b --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java @@ -0,0 +1,27 @@ +package cn.axzo.tyr.server.model; + +import cn.axzo.tyr.server.service.impl.TyrSaasAuthServiceImpl; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +/** + * 通过工作台过滤角色的权限 + * #{@link TyrSaasAuthServiceImpl#filterAuthByRoleAndProduct()} + * @author tanjie@axzo.cn + * @date 2024/1/8 14:16 + */ +@AllArgsConstructor +@Data +@NoArgsConstructor +@Builder +public class FilterRoleAuth { + + private Long roleId; + + private Long workspaceId; + +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java index b9e6d668..76b6a7ca 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java @@ -86,4 +86,6 @@ public interface RoleService { * @param outId 待删除角色所属单位ID */ void deleteRole(List roleIds,Long workSpaceId,Long outId); + + List getByIds(Set ids); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java index 8d912f66..89562478 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java @@ -43,5 +43,10 @@ public interface TyrSaasAuthService { */ IdentityAuthRes findIdentityAuthMix(IdentityAuthReq identityAuthReq); + /** + * 通过资源信息获取权限 + * @param listPermissionFromRoleGroupReq + * @return + */ List listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq); } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java index 524767dd..005dcf20 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java @@ -31,6 +31,8 @@ import org.springframework.util.CollectionUtils; import org.springframework.util.StringUtils; import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -93,6 +95,9 @@ public class ProductFeatureRelationServiceImpl implements ProductFeatureRelation @Override public ApiResult> featureListByProduct(List productIds) { + if (CollectionUtil.isEmpty(productIds)) { + return ApiResult.ok(Collections.emptyList()); + } List list = saasProductModuleFeatureRelationDao.lambdaQuery() .select(SaasProductModuleFeatureRelation::getFeatureId ,SaasProductModuleFeatureRelation::getProductModuleId diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java index fcd2921c..a6986c9d 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java @@ -709,4 +709,9 @@ public class RoleServiceImpl implements RoleService { roleUserRelationDao.deleteByRoldId(roleIds); roleGroupRelationDao.deleteGroupRelation(roleIds); } + + @Override + public List getByIds(Set ids) { + return saasRoleDao.listByIds(ids); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index bdd35c16..55855194 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -2,6 +2,7 @@ package cn.axzo.tyr.server.service.impl; import cn.axzo.basics.common.BeanMapper; import cn.axzo.framework.domain.ServiceException; +import cn.axzo.framework.domain.web.result.ApiResult; import cn.axzo.pokonyan.config.mybatisplus.BaseEntity; import cn.axzo.pokonyan.util.TraceSupplier; import cn.axzo.thrones.client.saas.ServicePkgClient; @@ -19,8 +20,11 @@ import cn.axzo.tyr.client.model.res.IdentityAuthRes; import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp; import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp; import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp; +import cn.axzo.tyr.client.model.res.SimpleFeatureInfo; import cn.axzo.tyr.client.model.res.SimplePermissionPointResp; +import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleVO; +import cn.axzo.tyr.server.model.FilterRoleAuth; import cn.axzo.tyr.server.model.PermissionCacheKey; import cn.axzo.tyr.server.repository.entity.*; import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper; @@ -30,6 +34,8 @@ import cn.axzo.tyr.server.service.ProductFeatureRelationService; import cn.axzo.tyr.server.service.RoleService; import cn.axzo.tyr.server.service.TyrSaasAuthService; import cn.axzo.tyr.server.util.KeyUtil; +import cn.axzo.tyr.server.utils.RpcExternalUtil; +import cn.axzo.tyr.server.utils.RpcInternalUtil; import cn.azxo.framework.common.model.CommonResponse; import cn.azxo.framework.common.utils.LogUtil; import cn.hutool.core.collection.CollectionUtil; @@ -37,6 +43,7 @@ import cn.hutool.core.collection.ListUtil; import cn.hutool.core.date.StopWatch; import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.BooleanUtil; +import cn.hutool.core.util.NumberUtil; import cn.hutool.core.util.StrUtil; import cn.hutool.json.JSONUtil; import com.google.common.collect.Lists; @@ -793,7 +800,75 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { @Override public List listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) { - return saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq); + List permissionInfo = saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq); + if (CollectionUtil.isEmpty(permissionInfo)) { + return new ArrayList<>(); + } + if (!listPermissionFromRoleGroupReq.getFindFeatureInfo()) { + return permissionInfo; + } + Map> authMap = filterAuthByRoleAndProduct(permissionInfo.stream().map(e -> FilterRoleAuth.builder() + .roleId(NumberUtil.parseLong(e.getRoleId())) + .workspaceId(e.getWorkspaceId()) + .build()).collect(Collectors.toList())); + + permissionInfo.forEach(e -> e.setSimpleFeatureInfos(authMap.get(NumberUtil.parseLong(e.getRoleId())))); + return permissionInfo; + } + + /** + * 通过工作台ID过滤指定角色的权限 + * @param filterRoleAuths + * @return + */ + public Map> filterAuthByRoleAndProduct(List filterRoleAuths) { + List roleIds = filterRoleAuths.stream().map(FilterRoleAuth::getRoleId).distinct().collect(Collectors.toList()); + + + List query = roleService.query(QuerySaasRoleReq.builder() + .ids(roleIds) + .build()); + Map roleMap = query.stream().collect(Collectors.toMap(SaasRoleVO::getId, Function.identity(), (a, b) -> a)); + + // find product by workspace + Set workspaceId = filterRoleAuths.stream().map(FilterRoleAuth::getWorkspaceId).collect(Collectors.toSet()); + List servicePkgDetailRes = RpcExternalUtil.rpcProcessor(() -> servicePkgClient.getServicePkgDetailBySpaceId(workspaceId), "find product ", workspaceId); + Map> productMap = servicePkgDetailRes.stream().collect(Collectors.toMap(ServicePkgDetailRes::getSpaceId, ServicePkgDetailRes::getProducts, (a, b) -> a)); + + // find permission point by product + List productIds = productMap.values().stream().flatMap(List::stream).map(ServicePkgProduct::getProductId).distinct().collect(Collectors.toList()); + List productsDetail = RpcExternalUtil.rpcApiResultProcessor(() -> productFeatureRelationService.featureListByProduct(productIds), " find permission point by product ", productIds); + Map productDetailMap = productsDetail.stream().collect(Collectors.toMap(ProductFeatureRelationVO::getId, Function.identity(), (a, b) -> a)); + + // intersection auth from role and product + return filterRoleAuths.stream().collect(Collectors.toMap(FilterRoleAuth::getRoleId, e -> { + Long roleId = e.getRoleId(); + SaasRoleVO saasRole = roleMap.get(e.getRoleId()); + if (null == saasRole) { + LogUtil.error(" find role info error,role id:{}", roleId); + return Collections.emptySet(); + } + + Integer productUnitType = saasRole.getProductUnitType(); + List productsInfo = productMap.get(e.getWorkspaceId()); + List allFeatureIds = productsInfo.stream().map(productSimpleInfo -> { + ProductFeatureRelationVO productDetail = productDetailMap.get(productSimpleInfo.getProductId()); + if (!Objects.equals(productUnitType.toString(), productDetail.getDictCode())) { + return null; + } + return productDetail.getFeatureId(); + }).filter(Objects::nonNull).distinct().collect(Collectors.toList()); + + List currentPermissionId = saasRole.getMatchFeature(e.getWorkspaceId(), null).stream().map(PermissionPointTreeNode::getPermissionPointId).distinct().collect(Collectors.toList()); + + return new HashSet<>(CollectionUtil.intersection(allFeatureIds, currentPermissionId)); + + },(a,b)->{ + a.addAll(b); + return a; + } + )); + } diff --git a/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml b/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml index 8e1284f4..5aad03af 100644 --- a/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml +++ b/tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml @@ -76,6 +76,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + +