wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'release/20241028' into 'master'

Browse Source 
feat: (feature/REQ-2750) 1、解决组件资源更新时groupCode被覆盖成code的问题

See merge request universal/infrastructure/backend/tyr!273
This commit is contained in:
李龙 2024-10-28 07:55:24 +00:00
commit afa65a1ebd
66 changed files with 3172 additions and 858 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tyr-api/pom.xml
View File

@ -33,5 +33,11 @@
<version>2.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>cn.axzo.maokai</groupId>
<artifactId>maokai-common</artifactId>
<version>2.0.0-SNAPSHOT</version>
</dependency>
</dependencies>
</project>

23
tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
View File

@ -1,14 +1,27 @@
package cn.axzo.tyr.client.feign;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.framework.domain.web.result.ApiPageResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.model.roleuser.RoleUserUpdateReq;
import cn.axzo.tyr.client.model.roleuser.dto.GetUserAutoOwnRoleResp;
import cn.axzo.tyr.client.model.roleuser.dto.GetUserFeatureResourceIdsResp;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
import cn.axzo.tyr.client.model.roleuser.req.*;
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserAutoOwnRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserFeatureResourceIdsReq;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationReq;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
import com.baomidou.mybatisplus.core.metadata.IPage;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
@ -136,4 +149,12 @@ public interface TyrSaasRoleUserApi {
*/
@PostMapping("/api/saas-role-user/batch-update-by-id")
ApiResult<Boolean> batchUpdateById(@RequestBody @Valid List<RoleUserUpdateReq> roleUserUpdateReqs);
/**
* 临时支持REQ-3034可以查询is_delete > 0的数据后续会删除谨慎使用
* @param param
* @return
*/
@PostMapping("/api/roleUserRelation/temporarily/page")
ApiResult<PageResp<SaasRoleUserRelationDTO>> pageRoleUserRelation(@RequestBody @Valid PageRoleUserRelationReq param);
}

76
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListRoleReq.java
View File

@ -1,5 +1,8 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.foundation.dao.support.wrapper.CriteriaField;
import cn.axzo.foundation.dao.support.wrapper.Operator;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import lombok.AllArgsConstructor;
import lombok.Data;
@ -18,36 +21,43 @@ public class ListRoleReq {
/**
* 角色id
*/
@CriteriaField(field = "id", operator = Operator.IN)
private List<Long> roleIds;
/**
* 租户类型:DictWorkSpaceTypeEnum
*/
@CriteriaField(field = "workspaceType", operator = Operator.EQ)
private Integer workspaceType;
/**
* 是否显示
*/
@CriteriaField(field = "isDisplay", operator = Operator.EQ)
private Boolean isDisplay;
/**
* 角色权限码
*/
@CriteriaField(field = "roleCode", operator = Operator.EQ)
private String roleCode;
/**
* 租户id
*/
@CriteriaField(field = "workspaceId", operator = Operator.IN)
private List<Long> workspaceIds;
/**
* 单位id
*/
@CriteriaField(field = "ownerOuId", operator = Operator.IN)
private List<Long> ouIds;
/**
* 是否启用
*/
@CriteriaField(field = "enabled", operator = Operator.EQ)
private Boolean enabled;
/**
@ -58,35 +68,101 @@ public class ListRoleReq {
* auto_own:虚拟角色(自定义权限使用)
* common:自定义角色
*/
@CriteriaField(field = "roleType", operator = Operator.IN)
private List<String> roleTypes;
@CriteriaField(field = "id", operator = Operator.NE)
private Long idNE;
/**
* 是否需要角色下的权限信息
*/
@CriteriaField(ignore = true)
private Boolean needPermission;
/**
* 是否需要角色对应的角色分组信息
*/
@CriteriaField(ignore = true)
private Boolean needRoleGroup;
/**
* 是否需要角色对应的用户信息
*/
@CriteriaField(ignore = true)
private Boolean needRoleUser;
/**
* 当前非oms和政务端的权限存储在saas_feature
* 权限点从saas_feature表查询
*/
@CriteriaField(ignore = true)
private Boolean needPermissionOld;
/**
* 根据权限点id过滤
*/
@CriteriaField(ignore = true)
private List<Long> featureIds;
@CriteriaField(ignore = true)
private Boolean needPermissionRelation;
/**
* 是否需要预设角色因为预设角色的workspaceId和ouId为-1
*/
@CriteriaField(ignore = true)
private Boolean needPresetRole;
/**
* 查询菜单树节点类型
*/
@CriteriaField(ignore = true)
private List<FeatureResourceType> featureResourceTypes;
/**
* 新旧权限点needPermissionRelation = true时最好带上因为新旧权限点会有冲突的情况发生
*/
@CriteriaField(ignore = true)
private Integer type;
/**
* 查询权限点时会根据端过滤增加效率目前只有CMS端的新版本才冗余了端
*/
@CriteriaField(ignore = true)
private String terminal;
@CriteriaField(field = "workspaceId", operator = Operator.EQ)
private Long workspaceId;
@CriteriaField(field = "ownerOuId", operator = Operator.EQ)
private Long ouId;
/**
* workspaceId和ouId配对查询
* 例如((workspaceId = ## and ouId = ##) or (workspaceId = ## and ouId = ##))
*/
@CriteriaField(ignore = true)
private List<ListRoleUserRelationParam.WorkspaceOuPair> workspaceOuPairs;
/**
* 角色权限码
*/
@CriteriaField(field = "roleCode", operator = Operator.IN)
private Set<String> roleCodes;
/**
* 角色分组code
*/
@CriteriaField(ignore = true)
private Set<String> roleGroupCodes;
/**
* 单位类型
*/
@CriteriaField(field = "productUnitType", operator = Operator.IN)
private Set<Integer> productUnitTypes;
@CriteriaField(field = "roleType", operator = Operator.NOT_IN)
private List<String> roleTypesNotIn;
}

37
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListSaasRoleGroupParam.java
View File

@ -7,6 +7,9 @@ import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.SuperBuilder;
import java.util.List;
import java.util.Set;
@SuperBuilder
@Data
@ -17,6 +20,9 @@ public class ListSaasRoleGroupParam {
@CriteriaField(field = "workspaceTypeCode", operator = Operator.EQ)
private Integer workspaceTypeCode;
@CriteriaField(field = "workspaceTypeCode", operator = Operator.IN)
private Set<Integer> workspaceTypeCodes;
@CriteriaField(field = "workspaceId", operator = Operator.EQ)
private Long workspaceId;
@ -25,4 +31,35 @@ public class ListSaasRoleGroupParam {
@CriteriaField(ignore = true)
private Boolean needRole;
@CriteriaField(field = "code", operator = Operator.IN)
private Set<String> roleGroupCodes;
@CriteriaField(ignore = true)
private Boolean needRoleGroupRelation;
/**
* workspaceId和ouId配对查询
* 例如((workspaceId = ## and ouId = ##) or (workspaceId = ## and ouId = ##))
*/
@CriteriaField(ignore = true)
private List<WorkspaceOuPair> workspaceOuPairs;
@CriteriaField(field = "workspaceId", operator = Operator.IN)
private Set<Long> workspaceIds;
@CriteriaField(field = "ouId", operator = Operator.IN)
private Set<Long> ouIds;
@CriteriaField(field = "ouTypeCode", operator = Operator.IN)
private Set<String> ouTypeCodes;
@CriteriaField(field = "id", operator = Operator.IN)
private Set<Long> ids;
@CriteriaField(ignore = true)
private Set<String> paths;
@CriteriaField(field = "parentId", operator = Operator.IN)
private Set<Long> parentIds;
}

29
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageRoleReq.java
View File

@ -1,27 +1,42 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.foundation.dao.support.wrapper.CriteriaField;
import cn.axzo.foundation.page.IPageReq;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.SuperBuilder;
import java.util.Collections;
import java.util.List;
@Data
@SuperBuilder
@NoArgsConstructor
@AllArgsConstructor
public class PageRoleReq extends ListRoleReq {
public class PageRoleReq extends ListRoleReq implements IPageReq {
@CriteriaField(ignore = true)
Integer page;
private Integer page;
private Integer pageSize;
@CriteriaField(ignore = true)
Integer pageSize;
/**
* 排序使用示例createAt__DESC
* 排序使用示例createTime__DESC
*/
private List<String> sort;
@CriteriaField(ignore = true)
List<String> sort;
public PageResp toEmpty() {
return PageResp.builder()
.current(this.getPage())
.size(this.getPageSize())
.total(0)
.data(Collections.emptyList())
.build();
}
}

31
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/TreeRoleReq.java
View File

@ -1,11 +1,13 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.maokai.common.enums.SaasCooperateShipCooperateTypeEnum;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Set;
@Data
@Builder
@ -13,10 +15,17 @@ import java.util.List;
@AllArgsConstructor
public class TreeRoleReq {
/**
* 跟workspaceType一样的效果以前不知道saasRole上的workspaceType跟其他的workspaceTypeCode是否是一个值
*/
private String workspaceTypeCode;
private Boolean needRole;
/**
* 请使用workspaceTypeCode已经不再使用
*/
@Deprecated
private Integer workspaceType;
/**
@ -51,4 +60,26 @@ public class TreeRoleReq {
* 角色类型common 普通角色 super_admin超级管理员(禁止删除) admin子管理员(禁止删除) init初始化内置角色
*/
private List<String> roleTypes;
/**
* 角色分组code
*/
private Set<String> roleGroupCodes;
private List<WorkspaceOuPair> workspaceOuPairs;
/**
* 是否需要预设角色因为预设角色的workspaceId和ouId为-1
*/
private Boolean needPresetRole;
/**
* 协同关系单位类型
*/
private Set<SaasCooperateShipCooperateTypeEnum> cooperateShipCooperateTypes;
/**
* 角色code
*/
private Set<String> roleCodes;
}

28
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/WorkspaceOuPair.java Normal file
View File

@ -0,0 +1,28 @@
package cn.axzo.tyr.client.model.req;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class WorkspaceOuPair {
/**
* 项目id
*/
private Long workspaceId;
/**
* 单位id
*/
private Long ouId;
public static final WorkspaceOuPair PRESET_WORKSPACE_OU_PAIR = WorkspaceOuPair.builder()
.ouId(-1L)
.workspaceId(-1L)
.build();
}

25
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/RoleGroupRelationRes.java Normal file
View File

@ -0,0 +1,25 @@
package cn.axzo.tyr.client.model.res;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class RoleGroupRelationRes {
private Long id;
/**
* 角色id
*/
private Long roleId;
/**
* 角色分组id
*/
private Long saasRoleGroupId;
}

4
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/RoleTreeRes.java
View File

@ -48,6 +48,8 @@ public class RoleTreeRes {
*/
private String type;
private String code;
/**
* 是否显示
*/
@ -59,4 +61,6 @@ public class RoleTreeRes {
* id跟type拼接因为前端组件所有节点的id不能重复
*/
private String idStr;
private Integer ouType;
}

10
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SaasRoleGroupDTO.java
View File

@ -60,8 +60,18 @@ public class SaasRoleGroupDTO {
*/
private Long parentId;
/**
* ID层级路径 逗号分隔
*/
private String path;
/**
* 角色信息
*/
private List<SaasRoleRes> saasRoles;
/**
* 角色分组与角色关联关系
*/
private List<RoleGroupRelationRes> roleGroupRelations;
}

81
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SaasRoleUserRelationDTO.java Normal file
View File

@ -0,0 +1,81 @@
package cn.axzo.tyr.client.model.roleuser.dto;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.Date;
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class SaasRoleUserRelationDTO {
/**
* 身份Id
*/
private Long identityId;
/**
* 身份类型 1:工人 2:从业人员 3:班组长 4:运营人员 5:政务人员
*/
private Integer identityType;
/**
* 角色Id
*/
private Long roleId;
/**
* 自然人Id
*/
private Long naturalPersonId;
/**
* 创建者
*/
private Long createBy;
/**
* 更新者
*/
private Long updateBy;
/**
* 所属单位Id 用户在当前工作台的所属单位
*/
private Long ouId;
/**
* 工作台Id
*/
private Long workspaceId;
/**
* 资源类型
*/
private Integer resourceType;
/**
* 资源Id
*/
private Long resourceId;
private Long id;
private Date createAt;
private Date updateAt;
private Long isDelete;
/**
* 角色类型
* cn.axzo.tyr.client.common.enums.RoleTypeEnum
*/
private String roleType;
private String roleCode;
}

64
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SaasRoleUserV2DTO.java
View File

@ -2,11 +2,13 @@ package cn.axzo.tyr.client.model.roleuser.dto;
import cn.axzo.tyr.client.model.res.SaasPermissionRelationRes;
import cn.axzo.tyr.client.model.res.SaasPermissionRes;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.Date;
import java.util.List;
@Data
@ -17,11 +19,55 @@ public class SaasRoleUserV2DTO {
private Long id;
protected Date createAt;
protected Date updateAt;
/**
* 创建者
*/
private Long createBy;
/**
* 更新者
*/
private Long updateBy;
/**
* 资源类型
*/
private Integer resourceType;
/**
* 资源Id
*/
private Long resourceId;
/**
* 角色Id
*/
private Long roleId;
/**
* 单位Id
*/
private Long ouId;
/**
* 项目id
*/
private Long workspaceId;
/**
* 身份Id
*/
private Long identityId;
/**
* 身份类型 1:工人 2:从业人员 3:班组长 4:运营人员 5:政务人员
*/
private Integer identityType;
private SaasRoleUser saasRoleUser;
private SaasRole saasRole;
@ -85,8 +131,6 @@ public class SaasRoleUserV2DTO {
*/
private String roleType;
private String roleCode;
private Long workspaceId;
private Long ownerOuId;
@ -97,6 +141,22 @@ public class SaasRoleUserV2DTO {
*/
private Integer productUnitType;
/**
* 角色描述
*/
private String description;
/**
* '是否显示'
*/
private Boolean isDisplay;
/**
* '是否启用'
*/
private Boolean enabled;
private String roleCode;
/**
* 角色权限
*/

21
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java
View File

@ -28,6 +28,24 @@ public class ListRoleUserRelationParam {
@CriteriaField(field = "ouId", operator = Operator.EQ)
private Long ouId;
@CriteriaField(field = "workspaceId", operator = Operator.EQ)
private Long workspaceId;
@CriteriaField(field = "ouId", operator = Operator.IN)
private Set<Long> ouIds;
@CriteriaField(field = "workspaceId", operator = Operator.IN)
private Set<Long> workspaceIds;
@CriteriaField(field = "resourceType", operator = Operator.EQ)
private Integer resourceType;
/**
* 资源Id
*/
@CriteriaField(field = "resourceId", operator = Operator.EQ)
private Long resourceId;
/**
* 是否显示
*/
@ -61,6 +79,9 @@ public class ListRoleUserRelationParam {
@CriteriaField(field = "identityId", operator = Operator.EQ)
private Long identityId;
@CriteriaField(field = "identityId", operator = Operator.IN)
private Set<Long> identityIds;
/**
* workspaceId和ouId配对查询
* 例如((workspaceId = ## and ouId = ##) or (workspaceId = ## and ouId = ##))

39
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/PageRoleUserRelationReq.java Normal file
View File

@ -0,0 +1,39 @@
package cn.axzo.tyr.client.model.roleuser.req;
import cn.axzo.basics.common.constant.enums.DeleteEnum;
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.SuperBuilder;
import javax.validation.constraints.NotEmpty;
import java.util.Date;
import java.util.List;
import java.util.Set;
@SuperBuilder
@Data
@NoArgsConstructor
@AllArgsConstructor
public class PageRoleUserRelationReq{
@Builder.Default
private Integer page = 1;
@Builder.Default
private Integer pageSize = 20;
@NotEmpty(message = "workspaceOUPairs不能为空")
private List<WorkspaceOUPair> workspaceOUPairs;
private Date updateAtLE;
private Date updateAtGE;
private Boolean includeDelete;
@NotEmpty(message = "roleIds不能为空")
private Set<Long> roleIds;
}

3
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
View File

@ -6,6 +6,7 @@ import lombok.Data;
import lombok.NoArgsConstructor;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotEmpty;
import java.util.Date;
import java.util.List;
@ -25,7 +26,9 @@ public class SaasRoleGroupVO {
/**
* 单位类型字典code
* 这个历史定义成集合但是只能给一个且必填
*/
@NotEmpty(message = "ouTypeCode不能为空")
private List<String> ouTypeCode;
/**

6
tyr-server/pom.xml
View File

@ -144,6 +144,12 @@
<artifactId>alibaba-dingtalk-service-sdk</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>cn.axzo.platform</groupId>
<artifactId>axzo-log-api</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
</dependencies>
<build>
<plugins>

4
tyr-server/src/main/java/cn/axzo/tyr/server/config/FeignConfig.java
View File

@ -41,6 +41,9 @@ public class FeignConfig implements RequestInterceptor, EnvironmentAware {
@Value("${apisixUrl:http://dev-app.axzo.cn/apisix-plat}")
private String apisixUrl;
@Value("${workspace:http://dev-app.axzo.cn/workspace}")
private String workspaceUrl;
private static String POD_NAMESPACE;
static {
Map<String, String> env = System.getenv();
@ -63,6 +66,7 @@ public class FeignConfig implements RequestInterceptor, EnvironmentAware {
url = url.replace("http://maokai:8080", maokaiEnvUrl);
url = url.replace("http://pudge:10099", pudgeEnvUrl);
url = url.replace("http://apisix-plat:8080", apisixUrl);
url = url.replace("http://workspace:8080", workspaceUrl);
String profile = environment.getProperty("spring.profiles.active");
if(Objects.equals(profile, "test") && url.contains("dev-app.axzo.cn")) {

4
tyr-server/src/main/java/cn/axzo/tyr/server/config/RocketMQEventConfiguration.java
View File

@ -16,6 +16,7 @@ import org.apache.rocketmq.spring.core.RocketMQTemplate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;
import java.util.function.Consumer;
@ -64,6 +65,7 @@ public class RocketMQEventConfiguration {
return new DefaultEventConsumer(appName, eventHandlerRepository, callback);
}
@Profile("!unittest")
@Slf4j
@Component
@RocketMQMessageListener(topic = "topic_thrones_${spring.profiles.active}",
@ -82,6 +84,7 @@ public class RocketMQEventConfiguration {
}
}
@Profile("!unittest")
@Slf4j
@Component
@RocketMQMessageListener(topic = "topic_tyr_${spring.profiles.active}",
@ -100,6 +103,7 @@ public class RocketMQEventConfiguration {
}
}
@Profile("!unittest")
@Slf4j
@Component
@RocketMQMessageListener(topic = "topic_apisix_plat_${spring.profiles.active}",

3
tyr-server/src/main/java/cn/axzo/tyr/server/config/exception/BizResultCode.java
View File

@ -13,7 +13,8 @@ public enum BizResultCode implements IResultCode {
REDIS_ROLE_NOT_NULL("100003", "角色id不能为空"),
REDIS_PRODUCT_NOT_NULL("100004", "产品不能为空"),
FEATURE_RESOURCE_NOT_FOUND("100005", "菜单资源不存在"),
WORKSPACE_ID_NOT_NULL("100006", "项目id不能为空");
WORKSPACE_ID_NOT_NULL("100006", "项目id不能为空"),
REMOVE_USER_ROLE_ERROR("100007", "删除用户角色数据异常");
private String errorCode;
private String errorMessage;

31
tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
View File

@ -14,13 +14,17 @@ import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.product.ProductSearchListReq;
import cn.axzo.tyr.client.model.req.CommonDictQueryReq;
import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PagePgroupPermissionRelationReq;
import cn.axzo.tyr.client.model.req.PageProductFeatureRelationReq;
import cn.axzo.tyr.client.model.req.PageRoleReq;
import cn.axzo.tyr.client.model.req.PermissionCheckReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.res.CommonDictResp;
import cn.axzo.tyr.client.model.res.FeatureResourceDTO;
import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
@ -256,7 +260,7 @@ public class PrivateController {
return "ok";
}
Map<Long, SaasRoleRes> saasRoles = roleService.list(RoleService.ListSaasRoleParam.builder()
Map<Long, SaasRoleRes> saasRoles = roleService.list(ListRoleReq.builder()
.roleIds(Lists.transform(saasRoleGroupRelations, SaasRoleGroupRelation::getRoleId))
.build())
.stream()
@ -676,7 +680,7 @@ public class PrivateController {
* @throws Exception
*/
@PostMapping("/api/private/rolePermission/store")
public Object storeRolePermission(@RequestBody RoleService.ListSaasRoleParam request) throws Exception {
public Object storeRolePermission(@RequestBody ListRoleReq request) throws Exception {
cacheRolePermissionJob.execute(JSON.toJSONString(request));
return "ok";
}
@ -712,7 +716,7 @@ public class PrivateController {
* @throws Exception
*/
@PostMapping("/api/private/roleSaasFeature/store")
public Object storeRoleSaasFeature(@RequestBody RoleService.PageSaasRoleParam request) throws Exception {
public Object storeRoleSaasFeature(@RequestBody ListRoleReq request) throws Exception {
cacheRoleFeatureResourceJob.execute(JSON.toJSONString(request));
return "ok";
}
@ -1381,6 +1385,27 @@ public class PrivateController {
return "ok";
}
@PostMapping("/api/private/roleGroup/path/refresh")
public Object refreshRoleGroupPath() {
List<SaasRoleGroupDTO> roleGroups = saasRoleGroupService.list(ListSaasRoleGroupParam.builder().build());
if (CollectionUtils.isEmpty(roleGroups)) {
return Collections.emptyList();
}
// 目前角色分组最多两层所以简单实现
saasRoleGroupDao.updateBatchById(roleGroups.stream()
.map(e -> {
SaasRoleGroup saasRoleGroup = SaasRoleGroup.builder()
.path(Objects.equals(e.getParentId(), 0L) ? e.getId() + ","
: e.getParentId() + "," + e.getId() + ",")
.build();
saasRoleGroup.setId(e.getId());
return saasRoleGroup;
})
.collect(Collectors.toList()));
return "ok";
}
@Data
@Builder
@NoArgsConstructor

1042
tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateRoleController.java Normal file
View File

File diff suppressed because it is too large Load Diff

99
tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java
View File

@ -4,20 +4,22 @@ import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.framework.domain.web.result.ApiListResult;
import cn.axzo.framework.domain.web.result.ApiPageResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.maokai.common.enums.SaasCooperateShipCooperateTypeEnum;
import cn.axzo.tyr.client.feign.TyrSaasRoleApi;
import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
import cn.axzo.tyr.client.model.req.ChangeGroupLeaderRoleReq;
import cn.axzo.tyr.client.model.req.CommonDictQueryReq;
import cn.axzo.tyr.client.model.req.FeatureRoleRelationReq;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PageRoleReq;
import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
import cn.axzo.tyr.client.model.req.QueryRoleByNameReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq;
import cn.axzo.tyr.client.model.req.TreeRoleReq;
import cn.axzo.tyr.client.model.req.UpdateRoleOffsetReq;
import cn.axzo.tyr.client.model.req.WorkspaceOuPair;
import cn.axzo.tyr.client.model.res.CommonDictResp;
import cn.axzo.tyr.client.model.res.FeatureRoleRelationResp;
import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
@ -25,6 +27,7 @@ import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
import cn.axzo.tyr.client.model.res.RoleTreeRes;
import cn.axzo.tyr.client.model.res.RoleWithUserRes;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.vo.DeleteRoleVO;
import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO;
@ -49,12 +52,12 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RestController;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
@ -268,7 +271,7 @@ public class SaasRoleController implements TyrSaasRoleApi {
.saasRoleGroupIds(Lists.transform(saasRoleGroupRelations, SaasRoleGroupRelation::getSaasRoleGroupId))
.build());
List<SaasRoleRes> saasRoles = roleService.list(RoleService.ListSaasRoleParam.builder()
List<SaasRoleRes> saasRoles = roleService.list(ListRoleReq.builder()
.roleIds(Lists.transform(saasRoleGroupRelationAll, SaasRoleGroupRelation::getRoleId))
.build())
.stream()
@ -294,17 +297,13 @@ public class SaasRoleController implements TyrSaasRoleApi {
@Override
public ApiPageResult<SaasRoleRes> page(PageRoleReq request) {
RoleService.PageSaasRoleParam param = RoleService.PageSaasRoleParam.builder().build();
BeanUtils.copyProperties(request, param);
cn.axzo.foundation.page.PageResp<SaasRoleRes> page = roleService.page(param);
cn.axzo.foundation.page.PageResp<SaasRoleRes> page = roleService.page(request);
return ApiPageResult.ok(page.getData(), page.getTotal(), (int) page.getCurrent(), (int) page.getSize());
}
@Override
public ApiListResult<SaasRoleRes> list(ListRoleReq request) {
RoleService.ListSaasRoleParam param = RoleService.ListSaasRoleParam.builder().build();
BeanUtils.copyProperties(request, param);
return ApiListResult.ok(roleService.list(param));
return ApiListResult.ok(roleService.list(request));
}
/**
@ -342,17 +341,17 @@ public class SaasRoleController implements TyrSaasRoleApi {
* @param req
* @return
*/
private Map<Long, List<RoleTreeRes>> listRole(List<SaasRoleGroupVO> roleGroups,
private Map<Long, List<RoleTreeRes>> listRole(List<SaasRoleGroupDTO> roleGroups,
TreeRoleReq req) {
List<Long> roleGroupIds = roleGroups.stream().map(SaasRoleGroupVO::getId).collect(Collectors.toList());
List<Long> roleGroupIds = roleGroups.stream().map(SaasRoleGroupDTO::getId).collect(Collectors.toList());
if (CollectionUtils.isEmpty(roleGroupIds) || BooleanUtils.isNotTrue(req.getNeedRole())) {
return Collections.emptyMap();
}
List<SaasRoleGroupRelation> saasRoleGroupRelations = saasRoleGroupRelationDao.getByGroupIds(roleGroupIds);
Map<Long, SaasRoleRes> saasRoles = roleService.list(RoleService.ListSaasRoleParam.builder()
Map<Long, SaasRoleRes> saasRoles = roleService.list(ListRoleReq.builder()
.roleIds(Lists.transform(saasRoleGroupRelations, SaasRoleGroupRelation::getRoleId))
.isDisplay(req.getIsDisplay())
.workspaceType(req.getWorkspaceType())
@ -360,6 +359,12 @@ public class SaasRoleController implements TyrSaasRoleApi {
.ouIds(req.getOuIds())
.enabled(req.getEnabled())
.roleTypes(req.getRoleTypes())
.roleCodes(req.getRoleCodes())
.productUnitTypes(Optional.ofNullable(req.getCooperateShipCooperateTypes())
.map(e -> e.stream()
.map(SaasCooperateShipCooperateTypeEnum::getCode)
.collect(Collectors.toSet()))
.orElse(null))
.build())
.stream()
.collect(Collectors.toMap(SaasRoleRes::getId, Function.identity()));
@ -384,20 +389,13 @@ public class SaasRoleController implements TyrSaasRoleApi {
return Collections.emptyMap();
}
List<SaasRoleGroupVO> roleGroups = saasRoleGroupService.getRoleGroupList(QuerySaasRoleGroupReq.builder()
.workspaceTypeCode(Lists.transform(commonDicts, CommonDictResp::getDictCode))
.workspaceIds(req.getWorkspaceIds())
.ouIds(req.getOuIds())
.build())
.stream()
.sorted(Comparator.comparing(e -> Optional.ofNullable(e.getSort()).orElse(1)))
.collect(Collectors.toList());
List<SaasRoleGroupDTO> roleGroups = listRoleGroup(commonDicts, req);
Map<Long, List<RoleTreeRes>> roles = listRole(roleGroups, req);
Map<String, List<RoleTreeRes>> rootRoleGroups = roleGroups.stream()
.filter(e -> Objects.equals(e.getParentId(), ROOT_ROLE_GROUP_PARENT_ID))
.collect(Collectors.groupingBy(SaasRoleGroupVO::getWorkspaceTypeCode,
.collect(Collectors.groupingBy(SaasRoleGroupDTO::getWorkspaceTypeCode,
LinkedHashMap::new,
Collectors.mapping(this::toRoleTree, Collectors.toList())));
@ -406,7 +404,57 @@ public class SaasRoleController implements TyrSaasRoleApi {
return rootRoleGroups;
}
private RoleTreeRes toRoleTree(SaasRoleGroupVO roleGroup) {
private List<SaasRoleGroupDTO> listRoleGroup(List<CommonDictResp> commonDicts, TreeRoleReq req) {
ListSaasRoleGroupParam listSaasRoleGroupParam = ListSaasRoleGroupParam.builder()
.workspaceTypeCodes(commonDicts.stream()
.map(CommonDictResp::getDictCode)
.map(Integer::valueOf)
.collect(Collectors.toSet()))
.workspaceIds(Optional.ofNullable(req.getWorkspaceIds())
.map(HashSet::new)
.orElse(null))
.ouIds(Optional.ofNullable(req.getOuIds())
.map(HashSet::new)
.orElse(null))
.roleGroupCodes(req.getRoleGroupCodes())
.ouTypeCodes(Optional.ofNullable(req.getCooperateShipCooperateTypes())
.map(e -> e.stream()
.map(SaasCooperateShipCooperateTypeEnum::getCode)
.map(String::valueOf)
.collect(Collectors.toSet()))
.orElse(null))
.build();
List<WorkspaceOuPair> workspaceOuPairs = Optional.ofNullable(req.getWorkspaceOuPairs())
.orElseGet(Lists::newArrayList);
if (Boolean.TRUE.equals(req.getNeedPresetRole())) {
workspaceOuPairs.add(WorkspaceOuPair.PRESET_WORKSPACE_OU_PAIR);
}
listSaasRoleGroupParam.setWorkspaceOuPairs(workspaceOuPairs);
List<SaasRoleGroupDTO> roleGroups = saasRoleGroupService.list(listSaasRoleGroupParam)
.stream()
.sorted(Comparator.comparing(e -> Optional.ofNullable(e.getSort()).orElse(1)))
.collect(Collectors.toList());
// 通过roleGroupCode查询时因为角色分组有多层需要把子节点的分组查询出来否则无法查询到下面的角色和构建tree
if (CollectionUtils.isEmpty(req.getRoleGroupCodes())) {
return roleGroups;
}
List<SaasRoleGroupDTO> children = saasRoleGroupService.list(ListSaasRoleGroupParam.builder()
.paths(roleGroups.stream().map(SaasRoleGroupDTO::getPath).collect(Collectors.toSet()))
.build());
roleGroups.addAll(children);
return roleGroups.stream()
.distinct()
.sorted(Comparator.comparing(e -> Optional.ofNullable(e.getSort()).orElse(1)))
.collect(Collectors.toList());
}
private RoleTreeRes toRoleTree(SaasRoleGroupDTO roleGroup) {
return RoleTreeRes.builder()
.workspaceTypeCode(roleGroup.getWorkspaceTypeCode())
.id(roleGroup.getId())
@ -415,6 +463,7 @@ public class SaasRoleController implements TyrSaasRoleApi {
.idStr(roleGroup.getId() + ":" + ROLE_GROUP_TYPE)
.workspaceId(roleGroup.getWorkspaceId())
.ouId(roleGroup.getOuId())
.code(roleGroup.getCode())
.build();
}
@ -428,11 +477,15 @@ public class SaasRoleController implements TyrSaasRoleApi {
.type(ROLE_TYPE)
.idStr(role.getId() + ":" + ROLE_TYPE)
.isDisplay(role.getIsDisplay())
.code(role.getRoleCode())
.workspaceId(role.getWorkspaceId())
.ouId(role.getOwnerOuId())
.ouType(role.getProductUnitType())
.build();
}
private void appendChildren(RoleTreeRes rootRoleGroup,
List<SaasRoleGroupVO> roleGroups,
List<SaasRoleGroupDTO> roleGroups,
Map<Long, List<RoleTreeRes>> roles) {
if (rootRoleGroup == null) {
return;

177
tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java
View File

@ -1,26 +1,59 @@
package cn.axzo.tyr.server.controller.roleuser;
import cn.axzo.basics.common.util.AssertUtil;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.framework.domain.web.result.ApiPageResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.feign.TyrSaasRoleUserApi;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.roleuser.RoleUserUpdateReq;
import cn.axzo.tyr.client.model.roleuser.dto.GetUserAutoOwnRoleResp;
import cn.axzo.tyr.client.model.roleuser.dto.GetUserFeatureResourceIdsResp;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
import cn.axzo.tyr.client.model.roleuser.req.*;
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserAutoOwnRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserFeatureResourceIdsReq;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationReq;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserAutoOwnRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserFeatureResourceIdsReq;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
import cn.axzo.tyr.server.model.PermissionCacheKey;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
import cn.axzo.tyr.server.service.PermissionCacheService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.service.SaasRoleUserService;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.google.common.collect.Lists;
import cn.hutool.core.bean.BeanUtil;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
@ -28,6 +61,11 @@ import org.springframework.web.bind.annotation.RestController;
import javax.validation.Valid;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
/**
* @author tanjie@axzo.cn
@ -41,6 +79,7 @@ public class RoleUserController implements TyrSaasRoleUserApi {
private final SaasRoleUserRelationService saasRoleUserRelationService;
private final SaasRoleUserRelationDao saasRoleUserRelationDao;
private final PermissionCacheService permissionCacheService;
private final SaasRoleUserRelationMapper saasRoleUserRelationMapper;
@Override
public ApiResult<Void> saveOrUpdate(@Valid RoleUserReq req) {
@ -87,7 +126,54 @@ public class RoleUserController implements TyrSaasRoleUserApi {
@Override
public ApiResult<List<SaasRoleUserDTO>> roleUserList(@RequestBody @Valid RoleUserParam param) {
return ApiResult.ok(saasRoleUserRelationService.list(param));
// 去掉原saasRoleUserRelationService.list的重复查询接口原接口只查询1000条所以保持一致
List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.page(PageRoleUserRelationParam.builder()
.personId(param.getPersonId())
.identityId(param.getIdentityId())
.identityType(param.getIdentityType())
.roleIds(Optional.ofNullable(param.getRoleIds())
.map(Lists::newArrayList)
.orElse(null))
.identityIds(param.getIdentityIds())
.ouId(param.getOuId())
.workspaceId(param.getWorkspaceId())
.ouIds(Optional.ofNullable(param.getOuIds())
.map(Sets::newHashSet)
.orElse(null))
.workspaceIds(Optional.ofNullable(param.getWorkspaceIds())
.map(Sets::newHashSet)
.orElse(null))
.page(1)
.pageSize(1000)
.needRole(true)
.build())
.getData()
.stream()
.filter(e -> Objects.nonNull(e.getSaasRole()))
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(saasRoleUsers)) {
return ApiResult.ok(Collections.emptyList());
}
List<SaasRoleUserDTO> saasRoleUserDTOS = saasRoleUsers.stream()
.map(e -> {
SaasRoleUserDTO userRole = BeanUtil.copyProperties(e, SaasRoleUserDTO.class);
userRole.setNaturalPersonId(e.getSaasRoleUser().getPersonId());
userRole.setRoleName(e.getSaasRole().getName());
userRole.setDescription(e.getSaasRole().getDescription());
userRole.setRoleType(RoleTypeEnum.getRoleType(e.getSaasRole().getRoleType()));
userRole.setDisplayRole(e.getSaasRole().getIsDisplay());
userRole.setEnabled(e.getSaasRole().getEnabled());
userRole.setIdentityId(e.getSaasRoleUser().getIdentityId());
userRole.setIdentityType(e.getSaasRoleUser().getIdentityType());
userRole.setOuId(e.getSaasRoleUser().getOuId());
userRole.setWorkspaceId(e.getSaasRoleUser().getWorkspaceId());
return userRole;
})
.collect(Collectors.toList());
return ApiResult.ok(saasRoleUserDTOS);
}
@Override
@ -157,7 +243,50 @@ public class RoleUserController implements TyrSaasRoleUserApi {
@Override
public ApiPageResult<SaasRoleUserDTO> pageQuery(RoleUserParam param) {
return ApiPageResult.ok(saasRoleUserRelationService.pageQuery(param));
// 兼容以前接口切换到统一查询接口原接口废弃
PageResp<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.page(PageRoleUserRelationParam.builder()
.personId(param.getPersonId())
.identityId(param.getIdentityId())
.identityType(param.getIdentityType())
.roleIds(Optional.ofNullable(param.getRoleIds())
.map(Lists::newArrayList)
.orElse(null))
.identityIds(param.getIdentityIds())
.ouId(param.getOuId())
.workspaceId(param.getWorkspaceId())
.ouIds(Optional.ofNullable(param.getOuIds())
.map(Sets::newHashSet)
.orElse(null))
.workspaceIds(Optional.ofNullable(param.getWorkspaceIds())
.map(Sets::newHashSet)
.orElse(null))
.page(Optional.ofNullable(param.getPage())
.map(Long::intValue)
.orElse(null))
.pageSize(Optional.ofNullable(param.getPageSize())
.map(Long::intValue)
.orElse(null))
.build());
if (CollectionUtils.isEmpty(saasRoleUsers.getData())) {
return ApiPageResult.ok(cn.axzo.framework.domain.page.PageResp.zero(param.getPage(), param.getPageSize()));
}
List<SaasRoleUserDTO> saasRoleUserDTOS = saasRoleUsers.getData().stream()
.map(e -> {
SaasRoleUserDTO userRole = BeanUtil.copyProperties(e, SaasRoleUserDTO.class);
userRole.setNaturalPersonId(e.getSaasRoleUser().getPersonId());
userRole.setIdentityId(e.getSaasRoleUser().getIdentityId());
userRole.setIdentityType(e.getSaasRoleUser().getIdentityType());
userRole.setOuId(e.getSaasRoleUser().getOuId());
userRole.setWorkspaceId(e.getSaasRoleUser().getWorkspaceId());
return userRole;
})
.collect(Collectors.toList());
return ApiPageResult.ok(cn.axzo.framework.domain.page.PageResp.list(saasRoleUsers.getCurrent(),
saasRoleUsers.getSize(),
saasRoleUsers.getTotal(),
saasRoleUserDTOS));
}
@Override
@ -180,4 +309,46 @@ public class RoleUserController implements TyrSaasRoleUserApi {
public ApiResult<Boolean> batchUpdateById(List<RoleUserUpdateReq> roleUserUpdateReqs) {
return ApiResult.ok(saasRoleUserService.batchUpdateById(roleUserUpdateReqs));
}
@Override
public ApiResult<PageResp<SaasRoleUserRelationDTO>> pageRoleUserRelation(PageRoleUserRelationReq param) {
IPage page = new Page<>(param.getPage(), param.getPageSize());
PageResp resp = new PageResp();
List<SaasRoleUserRelationDTO> saasRoleUserRelationDTOS = listNormalUser(param);
if (BooleanUtils.isTrue(param.getIncludeDelete())) {
List<SaasRoleUserRelationDTO> deleteUsers = saasRoleUserRelationMapper.pageRoleUserRelation(param);
saasRoleUserRelationDTOS.addAll(deleteUsers);
}
resp.setData(saasRoleUserRelationDTOS);
return ApiResult.ok(resp);
}
private List<SaasRoleUserRelationDTO> listNormalUser(PageRoleUserRelationReq param) {
if (CollectionUtils.isEmpty(param.getRoleIds()) && CollectionUtils.isEmpty(param.getWorkspaceOUPairs())) {
return Lists.newArrayList();
}
return saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.roleIds(Lists.newArrayList(param.getRoleIds()))
.workspaceOuPairs(Optional.ofNullable(param.getWorkspaceOUPairs())
.map(e -> e.stream().map(f -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(f.getWorkspaceId())
.ouId(f.getOuId())
.build())
.collect(Collectors.toList()))
.orElse(null))
.build())
.stream()
.map(e -> {
SaasRoleUserRelationDTO saasRoleUserRelationDTO = SaasRoleUserRelationDTO.builder().build();
BeanUtils.copyProperties(e, saasRoleUserRelationDTO);
saasRoleUserRelationDTO.setId(e.getId());
saasRoleUserRelationDTO.setNaturalPersonId(e.getSaasRoleUser().getPersonId());
return saasRoleUserRelationDTO;
})
.collect(Collectors.toList());
}
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/event/inner/CacheRolePermissionHandler.java
View File

@ -3,6 +3,7 @@ package cn.axzo.tyr.server.event.inner;
import cn.axzo.framework.rocketmq.Event;
import cn.axzo.framework.rocketmq.EventConsumer;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.server.event.payload.PageElementFeatureResourceUpsertPayload;
import cn.axzo.tyr.server.event.payload.RolePermissionCreatedPayload;
@ -44,7 +45,7 @@ public class CacheRolePermissionHandler implements InitializingBean {
// return;
// }
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(Optional.ofNullable(payload.getRoleIds())
.map(Lists::newArrayList)
.orElse(null))
@ -72,7 +73,7 @@ public class CacheRolePermissionHandler implements InitializingBean {
return;
}
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleTypesNotIn(RoleTypeEnum.listAdmin())
.build();
Set<Long> roleIds = roleService.list(listSaasRoleParam).stream()

5
tyr-server/src/main/java/cn/axzo/tyr/server/event/inner/CacheRoleSaasFeatureResourceHandler.java
View File

@ -3,6 +3,7 @@ package cn.axzo.tyr.server.event.inner;
import cn.axzo.framework.rocketmq.Event;
import cn.axzo.framework.rocketmq.EventConsumer;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.server.event.payload.PageElementFeatureResourceUpsertPayload;
import cn.axzo.tyr.server.event.payload.RolePermissionCreatedPayload;
@ -45,7 +46,7 @@ public class CacheRoleSaasFeatureResourceHandler implements InitializingBean {
// return;
// }
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(Optional.ofNullable(payload.getRoleIds())
.map(Lists::newArrayList)
.orElse(null))
@ -73,7 +74,7 @@ public class CacheRoleSaasFeatureResourceHandler implements InitializingBean {
return;
}
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleTypesNotIn(RoleTypeEnum.listAdmin())
.build();

1
tyr-server/src/main/java/cn/axzo/tyr/server/event/inner/EventTypeEnum.java
View File

@ -11,6 +11,7 @@ public enum EventTypeEnum {
SAAS_FEATURE_UPSERT("saas-feature", "saas-feature-upsert", "旧菜单树更新"),
SAAS_FEATURE_RESOURCE_UPSERT("saas-feature-resource", "saas-feature-resource-upsert", "新菜单树更新"),
PAGE_ELEMENT_FEATURE_RESOURCE_UPSERT("page-element-feature-resource", "page-element-feature-resource-upsert", "菜单-页面元素绑定关系更新"),
SAAS_ROLE_USER_RELATION_REMOVED("saas-role-user-relation", "saas-role-user-relation-removed", "删除用户角色信息"),
;
EventTypeEnum(String model, String name, String desc) {

19
tyr-server/src/main/java/cn/axzo/tyr/server/event/payload/SaasRoleUserRelationRemovePayload.java Normal file
View File

@ -0,0 +1,19 @@
package cn.axzo.tyr.server.event.payload;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.io.Serializable;
import java.util.List;
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class SaasRoleUserRelationRemovePayload implements Serializable {
private List<SaasRoleUserRelation> values;
}

7
tyr-server/src/main/java/cn/axzo/tyr/server/job/CacheRoleFeatureResourceJob.java
View File

@ -1,6 +1,7 @@
package cn.axzo.tyr.server.job;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.server.service.RoleSaasFeatureResourceCacheService;
import cn.axzo.tyr.server.service.RoleService;
@ -31,9 +32,9 @@ public class CacheRoleFeatureResourceJob extends IJobHandler {
public ReturnT<String> execute(String s) throws Exception {
log.info("start CacheRoleFeatureResourceJob, s:{}", s);
RoleService.ListSaasRoleParam listSaasRoleParam = Optional.ofNullable(s)
.map(e -> JSONObject.parseObject(e, RoleService.ListSaasRoleParam.class))
.orElseGet(() -> RoleService.ListSaasRoleParam.builder().build());
ListRoleReq listSaasRoleParam = Optional.ofNullable(s)
.map(e -> JSONObject.parseObject(e, ListRoleReq.class))
.orElseGet(() -> ListRoleReq.builder().build());
listSaasRoleParam.setRoleTypesNotIn(RoleTypeEnum.listAdmin());
Set<Long> roleIds = roleService.list(listSaasRoleParam).stream()

7
tyr-server/src/main/java/cn/axzo/tyr/server/job/CacheRolePermissionJob.java
View File

@ -1,6 +1,7 @@
package cn.axzo.tyr.server.job;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.server.service.RolePermissionCacheService;
import cn.axzo.tyr.server.service.RoleService;
@ -32,9 +33,9 @@ public class CacheRolePermissionJob extends IJobHandler {
public ReturnT<String> execute(String s) throws Exception {
log.info("start CacheRolePermissionJob, s:{}", s);
RoleService.ListSaasRoleParam listSaasRoleParam = Optional.ofNullable(s)
.map(e -> JSONObject.parseObject(e, RoleService.ListSaasRoleParam.class))
.orElseGet(() -> RoleService.ListSaasRoleParam.builder().build());
ListRoleReq listSaasRoleParam = Optional.ofNullable(s)
.map(e -> JSONObject.parseObject(e, ListRoleReq.class))
.orElseGet(() -> ListRoleReq.builder().build());
listSaasRoleParam.setRoleTypesNotIn(RoleTypeEnum.listAdmin());

208
tyr-server/src/main/java/cn/axzo/tyr/server/job/UserRoleRelationCleanJob.java
View File

@ -1,208 +0,0 @@
package cn.axzo.tyr.server.job;
import cn.axzo.basics.common.BeanMapper;
import cn.axzo.basics.common.util.NumberUtil;
import cn.axzo.maokai.api.client.CooperateShipQueryApi;
import cn.axzo.maokai.api.vo.request.PersonIdentityCheckReq;
import cn.axzo.pokonyan.config.redis.RedisClient;
import cn.axzo.pokonyan.config.redis.RedisUtil;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.util.RpcInternalUtil;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.date.StopWatch;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.xxl.job.core.biz.model.ReturnT;
import com.xxl.job.core.handler.IJobHandler;
import com.xxl.job.core.handler.annotation.XxlJob;
import com.xxl.job.core.log.XxlJobLogger;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import java.lang.reflect.InvocationTargetException;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.TimeUnit;
/**
* 用户角色关系清理任务
*
* @version V1.0
* @author: ZhanSiHu
* @date: 2024/3/4 10:09
*/
@Slf4j
@Component
public class UserRoleRelationCleanJob extends IJobHandler {
private static final String CACHE_KEY = "tyr:job:u-r-r-c";
private volatile boolean runFlag = false;
@Qualifier("userRoleCleanExecutor")
@Autowired
private ExecutorService userRoleCleanExecutor;
@Autowired
private SaasRoleUserRelationDao roleUserRelationDao;
@Autowired
private CooperateShipQueryApi cooperateShipQueryApi;
@XxlJob("userRoleRelationCleanJob")
@Override
public ReturnT<String> execute(String param) throws Exception {
StopWatch watch = new StopWatch("userRoleRelationCleanJob");
XxlJobLogger.log("start user role relation clean job param{}", param);
CleanTarget cleanParam = parseParam(param);
//加载待处理数据
watch.start("load and check data");
loadCleanTarget(cleanParam);
watch.stop();
watch.start("do clean");
runFlag = true;
XxlJobLogger.log("start to clean user role relation");
while (runFlag) {
CleanTarget target = getTarget();
if (target == null) {
XxlJobLogger.log("all clean target are processed");
break;
}
//防数据库锁竞争 删除不做并发
doClean(target);
}
watch.stop();
XxlJobLogger.log("user role relation clean job finish, cost:{} seconds", watch.getTotalTimeSeconds());
return ReturnT.SUCCESS;
}
private CleanTarget getTarget() {
try {
String cacheTarget = RedisClient.ListOps.lRightPop(CACHE_KEY);
XxlJobLogger.log("---------> user role relation need to clean for:{} <----------", cacheTarget);
return StrUtil.isBlank(cacheTarget) ? null : JSON.parseObject(cacheTarget, CleanTarget.class);
} catch (Exception ex) {
XxlJobLogger.log("get cached data error:{}", ex.getMessage());
}
return null;
}
@Override
public void destroy() throws InvocationTargetException, IllegalAccessException {
this.runFlag = false;
super.destroy();
}
private void doClean(CleanTarget target) {
try {
roleUserRelationDao.cleanTargetRelation(target);
} catch (Exception ex) {
XxlJobLogger.log("clean target:{} error", JSON.toJSONString(target));
log.warn("clean target:{} error", JSON.toJSONString(target), ex);
}
}
private void loadCleanTarget(CleanTarget cleanParam) throws InterruptedException {
XxlJobLogger.log("clear cache data");
RedisClient.KeyOps.delete(CACHE_KEY);
XxlJobLogger.log("load and check clean target data from db");
SaasRoleUserRelation condition = new SaasRoleUserRelation();
condition.setOuId(cleanParam.getOuId());
condition.setWorkspaceId(cleanParam.getWorkspaceId());
condition.setNaturalPersonId(cleanParam.getPersonId());
Page<SaasRoleUserRelation> countInfo = roleUserRelationDao.batListCleanRelation(condition, new Page<>(1, 10));
if (!NumberUtil.isPositiveNumber(countInfo.getTotal())) {
XxlJobLogger.log("no data found to check");
return;
}
final CountDownLatch latch = new CountDownLatch((int) countInfo.getTotal());
int page = 1;
while (true) {
XxlJobLogger.log(" load data page:{} ", page);
Page<SaasRoleUserRelation> pageResult = roleUserRelationDao.batListCleanRelation(condition, new Page<>(page++, cleanParam.getPageSize()));
List<SaasRoleUserRelation> records = pageResult.getRecords();
if (CollectionUtil.isEmpty(records)) {
break;
}
for (SaasRoleUserRelation relation : records) {
CompletableFuture.runAsync(() -> checkAndCache(relation, latch), userRoleCleanExecutor);
}
}
//等数据检查完成
latch.await(30, TimeUnit.MINUTES);
}
private void checkAndCache(SaasRoleUserRelation relation, CountDownLatch latch) {
//检查person profile是否存在 ?
//检查人是否还在工作台
try {
CleanTarget target = CleanTarget.builder()
.ouId(relation.getOuId())
.workspaceId(relation.getWorkspaceId())
.personId(relation.getNaturalPersonId())
.identityId(relation.getIdentityId())
.identityType(relation.getIdentityType())
.build();
PersonIdentityCheckReq checkReq = BeanMapper.copyBean(target, PersonIdentityCheckReq.class);
Boolean exists = RpcInternalUtil.rpcProcessor(() -> cooperateShipQueryApi.checkPersonIdentity(checkReq),
"check identity in workspace", checkReq).getData();
if (exists) {
return;
}
//直接删除会导致分页不准
RedisClient.ListOps.lLeftPush(CACHE_KEY, JSON.toJSONString(target));
} catch (Exception ex) {
XxlJobLogger.log("check user role relation error:{}", ex.getMessage());
} finally {
latch.countDown();
}
}
private CleanTarget parseParam(String param) {
if (StrUtil.isBlank(param)) {
return new CleanTarget();
}
CleanTarget jobParam = JSON.parseObject(param, CleanTarget.class);
if (!NumberUtil.isPositiveNumber(jobParam.getPageSize())) {
jobParam.setPageSize(100);
}
return jobParam;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public static class CleanTarget {
private Long ouId;
private Long workspaceId;
private Long personId;
private Long identityId;
private Integer identityType;
private Integer pageSize = 20;
}
}

8
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java
View File

@ -91,13 +91,9 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
.list();
}
public Page<SaasRole> pageQueryForOUWorkspace(RoleWithUserQueryReq req) {
public Page<SaasRole> pageQueryForOUWorkspace(RoleWithUserQueryReq req, Integer superAdminWorkspaceType) {
IPage<SaasRole> page = new Page<>(req.getPage(), req.getPageSize());
return this.baseMapper.pageQueryForOUWorkspace(page, req.getOuId(), req.getWorkspaceId(), req.getWorkspaceJoinType());
}
public List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType) {
return this.baseMapper.listForOUWorkspace(ouId, workspaceId, workspaceJoinType);
return this.baseMapper.pageQueryForOUWorkspace(page, req.getOuId(), req.getWorkspaceId(), req.getWorkspaceJoinType(), superAdminWorkspaceType);
}
public void removeWorkspaceOuAllRole(Long workspaceId, Long ouId) {

80
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java
View File

@ -2,58 +2,25 @@ package cn.axzo.tyr.server.repository.dao;
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum;
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
import cn.axzo.tyr.server.job.UserRoleRelationCleanJob;
import cn.axzo.tyr.server.model.RoleUserInfo;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.collection.CollectionUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
@Repository
public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMapper, SaasRoleUserRelation> {
public List<SaasRoleUserRelation> query(Long identityId, Integer identityType, Long workspaceId, Long ouId) {
return this.lambdaQuery()
.eq(SaasRoleUserRelation::getIdentityId, identityId)
.eq(SaasRoleUserRelation::getIdentityType, identityType)
.eq(null != workspaceId, SaasRoleUserRelation::getWorkspaceId, workspaceId)
.eq(null != ouId, SaasRoleUserRelation::getOuId, ouId)
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
.list();
}
public List<SaasRoleUserRelation> queryByPersonId(Long personId, Long workspaceId, Long ouId) {
return this.lambdaQuery()
.eq(SaasRoleUserRelation::getNaturalPersonId, personId)
.eq(null != workspaceId, SaasRoleUserRelation::getWorkspaceId, workspaceId)
.eq(null != ouId, SaasRoleUserRelation::getOuId, ouId)
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
.list();
}
public void deleteByRoleId(List<Long> roleId) {
lambdaUpdate()
.in(SaasRoleUserRelation::getRoleId,roleId)
.set(BaseEntity::getIsDelete,TableIsDeleteEnum.DELETE.value)
.update();
}
public void deleteById(List<Long> ids) {
if (CollUtil.isEmpty(ids)) {
return;
@ -81,30 +48,6 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
);
}
/**
* <pre>
* 查询人所在的工作台或者单位中的数据
* 注意
* 这里的workspaceId与ouId不是一一对应的 {@code where (workspaceId = A and ouId = B or (workapceId = xx and ouId = xx }
* 如果需要一一对应请在代码中匹配
* </pre>
* @param identityId
* @param identityType
* @param workspaceIds
* @param ouIds
* @return
*/
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
return lambdaQuery()
.eq(Objects.nonNull(personId), SaasRoleUserRelation::getNaturalPersonId, personId)
.eq(Objects.nonNull(identityId), SaasRoleUserRelation::getIdentityId, identityId)
.eq(Objects.nonNull(identityType), SaasRoleUserRelation::getIdentityType, identityType)
.in(CollectionUtil.isNotEmpty(workspaceIds), SaasRoleUserRelation::getWorkspaceId, workspaceIds)
.in(CollectionUtil.isNotEmpty(ouIds), SaasRoleUserRelation::getOuId, ouIds)
.list();
}
public void removeWorkspaceOuAllUserRole(Long workspaceId, Long ouId) {
lambdaUpdate()
.eq(SaasRoleUserRelation::getWorkspaceId, workspaceId)
@ -146,16 +89,6 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
.list();
}
public List<SaasRoleUserRelation> findValidByNodeResource(Long personId, Long nodeId, Long roleId) {
return lambdaQuery()
.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value)
.eq(SaasRoleUserRelation::getResourceType, RoleResourceTypeEnum.NODE.code)
.eq(Objects.nonNull(nodeId), SaasRoleUserRelation::getResourceId, nodeId)
.eq(Objects.nonNull(personId), SaasRoleUserRelation::getNaturalPersonId, personId)
.eq(Objects.nonNull(roleId), SaasRoleUserRelation::getRoleId, roleId)
.list();
}
public void removeByResource(RemoveRoleUserByResource req) {
List<Long> identityId = req.getIdentityId();
lambdaUpdate()
@ -169,18 +102,5 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
.setSql(" is_delete = id").update();
}
public Page<SaasRoleUserRelation> batListCleanRelation(SaasRoleUserRelation cleanParam, IPage<SaasRoleUserRelation> page) {
return this.baseMapper.batListCleanRelation(page, cleanParam);
}
public void cleanTargetRelation(UserRoleRelationCleanJob.CleanTarget target) {
this.remove(new LambdaQueryWrapper<SaasRoleUserRelation>()
.eq(SaasRoleUserRelation::getOuId, target.getOuId())
.eq(SaasRoleUserRelation::getWorkspaceId, target.getWorkspaceId())
.eq(SaasRoleUserRelation::getIdentityId, target.getIdentityId())
.eq(SaasRoleUserRelation::getIdentityType, target.getIdentityType()));
}
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleGroup.java
View File

@ -80,6 +80,11 @@ public class SaasRoleGroup extends BaseEntity<SaasRoleGroup> implements Serializ
*/
private Long parentId;
/**
* ID层级路径 逗号分隔
*/
private String path;
/**
* 获取主键值
*

3
tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleMapper.java
View File

@ -22,7 +22,8 @@ public interface SaasRoleMapper extends BaseMapper<SaasRole> {
List<SaasRoleWithUser> listRoleUserByPermissionGroup(List<Long> permissionGroupIds, Set<Long> workspaceIds);
Page<SaasRole> pageQueryForOUWorkspace(IPage<SaasRole> page, Long ouId, Long workspaceId, Integer workspaceJoinType);
Page<SaasRole> pageQueryForOUWorkspace(IPage<SaasRole> page, Long ouId, Long workspaceId, Integer workspaceJoinType,
Integer superAdminWorkspaceType);
List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType);

14
tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleUserRelationMapper.java
View File

@ -1,9 +1,9 @@
package cn.axzo.tyr.server.repository.mapper;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO;
import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationReq;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
@ -11,13 +11,12 @@ import lombok.NoArgsConstructor;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import java.util.List;
import java.util.Set;
@Mapper
public interface SaasRoleUserRelationMapper extends BaseMapper<SaasRoleUserRelation> {
Page<SaasRoleUserRelation> batListCleanRelation(IPage<SaasRoleUserRelation> page, @Param("param") SaasRoleUserRelation cleanParam);
/**
* 现在没有数据可以查询项目的角色
* 通过权限点找有权限的人需要这个接口
@ -26,6 +25,13 @@ public interface SaasRoleUserRelationMapper extends BaseMapper<SaasRoleUserRelat
*/
Set<Long> listRoleIds(@Param("param") ListRole listRole);
/**
* 临时支持REQ-3034后续会删除
* @param param
* @return
*/
List<SaasRoleUserRelationDTO> pageRoleUserRelation(@Param("param") PageRoleUserRelationReq param);
@Data
@Builder
@NoArgsConstructor

133
tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java
View File

@ -9,6 +9,8 @@ import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.req.ChangeGroupLeaderRoleReq;
import cn.axzo.tyr.client.model.req.FeatureIdPair;
import cn.axzo.tyr.client.model.req.FeatureRoleRelationReq;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.PageRoleReq;
import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
import cn.axzo.tyr.client.model.req.QueryRoleByNameReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
@ -99,9 +101,9 @@ public interface RoleService extends IService<SaasRole> {
/** 查询超管和管理员角色 **/
List<SaasRole> listAdmins(Long workspaceId, Long ouId);
List<SaasRoleRes> list(ListSaasRoleParam param);
List<SaasRoleRes> list(ListRoleReq param);
cn.axzo.foundation.page.PageResp<SaasRoleRes> page(PageSaasRoleParam param);
cn.axzo.foundation.page.PageResp<SaasRoleRes> page(PageRoleReq param);
void saveOrUpdateFeatureRoleRelation(List<FeatureRoleRelationReq.RelationRoleSettings> req, Long operatorId);
@ -109,132 +111,5 @@ public interface RoleService extends IService<SaasRole> {
List<SaasFeature> validFeature(List<Long> featureIds);
@SuperBuilder
@Data
@NoArgsConstructor
@AllArgsConstructor
class ListSaasRoleParam {
@CriteriaField(field = "id", operator = Operator.IN)
private List<Long> roleIds;
@CriteriaField(field = "workspaceType", operator = Operator.EQ)
private Integer workspaceType;
@CriteriaField(field = "isDisplay", operator = Operator.EQ)
private Boolean isDisplay;
@CriteriaField(field = "roleCode", operator = Operator.EQ)
private String roleCode;
@CriteriaField(field = "workspaceId", operator = Operator.IN)
private List<Long> workspaceIds;
@CriteriaField(field = "ownerOuId", operator = Operator.IN)
private List<Long> ouIds;
@CriteriaField(field = "enabled", operator = Operator.EQ)
private Boolean enabled;
@CriteriaField(field = "roleType", operator = Operator.IN)
private List<String> roleTypes;
@CriteriaField(field = "roleType", operator = Operator.NOT_IN)
private List<String> roleTypesNotIn;
@CriteriaField(field = "id", operator = Operator.NE)
private Long idNE;
/**
* 角色权限码
*/
@CriteriaField(field = "roleCode", operator = Operator.IN)
private Set<String> roleCodes;
/**
* 权限点从saas_feature_resource表查询
*/
@CriteriaField(ignore = true)
private Boolean needPermission;
@CriteriaField(ignore = true)
private Boolean needRoleGroup;
@CriteriaField(ignore = true)
private Boolean needRoleUser;
/**
* 当前非oms和政务端的权限存储在saas_feature
* 权限点从saas_feature表查询
*/
@CriteriaField(ignore = true)
private Boolean needPermissionOld;
/**
* 根据权限点id过滤
*/
@CriteriaField(ignore = true)
private List<Long> featureIds;
@CriteriaField(ignore = true)
private Boolean needPermissionRelation;
/**
* 是否需要预设角色因为预设角色的workspaceId和ouId为-1
*/
@CriteriaField(ignore = true)
private Boolean needPresetRole;
/**
* 查询菜单树节点类型
*/
@CriteriaField(ignore = true)
private List<FeatureResourceType> featureResourceTypes;
/**
* 新旧权限点needPermissionRelation = true时最好带上因为新旧权限点会有冲突的情况发生
*/
@CriteriaField(ignore = true)
private Integer type;
/**
* 查询权限点时会根据端过滤增加效率目前只有CMS端的新版本才冗余了端
*/
@CriteriaField(ignore = true)
private String terminal;
/**
* workspaceId和ouId配对查询
* 例如((workspaceId = ## and ouId = ##) or (workspaceId = ## and ouId = ##))
*/
@CriteriaField(ignore = true)
private List<ListRoleUserRelationParam.WorkspaceOuPair> workspaceOuPairs;
@CriteriaField(field = "workspaceId", operator = Operator.EQ)
private Long workspaceId;
@CriteriaField(field = "ownerOuId", operator = Operator.EQ)
private Long ouId;
}
@SuperBuilder
@Data
@NoArgsConstructor
@AllArgsConstructor
class PageSaasRoleParam extends ListSaasRoleParam implements IPageReq {
@CriteriaField(ignore = true)
Integer page;
@CriteriaField(ignore = true)
Integer pageSize;
/**
* 排序使用示例createTime__DESC
*/
@CriteriaField(ignore = true)
List<String> sort;
}
List<RoleWithFeature> listWithFeatures(Set<Long> roleIds, Set<Long> featureIds);
}

39
tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserRelationService.java
View File

@ -1,28 +1,51 @@
package cn.axzo.tyr.server.service;
import cn.axzo.framework.domain.page.PageResp;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
import cn.axzo.tyr.server.repository.entity.SaasRole;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.baomidou.mybatisplus.extension.service.IService;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Set;
/**
* @author haiyangjin
* @date 2023/9/14
*/
public interface SaasRoleUserRelationService extends IService<SaasRoleUserRelation> {
List<SaasRoleUserDTO> list(RoleUserParam param);
PageResp<SaasRoleUserDTO> pageQuery(RoleUserParam param);
List<SaasRoleUserV2DTO> listV2(ListRoleUserRelationParam param);
cn.axzo.foundation.page.PageResp<SaasRoleUserV2DTO> page(PageRoleUserRelationParam param);
void upsert(UpsertParam param);
void batchRemove(BatchRemoveParam param);
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class UpsertParam {
private List<SaasRoleUserRelation> saasRoleUserRelations;
private Long operator;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class BatchRemoveParam {
private Set<Long> ids;
private Long operator;
}
}

26
tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
View File

@ -21,32 +21,6 @@ public interface SaasRoleUserService {
void saveOrUpdate(RoleUserReq req);
/**
* 是超管
*
* @param identityId
* @param workspaceId
* @param ouId
* @return
*/
boolean isSuperAdmin(Long identityId, IdentityType identityType, Long workspaceId, Long ouId);
/**
* <pre>
* 查询人所在的工作台或者单位中的数据
* 注意
* 这里的workspaceId与ouId不是一一对应的 {@code where (workspaceId = A and ouId = B or (workapceId = xx and ouId = xx }
* 如果需要一一对应请在代码中匹配
* </pre>
*
* @param identityId
* @param identityType
* @param workspaceIds
* @param ouIds
* @return
*/
List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds);
/**
* workpaceId + ownerOuId + roleId + 手机号 + 姓名 赋予角色支持角色赋予的同时 角色创建
* work for: 组织 + 服务包

54
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java
View File

@ -37,6 +37,7 @@ import cn.axzo.tyr.client.model.res.NavTreeResp;
import cn.axzo.tyr.client.model.res.ProductFeatureResourceResp;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.client.model.res.SaasPermissionRelationRes;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.res.TreePermissionResp;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
@ -51,7 +52,6 @@ import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.service.PermissionQueryService;
import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.ProductSaasFeatureResourceCacheService;
@ -61,7 +61,6 @@ import cn.axzo.tyr.server.service.SaasFeatureResourceService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.service.TyrSaasAuthService;
import cn.axzo.tyr.server.service.WorkspaceProductService;
import cn.axzo.tyr.server.util.KeyUtil;
import cn.axzo.tyr.server.utils.RpcInternalUtil;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
@ -657,21 +656,21 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
private List<PermissionDO> queryUserPermission(PermissionQueryContext context) {
//查询用户具有的角色
List<SaasRoleUserRelation> userRoleRelations = listRoleUserRelations(context);
List<SaasRoleUserV2DTO> userRoleRelations = listRoleUserRelations(context);
if (CollectionUtil.isEmpty(userRoleRelations)) {
log.warn("no user role relation found");
return Collections.emptyList();
}
//查询租户产品权限点
List<WorkspaceFeatureRelation> workspaceFeatureRelations = listWorkspaceFeatureRelations(context);
Set<Long> roleIds = userRoleRelations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toSet());
Set<Long> roleIds = userRoleRelations.stream().map(SaasRoleUserV2DTO::getRoleId).collect(Collectors.toSet());
//查询角色权限
List<RoleWithFeature> roles = roleService.listWithFeatures(roleIds, context.getFeatureIds());
//取交集确定权限
return buildFinalPermission(userRoleRelations, workspaceFeatureRelations, roles);
}
private List<PermissionDO> buildFinalPermission(List<SaasRoleUserRelation> userRoleRelations,
private List<PermissionDO> buildFinalPermission(List<SaasRoleUserV2DTO> userRoleRelations,
List<WorkspaceFeatureRelation> workspaceFeatureRelations,
List<RoleWithFeature> roles) {
@ -684,7 +683,7 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
Set<Long> authFreeFeatureIds = featureResourceService.listAuthFree();
//按拥有的角色构建权限结果
Map<String, PermissionDO> result = new HashMap<>();
for (SaasRoleUserRelation relation : userRoleRelations) {
for (SaasRoleUserV2DTO relation : userRoleRelations) {
RoleWithFeature role = roleMap.get(relation.getRoleId());
if (role == null) {
log.warn("no role found for id:{}", relation.getRoleId());
@ -788,43 +787,34 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
return result;
}
private List<SaasRoleUserRelation> listRoleUserRelations(PermissionQueryContext context) {
private List<SaasRoleUserV2DTO> listRoleUserRelations(PermissionQueryContext context) {
if (CollectionUtil.isNotEmpty(context.getPreviewRoleIds())) {
//指定了角色 则不需要去查用户角色关系
log.info("mock specify roles relation");
return mockRoleUserRelation(context);
}
//查询人员角色关系
Set<Long> workspaceIds = new HashSet<>();
Set<Long> ouIds = new HashSet<>();
Set<String> owKeys = new HashSet<>();
List<WorkspaceOUPair> workspaceOUPairs = context.getWorkspaceOUPairs();
workspaceOUPairs.forEach(ow -> {
workspaceIds.add(ow.getWorkspaceId());
ouIds.add(ow.getOuId());
owKeys.add(KeyUtil.buildKeyBySeparator(ow.getWorkspaceId(), ow.getOuId()));
});
UserIdentity userIdentity = context.getUserIdentity();
List<SaasRoleUserRelation> relations = roleUserService.queryByWorkspaceIdOrOu(userIdentity.getPersonId(),
userIdentity.getIdentityId(), IdentityType.getIdentityType(userIdentity.getIdentityType()), workspaceIds, ouIds);
if (CollectionUtil.isEmpty(relations)) {
log.warn("no user role relations found");
return relations;
}
//工作台和单位需成对查询 对结果二次过滤
return relations.stream()
.filter(roleUserService -> owKeys.contains(
KeyUtil.buildKeyBySeparator(roleUserService.getWorkspaceId(), roleUserService.getOuId())))
.collect(Collectors.toList());
return saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(userIdentity.getPersonId())
.identityId(userIdentity.getIdentityId())
.identityType(IdentityType.getIdentityType(userIdentity.getIdentityType()))
.workspaceOuPairs(context.getWorkspaceOUPairs().stream()
.map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.build())
.collect(Collectors.toList()))
.build());
}
private List<SaasRoleUserRelation> mockRoleUserRelation(PermissionQueryContext context) {
final List<SaasRoleUserRelation> relations = new ArrayList<>();
private List<SaasRoleUserV2DTO> mockRoleUserRelation(PermissionQueryContext context) {
final List<SaasRoleUserV2DTO> relations = new ArrayList<>();
List<WorkspaceOUPair> workspaceOUPairs = context.getWorkspaceOUPairs();
// mock 看做已有指定的角色
for (WorkspaceOUPair ow : workspaceOUPairs) {
List<SaasRoleUserRelation> mockRelations = context.getPreviewRoleIds().stream().map(id -> {
SaasRoleUserRelation relation = new SaasRoleUserRelation();
List<SaasRoleUserV2DTO> mockRelations = context.getPreviewRoleIds().stream().map(id -> {
SaasRoleUserV2DTO relation = SaasRoleUserV2DTO.builder().build();
relation.setRoleId(id);
relation.setOuId(ow.getOuId());
relation.setWorkspaceId(ow.getWorkspaceId());

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RolePermissionCacheServiceImpl.java
View File

@ -1,6 +1,7 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.client.model.res.SaasPermissionRelationRes;
@ -111,7 +112,7 @@ public class RolePermissionCacheServiceImpl implements RolePermissionCacheServic
}
private Map<Long, List<PermissionDTO>> listRolePermission(List<Long> roleIds) {
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(roleIds)
.needPermissionRelation(true)
.build();

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleSaasFeatureResourceCacheServiceImpl.java
View File

@ -2,6 +2,7 @@ package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.client.model.res.SaasPermissionRelationRes;
@ -116,7 +117,7 @@ public class RoleSaasFeatureResourceCacheServiceImpl implements RoleSaasFeatureR
return Collections.emptyMap();
}
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(roleIds)
.needPermissionRelation(true)
.type(NEW_FEATURE)

232
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
View File

@ -1,5 +1,8 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.apollo.workspace.api.workspace.WorkspaceApi;
import cn.axzo.apollo.workspace.api.workspace.req.GetSimpleWorkspaceReqV2;
import cn.axzo.apollo.workspace.api.workspace.res.SimpleWorkspaceRes;
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.basics.profiles.api.UserProfileServiceApi;
@ -16,7 +19,10 @@ import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.enums.PermissionGroupType;
import cn.axzo.tyr.client.model.req.ChangeGroupLeaderRoleReq;
import cn.axzo.tyr.client.model.req.FeatureRoleRelationReq;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PagePgroupPermissionRelationReq;
import cn.axzo.tyr.client.model.req.PageRoleReq;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
import cn.axzo.tyr.client.model.req.QueryRoleByNameReq;
@ -28,10 +34,12 @@ import cn.axzo.tyr.client.model.res.FeatureRoleRelationResp;
import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
import cn.axzo.tyr.client.model.res.RoleGroupRelationRes;
import cn.axzo.tyr.client.model.res.RoleWithUserRes;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.client.model.res.SaasPermissionRelationRes;
import cn.axzo.tyr.client.model.res.SaasPermissionRes;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.res.SaasRoleGroupRes;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
@ -82,6 +90,7 @@ import cn.axzo.tyr.server.service.SaasRoleGroupRelationService;
import cn.axzo.tyr.server.service.SaasRoleGroupService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.util.RpcInternalUtil;
import cn.axzo.tyr.server.utils.RpcExternalUtil;
import cn.azxo.framework.common.constatns.Constants;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollUtil;
@ -199,14 +208,27 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
private String groupLeaderCode;
@Autowired
private final MqProducer mqProducer;
private MqProducer mqProducer;
@Autowired
private WorkspaceApi workspaceApi;
private static final String TARGET_TYPE = "saasFeatureResourceId";
@Override
public List<SaasRoleVO> queryByIdentityIdType(Long identityId, Integer identityType, Long workspaceId, Long ouId, Boolean includePermissionGroup) {
// 查询人关联的角色id
List<Long> roleIds = roleUserRelationDao.query(identityId, identityType, workspaceId, ouId).stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
// 去掉原代码切换至统一查询接口
List<Long> roleIds = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.identityId(identityId)
.identityType(Optional.ofNullable(identityType)
.map(IdentityType::getIdentityType)
.orElse(null))
.workspaceId(workspaceId)
.ouId(ouId)
.build())
.stream()
.map(SaasRoleUserV2DTO::getRoleId)
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(roleIds)) {
return new ArrayList<>();
}
@ -328,17 +350,54 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
.eq(Objects.nonNull(req.getProductUnitType()), SaasRole::getProductUnitType, req.getProductUnitType())
.orderByDesc(BaseEntity::getId)
.list();
list.addAll(listSuperAdmin(req));
return getByIds(list.stream().map(BaseEntity::getId).collect(Collectors.toList()), req.getIsCommon(), req.getWorkspaceId(), req.getOuId(), req.getIncludePermissionGroup(), req.getIncludeSpecialRole());
}
/**
* 历史每个workspaceId都有一个超管角色现在每个业务类一个超管角色
* 新的超管角色workspaceId = 0(不是-1是因为很多接口默认就会查询-1的数据要过滤掉超管角色比较复杂)
* 历史传入workspaceId时会查询出项目的超管角色所以有传workspaceId时需要兼容历史接口
* @param req
* @return
*/
private List<SaasRole> listSuperAdmin(QuerySaasRoleReq req) {
if (CollectionUtils.isEmpty(req.getWorkspaceId())) {
return Collections.emptyList();
}
GetSimpleWorkspaceReqV2 build = GetSimpleWorkspaceReqV2.builder()
.ids(req.getWorkspaceId())
.build();
List<SimpleWorkspaceRes> workspaces = RpcExternalUtil.rpcApolloProcessor(() -> workspaceApi.getListV2(build),
"查询项目信息", build);
if (CollectionUtils.isEmpty(workspaces)) {
return Collections.emptyList();
}
return saasRoleDao.lambdaQuery()
.eq(SaasRole::getWorkspaceId, 0)
.eq(SaasRole::getOwnerOuId, 0)
.in(SaasRole::getWorkspaceType, Lists.transform(workspaces, SimpleWorkspaceRes::getType))
.eq(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue())
.list();
}
@Override
public List<QueryBatchByIdentityIdTypeRes> queryBatchByIdentityIdType(List<QueryByIdentityIdTypeReq> req) {
List<QueryBatchByIdentityIdTypeRes> result = new ArrayList<>();
req.stream().distinct().forEach(e -> {
if (e.getPersonId() != null) {
List<Long> roleIds = roleUserRelationDao.queryByPersonId(e.getPersonId(), e.getWorkspaceId(), e.getOuId())
// 去掉重复查询切换至统一查询
List<Long> roleIds = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(e.getPersonId())
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.build())
.stream()
.map(SaasRoleUserRelation::getRoleId)
.map(SaasRoleUserV2DTO::getRoleId)
.collect(Collectors.toList());
List<SaasRoleVO> saasRoles = getByIds(roleIds, null, null, null, false, null);
result.add(QueryBatchByIdentityIdTypeRes.builder()
@ -605,7 +664,17 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
public List<IsSuperAdminRes> isSuperAdmin(List<QueryByIdentityIdTypeReq> req) {
List<IsSuperAdminRes> result = new ArrayList<>();
req.forEach(e -> {
List<Long> roleIds = roleUserRelationDao.query(e.getIdentityId(), e.getIdentityType(), e.getWorkspaceId(), e.getOuId()).stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
List<Long> roleIds = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.identityId(e.getIdentityId())
.identityType(Optional.ofNullable(e.getIdentityType())
.map(IdentityType::getIdentityType)
.orElse(null))
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.build())
.stream()
.map(SaasRoleUserV2DTO::getRoleId)
.collect(Collectors.toList());
List<SaasRole> list = new ArrayList<>();
if (CollectionUtils.isNotEmpty(roleIds)) {
list = saasRoleDao.lambdaQuery()
@ -644,7 +713,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
if (StringUtils.isBlank(saveOrUpdateRole.getRoleCode())) {
return;
}
List<SaasRoleRes> oldSaasRoles = this.list(ListSaasRoleParam.builder()
List<SaasRoleRes> oldSaasRoles = this.list(ListRoleReq.builder()
.roleCode(saveOrUpdateRole.getRoleCode())
.idNE(saveOrUpdateRole.getId())
.build());
@ -874,11 +943,35 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
.list();
}
/**
* 历史每个workspaceId都有一个超管角色现在每个业务类一个超管角色
* 新的超管角色workspaceId = 0(不是-1是因为很多接口默认就会查询-1的数据要过滤掉超管角色比较复杂)
* 历史传入workspaceId时会查询出项目的超管角色所以有传workspaceId时需要兼容历史接口
* @param req
* @return
*/
private Integer resolveSuperAdminWorkspaceType(RoleWithUserQueryReq req) {
if (Objects.isNull(req.getWorkspaceId())) {
return null;
}
GetSimpleWorkspaceReqV2 build = GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(req.getWorkspaceId()))
.build();
List<SimpleWorkspaceRes> workspaces = RpcExternalUtil.rpcApolloProcessor(() -> workspaceApi.getListV2(build),
"查询项目信息", build);
return workspaces.stream()
.map(SimpleWorkspaceRes::getType)
.findFirst()
.orElse(null);
}
@Override
public PageResp<RoleWithUserRes> queryRoleWithUser(RoleWithUserQueryReq req) {
page2Default(req);
//按role进行分页查询 -
Page<SaasRole> rolePage = saasRoleDao.pageQueryForOUWorkspace(req);
Integer superAdminWorkspaceType = resolveSuperAdminWorkspaceType(req);
Page<SaasRole> rolePage = saasRoleDao.pageQueryForOUWorkspace(req, superAdminWorkspaceType);
if (CollectionUtil.isEmpty(rolePage.getRecords())) {
return PageResp.list(req.getPage(), req.getPageSize(), 0L, Collections.emptyList());
}
@ -1020,8 +1113,15 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
}
saasRoleDao.delete(deleteRoleParam.getRoleIds());
// 未根据id进行更新会存在死锁的风险但是角色的操作频率很低可以先不考虑
roleUserRelationDao.deleteByRoleId(deleteRoleParam.getRoleIds());
// 收口remove接口通过id更新不会出现死锁并补发mq
// 因为角色用户数据量巨大应该是角色删除后发送mq异步解耦去删除相关数据但是得等角色的写接口收口后才能做
List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.roleIds(deleteRoleParam.getRoleIds())
.build());
saasRoleUserRelationService.batchRemove(SaasRoleUserRelationService.BatchRemoveParam.builder()
.ids(saasRoleUsers.stream().map(SaasRoleUserV2DTO::getId).collect(Collectors.toSet()))
.build());
roleGroupRelationDao.deleteGroupRelation(deleteRoleParam.getRoleIds());
saasPgroupRoleRelationDao.deleteByRoleId(deleteRoleParam.getRoleIds());
}
@ -1159,7 +1259,19 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
List<Long> baseRoleIds = voList.get(0).getRoleInfos().stream().map(SaasRoleVO::getId).collect(Collectors.toList());
List<SaasRoleUserRelation> userRelationList = reqs.stream().map(req -> {
List<SaasRoleUserRelation> nowRelations = saasRoleUserRelationDao.findValidByNodeResource(req.getGroupLeaderPersonId(), req.getGroupNodeId(), null);
List<SaasRoleUserRelation> nowRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(req.getGroupLeaderPersonId())
.resourceType(RoleResourceTypeEnum.NODE.code)
.resourceId(req.getGroupNodeId())
.build())
.stream()
.map(e -> {
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
BeanUtils.copyProperties(e, saasRoleUserRelation);
return saasRoleUserRelation;
})
.collect(Collectors.toList());
Map<Long, SaasRoleUserRelation> relationMap = nowRelations.stream().collect(Collectors.toMap(SaasRoleUserRelation::getRoleId, Function.identity(), (a, b) -> a));
List<Long> roleIdList = req.getRoleIdList();
if (CollUtil.isNotEmpty(roleIdList)) {
@ -1276,9 +1388,9 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
}
@Override
public List<SaasRoleRes> list(ListSaasRoleParam param) {
public List<SaasRoleRes> list(ListRoleReq param) {
return PageConverter.drainAll(pageNumber -> {
PageSaasRoleParam pageParam = PageSaasRoleParam.builder().build();
PageRoleReq pageParam = PageRoleReq.builder().build();
BeanUtils.copyProperties(param, pageParam);
pageParam.setPage(pageNumber);
pageParam.setPageSize(10000);
@ -1287,7 +1399,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
}
@Override
public cn.axzo.foundation.page.PageResp<SaasRoleRes> page(PageSaasRoleParam param) {
public cn.axzo.foundation.page.PageResp<SaasRoleRes> page(PageRoleReq param) {
QueryWrapper<SaasRole> wrapper = QueryWrapperHelper.fromBean(param, SaasRole.class);
wrapper.eq("is_delete", 0);
List<ListRoleUserRelationParam.WorkspaceOuPair> workspaceOuPairs = Lists.newArrayList();
@ -1307,6 +1419,19 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
}
});
}
if (CollectionUtils.isNotEmpty(param.getRoleGroupCodes())) {
Set<Long> roleIds = resolveRoleGroupCodes(param);
if (CollectionUtils.isEmpty(roleIds)) {
return param.toEmpty();
}
wrapper.in(CollectionUtils.isNotEmpty(roleIds), "id", roleIds);
}
// 因为历史是每一个workspaceId一个超管角色现在是一个workspaceType一个超管角色
// 为了兼容历史情况入参有workspaceId且roleType为空或者roleType包含superAdmin的需要组装superAdmin的查询条件
assembleSuperAdminWrapper(param, wrapper);
IPage<SaasRole> page = this.page(PageConverter.toMybatis(param, SaasRole.class), wrapper);
Map<Long, List<SaasRoleGroupRes>> saasRoleGroups = listRoleGroups(param, page.getRecords());
@ -1326,6 +1451,72 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
permissionRelations));
}
/**
* 因为历史是每一个workspaceId一个超管角色现在是一个workspaceType一个超管角色
* 为了兼容历史情况入参有workspaceId且roleType为空或者roleType包含superAdmin的需要组装superAdmin的查询条件
* @param param
* @param wrapper
*/
private void assembleSuperAdminWrapper(PageRoleReq param, QueryWrapper<SaasRole> wrapper) {
if (Objects.isNull(param.getWorkspaceId())
&& CollectionUtils.isEmpty(param.getWorkspaceIds())
&& CollectionUtils.isEmpty(param.getWorkspaceOuPairs())) {
return;
}
if (CollectionUtils.isEmpty(param.getRoleTypes())
|| !param.getRoleTypes().contains(RoleTypeEnum.SUPER_ADMIN.getValue())) {
return;
}
List<Long> workspaceIds = Lists.newArrayList();
if (Objects.nonNull(param.getWorkspaceId())) {
workspaceIds.add(param.getWorkspaceId());
}
if (CollectionUtils.isNotEmpty(param.getWorkspaceIds())) {
workspaceIds.addAll(param.getWorkspaceIds());
}
if (CollectionUtils.isNotEmpty(param.getWorkspaceOuPairs())) {
workspaceIds.addAll(param.getWorkspaceOuPairs().stream()
.map(ListRoleUserRelationParam.WorkspaceOuPair::getWorkspaceId)
.collect(Collectors.toList()));
}
GetSimpleWorkspaceReqV2 build = GetSimpleWorkspaceReqV2.builder()
.ids(workspaceIds)
.build();
List<SimpleWorkspaceRes> workspaces = RpcExternalUtil.rpcApolloProcessor(() -> workspaceApi.getListV2(build),
"查询项目信息", build);
if (CollectionUtils.isEmpty(workspaces)) {
return;
}
wrapper.or(j -> {
j.in("workspace_type", Lists.transform(workspaces, SimpleWorkspaceRes::getType));
j.eq("owner_ou_id", 0L);
j.eq("workspace_id", 0L);
j.eq("role_type", RoleTypeEnum.SUPER_ADMIN.getValue());
});
}
private Set<Long> resolveRoleGroupCodes(PageRoleReq param) {
if (CollectionUtils.isEmpty(param.getRoleGroupCodes())) {
return Collections.emptySet();
}
return saasRoleGroupService.list(ListSaasRoleGroupParam.builder()
.roleGroupCodes(param.getRoleGroupCodes())
.needRoleGroupRelation(true)
.build())
.stream()
.map(SaasRoleGroupDTO::getRoleGroupRelations)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.map(RoleGroupRelationRes::getRoleId)
.collect(Collectors.toSet());
}
private SaasRoleRes from(SaasRole saasRole,
Map<Long, List<SaasRoleGroupRes>> saasRoleGroups,
Map<Long, List<SaasPermissionRes>> saasPermissions,
@ -1340,7 +1531,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
return saasRoleRes;
}
private Map<Long, List<SaasPermissionRes>> listRolePermissions(PageSaasRoleParam param,
private Map<Long, List<SaasPermissionRes>> listRolePermissions(PageRoleReq param,
List<SaasRole> saasRoles) {
if (CollectionUtils.isEmpty(saasRoles) || BooleanUtils.isNotTrue(param.getNeedPermission())) {
return Collections.emptyMap();
@ -1424,7 +1615,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
}
}
private Map<Long, List<SaasRoleGroupRes>> listRoleGroups(PageSaasRoleParam param,
private Map<Long, List<SaasRoleGroupRes>> listRoleGroups(PageRoleReq param,
List<SaasRole> saasRoles) {
if (CollectionUtils.isEmpty(saasRoles) || BooleanUtils.isNotTrue(param.getNeedRoleGroup())) {
return Collections.emptyMap();
@ -1615,7 +1806,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
return resourcePermissions;
}
private Map<Long, List<SaasRoleUserV2DTO.SaasRoleUser>> listSaasRoleUser(PageSaasRoleParam param,
private Map<Long, List<SaasRoleUserV2DTO.SaasRoleUser>> listSaasRoleUser(PageRoleReq param,
List<SaasRole> saasRoles) {
if (CollectionUtils.isEmpty(saasRoles) || BooleanUtils.isNotTrue(param.getNeedRoleUser())) {
return Collections.emptyMap();
@ -1626,6 +1817,11 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
ListRoleUserRelationParam listRoleUserRelationParam = ListRoleUserRelationParam.builder()
.roleIds(roleIds)
.needUsers(param.getNeedRoleUser())
.workspaceId(param.getWorkspaceId())
.workspaceIds(Optional.ofNullable(param.getWorkspaceIds())
.map(Sets::newHashSet)
.orElse(null))
.workspaceOuPairs(param.getWorkspaceOuPairs())
.build();
List<SaasRoleUserV2DTO> saasRoleUserV2DTOS = saasRoleUserRelationService.listV2(listRoleUserRelationParam);
@ -1640,7 +1836,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
* @param saasRoles
* @return
*/
private Map<Long, List<SaasPermissionRes>> listRolePermissionsOld(PageSaasRoleParam param,
private Map<Long, List<SaasPermissionRes>> listRolePermissionsOld(PageRoleReq param,
List<SaasRole> saasRoles) {
if (CollectionUtils.isEmpty(saasRoles) || BooleanUtils.isNotTrue(param.getNeedPermissionOld())) {
return Collections.emptyMap();
@ -1698,7 +1894,7 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
Collectors.toList())));
}
private Map<Long, List<SaasPermissionRelationRes>> listRolePermissionRelations(PageSaasRoleParam param,
private Map<Long, List<SaasPermissionRelationRes>> listRolePermissionRelations(PageRoleReq param,
List<SaasRole> saasRoles) {
if (CollectionUtils.isEmpty(saasRoles) || BooleanUtils.isNotTrue(param.getNeedPermissionRelation())) {
return Collections.emptyMap();

222
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
View File

@ -1,9 +1,18 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.apollo.workspace.api.workspace.WorkspaceConfigApi;
import cn.axzo.apollo.workspace.api.workspace.res.WorkspaceConfigInfo;
import cn.axzo.basics.common.BeanMapper;
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.basics.common.util.AssertUtil;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.maokai.api.client.OrgJobApi;
import cn.axzo.maokai.api.client.OrganizationalNodeUserQueryApi;
import cn.axzo.maokai.api.vo.request.OrgJobListReq;
import cn.axzo.maokai.api.vo.request.PersonJobAndDepartmentListReq;
import cn.axzo.maokai.api.vo.response.OrgJobRes;
import cn.axzo.maokai.api.vo.response.PersonJobAndDepartmentResp;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.pokonyan.util.KeysUtil;
import cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum;
@ -12,16 +21,20 @@ import cn.axzo.tyr.client.model.BaseWorkspaceModel;
import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.RoleUserUpdateReq;
import cn.axzo.tyr.client.model.roleuser.dto.GetUserAutoOwnRoleResp;
import cn.axzo.tyr.client.model.roleuser.dto.GetUserFeatureResourceIdsResp;
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserAutoOwnRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.GetUserFeatureResourceIdsReq;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
@ -38,8 +51,11 @@ import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation;
import cn.axzo.tyr.server.repository.entity.SaasRole;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.service.RoleService;
import cn.axzo.tyr.server.service.SaasRoleGroupService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.service.SaasRoleUserService;
import cn.axzo.tyr.server.utils.RpcExternalUtil;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONUtil;
@ -57,14 +73,15 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
/**
* 角色
*
@ -84,6 +101,11 @@ public class RoleUserService implements SaasRoleUserService {
private final SaasRoleGroupService saasRoleGroupService;
private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
private final SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
private final SaasRoleUserRelationService saasRoleUserRelationService;
private final OrgJobApi orgJobApi;
private final WorkspaceConfigApi workspaceConfigApi;
private final OrganizationalNodeUserQueryApi organizationalNodeUserQueryApi;
private final RoleService roleService;
// 单位类型默认角色关系,后面可以座位管理员的逻辑进行迭代
@Value("#{${participateUnitDefaultRoleId:{}}}")
@ -109,38 +131,104 @@ public class RoleUserService implements SaasRoleUserService {
}
}
/**
* 先写死后面做规则引擎
* @param req
*/
private void checkJobRole(RoleUserReq req) {
if (CollectionUtils.isEmpty(req.getUpdateRoleIds())) {
return;
}
WorkspaceConfigInfo workspaceConfigInfo = RpcExternalUtil.rpcApolloProcessor(() -> workspaceConfigApi.getByWorkspaceId(req.getWorkspaceId()),
"查询租户配置信息", req.getWorkspaceId());
if (Objects.isNull(workspaceConfigInfo) || Objects.equals(workspaceConfigInfo.getCreateUserRoleLimit(), 0)) {
return;
}
PersonJobAndDepartmentListReq personJobAndDepartmentListReq = PersonJobAndDepartmentListReq.builder()
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.personIds(Lists.newArrayList(req.getPersonId()))
.build();
String rpcMethod = "organizationalNodeUserApi#listJobAndDepartments";
Supplier<ApiResult<List<PersonJobAndDepartmentResp>>> rpcSupplier = () -> organizationalNodeUserQueryApi.listJobAndDepartments(personJobAndDepartmentListReq);
List<Long> personJobIds = RpcExternalUtil.rpcApiResultProcessor(rpcSupplier, rpcMethod, req)
.stream()
.filter(e -> Objects.nonNull(e.getJob()))
.map(e -> e.getJob().getId())
.distinct()
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(personJobIds)) {
return;
}
Set<Long> excludeRoleIds = RpcExternalUtil.rpcApiResultProcessor(() -> orgJobApi.list(OrgJobListReq.builder()
.jobIdList(personJobIds)
.build()), "查询岗位角色限制配置", personJobIds)
.stream()
.map(OrgJobRes::getExcludeRoleIds)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toSet());
if (CollectionUtils.isEmpty(excludeRoleIds)) {
return;
}
Sets.SetView<Long> intersection = Sets.intersection(req.getUpdateRoleIds(), excludeRoleIds);
if (!intersection.isEmpty()) {
throw new ServiceException("不能勾选岗位的不可选角色");
}
}
@Override
@Transactional(rollbackFor = Exception.class)
public void saveOrUpdate(RoleUserReq req) {
checkJobRole(req);
Set<Long> updateRoleIds = req.getUpdateRoleIds();
// 特殊角色因为特殊角色不会在用户端回显编辑后会被覆盖导致角色错误
Set<Long> specialRoleIds = new HashSet<>(this.getSpecialRole());
// 角色校验(不能将角色修改为管理员角色)
if (CollectionUtils.isNotEmpty(updateRoleIds)) {
List<SaasRole> roles = saasRoleDao.listByIds(updateRoleIds);
if (roles.stream().anyMatch(e -> RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole())) {
if (roles.stream()
.filter(e -> !specialRoleIds.contains(e.getId()))
.anyMatch(e -> RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole())) {
throw new ServiceException("暂不支持更换/移除管理员角色");
}
}
// 查询用户所有角色
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.query(req.getIdentityId(), req.getIdentityType().getCode(), req.getWorkspaceId(), req.getOuId());
// 切换至统一查询接口原代码去掉
List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.identityId(req.getIdentityId())
.identityType(req.getIdentityType())
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.build());
// 当前用户非超管自定义的角色
List<Long> notAdminAndAutoOwnRole = Collections.emptyList();
if (CollectionUtils.isNotEmpty(existsRoleUser)) {
List<SaasRole> existsRole = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()));
if (CollectionUtils.isNotEmpty(saasRoleUsers)) {
List<SaasRole> existsRole = saasRoleDao.listByIds(saasRoleUsers.stream().mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList()));
// 管理员角色
List<Long> adminRole = existsRole.stream().filter(e -> RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole()).mapToLong(SaasRole::getId).boxed().collect(Collectors.toList());
List<Long> adminRole = existsRole.stream()
.filter(e -> !specialRoleIds.contains(e.getId()))
.filter(e -> RoleTypeEnum.getRoleType(e.getRoleType()).isAdminRole())
.mapToLong(SaasRole::getId).boxed().collect(Collectors.toList());
// 自定义角色
Long autoOwnRole = existsRole.stream().filter(e -> RoleTypeEnum.AUTO_OWN.equals(RoleTypeEnum.getRoleType(e.getRoleType()))).findFirst().map(SaasRole::getId).orElse(0L);
log.info("personId:{} autoOwnRole:{} adminRole:{}", req.getPersonId(), autoOwnRole, JSONUtil.toJsonStr(adminRole));
// 排除管理员角色自定义角色(普通角色) 这里用过滤的方式是为了防止脏数据产生(saas_role_user_relation表有用户数据但是角色表已经被删除)
// 特殊角色因为特殊角色不会在用户端回显编辑后会被覆盖导致角色错误
Set<Long> specialRoleIds = new HashSet<>(this.getSpecialRole());
notAdminAndAutoOwnRole = existsRoleUser.stream()
.mapToLong(SaasRoleUserRelation::getRoleId)
notAdminAndAutoOwnRole = saasRoleUsers.stream()
.mapToLong(SaasRoleUserV2DTO::getRoleId)
.boxed()
.filter(roleId -> !adminRole.contains(roleId))
.filter(roleId -> !autoOwnRole.equals(roleId))
@ -194,47 +282,22 @@ public class RoleUserService implements SaasRoleUserService {
}
@Override
public boolean isSuperAdmin(Long identityId, IdentityType identityType, Long workspaceId, Long ouId) {
List<SaasRole> roleList = saasRoleDao.lambdaQuery()
.eq(SaasRole::getOwnerOuId, ouId)
.eq(SaasRole::getWorkspaceId, workspaceId)
.eq(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue())
.list();
List<Long> roleIds = roleList.stream().map(SaasRole::getId).collect(Collectors.toList());
List<SaasRoleUserRelation> saasRoleUserRelations = roleUserRelationDao.lambdaQuery().eq(SaasRoleUserRelation::getIdentityId, identityId)
.eq(SaasRoleUserRelation::getIdentityType, identityType.getCode())
.eq(SaasRoleUserRelation::getWorkspaceId, workspaceId)
.eq(SaasRoleUserRelation::getOuId, ouId)
.in(SaasRoleUserRelation::getRoleId, roleIds).last("limit 1").list();
return saasRoleUserRelations.size() > 0;
}
@Override
public List<SaasRoleUserRelation> queryByWorkspaceIdOrOu(Long personId, Long identityId, IdentityType identityType, Set<Long> workspaceIds, Set<Long> ouIds) {
return roleUserRelationDao.queryByWorkspaceIdOrOu(personId, identityId, identityType, workspaceIds, ouIds);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void createSuperAdminRole(CreateSuperAdminRoleParam param) {
//获取超管角色
SaasRole superAdmin = findSuperAdmin(param.getWorkspaceId(), param.getOuId(), param.getWorkspaceType());
if (superAdmin == null) {
superAdmin = new SaasRole();
superAdmin.setDescription(RoleTypeEnum.SUPER_ADMIN.getDesc());
superAdmin.setName(RoleTypeEnum.SUPER_ADMIN.getDesc());
superAdmin.setWorkspaceId(param.getWorkspaceId());
superAdmin.setWorkspaceType(param.getWorkspaceType());
superAdmin.setOwnerOuId(param.getOuId());
superAdmin.setRoleType(RoleTypeEnum.SUPER_ADMIN.getValue());
superAdmin.setIsDelete(0L);
DictWorkSpaceTypeEnum dictWorkSpaceTypeEnum = DictWorkSpaceTypeEnum.getByValueWorkspaceType(param.getWorkspaceType());
superAdmin.setProductUnitType(dictWorkSpaceTypeEnum == null ? 0 : dictWorkSpaceTypeEnum.getSuperAdminProductType());
// 因为以前一个项目一个超管
// 不根据code查询是因为增加一个业务的超管就需要维护
ListRoleReq listRoleReq = ListRoleReq.builder()
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.workspaceType(param.getWorkspaceType())
.build();
SaasRoleRes superAdmin = roleService.list(listRoleReq).stream()
.findFirst()
.orElse(null);
AssertUtil.notNull(superAdmin, "超管角色不存在,请联系业务初始化超管角色");
checkRoleName(RoleTypeEnum.SUPER_ADMIN.getDesc(), param.getWorkspaceId(), param.getOuId());
saasRoleDao.save(superAdmin);
}
//删除当前超管角色
removeOldSuperAdmin(superAdmin.getId(), param.getWorkspaceId(), param.getOuId());
@ -281,25 +344,28 @@ public class RoleUserService implements SaasRoleUserService {
@Override
public List<SuperAminInfoResp> batchSuperAdminList(List<SuperAdminParam> param) {
LambdaQueryChainWrapper<SaasRole> roleWrapper = saasRoleDao.lambdaQuery();
roleWrapper.and(w ->
param.forEach(c -> w.or()
.eq(SaasRole::getOwnerOuId, c.getOuId())
.eq(SaasRole::getWorkspaceId, c.getWorkspaceId())));
roleWrapper.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value)
.eq(SaasRole::getRoleType, RoleTypeEnum.SUPER_ADMIN.getValue());
List<SaasRole> roleList = roleWrapper.list();
// 兼容上线历史数据还没清洗的间隙查询超管角色需要根据workspaceId和预设的超管一起
ListRoleReq listRoleReq = ListRoleReq.builder()
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.workspaceOuPairs(param.stream()
.map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.build())
.collect(Collectors.toList()))
.build();
List<SaasRoleRes> roleList = roleService.list(listRoleReq);
if (CollectionUtils.isEmpty(roleList)) {
return Collections.emptyList();
}
LambdaQueryChainWrapper<SaasRoleUserRelation> userRoleWrapper = roleUserRelationDao.lambdaQuery();
userRoleWrapper.and(w ->
roleList.forEach(c -> w.or()
.eq(SaasRoleUserRelation::getOuId, c.getOwnerOuId())
param.forEach(c -> w.or()
.eq(SaasRoleUserRelation::getOuId, c.getOuId())
.eq(SaasRoleUserRelation::getWorkspaceId, c.getWorkspaceId())
.eq(SaasRoleUserRelation::getRoleId, c.getId())
));
userRoleWrapper.in(SaasRoleUserRelation::getRoleId, roleList.stream().map(SaasRoleRes::getId).collect(Collectors.toList()));
userRoleWrapper.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value);
List<SaasRoleUserRelation> relations = userRoleWrapper.list();
@ -321,15 +387,23 @@ public class RoleUserService implements SaasRoleUserService {
if (param.getWorkspaceId() == null || Objects.isNull(param.getOuId())) {
return Collections.emptyList();
}
SaasRole saasRole = saasRoleDao.findRoleByTypeAndWorkspaceIdAndOuId(RoleTypeEnum.SUPER_ADMIN.getValue(),
param.getWorkspaceId(), param.getOuId());
if (Objects.isNull(saasRole)) {
// 兼容上线历史数据还没清洗的间隙查询超管角色需要根据workspaceId和预设的超管一起
ListRoleReq listRoleReq = ListRoleReq.builder()
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(param.getWorkspaceId())
.ouId(param.getOuId())
.build()))
.build();
List<SaasRoleRes> saasRoles = roleService.list(listRoleReq);
if (CollectionUtils.isEmpty(saasRoles)) {
return Collections.emptyList();
}
List<SaasRoleUserRelation> relations = roleUserRelationDao.lambdaQuery()
.eq(SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId())
.eq(SaasRoleUserRelation::getOuId, param.getOuId())
.eq(SaasRoleUserRelation::getRoleId, saasRole.getId())
.in(SaasRoleUserRelation::getRoleId, saasRoles.stream().map(SaasRoleRes::getId).collect(Collectors.toList()))
.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
if (CollectionUtils.isEmpty(relations)) {
return Collections.emptyList();
@ -503,10 +577,14 @@ public class RoleUserService implements SaasRoleUserService {
AssertUtil.notNull(role, "未配置自定义角色");
AssertUtil.isTrue(RoleTypeEnum.AUTO_OWN.equals(RoleTypeEnum.getRoleType(role.getRoleType())), "未配置自定义角色");
// 查询用户已存在角色
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.queryByPersonId(req.getPersonId(), req.getWorkspaceId(), req.getOuId());
List<SaasRoleUserV2DTO> existsRoleUser = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(req.getPersonId())
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.build());
Long autoOwnRoleId = null;
if (CollectionUtils.isNotEmpty(existsRoleUser)) {
List<Long> autoOwnRoles = existsRoleUser.stream().filter(e -> role.getId().equals(e.getRoleId())).mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList());
List<Long> autoOwnRoles = existsRoleUser.stream().filter(e -> role.getId().equals(e.getRoleId())).mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(autoOwnRoles)) {
autoOwnRoleId = autoOwnRoles.get(0);
if (autoOwnRoles.size() > 1) {
@ -554,11 +632,15 @@ public class RoleUserService implements SaasRoleUserService {
@Override
public GetUserAutoOwnRoleResp getUserAutoOwnRole(GetUserAutoOwnRoleReq req) {
// 查询用户所有角色
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.queryByPersonId(req.getPersonId(), req.getWorkspaceId(), req.getOuId());
List<SaasRoleUserV2DTO> existsRoleUser = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(req.getPersonId())
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.build());
if (CollectionUtils.isEmpty(existsRoleUser)) {
return GetUserAutoOwnRoleResp.EMPTY;
}
List<SaasRole> existsAutoOwnRoles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()))
List<SaasRole> existsAutoOwnRoles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList()))
.stream().filter(e -> RoleTypeEnum.AUTO_OWN.equals(RoleTypeEnum.getRoleType(e.getRoleType()))).collect(Collectors.toList());
if (CollectionUtils.isEmpty(existsAutoOwnRoles)) {
log.info("personId:{} ouId:{} workspaceId:{} has not auto_own roles", req.getPersonId(), req.getOuId(), req.getWorkspaceId());
@ -583,11 +665,15 @@ public class RoleUserService implements SaasRoleUserService {
@Override
public GetUserFeatureResourceIdsResp getUserFeatureResourceIds(GetUserFeatureResourceIdsReq req) {
// 查询用户所有角色
List<SaasRoleUserRelation> existsRoleUser = roleUserRelationDao.queryByPersonId(req.getPersonId(), req.getWorkspaceId(), req.getOuId());
List<SaasRoleUserV2DTO> existsRoleUser = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(req.getPersonId())
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.build());
if (CollectionUtils.isEmpty(existsRoleUser)) {
return null;
}
List<SaasRole> roles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserRelation::getRoleId).boxed().collect(Collectors.toList()))
List<SaasRole> roles = saasRoleDao.listByIds(existsRoleUser.stream().mapToLong(SaasRoleUserV2DTO::getRoleId).boxed().collect(Collectors.toList()))
.stream().filter(e -> CollectionUtils.isEmpty(req.getRoleIds()) || req.getRoleIds().contains(e.getId())).collect(Collectors.toList());
if (CollectionUtils.isEmpty(roles)) {
return null;

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java
View File

@ -21,6 +21,7 @@ import cn.axzo.tyr.client.model.req.DetailFeatureResourceReq;
import cn.axzo.tyr.client.model.req.FeatureComponentSaveReq;
import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq;
import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.ModifyPageElementRelationDTO;
import cn.axzo.tyr.client.model.req.PageElementFeatureResourceRelationReq;
import cn.axzo.tyr.client.model.req.PageElementReq;
@ -267,7 +268,7 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
return Collections.emptyMap();
}
Map<Long, SaasRoleRes> roles = roleService.list(RoleService.ListSaasRoleParam.builder()
Map<Long, SaasRoleRes> roles = roleService.list(ListRoleReq.builder()
.roleIds(Lists.transform(saasPgroupRoleRelations, SaasPgroupRoleRelation::getRoleId))
.build())
.stream()

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementServiceImpl.java
View File

@ -604,6 +604,11 @@ public class SaasPageElementServiceImpl extends ServiceImpl<SaasPageElementMappe
// 更新关联关系的page_element_code
saasPageElementFeatureResourceRelationDao.updateGroupCode(dbPageElement.getCode(), basePageElement.getCode(), dbPageElement.getTerminal());
}
// page的groupCode是自己的code但是component的groupCode是父级页面的code
// 原来component在更新时会把自己的groupCode更新成自己的code
if (PageElementTypeEnum.COMPONENT.getCode().equals(req.getType())) {
basePageElement.setGroupCode(req.getGroupCode());
}
saasPageElementDao.updateById(basePageElement);
} else {
if (PageElementTypeEnum.PAGE.getCode().equals(req.getType())) {

18
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationOperateLogServiceImpl.java
View File

@ -5,17 +5,15 @@ import cn.axzo.basics.profiles.dto.basic.PersonProfileDto;
import cn.axzo.framework.auth.domain.ContextInfo;
import cn.axzo.framework.auth.domain.ContextInfoHolder;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.server.model.BasicRoleDO;
import cn.axzo.tyr.server.model.RelationOperateLogProductBindResourceDO;
import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationOperateLogDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelationOperateLog;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.util.RpcInternalUtil;
import cn.azxo.framework.common.constatns.Constants;
import com.alibaba.fastjson.JSONObject;
@ -53,9 +51,9 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
public static final String TABLE_NAME_SAAS_FEATURE = "saas_feature";
private final SaasPgroupPermissionRelationOperateLogDao saasPgroupPermissionRelationOperateLogDao;
private final SaasRoleUserRelationDao roleUserRelationDao;
private final SaasRoleDao saasRoleDao;
private final UserProfileServiceApi userProfileServiceApi;
private final SaasRoleUserRelationService saasRoleUserRelationService;
@Override
public void batchSave(List<SaasPgroupPermissionRelationOperateLog> logs) {
@ -75,12 +73,16 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
log.warn("no contextInfo, personId:{}", personId);
return Collections.emptyList();
}
List<SaasRoleUserRelation> relations = roleUserRelationDao.queryByPersonId(personId, contextInfo.getWorkspaceId(), contextInfo.getOuId());
List<SaasRoleUserV2DTO> relations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(personId)
.workspaceId(contextInfo.getWorkspaceId())
.ouId(contextInfo.getOuId())
.build());
if (CollectionUtils.isEmpty(relations)) {
return Collections.emptyList();
}
return saasRoleDao.lambdaQuery().in(BaseEntity::getId, relations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList())).list()
return saasRoleDao.lambdaQuery().in(BaseEntity::getId, relations.stream().map(SaasRoleUserV2DTO::getRoleId).collect(Collectors.toList())).list()
.stream().map(e -> BasicRoleDO.builder().roleId(e.getId()).roleCode(e.getRoleCode()).roleName(e.getName()).build()).collect(Collectors.toList());
}

67
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
View File

@ -8,11 +8,14 @@ import cn.axzo.foundation.exception.Axssert;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PageSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.req.SaasRoleGroupDeleteRequest;
import cn.axzo.tyr.client.model.req.WorkspaceOuPair;
import cn.axzo.tyr.client.model.res.RoleGroupRelationRes;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
@ -144,6 +147,17 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
public Long saveOrUpdate(SaasRoleGroupVO req) {
SaasRoleGroup saasRoleGroup = validAndBuildGroup(req);
saasRoleGroupDao.saveOrUpdate(saasRoleGroup);
SaasRoleGroup update = SaasRoleGroup.builder().build();
update.setId(saasRoleGroup.getId());
if (Objects.equals(saasRoleGroup.getParentId(), 0L)) {
update.setPath(saasRoleGroup.getId().toString() + ",");
} else {
SaasRoleGroup parent = saasRoleGroupDao.getById(saasRoleGroup.getParentId());
update.setPath(Objects.isNull(parent) ? saasRoleGroup.getId().toString() + "," : parent.getPath() + saasRoleGroup.getId() + ",");
}
saasRoleGroupDao.updateById(update);
try {
saveOperateLogForInsertOrUpdate(req, saasRoleGroup);
} catch (Exception e) {
@ -253,12 +267,14 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
List<SaasRoleGroup> groups = saasRoleGroupDao.lambdaQuery()
.eq(SaasRoleGroup::getWorkspaceId,req.getWorkspaceId())
.eq(SaasRoleGroup::getOuId,req.getOuId())
.eq(SaasRoleGroup::getOuTypeCode, req.getOuTypeCode().stream().findFirst().get())
.eq(SaasRoleGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
if (CollectionUtils.isNotEmpty(groups)) {
Optional<SaasRoleGroup> repeatGroupName = groups.stream()
.filter(g -> !Objects.equals(g.getId(), req.getId()) && StringUtils.equalsIgnoreCase(g.getName(), req.getName())).findFirst();
if (repeatGroupName.isPresent()) {
throw new ServiceException("同一个企业单位、工作台或自定义角色分组,名称不能重复!");
log.info("同一个组织范围内,名称不能重复!,{}", req.getName());
throw new ServiceException("同一个组织范围内,名称不能重复!");
}
}
// 拼接ouTypeCode字符串
@ -367,19 +383,43 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
QueryWrapper<SaasRoleGroup> wrapper = QueryWrapperHelper.fromBean(param, SaasRoleGroup.class);
wrapper.eq("is_delete", 0);
if (CollectionUtils.isNotEmpty(param.getWorkspaceOuPairs())) {
wrapper.and(j -> {
for (WorkspaceOuPair workspaceOuPair : param.getWorkspaceOuPairs()) {
j.or(k -> {
k.eq(Objects.nonNull(workspaceOuPair.getOuId()), "ou_id", workspaceOuPair.getOuId());
k.eq(Objects.nonNull(workspaceOuPair.getWorkspaceId()), "workspace_id", workspaceOuPair.getWorkspaceId());
});
}
});
}
if (CollectionUtils.isNotEmpty(param.getPaths())) {
wrapper.and(j -> {
for (String path : param.getPaths()) {
j.or(k -> k.likeRight("path", path));
}
});
}
IPage<SaasRoleGroup> page = this.page(PageConverter.toMybatis(param, SaasRoleGroup.class), wrapper);
Map<Long, List<SaasRoleRes>> roles = listRoles(param, page.getRecords());
return PageConverter.toResp(page, (record) -> from(record, roles));
Map<Long, List<RoleGroupRelationRes>> roleGroupRelations = listRoleGroupRelations(param, page.getRecords());
return PageConverter.toResp(page, (record) -> from(record, roles, roleGroupRelations));
}
private SaasRoleGroupDTO from(SaasRoleGroup saasRoleGroup,
Map<Long, List<SaasRoleRes>> roles) {
Map<Long, List<SaasRoleRes>> roles,
Map<Long, List<RoleGroupRelationRes>> roleGroupRelations) {
SaasRoleGroupDTO saasRoleGroupDTO = SaasRoleGroupDTO.builder().build();
BeanUtils.copyProperties(saasRoleGroup, saasRoleGroupDTO);
saasRoleGroupDTO.setSaasRoles(roles.get(saasRoleGroupDTO.getId()));
saasRoleGroupDTO.setRoleGroupRelations(roleGroupRelations.get(saasRoleGroupDTO.getId()));
return saasRoleGroupDTO;
}
@ -398,7 +438,7 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
if (CollectionUtils.isEmpty(roleIds)) {
return Collections.emptyMap();
}
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder().build();
ListRoleReq listSaasRoleParam = ListRoleReq.builder().build();
listSaasRoleParam.setRoleIds(roleIds);
Map<Long, SaasRoleRes> roles = roleService.list(listSaasRoleParam).stream()
.collect(Collectors.toMap(SaasRoleRes::getId, Function.identity()));
@ -408,4 +448,23 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
LinkedHashMap::new,
Collectors.mapping(e -> roles.get(e.getRoleId()), Collectors.toList())));
}
private Map<Long, List<RoleGroupRelationRes>> listRoleGroupRelations(PageSaasRoleGroupParam param,
List<SaasRoleGroup> saasRoleGroups) {
if (CollectionUtils.isEmpty(saasRoleGroups) || BooleanUtils.isNotTrue(param.getNeedRoleGroupRelation())) {
return Collections.emptyMap();
}
SaasRoleGroupRelationService.ListSaasRoleGroupRelationParam listSaasRoleGroupRelationParam = SaasRoleGroupRelationService.ListSaasRoleGroupRelationParam.builder().build();
listSaasRoleGroupRelationParam.setSaasRoleGroupIds(Lists.transform(saasRoleGroups, SaasRoleGroup::getId));
return saasRoleGroupRelationService.list(listSaasRoleGroupRelationParam)
.stream()
.map(e -> {
RoleGroupRelationRes roleGroupRelationRes = RoleGroupRelationRes.builder().build();
BeanUtils.copyProperties(e, roleGroupRelationRes);
return roleGroupRelationRes;
})
.collect(Collectors.groupingBy(RoleGroupRelationRes::getSaasRoleGroupId));
}
}

139
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java
View File

@ -1,33 +1,27 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.BeanMapper;
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.basics.profiles.api.UserProfileServiceApi;
import cn.axzo.basics.profiles.dto.basic.PersonProfileDto;
import cn.axzo.foundation.dao.support.converter.PageConverter;
import cn.axzo.foundation.dao.support.mysql.QueryWrapperHelper;
import cn.axzo.framework.domain.page.PageResp;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.foundation.exception.Axssert;
import cn.axzo.framework.rocketmq.Event;
import cn.axzo.log.platform.client.LogPlatClient;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.PageRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserParam;
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasRole;
import cn.axzo.tyr.server.config.MqProducer;
import cn.axzo.tyr.server.event.payload.SaasRoleUserRelationRemovePayload;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
import cn.axzo.tyr.server.service.RoleService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.util.RpcInternalUtil;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollectionUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
@ -36,9 +30,9 @@ import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import javax.annotation.Resource;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
@ -49,6 +43,9 @@ import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import static cn.axzo.tyr.server.config.exception.BizResultCode.REMOVE_USER_ROLE_ERROR;
import static cn.axzo.tyr.server.event.inner.EventTypeEnum.SAAS_ROLE_USER_RELATION_REMOVED;
/**
* @author haiyangjin
* @date 2023/9/14
@ -58,75 +55,16 @@ import java.util.stream.Collectors;
public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRelationMapper, SaasRoleUserRelation>
implements SaasRoleUserRelationService {
@Resource
private SaasRoleUserRelationDao saasRoleUserRelationDao;
@Resource
private SaasRoleDao saasRoleDao;
@Autowired
private UserProfileServiceApi userProfileServiceApi;
@Autowired
private RoleService roleService;
@Autowired
private MqProducer mqProducer;
@Autowired
private LogPlatClient logPlatClient;
@Override
public List<SaasRoleUserDTO> list(RoleUserParam param) {
// TODO jhy 角色查询 需要验证标准角色和自定义角色的查询逻辑
LambdaQueryChainWrapper<SaasRoleUserRelation> wrapper = buildWrapper(param);
List<SaasRoleUserRelation> saasRoleUserRelations = wrapper.last("LIMIT 1000").list();
if (CollectionUtil.isEmpty(saasRoleUserRelations)) {
return Collections.emptyList();
}
Map<Long, SaasRole> roleMap = saasRoleDao.lambdaQuery()
.in(SaasRole::getId, saasRoleUserRelations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toSet()))
.list().stream().collect(Collectors.toMap(SaasRole::getId, Function.identity()));
return saasRoleUserRelations.stream()
.filter(e -> roleMap.containsKey(e.getRoleId()))
.map(e -> {
SaasRoleUserDTO userRole = BeanUtil.copyProperties(e, SaasRoleUserDTO.class);
SaasRole role = roleMap.get(userRole.getRoleId());
userRole.setRoleName(role.getName());
userRole.setDescription(role.getDescription());
userRole.setRoleType(RoleTypeEnum.getRoleType(role.getRoleType()));
userRole.setDisplayRole(role.getIsDisplay());
userRole.setEnabled(role.getEnabled());
return userRole;
}).collect(Collectors.toList());
}
private LambdaQueryChainWrapper<SaasRoleUserRelation> buildWrapper(RoleUserParam param) {
return saasRoleUserRelationDao.lambdaQuery()
.eq(Objects.nonNull(param.getPersonId()), SaasRoleUserRelation::getNaturalPersonId, param.getPersonId())
.eq(Objects.nonNull(param.getIdentityId()), SaasRoleUserRelation::getIdentityId, param.getIdentityId())
.eq(Objects.nonNull(param.getIdentityType()), SaasRoleUserRelation::getIdentityType, param.getIdentityType())
.eq(Objects.nonNull(param.getWorkspaceId()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId())
.eq(Objects.nonNull(param.getOuId()), SaasRoleUserRelation::getOuId, param.getOuId())
.in(CollectionUtil.isNotEmpty(param.getOuIds()), SaasRoleUserRelation::getOuId, param.getOuIds())
.in(CollectionUtil.isNotEmpty(param.getWorkspaceIds()), SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceIds())
.in(CollectionUtil.isNotEmpty(param.getRoleIds()), SaasRoleUserRelation::getRoleId, param.getRoleIds())
.in(CollectionUtil.isNotEmpty(param.getIdentityIds()), SaasRoleUserRelation::getIdentityId, param.getIdentityIds())
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value);
}
@Override
public PageResp<SaasRoleUserDTO> pageQuery(RoleUserParam param) {
//限制分页100
if (param.getPageSize() != null && param.getPageSize().compareTo(200L) > 0) {
param.setPageSize(100L);
}
//查询条件构造 - ID升序
LambdaQueryChainWrapper<SaasRoleUserRelation> wrapper = buildWrapper(param)
.orderByAsc(SaasRoleUserRelation::getId);
IPage<SaasRoleUserRelation> page = wrapper.page(param.toPage());
if (CollectionUtil.isEmpty(page.getRecords())) {
return PageResp.zero(param.getPage(), param.getPageSize());
}
List<SaasRoleUserDTO> list = page.getRecords().stream()
.map(r -> BeanMapper.copyBean(r, SaasRoleUserDTO.class))
.collect(Collectors.toList());
return PageResp.list(param.getPage(), param.getPageSize(), page.getTotal(), list);
}
private static final String TARGET_TYPE = "saasRoleUserRelationId";
@Override
public List<SaasRoleUserV2DTO> listV2(ListRoleUserRelationParam param) {
@ -192,13 +130,49 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
});
}
@Override
@Transactional
public void upsert(UpsertParam param) {
}
@Override
@Transactional
public void batchRemove(BatchRemoveParam param) {
if (CollectionUtils.isEmpty(param.getIds())) {
return;
}
List<SaasRoleUserRelation> saasRoleUserRelations = this.listByIds(param.getIds());
// 不做准确的提示防止恶意删数据
Axssert.check(Objects.equals(param.getIds().size(), saasRoleUserRelations.size()),
REMOVE_USER_ROLE_ERROR);
this.lambdaUpdate()
.in(SaasRoleUserRelation::getId, param.getIds())
.set(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.DELETE.value)
.set(Objects.nonNull(param.getOperator()), SaasRoleUserRelation::getUpdateBy, param.getOperator())
.update();
Event event = Event.builder()
.targetType(TARGET_TYPE)
.eventCode(SAAS_ROLE_USER_RELATION_REMOVED.getEventCode())
.data(SaasRoleUserRelationRemovePayload.builder()
.values(saasRoleUserRelations)
.build())
.build();
mqProducer.send(event);
}
private Set<Long> resolveRoleIds(PageRoleUserRelationParam param) {
if (CollectionUtils.isEmpty(param.getRoleCodes())) {
return Optional.ofNullable(param.getRoleIds())
.map(Sets::newHashSet)
.orElseGet(Sets::newHashSet);
}
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleCodes(param.getRoleCodes())
.build();
Set<Long> roleIds = roleService.list(listSaasRoleParam).stream()
@ -266,12 +240,13 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
.identityId(saasRoleUserRelation.getIdentityId())
.build();
return SaasRoleUserV2DTO.builder()
.id(saasRoleUserRelation.getId())
.roleId(saasRoleUserRelation.getRoleId())
SaasRoleUserV2DTO saasRoleUserDTO = SaasRoleUserV2DTO.builder()
.saasRoleUser(saasRoleUser)
.saasRole(saasRoles.get(saasRoleUserRelation.getRoleId()))
.build();
BeanUtils.copyProperties(saasRoleUserRelation, saasRoleUserDTO);
return saasRoleUserDTO;
}
private Map<Long, SaasRoleUserV2DTO.SaasRole> listSaasRole(PageRoleUserRelationParam param,
@ -285,7 +260,7 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
.distinct()
.collect(Collectors.toList());
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(roleIds)
.needPermissionOld(param.getNeedRolePermissionOld())
.featureIds(param.getFeatureIds())

117
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -20,6 +20,7 @@ import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.OUWorkspacePair;
import cn.axzo.tyr.client.model.req.PageElementFeatureResourceRelationReq;
import cn.axzo.tyr.client.model.req.PagePgroupPermissionRelationReq;
@ -560,16 +561,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return result;
}
private List<SaasRoleRes> listAdminRole(ListPermissionUser req) {
//超管和管理员
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue(), RoleTypeEnum.ADMIN.getValue()))
.build();
return roleService.list(listSaasRoleParam);
}
private Set<Long> resolvePermissionAdminRole(List<SaasRoleRes> adminRoles,
List<ProductPermissionCacheService.PermissionDTO> productPermissions) {
Set<String> cooperateTypes = productPermissions.stream()
@ -584,21 +575,12 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private Set<Long> resolvePermissionNormalRole(ListPermissionUser req,
List<ProductPermissionCacheService.PermissionDTO> productPermissions,
Set<Long> featureIds) {
Set<Long> featureIds,
List<SaasRoleRes> allRoles) {
// 因为通过权限id找对应的角色数据量巨大所以通过找项目的角色再找有权限的角色比较快
Set<Long> allRoleIds = saasRoleUserRelationMapper.listRoleIds(SaasRoleUserRelationMapper.ListRole.builder()
.ouId(req.getOuId())
.workspaceId(req.getWorkspaceId())
.build());
if (CollectionUtils.isEmpty(allRoleIds)) {
return Collections.emptySet();
}
List<SaasRoleRes> normalRoles = roleService.list(RoleService.ListSaasRoleParam.builder()
.roleIds(Lists.newArrayList(allRoleIds))
.roleTypes(RoleTypeEnum.listNormal())
.build());
List<SaasRoleRes> normalRoles = allRoles.stream()
.filter(e -> !RoleTypeEnum.isAdmin(e.getRoleType()))
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(normalRoles)) {
return Collections.emptySet();
@ -652,11 +634,30 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
List<ProductPermissionCacheService.PermissionDTO> productPermissions,
Set<Long> featureIds) {
// 因为通过权限id找对应的角色数据量巨大所以通过找项目的角色再找有权限的角色比较快
Set<Long> allRoleIds = saasRoleUserRelationMapper.listRoleIds(SaasRoleUserRelationMapper.ListRole.builder()
.ouId(req.getOuId())
.workspaceId(req.getWorkspaceId())
.build());
if (CollectionUtils.isEmpty(allRoleIds)) {
return Collections.emptyList();
}
List<SaasRoleRes> allRoles = roleService.list(ListRoleReq.builder()
.roleIds(Lists.newArrayList(allRoleIds))
.build());
if (CollectionUtils.isEmpty(allRoles)) {
return Collections.emptyList();
}
//超管和管理员
List<SaasRoleRes> adminRoles = listAdminRole(req);
List<SaasRoleRes> adminRoles = allRoles.stream()
.filter(e -> RoleTypeEnum.isAdmin(e.getRoleType()))
.collect(Collectors.toList());
Set<Long> adminPermissionRoleIds = resolvePermissionAdminRole(adminRoles, productPermissions);
Set<Long> normalPermissionRoleIds = resolvePermissionNormalRole(req, productPermissions, featureIds);
Set<Long> normalPermissionRoleIds = resolvePermissionNormalRole(req, productPermissions, featureIds, allRoles);
Set<Long> roleIds = Sets.newHashSet();
roleIds.addAll(adminPermissionRoleIds);
@ -910,7 +911,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
public Map<Long, Set<ListPermissionFromRoleGroupResp.FeatureInfo>> filterAuthByRoleAndProduct(List<FilterRoleAuth> filterRoleAuths) {
Set<Long> roleIds = filterRoleAuths.stream().map(FilterRoleAuth::getRoleId).collect(Collectors.toSet());
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(Lists.newArrayList(roleIds))
.build();
Map<Long, SaasRoleRes> roles = roleService.list(listSaasRoleParam).stream()
@ -1049,7 +1050,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return Collections.emptyList();
}
return roleService.list(RoleService.ListSaasRoleParam.builder()
return roleService.list(ListRoleReq.builder()
.roleIds(Lists.transform(saasPgroupRoleRelations, SaasPgroupRoleRelation::getRoleId))
.build())
.stream()
@ -1429,12 +1430,15 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
}
private List<SaasRoleUserV2DTO> mockRoleUserRelationV2(IdentityAuthReq identityAuthReq) {
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(Lists.newArrayList(identityAuthReq.getSpecifyRoleIds()))
.build();
Map<Long, SaasRoleUserV2DTO.SaasRole> saasRoles = roleService.list(listSaasRoleParam).stream()
.map(role -> SaasRoleUserV2DTO.SaasRole.builder()
.build())
.map(role -> {
SaasRoleUserV2DTO.SaasRole saasRole = SaasRoleUserV2DTO.SaasRole.builder().build();
BeanUtils.copyProperties(role, saasRole);
return saasRole;
})
.collect(Collectors.toMap(SaasRoleUserV2DTO.SaasRole::getId, Function.identity()));
return identityAuthReq.getWorkspaceOusPairs().stream()
@ -1756,13 +1760,13 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private IdentityAuthRes findIdentityAuth(IdentityAuthReq identityAuthReq) {
//用户角色关系
List<SaasRoleUserRelation> saasRoleUserRelations = listRoleUserRelations(identityAuthReq);
List<SaasRoleUserV2DTO> saasRoleUserRelations = listRoleUserRelations(identityAuthReq);
if (CollectionUtils.isEmpty(saasRoleUserRelations)) {
log.warn("no user role relations found");
return identityAuthReq.toEmpty();
}
Set<Long> realWorkspaceId = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getWorkspaceId).collect(Collectors.toSet());
Set<Long> realWorkspaceId = saasRoleUserRelations.stream().map(SaasRoleUserV2DTO::getWorkspaceId).collect(Collectors.toSet());
//工作台对应产品 key = workspaceId
CompletableFuture<List<WorkspaceProductService.WorkspaceProduct>> workspacePermissionPointFuture = CompletableFuture
.supplyAsync(TraceSupplier.create(() -> {
@ -1800,40 +1804,31 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return result;
}
private List<SaasRoleUserRelation> listRoleUserRelations(IdentityAuthReq identityAuthReq) {
private List<SaasRoleUserV2DTO> listRoleUserRelations(IdentityAuthReq identityAuthReq) {
if (CollectionUtil.isNotEmpty(identityAuthReq.getSpecifyRoleIds())) {
//指定了角色 则不需要去查用户角色关系
log.info("mock specify roles relation");
return mockRoleUserRelation(identityAuthReq);
}
//查询人员角色关系
Set<Long> workspaceIds = new HashSet<>();
Set<Long> ouIds = new HashSet<>();
Set<String> owKeys = new HashSet<>();
identityAuthReq.getWorkspaceOusPairs().forEach(ow -> {
workspaceIds.add(ow.getWorkspaceId());
ouIds.add(ow.getOuId());
owKeys.add(KeyUtil.buildKeyBySeparator(ow.getWorkspaceId(), ow.getOuId()));
});
List<SaasRoleUserRelation> relations = roleUserService.queryByWorkspaceIdOrOu(identityAuthReq.getPersonId(),
identityAuthReq.getIdentityId(), identityAuthReq.getIdentityType(), workspaceIds, ouIds);
if (CollectionUtil.isEmpty(relations)) {
log.warn("no user role relations found");
return relations;
}
//工作台和单位需成对查询 对结果二次过滤
return relations.stream()
.filter(roleUserService -> owKeys.contains(
KeyUtil.buildKeyBySeparator(roleUserService.getWorkspaceId(), roleUserService.getOuId())))
.collect(Collectors.toList());
return saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(identityAuthReq.getPersonId())
.identityId(identityAuthReq.getIdentityId())
.identityType(identityAuthReq.getIdentityType())
.workspaceOuPairs(identityAuthReq.getWorkspaceOusPairs().stream()
.map(e -> ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(e.getWorkspaceId())
.ouId(e.getOuId())
.build())
.collect(Collectors.toList()))
.build());
}
private List<SaasRoleUserRelation> mockRoleUserRelation(IdentityAuthReq identityAuthReq) {
final List<SaasRoleUserRelation> relations = new ArrayList<>();
private List<SaasRoleUserV2DTO> mockRoleUserRelation(IdentityAuthReq identityAuthReq) {
final List<SaasRoleUserV2DTO> relations = new ArrayList<>();
// mock 看做已有指定的角色
for (IdentityAuthReq.WorkspaceOuPair ow : identityAuthReq.getWorkspaceOusPairs()) {
List<SaasRoleUserRelation> mockRelations = identityAuthReq.getSpecifyRoleIds().stream().map(id -> {
SaasRoleUserRelation relation = new SaasRoleUserRelation();
List<SaasRoleUserV2DTO> mockRelations = identityAuthReq.getSpecifyRoleIds().stream().map(id -> {
SaasRoleUserV2DTO relation = SaasRoleUserV2DTO.builder().build();
relation.setRoleId(id);
relation.setOuId(ow.getOuId());
relation.setWorkspaceId(ow.getWorkspaceId());
@ -1861,13 +1856,13 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
private Integer type;
}
private List<OUWRoleInfo> listRolesWithPermission(List<SaasRoleUserRelation> roleUserRelations, IdentityAuthReq identityAuthReq) {
private List<OUWRoleInfo> listRolesWithPermission(List<SaasRoleUserV2DTO> roleUserRelations, IdentityAuthReq identityAuthReq) {
//拼装参数
Set<Long> roleIds = new HashSet<>();
//按ow分组角色ID: workspaceId-ouId --> roleIds
Map<String, Set<Long>> owRoleIdMap = new HashMap<>();
for (SaasRoleUserRelation relation : roleUserRelations) {
for (SaasRoleUserV2DTO relation : roleUserRelations) {
roleIds.add(relation.getRoleId());
String key = KeyUtil.buildKeyBySeparator(relation.getWorkspaceId(), relation.getOuId());
Set<Long> owRoleIds = owRoleIdMap.getOrDefault(key, new HashSet<>());
@ -1875,7 +1870,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
owRoleIdMap.put(key, owRoleIds);
}
//获取角色和关联权限信息
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
ListRoleReq listSaasRoleParam = ListRoleReq.builder()
.roleIds(Lists.newArrayList(roleIds))
.needPermissionRelation(true)
.build();

11
tyr-server/src/main/java/cn/axzo/tyr/server/utils/RpcExternalUtil.java
View File

@ -1,7 +1,9 @@
package cn.axzo.tyr.server.utils;
import cn.axzo.apollo.core.web.Result;
import cn.axzo.basics.common.util.AssertUtil;
import cn.axzo.framework.domain.ServiceException;
import cn.axzo.framework.domain.web.result.ApiListResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.azxo.framework.common.model.CommonResponse;
import cn.hutool.core.date.StopWatch;
@ -10,6 +12,7 @@ import cn.hutool.http.HttpStatus;
import cn.hutool.json.JSONUtil;
import lombok.extern.slf4j.Slf4j;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.function.Consumer;
import java.util.function.Supplier;
@ -65,4 +68,12 @@ public class RpcExternalUtil {
return r;
}
public static <T> T rpcApolloProcessor(Supplier<Result<T>> supplier, String operationType, Object... param) {
log.info(operationType + "-Param: " + JSONUtil.toJsonStr(param));
Result<T> result = printLatency(supplier,operationType);
log.info(operationType + "-Result: " + JSONUtil.toJsonStr(result));
Assert.notNull(result, "服务调用异常");
Assert.isTrue(result.getCode() == 200, "服务调用异常:" + result.getMsg());
return result.getData();
}
}

6
tyr-server/src/main/resources/mapper/SaasRoleMapper.xml
View File

@ -104,6 +104,8 @@
( r.workspace_id = #{workspaceId} AND r.owner_ou_id = #{ouId} AND (r.role_type = 'common' OR r.role_type = 'super_admin') )
OR
( r.owner_ou_id = - 1 AND FIND_IN_SET( #{workspaceJoinType},g.ou_type_code) > 0)
OR
( r.workspace_type = #{superAdminWorkspaceType} AND r.workspace_id = 0 AND r.owner_ou_id = 0 and r.role_type = 'super_admin')
)
</sql>
@ -111,10 +113,6 @@
<include refid="sql-queryForOUWorkspace"/>
</select>
<select id="listForOUWorkspace" resultType="cn.axzo.tyr.server.repository.entity.SaasRole">
<include refid="sql-queryForOUWorkspace"/>
</select>
<select id="listFeatureByIds" resultType="cn.axzo.tyr.server.model.RoleFeatureRelation">
SELECT rg.role_id AS roleId, pg.feature_id AS featureId
FROM saas_pgroup_role_relation rg, saas_pgroup_permission_relation pg

66
tyr-server/src/main/resources/mapper/SaasRoleUserRelationMapper.xml
View File

@ -3,23 +3,6 @@
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper">
<select id="batListCleanRelation" resultType="cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation">
SELECT DISTINCT ou_id AS ouId, workspace_id AS workspaceId,
natural_person_id AS naturalPersonId,
identity_id AS identityId, identity_type AS identityType
FROM saas_role_user_relation
WHERE is_delete = 0
<if test="param.ouId !=0 and param.ouId != null">
AND ou_id = #{param.ouId}
</if>
<if test="param.workspaceId !=0 and param.workspaceId != null">
AND workspace_id = #{param.workspaceId}
</if>
<if test="param.naturalPersonId !=0 and param.naturalPersonId != null">
AND natural_person_id = #{param.naturalPersonId}
</if>
</select>
<select id="listRoleIds" resultType="java.lang.Long">
SELECT DISTINCT role_id
FROM saas_role_user_relation
@ -31,4 +14,53 @@
AND workspace_id = #{param.workspaceId}
</if>
</select>
<select id="pageRoleUserRelation" resultType="cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserRelationDTO">
SELECT t1.*,t2.role_code,t2.role_type
FROM
saas_role_user_relation t1
left join
saas_role t2
on t1.role_id = t2.id
<where>
<if test="param.workspaceOuPairs != null and param.workspaceOuPairs.size()>0">
(
<foreach collection="param.workspaceOuPairs" index="index" item="ouIdAndWorkspaceId" open="(" close=")"
separator=") or ( ">
1=1
<if test="ouIdAndWorkspaceId.workspaceId !=null">
and t1.workspace_id = #{ouIdAndWorkspaceId.workspaceId}
</if>
<if test="ouIdAndWorkspaceId.ouId !=null">
and t1.ou_id = #{ouIdAndWorkspaceId.ouId}
</if>
</foreach>
)
</if>
<if test="param.includeDelete != null and param.includeDelete == true">
AND t1.is_delete <![CDATA[ >= ]]> 0
</if>
<if test="param.includeDelete == null or param.includeDelete == false">
AND t1.is_delete = 0
</if>
<if test="param.updateAtLE != null">
AND t1.update_at <![CDATA[ <= ]]> #{param.updateAtLE}
</if>
<if test="param.updateAtGE != null">
AND t1.update_at <![CDATA[ >= ]]> #{param.updateAtGE}
</if>
<if test="param.roleIds != null and param.roleIds.size()>0">
AND t1.role_id IN
<foreach collection="param.roleIds" open="(" close=")" separator="," index="index" item="item">
#{item}
</foreach>
</if>
</where>
</select>
</mapper>

34
tyr-server/src/test/java/cn/axzo/tyr/base/TestConfig.java
View File

@ -1,16 +1,22 @@
package cn.axzo.tyr.base;
import cn.axzo.apollo.workspace.api.workspace.WorkspaceApi;
import cn.axzo.basics.profiles.api.UserProfileServiceApi;
import cn.axzo.framework.rocketmq.Event;
import cn.axzo.framework.rocketmq.EventProducer;
import cn.axzo.thrones.client.saas.ServicePkgClient;
import cn.axzo.tyr.base.MysqlDataLoader;
import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.boot.test.mock.mockito.MockBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import redis.embedded.RedisServer;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import java.io.IOException;
import java.util.Map;
@Slf4j
@TestConfiguration
@ -38,4 +44,30 @@ public class TestConfig {
@MockBean
private ServicePkgClient servicePkgClient;
@MockBean
private WorkspaceApi workspaceApi;
@MockBean
private UserProfileServiceApi userProfileServiceApi;
@Bean
@Primary
public EventProducer<Object> dummyEventProducer() {
return new EventProducer<Object>() {
@Override
public void send(Event event, Context<Object> context) {
log.info("send event to console, event = {}, content = {}", event.toJsonString(), JSONObject.toJSONString(context));
}
@Override
public void send(Event event) {
log.info("send event to console, event = {}", event.toJsonString());
}
@Override
public void send(Event event, Map<String, String> addHeaders) {
log.info("send event to console, event = {}", event.toJsonString());
}
};
}
}

21
tyr-server/src/test/java/cn/axzo/tyr/server/controller/RoleUserControllerTest.java
View File

@ -4,11 +4,14 @@ import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.base.BaseTest;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
import cn.axzo.tyr.server.controller.roleuser.RoleUserController;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.hutool.http.HttpStatus;
import com.google.common.collect.Sets;
import org.apache.commons.collections4.CollectionUtils;
@ -31,6 +34,8 @@ public class RoleUserControllerTest extends BaseTest {
private RoleUserController roleUserController;
@Autowired
private SaasRoleUserRelationDao saasRoleUserRelationDao;
@Autowired
private SaasRoleUserRelationService saasRoleUserRelationService;
@Test
@Rollback
@ -50,7 +55,13 @@ public class RoleUserControllerTest extends BaseTest {
ApiResult<Void> apiResult = roleUserController.saveOrUpdate(req);
Assertions.assertEquals(apiResult.getCode(), HttpStatus.HTTP_OK, "保存用户权限误");
List<SaasRoleUserRelation> saasRoleUserRelations = saasRoleUserRelationDao.query(identityId, identityType.getCode(), workspaceId, ouId);
List<SaasRoleUserV2DTO> saasRoleUserRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.identityId(identityId)
.identityType(identityType)
.workspaceId(workspaceId)
.ouId(ouId)
.build());
Assertions.assertTrue(CollectionUtils.isNotEmpty(saasRoleUserRelations), "用户权限未保存成功");
}
@ -75,9 +86,13 @@ public class RoleUserControllerTest extends BaseTest {
ApiResult<Void> apiResult = roleUserController.grantOrUngrantWorkerLeader(req);
Assertions.assertEquals(apiResult.getCode(), HttpStatus.HTTP_OK, "授权平台班组长角色有误");
List<SaasRoleUserRelation> saasRoleUserRelations = saasRoleUserRelationDao.queryByPersonId(personId, workspaceId, ouId);
List<SaasRoleUserV2DTO> saasRoleUserRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(personId)
.workspaceId(workspaceId)
.ouId(ouId)
.build());
Assertions.assertTrue(CollectionUtils.isNotEmpty(saasRoleUserRelations), "授权平台班组长角色有误");
List<Long> roleIds = saasRoleUserRelations.stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
List<Long> roleIds = saasRoleUserRelations.stream().map(SaasRoleUserV2DTO::getRoleId).collect(Collectors.toList());
Assertions.assertTrue(roleIds.contains(roleId), "授权平台班组长角色有误");
}
}

20
tyr-server/src/test/java/cn/axzo/tyr/server/permission/DemoTest.java
View File

@ -1,11 +1,12 @@
package cn.axzo.tyr.server.permission;
import cn.axzo.tyr.base.BaseTest;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasFeature;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import com.alibaba.fastjson.JSON;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import org.apache.commons.collections4.CollectionUtils;
import org.junit.Assert;
import org.junit.jupiter.api.Assertions;
@ -13,7 +14,6 @@ import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.Rollback;
import java.util.Arrays;
import java.util.List;
public class DemoTest extends BaseTest {
@ -22,6 +22,8 @@ public class DemoTest extends BaseTest {
private SaasFeatureDao saasFeatureDao;
@Autowired
private SaasRoleUserRelationDao saasRoleUserRelationDao;
@Autowired
private SaasRoleUserRelationService saasRoleUserRelationService;
@Test
void test() {
@ -37,12 +39,20 @@ public class DemoTest extends BaseTest {
Long personId = 1L;
Long workspaceId = 1L;
Long ouId = 1L;
List<SaasRoleUserRelation> roleUserRelations = saasRoleUserRelationDao.queryByPersonId(personId, workspaceId, ouId);
List<SaasRoleUserV2DTO> roleUserRelations = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(personId)
.workspaceId(workspaceId)
.ouId(ouId)
.build());
Assertions.assertEquals(roleUserRelations.size(), 1, "personId:[" + personId + "]的权限数据有误");
saasRoleUserRelationDao.removeWorkspaceOuAllUserRole(workspaceId, ouId);
List<SaasRoleUserRelation> roleUserRelations2 = saasRoleUserRelationDao.queryByPersonId(personId, workspaceId, ouId);
List<SaasRoleUserV2DTO> roleUserRelations2 = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder()
.personId(personId)
.workspaceId(workspaceId)
.ouId(ouId)
.build());;
Assertions.assertTrue(CollectionUtils.isEmpty(roleUserRelations2), "ouId:[" + ouId + "] workspaceId:[" + workspaceId + "]的权限数据有误");
}
}

14
tyr-server/src/test/java/cn/axzo/tyr/server/permission/JobTest.java
View File

@ -1,10 +1,8 @@
package cn.axzo.tyr.server.permission;
import cn.axzo.tyr.server.job.ProductFeatureRefreshJobHandler;
import cn.axzo.tyr.server.job.UserRoleRelationCleanJob;
import cn.axzo.tyr.server.model.ProductFeatureRefreshParam;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@ -18,8 +16,6 @@ import org.springframework.boot.test.context.SpringBootTest;
public class JobTest {
@Autowired
private ProductFeatureRefreshJobHandler productFeatureRefreshJobHandler;
@Autowired
private UserRoleRelationCleanJob userRoleRelationCleanJob;
@Test
public void testProductFeatureRefresh() throws Exception {
@ -29,14 +25,4 @@ public class JobTest {
productFeatureRefreshJobHandler.execute(JSON.toJSONString(param));
}
@Test
public void testUserRoleCleanJob() throws Exception {
UserRoleRelationCleanJob.CleanTarget param = UserRoleRelationCleanJob.CleanTarget.builder()
//.ouId(1L)
//.workspaceId(31L)
.personId(5367L)
.build();
userRoleRelationCleanJob.execute(JSON.toJSONString(param));
}
}

12
tyr-server/src/test/java/cn/axzo/tyr/server/permission/RoleUserTest.java
View File

@ -69,18 +69,6 @@ public class RoleUserTest {
System.out.println(JSON.toJSONString(result));
}
@Test
public void testPageQueryForOUWorkspace() {
RoleWithUserQueryReq req = new RoleWithUserQueryReq();
req.setOuId(5195L);
req.setWorkspaceId(371L);
req.setWorkspaceJoinType(2);
req.setPage(1L);
req.setPageSize(20L);
Page<SaasRole> page = saasRoleDao.pageQueryForOUWorkspace(req);
System.out.println(JSON.toJSONString(page));
}
@Test
public void testListAdmin() {
roleService.listAdmins(111L, 22L);

302
tyr-server/src/test/java/cn/axzo/tyr/server/service/RoleServiceTest.java
View File

@ -1,23 +1,315 @@
package cn.axzo.tyr.server.service;
import cn.axzo.apollo.core.web.Results;
import cn.axzo.apollo.workspace.api.workspace.WorkspaceApi;
import cn.axzo.apollo.workspace.api.workspace.req.GetSimpleWorkspaceReqV2;
import cn.axzo.apollo.workspace.api.workspace.res.SimpleWorkspaceRes;
import cn.axzo.basics.profiles.api.UserProfileServiceApi;
import cn.axzo.tyr.base.BaseTest;
import com.google.common.collect.Maps;
import cn.axzo.tyr.base.MysqlDataLoader;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.req.ListRoleReq;
import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleReq;
import cn.axzo.tyr.client.model.res.IsSuperAdminRes;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
import cn.azxo.framework.common.model.CommonResponse;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.HashMap;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
class RoleServiceTest extends BaseTest {
@Autowired
private RoleService roleService;
@Autowired
private MysqlDataLoader mysqlDataLoader;
@Autowired
private WorkspaceApi workspaceApi;
@Autowired
private UserProfileServiceApi userProfileServiceApi;
@BeforeEach
@Override
public void setup() {
super.setup();
mysqlDataLoader.loadFromClassName(getClass().getSimpleName());
MockitoAnnotations.initMocks(this);
}
@Test
void list() {
List<SaasRoleRes> roles = roleService.list(ListRoleReq.builder()
.roleIds(Lists.newArrayList(24425L, 25324L))
.build());
Assertions.assertEquals(roles.size(), 2);
roles = roleService.list(ListRoleReq.builder()
.roleGroupCodes(Sets.newHashSet("A1"))
.build());
Assertions.assertEquals(roles.size(), 1);
roles = roleService.list(ListRoleReq.builder()
.roleGroupCodes(Sets.newHashSet("A2"))
.build());
Assertions.assertEquals(roles.size(), 3);
roles = roleService.list(ListRoleReq.builder()
.roleGroupCodes(Sets.newHashSet("A1", "A2"))
.build());
Assertions.assertEquals(roles.size(), 4);
roles = roleService.list(ListRoleReq.builder()
.roleGroupCodes(Sets.newHashSet("A3"))
.build());
Assertions.assertEquals(roles.size(), 0);
roles = roleService.list(ListRoleReq.builder()
.roleGroupCodes(Sets.newHashSet("A1", "A2"))
.roleIds(Lists.newArrayList(111L, 222L))
.build());
Assertions.assertEquals(roles.size(), 0);
roles = roleService.list(ListRoleReq.builder()
.roleGroupCodes(Sets.newHashSet("A1", "A2"))
.roleIds(Lists.newArrayList(24425L, 25324L))
.build());
Assertions.assertEquals(roles.size(), 2);
}
@Test
void query() {
Mockito.when(workspaceApi.getListV2(Mockito.eq(GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(3L, -1L))
.build())))
.thenReturn(Results.ok(Lists.newArrayList(SimpleWorkspaceRes.builder()
.type(2)
.build())));
Mockito.when(workspaceApi.getListV2(Mockito.eq(GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(-1L))
.build())))
.thenReturn(Results.ok(Lists.newArrayList()));
// 只查询预设角色,workspaceId = -1
List<SaasRoleVO> query = roleService.query(QuerySaasRoleReq.builder().build());
Assertions.assertEquals(query.size(), 4);
// 只查询预设角色,workspaceId = -1
// 只查询预设角色和指定workspaceId的角色
query = roleService.query(QuerySaasRoleReq.builder()
.workspaceId(Lists.newArrayList(3L))
.ouId(Lists.newArrayList(4L))
.build());
Assertions.assertEquals(query.size(), 6);
// 只查询预设角色和指定workspaceId的角色
// 只查询指定workspaceId的超管角色
query = roleService.query(QuerySaasRoleReq.builder()
.roleType(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.workspaceId(Lists.newArrayList(3L))
.ouId(Lists.newArrayList(4L))
.build());
Assertions.assertEquals(query.size(), 1);
// 只查询指定workspaceId的超管角色
// 只查询指定workspaceId的超管角色预设角色
query = roleService.query(QuerySaasRoleReq.builder()
.roleType(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue(),
RoleTypeEnum.INIT.getValue()))
.workspaceId(Lists.newArrayList(3L))
.ouId(Lists.newArrayList(4L))
.build());
Assertions.assertEquals(query.size(), 5);
// 只查询指定workspaceId的超管角色预设角色
// 根据workspaceTypeCode查询
query = roleService.query(QuerySaasRoleReq.builder()
.workspaceTypeCode(Lists.newArrayList("2"))
.build());
Assertions.assertEquals(query.size(), 3);
// 根据workspaceTypeCode查询
// 根据workspaceIdworkspaceTypeCode查询
query = roleService.query(QuerySaasRoleReq.builder()
.workspaceTypeCode(Lists.newArrayList("2"))
.workspaceId(Lists.newArrayList(3L))
.ouId(Lists.newArrayList(4L))
.build());
Assertions.assertEquals(query.size(), 4);
// 根据workspaceIdworkspaceTypeCode查询
}
@Test
void isSuperAdmin() {
List<IsSuperAdminRes> superAdmin = roleService.isSuperAdmin(Lists.newArrayList(QueryByIdentityIdTypeReq.builder()
.identityId(28801L)
.identityType(3)
.workspaceId(3L)
.ouId(4L)
.personId(24510L)
.build()));
Assertions.assertEquals(superAdmin.size(), 1);
Assertions.assertTrue(superAdmin.get(0).getIsSuperAdmin());
superAdmin = roleService.isSuperAdmin(Lists.newArrayList(QueryByIdentityIdTypeReq.builder()
.identityId(28802L)
.identityType(3)
.workspaceId(3L)
.ouId(4L)
.personId(24511L)
.build()));
Assertions.assertEquals(superAdmin.size(), 1);
Assertions.assertFalse(superAdmin.get(0).getIsSuperAdmin());
}
@Test
void listSuperAdmin() {
Mockito.when(workspaceApi.getListV2(Mockito.eq(GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(3L, -1L))
.build())))
.thenReturn(Results.ok(Lists.newArrayList(SimpleWorkspaceRes.builder()
.type(2)
.build())));
Mockito.when(workspaceApi.getListV2(Mockito.eq(GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(3L))
.build())))
.thenReturn(Results.ok(Lists.newArrayList(SimpleWorkspaceRes.builder()
.type(2)
.build())));
Mockito.when(workspaceApi.getListV2(Mockito.eq(GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(-1L))
.build())))
.thenReturn(Results.ok(Lists.newArrayList()));
Mockito.when(userProfileServiceApi.postPersonProfiles(Mockito.any()))
.thenReturn(CommonResponse.success(Lists.newArrayList()));
// 根据workspaceId查询所有角色包括超管
List<SaasRoleRes> roles = roleService.list(ListRoleReq.builder()
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(3L)
.ouId(4L)
.build()))
.needRoleUser(true)
.build());
Assertions.assertEquals(roles.size(), 2);
Assertions.assertEquals(roles.stream()
.filter(e -> Objects.equals(e.getRoleType(), RoleTypeEnum.SUPER_ADMIN.getValue()))
.map(SaasRoleRes::getSaasRoleUsers)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toList())
.size(), 1);
Assertions.assertEquals(roles.stream()
.filter(e -> Objects.equals(e.getRoleType(), RoleTypeEnum.COMMON.getValue()))
.map(SaasRoleRes::getSaasRoleUsers)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toList())
.size(), 0);
// 根据workspaceId查询所有角色包括超管
// 根据workspaceId查询超管角色
roles = roleService.list(ListRoleReq.builder()
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(3L)
.ouId(4L)
.build()))
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.needRoleUser(true)
.build());
Assertions.assertEquals(roles.size(), 1);
Assertions.assertEquals(roles.stream()
.filter(e -> Objects.equals(e.getRoleType(), RoleTypeEnum.SUPER_ADMIN.getValue()))
.map(SaasRoleRes::getSaasRoleUsers)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toList())
.size(), 1);
// 根据workspaceId查询超管角色
// 根据workspaceId查询自定义角色
roles = roleService.list(ListRoleReq.builder()
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(3L)
.ouId(4L)
.build()))
.roleTypes(Lists.newArrayList(RoleTypeEnum.COMMON.getValue()))
.needRoleUser(true)
.build());
Assertions.assertEquals(roles.size(), 1);
Assertions.assertEquals(roles.stream()
.filter(e -> Objects.equals(e.getRoleType(), RoleTypeEnum.COMMON.getValue()))
.map(SaasRoleRes::getSaasRoleUsers)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toList())
.size(), 0);
// 根据workspaceId查询自定义角色
// 根据workspaceId查询自定义角色预设角色
roles = roleService.list(ListRoleReq.builder()
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(3L)
.ouId(4L)
.build()))
.needRoleUser(true)
.needPresetRole(true)
.build());
Assertions.assertEquals(roles.size(), 6);
Assertions.assertEquals(roles.stream()
.filter(e -> Objects.equals(e.getRoleType(), RoleTypeEnum.COMMON.getValue()))
.map(SaasRoleRes::getSaasRoleUsers)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toList())
.size(), 0);
Assertions.assertEquals(roles.stream()
.filter(e -> Objects.equals(e.getRoleType(), RoleTypeEnum.SUPER_ADMIN.getValue()))
.map(SaasRoleRes::getSaasRoleUsers)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toList())
.size(), 1);
// 根据workspaceId查询自定义角色预设角色
// 查询所有角色
roles = roleService.list(ListRoleReq.builder()
.build());
Assertions.assertEquals(roles.size(), 9);
// 查询所有角色
// 查询预设角色
roles = roleService.list(ListRoleReq.builder()
.needPresetRole(true)
.build());
Assertions.assertEquals(roles.size(), 4);
// 查询预设角色
// 直接查询超管角色
roles = roleService.list(ListRoleReq.builder()
.roleTypes(Lists.newArrayList(RoleTypeEnum.SUPER_ADMIN.getValue()))
.workspaceType(2)
.build());
Assertions.assertEquals(roles.size(), 1);
// 直接查询超管角色
}
}

55
tyr-server/src/test/java/cn/axzo/tyr/server/service/impl/RoleUserServiceTest.java Normal file
View File

@ -0,0 +1,55 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.apollo.core.web.Results;
import cn.axzo.apollo.workspace.api.workspace.WorkspaceApi;
import cn.axzo.apollo.workspace.api.workspace.req.GetSimpleWorkspaceReqV2;
import cn.axzo.apollo.workspace.api.workspace.res.SimpleWorkspaceRes;
import cn.axzo.tyr.base.BaseTest;
import cn.axzo.tyr.base.MysqlDataLoader;
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
import com.google.common.collect.Lists;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
class RoleUserServiceTest extends BaseTest {
@Autowired
private RoleUserService roleUserService;
@Autowired
private MysqlDataLoader mysqlDataLoader;
@Autowired
private WorkspaceApi workspaceApi;
@BeforeEach
@Override
public void setup() {
super.setup();
mysqlDataLoader.loadFromClassName(getClass().getSimpleName());
MockitoAnnotations.initMocks(this);
}
@Test
void superAdminList() {
Mockito.when(workspaceApi.getListV2(Mockito.eq(GetSimpleWorkspaceReqV2.builder()
.ids(Lists.newArrayList(3L))
.build())))
.thenReturn(Results.ok(Lists.newArrayList(SimpleWorkspaceRes.builder()
.type(2)
.build())));
List<SuperAminInfoResp> superAminInfoResps = roleUserService.superAdminList(SuperAdminParam.builder()
.workspaceId(3L)
.ouId(4L)
.build());
Assertions.assertEquals(superAminInfoResps.size(), 1);
}
}

59
tyr-server/src/test/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImplTest.java Normal file
View File

@ -0,0 +1,59 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.foundation.exception.BusinessException;
import cn.axzo.tyr.base.BaseTest;
import cn.axzo.tyr.base.MysqlDataLoader;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
import static cn.axzo.tyr.server.config.exception.BizResultCode.REMOVE_USER_ROLE_ERROR;
import static org.junit.jupiter.api.Assertions.*;
class SaasRoleUserRelationServiceImplTest extends BaseTest {
@Autowired
private SaasRoleUserRelationService saasRoleUserRelationService;
@Autowired
private MysqlDataLoader mysqlDataLoader;
@BeforeEach
@Override
public void setup() {
super.setup();
mysqlDataLoader.loadFromClassName(getClass().getSimpleName());
}
@Test
void batchRemove() {
List<SaasRoleUserV2DTO> saasRoleUsers = saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder().build());
Assertions.assertEquals(saasRoleUsers.size(), 4);
SaasRoleUserRelationService.BatchRemoveParam batchRemoveParam =
SaasRoleUserRelationService.BatchRemoveParam.builder().build();
saasRoleUserRelationService.batchRemove(batchRemoveParam);
Assertions.assertEquals(saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder().build()).size(), 4);
BusinessException businessException = assertThrows(BusinessException.class, ()->{
saasRoleUserRelationService.batchRemove(SaasRoleUserRelationService.BatchRemoveParam.builder()
.ids(Sets.newHashSet(1L))
.build());
});
assertEquals(businessException.getErrorMsg(), REMOVE_USER_ROLE_ERROR.getErrorMessage());
saasRoleUserRelationService.batchRemove(SaasRoleUserRelationService.BatchRemoveParam.builder()
.ids(Sets.newHashSet(16399L, 16400L))
.build());
Assertions.assertEquals(saasRoleUserRelationService.listV2(ListRoleUserRelationParam.builder().build()).size(), 2);
}
}

3
tyr-server/src/test/resources/application-unittest.yml
View File

@ -42,3 +42,6 @@ axzo:
# service.base.tyr: https://test-api.axzo.cn/tyr
# 超管编码
role.superAdmin: '{1:"entSuperAdmin",2:"projSuperAdmin",6:"omsSuperAdmin"}'
topic: topic_tyr_${spring.profiles.active}
sendMq: true

61
tyr-server/src/test/resources/mysql/RoleServiceTest.sql Normal file
View File

@ -0,0 +1,61 @@
#-->DEFAULT
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled) VALUES (24425, '项目经理', '', 'init', 'oms:project_manager', -1, -1, 6, 6, 0, '2023-09-19 15:22:55', '2024-08-13 10:25:25', 2003043, 2003028, 1, 65535, 0, null, 0, '', 1, 2, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled) VALUES (25324, '项目负责人', '', 'init', 'cms:mafb_project_commissioner', -1, -1, 5, 2, 0, '2023-10-23 17:49:59', '2024-08-13 10:25:40', -1, 9000399985, 1, 65535, 0, null, 0, '', 1, 1, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled) VALUES (25326, '商务副经理', '', 'init', 'cms:mafb_business_vice_officer', -1, -1, 5, 2, 0, '2023-10-23 17:50:00', '2024-08-13 10:25:41', -1, 2006333, 1, 65535, 0, null, 0, '', 1, 2, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled) VALUES (25327, '生产副经理', '', 'init', 'cms:mafb_productivity_vice_officer', -1, -1, 5, 2, 0, '2023-10-23 17:50:00', '2024-08-13 10:25:41', -1, 2006333, 1, 65535, 0, null, 0, '', 1, 3, 1);
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at) VALUES (12, 24425, 6, 0, '2023-09-19 15:22:55', '2023-09-19 15:22:55');
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at) VALUES (23, 25324, 13, 0, '2023-10-23 17:49:59', '2023-10-23 17:49:58');
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at) VALUES (25, 25326, 13, 0, '2023-10-23 17:50:00', '2023-10-23 17:49:59');
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at) VALUES (26, 25327, 13, 0, '2023-10-23 17:50:00', '2023-10-23 17:49:59');
INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at)
VALUES (6, '6', '6', '研发中心', -1, -1, 0, 3, 'A1', '', 0, '2023-09-19 14:31:19', '2024-05-29 09:33:24');
INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at)
VALUES (13, '2', '5', '专业分包', -1, -1, 0, 1, 'A2', '', 0, '2023-10-23 17:49:59', '2024-08-15 18:39:13');
-- INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
-- VALUES (3414, '超级管理员', '', 'super_admin', '', 3, 4, 1, 2, 0, '2022-10-19 15:52:33', '2024-09-29 17:16:27', 0, 0, 65535, 65535, 0, 0, 0, '', 1, 0, 1);
-- INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
-- VALUES (3415, '超级管理员', '', 'super_admin', '', 8, 1, 1, 2, 0, '2022-10-19 15:52:33', '2024-09-29 17:16:27', 0, 0, 65535, 65535, 0, 0, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101100, '超级管理员', '超级管理员', 'super_admin', 'ou_superadmin', 0, 0, 7, 1, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101101, '超级管理员', '超级管理员', 'super_admin', 'pro_superadmin', 0, 0, 1, 2, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101102, '超级管理员', '超级管理员', 'super_admin', 'oms_superadmin', 0, 0, 6, 6, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101103, '超级管理员', '超级管理员', 'super_admin', 'zw_superadmin', 0, 0, 3, 3, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (3416, '自定义', '', 'common', '', 3, 4, 1, 2, 0, '2022-10-19 15:52:33', '2024-09-29 17:16:27', 0, 0, 65535, 65535, 0, 0, 0, '', 1, 0, 1);
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at)
VALUES (549, 101100, 18, 0, '2024-09-25 21:47:42', '2024-09-25 21:47:42');
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at)
VALUES (550, 101101, 14, 0, '2024-09-25 21:47:42', '2024-09-25 21:47:42');
INSERT INTO saas_role_group_relation (id, role_id, saas_role_group_id, is_delete, create_at, update_at)
VALUES (551, 101102, 57, 0, '2024-09-25 21:47:42', '2024-09-25 21:47:42');
INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at, path)
VALUES (14, '2', '1', '总包单位', -1, -1, 0, 1, '', '', 0, '2023-10-23 17:50:04', '2024-09-10 10:18:44', '14,');
INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at, path)
VALUES (18, '1', '7', '企业通用', -1, -1, 0, 4, '', '', 0, '2023-10-23 17:50:15', '2024-09-10 10:18:44', '18,');
INSERT INTO saas_role_group (id, workspace_type_code, ou_type_code, name, workspace_id, ou_id, parent_id, sort, code, category_code, is_delete, create_at, update_at, path)
VALUES (57, '6', '6', 'OMS超管组', -1, -1, 0, 9, 'omsSuperAdminGroup', '', 0, '2024-04-17 11:38:28', '2024-09-10 10:18:45', '57,');
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (197519, 28801, 3414, 3, 24510, 3, 4, 0, 0, 0, '2024-01-18 16:36:16', '2024-09-29 17:16:39', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (183677, 40, 3415, 3, 2232, 8, 1, 0, 0, 0, '2023-10-06 15:13:35', '2024-09-29 17:16:39', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (1158315, 28801, 101100, 3, 24510, 3, 4, 0, 0, 0, '2024-09-29 16:33:31', '2024-09-29 16:33:31', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (1157571, 40, 101101, 3, 2232, 8, 1, 0, 0, 0, '2024-09-27 09:39:49', '2024-09-27 09:39:48', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (197520, 28802, 24425, 3, 24511, 3, 4, 0, 0, 0, '2024-01-18 16:36:16', '2024-09-29 17:16:39', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (1157572, 40, 101101, 3, 2232, 3, 4, 0, 0, 0, '2024-09-27 09:39:49', '2024-09-27 09:39:48', 0, 0, 2);
#-->SaasRoleUserRelationServiceImplTest.sql

25
tyr-server/src/test/resources/mysql/RoleUserServiceTest.sql Normal file
View File

@ -0,0 +1,25 @@
#-->DEFAULT
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101100, '超级管理员', '超级管理员', 'super_admin', 'ou_superadmin', 0, 0, 7, 1, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101101, '超级管理员', '超级管理员', 'super_admin', 'pro_superadmin', 0, 0, 1, 2, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101102, '超级管理员', '超级管理员', 'super_admin', 'oms_superadmin', 0, 0, 6, 6, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role (id, NAME, description, role_type, role_code, workspace_id, owner_ou_id, product_unit_type, workspace_type, is_delete, create_at, update_at, create_by, update_by, fit_ou_type_bit, fit_ou_node_type_bit, position_template_id, project_team_manage_role_resource_id, from_pre_role_id, job_code, is_display, sort, enabled)
VALUES (101103, '超级管理员', '超级管理员', 'super_admin', 'zw_superadmin', 0, 0, 3, 3, 0, '2024-09-25 21:47:42', '2024-09-29 17:17:27', 2051297, 2051297, 1, 65535, 0, null, 0, '', 1, 0, 1);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (197519, 28801, 3414, 3, 24510, 3, 4, 0, 0, 0, '2024-01-18 16:36:16', '2024-09-29 17:16:39', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (183677, 40, 3415, 3, 2232, 8, 1, 0, 0, 0, '2023-10-06 15:13:35', '2024-09-29 17:16:39', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (1158315, 28801, 101100, 3, 24510, 3, 4, 0, 0, 0, '2024-09-29 16:33:31', '2024-09-29 16:33:31', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (1157571, 40, 101101, 3, 2232, 8, 1, 0, 0, 0, '2024-09-27 09:39:49', '2024-09-27 09:39:48', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (197520, 28802, 24425, 3, 24511, 3, 4, 0, 0, 0, '2024-01-18 16:36:16', '2024-09-29 17:16:39', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type)
VALUES (1157572, 40, 101101, 3, 2232, 3, 4, 0, 0, 0, '2024-09-27 09:39:49', '2024-09-27 09:39:48', 0, 0, 2);
#-->SaasRoleUserRelationServiceImplTest.sql

8
tyr-server/src/test/resources/mysql/SaasRoleUserRelationServiceImplTest.sql Normal file
View File

@ -0,0 +1,8 @@
#-->DEFAULT
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type) VALUES (16399, 40, 3415, 3, 2232, 8, 1, 0, 0, 0, '2021-09-16 22:09:29', '2022-09-13 09:48:24', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type) VALUES (16400, 1327, 3416, 3, 1561, 9, 1, 0, 0, 0, '2021-09-16 22:09:29', '2021-09-16 22:09:29', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type) VALUES (16401, 98, 3417, 3, 2020, 6, 1, 0, 0, 0, '2021-09-16 22:09:29', '2021-09-16 22:09:29', 0, 0, 2);
INSERT INTO saas_role_user_relation (id, identity_id, role_id, identity_type, natural_person_id, workspace_id, ou_id, resource_type, resource_id, is_delete, create_at, update_at, create_by, update_by, job_type) VALUES (16402, 106, 3418, 3, 3577, 12, 1, 0, 0, 0, '2021-09-16 22:09:29', '2021-09-16 22:09:29', 0, 0, 2);
#-->SaasRoleUserRelationServiceImplTest.sql

8
tyr-server/src/test/resources/mysql/data.sql
View File

@ -1,10 +1,2 @@
select 1;
-- saas_role 表初始化数据
INSERT INTO `saas_role` (`id`, `NAME`, `description`, `role_type`, `role_code`, `workspace_id`, `owner_ou_id`, `product_unit_type`, `workspace_type`, `is_delete`, `create_at`, `update_at`, `create_by`, `update_by`, `fit_ou_type_bit`, `fit_ou_node_type_bit`, `position_template_id`, `project_team_manage_role_resource_id`, `from_pre_role_id`, `job_code`, `is_display`, `enabled`, `sort`) VALUES (1, '代班长', '', 'common', '7722', 2, 1, 0, 2, 0, '2022-10-19 15:53:32', '2024-04-17 11:02:19', 0, 0, 32, 1, 2, 59, 0, '', 1, 1, 1);
-- saas_role_user_relation 表初始化数据
-- DemoTest.testDeleteUserRole 使用
INSERT INTO `saas_role_user_relation` (`id`, `identity_id`, `role_id`, `identity_type`, `natural_person_id`, `workspace_id`, `ou_id`, `resource_type`, `resource_id`, `is_delete`, `create_at`, `update_at`, `create_by`, `update_by`, `job_type`) VALUES (1, 2008231, 100001, 2, 1, 1, 1, 1, 9592, 0, '2024-05-22 18:23:40', '2024-05-22 18:23:39', 0, 0, 2);

57
tyr-server/src/test/resources/mysql/schema.sql
View File

@ -17,6 +17,41 @@ CREATE TABLE `demo` (
UNIQUE KEY `uk_demo_code` (`code`)
) COMMENT ='demo';
CREATE TABLE `saas_role_group_relation` (
`id` bigint NOT NULL AUTO_INCREMENT,
`role_id` bigint DEFAULT NULL COMMENT '角色id',
`saas_role_group_id` bigint DEFAULT NULL COMMENT '角色分组id',
`is_delete` bigint DEFAULT '0' COMMENT '是否删除 0否,其他是',
`create_at` datetime DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`update_at` datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
PRIMARY KEY (`id`),
KEY `idx_role_group_relation_create_at` (`create_at`),
KEY `idx_role_group_relation_update_at` (`update_at`),
KEY `idx_role_group_saas_role_group_id` (`saas_role_group_id`),
KEY `idx_role_group_relation_role_id` (`role_id`)
) ENGINE=InnoDB AUTO_INCREMENT=345 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='角色分组关联表';
CREATE TABLE `saas_role_group` (
`id` bigint NOT NULL AUTO_INCREMENT,
`workspace_type_code` varchar(255) DEFAULT NULL COMMENT '工作台类型字典id',
`ou_type_code` varchar(255) DEFAULT NULL COMMENT '单位类型字典id(多选集合)',
`name` varchar(255) DEFAULT NULL COMMENT '名称',
`workspace_id` bigint DEFAULT NULL COMMENT '所属工作台id(通用-1)',
`ou_id` bigint DEFAULT NULL COMMENT '所属单位id(通用-1)',
`parent_id` bigint NOT NULL DEFAULT '0' COMMENT '上级分组ID',
`sort` int DEFAULT NULL COMMENT '排序',
`code` varchar(50) NOT NULL DEFAULT '' COMMENT '分组CODE',
`category_code` varchar(50) NOT NULL DEFAULT '' COMMENT '分类CODE, 用于代班长,小组长的权限分类。',
`is_delete` bigint DEFAULT '0' COMMENT '是否删除 0否,其他是',
`create_at` datetime DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`update_at` datetime DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
PRIMARY KEY (`id`),
KEY `idx_role_group_create_at` (`create_at`),
KEY `idx_role_group_update_at` (`update_at`),
KEY `idx_role_group_idx_workspace_type_code` (`workspace_type_code`),
KEY `idx_role_group_workspace_id` (`workspace_id`),
KEY `idx_role_group_ou_id` (`ou_id`)
) ENGINE=InnoDB AUTO_INCREMENT=101 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci COMMENT='角色分组';
CREATE TABLE `saas_feature` (
`id` bigint NOT NULL AUTO_INCREMENT COMMENT 'id',
@ -256,3 +291,25 @@ CREATE TABLE `saas_pgroup_role_relation` (
alter table saas_feature_resource add index `idx_feature_resource_uni_code` (`uni_code`);
alter table saas_feature_resource add index `idx_feature_resource_path` (`path`);
CREATE TABLE `permission_rule` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`name` varchar(64) NOT NULL COMMENT '规则名称',
`key_code` varchar(128) NOT NULL COMMENT '规则编码',
`type` varchar(64) NOT NULL COMMENT '规则类型:CREATE_ROLE_CHECK:check创建角色',
-- `content` JSON NULL COMMENT 'pipeline信息{"pipelines":[{"pipeline":"","params":{}}]}',
`content` VARCHAR(2048) NOT NULL DEFAULT '{}' COMMENT 'pipeline信息{"pipelines":[{"pipeline":"实现规则类实例名字","params":{执行规则的默认参数},"processor":"执行规则的引擎:groovy、java"}]}',
`status` varchar(32) NOT NULL DEFAULT 'ENABLED' COMMENT '状态ENABLED、DISABLED',
`description` varchar(512) NOT NULL DEFAULT '' COMMENT '规则的描述',
-- `ext` JSON NULL COMMENT '额外信息',
`ext` VARCHAR(2048) NOT NULL DEFAULT '{}' COMMENT '额外信息',
`create_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`update_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
`create_by` bigint NOT NULL DEFAULT '0' COMMENT '创建者',
`update_by` bigint NOT NULL DEFAULT '0' COMMENT '更新者',
PRIMARY KEY (`id`),
UNIQUE KEY `uk_permission_rule_key_code` (`key_code`),
UNIQUE KEY `uk_permission_rule_name` (`name`)
) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8mb4 COMMENT='权限系统规则定义表';
alter table saas_role_group add column `path` varchar(255) DEFAULT '0' COMMENT 'ID层级路径 逗号分隔';