创建机构用户权限

2023-10-19 13:54:38 +08:00 · 2023-10-19 13:54:38 +08:00 · b24927820a
commit b24927820a
parent 2d254e93d2
4 changed files with 115 additions and 24 deletions
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
@ -79,4 +79,6 @@ public interface TyrSaasRoleUserApi {
     */
    @PostMapping("/api/saas-role-user/super-admin-list")
    ApiResult<List<SuperAdminInfoDTO>> superAdminList(@RequestBody @Valid SuperAdminParam param);
+
+
 }
--- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateAgencyAdminRoleParam.java
+++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/CreateAgencyAdminRoleParam.java
@ -2,8 +2,8 @@ package cn.axzo.tyr.client.model.roleuser.req;

 import java.util.List;

+import javax.validation.constraints.Max;
 import javax.validation.constraints.Min;
-import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;

@ -33,10 +33,21 @@ public class CreateAgencyAdminRoleParam {

 	/**
 	 * 单位类型
+	 * 1：施工单位
+	 * 2：建设单位
+	 * 3：监理单位
+	 * 4: 劳务分包
+	 * 5：专业分包
+	 * 6：OMS通用
+	 * 7：企业通用
 	 */
 	@NotNull(message = "单位类型不能为空")
 	@Min(value = 1)
-	private Integer organizationalUnitType;
+	@Max(value = 7)
+	private Integer organizationalUnitTypeCode;
+
+	@NotNull(message = "身份id不能为空")
+	private Long identityId;

 	/**
 	 * 被赋予角色的人的身份类型
@ -44,17 +55,6 @@ public class CreateAgencyAdminRoleParam {
 	@NotNull(message = "身份类型不能为空")
 	private IdentityType identityType;

-	/**
-	 * 手机号
-	 */
-	@NotBlank(message = "手机号不能为空")
-	private String phoneNo;
-
-	/**
-	 * 用户名
-	 */
-	@NotBlank(message = "用户名不能为空")
-	private String userName;

 	/**
 	 * 之前的所有RoleId都被更新
@ -62,4 +62,7 @@ public class CreateAgencyAdminRoleParam {
 	@NotEmpty(message = "角色列表不能为空")
 	private List<Long> updateRoleIds;

+	@NotNull(message = "自然人id不能为空")
+	private Long naturalPersonId;
+
 }
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
@ -77,4 +77,10 @@ public interface SaasRoleUserService {
     * @return
     */
    boolean deleteUserRoleIncludeAdmin(List<DeleteUserRoleIncludeAdminParam> params);
+
+    /**
+     * 创建机构账户类型
+     * @param param
+     */
+    void createAgencyAdminRole(CreateAgencyAdminRoleParam param);
 }
--- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
+++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
@ -1,8 +1,20 @@
 package cn.axzo.tyr.server.service.impl;

+import java.util.*;
+import java.util.stream.Collectors;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import com.alibaba.nacos.common.utils.CollectionUtils;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.google.common.collect.Lists;
+
 import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
 import cn.axzo.basics.common.exception.ServiceException;
 import cn.axzo.basics.common.util.AssertUtil;
+import cn.axzo.framework.jackson.utility.JSON;
 import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
 import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.model.BaseWorkspaceModel;
@ -10,24 +22,18 @@ import cn.axzo.tyr.client.model.enums.IdentityType;
 import cn.axzo.tyr.client.model.roleuser.dto.SuperAdminInfoDTO;
 import cn.axzo.tyr.client.model.roleuser.req.*;
 import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
+import cn.axzo.tyr.server.repository.dao.SaasRoleGroupDao;
+import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
 import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
 import cn.axzo.tyr.server.repository.entity.SaasRole;
+import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
+import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
 import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
 import cn.axzo.tyr.server.service.SaasRoleUserService;
+import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.collection.CollectionUtil;
-import com.alibaba.nacos.common.utils.CollectionUtils;
-import com.baomidou.mybatisplus.core.toolkit.Wrappers;
-import com.google.common.collect.Lists;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-
-import java.util.Collections;
-import java.util.List;
-import java.util.Objects;
-import java.util.Set;
-import java.util.stream.Collectors;

 /**
 * 角色
@ -43,6 +49,8 @@ public class RoleUserService implements SaasRoleUserService {

 	private final SaasRoleUserRelationDao roleUserRelationDao;
 	private final SaasRoleDao saasRoleDao;
+	private final SaasRoleGroupRelationDao roleGroupRelationDao;
+	private final SaasRoleGroupDao roleGroupDao;
 	@Override
 	@Transactional(rollbackFor = Exception.class)
 	public void saveOrUpdate(RoleUserReq req) {
@ -232,4 +240,76 @@ public class RoleUserService implements SaasRoleUserService {
 		});
 		return true;
 	}
+
+	@Override
+	@Transactional(rollbackFor = Exception.class)
+	public void createAgencyAdminRole(CreateAgencyAdminRoleParam param) {
+		/*
+		 * 根据传入的角色id和适用单位类型，筛选出符合添加权限的角色
+		 */
+		List<SaasRoleGroupRelation> matchedRelations = filterAgencyAdminRoleGroupRelation(param);
+		List<Long> matchedRoleIds = matchedRelations.stream().map(SaasRoleGroupRelation::getRoleId).sorted().collect(Collectors.toList());
+
+		// 如果用户已经存在对应的权限，忽略，如果不存在，添加
+		List<Long> existUserRoleIds = roleUserRelationDao.lambdaQuery().in(SaasRoleUserRelation::getRoleId, matchedRoleIds).eq(SaasRoleUserRelation::getWorkspaceId, param.getWorkspaceId())
+				.eq(SaasRoleUserRelation::getOuId, param.getOuId()).eq(SaasRoleUserRelation::getIdentityId, param.getIdentityId()).eq(SaasRoleUserRelation::getIdentityType, param.getIdentityType())
+				.eq(SaasRoleUserRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list().stream().map(SaasRoleUserRelation::getRoleId).collect(Collectors.toList());
+
+		Collection<Long> insertRoleIds = org.apache.commons.collections4.CollectionUtils.subtract(matchedRoleIds, existUserRoleIds);
+		if (CollectionUtils.isEmpty(insertRoleIds)) {
+			return;
+		}
+		List<SaasRoleUserRelation> newUserRoleRelations = insertRoleIds.stream().map(rid -> {
+			SaasRoleUserRelation roleUserRelation = new SaasRoleUserRelation();
+			roleUserRelation.setIdentityId(param.getIdentityId());
+			roleUserRelation.setIdentityType(param.getIdentityType().getCode());
+			roleUserRelation.setRoleId(rid);
+			roleUserRelation.setNaturalPersonId(param.getNaturalPersonId());
+			roleUserRelation.setCreateBy(0L);
+			roleUserRelation.setUpdateBy(0L);
+			roleUserRelation.setOuId(param.getOuId());
+			roleUserRelation.setWorkspaceId(param.getWorkspaceId());
+			roleUserRelation.setResourceType(0);
+			roleUserRelation.setResourceId(0L);
+			return roleUserRelation;
+		}).collect(Collectors.toList());
+		roleUserRelationDao.saveBatch(newUserRoleRelations);
+	}
+
+	private List<SaasRoleGroupRelation> filterAgencyAdminRoleGroupRelation(CreateAgencyAdminRoleParam param) {
+		// 根据传入的角色id筛选出内置角色
+		List<SaasRole> saasRoles = saasRoleDao.lambdaQuery().in(SaasRole::getId, param.getUpdateRoleIds())
+				.eq(SaasRole::getRoleType, RoleTypeEnum.INIT.getValue())
+				.eq(SaasRole::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
+		if (CollUtil.isEmpty(saasRoles)) {
+			throw new ServiceException("选中角色中无角色可以给改分包公司所属类型适用");
+		}
+		// 传入的角色id对应的角色可能不存在|已删除|不是内置角色，需要重新过滤一次
+		List<Long> roleIds = saasRoles.stream().map(SaasRole::getId).sorted().collect(Collectors.toList());
+		// 获取这些角色对应的分组，角色必须绑定在某个分组下，删除分组时候需要判断分组下是否有角色，否则不能删除，但是如果手动删除数据或者创建角色和删除分组时候出现并发，可能导致这种角色对应的分组不存在，需要人工处理
+		List<SaasRoleGroupRelation> roleGroupRelations = roleGroupRelationDao.lambdaQuery().in(SaasRoleGroupRelation::getRoleId, roleIds).eq(SaasRoleGroupRelation::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
+		if (CollectionUtils.isEmpty(roleGroupRelations)) {
+			log.error("数据异常，所选角色没有对应角色分组信息：roleId {}", JSON.toJSONString(roleIds));
+			throw new ServiceException("数据错误，所选角色没有对应角色分组信息，请联系管理员");
+		}
+		/*
+		 *	根据角色分组上的适用单位类型，来筛选出符合传入的单位类型的角色信息
+		 */
+		List<Long> roleGroupIds = roleGroupRelations.stream().map(SaasRoleGroupRelation::getSaasRoleGroupId).sorted().collect(Collectors.toList());
+		List<SaasRoleGroup> roleGroups = roleGroupDao.lambdaQuery().in(SaasRoleGroup::getId, roleGroupIds).eq(SaasRoleGroup::getIsDelete, TableIsDeleteEnum.NORMAL.value).list();
+		if (CollectionUtils.isEmpty(roleGroups)) {
+			log.error("数据错误，角色关联已被删除的分组信息，roleId {}， roleGroupIds {}", JSON.toJSONString(roleIds), JSON.toJSONString(roleGroupIds));
+			throw new ServiceException("数据错误，角色关联已被删除的分组信息，请联系管理员");
+		}
+		Set<Long> matchedRoleGroupIds = roleGroups.stream().filter(g -> {
+			if (StringUtils.isBlank(g.getOuTypeCode())) {
+				return false;
+			}
+			return Arrays.stream(g.getOuTypeCode().split(",")).filter(StringUtils::isNotBlank).anyMatch(s -> StringUtils.equals(s, param.getOrganizationalUnitTypeCode().toString()));
+		}).map(SaasRoleGroup::getId).collect(Collectors.toSet());
+		if (CollectionUtils.isEmpty(matchedRoleGroupIds)) {
+			throw new ServiceException("选中角色中无角色可以给改分包公司所属类型适用");
+		}
+		return roleGroupRelations.stream().filter(r -> matchedRoleGroupIds.contains(r.getSaasRoleGroupId())).collect(Collectors.toList());
+	}
 }