feat:(feature/REQ-2750) 用户添加角色时增加岗位角色限制check
This commit is contained in:
lilong
parent
73a1651f1d
commit
dd83bb23e1
@ -1,9 +1,18 @@
|
|||||||
package cn.axzo.tyr.server.service.impl;
|
package cn.axzo.tyr.server.service.impl;
|
||||||
|
|
||||||
|
import cn.axzo.apollo.workspace.api.workspace.WorkspaceConfigApi;
|
||||||
|
import cn.axzo.apollo.workspace.api.workspace.res.WorkspaceConfigInfo;
|
||||||
import cn.axzo.basics.common.BeanMapper;
|
import cn.axzo.basics.common.BeanMapper;
|
||||||
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
|
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
|
||||||
import cn.axzo.basics.common.exception.ServiceException;
|
import cn.axzo.basics.common.exception.ServiceException;
|
||||||
import cn.axzo.basics.common.util.AssertUtil;
|
import cn.axzo.basics.common.util.AssertUtil;
|
||||||
|
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||||
|
import cn.axzo.maokai.api.client.OrgJobApi;
|
||||||
|
import cn.axzo.maokai.api.client.OrganizationalNodeUserQueryApi;
|
||||||
|
import cn.axzo.maokai.api.vo.request.OrgJobListReq;
|
||||||
|
import cn.axzo.maokai.api.vo.request.PersonJobAndDepartmentListReq;
|
||||||
|
import cn.axzo.maokai.api.vo.response.OrgJobRes;
|
||||||
|
import cn.axzo.maokai.api.vo.response.PersonJobAndDepartmentResp;
|
||||||
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
|
||||||
import cn.axzo.pokonyan.util.KeysUtil;
|
import cn.axzo.pokonyan.util.KeysUtil;
|
||||||
import cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum;
|
import cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum;
|
||||||
@ -16,6 +25,7 @@ import cn.axzo.tyr.client.model.roleuser.RoleUserUpdateReq;
|
|||||||
import cn.axzo.tyr.client.model.roleuser.dto.GetUserAutoOwnRoleResp;
|
import cn.axzo.tyr.client.model.roleuser.dto.GetUserAutoOwnRoleResp;
|
||||||
import cn.axzo.tyr.client.model.roleuser.dto.GetUserFeatureResourceIdsResp;
|
import cn.axzo.tyr.client.model.roleuser.dto.GetUserFeatureResourceIdsResp;
|
||||||
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
|
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
|
||||||
|
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
|
||||||
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
|
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
|
||||||
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
|
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
|
||||||
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
|
import cn.axzo.tyr.client.model.roleuser.req.AutoOwnRoleUserReq;
|
||||||
@ -43,6 +53,7 @@ import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
|
|||||||
import cn.axzo.tyr.server.service.SaasRoleGroupService;
|
import cn.axzo.tyr.server.service.SaasRoleGroupService;
|
||||||
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
|
||||||
import cn.axzo.tyr.server.service.SaasRoleUserService;
|
import cn.axzo.tyr.server.service.SaasRoleUserService;
|
||||||
|
import cn.axzo.tyr.server.utils.RpcExternalUtil;
|
||||||
import cn.hutool.core.collection.CollectionUtil;
|
import cn.hutool.core.collection.CollectionUtil;
|
||||||
import cn.hutool.core.util.StrUtil;
|
import cn.hutool.core.util.StrUtil;
|
||||||
import cn.hutool.json.JSONUtil;
|
import cn.hutool.json.JSONUtil;
|
||||||
@ -60,12 +71,14 @@ import org.springframework.stereotype.Service;
|
|||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
import java.util.function.Supplier;
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -88,6 +101,9 @@ public class RoleUserService implements SaasRoleUserService {
|
|||||||
private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
|
private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
|
||||||
private final SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
|
private final SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
|
||||||
private final SaasRoleUserRelationService saasRoleUserRelationService;
|
private final SaasRoleUserRelationService saasRoleUserRelationService;
|
||||||
|
private final OrgJobApi orgJobApi;
|
||||||
|
private final WorkspaceConfigApi workspaceConfigApi;
|
||||||
|
private final OrganizationalNodeUserQueryApi organizationalNodeUserQueryApi;
|
||||||
|
|
||||||
// 单位类型默认角色关系,后面可以座位管理员的逻辑进行迭代
|
// 单位类型默认角色关系,后面可以座位管理员的逻辑进行迭代
|
||||||
@Value("#{${participateUnitDefaultRoleId:{}}}")
|
@Value("#{${participateUnitDefaultRoleId:{}}}")
|
||||||
@ -113,11 +129,65 @@ public class RoleUserService implements SaasRoleUserService {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 先写死,后面做规则引擎
|
||||||
|
* @param req
|
||||||
|
*/
|
||||||
|
private void checkJobRole(RoleUserReq req) {
|
||||||
|
|
||||||
|
if (CollectionUtils.isEmpty(req.getUpdateRoleIds())) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
WorkspaceConfigInfo workspaceConfigInfo = RpcExternalUtil.rpcApolloProcessor(() -> workspaceConfigApi.getByWorkspaceId(req.getWorkspaceId()),
|
||||||
|
"查询租户配置信息", req.getWorkspaceId());
|
||||||
|
|
||||||
|
if (Objects.isNull(workspaceConfigInfo) || Objects.equals(workspaceConfigInfo.getCreateUserRoleLimit(), 0)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
PersonJobAndDepartmentListReq personJobAndDepartmentListReq = PersonJobAndDepartmentListReq.builder()
|
||||||
|
.workspaceId(req.getWorkspaceId())
|
||||||
|
.ouId(req.getOuId())
|
||||||
|
.personIds(Lists.newArrayList(req.getPersonId()))
|
||||||
|
.build();
|
||||||
|
String rpcMethod = "organizationalNodeUserApi#listJobAndDepartments";
|
||||||
|
Supplier<ApiResult<List<PersonJobAndDepartmentResp>>> rpcSupplier = () -> organizationalNodeUserQueryApi.listJobAndDepartments(personJobAndDepartmentListReq);
|
||||||
|
List<Long> personJobIds = RpcExternalUtil.rpcApiResultProcessor(rpcSupplier, rpcMethod, req)
|
||||||
|
.stream()
|
||||||
|
.filter(e -> Objects.nonNull(e.getJob()))
|
||||||
|
.map(e -> e.getJob().getId())
|
||||||
|
.distinct()
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
if (CollectionUtils.isEmpty(personJobIds)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
Set<Long> excludeRoleIds = RpcExternalUtil.rpcApiResultProcessor(() -> orgJobApi.list(OrgJobListReq.builder()
|
||||||
|
.jobIdList(personJobIds)
|
||||||
|
.build()), "查询岗位角色限制配置", personJobIds)
|
||||||
|
.stream()
|
||||||
|
.map(OrgJobRes::getExcludeRoleIds)
|
||||||
|
.flatMap(Collection::stream)
|
||||||
|
.collect(Collectors.toSet());
|
||||||
|
|
||||||
|
|
||||||
|
if (CollectionUtils.isEmpty(excludeRoleIds)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
Sets.SetView<Long> intersection = Sets.intersection(req.getUpdateRoleIds(), excludeRoleIds);
|
||||||
|
|
||||||
|
if (!intersection.isEmpty()) {
|
||||||
|
throw new ServiceException("不能勾选岗位的不可选角色");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@Transactional(rollbackFor = Exception.class)
|
@Transactional(rollbackFor = Exception.class)
|
||||||
public void saveOrUpdate(RoleUserReq req) {
|
public void saveOrUpdate(RoleUserReq req) {
|
||||||
|
|
||||||
|
checkJobRole(req);
|
||||||
|
|
||||||
Set<Long> updateRoleIds = req.getUpdateRoleIds();
|
Set<Long> updateRoleIds = req.getUpdateRoleIds();
|
||||||
// 角色校验(不能将角色修改为管理员角色)
|
// 角色校验(不能将角色修改为管理员角色)
|
||||||
if (CollectionUtils.isNotEmpty(updateRoleIds)) {
|
if (CollectionUtils.isNotEmpty(updateRoleIds)) {
|
||||||
|
|||||||
@ -1,7 +1,9 @@
|
|||||||
package cn.axzo.tyr.server.utils;
|
package cn.axzo.tyr.server.utils;
|
||||||
|
|
||||||
|
import cn.axzo.apollo.core.web.Result;
|
||||||
import cn.axzo.basics.common.util.AssertUtil;
|
import cn.axzo.basics.common.util.AssertUtil;
|
||||||
import cn.axzo.framework.domain.ServiceException;
|
import cn.axzo.framework.domain.ServiceException;
|
||||||
|
import cn.axzo.framework.domain.web.result.ApiListResult;
|
||||||
import cn.axzo.framework.domain.web.result.ApiResult;
|
import cn.axzo.framework.domain.web.result.ApiResult;
|
||||||
import cn.azxo.framework.common.model.CommonResponse;
|
import cn.azxo.framework.common.model.CommonResponse;
|
||||||
import cn.hutool.core.date.StopWatch;
|
import cn.hutool.core.date.StopWatch;
|
||||||
@ -10,6 +12,7 @@ import cn.hutool.http.HttpStatus;
|
|||||||
import cn.hutool.json.JSONUtil;
|
import cn.hutool.json.JSONUtil;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import java.util.function.Consumer;
|
import java.util.function.Consumer;
|
||||||
import java.util.function.Supplier;
|
import java.util.function.Supplier;
|
||||||
@ -65,4 +68,12 @@ public class RpcExternalUtil {
|
|||||||
return r;
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static <T> T rpcApolloProcessor(Supplier<Result<T>> supplier, String operationType, Object... param) {
|
||||||
|
log.info(operationType + "-Param: " + JSONUtil.toJsonStr(param));
|
||||||
|
Result<T> result = printLatency(supplier,operationType);
|
||||||
|
log.info(operationType + "-Result: " + JSONUtil.toJsonStr(result));
|
||||||
|
Assert.notNull(result, "服务调用异常");
|
||||||
|
Assert.isTrue(result.getCode() == 200, "服务调用异常:" + result.getMsg());
|
||||||
|
return result.getData();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user