wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/REQ-2046' into feature/REQ-2046

Browse Source
This commit is contained in:
wangjibo 2024-01-10 20:55:03 +08:00
commit e4c45c6bd7
36 changed files with 819 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/RoleResourceTypeEnum.java Normal file
View File

@ -0,0 +1,25 @@
package cn.axzo.tyr.client.common.enums;
import com.baomidou.mybatisplus.annotation.EnumValue;
import com.fasterxml.jackson.annotation.JsonValue;
import lombok.Getter;
/**
* @author tanjie@axzo.cn
* @date 2024/1/9 17:07
*/
public enum RoleResourceTypeEnum {
UNIT(1, "单位")
;
@Getter
@EnumValue
@JsonValue
public final Integer code;
public final String desc;
RoleResourceTypeEnum(Integer code, String desc){
this.code = code;
this.desc = desc;
}
}

37
tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/SaasPositionEnum.java Normal file
View File

@ -0,0 +1,37 @@
package cn.axzo.tyr.client.common.enums;
import cn.hutool.core.util.ArrayUtil;
import com.baomidou.mybatisplus.annotation.EnumValue;
import com.fasterxml.jackson.annotation.JsonValue;
import lombok.Getter;
/**
* position code
* @author tanjie@axzo.cn
* @date 2022/7/4 10:51
*/
public enum SaasPositionEnum {
PLAT_TEAM_OWNER("plat_teamowner", "平台级班组长"),
PLAT_ACTING_MONITOR("plat_actingmonitor", "班组管理员"),
PLAT_GROUP_LEADER("plat_groupleader", "平台级小组长"),
WORKSPACE_TEAM_OWNER("workspace_teamowner", "工作台级班组长"),
WORKSPACE_ACTING_MONITOR("workspace_actingmonitor", "工作台级代班长"),
WORKSPACE_GROUP_LEADER("workspace_groupleader", "工作台级小组长"),;
@Getter
@EnumValue
@JsonValue
private final String code;
private final String desc;
SaasPositionEnum(String value, String desc) {
this.code = value;
this.desc = desc;
}
public static SaasPositionEnum getValueByCode(String code) {
return ArrayUtil.firstMatch((o) -> o.getCode().equals(code), values());
}
}

12
tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleGroupApi.java
View File

@ -4,6 +4,7 @@ import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
@ -50,4 +51,15 @@ public interface SaasRoleGroupApi {
@PostMapping("/api/saasRoleGroup/delete")
ApiResult<Void> delete(@RequestParam @NotEmpty List<Long> ids);
/**
*
* 通过categoryCode查询分组
* @param categoryCode #{@link cn.axzo.tyr.client.common.enums.SaasPositionEnum}
*
* @return
*/
@GetMapping("/api/saasRoleGroup/listByCategoryCode")
ApiResult<List<SaasRoleGroupVO>> listByCategoryCode(@RequestParam("categoryCode") String categoryCode);
}

13
tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasAuthApi.java
View File

@ -6,9 +6,11 @@ import cn.axzo.tyr.client.model.req.IdentityAuthReq;
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
import cn.axzo.tyr.client.model.req.PermissionCacheReq;
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.PostMapping;
@ -90,4 +92,15 @@ public interface TyrSaasAuthApi {
@PostMapping("/api/v2/auth/tempDisableAuthCache")
ApiResult<Void> tempDisableAuthCache(@Valid @RequestBody PermissionCacheReq req);
/**
*
* 通过资源ID资源类型角色分类 查询权限
* @param listPermissionFromRoleGroupReq
* @return
*/
@PostMapping("/api/v1/auth/listIdentityFromRoleGroupCategoryCode")
ApiResult<List<ListPermissionFromRoleGroupResp>> listAuthByResourceAndRoleGroup(@RequestBody @Valid ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq);
}

9
tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleUserApi.java
View File

@ -37,6 +37,15 @@ public interface TyrSaasRoleUserApi {
@PostMapping("/api/saas-role-user/grant-or-ungrant-worker-leader")
ApiResult<Void> grantOrUngrantWorkerLeader(@RequestBody @Valid GantOrUnGantaWorkerLeaderRoleReq req);
/**
* 授权或者取消授权班组管理员或者项目代班长
*
* @return
*/
@PostMapping("/api/saas-role-user/grant-or-ungrant-worker-manager")
ApiResult<Void> grantOrUngrantWorkerManager(@RequestBody @Valid WorkerManagerRoleUserReq req);
/**
* 保存/更新 用户的角色每次传入新的角色ID时都会覆盖原来的所有角色
* 此接口不能修改非管理员角色

5
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
View File

@ -62,8 +62,9 @@ public class IdentityAuthReq {
/** 指定角色ID - 预览用,不需要用户已配置角色 **/
private Set<Long> specifyRoleIds;
/** 是否使用缓存 **/
private Boolean useCache;
/** 是否使用缓存 - 默认true **/
@Builder.Default
private boolean useCache = true;
@Data

59
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java Normal file
View File

@ -0,0 +1,59 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.tyr.client.common.enums.SaasPositionEnum;
import cn.axzo.tyr.client.model.enums.IdentityType;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.validation.constraints.NotNull;
import java.util.List;
/**
* 通过角色分组及分类查询人员的权限
* @author tanjie@axzo.cn
* @date 2024/1/5 14:26
*/
@Data
@AllArgsConstructor
@NoArgsConstructor
@Builder
public class ListPermissionFromRoleGroupReq {
private List<Long> identityIds;
private IdentityType identityType;
private List<Long> personIds;
/**
* 分组CODE 代班长班组管理员小组长
* #{@link SaasPositionEnum#getCode()}
*/
@NotNull
private String categoryCode;
private List<WorkspaceOuPair> workspaceOuPairs;
@Builder.Default
private Boolean findFeatureInfo = false;
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public static class WorkspaceOuPair {
private Long workspaceId;
private Long ouId;
private Long resourceId;
private Integer resourceType;
}
}

69
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java Normal file
View File

@ -0,0 +1,69 @@
package cn.axzo.tyr.client.model.res;
import cn.axzo.tyr.client.model.enums.IdentityType;
import lombok.Data;
import java.util.List;
import java.util.Set;
/**
* 通过角色分组及分类查询人员的权限
*
* @author tanjie@axzo.cn
* @date 2024/1/5 14:26
*/
@Data
public class ListPermissionFromRoleGroupResp {
private Long identityId;
private IdentityType identityType;
private Long personId;
private Long ouId;
private Long workspaceId;
/**
* 平台班组ID
*/
private Long teamOuId;
/**
* 分类名称
*/
private String roleGroupName;
/**
* 分类CODE
*/
private String roleGroupCode;
/**
* 角色ID
*/
private String roleId;
/**
* 角色名称
*/
private String roleName;
/**
* 权限集ID
*/
private Long permissionGroupId;
/**
* 权限点信息 按钮级别
*/
private Set<Long> simpleFeatureInfos;
}

21
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/SimpleFeatureInfo.java Normal file
View File

@ -0,0 +1,21 @@
package cn.axzo.tyr.client.model.res;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* 权限点基础信息
* @author tanjie@axzo.cn
*/
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class SimpleFeatureInfo {
private Long featureId;
private String featureCode;
}

24
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/IdentityInfo.java Normal file
View File

@ -0,0 +1,24 @@
package cn.axzo.tyr.client.model.roleuser.dto;
import cn.axzo.tyr.client.model.enums.IdentityType;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
/**
* @author tanjie@axzo.cn
* @date 2024/1/10 10:38
*/
@AllArgsConstructor
@NoArgsConstructor
@Builder
@Data
public class IdentityInfo {
private Long personId;
private Long identityId;
private IdentityType identityType;
}

76
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/WorkerManagerRoleUserReq.java Normal file
View File

@ -0,0 +1,76 @@
package cn.axzo.tyr.client.model.roleuser.req;
import cn.axzo.tyr.client.common.enums.SaasPositionEnum;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import java.util.ArrayList;
import java.util.List;
/**
* 授权或者取消授权班组管理员代班长接口
*
* @author tanjie@axzo.cn
*/
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public class WorkerManagerRoleUserReq {
@NotNull
private Long ouId;
@NotNull
private Long workspaceId;
/**
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
*/
@NotNull
private Integer resourceType;
@NotNull
private Long resourceId;
private IdentityType identityType;
@Builder.Default
private List<IdentityInfo> identityInfos = new ArrayList<>();
/**
* 这个字段在设置后续产品重构了班组管理员代班长相关功能的时候要替换成ROLE ID
* 现在保留权限集ID是因为只是做统一权限角色查询链路先暂时不变REQ-2046)
*/
@NotEmpty
private List<Long> permissionGroupId;
// -------------
/**
* 是否取消授权
*/
@Builder.Default
private boolean ungrant = false;
/**
* 是否取消所有权限是的话则不消费permissionGroupId
*/
@Builder.Default
private boolean isUngrantAll = false;
/**
* 取消所有授权的角色分组 saas role group 上的categoryCode;
* 只有在isUngrantAll时生效
* #{@link SaasPositionEnum}
*/
private String roleGroupCategoryCode;
}

7
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
View File

@ -55,6 +55,13 @@ public class SaasRoleGroupVO {
*/
private Integer sort;
private String code;
/**
* 分组CODE
*/
private String categoryCode;
private Date createAt;
private Date updateAt;

5
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleVO.java
View File

@ -31,6 +31,11 @@ public class SaasRoleVO {
*/
private String name;
/**
* 角色所对应的产品属性
*/
private Integer productUnitType;
/**
* 角色类型 init 标准 common 自定义角色 admin管理员 super_admin 超管
*/

8
tyr-server/src/main/java/cn/axzo/tyr/server/controller/auth/TyrSaasAuthController.java
View File

@ -10,9 +10,11 @@ import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
import cn.axzo.tyr.client.model.req.PermissionCacheReq;
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
import cn.axzo.tyr.server.model.PermissionCacheKey;
import cn.axzo.tyr.server.service.PermissionCacheService;
@ -86,4 +88,10 @@ public class TyrSaasAuthController implements TyrSaasAuthApi {
.build());
return ApiResult.ok();
}
@Override
public ApiResult<List<ListPermissionFromRoleGroupResp>> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
return ApiResult.ok(tyrSaasAuthService.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq));
}
}

6
tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleGroupController.java
View File

@ -50,4 +50,10 @@ public class SaasRoleGroupController implements SaasRoleGroupApi {
saasRoleGroupService.delete(ids);
return ApiResult.ok();
}
@Override
public ApiResult<List<SaasRoleGroupVO>> listByCategoryCode(String categoryCode) {
return ApiResult.ok(saasRoleGroupService.listByCategoryCode(categoryCode));
}
}

6
tyr-server/src/main/java/cn/axzo/tyr/server/controller/roleuser/RoleUserController.java
View File

@ -56,6 +56,12 @@ public class RoleUserController implements TyrSaasRoleUserApi {
return ApiResult.ok();
}
@Override
public ApiResult<Void> grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req) {
saasRoleUserService.grantOrUngrantWorkerManager(req);
return ApiResult.ok();
}
@Override
public ApiResult<Void> batchSaveOrUpdate(List<RoleUserReq> req) {
for (RoleUserReq roleUserReq : req) {

27
tyr-server/src/main/java/cn/axzo/tyr/server/model/FilterRoleAuth.java Normal file
View File

@ -0,0 +1,27 @@
package cn.axzo.tyr.server.model;
import cn.axzo.tyr.server.service.impl.TyrSaasAuthServiceImpl;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
/**
* 通过工作台过滤角色的权限
* #{@link TyrSaasAuthServiceImpl#filterAuthByRoleAndProduct()}
* @author tanjie@axzo.cn
* @date 2024/1/8 14:16
*/
@AllArgsConstructor
@Data
@NoArgsConstructor
@Builder
public class FilterRoleAuth {
private Long roleId;
private Long workspaceId;
}

32
tyr-server/src/main/java/cn/axzo/tyr/server/model/RoleUserInfo.java Normal file
View File

@ -0,0 +1,32 @@
package cn.axzo.tyr.server.model;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Set;
/**
* @author tanjie@axzo.cn
* @date 2024/1/9 17:00
*/
@AllArgsConstructor
@NoArgsConstructor
@Builder
@Data
public class RoleUserInfo {
private Long ouId;
private Long workspaceId;
private Integer resourceType;
private Long resourceId;
private IdentityType identityType;
private List<IdentityInfo> identityInfos;
private Set<Long> roleId;
}

7
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleDao.java
View File

@ -105,5 +105,12 @@ public class SaasRoleDao extends ServiceImpl<SaasRoleMapper, SaasRole> {
.setSql(" is_delete = id")
.update();
}
public List<SaasRole> findInitRole(Set<Long> roleIds) {
return lambdaQuery().in(BaseEntity::getId, roleIds)
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL)
.eq(SaasRole::getRoleType, RoleTypeEnum.INIT.getValue())
.list();
}
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupDao.java
View File

@ -5,6 +5,7 @@ import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupMapper;
import cn.hutool.core.util.StrUtil;
import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.apache.commons.collections.CollectionUtils;
@ -50,5 +51,9 @@ public class SaasRoleGroupDao extends ServiceImpl<SaasRoleGroupMapper, SaasRoleG
.update();
}
public List<SaasRoleGroup> listByCategoryCode(String categoryCode) {
return lambdaQuery().eq(BaseEntity::getIsDelete, 0L)
.eq(StrUtil.isNotBlank(categoryCode), SaasRoleGroup::getCategoryCode, categoryCode).list();
}
}

11
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupRelationDao.java
View File

@ -9,8 +9,10 @@ import org.apache.commons.collections.CollectionUtils;
import org.springframework.stereotype.Repository;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
@Repository
public class SaasRoleGroupRelationDao extends ServiceImpl<SaasRoleGroupRelationMapper, SaasRoleGroupRelation> {
@ -41,5 +43,14 @@ public class SaasRoleGroupRelationDao extends ServiceImpl<SaasRoleGroupRelationM
.set(BaseEntity::getIsDelete,1L)
.update();
}
public List<SaasRoleGroupRelation> findByGroupId(Set<Long> groupIds) {
if (CollectionUtils.isEmpty(groupIds)) {
return new ArrayList<>();
}
return lambdaQuery().eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL)
.in(SaasRoleGroupRelation::getSaasRoleGroupId, groupIds).list();
}
}

28
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java
View File

@ -4,6 +4,8 @@ import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
import cn.axzo.tyr.server.model.RoleUserInfo;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.repository.mapper.SaasRoleUserRelationMapper;
import cn.hutool.core.collection.CollectionUtil;
@ -14,6 +16,7 @@ import org.springframework.stereotype.Repository;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
@Repository
public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMapper, SaasRoleUserRelation> {
@ -95,5 +98,30 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
.setSql(" is_delete = id")
.update();
}
public List<SaasRoleUserRelation> findByResource(RoleUserInfo req) {
return lambdaQuery()
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
.in(CollectionUtil.isNotEmpty(req.getRoleId()), SaasRoleUserRelation::getRoleId, req.getRoleId())
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
.in(CollectionUtil.isNotEmpty(req.getIdentityInfos()),SaasRoleUserRelation::getIdentityId,req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId))
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
.list();
}
public void removeByResource(RoleUserInfo req) {
lambdaUpdate()
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
.in(SaasRoleUserRelation::getRoleId, req.getRoleId())
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
.eq(CollectionUtil.isNotEmpty(req.getIdentityInfos()), SaasRoleUserRelation::getIdentityId, req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).collect(Collectors.toSet()))
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
.setSql(" is_delete = id");
}
}

2
tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasFeature.java
View File

@ -177,7 +177,7 @@ public class SaasFeature extends BaseEntity<SaasFeature> implements Serializable
return Collections.emptySet();
}
return StrUtil.split(this.path, "/").stream()
.filter(id -> StrUtil.equals(id, "0"))
.filter(x -> StrUtil.isNotBlank(x) && !StrUtil.equals(x, "0"))
.map(Long::valueOf)
.collect(Collectors.toSet());
}

11
tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasRoleGroup.java
View File

@ -59,6 +59,17 @@ public class SaasRoleGroup extends BaseEntity<SaasRoleGroup> implements Serializ
@TableField("sort")
private Integer sort;
/**
* 分组CODE
*/
private String code;
/**
* 分类CODE, 用于代班长小组长的权限分类
*/
private String categoryCode;
/**
* 获取主键值
*

4
tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/TyrSaasAuthMapper.java
View File

@ -1,5 +1,8 @@
package cn.axzo.tyr.server.repository.mapper;
import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
import cn.axzo.tyr.server.repository.entity.ProductFeatureInfo;
import cn.axzo.tyr.server.repository.entity.ProductFeatureQuery;
import cn.axzo.tyr.server.repository.entity.RolePermission;
@ -21,4 +24,5 @@ public interface TyrSaasAuthMapper {
List<ProductFeatureInfo> listProductFeature(@Param("query") ProductFeatureQuery query);
List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(@Param("req") ListPermissionFromRoleGroupReq query);
}

2
tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java
View File

@ -86,4 +86,6 @@ public interface RoleService {
* @param outId 待删除角色所属单位ID
*/
void deleteRole(List<Long> roleIds,Long workSpaceId,Long outId);
List<SaasRole> getByIds(Set<Long> ids);
}

7
tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java
View File

@ -25,4 +25,11 @@ public interface SaasRoleGroupService {
Long saveOrUpdate(SaasRoleGroupVO req);
void delete(List<Long> ids);
/**
* 分组CODE查询角色分组
* @param categoryCode
* @return
*/
List<SaasRoleGroupVO> listByCategoryCode(String categoryCode);
}

7
tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleUserService.java
View File

@ -77,4 +77,11 @@ public interface SaasRoleUserService {
* 授权或者取消授权平台班组长和项目内班组长角色
*/
void grantOrUngrantWorkerLeader(GantOrUnGantaWorkerLeaderRoleReq req);
/**
* 授权或者取消授权班组管理员项目代班长
* @param req
*/
void grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req);
}

9
tyr-server/src/main/java/cn/axzo/tyr/server/service/TyrSaasAuthService.java
View File

@ -7,8 +7,10 @@ import cn.axzo.tyr.client.model.req.BatchListIdentityFromPermissionReq;
import cn.axzo.tyr.client.model.req.ListIdentityFromPermissionReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromFeatureReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromIdentityReq;
import cn.axzo.tyr.client.model.req.ListPermissionFromRoleGroupReq;
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
import java.util.List;
@ -40,4 +42,11 @@ public interface TyrSaasAuthService {
* @return
*/
IdentityAuthRes findIdentityAuthMix(IdentityAuthReq identityAuthReq);
/**
* 通过资源信息获取权限
* @param listPermissionFromRoleGroupReq
* @return
*/
List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq);
}

1
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java
View File

@ -613,6 +613,7 @@ public class PermissionPointServiceImpl implements PermissionPointService {
SaasFeature::getFeatureCode,
SaasFeature::getFeatureName,
SaasFeature::getParentId,
SaasFeature::getPath,
SaasFeature::getTerminal));
Set<Long> parentIds = new HashSet<>();

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java
View File

@ -31,6 +31,8 @@ import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@ -93,6 +95,9 @@ public class ProductFeatureRelationServiceImpl implements ProductFeatureRelation
@Override
public ApiResult<List<ProductFeatureRelationVO>> featureListByProduct(List<Long> productIds) {
if (CollectionUtil.isEmpty(productIds)) {
return ApiResult.ok(Collections.emptyList());
}
List<SaasProductModuleFeatureRelation> list = saasProductModuleFeatureRelationDao.lambdaQuery()
.select(SaasProductModuleFeatureRelation::getFeatureId
,SaasProductModuleFeatureRelation::getProductModuleId

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
View File

@ -709,4 +709,9 @@ public class RoleServiceImpl implements RoleService {
roleUserRelationDao.deleteByRoldId(roleIds);
roleGroupRelationDao.deleteGroupRelation(roleIds);
}
@Override
public List<SaasRole> getByIds(Set<Long> ids) {
return saasRoleDao.listByIds(ids);
}
}

92
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
View File

@ -3,7 +3,10 @@ package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.basics.common.util.AssertUtil;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.pokonyan.util.KeysUtil;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.common.enums.SaasPositionEnum;
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
@ -12,12 +15,23 @@ import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
import cn.axzo.tyr.client.model.roleuser.req.RoleUserReq;
import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
import cn.axzo.tyr.server.model.RoleUserInfo;
import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleUserRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasPgroupRoleRelation;
import cn.axzo.tyr.server.repository.entity.SaasRole;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
import cn.axzo.tyr.server.repository.entity.SaasRoleUserRelation;
import cn.axzo.tyr.server.service.SaasRoleGroupRelationService;
import cn.axzo.tyr.server.service.SaasRoleGroupService;
import cn.axzo.tyr.server.service.SaasRoleUserRelationService;
import cn.axzo.tyr.server.service.SaasRoleUserService;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.nacos.common.utils.CollectionUtils;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper;
@ -47,6 +61,9 @@ public class RoleUserService implements SaasRoleUserService {
private final SaasRoleUserRelationDao roleUserRelationDao;
private final SaasRoleDao saasRoleDao;
private final SaasPgroupRoleRelationDao saasPgroupRoleRelationDao;
private final SaasRoleGroupService saasRoleGroupService;
private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
// 单位类型默认角色关系,后面可以座位管理员的逻辑进行迭代
@Value("#{${participateUnitDefaultRoleId:{}}}")
@ -306,4 +323,79 @@ public class RoleUserService implements SaasRoleUserService {
roleUserRelationDao.removeWorkerLeaderRole(req.getIdentityId(), IdentityType.WORKER_LEADER, req.getWorkspaceId(), req.getOuId());
}
}
@Override
@Transactional
public void grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req) {
// 查询出角色ID
List<SaasPgroupRoleRelation> saasPgroupRoleRelations = saasPgroupRoleRelationDao.listByIds(req.getPermissionGroupId());
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
return;
}
List<SaasRole> roleInfos = saasRoleDao.findInitRole(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getRoleId).collect(Collectors.toSet()));
if (CollectionUtil.isEmpty(roleInfos)) {
log.warn("not found role info");
return;
}
RoleUserInfo roleUserBaseInfo = RoleUserInfo.builder()
.resourceType(req.getResourceType())
.resourceId(req.getResourceId())
.workspaceId(req.getWorkspaceId())
.ouId(req.getOuId())
.identityType(req.getIdentityType())
.identityInfos(req.getIdentityInfos())
.roleId(roleInfos.stream().map(BaseEntity::getId).collect(Collectors.toSet()))
.build();
// 授权
if (!req.isUngrant()) {
if (CollectionUtil.isEmpty(roleUserBaseInfo.getIdentityInfos())) {
throw new ServiceException("grant team manager error, not found person info");
}
List<SaasRoleUserRelation> exist = roleUserRelationDao.findByResource(roleUserBaseInfo);
Set<String> existKey = exist.stream().map(e -> KeysUtil.createKey(e.getNaturalPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), e.getResourceType(),e.getRoleId())).collect(Collectors.toSet());
// 防止重复插入数据过滤一次原始数据
// 第一个维度
roleUserRelationDao.saveBatch(roleUserBaseInfo.getIdentityInfos().stream().map(e -> {
// 第二个维度角色
return roleUserBaseInfo.getRoleId().stream().map(roleId -> {
if (existKey.contains(KeysUtil.createKey(e.getPersonId(), roleUserBaseInfo.getOuId(), roleUserBaseInfo.getWorkspaceId(), roleUserBaseInfo.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) {
return null;
}
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
saasRoleUserRelation.setIdentityId(e.getIdentityId());
saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode());
saasRoleUserRelation.setRoleId(roleId);
saasRoleUserRelation.setNaturalPersonId(e.getPersonId());
saasRoleUserRelation.setOuId(req.getOuId());
saasRoleUserRelation.setWorkspaceId(req.getWorkspaceId());
saasRoleUserRelation.setResourceType(req.getResourceType());
saasRoleUserRelation.setResourceId(req.getResourceId());
return saasRoleUserRelation;
}).filter(Objects::nonNull).collect(Collectors.toList());
}).flatMap(Collection::stream).collect(Collectors.toList()));
return;
}
// 取消授权
if (!req.isUngrantAll()) {
roleUserRelationDao.removeByResource(roleUserBaseInfo);
return;
}
// 取消所有权限
String categoryCode = req.getRoleGroupCategoryCode();
if (StrUtil.isBlank(categoryCode)) {
throw new ServiceException("不支持清除该人员所有角色,请指定分组");
}
List<SaasRoleGroupVO> saasRoleGroupVO = saasRoleGroupService.listByCategoryCode(categoryCode);
List<SaasRoleGroupRelation> roleGroupRelations = saasRoleGroupRelationDao.findByGroupId(saasRoleGroupVO.stream().map(SaasRoleGroupVO::getId).collect(Collectors.toSet()));
Set<Long> roleIds = roleGroupRelations.stream().map(SaasRoleGroupRelation::getRoleId).collect(Collectors.toSet());
if (CollectionUtil.isEmpty(roleIds)) {
return;
}
roleUserBaseInfo.setRoleId(roleIds);
roleUserRelationDao.removeByResource(roleUserBaseInfo);
}
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
View File

@ -158,4 +158,9 @@ public class SaasRoleGroupServiceImpl implements SaasRoleGroupService {
saasRoleGroup.setOuId(req.getOuId() != null ? req.getOuId() : -1L);
return saasRoleGroup;
}
@Override
public List<SaasRoleGroupVO> listByCategoryCode(String categoryCode) {
return BeanUtil.copyToList(saasRoleGroupDao.listByCategoryCode(categoryCode), SaasRoleGroupVO.class);
}
}

83
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -2,6 +2,7 @@ package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.BeanMapper;
import cn.axzo.framework.domain.ServiceException;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.pokonyan.util.TraceSupplier;
import cn.axzo.thrones.client.saas.ServicePkgClient;
@ -17,9 +18,13 @@ import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
import cn.axzo.tyr.client.model.req.*;
import cn.axzo.tyr.client.model.res.IdentityAuthRes;
import cn.axzo.tyr.client.model.res.ListIdentityFromPermissionResp;
import cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp;
import cn.axzo.tyr.client.model.res.QueryIdentityByPermissionResp;
import cn.axzo.tyr.client.model.res.SimpleFeatureInfo;
import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
import cn.axzo.tyr.client.model.vo.SaasPermissionGroupVO;
import cn.axzo.tyr.client.model.vo.SaasRoleVO;
import cn.axzo.tyr.server.model.FilterRoleAuth;
import cn.axzo.tyr.server.model.PermissionCacheKey;
import cn.axzo.tyr.server.repository.entity.*;
import cn.axzo.tyr.server.repository.mapper.TyrSaasAuthMapper;
@ -29,6 +34,8 @@ import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.RoleService;
import cn.axzo.tyr.server.service.TyrSaasAuthService;
import cn.axzo.tyr.server.util.KeyUtil;
import cn.axzo.tyr.server.utils.RpcExternalUtil;
import cn.axzo.tyr.server.utils.RpcInternalUtil;
import cn.azxo.framework.common.model.CommonResponse;
import cn.azxo.framework.common.utils.LogUtil;
import cn.hutool.core.collection.CollectionUtil;
@ -36,6 +43,7 @@ import cn.hutool.core.collection.ListUtil;
import cn.hutool.core.date.StopWatch;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.BooleanUtil;
import cn.hutool.core.util.NumberUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONUtil;
import com.google.common.collect.Lists;
@ -695,7 +703,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
public IdentityAuthRes findIdentityAuthMix(IdentityAuthReq req) {
List<IdentityAuthRes.WorkspacePermission> permissions = null;
//不走缓存的情况关闭缓存开关 - 缓存临时禁用 - 请求指明不走缓存 - 角色预览操作
boolean notUseCache = BooleanUtil.isFalse(req.getUseCache())
boolean notUseCache = !req.isUseCache()
|| CollectionUtil.isNotEmpty(req.getSpecifyRoleIds())
|| permissionCacheService.cacheDisable(
PermissionCacheKey.builder()
@ -790,6 +798,79 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
return permissions;
}
@Override
public List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
List<ListPermissionFromRoleGroupResp> permissionInfo = saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq);
if (CollectionUtil.isEmpty(permissionInfo)) {
return new ArrayList<>();
}
if (!listPermissionFromRoleGroupReq.getFindFeatureInfo()) {
return permissionInfo;
}
Map<Long, Set<Long>> authMap = filterAuthByRoleAndProduct(permissionInfo.stream().map(e -> FilterRoleAuth.builder()
.roleId(NumberUtil.parseLong(e.getRoleId()))
.workspaceId(e.getWorkspaceId())
.build()).collect(Collectors.toList()));
permissionInfo.forEach(e -> e.setSimpleFeatureInfos(authMap.get(NumberUtil.parseLong(e.getRoleId()))));
return permissionInfo;
}
/**
* 通过工作台ID过滤指定角色的权限
* @param filterRoleAuths
* @return KEY :role Id ; VALUE: feature id ;
*/
public Map<Long, Set<Long>> filterAuthByRoleAndProduct(List<FilterRoleAuth> filterRoleAuths) {
List<Long> roleIds = filterRoleAuths.stream().map(FilterRoleAuth::getRoleId).distinct().collect(Collectors.toList());
List<SaasRoleVO> query = roleService.query(QuerySaasRoleReq.builder()
.ids(roleIds)
.build());
Map<Long, SaasRoleVO> roleMap = query.stream().collect(Collectors.toMap(SaasRoleVO::getId, Function.identity(), (a, b) -> a));
// find product by workspace
Set<Long> workspaceId = filterRoleAuths.stream().map(FilterRoleAuth::getWorkspaceId).collect(Collectors.toSet());
List<ServicePkgDetailRes> servicePkgDetailRes = RpcExternalUtil.rpcProcessor(() -> servicePkgClient.getServicePkgDetailBySpaceId(workspaceId), "find product ", workspaceId);
Map<Long, List<ServicePkgProduct>> productMap = servicePkgDetailRes.stream().collect(Collectors.toMap(ServicePkgDetailRes::getSpaceId, ServicePkgDetailRes::getProducts, (a, b) -> a));
// find permission point by product
List<Long> productIds = productMap.values().stream().flatMap(List::stream).map(ServicePkgProduct::getProductId).distinct().collect(Collectors.toList());
List<ProductFeatureRelationVO> productsDetail = RpcExternalUtil.rpcApiResultProcessor(() -> productFeatureRelationService.featureListByProduct(productIds), " find permission point by product ", productIds);
Map<Long, ProductFeatureRelationVO> productDetailMap = productsDetail.stream().collect(Collectors.toMap(ProductFeatureRelationVO::getId, Function.identity(), (a, b) -> a));
// intersection auth from role and product
return filterRoleAuths.stream().collect(Collectors.toMap(FilterRoleAuth::getRoleId, e -> {
Long roleId = e.getRoleId();
SaasRoleVO saasRole = roleMap.get(e.getRoleId());
if (null == saasRole) {
LogUtil.error(" find role info error,role id:{}", roleId);
return Collections.emptySet();
}
Integer productUnitType = saasRole.getProductUnitType();
List<ServicePkgProduct> productsInfo = productMap.get(e.getWorkspaceId());
List<Long> allFeatureIds = productsInfo.stream().map(productSimpleInfo -> {
ProductFeatureRelationVO productDetail = productDetailMap.get(productSimpleInfo.getProductId());
if (!Objects.equals(productUnitType.toString(), productDetail.getDictCode())) {
return null;
}
return productDetail.getFeatureId();
}).filter(Objects::nonNull).distinct().collect(Collectors.toList());
List<Long> currentPermissionId = saasRole.getMatchFeature(e.getWorkspaceId(), null).stream().map(PermissionPointTreeNode::getPermissionPointId).distinct().collect(Collectors.toList());
return new HashSet<>(CollectionUtil.intersection(allFeatureIds, currentPermissionId));
},(a,b)->{
a.addAll(b);
return a;
}
));
}
@Data
public static class UserRoleInfoMap {

98
tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml
View File

@ -75,4 +75,102 @@
#{item, jdbcType=VARCHAR}
</foreach>
</select>
<resultMap id="workerPositionEx"
type="cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp">
<result property="identityId" column="identityId"/>
<result property="identityType" column="identityType"/>
<result property="personId" column="personId"/>
<result property="ouId" column="ouId"/>
<result property="workspaceId" column="workspaceId"/>
<result property="teamOuId" column="teamOuId"/>
<result property="roleGroupName" column="roleGroupName"/>
<result property="roleGroupCode" column="roleGroupCode"/>
<result property="roleGroupName" column="roleGroupName"/>
<result property="roleId" column="roleId"/>
<result property="roleName" column="roleName"/>
<result property="permissionGroupId" column="permissionGroupId"/>
<collection property="simpleFeatureInfos"
ofType="cn.axzo.tyr.client.model.res.SimpleFeatureInfo">
<result property="featureId" column="featureId"/>
<result property="featureCode" column="featureCode"/>
</collection>
</resultMap>
<select id="listAuthByResourceAndRoleGroup" resultType="cn.axzo.tyr.client.model.res.ListPermissionFromRoleGroupResp">
SELECT
t5.identity_id identityId,
t5.identity_type identityType,
t5.natural_person_id personId,
t5.ou_id ouId,
t5.worksspace_id workspaceId,
t5.resource_id teamOuId,
t5.resource_type resourceType,
t1.categroy_name categoryName,
t1.name roleGroupName,
t1.code roleGroupCode,
t3.id roleId,
t3.name roleName,
t4.group_id permissionGroupId
FROM
saas_role_group t1
INNER JOIN saas_role_group_relation t2 ON t1.id = t2.saas_role_group_id
INNER JOIN saas_role t3 ON t2.role_id = t3.id
INNER JOIN saas_pgroup_role_relation T4 ON t3.id = t4.role_id
INNER JOIN saas_role_user_relation t5 ON t3.id = t5.role_id
WHERE
t1.category_code = #{req.categoryCode}
<if test="req.identityIds != null ">
<foreach collection="req.identityIds" item="identity" open=" and t5.identity_id IN ( " close=" ) " separator=" , ">
#{identity}
</foreach>
</if>
<if test="req.personIds != null ">
<foreach collection="req.personIds" item="personId" open=" and t5.natural_person_id IN ( " close=" ) " separator=" , ">
#{personId}
</foreach>
</if>
<if test="req.identityType != null ">
AND T5.identityType =#{req.identityType}
</if>
<if test="req.workspaceOuPairs != null and req.workspaceOuPairs.size()>0">
AND
<foreach collection="req.workspaceOuPairs" index="index" item="ouIdAndWorkspaceId" open="(" close=")"
separator=") or ( ">
1=1
<if test="ouIdAndWorkspaceId.workspaceId !=null">
and t1.workspace_id = #{ouIdAndWorkspaceId.workspaceId}
</if>
<if test="ouIdAndWorkspaceId.ouId !=null">
and t1.ou_id = #{ouIdAndWorkspaceId.ouId}
</if>
<if test="ouIdAndWorkspaceId.resourceId !=null">
and t1.resource_id = #{ouIdAndWorkspaceId.resourceId}
</if>
<if test="ouIdAndWorkspaceId.resourceType !=null">
and t1.resource_type = #{ouIdAndWorkspaceId.resourceType}
</if>
</foreach>
</if>
</select>
</mapper>