feat(code2identity): 实现批量查询;代码结构调整
This commit is contained in:
zhansihu
parent
2a3132b665
commit
e8fa4686b6
@ -73,9 +73,5 @@ public interface RoleService {
|
||||
*/
|
||||
List<SaasRoleVO> queryRoleByRoleTypes(QueryByIdentityIdTypeReq req, List<String> roleTypes);
|
||||
|
||||
List<SaasRole> listRoleFromFeature(List<String> featureCodes, List<Long> workspaceIds);
|
||||
|
||||
List<SaasRole> listByOUWorkspace(Long ouId, Long workspaceId);
|
||||
|
||||
List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType);
|
||||
}
|
||||
|
||||
@ -84,5 +84,5 @@ public interface SaasRoleUserService {
|
||||
*/
|
||||
void createAgencyAdminRole(CreateAgencyAdminRoleParam param);
|
||||
|
||||
List<SaasRoleUserRelation> listByRoleIds(List<Long> matchedRoleIds);
|
||||
List<SaasRoleUserRelation> listByRoleIds(List<Long> roleIds);
|
||||
}
|
||||
@ -507,18 +507,6 @@ public class RoleServiceImpl implements RoleService {
|
||||
return BeanUtil.copyToList(list, SaasRoleVO.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRole> listRoleFromFeature(List<String> featureCodes, List<Long> workspaceIds) {
|
||||
//TODO:@Zhan
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRole> listByOUWorkspace(Long ouId, Long workspaceId) {
|
||||
//TODO:@Zhan
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRole> listForOUWorkspace(Long ouId, Long workspaceId, Integer workspaceJoinType) {
|
||||
return saasRoleDao.listForOUWorkspace(ouId, workspaceId, workspaceJoinType);
|
||||
|
||||
@ -22,6 +22,7 @@ import cn.axzo.tyr.server.service.SaasRoleUserService;
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import com.alibaba.nacos.common.utils.CollectionUtils;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
|
||||
import com.google.common.collect.Lists;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
@ -278,9 +279,12 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<SaasRoleUserRelation> listByRoleIds(List<Long> matchedRoleIds) {
|
||||
//TODO:@Zhan
|
||||
return null;
|
||||
public List<SaasRoleUserRelation> listByRoleIds(List<Long> roleIds) {
|
||||
if (CollectionUtil.isEmpty(roleIds)) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
return roleUserRelationDao.list(new LambdaQueryWrapper<SaasRoleUserRelation>()
|
||||
.in(SaasRoleUserRelation::getRoleId, roleIds));
|
||||
}
|
||||
|
||||
private List<SaasRoleGroupRelation> filterAgencyAdminRoleGroupRelation(CreateAgencyAdminRoleParam param) {
|
||||
|
||||
@ -527,70 +527,96 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
|
||||
@Override
|
||||
public ListIdentityFromPermissionResp listIdentityFromPermission(ListIdentityFromPermissionReq req) {
|
||||
Long ouId = req.getOuId();
|
||||
Long workspaceId = req.getWorkspaceId();
|
||||
ListIdentityFromPermissionResp result = new ListIdentityFromPermissionResp();
|
||||
result.setOuId(ouId);
|
||||
result.setWorkspaceId(workspaceId);
|
||||
result.setUsers(new ArrayList<>());
|
||||
result.setOuId(req.getOuId());
|
||||
result.setWorkspaceId(req.getWorkspaceId());
|
||||
|
||||
//查询工作台下产品-产品包含的权限
|
||||
Set<Long> workspaceFeatureIds = listWorkspaceFeatures(req.getWorkspaceId());
|
||||
//code查询权限点信息
|
||||
List<SaasFeature> features = permissionPointService.listNodeByCode(req.getFeatureCode(), req.getTerminal());
|
||||
//权限匹配
|
||||
boolean matched = false;
|
||||
for (SaasFeature feature : features) {
|
||||
if (workspaceFeatureIds.contains(feature.getId())) {
|
||||
matched = true;
|
||||
if (DelegatedType.NO_NEED.sameCode(feature.getDelegatedType())) {
|
||||
//免授权 -直接返回
|
||||
log.info("free permission point:{}", feature.getId());
|
||||
result.setFreePermission(true);
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (!matched) {
|
||||
//工作台没权限
|
||||
log.warn("no feature found in workspace");
|
||||
//权限匹配 - 工作台是否有指定权限
|
||||
List<SaasFeature> matchedFeature = matchWorkspaceFeature(req.getWorkspaceId(), features);
|
||||
if (CollectionUtil.isEmpty(matchedFeature)) {
|
||||
log.info("no matched feature in workspace");
|
||||
return result;
|
||||
}
|
||||
|
||||
//是否免授权权限点
|
||||
Optional<SaasFeature> freeFeature = matchedFeature.stream()
|
||||
.filter(f -> DelegatedType.NO_NEED.sameCode(f.getDelegatedType()))
|
||||
.findAny();
|
||||
if (freeFeature.isPresent()) {
|
||||
log.info("free feature found");
|
||||
result.setFreePermission(true);
|
||||
return result;
|
||||
}
|
||||
|
||||
//从相关角色查询用户-超管和普通角色
|
||||
List<ListIdentityFromPermissionResp.UserVO> users = getUsersFromRole(req, matchedFeature);
|
||||
result.setUsers(users);
|
||||
return result;
|
||||
}
|
||||
|
||||
private List<SaasFeature> matchWorkspaceFeature(Long workspaceId, List<SaasFeature> features) {
|
||||
//查询工作台下产品-产品包含的权限
|
||||
List<ServicePkgProduct> productList = checkAndGetData(servicePkgClient.listProductInWorkSpace(workspaceId));
|
||||
if (CollectionUtil.isEmpty(productList)) {
|
||||
log.warn("no product found for workspace:{}", workspaceId);
|
||||
return new ArrayList<>();
|
||||
}
|
||||
Set<Long> workspaceFeatures = checkAndGetData(productFeatureRelationService.featureListByProduct(productList.stream()
|
||||
.map(ServicePkgProduct::getProductId)
|
||||
.collect(Collectors.toList())))
|
||||
.stream()
|
||||
.map(ProductFeatureRelationVO::getFeatureId)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
//权限匹配
|
||||
return features.stream()
|
||||
.filter(x -> workspaceFeatures.contains(x.getId()))
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
private List<ListIdentityFromPermissionResp.UserVO> getUsersFromRole(ListIdentityFromPermissionReq req, List<SaasFeature> features) {
|
||||
Long ouId = req.getOuId();
|
||||
Long workspaceId = req.getWorkspaceId();
|
||||
|
||||
//查询OU-工作台下的角色
|
||||
List<SaasRole> roleList = roleService.listForOUWorkspace(ouId, workspaceId, req.getWorkspaceJoinType());
|
||||
//工作台超管
|
||||
Set<Long> superAdmins = roleList
|
||||
.stream()
|
||||
.filter(r -> r.getRoleType().equals(RoleTypeEnum.SUPER_ADMIN.getValue()))
|
||||
.map(SaasRole::getId)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
//查询角色及权限
|
||||
List<SaasRoleVO> rolePermissions = roleService.getByIds(roleList.stream().map(SaasRole::getId).collect(Collectors.toList()),
|
||||
null, Collections.singletonList(workspaceId), Collections.singletonList(ouId), true);
|
||||
Set<Long> featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet());
|
||||
|
||||
//计算角色实际的权限 - 匹配请求的权限 --> 实际拥有权限的角色
|
||||
Set<Long> featureIds = features.stream().map(SaasFeature::getId).collect(Collectors.toSet());
|
||||
List<SaasRoleVO> matchedRoleList = rolePermissions.stream()
|
||||
.filter(rp -> rp.getMatchFeature(workspaceId, ouId).stream()
|
||||
.anyMatch(f -> featureIds.contains(f.getPermissionPointId())))
|
||||
.collect(Collectors.toList());
|
||||
//查询角色下用户
|
||||
List<Long> matchedRoleIds = matchedRoleList.stream().map(SaasRoleVO::getId).collect(Collectors.toList());
|
||||
//追加工作台超管
|
||||
Set<Long> superAdmins = roleList
|
||||
.stream()
|
||||
.filter(r -> r.getRoleType().equals(RoleTypeEnum.SUPER_ADMIN.getValue()))
|
||||
.map(SaasRole::getId)
|
||||
.collect(Collectors.toSet());
|
||||
matchedRoleIds.addAll(superAdmins);
|
||||
List<SaasRoleUserRelation> relationList = roleUserService.listByRoleIds(matchedRoleIds);
|
||||
|
||||
//构建用户-去重(identityId-identityType)
|
||||
List<ListIdentityFromPermissionResp.UserVO> users = new ArrayList<>();
|
||||
Set<String> filterSet = new HashSet<>();
|
||||
for (SaasRoleUserRelation relation : relationList) {
|
||||
//构建用户 - 去重
|
||||
String key = relation.getIdentityId() + "-" + relation.getIdentityType();
|
||||
if (!filterSet.contains(key)) {
|
||||
filterSet.add(key);
|
||||
ListIdentityFromPermissionResp.UserVO user = new ListIdentityFromPermissionResp.UserVO(relation.getIdentityId(),
|
||||
relation.getIdentityType(), superAdmins.contains(relation.getIdentityId()));
|
||||
result.getUsers().add(user);
|
||||
users.add(user);
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
return users;
|
||||
}
|
||||
|
||||
private Set<Long> listWorkspaceFeatures(Long workspaceId) {
|
||||
@ -606,9 +632,21 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> req) {
|
||||
public List<ListIdentityFromPermissionResp> batchListIdentityFromPermission(List<ListIdentityFromPermissionReq> reqList) {
|
||||
//异步处理
|
||||
return null;
|
||||
List<CompletableFuture<ListIdentityFromPermissionResp>> futureList = new ArrayList<>();
|
||||
for (ListIdentityFromPermissionReq req : reqList) {
|
||||
CompletableFuture<ListIdentityFromPermissionResp> future = CompletableFuture.supplyAsync(
|
||||
() -> this.listIdentityFromPermission(req), executor);
|
||||
futureList.add(future);
|
||||
}
|
||||
|
||||
List<ListIdentityFromPermissionResp> result = new ArrayList<>();
|
||||
for (CompletableFuture<ListIdentityFromPermissionResp> future : futureList) {
|
||||
result.add(future.join());
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
@Data
|
||||
|
||||
Loading…
Reference in New Issue
Block a user