Merge branch 'feature/REQ-2227-zhan' into feature/REQ-2227

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java

@@ -41,6 +41,9 @@ public class ListPermissionFromRoleGroupReq {
     @Builder.Default
     private Boolean findFeatureInfo = false;
 
+    /** 角色组ID **/
+    private List<Long> roleGroupIds;
+
     @Data
     @Builder
     @AllArgsConstructor

tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleGroupDao.java

@@ -53,6 +53,8 @@ public class SaasRoleGroupDao extends ServiceImpl<SaasRoleGroupMapper, SaasRoleG
             .update();
     }
 
+    /** 弃用category_code 通过角色组层级实现 **/
+    @Deprecated
     public List<SaasRoleGroup> listByCategoryCode(List<String> categoryCode) {
         return lambdaQuery().eq(BaseEntity::getIsDelete, 0L)
                 .in(SaasRoleGroup::getCategoryCode, categoryCode).list();

tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasFeatureResourceService.java

@@ -43,9 +43,6 @@ public interface SaasFeatureResourceService {
     /** 资源权限通用查询 **/
     List<ResourcePermission> permissionQuery(ResourcePermissionQueryDTO param);
 
-    /** 是否免授权 **/
-    boolean isAuthFree(Long featureId);
-
     /** 查询资源树 **/
     List<FeatureResourceTreeNode> getTree(GetFeatureResourceTreeReq req);
 

tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java

@@ -34,4 +34,11 @@ public interface SaasRoleGroupService extends IService<SaasRoleGroup> {
 	 * @return
 	 */
 	List<SaasRoleGroupVO> listByCategoryCode(List<String> categoryCode);
+
+	/**
+	 *  根据code查询角色组
+	 * @param codes 角色组编码
+	 * @param type 1-仅查当前code 2-对应code角色组及子级角色组 3-仅对应code角色组的子级
+	 *  **/
+    List<SaasRoleGroup> listByCodes(List<String> codes, int type);
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java

@@ -96,6 +96,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -894,9 +895,11 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
         if (CollectionUtils.isEmpty(categoryCodes)) {
             return new ArrayList<>();
         }
-        List<SaasRoleCategoryVO> result = new ArrayList<>();
-        List<SaasRoleGroup> saasRoleGroups = saasRoleGroupDao.listByCategoryCode(categoryCodes);
 
+        //category code转code 查询对应code及子级
+        List<SaasRoleGroup> saasRoleGroups = saasRoleGroupService.listByCodes(categoryCodes, 2);
+
+        //查询角色组相关角色及配置的权限
         Set<Long> roleGroupId = saasRoleGroups.stream().map(BaseEntity::getId).collect(Collectors.toSet());
         List<SaasRoleGroupRelation> roleGroupRelations = saasRoleGroupRelationDao.getByGroupIds(roleGroupId);
 
@@ -917,7 +920,23 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
         Map<Long, SaasRole> roleMap = roleInfos.stream().collect(Collectors.toMap(BaseEntity::getId, Function.identity()));
         Map<Long, SaasPermissionGroup> permissionGroupMap = permissionGroups.stream().collect(Collectors.toMap(BaseEntity::getId, Function.identity()));
 
-        Map<String, List<SaasRoleGroup>> groupsByCategory = saasRoleGroups.stream().collect(Collectors.groupingBy(SaasRoleGroup::getCategoryCode));
+        //按查询的code分组所有group
+        Map<Long, List<SaasRoleGroup>> allGroupMap = saasRoleGroups.stream().collect(Collectors.groupingBy(SaasRoleGroup::getParentId));
+        List<SaasRoleGroup> categoryRoleGroups = saasRoleGroupService.listByCodes(categoryCodes, 1);
+        Map<String, SaasRoleGroup> categoryMap = categoryRoleGroups.stream().collect(Collectors.toMap(SaasRoleGroup::getCode, Function.identity()));
+        Map<String, List<SaasRoleGroup>> groupsByCategory = new HashMap<>();
+        for (Map.Entry<String, SaasRoleGroup> entry : categoryMap.entrySet()) {
+            SaasRoleGroup parent = entry.getValue();
+            List<SaasRoleGroup> groups = groupsByCategory.getOrDefault(entry.getKey(), new ArrayList<>());
+            //父级和子级
+            groups.add(parent);
+            List<SaasRoleGroup> children = allGroupMap.get(parent.getId());
+            if (CollectionUtil.isEmpty(children)) {
+                groups.addAll(children);
+            }
+            groupsByCategory.put(entry.getKey(), groups);
+        }
+
 
         return groupsByCategory.entrySet().stream()
                 .map(entry -> {

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java

@@ -112,22 +112,6 @@ public class SaasFeatureResourceServiceImpl implements SaasFeatureResourceServic
         return BeanMapper.copyList(resourceList, ResourcePermission.class);
     }
 
-    @Override
-    public boolean isAuthFree(Long featureId) {
-
-        if (BooleanUtil.isTrue(RedisClient.KeyOps.hasKey(KEY_AUTH_FREE))) {
-            return RedisClient.SetOps.sIsMember(KEY_AUTH_FREE, String.valueOf(featureId));
-        }
-
-        //load from DB
-        Set<Long> featureIds = this.permissionQuery(ResourcePermissionQueryDTO.builder()
-                        .authTypes(Collections.singletonList(FeatureResourceAuthType.ALL_ROLE.getCode()))
-                        .build())
-                .stream()
-                .map(ResourcePermission::getId).collect(Collectors.toSet());
-        return false;
-    }
-
     @Override
     public SaasFeatureResource getByCode(String featureCode) {
         return featureResourceDao.getByCode(featureCode);

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java

@@ -11,6 +11,7 @@ import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
 import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupMapper;
 import cn.axzo.tyr.server.service.SaasRoleGroupService;
 import cn.hutool.core.bean.BeanUtil;
+import cn.hutool.core.collection.CollectionUtil;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -20,6 +21,7 @@ import org.springframework.stereotype.Service;
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.Date;
 import java.util.List;
 import java.util.Map;
@@ -175,7 +177,7 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
 
     @Override
     public List<SaasRoleGroupVO> listByCategoryCode(List<String> categoryCode) {
-        return BeanUtil.copyToList(saasRoleGroupDao.listByCategoryCode(categoryCode), SaasRoleGroupVO.class);
+        return BeanUtil.copyToList(this.listByCodes(categoryCode, 3), SaasRoleGroupVO.class);
     }
 
     private void assembleSort(SaasRoleGroup saasRoleGroup) {
@@ -212,4 +214,23 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
             }
         }
     }
+
+    @Override
+    public List<SaasRoleGroup> listByCodes(List<String> codes, int type) {
+        List<SaasRoleGroup> groups = saasRoleGroupDao.listByCodes(codes);
+        if (CollectionUtil.isEmpty(groups) || type == 1) {
+            return Collections.emptyList();
+        }
+        //TODO: 未支持多层级
+        List<Long> parentIds = groups.stream().map(SaasRoleGroup::getId).collect(Collectors.toList());
+        List<SaasRoleGroup> children = saasRoleGroupDao.lambdaQuery().eq(SaasRoleGroup::getParentId, parentIds).list();
+        if (type == 2) {
+            groups.addAll(children);
+            return groups;
+        }
+        if (type == 3) {
+            return children;
+        }
+        return Collections.emptyList();
+    }
 }

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java

@@ -34,6 +34,7 @@ import cn.axzo.tyr.server.service.PermissionCacheService;
 import cn.axzo.tyr.server.service.PermissionPointService;
 import cn.axzo.tyr.server.service.ProductFeatureRelationService;
 import cn.axzo.tyr.server.service.RoleService;
+import cn.axzo.tyr.server.service.SaasRoleGroupService;
 import cn.axzo.tyr.server.service.TyrSaasAuthService;
 import cn.axzo.tyr.server.util.KeyUtil;
 import cn.axzo.tyr.server.utils.RpcExternalUtil;
@@ -92,6 +93,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
     private final PermissionPointService permissionPointService;
 
     private final PermissionCacheService permissionCacheService;
+    private final SaasRoleGroupService roleGroupService;
 
 
     /**
@@ -787,6 +789,12 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
 
     @Override
     public List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
+        //确定角色group_id: code对应角色组及其下级
+        List<SaasRoleGroup> groups = roleGroupService.listByCodes(Collections.singletonList(listPermissionFromRoleGroupReq.getCategoryCode()), 2);
+        if (CollectionUtil.isEmpty(groups)) {
+            log.warn("no role group found for code :{}", listPermissionFromRoleGroupReq.getCategoryCode());
+            return Collections.emptyList();
+        }
         List<ListPermissionFromRoleGroupResp> permissionInfo = saasAuthMapper.listAuthByResourceAndRoleGroup(listPermissionFromRoleGroupReq);
         if (CollectionUtil.isEmpty(permissionInfo)) {
             return new ArrayList<>();

tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml

@@ -128,7 +128,10 @@
                 INNER JOIN saas_role_user_relation t5 ON t3.id = t5.role_id
 
         WHERE
-            t1.category_code = #{req.categoryCode}
+            t1.id IN
+        <foreach collection="req.roleGroupIds" item="id" open="( " close=" ) " separator=" , ">
+            #{id}
+        </foreach>
             AND T1.IS_DELETE = 0 AND T2.IS_DELETE = 0 AND T3.IS_DELETE=0 AND T4.IS_DELETE = 0 AND T5.IS_DELETE = 0
          <if test="req.identityIds != null ">
              <foreach collection="req.identityIds" item="identity" open=" and t5.identity_id IN ( " close=" ) " separator=" , ">