Merge branch 'master' into 'feature/REQ-2720'

Master

See merge request universal/infrastructure/backend/tyr!87

tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java

@@ -64,13 +64,6 @@ public class IdentityAuthReq {
     /** 是否使用缓存 - 默认true **/
     @Builder.Default
     private boolean useCache = true;
-
-    /**
-     * 权限点类型（0：saas_feature,1:saas_feature_resource）
-     * 为了兼容第三方调用查询用户的权限点，会把新旧权限点都查询出来，灰度端历史版本由使用方传入版本
-     */
-    private Integer type;
-
     public IdentityAuthRes toEmpty() {
         IdentityAuthRes result = new IdentityAuthRes();
         result.setIdentity(this.getIdentityId());

tyr-api/src/main/java/cn/axzo/tyr/client/model/res/IdentityAuthRes.java

@@ -61,6 +61,11 @@ public class IdentityAuthRes   {
     //    private FeatureType featureType;
 
         private String terminal;
+
+        /**
+         * 应用范围(租户类型)：1:企业工作台 2;项目工作台
+         */
+        private Long workspaceType;
     }
 
 

tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/FeatureResourceController.java

@@ -40,6 +40,7 @@ public class FeatureResourceController implements FeatureResourceApi {
 
     @Override
     public ApiResult<Void> syncFromBase(ResourceSyncReq req) {
+        log.warn("sync menu, operatorId:{}", req.getOperatorId());
 
         if (CollectionUtil.isEmpty(req.getIds())) {
             log.warn("no ids to sync from base env");

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/FeatureResourceSyncServiceImpl.java

@@ -31,7 +31,6 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Service;
 
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -43,6 +42,8 @@ import java.util.concurrent.ExecutorService;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 
+import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.NEW_FEATURE;
+
 /**
  * 功能资源同步服务实现
  *
@@ -203,7 +204,7 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
             }
 
             // 处理资源关联的权限
-            doFeatureResourceRole(baseResource.getId(), treeNode.getRoleCodes(), operatorId);
+            doFeatureResourceRole(baseResource, treeNode.getRoleCodes(), operatorId);
 
             //递归子节点
             if (CollectionUtils.isNotEmpty(treeNode.getChildren())) {
@@ -231,21 +232,36 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
         }
     }
 
-    private void doFeatureResourceRole(Long featureResourceId, List<String> roleCodes, Long operatorId) {
+    private void doFeatureResourceRole(SaasFeatureResource featureResource, List<String> roleCodes, Long operatorId) {
-        if (Objects.isNull(featureResourceId) || CollectionUtils.isEmpty(roleCodes)) {
+        if (Objects.isNull(featureResource)) {
             return;
         }
 
-        List<String> existRoleCodes = getFeatureResourceRoleCodeMap(Lists.newArrayList(featureResourceId))
+        // 先清除资源绑定的角色 @20240723 产品武艳华要求资源绑定的角色以PRE角色为准；
-                .get(featureResourceId);
+        List<SaasPgroupPermissionRelation> existPermissionRelations = saasPgroupPermissionRelationDao.lambdaQuery()
-
+                .eq(BaseEntity::getIsDelete, DeleteEnum.NORMAL.value)
-        if (CollectionUtils.isNotEmpty(existRoleCodes)) {
+                .eq(SaasPgroupPermissionRelation::getFeatureId, featureResource.getId())
-            roleCodes.removeAll(existRoleCodes);
+                .eq(SaasPgroupPermissionRelation::getType, NEW_FEATURE)
+                .list();
+        if (CollectionUtils.isNotEmpty(existPermissionRelations)) {
+            log.warn("sync menu delete SaasPgroupPermissionRelation operateId:{} featureResourceId:{}, saasPgroupPermissionRelationIds:{}", operatorId, featureResource.getId(), existPermissionRelations.stream().map(BaseEntity::getId).collect(Collectors.toList()));
+            saasPgroupPermissionRelationDao.removeByFeatureIdAndGroupIds(featureResource.getId(), existPermissionRelations.stream().map(SaasPgroupPermissionRelation::getGroupId).collect(Collectors.toList()), operatorId);
         }
+
         if (CollectionUtils.isEmpty(roleCodes)) {
             return;
         }
 
+//        List<String> existRoleCodes = getFeatureResourceRoleCodeMap(Lists.newArrayList(featureResource.getId()))
+//                .get(featureResource.getId());
+//
+//        if (CollectionUtils.isNotEmpty(existRoleCodes)) {
+//            roleCodes.removeAll(existRoleCodes);
+//        }
+//        if (CollectionUtils.isEmpty(roleCodes)) {
+//            return;
+//        }
+
         List<SaasRole> saasRoles = saasRoleDao.listByRoleCodes(roleCodes);
         if (CollectionUtils.isEmpty(saasRoles)) {
             return;
@@ -253,14 +269,18 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
         List<Long> groupIds = saasPgroupRoleRelationDao.findByRoleIds(saasRoles.stream().map(BaseEntity::getId).collect(Collectors.toList()))
                 .stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList());
         if (CollectionUtils.isNotEmpty(groupIds)) {
-            List<SaasPgroupPermissionRelation> insertRelation = new ArrayList<>();
+            List<SaasPgroupPermissionRelation> insertRelation = groupIds.stream()
-            groupIds.forEach(groupId -> {
+                    .map(groupId -> {
                         SaasPgroupPermissionRelation relation = new SaasPgroupPermissionRelation();
-                relation.setFeatureId(featureResourceId);
+                        relation.setFeatureId(featureResource.getId());
                         relation.setGroupId(groupId);
                         relation.setCreateBy(operatorId);
-                insertRelation.add(relation);
+                        relation.setType(NEW_FEATURE);
-            });
+                        relation.setFeatureType(featureResource.getFeatureType());
+                        relation.setTerminal(featureResource.getTerminal());
+                        return relation;
+                    })
+                    .collect(Collectors.toList());
             saasPgroupPermissionRelationDao.saveBatch(insertRelation);
         }
     }
@@ -270,7 +290,7 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
         List<SaasPgroupPermissionRelation> permissionRelations = saasPgroupPermissionRelationDao.lambdaQuery()
                 .eq(BaseEntity::getIsDelete, DeleteEnum.NORMAL.value)
                 .in(SaasPgroupPermissionRelation::getFeatureId, allFeatureResourceIds)
-                .eq(SaasPgroupPermissionRelation::getType, SaasPgroupPermissionRelation.NEW_FEATURE)
+                .eq(SaasPgroupPermissionRelation::getType, NEW_FEATURE)
                 .list();
         if (CollectionUtils.isEmpty(permissionRelations)) {
             return Collections.emptyMap();

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductServiceImpl.java

@@ -322,7 +322,7 @@ public class ProductServiceImpl implements ProductService {
         productModule.setIcon(req.getIcon());
         productModule.setDictWorkspaceTypeId(req.getDictWorkspaceTypeId());
         productModule.setDictWorkspaceTypeCode(workspaceTypeCodeEnum.getCode());
-        productModule.setProductType(0);
+        productModule.setProductType(Objects.isNull(productModule.getProductType()) ? 0 : productModule.getProductType());
         productModule.setStatus(Objects.nonNull(productModule.getId()) ? productModule.getStatus() : 1);
         productModule.setCategory(req.getProductCategory());
         productModule.setVersion(req.getVersion());

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementServiceImpl.java

@@ -33,13 +33,12 @@ import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.Collections;
+import java.util.*;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutorService;
 import java.util.function.Function;
@@ -50,6 +49,7 @@ import java.util.stream.Collectors;
  * @version 1.0
  * @date 2024/6/18
  */
+@RefreshScope
 @Slf4j
 @Service
 @RequiredArgsConstructor
@@ -63,6 +63,8 @@ public class SaasPageElementServiceImpl implements SaasPageElementService {
     @Qualifier("asyncExecutor")
     @Autowired
     private ExecutorService asyncExecutor;
+    @Value("${not.auth.featureCodes:}")
+    private Set<String> notAuthFeatureCodes;
 
     @Override
     @Transactional(rollbackFor = Exception.class)
@@ -188,6 +190,12 @@ public class SaasPageElementServiceImpl implements SaasPageElementService {
 
     @Override
     public GetUserHasPermissionPageElementResp getUserHasPermissionPageElement(GetUserHasPermissionPageElementReq request) {
+        if (CollectionUtils.isNotEmpty(notAuthFeatureCodes) && notAuthFeatureCodes.contains(request.getPageElementCode())) {
+            List<String> pageElementCodes = saasPageElementDao.listByGroupCodesAndExcludeIds(Lists.newArrayList(request.getPageElementCode()),null, request.getTerminal(), null)
+                    .stream().map(SaasPageElement::getCode).distinct().collect(Collectors.toList());
+            return GetUserHasPermissionPageElementResp.builder().pageElementCodes(pageElementCodes).build();
+        }
+
         // 页面绑定的所有关系（包含页面路由的绑定、默认绑定关系）
         List<SaasPageElementFeatureResourceRelation> relations = saasPageElementFeatureResourceRelationDao.listByPageElementCode(request.getPageElementCode(), request.getTerminal(), Lists.newArrayList(PageElementFeatureResourceRelationTypeEnum.PAGE_ROUTE.getValue(), PageElementFeatureResourceRelationTypeEnum.DEFAULT.getValue()));
         if (CollectionUtils.isEmpty(relations)) {
@@ -224,7 +232,6 @@ public class SaasPageElementServiceImpl implements SaasPageElementService {
                 .workspaceOusPairs(Lists.newArrayList(IdentityAuthReq.WorkspaceOuPair.builder().ouId(request.getOuId()).workspaceId(request.getWorkspaceId()).build()))
                 .terminal(Lists.newArrayList(request.getTerminal()))
                 .featureCode(resultRelations.stream().map(SaasPageElementFeatureResourceRelation::getPageElementCode).collect(Collectors.toSet()))
-                .type(SaasPgroupPermissionRelation.NEW_FEATURE)
                 .build());
         if (Objects.isNull(res) || CollectionUtils.isEmpty(res.getPermissions())) {
             return null;

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationServiceImpl.java

@@ -99,7 +99,8 @@ public class SaasPgroupPermissionRelationServiceImpl
 	public List<SaasPgroupPermissionRelation> list(PagePgroupPermissionRelationReq param) {
 		return PageConverter.drainAll(pageNumber -> {
 			param.setPage(pageNumber);
-			param.setPageSize(500);
+			// 减少io，后续优化
+			param.setPageSize(30000);
 			return page(param);
 		});
 	}

tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java

@@ -12,6 +12,7 @@ import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
 import cn.axzo.tyr.client.common.enums.WorkspaceJoinType;
 import cn.axzo.tyr.client.model.enums.DelegatedType;
 import cn.axzo.tyr.client.model.enums.IdentityType;
+import cn.axzo.tyr.client.model.enums.WorkspaceTypeCodeEnum;
 import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
 import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
 import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
@@ -386,7 +387,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                 .supplyAsync(TraceSupplier.create(() -> {
                     WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder()
                             .workspaceIds(realWorkspaceId)
-                            .type(identityAuthReq.getType())
                             .build();
                     return workspaceProductService.listWorkspaceProduct(workspaceProductParam);
                 }), executor);
@@ -492,6 +492,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
                                         .featureCode(featureCode)
                                         .featureId(e.getId())
                                         .terminal(e.getTerminal())
+                                        .workspaceType(e.getWorkspaceType())
                                         .build())
                                 .collect(Collectors.toList()))
                 .flatMap(Collection::stream)
@@ -684,7 +685,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
                 .roleIds(Lists.newArrayList(roleIds))
                 .needPermissionRelation(true)
-                .type(identityAuthReq.getType())
                 .build();
         Map<Long, SaasRoleRes> saasRoleRes = roleService.list(listSaasRoleParam).stream()
                 .collect(Collectors.toMap(SaasRoleRes::getId, Function.identity()));
@@ -935,12 +935,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
 
         req.setFeatureCode(featureCodeUtil.resolveFeatureCode(req.getFeatureCode()));
 
-        // 因为目前只有/yoke/webApi/profile/user/v3/application接口会传入featureId，使用的是app端，所以这里只需要查询saas_feature的权限点
-        // 以为下面要根据featureId进行匹配，为了解决saas_feature和saas_feature_resource有冲突的数据，必须给type
-        if (!CollectionUtils.isEmpty(req.getFeatureId())) {
-            req.setType(OLD_FEATURE);
-        }
-
         boolean notUseCache = !req.isUseCache()
                 || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds())
                 || permissionCacheService.cacheDisable(
@@ -971,7 +965,21 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
         Set<String> terminals = req.getTerminal() == null ? null : new HashSet<>(req.getTerminal());
         permissions.forEach(permission -> {
             List<IdentityAuthRes.PermissionPoint> filterPermission = permission.getPermissionPoint().stream()
-                    .filter(p -> CollectionUtil.isEmpty(terminals) || terminals.contains(p.getTerminal()))
+                    .filter(p -> {
+                        if (CollectionUtil.isEmpty(terminals)) {
+                            return true;
+                        }
+
+                        if (terminals.contains(p.getTerminal())) {
+                            return true;
+                        }
+
+                        // 历史接口会只给NT_CMS_WEB_PROJ、NT_CMS_WEB_ENT_ZB查询，但是为了兼容新老版本的权限，需要补充新版本的项目的权限code
+                        if (terminals.contains("NT_CMS_WEB_PROJ") || terminals.contains("NT_CMS_WEB_ENT_ZB")) {
+                            return Objects.equals(p.getTerminal(), "NT_CMS_WEB_GENERAL");
+                        }
+                        return false;
+                    })
                     .filter(p -> CollectionUtil.isEmpty(req.getFeatureId()) || req.getFeatureId().contains(p.getFeatureId()))
                     .filter(p -> CollectionUtil.isEmpty(req.getFeatureCode()) || req.getFeatureCode().contains(p.getFeatureCode()))
                     .collect(Collectors.toList());