wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into 'feature/REQ-2720'

Browse Source 
Master

See merge request universal/infrastructure/backend/tyr!87
This commit is contained in:
李龙 2024-07-24 10:13:50 +00:00
commit eb73fc41b4
8 changed files with 76 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/IdentityAuthReq.java
View File

@ -64,13 +64,6 @@ public class IdentityAuthReq {
/** 是否使用缓存 - 默认true **/ /** 是否使用缓存 - 默认true **/
@Builder.Default @Builder.Default
private boolean useCache = true; private boolean useCache = true;
/**
* 权限点类型0saas_feature,1:saas_feature_resource
* 为了兼容第三方调用查询用户的权限点会把新旧权限点都查询出来灰度端历史版本由使用方传入版本
*/
private Integer type;
public IdentityAuthRes toEmpty() { public IdentityAuthRes toEmpty() {
IdentityAuthRes result = new IdentityAuthRes(); IdentityAuthRes result = new IdentityAuthRes();
result.setIdentity(this.getIdentityId()); result.setIdentity(this.getIdentityId());

5
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/IdentityAuthRes.java
View File

@ -61,6 +61,11 @@ public class IdentityAuthRes {
// private FeatureType featureType; // private FeatureType featureType;
private String terminal; private String terminal;
/**
* 应用范围(租户类型)1:企业工作台 2;项目工作台
*/
private Long workspaceType;
} }

1
tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/FeatureResourceController.java
View File

@ -40,6 +40,7 @@ public class FeatureResourceController implements FeatureResourceApi {
@Override @Override
public ApiResult<Void> syncFromBase(ResourceSyncReq req) { public ApiResult<Void> syncFromBase(ResourceSyncReq req) {
log.warn("sync menu, operatorId:{}", req.getOperatorId());
if (CollectionUtil.isEmpty(req.getIds())) { if (CollectionUtil.isEmpty(req.getIds())) {
log.warn("no ids to sync from base env"); log.warn("no ids to sync from base env");

56
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/FeatureResourceSyncServiceImpl.java
View File

@ -31,7 +31,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
@ -43,6 +42,8 @@ import java.util.concurrent.ExecutorService;
import java.util.function.Function; import java.util.function.Function;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.NEW_FEATURE;
/** /**
* 功能资源同步服务实现 * 功能资源同步服务实现
* *
@ -203,7 +204,7 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
} }
// 处理资源关联的权限 // 处理资源关联的权限
doFeatureResourceRole(baseResource.getId(), treeNode.getRoleCodes(), operatorId); doFeatureResourceRole(baseResource, treeNode.getRoleCodes(), operatorId);
//递归子节点 //递归子节点
if (CollectionUtils.isNotEmpty(treeNode.getChildren())) { if (CollectionUtils.isNotEmpty(treeNode.getChildren())) {
@ -231,21 +232,36 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
} }
} }
private void doFeatureResourceRole(Long featureResourceId, List<String> roleCodes, Long operatorId) { private void doFeatureResourceRole(SaasFeatureResource featureResource, List<String> roleCodes, Long operatorId) {
if (Objects.isNull(featureResourceId) || CollectionUtils.isEmpty(roleCodes)) { if (Objects.isNull(featureResource)) {
return; return;
} }
List<String> existRoleCodes = getFeatureResourceRoleCodeMap(Lists.newArrayList(featureResourceId)) // 先清除资源绑定的角色 @20240723 产品武艳华要求资源绑定的角色以PRE角色为准
.get(featureResourceId); List<SaasPgroupPermissionRelation> existPermissionRelations = saasPgroupPermissionRelationDao.lambdaQuery()
.eq(BaseEntity::getIsDelete, DeleteEnum.NORMAL.value)
if (CollectionUtils.isNotEmpty(existRoleCodes)) { .eq(SaasPgroupPermissionRelation::getFeatureId, featureResource.getId())
roleCodes.removeAll(existRoleCodes); .eq(SaasPgroupPermissionRelation::getType, NEW_FEATURE)
.list();
if (CollectionUtils.isNotEmpty(existPermissionRelations)) {
log.warn("sync menu delete SaasPgroupPermissionRelation operateId:{} featureResourceId:{}, saasPgroupPermissionRelationIds:{}", operatorId, featureResource.getId(), existPermissionRelations.stream().map(BaseEntity::getId).collect(Collectors.toList()));
saasPgroupPermissionRelationDao.removeByFeatureIdAndGroupIds(featureResource.getId(), existPermissionRelations.stream().map(SaasPgroupPermissionRelation::getGroupId).collect(Collectors.toList()), operatorId);
} }
if (CollectionUtils.isEmpty(roleCodes)) { if (CollectionUtils.isEmpty(roleCodes)) {
return; return;
} }
// List<String> existRoleCodes = getFeatureResourceRoleCodeMap(Lists.newArrayList(featureResource.getId()))
// .get(featureResource.getId());
//
// if (CollectionUtils.isNotEmpty(existRoleCodes)) {
// roleCodes.removeAll(existRoleCodes);
// }
// if (CollectionUtils.isEmpty(roleCodes)) {
// return;
// }
List<SaasRole> saasRoles = saasRoleDao.listByRoleCodes(roleCodes); List<SaasRole> saasRoles = saasRoleDao.listByRoleCodes(roleCodes);
if (CollectionUtils.isEmpty(saasRoles)) { if (CollectionUtils.isEmpty(saasRoles)) {
return; return;
@ -253,14 +269,18 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
List<Long> groupIds = saasPgroupRoleRelationDao.findByRoleIds(saasRoles.stream().map(BaseEntity::getId).collect(Collectors.toList())) List<Long> groupIds = saasPgroupRoleRelationDao.findByRoleIds(saasRoles.stream().map(BaseEntity::getId).collect(Collectors.toList()))
.stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList()); .stream().map(SaasPgroupRoleRelation::getGroupId).collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(groupIds)) { if (CollectionUtils.isNotEmpty(groupIds)) {
List<SaasPgroupPermissionRelation> insertRelation = new ArrayList<>(); List<SaasPgroupPermissionRelation> insertRelation = groupIds.stream()
groupIds.forEach(groupId -> { .map(groupId -> {
SaasPgroupPermissionRelation relation = new SaasPgroupPermissionRelation(); SaasPgroupPermissionRelation relation = new SaasPgroupPermissionRelation();
relation.setFeatureId(featureResourceId); relation.setFeatureId(featureResource.getId());
relation.setGroupId(groupId); relation.setGroupId(groupId);
relation.setCreateBy(operatorId); relation.setCreateBy(operatorId);
insertRelation.add(relation); relation.setType(NEW_FEATURE);
}); relation.setFeatureType(featureResource.getFeatureType());
relation.setTerminal(featureResource.getTerminal());
return relation;
})
.collect(Collectors.toList());
saasPgroupPermissionRelationDao.saveBatch(insertRelation); saasPgroupPermissionRelationDao.saveBatch(insertRelation);
} }
} }
@ -270,7 +290,7 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
List<SaasPgroupPermissionRelation> permissionRelations = saasPgroupPermissionRelationDao.lambdaQuery() List<SaasPgroupPermissionRelation> permissionRelations = saasPgroupPermissionRelationDao.lambdaQuery()
.eq(BaseEntity::getIsDelete, DeleteEnum.NORMAL.value) .eq(BaseEntity::getIsDelete, DeleteEnum.NORMAL.value)
.in(SaasPgroupPermissionRelation::getFeatureId, allFeatureResourceIds) .in(SaasPgroupPermissionRelation::getFeatureId, allFeatureResourceIds)
.eq(SaasPgroupPermissionRelation::getType, SaasPgroupPermissionRelation.NEW_FEATURE) .eq(SaasPgroupPermissionRelation::getType, NEW_FEATURE)
.list(); .list();
if (CollectionUtils.isEmpty(permissionRelations)) { if (CollectionUtils.isEmpty(permissionRelations)) {
return Collections.emptyMap(); return Collections.emptyMap();

2
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductServiceImpl.java
View File

@ -322,7 +322,7 @@ public class ProductServiceImpl implements ProductService {
productModule.setIcon(req.getIcon()); productModule.setIcon(req.getIcon());
productModule.setDictWorkspaceTypeId(req.getDictWorkspaceTypeId()); productModule.setDictWorkspaceTypeId(req.getDictWorkspaceTypeId());
productModule.setDictWorkspaceTypeCode(workspaceTypeCodeEnum.getCode()); productModule.setDictWorkspaceTypeCode(workspaceTypeCodeEnum.getCode());
productModule.setProductType(0); productModule.setProductType(Objects.isNull(productModule.getProductType()) ? 0 : productModule.getProductType());
productModule.setStatus(Objects.nonNull(productModule.getId()) ? productModule.getStatus() : 1); productModule.setStatus(Objects.nonNull(productModule.getId()) ? productModule.getStatus() : 1);
productModule.setCategory(req.getProductCategory()); productModule.setCategory(req.getProductCategory());
productModule.setVersion(req.getVersion()); productModule.setVersion(req.getVersion());

17
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPageElementServiceImpl.java
View File

@ -33,13 +33,12 @@ import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import java.util.Collections; import java.util.*;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService; import java.util.concurrent.ExecutorService;
import java.util.function.Function; import java.util.function.Function;
@ -50,6 +49,7 @@ import java.util.stream.Collectors;
* @version 1.0 * @version 1.0
* @date 2024/6/18 * @date 2024/6/18
*/ */
@RefreshScope
@Slf4j @Slf4j
@Service @Service
@RequiredArgsConstructor @RequiredArgsConstructor
@ -63,6 +63,8 @@ public class SaasPageElementServiceImpl implements SaasPageElementService {
@Qualifier("asyncExecutor") @Qualifier("asyncExecutor")
@Autowired @Autowired
private ExecutorService asyncExecutor; private ExecutorService asyncExecutor;
@Value("${not.auth.featureCodes:}")
private Set<String> notAuthFeatureCodes;
@Override @Override
@Transactional(rollbackFor = Exception.class) @Transactional(rollbackFor = Exception.class)
@ -188,6 +190,12 @@ public class SaasPageElementServiceImpl implements SaasPageElementService {
@Override @Override
public GetUserHasPermissionPageElementResp getUserHasPermissionPageElement(GetUserHasPermissionPageElementReq request) { public GetUserHasPermissionPageElementResp getUserHasPermissionPageElement(GetUserHasPermissionPageElementReq request) {
if (CollectionUtils.isNotEmpty(notAuthFeatureCodes) && notAuthFeatureCodes.contains(request.getPageElementCode())) {
List<String> pageElementCodes = saasPageElementDao.listByGroupCodesAndExcludeIds(Lists.newArrayList(request.getPageElementCode()),null, request.getTerminal(), null)
.stream().map(SaasPageElement::getCode).distinct().collect(Collectors.toList());
return GetUserHasPermissionPageElementResp.builder().pageElementCodes(pageElementCodes).build();
}
// 页面绑定的所有关系包含页面路由的绑定默认绑定关系 // 页面绑定的所有关系包含页面路由的绑定默认绑定关系
List<SaasPageElementFeatureResourceRelation> relations = saasPageElementFeatureResourceRelationDao.listByPageElementCode(request.getPageElementCode(), request.getTerminal(), Lists.newArrayList(PageElementFeatureResourceRelationTypeEnum.PAGE_ROUTE.getValue(), PageElementFeatureResourceRelationTypeEnum.DEFAULT.getValue())); List<SaasPageElementFeatureResourceRelation> relations = saasPageElementFeatureResourceRelationDao.listByPageElementCode(request.getPageElementCode(), request.getTerminal(), Lists.newArrayList(PageElementFeatureResourceRelationTypeEnum.PAGE_ROUTE.getValue(), PageElementFeatureResourceRelationTypeEnum.DEFAULT.getValue()));
if (CollectionUtils.isEmpty(relations)) { if (CollectionUtils.isEmpty(relations)) {
@ -224,7 +232,6 @@ public class SaasPageElementServiceImpl implements SaasPageElementService {
.workspaceOusPairs(Lists.newArrayList(IdentityAuthReq.WorkspaceOuPair.builder().ouId(request.getOuId()).workspaceId(request.getWorkspaceId()).build())) .workspaceOusPairs(Lists.newArrayList(IdentityAuthReq.WorkspaceOuPair.builder().ouId(request.getOuId()).workspaceId(request.getWorkspaceId()).build()))
.terminal(Lists.newArrayList(request.getTerminal())) .terminal(Lists.newArrayList(request.getTerminal()))
.featureCode(resultRelations.stream().map(SaasPageElementFeatureResourceRelation::getPageElementCode).collect(Collectors.toSet())) .featureCode(resultRelations.stream().map(SaasPageElementFeatureResourceRelation::getPageElementCode).collect(Collectors.toSet()))
.type(SaasPgroupPermissionRelation.NEW_FEATURE)
.build()); .build());
if (Objects.isNull(res) || CollectionUtils.isEmpty(res.getPermissions())) { if (Objects.isNull(res) || CollectionUtils.isEmpty(res.getPermissions())) {
return null; return null;

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationServiceImpl.java
View File

@ -99,7 +99,8 @@ public class SaasPgroupPermissionRelationServiceImpl
public List<SaasPgroupPermissionRelation> list(PagePgroupPermissionRelationReq param) { public List<SaasPgroupPermissionRelation> list(PagePgroupPermissionRelationReq param) {
return PageConverter.drainAll(pageNumber -> { return PageConverter.drainAll(pageNumber -> {
param.setPage(pageNumber); param.setPage(pageNumber);
param.setPageSize(500); // 减少io后续优化
param.setPageSize(30000);
return page(param); return page(param);
}); });
} }

26
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -12,6 +12,7 @@ import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.common.enums.WorkspaceJoinType; import cn.axzo.tyr.client.common.enums.WorkspaceJoinType;
import cn.axzo.tyr.client.model.enums.DelegatedType; import cn.axzo.tyr.client.model.enums.DelegatedType;
import cn.axzo.tyr.client.model.enums.IdentityType; import cn.axzo.tyr.client.model.enums.IdentityType;
import cn.axzo.tyr.client.model.enums.WorkspaceTypeCodeEnum;
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest; import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode; import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO; import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
@ -386,7 +387,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.supplyAsync(TraceSupplier.create(() -> { .supplyAsync(TraceSupplier.create(() -> {
WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder() WorkspaceProductService.WorkspaceProductParam workspaceProductParam = WorkspaceProductService.WorkspaceProductParam.builder()
.workspaceIds(realWorkspaceId) .workspaceIds(realWorkspaceId)
.type(identityAuthReq.getType())
.build(); .build();
return workspaceProductService.listWorkspaceProduct(workspaceProductParam); return workspaceProductService.listWorkspaceProduct(workspaceProductParam);
}), executor); }), executor);
@ -492,6 +492,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
.featureCode(featureCode) .featureCode(featureCode)
.featureId(e.getId()) .featureId(e.getId())
.terminal(e.getTerminal()) .terminal(e.getTerminal())
.workspaceType(e.getWorkspaceType())
.build()) .build())
.collect(Collectors.toList())) .collect(Collectors.toList()))
.flatMap(Collection::stream) .flatMap(Collection::stream)
@ -684,7 +685,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder() RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
.roleIds(Lists.newArrayList(roleIds)) .roleIds(Lists.newArrayList(roleIds))
.needPermissionRelation(true) .needPermissionRelation(true)
.type(identityAuthReq.getType())
.build(); .build();
Map<Long, SaasRoleRes> saasRoleRes = roleService.list(listSaasRoleParam).stream() Map<Long, SaasRoleRes> saasRoleRes = roleService.list(listSaasRoleParam).stream()
.collect(Collectors.toMap(SaasRoleRes::getId, Function.identity())); .collect(Collectors.toMap(SaasRoleRes::getId, Function.identity()));
@ -935,12 +935,6 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
req.setFeatureCode(featureCodeUtil.resolveFeatureCode(req.getFeatureCode())); req.setFeatureCode(featureCodeUtil.resolveFeatureCode(req.getFeatureCode()));
// 因为目前只有/yoke/webApi/profile/user/v3/application接口会传入featureId使用的是app端所以这里只需要查询saas_feature的权限点
// 以为下面要根据featureId进行匹配为了解决saas_feature和saas_feature_resource有冲突的数据必须给type
if (!CollectionUtils.isEmpty(req.getFeatureId())) {
req.setType(OLD_FEATURE);
}
boolean notUseCache = !req.isUseCache() boolean notUseCache = !req.isUseCache()
|| CollectionUtil.isNotEmpty(req.getSpecifyRoleIds()) || CollectionUtil.isNotEmpty(req.getSpecifyRoleIds())
|| permissionCacheService.cacheDisable( || permissionCacheService.cacheDisable(
@ -971,7 +965,21 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
Set<String> terminals = req.getTerminal() == null ? null : new HashSet<>(req.getTerminal()); Set<String> terminals = req.getTerminal() == null ? null : new HashSet<>(req.getTerminal());
permissions.forEach(permission -> { permissions.forEach(permission -> {
List<IdentityAuthRes.PermissionPoint> filterPermission = permission.getPermissionPoint().stream() List<IdentityAuthRes.PermissionPoint> filterPermission = permission.getPermissionPoint().stream()
.filter(p -> CollectionUtil.isEmpty(terminals) || terminals.contains(p.getTerminal())) .filter(p -> {
if (CollectionUtil.isEmpty(terminals)) {
return true;
}
if (terminals.contains(p.getTerminal())) {
return true;
}
// 历史接口会只给NT_CMS_WEB_PROJNT_CMS_WEB_ENT_ZB查询但是为了兼容新老版本的权限需要补充新版本的项目的权限code
if (terminals.contains("NT_CMS_WEB_PROJ") || terminals.contains("NT_CMS_WEB_ENT_ZB")) {
return Objects.equals(p.getTerminal(), "NT_CMS_WEB_GENERAL");
}
return false;
})
.filter(p -> CollectionUtil.isEmpty(req.getFeatureId()) || req.getFeatureId().contains(p.getFeatureId())) .filter(p -> CollectionUtil.isEmpty(req.getFeatureId()) || req.getFeatureId().contains(p.getFeatureId()))
.filter(p -> CollectionUtil.isEmpty(req.getFeatureCode()) || req.getFeatureCode().contains(p.getFeatureCode())) .filter(p -> CollectionUtil.isEmpty(req.getFeatureCode()) || req.getFeatureCode().contains(p.getFeatureCode()))
.collect(Collectors.toList()); .collect(Collectors.toList());