diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java index 3ca55c3c..dd334b02 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/feign/TyrSaasRoleApi.java @@ -8,13 +8,13 @@ import cn.axzo.tyr.client.model.req.FeatureRoleRelationReq; import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq; import cn.axzo.tyr.client.model.req.QueryRoleByNameReq; import cn.axzo.tyr.client.model.req.QuerySaasRoleReq; -import cn.axzo.tyr.client.model.res.FeatureRoleRelationResp; -import cn.axzo.tyr.client.model.res.RoleTreeRes; import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq; import cn.axzo.tyr.client.model.req.TreeRoleReq; +import cn.axzo.tyr.client.model.res.FeatureRoleRelationResp; import cn.axzo.tyr.client.model.res.IsSuperAdminRes; import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes; import cn.axzo.tyr.client.model.res.QueryRoleByNameResp; +import cn.axzo.tyr.client.model.res.RoleTreeRes; import cn.axzo.tyr.client.model.res.RoleWithUserRes; import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleCategoryVO; diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdateRoleVO.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdateRoleVO.java index 2e51c9a3..3afed4d6 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdateRoleVO.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaveOrUpdateRoleVO.java @@ -7,6 +7,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; import java.util.List; +import java.util.Set; @Data public class SaveOrUpdateRoleVO { @@ -42,10 +43,14 @@ public class SaveOrUpdateRoleVO { /** * 角色分组 */ - @NotEmpty - @Valid private List groupTree; + /** + * 产品单位类型 + * 1:总包 2:建设单位 3:监理单位 4:劳务分包 5:专业分包 6:OMS通用 7:企业通用 8:企业内班组 9:项目内班组 + */ + private Integer productUnitType; + private String permissionGroupName; private String permissionGroupDescription; @@ -57,23 +62,27 @@ public class SaveOrUpdateRoleVO { /** * 选中的权限点id + * cms再使用,后面都会切到使用permissionIds */ - @NotNull(message = "权限点ID不能为空") + @Deprecated private List selectedPPIds; + /** + * 新的oms权限 + */ + private Set permissionIds; + @Data public static class GroupInfoVO { /** * 角色分组id */ - @NotNull(message = "角色分组ID不能为空") private Long id; /** * 项目部类型字典code */ - @NotNull(message = "workspaceTypeCode不能为空") private String workspaceTypeCode; } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/TyrApplication.java b/tyr-server/src/main/java/cn/axzo/tyr/server/TyrApplication.java index 9df76d7a..22bff94e 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/TyrApplication.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/TyrApplication.java @@ -7,6 +7,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cache.annotation.EnableCaching; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.context.annotation.Import; import org.springframework.core.env.Environment; import org.springframework.scheduling.annotation.EnableAsync; diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java index 741e2725..4e5331ad 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleController.java @@ -12,14 +12,14 @@ import cn.axzo.tyr.client.model.req.QueryByIdentityIdTypeReq; import cn.axzo.tyr.client.model.req.QueryRoleByNameReq; import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq; import cn.axzo.tyr.client.model.req.QuerySaasRoleReq; -import cn.axzo.tyr.client.model.res.FeatureRoleRelationResp; -import cn.axzo.tyr.client.model.res.RoleTreeRes; import cn.axzo.tyr.client.model.req.RoleWithUserQueryReq; import cn.axzo.tyr.client.model.req.TreeRoleReq; import cn.axzo.tyr.client.model.res.CommonDictResp; +import cn.axzo.tyr.client.model.res.FeatureRoleRelationResp; import cn.axzo.tyr.client.model.res.IsSuperAdminRes; import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes; import cn.axzo.tyr.client.model.res.QueryRoleByNameResp; +import cn.axzo.tyr.client.model.res.RoleTreeRes; import cn.axzo.tyr.client.model.res.RoleWithUserRes; import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleCategoryVO; diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java index cbc86854..bb4cc082 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java @@ -31,6 +31,8 @@ import cn.axzo.tyr.client.model.vo.SaasRoleGroupCodeVO; import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO; import cn.axzo.tyr.client.model.vo.SaasRoleVO; import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO; +import cn.axzo.tyr.server.model.ResourcePermission; +import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO; import cn.axzo.tyr.server.model.RoleFeatureRelation; import cn.axzo.tyr.server.model.RoleWithFeature; import cn.axzo.tyr.server.repository.dao.SaasFeatureDao; @@ -81,8 +83,6 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.HashSet; @@ -145,6 +145,8 @@ public class RoleServiceImpl extends ServiceImpl @Value("${groupLeader.code:projectTeamGPLeader}") private String groupLeaderCode; + private static final Set COMMON_ROLE_TYPES = Sets.newHashSet(RoleTypeEnum.COMMON.getValue(), RoleTypeEnum.AUTO_OWN.getValue()); + @Override public List queryByIdentityIdType(Long identityId, Integer identityType, Long workspaceId, Long ouId, Boolean includePermissionGroup) { // 查询人关联的角色id @@ -314,7 +316,11 @@ public class RoleServiceImpl extends ServiceImpl SaasRole saasRole = validAndBuildRole(saveOrUpdateRole, now); //验证权限集信息 SaasPermissionGroup saasPermissionGroup = validPermissionGroupCommon(saveOrUpdateRole); + + // TODO 旧的权限,待权限切完后就下掉 validFeature(saveOrUpdateRole.getSelectedPPIds()); + // 新的权限 + validPermission(saveOrUpdateRole.getPermissionIds()); saasRoleDao.saveOrUpdate(saasRole); // 新增或者保存分组和角色映射关系 @@ -338,16 +344,24 @@ public class RoleServiceImpl extends ServiceImpl if (Objects.isNull(saveOrUpdateRole.getId())) { saasPgroupRoleRelationDao.save(pgrr); } - // 保存权限集和权限点映射关系 - List pgpRelations = Optional.ofNullable(saveOrUpdateRole.getSelectedPPIds()).orElse(new ArrayList<>()).stream().map(ppId -> { - SaasPgroupPermissionRelation target = new SaasPgroupPermissionRelation(); - target.setGroupId(saasPermissionGroup.getId()); - target.setFeatureId(ppId); - target.setCreateBy(saveOrUpdateRole.getOperatorId()); - target.setUpdateBy(saveOrUpdateRole.getOperatorId()); - return target; - }).collect(Collectors.toList()); - saasPgroupPermissionRelationService.saveOrUpdate(Lists.newArrayList(saasPermissionGroup.getId()), pgpRelations); + if (CollectionUtils.isNotEmpty(saveOrUpdateRole.getSelectedPPIds()) + || CollectionUtils.isNotEmpty(saveOrUpdateRole.getPermissionIds())) { + + List pids = Optional.ofNullable(saveOrUpdateRole.getSelectedPPIds()) + .orElse(Lists.newArrayList(saveOrUpdateRole.getPermissionIds())); + + // 保存权限集和权限点映射关系 + List pgpRelations = pids.stream().map(ppId -> { + SaasPgroupPermissionRelation target = new SaasPgroupPermissionRelation(); + target.setGroupId(saasPermissionGroup.getId()); + target.setFeatureId(ppId); + target.setCreateBy(saveOrUpdateRole.getOperatorId()); + target.setUpdateBy(saveOrUpdateRole.getOperatorId()); + return target; + }).collect(Collectors.toList()); + saasPgroupPermissionRelationService.saveOrUpdate(Lists.newArrayList(saasPermissionGroup.getId()), pgpRelations); + } + return saasRole.getId(); } @@ -453,8 +467,20 @@ public class RoleServiceImpl extends ServiceImpl saasRole.setRoleType(saveOrUpdateRole.getRoleType()); saasRole.setWorkspaceId(saveOrUpdateRole.getWorkspaceId()); saasRole.setOwnerOuId(saveOrUpdateRole.getOwnerOuId()); - saasRole.setWorkspaceType(Integer.parseInt(saveOrUpdateRole.getGroupTree().get(0).getWorkspaceTypeCode())); - saasRole.setProductUnitType(setProductUnitType(saveOrUpdateRole.getGroupTree().get(0))); + // roleType = 自定义,common,workspaceType = saveOrUpdateRole.workspaceType + // 其他就从角色组取,没有就saveOrUpdateRole.workspaceType + Integer workspaceType = null; + if (COMMON_ROLE_TYPES.contains(saveOrUpdateRole.getRoleType()) || CollectionUtils.isEmpty(saveOrUpdateRole.getGroupTree())) { + workspaceType = saveOrUpdateRole.getWorkspaceType(); + } else { + workspaceType = Integer.parseInt(saveOrUpdateRole.getGroupTree().get(0).getWorkspaceTypeCode()); + } + if (CollectionUtils.isNotEmpty(saveOrUpdateRole.getGroupTree())) { + saasRole.setProductUnitType(setProductUnitType(saveOrUpdateRole.getGroupTree().get(0))); + } else { + saasRole.setProductUnitType(saveOrUpdateRole.getProductUnitType()); + } + saasRole.setUpdateBy(saveOrUpdateRole.getOperatorId()); saasRole.setUpdateAt(now); String message = "角色校验异常"; @@ -467,9 +493,8 @@ public class RoleServiceImpl extends ServiceImpl message = "同一角色分组内,角色名称不能重复!"; } else { //自定义角色 同一个企业单位 同一个工作台 角色名称不能为空 - String currentWorkspaceCode = saveOrUpdateRole.getGroupTree().get(0).getWorkspaceTypeCode(); List systemAndCustomWorkspaceCodes = new ArrayList<>(); - systemAndCustomWorkspaceCodes.add(Long.valueOf(currentWorkspaceCode)); + systemAndCustomWorkspaceCodes.add(Long.valueOf(workspaceType)); systemAndCustomWorkspaceCodes.add(-1L); List systemAndCustomOuIds = new ArrayList<>(); @@ -1102,4 +1127,17 @@ public class RoleServiceImpl extends ServiceImpl }); return resps; } + + private void validPermission(Set permissionIds) { + if (CollectionUtils.isEmpty(permissionIds)) { + return; + } + List resourcePermissions = saasFeatureResourceService.permissionQuery(ResourcePermissionQueryDTO.builder() + .ids(Lists.newArrayList(permissionIds)) + .build()); + if (permissionIds.size() != resourcePermissions.size()) { + permissionIds.removeAll(resourcePermissions.stream().map(ResourcePermission::getId).collect(Collectors.toSet())); + throw new ServiceException(String.format("权限点 %s 信息错误", permissionIds)); + } + } }