wangli/tyr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into feature/REQ-2899

Browse Source 
# Conflicts:
#	tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java
This commit is contained in:
李昆鹏 2024-09-05 09:51:35 +08:00
commit f6be31db67
76 changed files with 1883 additions and 323 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/AttrPermissionEnum.java
View File

@ -15,7 +15,7 @@ public enum AttrPermissionEnum {
DEPARTMENT_SUBORDINATE(4, "本部门及以下数据"),
UNIT_ONLY(5, "仅本单位数据"),
UNIT_ONLY(5, "仅本单位数据(包含班组)"),
UNIT_DIRECT_SUBORDINATE(6, "本单位及下级直属单位数据"),
@ -24,6 +24,8 @@ public enum AttrPermissionEnum {
UNIT_ALL_SUBORDINATE(8, "本单位及以下协同(直属+合作)单位数据"),
WORKSPACE(9, "本项目数据"),
EQUAL_TO_ROW(10, "同行级数据权限"),
UNIT_ONLY_EXCLUDE_TEAM(11, "仅本单位数据(不包含班组)"),
;
private final Integer value;
private final String desc;
@ -34,6 +36,6 @@ public enum AttrPermissionEnum {
public static List<AttrPermissionEnum> listAttrPermissionForNotWorkspace() {
return Lists.newArrayList(SELF_ONLY, SELF_SUBORDINATE,
DEPARTMENT_ONLY, DEPARTMENT_SUBORDINATE, UNIT_ONLY, EQUAL_TO_ROW);
DEPARTMENT_ONLY, DEPARTMENT_SUBORDINATE, UNIT_ONLY, UNIT_ONLY_EXCLUDE_TEAM, EQUAL_TO_ROW);
}
}

35
tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/PermissionRelationOperateLogSceneEnum.java
View File

@ -28,6 +28,11 @@ public enum PermissionRelationOperateLogSceneEnum {
*/
OMS_ROLE_BIND_FEATURE_RESOURCE("OMS_ROLE_BIND_FEATURE_RESOURCE", "oms后台更新角色绑定的资源"),
/**
* []oms后台更新角色绑定资源绑定的
*/
OLD_OMS_ROLE_BIND_FEATURE("OLD_OMS_ROLE_BIND_FEATURE", "[老]oms后台更新角色绑定的资源"),
/**
* oms后台更新资源绑定的页面元素
*/
@ -38,6 +43,36 @@ public enum PermissionRelationOperateLogSceneEnum {
*/
OMS_PRODUCT_BIND_FEATURE_RESOURCE("OMS_PRODUCT_BIND_FEATURE_RESOURCE", "oms后台更新产品榜的资源"),
/**
* []oms后台更新产品权限点
*/
OLD_OMS_PRODUCT__UPDATE("OLD_OMS_PRODUCT__UPDATE", "[老]oms后台更新产品"),
/**
* []oms后台更新产品权限点
*/
OLD_OMS_PRODUCT_PERMISSION_POINT__SAVE_BATCH("OLD_OMS_PRODUCT_PERMISSION_POINT__SAVE_BATCH", "[老]oms后台更新产品权限点"),
/**
* []角色分组新增/更新
*/
OLD_OMS_ROLE_GROUP__SAVE_OR_UPDATE("OLD_OMS_ROLE_GROUP__SAVE_OR_UPDATE", "[老]角色分组新增/更新"),
/**
* []角色分组删除
*/
OLD_OMS_ROLE_GROUP__DELETE("OLD_OMS_ROLE_GROUP__DELETE", "[老]角色分组删除"),
/**
* []权限点删除
*/
OLD_OMS_SAAS_FEATURE__DELETE("OLD_OMS_SAAS_FEATURE__DELETE", "[老]权限点删除"),
/**
* []权限点新增/更新
*/
OLD_OMS_SAAS_FEATURE__SAVE_OR_UPDATE("OLD_OMS_SAAS_FEATURE__SAVE_OR_UPDATE", "[老]权限点新增/更新"),
/**
* oms后台添加API
*/

8
tyr-api/src/main/java/cn/axzo/tyr/client/common/enums/RowPermissionEnum.java
View File

@ -18,14 +18,16 @@ public enum RowPermissionEnum {
DEPARTMENT_SUBORDINATE(4, "本部门及以下数据"),
UNIT_ONLY(5, "仅本单位数据"),
UNIT_ONLY(5, "仅本单位数据(包含班组)"),
UNIT_DIRECT_SUBORDINATE(6, "本单位及下级直属单位数据"),
UNIT_COOPERATE_SUBORDINATE(7, "本单位及下级协同(直属+合作)单位数据"),
UNIT_ALL_SUBORDINATE(8, "本单位及以下协同(直属+合作)单位数据"),
WORKSPACE(9, "本项目数据"),
WORKSPACE(9, "本项目部数据"),
UNIT_ONLY_EXCLUDE_TEAM(10, "仅本单位数据(不包含班组)"),
;
@ -41,7 +43,7 @@ public enum RowPermissionEnum {
public static List<RowPermissionEnum> listRowPermissionForNotWorkspace() {
return Lists.newArrayList(SELF_ONLY, SELF_SUBORDINATE,
DEPARTMENT_ONLY, DEPARTMENT_SUBORDINATE, UNIT_ONLY);
DEPARTMENT_ONLY, DEPARTMENT_SUBORDINATE, UNIT_ONLY, UNIT_ONLY_EXCLUDE_TEAM);
}
}

15
tyr-api/src/main/java/cn/axzo/tyr/client/feign/DataObjectApi.java
View File

@ -2,11 +2,7 @@ package cn.axzo.tyr.client.feign;
import cn.axzo.basics.common.page.PageResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.common.annotation.RepeatedSubmit;
import cn.axzo.tyr.client.model.req.CreateDataObjectReq;
import cn.axzo.tyr.client.model.req.DeleteDataObjectReq;
import cn.axzo.tyr.client.model.req.EditDataObjectReq;
import cn.axzo.tyr.client.model.req.PageDataObjectReq;
import cn.axzo.tyr.client.model.req.*;
import cn.axzo.tyr.client.model.res.DataObjectRes;
import cn.axzo.tyr.client.model.res.EnumRes;
import cn.axzo.tyr.client.model.res.SimpleDataObjectRes;
@ -28,7 +24,6 @@ public interface DataObjectApi {
@PostMapping("/api/dataObject/create")
ApiResult<Long> createDataObject(@RequestBody @Valid CreateDataObjectReq req);
/**
* 修改数据对象
* @param req
@ -63,4 +58,12 @@ public interface DataObjectApi {
*/
@GetMapping("/api/dataObject/get")
ApiResult<DataObjectRes> getDataObject(@RequestParam Long dataObjectId);
/**
* 根据租户范围数据对象code查询数据对象
* @param req
* @return
*/
@PostMapping("/api/dataObject/query")
ApiResult<DataObjectRes> queryDataObject(@RequestBody @Valid QueryDataObjectReq req);
}

6
tyr-api/src/main/java/cn/axzo/tyr/client/feign/PermissionPointApi.java
View File

@ -1,6 +1,7 @@
package cn.axzo.tyr.client.feign;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.model.permission.DeletePermissionPointRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointDTO;
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
@ -16,6 +17,7 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import javax.validation.Valid;
import java.util.List;
/**
@ -48,6 +50,10 @@ public interface PermissionPointApi {
@PostMapping(value = "/api/v1/permissionPoint/delete/{permissionId}")
ApiResult<List<String>> deletePermissionPoint(@PathVariable Long permissionId);
/** 删除权限点 **/
@PostMapping(value = "/api/v1/permissionPoint/delete/v2/deletePermissionPoint")
ApiResult<List<String>> deletePermissionPointV2(@Valid @RequestBody DeletePermissionPointRequest request);
/** 位置移动 **/
@PostMapping(value = "/api/v1/permissionPoint/move")

21
tyr-api/src/main/java/cn/axzo/tyr/client/feign/ProductApi.java
View File

@ -2,7 +2,16 @@ package cn.axzo.tyr.client.feign;
import cn.axzo.framework.domain.web.result.ApiPageResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.model.product.*;
import cn.axzo.tyr.client.model.product.OldUpdateFeatureRelationRequestV2;
import cn.axzo.tyr.client.model.product.ProductAddReq;
import cn.axzo.tyr.client.model.product.ProductDetailReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationSearchReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationUpdateReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
import cn.axzo.tyr.client.model.product.ProductSearchListReq;
import cn.axzo.tyr.client.model.product.ProductSearchPageReq;
import cn.axzo.tyr.client.model.product.ProductUpdateReq;
import cn.axzo.tyr.client.model.product.ProductVO;
import cn.axzo.tyr.client.model.req.ProductSaveReq;
import cn.axzo.tyr.client.model.req.UpdateProductStatusReq;
import cn.axzo.tyr.client.model.res.GovernmentTerminalResp;
@ -102,6 +111,16 @@ public interface ProductApi {
@PostMapping("api/auth/product/feature/relation/update")
ApiResult<Boolean> updateFeatureRelation(@Validated @RequestBody List<ProductFeatureRelationUpdateReq> req);
/**
* 更新产品与权限点的关联关系
* <p/>携带操作人员信息
*
* @param req {@link ProductFeatureRelationUpdateReq}
* @return
*/
@PostMapping("api/auth/product/feature/relation/v2/update")
ApiResult<Boolean> updateFeatureRelationV2(@Validated @RequestBody OldUpdateFeatureRelationRequestV2 req);
/**
* 查询指定工作台关联的服务包下的产品权限点
*

9
tyr-api/src/main/java/cn/axzo/tyr/client/feign/SaasRoleGroupApi.java
View File

@ -5,6 +5,7 @@ import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PageSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.req.SaasRoleGroupDeleteRequest;
import cn.axzo.tyr.client.model.req.UpdateRoleGroupOffsetReq;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
@ -57,6 +58,14 @@ public interface SaasRoleGroupApi {
@PostMapping("/api/saasRoleGroup/delete")
ApiResult<Void> delete(@RequestParam @NotEmpty List<Long> ids);
/**
* 删除角色分组
* @param request 角色分组ID
* @return 返回删除角色分组状态
*/
@PostMapping("/api/saasRoleGroup/v2/delete")
ApiResult<Void> deleteV2(@RequestBody @Valid SaasRoleGroupDeleteRequest request);
/**
*
* 通过categoryCode查询分组

2
tyr-api/src/main/java/cn/axzo/tyr/client/model/data/object/AttributePermissionBO.java
View File

@ -15,7 +15,7 @@ public class AttributePermissionBO {
private Integer sort; // 序号
private String attrName; //字段名
private String attrCode; // 字段code
private Integer visibilityScope; // 字段值查看范围 1:仅本人数据 2:本人及下属数据 3:仅本部门数据 4:本部门及以下数据 5:仅本单位数据 6:本单位及下级直属单位数据 7:本单位及下级协同直属+合作单位数据 8:本单位及以下协同直属+合作单位数据 9:本项目数据 10:同行级数据权限
private Integer visibilityScope; // 字段值查看范围 1:仅本人数据 2:本人及下属数据 3:仅本部门数据 4:本部门及以下数据 5:仅本单位数据(包含班组) 6:本单位及下级直属单位数据 7:本单位及下级协同直属+合作单位数据 8:本单位及以下协同直属+合作单位数据 9:本项目数据 10:同行级数据权限 11:仅本单位数据(不包含班组)
private Integer isUnmaskable; // 是否可脱敏 1-不可操作脱敏 2-可操作脱敏
private Integer isEditable; // 是否可编辑 1-不可编辑 2-可编辑
}

19
tyr-api/src/main/java/cn/axzo/tyr/client/model/data/object/DataObjectRuleBO.java
View File

@ -39,10 +39,19 @@ public class DataObjectRuleBO {
* 岗位/角色id
*/
private List<Long> relationId;
/**
* 岗位code
*/
private List<String> relationCodes;
/**
* 岗位列表
*/
private List<JobInfo> jobs;
/**
* 行级数据权限单选 1:仅本人数据 2:本人及下属数据 3:仅本部门数据 4:本部门及以下数据
* 5:仅本单位数据 6:本单位及下级直属单位数据 7:本单位及下级协同直属+合作单位数据 8:本单位及以下协同直属+合作单位数据 9:本项目数据
* 5:仅本单位数据(包含班组) 6:本单位及下级直属单位数据 7:本单位及下级协同直属+合作单位数据 8:本单位及以下协同直属+合作单位数据
* 9:本项目部数据 10:仅本单位数据(不包含班组)
*/
private Integer rowPermission;
/**
@ -50,4 +59,12 @@ public class DataObjectRuleBO {
*/
private List<AttributePermissionBO> attributePermissionBOList;
@Data
@Builder
@AllArgsConstructor
@NoArgsConstructor
public static class JobInfo{
private Long id;
private String code;
}
}

19
tyr-api/src/main/java/cn/axzo/tyr/client/model/permission/DeletePermissionPointRequest.java Normal file
View File

@ -0,0 +1,19 @@
package cn.axzo.tyr.client.model.permission;
import cn.axzo.tyr.client.model.vo.OperatorRequest;
import lombok.Getter;
import lombok.Setter;
import javax.validation.constraints.NotNull;
/**
* @author yanglin
*/
@Setter
@Getter
public class DeletePermissionPointRequest extends OperatorRequest {
@NotNull
private Long permissionId;
}

7
tyr-api/src/main/java/cn/axzo/tyr/client/model/permission/PermissionPointDTO.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.client.model.permission;
import cn.axzo.tyr.client.model.vo.Operator;
import lombok.Data;
import javax.validation.constraints.NotBlank;
@ -160,6 +161,12 @@ public class PermissionPointDTO {
/** 业务编码 **/
private String businessNo;
private Operator operator;
public Operator determineOperator() {
return operator == null ? Operator.absent() : operator;
}
public Long mergeFitOuTypeBit() {
if (this.fitOuTypeList == null || this.fitOuTypeList.isEmpty()) {
return null;

25
tyr-api/src/main/java/cn/axzo/tyr/client/model/product/OldUpdateFeatureRelationRequestV2.java Normal file
View File

@ -0,0 +1,25 @@
package cn.axzo.tyr.client.model.product;
import cn.axzo.tyr.client.model.vo.OperatorRequest;
import lombok.Getter;
import lombok.Setter;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
/**
* @author yanglin
*/
@Setter
@Getter
public class OldUpdateFeatureRelationRequestV2 extends OperatorRequest {
private List<ProductFeatureRelationUpdateReq> relations;
private Map<String, Object> externalLogs = new ConcurrentHashMap<>();
public void addExternalLogThreadSafe(String key, Object value) {
externalLogs.put(key, value);
}
}

6
tyr-api/src/main/java/cn/axzo/tyr/client/model/product/ProductUpdateReq.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.client.model.product;
import cn.axzo.tyr.client.model.vo.Operator;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
@ -69,4 +70,9 @@ public class ProductUpdateReq {
*/
private List<Integer> ouTypes;
private Operator operator;
public Operator determineOperator() {
return operator == null ? Operator.absent() : operator;
}
}

3
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/FeatureResourceTreeSaveReq.java
View File

@ -52,9 +52,6 @@ public class FeatureResourceTreeSaveReq extends BaseFeatureResourceDO {
/** 页面组件对象 **/
private List<FeatureComponentSaveReq> componentSaveReqList;
/** 页面及组件权限对象 **/
private List<RolePermissionSaveReq> permissions;
@NotNull(message = "操作人ID不能为空")
private Long operatorId;

6
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFeatureReq.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.tyr.client.common.enums.FeatureResourceStatus;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.common.enums.PageElementFeatureResourceRelationTypeEnum;
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
@ -61,4 +62,9 @@ public class ListPermissionFeatureReq {
* 查询父组件code下的有权限的uniCode
*/
private String parentUniCode;
/**
* 显示或者隐藏如果父节点是隐藏则子节点也会隐藏
*/
private FeatureResourceStatus status;
}

6
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListPermissionFromRoleGroupReq.java
View File

@ -44,6 +44,12 @@ public class ListPermissionFromRoleGroupReq {
/** 角色组ID **/
private List<Long> roleGroupIds;
/**
* 原接口使用方有的需要2有的需要3当时加这个出了问题默认为3
* 1-仅查当前code 2-对应code角色组及子级角色组 3-仅对应code角色组的子级
*/
private Integer categoryType;
@Data
@Builder
@AllArgsConstructor

17
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/ListRoleReq.java
View File

@ -1,11 +1,13 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.SuperBuilder;
import java.util.List;
import java.util.Set;
@Data
@SuperBuilder
@ -72,4 +74,19 @@ public class ListRoleReq {
* 是否需要角色对应的用户信息
*/
private Boolean needRoleUser;
/**
* 是否需要预设角色因为预设角色的workspaceId和ouId为-1
*/
private Boolean needPresetRole;
/**
* workspaceId和ouId配对查询
* 例如((workspaceId = ## and ouId = ##) or (workspaceId = ## and ouId = ##))
*/
private List<ListRoleUserRelationParam.WorkspaceOuPair> workspaceOuPairs;
/**
* 角色权限码
*/
private Set<String> roleCodes;
}

4
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PageSaasFeatureResourceReq.java
View File

@ -4,7 +4,6 @@ import cn.axzo.foundation.dao.support.wrapper.CriteriaField;
import cn.axzo.foundation.dao.support.wrapper.Operator;
import cn.axzo.foundation.page.IPageReq;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.common.enums.PageElementFeatureResourceRelationTypeEnum;
import lombok.AllArgsConstructor;
import lombok.Builder;
@ -77,6 +76,9 @@ public class PageSaasFeatureResourceReq implements IPageReq {
@CriteriaField(ignore = true)
private Boolean needPageElement;
@CriteriaField(field = "status", operator = Operator.EQ)
private Integer status;
/**
* 菜单跟页面元素绑定的类型
*/

8
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/PermissionOperateLogReq.java
View File

@ -29,10 +29,12 @@ public class PermissionOperateLogReq implements Serializable {
@NotBlank(message = "表名不能为空")
private String tableName;
@NotNull(message = "操作人ID不能为空")
@Min(value = 1, message = "操作人ID有误")
// @NotNull(message = "操作人ID不能为空")
// @Min(value = 1, message = "操作人ID有误")
private Long operatorId;
private String operatorName;
@NotBlank(message = "场景不能为空")
private String scene;
@ -41,4 +43,6 @@ public class PermissionOperateLogReq implements Serializable {
private Object requestData;
private Object operateData;
private JSONObject ext;
}

32
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/QueryDataObjectReq.java Normal file
View File

@ -0,0 +1,32 @@
package cn.axzo.tyr.client.model.req;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import javax.validation.constraints.NotBlank;
import java.io.Serializable;
/**
* @author likunpeng
* @version 1.0
* @date 2024/6/3
*/
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class QueryDataObjectReq implements Serializable {
/**
* 数据对象code
*/
@NotBlank(message = "数据对象code不能为空")
private String dataObjectCode;
/**
* 租户范围 1单位租户 2项目租户 3:政务监管平台 6:OMS
*/
private Integer tenantScope;
}

20
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/SaasRoleGroupDeleteRequest.java Normal file
View File

@ -0,0 +1,20 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.tyr.client.model.vo.OperatorRequest;
import lombok.Getter;
import lombok.Setter;
import javax.validation.constraints.NotEmpty;
import java.util.List;
/**
* @author yanglin
*/
@Setter
@Getter
public class SaasRoleGroupDeleteRequest extends OperatorRequest {
@NotEmpty(message = "ids不能为空")
private List<Long> ids;
}

6
tyr-api/src/main/java/cn/axzo/tyr/client/model/req/TreePermissionReq.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.client.model.req;
import cn.axzo.tyr.client.common.enums.FeatureResourceStatus;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.common.enums.PageElementFeatureResourceRelationTypeEnum;
import cn.axzo.tyr.client.model.base.WorkspaceOUPair;
@ -73,4 +74,9 @@ public class TreePermissionReq {
* 默认会增加config配置的默认权限不需要就传true
*/
private Boolean excludeDefaultPermission;
/**
* 显示或者隐藏如果父节点是隐藏则子节点也会隐藏
*/
private FeatureResourceStatus status;
}

5
tyr-api/src/main/java/cn/axzo/tyr/client/model/res/ListPermissionFromRoleGroupResp.java
View File

@ -57,6 +57,11 @@ public class ListPermissionFromRoleGroupResp {
*/
private String roleName;
/**
* 角色编码
*/
private String roleCode;
/**
* 权限集ID
*/

2
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/dto/SaasRoleUserV2DTO.java
View File

@ -85,6 +85,8 @@ public class SaasRoleUserV2DTO {
*/
private String roleType;
private String roleCode;
private Long workspaceId;
private Long ownerOuId;

19
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/ListRoleUserRelationParam.java
View File

@ -11,6 +11,7 @@ import lombok.NoArgsConstructor;
import lombok.experimental.SuperBuilder;
import java.util.List;
import java.util.Set;
@SuperBuilder
@Data
@ -27,6 +28,18 @@ public class ListRoleUserRelationParam {
@CriteriaField(field = "ouId", operator = Operator.EQ)
private Long ouId;
/**
* 是否显示
*/
@CriteriaField(ignore = true)
private Boolean isDisplay;
/**
* 是否启用
*/
@CriteriaField(ignore = true)
private Boolean enabled;
/**
* 身份类型 1:工人 2:从业人员 3:班组长 4:运营人员 5:政务人员
*/
@ -94,6 +107,12 @@ public class ListRoleUserRelationParam {
@CriteriaField(ignore = true)
private Boolean needPermission;
/**
* 角色权限码
*/
@CriteriaField(ignore = true)
private Set<String> roleCodes;
@Data
@Builder
@NoArgsConstructor

11
tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/PageRoleUserRelationParam.java
View File

@ -2,11 +2,13 @@ package cn.axzo.tyr.client.model.roleuser.req;
import cn.axzo.foundation.dao.support.wrapper.CriteriaField;
import cn.axzo.foundation.page.IPageReq;
import cn.axzo.foundation.page.PageResp;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import lombok.experimental.SuperBuilder;
import java.util.Collections;
import java.util.List;
@SuperBuilder
@ -26,4 +28,13 @@ public class PageRoleUserRelationParam extends ListRoleUserRelationParam impleme
*/
@CriteriaField(ignore = true)
List<String> sort;
public PageResp toEmpty() {
return PageResp.builder()
.current(this.getPage())
.size(this.getPageSize())
.total(0)
.data(Collections.emptyList())
.build();
}
}

42
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/Operator.java Normal file
View File

@ -0,0 +1,42 @@
package cn.axzo.tyr.client.model.vo;
import cn.axzo.framework.auth.domain.ContextInfo;
import cn.axzo.framework.auth.domain.ContextInfoHolder;
import cn.axzo.framework.auth.domain.UserInfo;
import lombok.Data;
/**
* @author yanglin
*/
@Data
public class Operator {
private String realName;
private Long personId;
/**
* For a gateway like yoke
*/
public static Operator fromAuthContext() {
ContextInfo ctx = ContextInfoHolder.get();
if (ctx == null) {
return absent();
}
UserInfo userInfo = ctx.getUserInfo();
if (userInfo == null) {
return absent();
}
Operator operator = new Operator();
operator.setRealName(userInfo.getRealName());
operator.setPersonId(userInfo.getPersonId());
return operator;
}
public static Operator absent() {
Operator operator = new Operator();
operator.setRealName("");
operator.setPersonId(0L);
return operator;
}
}

18
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/OperatorRequest.java Normal file
View File

@ -0,0 +1,18 @@
package cn.axzo.tyr.client.model.vo;
import lombok.Getter;
import lombok.Setter;
/**
* @author yanglin
*/
@Setter
@Getter
public class OperatorRequest {
private Operator operator;
public Operator determineOperator() {
return operator == null ? Operator.absent() : operator;
}
}

6
tyr-api/src/main/java/cn/axzo/tyr/client/model/vo/SaasRoleGroupVO.java
View File

@ -70,4 +70,10 @@ public class SaasRoleGroupVO {
* 上级分组id
*/
private Long parentId;
private Operator operator;
public Operator determineOperator() {
return operator == null ? Operator.absent() : operator;
}
}

6
tyr-server/pom.xml
View File

@ -138,6 +138,12 @@
<artifactId>apisix-plat-api</artifactId>
<version>2.0.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>alibaba-dingtalk-service-sdk</artifactId>
<version>2.0.0</version>
</dependency>
</dependencies>
<build>
<plugins>

68
tyr-server/src/main/java/cn/axzo/tyr/server/common/util/DingTalkUtil.java Normal file
View File

@ -0,0 +1,68 @@
package cn.axzo.tyr.server.common.util;
import cn.hutool.core.util.StrUtil;
import com.dingtalk.api.DefaultDingTalkClient;
import com.dingtalk.api.DingTalkClient;
import com.dingtalk.api.request.OapiRobotSendRequest;
import com.dingtalk.api.response.OapiRobotSendResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
/**
* @author wangsiqian
* @since 2024/07/30
*/
@Slf4j
public class DingTalkUtil {
/**
* 发送消息
*
* @author wangsiqian
* @date 2024-07-30
*/
public static void sendMessage(String content, String accessToken, String secret) {
Long timestamp = System.currentTimeMillis();
String sign = getSign(timestamp, secret);
if (StrUtil.isBlank(sign)) {
return;
}
String url = StrUtil.format("https://oapi.dingtalk.com/robot/send?access_token={}&sign={}&timestamp={}",
accessToken, sign, String.valueOf(timestamp));
DingTalkClient client = new DefaultDingTalkClient(url);
OapiRobotSendRequest req = new OapiRobotSendRequest();
OapiRobotSendRequest.Text text = new OapiRobotSendRequest.Text();
text.setContent(content);
OapiRobotSendRequest.At at = new OapiRobotSendRequest.At();
at.setIsAtAll(false);
req.setMsgtype("text");
req.setText(text);
req.setAt(at);
try {
OapiRobotSendResponse response = client.execute(req);
log.info("发送钉钉消息结果:{}", response);
} catch (Exception error) {
log.info("发送钉钉消息失败:{}", error.getMessage());
}
}
private static String getSign(Long timestamp, String secret) {
try {
String stringToSign = timestamp + "\n" + secret;
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] signData = mac.doFinal(stringToSign.getBytes(StandardCharsets.UTF_8));
return URLEncoder.encode(new String(Base64.encodeBase64(signData)), "UTF-8");
} catch (Exception ignored) {
return "";
}
}
}

369
tyr-server/src/main/java/cn/axzo/tyr/server/controller/PrivateController.java
View File

@ -25,13 +25,16 @@ import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
import cn.axzo.tyr.client.model.vo.SaveOrUpdateRoleVO;
import cn.axzo.tyr.server.event.inner.SendDingTalkHandler;
import cn.axzo.tyr.server.event.outer.CacheWorkspaceProductHandler;
import cn.axzo.tyr.server.event.payload.SaasFeatureResourceUpsertPayload;
import cn.axzo.tyr.server.event.payload.ServicePkgProductCreatedPayload;
import cn.axzo.tyr.server.job.CacheProductFeatureResourceJob;
import cn.axzo.tyr.server.job.CacheProductPermissionJob;
import cn.axzo.tyr.server.job.CacheRoleFeatureResourceJob;
import cn.axzo.tyr.server.job.CacheRolePermissionJob;
import cn.axzo.tyr.server.job.CacheSaasFeatureJob;
import cn.axzo.tyr.server.job.CacheWorkspaceProductJob;
import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao;
@ -54,7 +57,9 @@ import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.ProductPermissionCacheService;
import cn.axzo.tyr.server.service.ProductSaasFeatureResourceCacheService;
import cn.axzo.tyr.server.service.RolePermissionCacheService;
import cn.axzo.tyr.server.service.RoleSaasFeatureResourceCacheService;
import cn.axzo.tyr.server.service.RoleService;
import cn.axzo.tyr.server.service.SaasCommonDictService;
import cn.axzo.tyr.server.service.SaasFeatureResourceService;
@ -169,6 +174,12 @@ public class PrivateController {
private SaasRoleUserRelationService saasRoleUserRelationService;
@Autowired
private ProductModuleDao productModuleDao;
@Autowired
private CacheWorkspaceProductJob cacheWorkspaceProductJob;
@Autowired
private RoleSaasFeatureResourceCacheService roleSaasFeatureResourceCacheService;
@Autowired
private SendDingTalkHandler sendDingTalkHandler;
/**
* 统一层级的roleGroup按照id升序sort从1递增
@ -623,12 +634,24 @@ public class PrivateController {
return featureCodeUtil.resolveFeatureCode(request.getFeatureCodes());
}
@PostMapping("/api/private/workspaceProduct/store")
public Object storeWorkspaceProduct(@RequestBody ProductSearchListReq request) throws Exception {
@PostMapping("/api/private/productPermission/store")
public Object storeProductPermission(@RequestBody ProductSearchListReq request) throws Exception {
cacheProductPermissionJob.execute(JSON.toJSONString(request));
return "ok";
}
@PostMapping("/api/private/workspaceProduct/store")
public Object storeWorkspaceProduct(@RequestBody WorkspaceProductService.StoreWorkspaceProductParam request) throws Exception {
workspaceProductService.storeWorkspaceProduct(request);
return "ok";
}
@PostMapping("/api/private/workspaceProduct/job")
public Object storeWorkspaceProductJob() throws Exception {
cacheWorkspaceProductJob.execute(null);
return "ok";
}
@PostMapping("/api/private/workspaceProduct/list")
public Object listWorkspaceProduct(@RequestBody WorkspaceProductService.WorkspaceProductParam request) {
return workspaceProductService.listWorkspaceProductCached(request);
@ -805,11 +828,21 @@ public class PrivateController {
.build();
List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatures = saasFeatureResourceService.listCache(listSaasFeatureResourceCache).get(request.getTerminal());
List<Role> roles = listRole(request);
List<Role> roles = listRole(ListRoleUserRelationParam.builder()
.personId(request.getPersonId())
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(request.getWorkspaceId())
.ouId(request.getOuId())
.build()))
.needRole(true)
.build());
List<WorkspaceProductService.ProductPermission> productPermissions = listWorkspaceProductPermission(request);
List<Product> products = listProduct(productPermissions);
List<Long> productIds = productPermissions.stream()
.map(WorkspaceProductService.ProductPermission::getProductId)
.collect(Collectors.toList());
List<Product> products = listProduct(productIds);
Map<Long, List<RolePermissionCacheService.PermissionDTO>> rolePermissions = listRolePermission(roles);
@ -820,6 +853,75 @@ public class PrivateController {
.build());
}
@PostMapping("/api/private/featureResource/check")
public ApiResult<CheckFeatureResourceDTO> checkFeatureResource(@RequestBody @Validated CheckFeatureResourceParam request) {
SaasFeatureResourceService.ListSaasFeatureResourceCache listSaasFeatureResourceCache = SaasFeatureResourceService.ListSaasFeatureResourceCache.builder()
.terminals(Sets.newHashSet(request.getTerminal()))
.build();
List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatures = saasFeatureResourceService.listCache(listSaasFeatureResourceCache).get(request.getTerminal());
List<Role> roles = listRole(ListRoleUserRelationParam.builder()
.personId(request.getPersonId())
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(request.getWorkspaceId())
.ouId(request.getOuId())
.build()))
.needRole(true)
.build());
List<WorkspaceProductService.ProductFeatureSource> productFeatureSources = listWorkspaceProductFeatureResource(request);
List<Long> productIds = productFeatureSources.stream()
.map(WorkspaceProductService.ProductFeatureSource::getProductId)
.collect(Collectors.toList());
List<Product> products = listProduct(productIds);
Map<Long, List<RoleSaasFeatureResourceCacheService.SaasFeatureResourceDTO>> roleFeatureResources = listRoleFeatureResource(roles);
return ApiResult.ok(CheckFeatureResourceDTO.builder()
.products(products)
.roles(roles)
.uniCodeCheckResults(resolveUniCode(request, productFeatureSources, roleFeatureResources, roles, allFeatures))
.build());
}
private UniCodeCheckResult resolveAdminRoleFeature(List<Role> adminRoles,
List<ProductSaasFeatureResourceCacheService.FeatureResourceDTO> productFeatureResources) {
if (CollectionUtils.isEmpty(adminRoles)) {
return UniCodeCheckResult.builder()
.authPermission(false)
.reasons(Lists.newArrayList("没有管理员角色"))
.build();
}
List<String> reasons = Lists.newArrayList();
Boolean authPermission = false;
for (Role adminRole : adminRoles) {
List<ProductSaasFeatureResourceCacheService.FeatureResourceDTO> adminPermissions = productFeatureResources.stream()
.filter(e -> Objects.equals(e.getCooperateType(), adminRole.getCooperateType().toString()))
.collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(adminPermissions)) {
reasons.add("角色Id:" + adminRole.getRoleId()
+ ";角色名字:" + adminRole.getRoleName()
+ ";单位类型:" + adminRole.getCooperateType() + ";是管理员角色有该权限code权限");
authPermission = true;
} else {
reasons.add("角色Id:" + adminRole.getRoleId()
+ ";角色名字:" + adminRole.getRoleName()
+ ";单位类型:" + adminRole.getCooperateType() + ";没有该权限code权限");
}
}
return UniCodeCheckResult.builder()
.authPermission(authPermission)
.reasons(reasons)
.build();
}
private FeatureCodeCheckResult resolveAdminRole(List<Role> adminRoles,
List<ProductPermissionCacheService.PermissionDTO> productPermissions) {
if (CollectionUtils.isEmpty(adminRoles)) {
@ -904,6 +1006,54 @@ public class PrivateController {
.build();
}
private UniCodeCheckResult resolveNormalRoleFeature(List<Role> normalRoles,
List<ProductSaasFeatureResourceCacheService.FeatureResourceDTO> productFeatureResources,
Map<Long, List<RoleSaasFeatureResourceCacheService.SaasFeatureResourceDTO>> rolePermissions,
String uniCode) {
if (CollectionUtils.isEmpty(normalRoles)) {
return UniCodeCheckResult.builder()
.authPermission(false)
.reasons(Lists.newArrayList("没有普通角色"))
.build();
}
List<String> reasons = Lists.newArrayList();
Boolean authPermission = false;
for (Role normalRole : normalRoles) {
List<RoleSaasFeatureResourceCacheService.SaasFeatureResourceDTO> normalRolepermissions = rolePermissions.getOrDefault(normalRole.getRoleId(), Lists.newArrayList())
.stream()
.filter(e -> Objects.equals(e.getUniCode(), uniCode))
.collect(Collectors.toList());
Set<String> productCooperateTypes = productFeatureResources.stream()
.map(e -> e.getCooperateType())
.collect(Collectors.toSet());
if (CollectionUtils.isEmpty(normalRolepermissions)) {
reasons.add("角色Id:" + normalRole.getRoleId()
+ ";角色名字:" + normalRole.getRoleName()
+ ";单位类型:" + normalRole.getCooperateType() + ";没有该权限code权限");
} else if (productCooperateTypes.contains(normalRole.getCooperateType().toString())) {
reasons.add("角色Id:" + normalRole.getRoleId()
+ ";角色名字:" + normalRole.getRoleName()
+ ";单位类型:" + normalRole.getCooperateType() + ";有该权限code权限;有该权限的产品的单位类型有"
+ JSON.toJSONString(productCooperateTypes));
authPermission = true;
} else {
reasons.add("角色Id:" + normalRole.getRoleId()
+ ";角色名字:" + normalRole.getRoleName()
+ ";单位类型:" + normalRole.getCooperateType() + ";有该权限code权限;有该权限的产品的单位类型有"
+ JSON.toJSONString(productCooperateTypes));
}
}
return UniCodeCheckResult.builder()
.authPermission(authPermission)
.reasons(reasons)
.build();
}
private FeatureCodeCheckResult resolveNotAuth(List<ProductPermissionCacheService.PermissionDTO> productPermissions,
String featureCode,
List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatures) {
@ -959,6 +1109,61 @@ public class PrivateController {
}
}
private UniCodeCheckResult resolveNotAuthFeature(List<ProductSaasFeatureResourceCacheService.FeatureResourceDTO> productFeatureResources,
String uniCode,
List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatures) {
// 直接配置成免授权的权限点
List<SaasFeatureResourceService.SaasFeatureResourceCache> notAuthFeatures = allFeatures.stream()
.filter(SaasFeatureResourceService.SaasFeatureResourceCache::isNotAuth)
.collect(Collectors.toList());
// 子节点是免授权的权限点
Set<Long> parentNotAuthFeatureIds = notAuthFeatures.stream()
.map(e -> Optional.ofNullable(e.getParentIds())
.map(f -> {
f.add(e.getFeatureId());
return f;
})
.orElseGet(() -> Sets.newHashSet(e.getFeatureId())))
.flatMap(Collection::stream)
.collect(Collectors.toSet());
Set<Long> notAuthFeatureIds = notAuthFeatures.stream()
.map(SaasFeatureResourceService.SaasFeatureResourceCache::getFeatureId)
.collect(Collectors.toSet());
if (CollectionUtils.isEmpty(parentNotAuthFeatureIds) && CollectionUtils.isEmpty(notAuthFeatureIds)) {
return UniCodeCheckResult.builder()
.authPermission(false)
.reasons(Lists.newArrayList("没有免授权权限点"))
.build();
}
Set<Long> productFeatureIds = productFeatureResources.stream()
.filter(e -> Objects.equals(e.getUniCode(), uniCode))
.map(ProductSaasFeatureResourceCacheService.FeatureResourceDTO::getFeatureId)
.collect(Collectors.toSet());
if (!Sets.intersection(notAuthFeatureIds, productFeatureIds).isEmpty()) {
return UniCodeCheckResult.builder()
.authPermission(true)
.reasons(Lists.newArrayList("权限点是免授权"))
.build();
} else if (!Sets.intersection(parentNotAuthFeatureIds, productFeatureIds).isEmpty()) {
return UniCodeCheckResult.builder()
.authPermission(true)
.reasons(Lists.newArrayList("权限点的子节点是免授权"))
.build();
} else {
return UniCodeCheckResult.builder()
.authPermission(false)
.reasons(Lists.newArrayList("权限点不是免授权"))
.build();
}
}
private List<FeatureCodeCheckResult> resolveFeatureCode(CheckPermissionParam checkPermissionParam,
List<WorkspaceProductService.ProductPermission> productPermissions,
Map<Long, List<RolePermissionCacheService.PermissionDTO>> rolePermissions,
@ -1022,6 +1227,68 @@ public class PrivateController {
.collect(Collectors.toList());
}
private List<UniCodeCheckResult> resolveUniCode(CheckFeatureResourceParam checkFeatureResourceParam,
List<WorkspaceProductService.ProductFeatureSource> productFeatureSources,
Map<Long, List<RoleSaasFeatureResourceCacheService.SaasFeatureResourceDTO>> roleFeatureResources,
List<Role> roles,
List<SaasFeatureResourceService.SaasFeatureResourceCache> allFeatures) {
Map<String, List<ProductSaasFeatureResourceCacheService.FeatureResourceDTO>> productFeatureResourceMap = productFeatureSources.stream()
.map(WorkspaceProductService.ProductFeatureSource::getFeatureResources)
.flatMap(Collection::stream)
.collect(Collectors.groupingBy(ProductSaasFeatureResourceCacheService.FeatureResourceDTO::getUniCode));
List<Role> adminRoles = roles.stream()
.filter(e -> RoleTypeEnum.isAdmin(e.getRoleType()))
.collect(Collectors.toList());
List<Role> normalRoles = roles.stream()
.filter(e -> !RoleTypeEnum.isAdmin(e.getRoleType()))
.collect(Collectors.toList());
return checkFeatureResourceParam.getUniCodes().stream()
.map(uniCode -> {
List<ProductSaasFeatureResourceCacheService.FeatureResourceDTO> featureResources = productFeatureResourceMap.get(uniCode);
if (CollectionUtils.isEmpty(featureResources)) {
return UniCodeCheckResult.builder()
.uniCode(uniCode)
.authPermission(false)
.reasons(Lists.newArrayList("项目没有配置产品及权限"))
.build();
}
if (CollectionUtils.isEmpty(roles)) {
return UniCodeCheckResult.builder()
.uniCode(uniCode)
.authPermission(false)
.reasons(Lists.newArrayList("用户在项目里没有任何角色"))
.build();
}
UniCodeCheckResult adminRoleCheckResult = resolveAdminRoleFeature(adminRoles, featureResources);
UniCodeCheckResult normalRoleCheckResult = resolveNormalRoleFeature(normalRoles, featureResources, roleFeatureResources, uniCode);
UniCodeCheckResult notAuthCheckResult = resolveNotAuthFeature(featureResources, uniCode, allFeatures);
Boolean authPermission = BooleanUtils.isTrue(adminRoleCheckResult.getAuthPermission())
|| BooleanUtils.isTrue(normalRoleCheckResult.getAuthPermission())
|| BooleanUtils.isTrue(notAuthCheckResult.getAuthPermission());
List<String> adminRoleReasons = adminRoleCheckResult.getReasons();
List<String> normalRoleReasons = normalRoleCheckResult.getReasons();
List<String> notAuthReasons = notAuthCheckResult.getReasons();
adminRoleReasons.addAll(normalRoleReasons);
adminRoleReasons.addAll(notAuthReasons);
return UniCodeCheckResult.builder()
.uniCode(uniCode)
.authPermission(authPermission)
.reasons(adminRoleReasons)
.build();
})
.collect(Collectors.toList());
}
private Map<Long, List<RolePermissionCacheService.PermissionDTO>> listRolePermission(List<Role> roles) {
if (CollectionUtils.isEmpty(roles)) {
@ -1034,15 +1301,23 @@ public class PrivateController {
return rolePermissionCacheService.list(listRolePermissionParam);
}
private List<Product> listProduct(List<WorkspaceProductService.ProductPermission> productPermissions) {
private Map<Long, List<RoleSaasFeatureResourceCacheService.SaasFeatureResourceDTO>> listRoleFeatureResource(List<Role> roles) {
if (CollectionUtils.isEmpty(productPermissions)) {
return Collections.emptyList();
if (CollectionUtils.isEmpty(roles)) {
return Collections.emptyMap();
}
List<Long> productIds = productPermissions.stream()
.map(WorkspaceProductService.ProductPermission::getProductId)
.collect(Collectors.toList());
RoleSaasFeatureResourceCacheService.ListRoleSaasFeatureResourceParam listRolePermissionParam = RoleSaasFeatureResourceCacheService.ListRoleSaasFeatureResourceParam.builder()
.roleIds(roles.stream().map(Role::getRoleId).collect(Collectors.toSet()))
.build();
return roleSaasFeatureResourceCacheService.list(listRolePermissionParam);
}
private List<Product> listProduct(List<Long> productIds) {
if (CollectionUtils.isEmpty(productIds)) {
return Collections.emptyList();
}
return productModuleDao.listByIds(productIds).stream()
.filter(productModule -> Objects.equals(productModule.getIsDelete(),0L))
@ -1064,16 +1339,18 @@ public class PrivateController {
.collect(Collectors.toList());
}
private List<Role> listRole(CheckPermissionParam request) {
ListRoleUserRelationParam listRoleUserRelationParam = ListRoleUserRelationParam.builder()
.personId(request.getPersonId())
.workspaceOuPairs(Lists.newArrayList(ListRoleUserRelationParam.WorkspaceOuPair.builder()
.workspaceId(request.getWorkspaceId())
.ouId(request.getOuId())
.build()))
.needRole(true)
private List<WorkspaceProductService.ProductFeatureSource> listWorkspaceProductFeatureResource(CheckFeatureResourceParam request) {
WorkspaceProductService.ListWorkspaceProductFeatureSourceCacheParam listWorkspaceProductFeatureSourceCacheParam = WorkspaceProductService.ListWorkspaceProductFeatureSourceCacheParam
.builder()
.workspaceIds(Sets.newHashSet(request.getWorkspaceId()))
.build();
return workspaceProductService.listWorkspaceProductFeatureResourceCached(listWorkspaceProductFeatureSourceCacheParam).stream()
.map(WorkspaceProductService.WorkspaceProductFeatureSource::getProductFeatureSources)
.flatMap(Collection::stream)
.collect(Collectors.toList());
}
private List<Role> listRole(ListRoleUserRelationParam listRoleUserRelationParam) {
return saasRoleUserRelationService.listV2(listRoleUserRelationParam).stream()
.filter(e -> e.getSaasRole() != null)
.collect(Collectors.toList())
@ -1087,6 +1364,15 @@ public class PrivateController {
.collect(Collectors.toList());
}
@PostMapping("/api/private/dingtalk/send")
public Object sendUpsertDingTalk(@RequestBody SaasFeatureResourceUpsertPayload request) {
Event event = Event.builder()
.data(request)
.build();
sendDingTalkHandler.onFeatureResourceUpsert(event, null);
return "ok";
}
@Data
@Builder
@NoArgsConstructor
@ -1109,6 +1395,28 @@ public class PrivateController {
private String terminal;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public static class CheckFeatureResourceParam {
@NotNull(message = "ouId不能为空")
private Long ouId;
@NotNull(message = "workspaceId不能为空")
private Long workspaceId;
@NotEmpty(message = "uniCodes不能为空")
private Set<String> uniCodes;
@NotNull(message = "personId不能为空")
private Long personId;
@NotBlank(message = "terminal不能为空")
private String terminal;
}
@Data
@Builder
@NoArgsConstructor
@ -1122,6 +1430,19 @@ public class PrivateController {
private List<FeatureCodeCheckResult> featureCodeCheckResults;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public static class CheckFeatureResourceDTO {
private List<Product> products;
private List<Role> roles;
private List<UniCodeCheckResult> uniCodeCheckResults;
}
@Data
@Builder
@NoArgsConstructor
@ -1160,6 +1481,18 @@ public class PrivateController {
private Boolean authPermission;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public static class UniCodeCheckResult {
private String uniCode;
private List<String> reasons;
private Boolean authPermission;
}
@Data
@Builder
@NoArgsConstructor

11
tyr-server/src/main/java/cn/axzo/tyr/server/controller/data/object/DataObjectController.java
View File

@ -1,6 +1,5 @@
package cn.axzo.tyr.server.controller.data.object;
import cn.axzo.basics.auth.enums.WorkspaceTypeWithLegacyEnum;
import cn.axzo.basics.common.page.PageResult;
import cn.axzo.framework.domain.ServiceException;
import cn.axzo.framework.domain.web.result.ApiResult;
@ -10,12 +9,8 @@ import cn.axzo.tyr.client.common.enums.EnumTypeEnum;
import cn.axzo.tyr.client.common.enums.ReturnCodeEnum;
import cn.axzo.tyr.client.common.enums.RowPermissionEnum;
import cn.axzo.tyr.client.common.enums.TenantScopeEnum;
import cn.axzo.tyr.client.common.enums.WorkspaceJoinType;
import cn.axzo.tyr.client.feign.DataObjectApi;
import cn.axzo.tyr.client.model.req.CreateDataObjectReq;
import cn.axzo.tyr.client.model.req.DeleteDataObjectReq;
import cn.axzo.tyr.client.model.req.EditDataObjectReq;
import cn.axzo.tyr.client.model.req.PageDataObjectReq;
import cn.axzo.tyr.client.model.req.*;
import cn.axzo.tyr.client.model.res.DataObjectRes;
import cn.axzo.tyr.client.model.res.EnumRes;
import cn.axzo.tyr.client.model.res.SimpleDataObjectRes;
@ -91,4 +86,8 @@ public class DataObjectController implements DataObjectApi {
return ApiResult.ok(dataObjectService.getDataObject(dataObjectId));
}
@Override
public ApiResult<DataObjectRes> queryDataObject(QueryDataObjectReq req) {
return ApiResult.ok(dataObjectService.queryDataObject(req));
}
}

4
tyr-server/src/main/java/cn/axzo/tyr/server/controller/permission/PermissionPointController.java
View File

@ -2,6 +2,7 @@ package cn.axzo.tyr.server.controller.permission;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.feign.PermissionPointApi;
import cn.axzo.tyr.client.model.permission.DeletePermissionPointRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointDTO;
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
@ -59,6 +60,9 @@ public class PermissionPointController implements PermissionPointApi {
return ApiResult.ok(permissionPointService.delete(permissionId));
}
@Override public ApiResult<List<String>> deletePermissionPointV2(DeletePermissionPointRequest request) {
return ApiResult.ok(permissionPointService.deleteV2(request));
}
@Override
public ApiResult<Void> move(PermissionPointMoveRequest request) {

19
tyr-server/src/main/java/cn/axzo/tyr/server/controller/product/ProductController.java
View File

@ -3,7 +3,16 @@ package cn.axzo.tyr.server.controller.product;
import cn.axzo.framework.domain.web.result.ApiPageResult;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.feign.ProductApi;
import cn.axzo.tyr.client.model.product.*;
import cn.axzo.tyr.client.model.product.OldUpdateFeatureRelationRequestV2;
import cn.axzo.tyr.client.model.product.ProductAddReq;
import cn.axzo.tyr.client.model.product.ProductDetailReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationSearchReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationUpdateReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
import cn.axzo.tyr.client.model.product.ProductSearchListReq;
import cn.axzo.tyr.client.model.product.ProductSearchPageReq;
import cn.axzo.tyr.client.model.product.ProductUpdateReq;
import cn.axzo.tyr.client.model.product.ProductVO;
import cn.axzo.tyr.client.model.req.ProductSaveReq;
import cn.axzo.tyr.client.model.req.UpdateProductStatusReq;
import cn.axzo.tyr.client.model.res.GovernmentTerminalResp;
@ -127,6 +136,14 @@ public class ProductController implements ProductApi {
return productFeatureRelationService.updateFeatureRelation(req);
}
@Override
public ApiResult<Boolean> updateFeatureRelationV2(OldUpdateFeatureRelationRequestV2 req) {
if(CollectionUtils.isEmpty(req.getRelations())) {
return ApiResult.ok(false);
}
permissionCacheService.markTempDisable(PermissionCacheKey.builder().disableAll(true).build());
return productFeatureRelationService.updateFeatureRelationV2(req);
}
@Override
public ApiResult<Map<Long, List<ProductFeatureRelationVO>>> queryProductFeatureRelationByWorkspace(Set<Long> workspaceIds) {

7
tyr-server/src/main/java/cn/axzo/tyr/server/controller/role/SaasRoleGroupController.java
View File

@ -8,6 +8,7 @@ import cn.axzo.tyr.client.feign.SaasRoleGroupApi;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PageSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.req.SaasRoleGroupDeleteRequest;
import cn.axzo.tyr.client.model.req.UpdateRoleGroupOffsetReq;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
@ -56,6 +57,12 @@ public class SaasRoleGroupController implements SaasRoleGroupApi {
return ApiResult.ok(roleGroups.get(0));
}
@Override
public ApiResult<Void> deleteV2(SaasRoleGroupDeleteRequest request) {
saasRoleGroupService.deleteV2(request);
return ApiResult.ok();
}
@Override
public ApiResult<Void> delete(List<Long> ids) {
saasRoleGroupService.delete(ids);

13
tyr-server/src/main/java/cn/axzo/tyr/server/event/inner/CacheRolePermissionHandler.java
View File

@ -26,6 +26,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
@ -73,12 +74,16 @@ public class CacheRolePermissionHandler implements InitializingBean {
log.info("begin cached role permission handler rocketmq event: {}", event);
RolePermissionCreatedPayload payload = event.normalizedData(RolePermissionCreatedPayload.class);
if (CollectionUtils.isEmpty(payload.getRoleIds())) {
return;
}
// 影响角色权限入口的代码没法简单重构导致发送的roleIds可能不准确所以一旦有角色权限的更新事件后全量更新角色权限角色权限数量不多
// 后续收口了代码就准确根据角色去更新缓存
// if (CollectionUtils.isEmpty(payload.getRoleIds())) {
// return;
// }
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
.roleIds(Lists.newArrayList(payload.getRoleIds()))
.roleIds(Optional.ofNullable(payload.getRoleIds())
.map(Lists::newArrayList)
.orElse(null))
.needPermissionRelation(true)
.build();
List<SaasRoleRes> roles = roleService.list(listSaasRoleParam);

13
tyr-server/src/main/java/cn/axzo/tyr/server/event/inner/CacheRoleSaasFeatureResourceHandler.java
View File

@ -24,6 +24,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
@ -68,12 +69,16 @@ public class CacheRoleSaasFeatureResourceHandler implements InitializingBean {
log.info("begin cached role saasFeatureResource handler rocketmq event: {}", event);
RolePermissionCreatedPayload payload = event.normalizedData(RolePermissionCreatedPayload.class);
if (CollectionUtils.isEmpty(payload.getRoleIds())) {
return;
}
// 影响角色权限入口的代码没法简单重构导致发送的roleIds可能不准确所以一旦有角色权限的更新事件后全量更新角色权限角色权限数量不多
// 后续收口了代码就准确根据角色去更新缓存
// if (CollectionUtils.isEmpty(payload.getRoleIds())) {
// return;
// }
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
.roleIds(Lists.newArrayList(payload.getRoleIds()))
.roleIds(Optional.ofNullable(payload.getRoleIds())
.map(Lists::newArrayList)
.orElse(null))
.needPermissionRelation(true)
.type(NEW_FEATURE)
.build();

78
tyr-server/src/main/java/cn/axzo/tyr/server/event/inner/SendDingTalkHandler.java Normal file
View File

@ -0,0 +1,78 @@
package cn.axzo.tyr.server.event.inner;
import cn.axzo.framework.auth.domain.TerminalInfo;
import cn.axzo.framework.rocketmq.Event;
import cn.axzo.framework.rocketmq.EventConsumer;
import cn.axzo.tyr.server.common.util.DingTalkUtil;
import cn.axzo.tyr.server.event.payload.SaasFeatureResourceUpsertPayload;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import java.util.Objects;
import java.util.Optional;
@Slf4j
@Component
public class SendDingTalkHandler implements InitializingBean {
@Autowired
private EventConsumer eventConsumer;
@Value("${spring.profiles.active}")
private String env;
// 语音助手菜单变更通知@沈尚只是临时的方案对方接入MQ成本高所以没改成配置
private static final String ACCESS_TOKEN = "11cdf26d77211ee887184844910bf249b94aa2675c7ce36d75a7aa87d619490f";
private static final String SECRET = "SEC3c1be9e4fe4cc09f16eb4b2eebf91659f21d5bdfb1d764b52f3e47825e6bed3f";
public void onFeatureResourceUpsert(Event event, EventConsumer.Context context) {
log.info("begin send dingTalk rocketmq event: {}", event);
SaasFeatureResourceUpsertPayload payload = event.normalizedData(SaasFeatureResourceUpsertPayload.class);
if (Objects.isNull(payload.getAction())) {
return;
}
if (Objects.isNull(payload.getNewValue()) && Objects.isNull(payload.getOldValue())) {
return;
}
// 现在沈尚那边只关心CMP的code有更新的情况
String terminal = Optional.ofNullable(payload.getNewValue())
.map(SaasFeatureResource::getTerminal)
.orElseGet(() -> payload.getOldValue().getTerminal());
if (!Objects.equals(terminal, TerminalInfo.NT_CMP_APP_GENERAL)) {
return;
}
if (Objects.equals(payload.getAction(), SaasFeatureResource.Action.UPDATE) &&
Objects.equals(payload.getNewValue().getUniCode(), payload.getOldValue().getUniCode())) {
return;
}
StringBuilder sb = new StringBuilder();
sb.append("环境:" + env + "\n");
sb.append("操作:" + payload.getAction() + "\n");
if (Objects.equals(payload.getAction(), SaasFeatureResource.Action.CREATE)) {
sb.append("新code:" + payload.getNewValue().getUniCode());
} else if (Objects.equals(payload.getAction(), SaasFeatureResource.Action.UPDATE)) {
sb.append("新code:" + payload.getNewValue().getUniCode() + "\n");
sb.append("旧code:" + payload.getOldValue().getUniCode());
} else if (Objects.equals(payload.getAction(), SaasFeatureResource.Action.DELETE)) {
sb.append("旧code:" + payload.getOldValue().getUniCode());
}
DingTalkUtil.sendMessage(sb.toString(), ACCESS_TOKEN, SECRET);
log.info("end send dingTalk rocketmq event: {}", event);
}
@Override
public void afterPropertiesSet() throws Exception {
eventConsumer.registerHandler(EventTypeEnum.SAAS_FEATURE_RESOURCE_UPSERT.getEventCode(), this::onFeatureResourceUpsert);
}
}

8
tyr-server/src/main/java/cn/axzo/tyr/server/event/payload/SaasFeatureResourceUpsertPayload.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.server.event.payload;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
@ -14,5 +15,12 @@ import java.util.Set;
@AllArgsConstructor
public class SaasFeatureResourceUpsertPayload implements Serializable {
// 只有tyr消费触发更新缓存同步等很多批量操作要全部重构收口代码后才能好修改这个payload
private Set<String> terminals;
private SaasFeatureResource oldValue;
private SaasFeatureResource newValue;
private SaasFeatureResource.Action action;
}

2
tyr-server/src/main/java/cn/axzo/tyr/server/job/CacheSaasFeatureJob.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.server.job;
import cn.axzo.tyr.client.common.enums.FeatureResourceStatus;
import cn.axzo.tyr.client.model.enums.DelegatedType;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.res.PageElementResp;
@ -96,6 +97,7 @@ public class CacheSaasFeatureJob extends IJobHandler {
.notAuth(SaasFeatureResource.AuthType.isAllRole(e.getAuthType()))
.parentIds(e.resolvePath())
.uniCode(e.getUniCode())
.status(e.getStatus())
.version(Optional.ofNullable(e.getSaasPageElements())
.map(pageElement -> pageElement.stream()
.findFirst()

66
tyr-server/src/main/java/cn/axzo/tyr/server/job/CacheWorkspaceProductJob.java Normal file
View File

@ -0,0 +1,66 @@
package cn.axzo.tyr.server.job;
import cn.axzo.thrones.client.saas.ServicePkgClient;
import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
import cn.axzo.tyr.server.service.WorkspaceProductService;
import cn.axzo.tyr.server.utils.RpcInternalUtil;
import com.xxl.job.core.biz.model.ReturnT;
import com.xxl.job.core.handler.IJobHandler;
import com.xxl.job.core.handler.annotation.XxlJob;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
@Slf4j
@Component
public class CacheWorkspaceProductJob extends IJobHandler {
@Autowired
private WorkspaceProductService workspaceProductService;
@Autowired
private ServicePkgClient servicePkgClient;
@Override
@XxlJob("CacheWorkspaceProductJob")
public ReturnT<String> execute(String s) throws Exception {
log.info("start CacheWorkspaceProductJob, s:{}", s);
// 全量更新所有项目的产品数量比较大所以这里只从缓存中的项目去更新产品
Map<Long, Set<Long>> allWorkspaceProducts = workspaceProductService.listAllWorkspaceProductCached();
Set<Long> workspaceIds = allWorkspaceProducts.keySet();
if (CollectionUtils.isEmpty(workspaceIds)) {
return ReturnT.SUCCESS;
}
List<ServicePkgDetailRes> servicePkgDetailRes = RpcInternalUtil.rpcListProcessor(() -> servicePkgClient.getServicePkgDetailBySpaceId(workspaceIds),
"查询项目的产品", workspaceIds).getData();
List<WorkspaceProductService.WorkspaceProductDTO> workspaceProducts = servicePkgDetailRes.stream()
.map(e -> WorkspaceProductService.WorkspaceProductDTO.builder()
.workspaceId(e.getSpaceId())
.productIds(Optional.ofNullable(e.getProducts())
.map(products -> products.stream()
.map(ServicePkgProduct::getProductId)
.collect(Collectors.toSet()))
.orElse(null))
.build())
.collect(Collectors.toList());
WorkspaceProductService.StoreWorkspaceProductParam storeWorkspaceProductParam = WorkspaceProductService.StoreWorkspaceProductParam.builder()
.workspaceProducts(workspaceProducts)
.build();
workspaceProductService.storeWorkspaceProduct(storeWorkspaceProductParam);
return ReturnT.SUCCESS;
}
}

3
tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasPgroupPermissionRelationDao.java
View File

@ -15,6 +15,8 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.NEW_FEATURE;
@Repository
public class SaasPgroupPermissionRelationDao extends ServiceImpl<SaasPgroupPermissionRelationMapper, SaasPgroupPermissionRelation> {
@ -59,6 +61,7 @@ public class SaasPgroupPermissionRelationDao extends ServiceImpl<SaasPgroupPermi
return lambdaQuery()
.in(SaasPgroupPermissionRelation::getFeatureId,featureIds)
.eq(BaseEntity::getIsDelete, TableIsDeleteEnum.NORMAL.value)
.eq(SaasPgroupPermissionRelation::getType, NEW_FEATURE)
.list();
}
}

4
tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/DataObjectRuleScope.java
View File

@ -36,4 +36,8 @@ public class DataObjectRuleScope extends BaseOperatorEntity<DataObjectRuleScope>
* 岗位id/角色id
*/
private Long relationId;
/**
* 岗位编码
*/
private String relationCode;
}

10
tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasFeatureResource.java
View File

@ -198,4 +198,14 @@ public class SaasFeatureResource extends BaseEntity<SaasFeatureResource> {
return Objects.equals(ALL_ROLE.getValue(), authType);
}
}
@Getter
@AllArgsConstructor
public enum Action {
DELETE( "删除操作"),
CREATE( "创建操作"),
UPDATE( "更新操作");
private String desc;
}
}

8
tyr-server/src/main/java/cn/axzo/tyr/server/repository/entity/SaasPgroupPermissionRelationOperateLog.java
View File

@ -2,7 +2,10 @@ package cn.axzo.tyr.server.repository.entity;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.annotation.TableField;
import com.baomidou.mybatisplus.annotation.TableName;
import com.baomidou.mybatisplus.extension.handlers.FastjsonTypeHandler;
import lombok.*;
/**
@ -15,7 +18,7 @@ import lombok.*;
@Builder
@ToString
@EqualsAndHashCode(callSuper = true)
@TableName("saas_pgroup_permission_relation_operate_log")
@TableName(value = "saas_pgroup_permission_relation_operate_log", autoResultMap = true)
public class SaasPgroupPermissionRelationOperateLog extends BaseEntity<SaasPgroupPermissionRelationOperateLog> {
/**
@ -63,4 +66,7 @@ public class SaasPgroupPermissionRelationOperateLog extends BaseEntity<SaasPgrou
* 操作人角色
*/
private String createByRole;
@TableField(typeHandler = FastjsonTypeHandler.class)
private JSONObject ext;
}

4
tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasFeatureMapper.java
View File

@ -2,6 +2,8 @@ package cn.axzo.tyr.server.repository.mapper;
import cn.axzo.tyr.server.repository.entity.SaasFeature;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import org.apache.ibatis.annotations.Update;
/**
@ -19,4 +21,6 @@ public interface SaasFeatureMapper extends BaseMapper<SaasFeature> {
"WHERE path LIKE CONCAT(#{pathPrefix},'%') ")
void updateChildrenPath(Long updater, String pathPrefix, String newPathPrefix);
@Select("SELECT * FROM saas_feature WHERE id = #{id}")
SaasFeature getByIdDeleteAware(@Param("id") Long id);
}

12
tyr-server/src/main/java/cn/axzo/tyr/server/repository/mapper/SaasRoleGroupMapper.java
View File

@ -3,9 +3,21 @@ package cn.axzo.tyr.server.repository.mapper;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Mapper;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import java.util.List;
@Mapper
public interface SaasRoleGroupMapper extends BaseMapper<SaasRoleGroup> {
@Select("<script>SELECT * FROM saas_role_group WHERE id IN\n" +
" <foreach collection=\"ids\" item=\"id\" open=\"(\" separator=\",\" close=\")\">\n" +
" #{id}\n" +
" </foreach>\n" +
"</script>")
List<SaasRoleGroup> getByIdsDeleteAware(
@Param("ids") List<Long> ids);
}

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/DataObjectService.java
View File

@ -4,6 +4,7 @@ import cn.axzo.basics.common.page.PageResult;
import cn.axzo.tyr.client.model.req.CreateDataObjectReq;
import cn.axzo.tyr.client.model.req.EditDataObjectReq;
import cn.axzo.tyr.client.model.req.PageDataObjectReq;
import cn.axzo.tyr.client.model.req.QueryDataObjectReq;
import cn.axzo.tyr.client.model.res.DataObjectRes;
import cn.axzo.tyr.client.model.res.SimpleDataObjectRes;
@ -17,4 +18,6 @@ public interface DataObjectService {
PageResult<SimpleDataObjectRes> pageDataObject(PageDataObjectReq req);
DataObjectRes getDataObject(Long dataObjectId);
DataObjectRes queryDataObject(QueryDataObjectReq req);
}

4
tyr-server/src/main/java/cn/axzo/tyr/server/service/PermissionPointService.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.server.service;
import cn.axzo.tyr.client.model.permission.DeletePermissionPointRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointDTO;
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
@ -42,6 +43,9 @@ public interface PermissionPointService {
/** 删除权限点 返回business_no **/
List<String> delete(Long permissionId);
/** 删除权限点 返回business_no **/
List<String> deleteV2(DeletePermissionPointRequest request);
/** 位置移动-父级和排序 **/
void move(PermissionPointMoveRequest request);

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/ProductFeatureRelationService.java
View File

@ -2,6 +2,7 @@ package cn.axzo.tyr.server.service;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.framework.domain.web.result.ApiResult;
import cn.axzo.tyr.client.model.product.OldUpdateFeatureRelationRequestV2;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationSearchReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationUpdateReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
@ -25,6 +26,8 @@ public interface ProductFeatureRelationService extends IService<SaasProductModul
ApiResult<Boolean> updateFeatureRelation(List<ProductFeatureRelationUpdateReq> req);
ApiResult<Boolean> updateFeatureRelationV2(OldUpdateFeatureRelationRequestV2 request);
/**
* 更新产品功能权限关系仅支持saas_feature_resource功能点
*

20
tyr-server/src/main/java/cn/axzo/tyr/server/service/RoleService.java
View File

@ -19,6 +19,7 @@ import cn.axzo.tyr.client.model.res.QueryBatchByIdentityIdTypeRes;
import cn.axzo.tyr.client.model.res.QueryRoleByNameResp;
import cn.axzo.tyr.client.model.res.RoleWithUserRes;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
import cn.axzo.tyr.client.model.vo.DeleteRoleVO;
import cn.axzo.tyr.client.model.vo.SaasRoleAndGroupVO;
import cn.axzo.tyr.client.model.vo.SaasRoleCategoryVO;
@ -138,6 +139,12 @@ public interface RoleService extends IService<SaasRole> {
@CriteriaField(field = "id", operator = Operator.NE)
private Long idNE;
/**
* 角色权限码
*/
@CriteriaField(field = "roleCode", operator = Operator.IN)
private Set<String> roleCodes;
/**
* 权限点从saas_feature_resource表查询
*/
@ -166,6 +173,12 @@ public interface RoleService extends IService<SaasRole> {
@CriteriaField(ignore = true)
private Boolean needPermissionRelation;
/**
* 是否需要预设角色因为预设角色的workspaceId和ouId为-1
*/
@CriteriaField(ignore = true)
private Boolean needPresetRole;
/**
* 查询菜单树节点类型
*/
@ -184,6 +197,13 @@ public interface RoleService extends IService<SaasRole> {
@CriteriaField(ignore = true)
private String terminal;
/**
* workspaceId和ouId配对查询
* 例如((workspaceId = ## and ouId = ##) or (workspaceId = ## and ouId = ##))
*/
@CriteriaField(ignore = true)
private List<ListRoleUserRelationParam.WorkspaceOuPair> workspaceOuPairs;
@CriteriaField(field = "workspaceId", operator = Operator.EQ)
private Long workspaceId;

245
tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasFeatureResourceService.java
View File

@ -1,119 +1,126 @@
package cn.axzo.tyr.server.service;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.tyr.client.model.req.DeleteFeatureResourceReq;
import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq;
import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.server.model.ResourcePermission;
import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import com.baomidou.mybatisplus.extension.service.IService;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* 功能资源服务
*
* @version V1.0
* @author: ZhanSiHu
* @date: 2024/4/3 10:17
*/
public interface SaasFeatureResourceService extends IService<SaasFeatureResource> {
Long saveOrUpdateMenu(FeatureResourceTreeSaveReq req);
void updateFeatureAuthType(Long featureId, Integer authType);
/**递归的**/
List<SaasFeatureResource> batchListDescendant(List<Long> featureIds);
SaasFeatureResource featureResourceById(Long featureId);
FeatureResourceTreeNode getTreeFeatureDescendant(Long featureId, Integer featureType);
/**菜单重排序**/
void reorderMenuFeature(Long featureId, Integer offset);
/** 根据ID查询导航菜单页面信息 仅可显示 - 限制查询字段 **/
List<SaasFeatureResource> listNavByIds(List<Long> featureIds, List<Integer> featureTypes);
/** 资源权限通用查询 **/
List<ResourcePermission> permissionQuery(ResourcePermissionQueryDTO param);
/** 查询资源树 **/
List<FeatureResourceTreeNode> getTree(GetFeatureResourceTreeReq req);
SaasFeatureResource getByCode(String featureCode);
Set<Long> listAuthFree();
List<SaasFeatureResource> listByParentIdAndTerminalAndIds(Long parentId, String terminal, List<Long> featureIds);
List<SaasFeatureResourceResp> list(PageSaasFeatureResourceReq param);
PageResp<SaasFeatureResourceResp> page(PageSaasFeatureResourceReq param);
void deleteFeatureResource(DeleteFeatureResourceReq param);
void storeCache(StoreSaasFeatureResourceCache param);
Map<String, List<SaasFeatureResourceCache>> listCache(ListSaasFeatureResourceCache param);
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class StoreSaasFeatureResourceCache {
private List<SaasFeatureResourceDTO> saasFeatureResources;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class SaasFeatureResourceDTO {
private String terminal;
private List<SaasFeatureResourceCache> features;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class ListSaasFeatureResourceCache {
private Set<String> terminals;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class SaasFeatureResourceCache {
private Long featureId;
private boolean notAuth;
private Set<Long> parentIds;
private String uniCode;
/**
* 客户端版本号
* 在根据版本号查询菜单树权限的时候需要
*/
private Integer version;
}
}
package cn.axzo.tyr.server.service;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.tyr.client.model.req.DeleteFeatureResourceReq;
import cn.axzo.tyr.client.model.req.FeatureResourceTreeSaveReq;
import cn.axzo.tyr.client.model.req.GetFeatureResourceTreeReq;
import cn.axzo.tyr.client.model.req.PageSaasFeatureResourceReq;
import cn.axzo.tyr.client.model.res.FeatureResourceTreeNode;
import cn.axzo.tyr.client.model.res.SaasFeatureResourceResp;
import cn.axzo.tyr.server.model.ResourcePermission;
import cn.axzo.tyr.server.model.ResourcePermissionQueryDTO;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import com.baomidou.mybatisplus.extension.service.IService;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* 功能资源服务
*
* @version V1.0
* @author: ZhanSiHu
* @date: 2024/4/3 10:17
*/
public interface SaasFeatureResourceService extends IService<SaasFeatureResource> {
Long saveOrUpdateMenu(FeatureResourceTreeSaveReq req);
void updateFeatureAuthType(Long featureId, Integer authType);
/**递归的**/
List<SaasFeatureResource> batchListDescendant(List<Long> featureIds);
SaasFeatureResource featureResourceById(Long featureId);
FeatureResourceTreeNode getTreeFeatureDescendant(Long featureId, Integer featureType);
/**菜单重排序**/
void reorderMenuFeature(Long featureId, Integer offset);
/** 根据ID查询导航菜单页面信息 仅可显示 - 限制查询字段 **/
List<SaasFeatureResource> listNavByIds(List<Long> featureIds, List<Integer> featureTypes);
/** 资源权限通用查询 **/
List<ResourcePermission> permissionQuery(ResourcePermissionQueryDTO param);
/** 查询资源树 **/
List<FeatureResourceTreeNode> getTree(GetFeatureResourceTreeReq req);
SaasFeatureResource getByCode(String featureCode);
Set<Long> listAuthFree();
List<SaasFeatureResource> listByParentIdAndTerminalAndIds(Long parentId, String terminal, List<Long> featureIds);
List<SaasFeatureResourceResp> list(PageSaasFeatureResourceReq param);
PageResp<SaasFeatureResourceResp> page(PageSaasFeatureResourceReq param);
void deleteFeatureResource(DeleteFeatureResourceReq param);
void storeCache(StoreSaasFeatureResourceCache param);
Map<String, List<SaasFeatureResourceCache>> listCache(ListSaasFeatureResourceCache param);
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class StoreSaasFeatureResourceCache {
private List<SaasFeatureResourceDTO> saasFeatureResources;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class SaasFeatureResourceDTO {
private String terminal;
private List<SaasFeatureResourceCache> features;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class ListSaasFeatureResourceCache {
private Set<String> terminals;
}
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
class SaasFeatureResourceCache {
private Long featureId;
private boolean notAuth;
private Set<Long> parentIds;
private String uniCode;
/**
* 客户端版本号
* 在根据版本号查询菜单树限的时候需要
*/
private Integer version;
/**
* 1展示
* 0隐藏
* FeatureResourceStatus
*/
private Integer status;
}
}

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/SaasRoleGroupService.java
View File

@ -4,6 +4,7 @@ import cn.axzo.foundation.page.PageResp;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PageSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.req.SaasRoleGroupDeleteRequest;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
@ -32,6 +33,8 @@ public interface SaasRoleGroupService extends IService<SaasRoleGroup> {
void delete(List<Long> ids);
void deleteV2(SaasRoleGroupDeleteRequest request);
/**
* 分组CODE查询角色分组
* @param categoryCode

3
tyr-server/src/main/java/cn/axzo/tyr/server/service/WorkspaceProductService.java
View File

@ -9,6 +9,7 @@ import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
import java.util.Map;
import java.util.Set;
public interface WorkspaceProductService {
@ -43,6 +44,8 @@ public interface WorkspaceProductService {
*/
List<WorkspaceProductFeatureSource> listWorkspaceProductFeatureResourceCached(ListWorkspaceProductFeatureSourceCacheParam param);
Map<Long, Set<Long>> listAllWorkspaceProductCached();
@Data
@Builder
@NoArgsConstructor

214
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/DataObjectServiceImpl.java
View File

@ -1,5 +1,6 @@
package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.constant.enums.DeleteEnum;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.basics.common.page.PageResult;
import cn.axzo.tyr.client.common.enums.ReturnCodeEnum;
@ -16,6 +17,7 @@ import cn.axzo.tyr.client.model.data.object.RuleScopeQueryBO;
import cn.axzo.tyr.client.model.req.CreateDataObjectReq;
import cn.axzo.tyr.client.model.req.EditDataObjectReq;
import cn.axzo.tyr.client.model.req.PageDataObjectReq;
import cn.axzo.tyr.client.model.req.QueryDataObjectReq;
import cn.axzo.tyr.client.model.res.DataObjectRes;
import cn.axzo.tyr.client.model.res.SimpleDataObjectRes;
import cn.axzo.tyr.server.repository.dao.DataObjectAttrDao;
@ -31,13 +33,17 @@ import cn.axzo.tyr.server.repository.entity.DataObjectRuleScope;
import cn.axzo.tyr.server.service.DataObjectService;
import cn.axzo.tyr.server.utils.mapper.DataObjectMapper;
import cn.hutool.core.collection.CollUtil;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import groovy.lang.Tuple2;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionTemplate;
import javax.annotation.Resource;
@ -64,6 +70,7 @@ public class DataObjectServiceImpl implements DataObjectService {
private TransactionTemplate transactionTemplate;
@Override
@Transactional(rollbackFor = Exception.class)
public Long createDataObject(CreateDataObjectReq req) {
// 校验
// objectNameobjectCode不能重复
@ -88,6 +95,7 @@ public class DataObjectServiceImpl implements DataObjectService {
}
List<DataObjectRule> dataObjectRules = DataObjectMapper.INSTANCE.ruleBOs2Rules(req.getDataObjectRuleBOList());
handleJobs(dataObjectRules, req.getDataObjectRuleBOList());
int size = (CollUtil.isNotEmpty(defaultDataObjectRules) ? defaultDataObjectRules.size() : 0)
+ (CollUtil.isNotEmpty(dataObjectRules) ? dataObjectRules.size() : 0);
@ -167,6 +175,7 @@ public class DataObjectServiceImpl implements DataObjectService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public void editDataObject(EditDataObjectReq req) {
// 对象属性名和code不能重复
checkObjectAttrNameOrCodeUnique(req.getAttrs());
@ -196,6 +205,7 @@ public class DataObjectServiceImpl implements DataObjectService {
}
List<DataObjectRule> dataObjectRules = DataObjectMapper.INSTANCE.ruleBOs2Rules(req.getDataObjectRuleBOList());
handleJobs(dataObjectRules, req.getDataObjectRuleBOList());
int size = (CollUtil.isNotEmpty(defaultDataObjectRules) ? defaultDataObjectRules.size() : 0)
+ (CollUtil.isNotEmpty(dataObjectRules) ? dataObjectRules.size() : 0);
List<DataObjectRule> generalObjectRuleList = new ArrayList<>(size);
@ -235,6 +245,7 @@ public class DataObjectServiceImpl implements DataObjectService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public void deleteDataObject(Long dataObjectId, Long updateBy) {
List<Long> idList = Collections.singletonList(dataObjectId);
transactionTemplate.executeWithoutResult(status -> {
@ -274,87 +285,22 @@ public class DataObjectServiceImpl implements DataObjectService {
if (Objects.isNull(dataObject)) {
throw new cn.axzo.framework.domain.ServiceException(ReturnCodeEnum.DATA_NOT_EXIST.getMessage());
}
DataObjectRes res = DataObjectMapper.INSTANCE.dataObject2DataObjectRes(dataObject);
// 获取数据对象字段
DataObjectAttrQueryBO bo1 = DataObjectAttrQueryBO.builder().dataObjectId(dataObjectId).build();
List<DataObjectAttr> objectAttrList = dataObjectAttrDao.listByBO(bo1);
Map<String, String> attrMap;
if (CollUtil.isNotEmpty(objectAttrList)) {
List<AttributeBO> attributeBOS = DataObjectMapper.INSTANCE.dataObjectAttrs2AttributeBOs(objectAttrList);
List<AttributeBO> attributeBOList = attributeBOS.stream().sorted(Comparator.comparing(AttributeBO::getSort)).collect(Collectors.toList());
res.setAttrs(attributeBOList);
attrMap = attributeBOList.stream().collect(Collectors.toMap(AttributeBO::getAttrCode, AttributeBO::getAttrName, (a, b) -> a));
} else {
attrMap = null;
return buildDataObjectRes(dataObject);
}
@Override
public DataObjectRes queryDataObject(QueryDataObjectReq req) {
List<DataObject> dataObjects = dataObjectDao.lambdaQuery()
.eq(DataObject::getIsDelete, DeleteEnum.NORMAL.getValue())
.eq(StringUtils.isNotBlank(req.getDataObjectCode()), DataObject::getDataObjectCode, req.getDataObjectCode())
.eq(Objects.nonNull(req.getTenantScope()), DataObject::getTenantScope, req.getTenantScope())
.list();
if (CollectionUtils.isEmpty(dataObjects)) {
log.warn("数据权限记录不存在param:{}", JSON.toJSONString(req));
return null;
}
// 获取数据对象规则
DataObjectRuleQueryBO bo2 = DataObjectRuleQueryBO.builder().dataObjectId(dataObjectId).build();
List<DataObjectRule> dataObjectRules = dataObjectRuleDao.listByBO(bo2);
if (CollUtil.isNotEmpty(dataObjectRules)) {
res.setDataObjectRuleBOList(new ArrayList<>(dataObjectRules.size() - 1));
dataObjectRules.forEach(e -> {
if (YesNoEnum.YES.getValue().equals(e.getIsDefault())) {
DefaultDataObjectRuleBO ruleBO = DataObjectMapper.INSTANCE.rule2DefaultRuleBO(e);
res.setDefaultDataObjectRuleBO(ruleBO);
} else {
DataObjectRuleBO ruleBO = DataObjectMapper.INSTANCE.rule2RuleBO(e);
res.getDataObjectRuleBOList().add(ruleBO);
}
});
if (CollUtil.isNotEmpty(res.getDataObjectRuleBOList())) {
List<DataObjectRuleBO> sortedRuleList = res.getDataObjectRuleBOList().stream().sorted(Comparator.comparing(DataObjectRuleBO::getSort)).collect(Collectors.toList());
res.setDataObjectRuleBOList(sortedRuleList);
}
}
// 获取数据对象规则字段
RuleAttrQueryBO bo3 = RuleAttrQueryBO.builder().dataObjectId(dataObjectId).build();
List<DataObjectRuleAttr> ruleAttrList = dataObjectRuleAttrDao.listByBO(bo3);
if (CollUtil.isNotEmpty(attrMap) && CollUtil.isNotEmpty(ruleAttrList)) {
Map<Long, List<DataObjectRuleAttr>> ruleAttrMap = ruleAttrList.stream().collect(Collectors.groupingBy(DataObjectRuleAttr::getDataObjectRuleId));
// 默认
List<DataObjectRuleAttr> ruleAttrList1 = ruleAttrMap.get(res.getDefaultDataObjectRuleBO().getDataObjectRuleId());
if (CollUtil.isNotEmpty(ruleAttrList1)) {
List<AttributePermissionBO> permissionBOs = DataObjectMapper.INSTANCE.ruleAttrs2AttrPermissionBOs(ruleAttrList1);
permissionBOs.forEach(e -> e.setAttrName(attrMap.get(e.getAttrCode())));
List<AttributePermissionBO> permissionBOList = permissionBOs.stream().sorted(Comparator.comparing(AttributePermissionBO::getSort)).collect(Collectors.toList());
res.getDefaultDataObjectRuleBO().setAttributePermissionBOList(permissionBOList);
}
//自定义
if (CollUtil.isNotEmpty(res.getDataObjectRuleBOList())) {
res.getDataObjectRuleBOList().forEach(e -> buildRuleAttr(attrMap, ruleAttrMap, e));
}
}
// 获取数据对象规则范围
RuleScopeQueryBO bo4 = RuleScopeQueryBO.builder().dataObjectId(dataObjectId).build();
List<DataObjectRuleScope> scopeList = dataObjectRuleScopeDao.listByBO(bo4);
if (CollUtil.isNotEmpty(scopeList)) {
Map<Long, List<DataObjectRuleScope>> scopeMap = scopeList.stream().collect(Collectors.groupingBy(DataObjectRuleScope::getDataObjectRuleId));
// 默认
List<DataObjectRuleScope> defaultScopeList = scopeMap.get(res.getDefaultDataObjectRuleBO().getDataObjectRuleId());
if (CollUtil.isNotEmpty(defaultScopeList)) {
List<Long> relationIdList = defaultScopeList.stream().map(DataObjectRuleScope::getRelationId).collect(Collectors.toList());
res.getDefaultDataObjectRuleBO().setRelationId(relationIdList);
}
//自定义
if (CollUtil.isNotEmpty(res.getDataObjectRuleBOList())) {
res.getDataObjectRuleBOList().forEach(e -> {
List<DataObjectRuleScope> scopeList1 = scopeMap.get(e.getDataObjectRuleId());
if (CollUtil.isNotEmpty(scopeList1)) {
List<Long> relationIdList = scopeList1.stream().map(DataObjectRuleScope::getRelationId).collect(Collectors.toList());
e.setRelationId(relationIdList);
}
});
}
}
return res;
return buildDataObjectRes(dataObjects.get(0));
}
private static void buildRuleAttr(Map<String, String> attrMap, Map<Long, List<DataObjectRuleAttr>> ruleAttrMap, DataObjectRuleBO e) {
@ -428,4 +374,114 @@ public class DataObjectServiceImpl implements DataObjectService {
}
}
}
private DataObjectRes buildDataObjectRes(DataObject dataObject) {
DataObjectRes res = DataObjectMapper.INSTANCE.dataObject2DataObjectRes(dataObject);
// 获取数据对象字段
DataObjectAttrQueryBO bo1 = DataObjectAttrQueryBO.builder().dataObjectId(dataObject.getId()).build();
List<DataObjectAttr> objectAttrList = dataObjectAttrDao.listByBO(bo1);
Map<String, String> attrMap;
if (CollUtil.isNotEmpty(objectAttrList)) {
List<AttributeBO> attributeBOS = DataObjectMapper.INSTANCE.dataObjectAttrs2AttributeBOs(objectAttrList);
List<AttributeBO> attributeBOList = attributeBOS.stream().sorted(Comparator.comparing(AttributeBO::getSort)).collect(Collectors.toList());
res.setAttrs(attributeBOList);
attrMap = attributeBOList.stream().collect(Collectors.toMap(AttributeBO::getAttrCode, AttributeBO::getAttrName, (a, b) -> a));
} else {
attrMap = null;
}
// 获取数据对象规则
DataObjectRuleQueryBO bo2 = DataObjectRuleQueryBO.builder().dataObjectId(dataObject.getId()).build();
List<DataObjectRule> dataObjectRules = dataObjectRuleDao.listByBO(bo2);
if (CollUtil.isNotEmpty(dataObjectRules)) {
res.setDataObjectRuleBOList(new ArrayList<>(dataObjectRules.size() - 1));
dataObjectRules.forEach(e -> {
if (YesNoEnum.YES.getValue().equals(e.getIsDefault())) {
DefaultDataObjectRuleBO ruleBO = DataObjectMapper.INSTANCE.rule2DefaultRuleBO(e);
res.setDefaultDataObjectRuleBO(ruleBO);
} else {
DataObjectRuleBO ruleBO = DataObjectMapper.INSTANCE.rule2RuleBO(e);
res.getDataObjectRuleBOList().add(ruleBO);
}
});
if (CollUtil.isNotEmpty(res.getDataObjectRuleBOList())) {
List<DataObjectRuleBO> sortedRuleList = res.getDataObjectRuleBOList().stream().sorted(Comparator.comparing(DataObjectRuleBO::getSort)).collect(Collectors.toList());
res.setDataObjectRuleBOList(sortedRuleList);
}
}
// 获取数据对象规则字段
RuleAttrQueryBO bo3 = RuleAttrQueryBO.builder().dataObjectId(dataObject.getId()).build();
List<DataObjectRuleAttr> ruleAttrList = dataObjectRuleAttrDao.listByBO(bo3);
if (CollUtil.isNotEmpty(attrMap) && CollUtil.isNotEmpty(ruleAttrList)) {
Map<Long, List<DataObjectRuleAttr>> ruleAttrMap = ruleAttrList.stream().collect(Collectors.groupingBy(DataObjectRuleAttr::getDataObjectRuleId));
// 默认
List<DataObjectRuleAttr> ruleAttrList1 = ruleAttrMap.get(res.getDefaultDataObjectRuleBO().getDataObjectRuleId());
if (CollUtil.isNotEmpty(ruleAttrList1)) {
List<AttributePermissionBO> permissionBOs = DataObjectMapper.INSTANCE.ruleAttrs2AttrPermissionBOs(ruleAttrList1);
permissionBOs.forEach(e -> e.setAttrName(attrMap.get(e.getAttrCode())));
List<AttributePermissionBO> permissionBOList = permissionBOs.stream().sorted(Comparator.comparing(AttributePermissionBO::getSort)).collect(Collectors.toList());
res.getDefaultDataObjectRuleBO().setAttributePermissionBOList(permissionBOList);
}
//自定义
if (CollUtil.isNotEmpty(res.getDataObjectRuleBOList())) {
res.getDataObjectRuleBOList().forEach(e -> buildRuleAttr(attrMap, ruleAttrMap, e));
}
}
// 获取数据对象规则范围
RuleScopeQueryBO bo4 = RuleScopeQueryBO.builder().dataObjectId(dataObject.getId()).build();
List<DataObjectRuleScope> scopeList = dataObjectRuleScopeDao.listByBO(bo4);
if (CollUtil.isNotEmpty(scopeList)) {
Map<Long, List<DataObjectRuleScope>> scopeMap = scopeList.stream().collect(Collectors.groupingBy(DataObjectRuleScope::getDataObjectRuleId));
// 默认
List<DataObjectRuleScope> defaultScopeList = scopeMap.get(res.getDefaultDataObjectRuleBO().getDataObjectRuleId());
if (CollUtil.isNotEmpty(defaultScopeList)) {
List<Long> relationIdList = defaultScopeList.stream().map(DataObjectRuleScope::getRelationId).collect(Collectors.toList());
res.getDefaultDataObjectRuleBO().setRelationId(relationIdList);
}
//自定义
if (CollUtil.isNotEmpty(res.getDataObjectRuleBOList())) {
res.getDataObjectRuleBOList().forEach(e -> {
List<DataObjectRuleScope> scopeList1 = scopeMap.get(e.getDataObjectRuleId());
if (CollUtil.isNotEmpty(scopeList1)) {
List<Long> relationIdList = scopeList1.stream().map(DataObjectRuleScope::getRelationId).collect(Collectors.toList());
e.setRelationId(relationIdList);
e.setRelationCodes(scopeList1.stream().map(DataObjectRuleScope::getRelationCode).filter(StringUtils::isNotBlank).collect(Collectors.toList()));
}
});
}
}
return res;
}
private void handleJobs(List<DataObjectRule> dataObjectRules, List<DataObjectRuleBO> dataObjectRuleBOList) {
if (CollectionUtils.isEmpty(dataObjectRules) || CollectionUtils.isEmpty(dataObjectRuleBOList)) {
return;
}
Map<Long, DataObjectRuleBO.JobInfo> jobInfoMap = Maps.newHashMap();
for (DataObjectRuleBO ruleBO : dataObjectRuleBOList) {
if (1 == ruleBO.getRuleScopeType() && CollectionUtils.isNotEmpty(ruleBO.getJobs())) {
ruleBO.getJobs().forEach(e -> {
jobInfoMap.put(e.getId(), e);
});
}
}
for (DataObjectRule rule : dataObjectRules) {
if (1 == rule.getRuleScopeType() && CollectionUtils.isNotEmpty(rule.getDataObjectRuleScopeList())) {
rule.getDataObjectRuleScopeList().forEach(e -> {
if (Objects.nonNull(e.getRelationId()) && jobInfoMap.containsKey(e.getRelationId())) {
e.setRelationCode(jobInfoMap.get(e.getRelationId()).getCode());
}
});
}
}
}
}

5
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/DataResourceServiceImpl.java
View File

@ -30,6 +30,7 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
import java.util.Objects;
@ -48,6 +49,7 @@ public class DataResourceServiceImpl implements DataResourceService {
private final SaasFeatureDao saasFeatureDao;
private final SaasFeatureDataResourceDao saasFeatureDataResourceDao;
@Override
@Transactional(rollbackFor = Exception.class)
public void create(CreateDataResourceParam param) {
DataResource existDataResource = dataResourceDao.lambdaQuery()
.eq(DataResource::getResourceCode, param.getResourceCode())
@ -72,6 +74,7 @@ public class DataResourceServiceImpl implements DataResourceService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public boolean delete(DeleteDataResourceParam param) {
DataResource dataResource = dataResourceDao.getById(param.getId());
if (Objects.nonNull(dataResource)) {
@ -109,6 +112,7 @@ public class DataResourceServiceImpl implements DataResourceService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public boolean update(UpdateDataResourceParam param) {
DataResource dataResource = new DataResource();
BeanUtils.copyProperties(param, dataResource);
@ -116,6 +120,7 @@ public class DataResourceServiceImpl implements DataResourceService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public void createDataResourceSaasFeature(DataResourceSaasFeatureParam param) {
DataResource existDataResource = dataResourceDao.lambdaQuery()
.eq(DataResource::getResourceCode, param.getResourceCode())

27
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/FeatureResourceSyncServiceImpl.java
View File

@ -39,6 +39,7 @@ import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.*;
import java.util.Collections;
@ -131,6 +132,7 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
}
@Override
@Transactional(rollbackFor = Exception.class)
public void syncFromBase(ResourceSyncReq req) {
req.setTraceId(MDC.get(Constants.CTX_LOG_ID_MDC));
if (req.getIds().size() > 1) {
@ -241,6 +243,16 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
baseResource.setCreateBy(operatorId);
baseResource.setUpdateBy(operatorId);
newResource(baseResource, parent);
Event event = Event.builder()
.targetType(SAAS_FEATURE_RESOURCE_TARGET_TYPE)
.eventCode(SAAS_FEATURE_RESOURCE_UPSERT.getEventCode())
.data(SaasFeatureResourceUpsertPayload.builder()
.newValue(featureResourceDao.getById(baseResource.getId()))
.action(SaasFeatureResource.Action.CREATE)
.build())
.build();
mqProducer.send(event);
} else {
//更新 - 恢复不能变更的数据
baseResource.setId(resource.getId());
@ -251,6 +263,17 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
baseResource.setUpdateBy(operatorId);
baseResource.setAppItemId(resource.getAppItemId());
featureResourceDao.updateById(baseResource);
Event event = Event.builder()
.targetType(SAAS_FEATURE_RESOURCE_TARGET_TYPE)
.eventCode(SAAS_FEATURE_RESOURCE_UPSERT.getEventCode())
.data(SaasFeatureResourceUpsertPayload.builder()
.newValue(featureResourceDao.getById(baseResource.getId()))
.oldValue(resource)
.action(SaasFeatureResource.Action.UPDATE)
.build())
.build();
mqProducer.send(event);
}
// 处理资源关联的权限
@ -353,13 +376,11 @@ public class FeatureResourceSyncServiceImpl implements FeatureResourceSyncServic
logResourceBindRoleDO.setRoleCodes(saasRoles.stream().filter(e -> existRoleIds.contains(e.getId())).map(SaasRole::getRoleCode).collect(Collectors.toList()));
}
// 同步这里不要求效率没有角色id全部刷新也不容易找这个
Event event = Event.builder()
.targetType(ROLE_PERMISSION_TARGET_TYPE)
.eventCode(ROLE_PERMISSION_CREATED.getEventCode())
.data(RolePermissionCreatedPayload.builder()
.roleIds(saasRoles.stream()
.map(SaasRole::getId)
.collect(Collectors.toSet()))
.build())
.build();
mqProducer.send(event);

94
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionPointServiceImpl.java
View File

@ -4,6 +4,7 @@ import cn.axzo.basics.common.BeanMapper;
import cn.axzo.basics.common.util.StopWatchUtil;
import cn.axzo.basics.common.util.TreeUtil;
import cn.axzo.framework.domain.web.code.BaseCode;
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
import cn.axzo.framework.rocketmq.Event;
import cn.axzo.tyr.client.model.dict.request.BasicDictNodeReq;
import cn.axzo.tyr.client.model.dict.request.BasicDictQueryReq;
@ -13,6 +14,16 @@ import cn.axzo.tyr.client.model.enums.DictTypeFiledEnum;
import cn.axzo.tyr.client.model.enums.DictWorkSpaceTypeEnum;
import cn.axzo.tyr.client.model.enums.FeatureDataType;
import cn.axzo.tyr.client.model.enums.FeatureType;
import cn.axzo.tyr.client.model.permission.DeletePermissionPointRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointDTO;
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointTreeNode;
import cn.axzo.tyr.client.model.permission.PermissionPointTreeQueryReq;
import cn.axzo.tyr.client.model.permission.PermissionPointVO;
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
import cn.axzo.tyr.client.model.req.QueryPermissionByIdsReq;
import cn.axzo.tyr.client.model.res.SimplePermissionPointResp;
import cn.axzo.tyr.client.model.permission.PermissionPointDTO;
import cn.axzo.tyr.client.model.permission.PermissionPointListQueryRequest;
import cn.axzo.tyr.client.model.permission.PermissionPointMoveRequest;
@ -28,8 +39,10 @@ import cn.axzo.tyr.server.repository.dao.SaasFeatureDao;
import cn.axzo.tyr.server.repository.dao.SaasPgroupPermissionRelationDao;
import cn.axzo.tyr.server.repository.dao.SaasProductModuleFeatureRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasFeature;
import cn.axzo.tyr.server.repository.mapper.SaasFeatureMapper;
import cn.axzo.tyr.server.service.PermissionPointService;
import cn.axzo.tyr.server.service.SaasBasicDictService;
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
@ -38,6 +51,9 @@ import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.transaction.support.TransactionTemplate;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.ArrayList;
import java.util.Collections;
@ -51,6 +67,24 @@ import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import static cn.axzo.tyr.client.model.enums.FeatureType.BUTTON;
import static cn.axzo.tyr.client.model.enums.FeatureType.MODULE;
import static cn.axzo.tyr.server.common.constants.PermissionConstant.FEATURE_BIZ_NO_PREFIX;
import static cn.axzo.tyr.server.common.constants.PermissionConstant.FEATURE_PATH_DELIMITER;
import static cn.axzo.tyr.server.common.constants.PermissionConstant.FEATURE_TOP_BIZ_NO;
import static cn.axzo.tyr.server.common.constants.PermissionConstant.FEATURE_TOP_PATH;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import static cn.axzo.tyr.client.model.enums.FeatureType.BUTTON;
import static cn.axzo.tyr.client.model.enums.FeatureType.MODULE;
import static cn.axzo.tyr.server.common.constants.PermissionConstant.FEATURE_BIZ_NO_PREFIX;
@ -71,10 +105,13 @@ import static cn.axzo.tyr.server.event.inner.EventTypeEnum.SAAS_FEATURE_UPSERT;
@Service
public class PermissionPointServiceImpl implements PermissionPointService {
private final SaasFeatureMapper saasFeatureMapper;
private final SaasFeatureDao saasFeatureDao;
private final SaasBasicDictService saasBasicDictService;
private final SaasPgroupPermissionRelationDao saasPgroupPermissionRelationDao;
private final SaasProductModuleFeatureRelationDao saasProductModuleFeatureRelationDao;
private final SaasPgroupPermissionRelationOperateLogService saasPgroupPermissionRelationOperateLogService;
private final TransactionTemplate transactionTemplate;
private final MqProducer mqProducer;
private static final String TARGET_TYPE = "saasFeatureId";
@ -331,6 +368,7 @@ public class PermissionPointServiceImpl implements PermissionPointService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public PermissionPointDTO save(PermissionPointDTO dto) {
if (dto.getId() == null) {
return doInsert(dto);
@ -350,6 +388,11 @@ public class PermissionPointServiceImpl implements PermissionPointService {
this.saasFeatureDao.updateById(saasFeature);
//返回一些要用的数据
dto.setBusinessNo(feature.getBusinessNo());
try {
saveOperateLogForInsertOrUpdate(dto, feature.getId());
} catch (Exception e) {
log.warn("error save operate log", e);
}
sendMsg(SaasFeatureUpsertPayload.builder()
.id(dto.getId())
@ -389,6 +432,11 @@ public class PermissionPointServiceImpl implements PermissionPointService {
dto.setBusinessNo(saasFeature.getBusinessNo());
//调整排序 - 兼容处理老数据数据规范化
changeSort(saasFeature, saasFeature.getSort());
try {
saveOperateLogForInsertOrUpdate(dto, saasFeature.getId());
} catch (Exception e) {
log.warn("error save operate log", e);
}
sendMsg(SaasFeatureUpsertPayload.builder()
.id(dto.getId())
@ -397,6 +445,18 @@ public class PermissionPointServiceImpl implements PermissionPointService {
return dto;
}
private void saveOperateLogForInsertOrUpdate(PermissionPointDTO request, Long permissionId) {
SaasFeature feature = saasFeatureDao.getById(permissionId);
PermissionOperateLogReq log = new PermissionOperateLogReq();
log.setTableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_SAAS_FEATURE);
log.setScene(PermissionRelationOperateLogSceneEnum.OLD_OMS_SAAS_FEATURE__SAVE_OR_UPDATE.getValue());
log.setSceneId(permissionId + "");
log.setOperatorId(request.determineOperator().getPersonId());
log.setRequestData(request);
log.setOperateData(feature);
saasPgroupPermissionRelationOperateLogService.save(log);
}
private void checkParentType(FeatureType featureType, SaasFeature parent) {
//检查父级元素类型
switch (featureType) {
@ -425,9 +485,21 @@ public class PermissionPointServiceImpl implements PermissionPointService {
}
}
@Transactional(rollbackFor = Throwable.class)
@Override
public List<String> delete(Long permissionPointId) {
@SuppressWarnings({
"SpringTransactionalMethodCallsInspection",
"It's good, we use transaction template"
})
public List<String> delete(Long permissionId) {
DeletePermissionPointRequest request = new DeletePermissionPointRequest();
request.setPermissionId(permissionId);
return transactionTemplate.execute(unused -> deleteV2(request));
}
@Override
@Transactional(rollbackFor = Throwable.class)
public List<String> deleteV2(DeletePermissionPointRequest request) {
Long permissionPointId = request.getPermissionId();
List<Long> delIds = new ArrayList<>();
List<String> bizNoList = new ArrayList<>();
SaasFeature feature = getAndCheck(permissionPointId);
@ -453,6 +525,12 @@ public class PermissionPointServiceImpl implements PermissionPointService {
//删除关联数据
this.saasPgroupPermissionRelationDao.removeByPermissionPointIds(delIds);
this.saasProductModuleFeatureRelationDao.removeByPermissionPointIds(delIds);
try {
// 记这条主记录的日志就够了
saveOperateLogForDelete(request);
} catch (Exception e) {
log.warn("error save operate log", e);
}
sendMsg(SaasFeatureUpsertPayload.builder()
.id(feature.getId())
@ -461,8 +539,20 @@ public class PermissionPointServiceImpl implements PermissionPointService {
return bizNoList;
}
private void saveOperateLogForDelete(DeletePermissionPointRequest request) {
SaasFeature deletedFeature = saasFeatureMapper.getByIdDeleteAware(request.getPermissionId());
PermissionOperateLogReq log = new PermissionOperateLogReq();
log.setTableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_SAAS_FEATURE);
log.setScene(PermissionRelationOperateLogSceneEnum.OLD_OMS_SAAS_FEATURE__DELETE.getValue());
log.setSceneId(request.getPermissionId() + "");
log.setOperatorId(request.determineOperator().getPersonId());
log.setRequestData(request);
log.setOperateData(deletedFeature);
saasPgroupPermissionRelationOperateLogService.save(log);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void move(PermissionPointMoveRequest request) {
SaasFeature feature = getAndCheck(request.getPermissionId());
changeParent(feature, request);

23
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/PermissionQueryServiceImpl.java
View File

@ -13,6 +13,7 @@ import cn.axzo.thrones.client.saas.ServicePkgClient;
import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
import cn.axzo.tyr.client.common.enums.FeatureResourceAuthType;
import cn.axzo.tyr.client.common.enums.FeatureResourceStatus;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.base.FeatureResourceExtraDO;
@ -523,6 +524,7 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
.uniCodes(req.getUniCodes())
.versionMax(req.getVersionMax())
.parentUniCode(req.getParentUniCode())
.status(req.getStatus())
.build();
Set<Long> featureIds = listUserPermissionFeatureIds(treePermissionReq);
@ -839,6 +841,18 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
|| treePermissionReq.getVersionMax().compareTo(f.getVersion()) > -1)
.collect(Collectors.toList());
// 查询显示的菜单需要过滤掉隐藏的节点如果父节点隐藏则下面所有子节点也需要过滤掉
if (Objects.equals(treePermissionReq.getStatus(), FeatureResourceStatus.NORMAL)) {
Set<Long> normalFeatureIds = allFeatureResources.stream()
.filter(e -> Objects.equals(e.getStatus(), FeatureResourceStatus.NORMAL.getCode()))
.map(SaasFeatureResourceService.SaasFeatureResourceCache::getFeatureId)
.collect(Collectors.toSet());
allFeatureResources = allFeatureResources.stream()
.filter(e -> normalFeatureIds.contains(e.getFeatureId()) && normalFeatureIds.containsAll(e.getParentIds()))
.collect(Collectors.toList());
}
if (StringUtils.isBlank(treePermissionReq.getParentUniCode())) {
return allFeatureResources;
}
@ -847,7 +861,8 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
.filter(e -> Objects.equals(e.getUniCode(), treePermissionReq.getParentUniCode()))
.map(SaasFeatureResourceService.SaasFeatureResourceCache::getFeatureId)
.findFirst();
return parentId.map(aLong -> allFeatureResources.stream()
final List<SaasFeatureResourceService.SaasFeatureResourceCache> finalFeatureResources = allFeatureResources;
return parentId.map(aLong -> finalFeatureResources.stream()
.filter(e -> e.getParentIds().contains(aLong))
.collect(Collectors.toList()))
.orElse(Collections.emptyList());
@ -862,11 +877,17 @@ public class PermissionQueryServiceImpl implements PermissionQueryService {
}
List<SaasRoleUserV2DTO> saasRoleUsers = listUserPermission(treePermissionReq);
if (CollectionUtils.isEmpty(saasRoleUsers)) {
return Collections.emptySet();
}
Map<Long, List<RoleSaasFeatureResourceCacheService.SaasFeatureResourceDTO>> roleFeatureResourceMap = listRoleFeatureResource(saasRoleUsers, treePermissionReq);
List<WorkspaceProductService.WorkspaceProductFeatureSource> workspaceProductFeatureSources = listWorkspaceProducts(treePermissionReq);
if (CollectionUtils.isEmpty(workspaceProductFeatureSources)) {
return Collections.emptySet();
}
//免授权
Set<Long> authFreeFeatureIds = allFeatureResources.stream()
.filter(e -> BooleanUtils.isTrue(e.isNotAuth()))

46
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductFeatureRelationServiceImpl.java
View File

@ -11,11 +11,14 @@ import cn.axzo.thrones.client.saas.ServicePkgClient;
import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
import cn.axzo.tyr.client.common.enums.FeatureResourceType;
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
import cn.axzo.tyr.client.model.product.OldUpdateFeatureRelationRequestV2;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationSearchReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationUpdateReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
import cn.axzo.tyr.client.model.req.FeatureIdPair;
import cn.axzo.tyr.client.model.req.PageProductFeatureRelationReq;
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
import cn.axzo.tyr.server.config.MqProducer;
import cn.axzo.tyr.server.event.payload.ProductPermissionCreatedPayload;
import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
@ -28,6 +31,7 @@ import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation;
import cn.axzo.tyr.server.repository.mapper.SaasProductModuleFeatureRelationMapper;
import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.date.StopWatch;
import cn.hutool.core.util.StrUtil;
@ -55,6 +59,7 @@ import java.util.stream.Collectors;
import static cn.axzo.tyr.server.event.inner.EventTypeEnum.PRODUCT_PERMISSION_CREATED;
import static cn.axzo.tyr.server.util.RpcInternalUtil.checkAndGetData;
import static java.util.stream.Collectors.joining;
/**
* 产品与权限点的 Service 接口实现
@ -72,6 +77,7 @@ public class ProductFeatureRelationServiceImpl extends ServiceImpl<SaasProductMo
private final SaasFeatureDao saasFeatureDao;
private final ProductModuleDao productModuleDao;
private final SaasFeatureResourceDao saasFeatureResourceDao;
private final SaasPgroupPermissionRelationOperateLogService saasPgroupPermissionRelationOperateLogService;
private final MqProducer mqProducer;
private static final String TARGET_TYPE = "productModuleId";
@ -90,6 +96,19 @@ public class ProductFeatureRelationServiceImpl extends ServiceImpl<SaasProductMo
@Override
@Transactional(rollbackFor = Exception.class)
public ApiResult<Boolean> updateFeatureRelation(List<ProductFeatureRelationUpdateReq> req) {
OldUpdateFeatureRelationRequestV2 requestV2 = new OldUpdateFeatureRelationRequestV2();
requestV2.setRelations(req);
requestV2.setOperator(null);
return updateFeatureRelationV2(requestV2);
}
@Override
@Transactional(rollbackFor = Exception.class)
public ApiResult<Boolean> updateFeatureRelationV2(OldUpdateFeatureRelationRequestV2 request) {
if (CollectionUtils.isEmpty(request.getRelations())) {
return ApiResult.ok(false);
}
List<ProductFeatureRelationUpdateReq> req = request.getRelations();
List<Long> productIds = req.stream().map(ProductFeatureRelationUpdateReq::getProductModuleId).distinct().collect(Collectors.toList());
if (!CollectionUtils.isEmpty(productIds)) {
saasProductModuleFeatureRelationDao.remove(new LambdaQueryWrapper<SaasProductModuleFeatureRelation>()
@ -107,10 +126,37 @@ public class ProductFeatureRelationServiceImpl extends ServiceImpl<SaasProductMo
}));
saasProductModuleFeatureRelationDao.saveBatch(saveList);
// !! save logs
try {
saveOperateLogForUpdateFeatureRelationV2(request, saveList);
} catch (Exception e) {
log.warn("error save operate log", e);
}
sendProductPermissionCreatedMsg(req);
return ApiResult.ok(true);
}
private void saveOperateLogForUpdateFeatureRelationV2(
OldUpdateFeatureRelationRequestV2 request,
List<SaasProductModuleFeatureRelation> saveList) {
String productModuleIds = saveList.stream()
.map(BaseEntity::getId)
.distinct()
.map(String::valueOf)
.collect(joining(","));
productModuleIds = org.apache.commons.lang3.StringUtils.truncate(productModuleIds, 254);
PermissionOperateLogReq log = new PermissionOperateLogReq();
log.setTableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_PRODUCT_MODULE_FEATURE_RELATION);
log.setScene(PermissionRelationOperateLogSceneEnum.OLD_OMS_PRODUCT_PERMISSION_POINT__SAVE_BATCH.getValue());
log.setSceneId(productModuleIds);
log.setOperatorId(request.determineOperator().getPersonId());
log.setRequestData(request);
log.setOperateData(saveList);
saasPgroupPermissionRelationOperateLogService.save(log);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void updateFeatureResourceRelation(List<ProductFeatureRelationUpdateReq> req, int relationType) {

8
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductPermissionCacheServiceImpl.java
View File

@ -21,6 +21,7 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisOperations;
import org.springframework.data.redis.core.RedisTemplate;
@ -39,6 +40,7 @@ import static cn.axzo.tyr.server.config.exception.BizResultCode.REDIS_PRODUCT_NO
@Slf4j
@Service
@RefreshScope
public class ProductPermissionCacheServiceImpl implements ProductPermissionCacheService {
private static final String PRODUCT_PERMISSION_KEY = "product:permission:%s";
@ -51,8 +53,8 @@ public class ProductPermissionCacheServiceImpl implements ProductPermissionCache
private CacheProductPermissionHandler cacheProductPermissionHandler;
/** 产品权限缓存过期时间 **/
@Value("${product.permission.expire:180}")
private Long expireInDays;
@Value("${product.permission.expire.minutes:14}")
private Long expireInMinutes;
@Override
public Map<Long, List<PermissionDTO>> list(ListProductPermissionParam param) {
@ -136,7 +138,7 @@ public class ProductPermissionCacheServiceImpl implements ProductPermissionCache
// 存在hash中部分key移除为了处理快直接把redisKey删除掉修改不频繁
redisTemplate.delete(redisKey);
RedisClient.HashOps.hPutAll(redisKey, redisValues);
redisTemplate.expire(redisKey, expireInDays, TimeUnit.DAYS);
redisTemplate.expire(redisKey, expireInMinutes, TimeUnit.MINUTES);
log.info("succeed to store product permission: redisKey:{} value:{}", redisKey, redisValues);
}
return null;

8
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductSaasFeatureResourceCacheServiceImpl.java
View File

@ -17,6 +17,7 @@ import com.google.common.collect.Streams;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisOperations;
import org.springframework.data.redis.core.RedisTemplate;
@ -36,6 +37,7 @@ import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.
@Slf4j
@Service
@RefreshScope
public class ProductSaasFeatureResourceCacheServiceImpl implements ProductSaasFeatureResourceCacheService {
private static final String PRODUCT_SAAS_FEATURE_RESOURCE_KEY = "product:feature:resource:%s";
@ -47,8 +49,8 @@ public class ProductSaasFeatureResourceCacheServiceImpl implements ProductSaasFe
@Autowired
private CacheProductSaasFeatureResourceHandler cacheProductSaasFeatureResourceHandler;
@Value("${product.feature.resouce.expire:180}")
private Long expireInDays;
@Value("${product.feature.resouce.expire.minutes:14}")
private Long expireInMinutes;
@Override
public Map<Long, List<FeatureResourceDTO>> list(ListProductFeatureResourceParam param) {
@ -82,7 +84,7 @@ public class ProductSaasFeatureResourceCacheServiceImpl implements ProductSaasFe
// 存在hash中部分key移除为了处理快直接把redisKey删除掉修改不频繁
redisTemplate.delete(redisKey);
RedisClient.HashOps.hPutAll(redisKey, redisValues);
redisTemplate.expire(redisKey, expireInDays, TimeUnit.DAYS);
redisTemplate.expire(redisKey, expireInMinutes, TimeUnit.MINUTES);
log.info("succeed to store product featureResource: redisKey:{} value:{}", redisKey, redisValues);
}
return null;

47
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/ProductServiceImpl.java
View File

@ -15,20 +15,31 @@ import cn.axzo.tyr.client.model.dict.request.BasicDictQueryReq;
import cn.axzo.tyr.client.model.dict.response.BasicDictNodeResp;
import cn.axzo.tyr.client.model.enums.ProductModuleCategoryEnum;
import cn.axzo.tyr.client.model.enums.WorkspaceTypeCodeEnum;
import cn.axzo.tyr.client.model.product.*;
import cn.axzo.tyr.client.model.product.ProductAddReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationSearchReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationUpdateReq;
import cn.axzo.tyr.client.model.product.ProductFeatureRelationVO;
import cn.axzo.tyr.client.model.product.ProductSearchListReq;
import cn.axzo.tyr.client.model.product.ProductSearchPageReq;
import cn.axzo.tyr.client.model.product.ProductUpdateReq;
import cn.axzo.tyr.client.model.product.ProductVO;
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
import cn.axzo.tyr.client.model.req.ProductSaveReq;
import cn.axzo.tyr.client.model.req.UpdateProductStatusReq;
import cn.axzo.tyr.client.model.res.GovernmentTerminalResp;
import cn.axzo.tyr.client.model.res.WorkspaceProductResp;
import cn.axzo.tyr.server.model.RelationOperateLogProductBindResourceDO;
import cn.axzo.tyr.server.model.RelationOperateLogResourceBindElementDO;
import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
import cn.axzo.tyr.server.repository.dao.SaasFeatureResourceDao;
import cn.axzo.tyr.server.repository.entity.ProductModule;
import cn.axzo.tyr.server.repository.dao.ProductModuleDao;
import cn.axzo.tyr.server.repository.entity.SaasFeatureResource;
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelationOperateLog;
import cn.axzo.tyr.server.repository.entity.SaasProductModuleFeatureRelation;
import cn.axzo.tyr.server.service.*;
import cn.axzo.tyr.server.service.ProductFeatureRelationService;
import cn.axzo.tyr.server.service.ProductService;
import cn.axzo.tyr.server.service.SaasBasicDictService;
import cn.axzo.tyr.server.service.SaasFeatureResourceService;
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
import cn.axzo.tyr.server.util.RpcInternalUtil;
import cn.azxo.framework.common.constatns.Constants;
import cn.hutool.core.collection.CollectionUtil;
@ -46,7 +57,14 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;
import java.util.*;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
@ -152,6 +170,7 @@ public class ProductServiceImpl implements ProductService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public ApiResult<ProductVO> add(ProductAddReq req) {
Optional<ProductModule> optProduct = productModuleDao.lambdaQuery()
.eq(ProductModule::getProductName, req.getProductName())
@ -168,6 +187,7 @@ public class ProductServiceImpl implements ProductService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public ApiResult<ProductVO> update(ProductUpdateReq req) {
Optional<ProductModule> optProduct = productModuleDao.lambdaQuery()
.eq(ProductModule::getProductName, req.getProductName())
@ -181,10 +201,27 @@ public class ProductServiceImpl implements ProductService {
productModule.setOuType(org.apache.commons.lang3.StringUtils.join(req.getOuTypes(),","));
}
productModuleDao.updateById(productModule);
try {
saveOperateLogForUpdateProduct(req, productModule);
} catch (Exception e) {
log.warn("error save operate log", e);
}
return ApiResult.ok(BeanMapper.copyBeanIgnoreNull(productModule, ProductVO.class));
}
private void saveOperateLogForUpdateProduct(ProductUpdateReq req, ProductModule productModule) {
PermissionOperateLogReq log = new PermissionOperateLogReq();
log.setTableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_PRODUCT);
log.setScene(PermissionRelationOperateLogSceneEnum.OLD_OMS_PRODUCT__UPDATE.getValue());
log.setSceneId(productModule.getId() + "");
log.setOperatorId(req.determineOperator().getPersonId());
log.setRequestData(req);
log.setOperateData(productModule);
saasPgroupPermissionRelationOperateLogService.save(log);
}
@Override
@Transactional(rollbackFor = Exception.class)
public ApiResult<ProductVO> delete(Long id) {
ProductModule productModule = productModuleDao.getById(id);
AssertUtil.isTrue(Objects.nonNull(productModule), "产品不存在");

8
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RolePermissionCacheServiceImpl.java
View File

@ -16,6 +16,7 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisCallback;
import org.springframework.data.redis.core.RedisOperations;
@ -35,6 +36,7 @@ import static cn.axzo.tyr.server.config.exception.BizResultCode.REDIS_ROLE_NOT_N
@Slf4j
@Service
@RefreshScope
public class RolePermissionCacheServiceImpl implements RolePermissionCacheService {
private static final String ROLE_PERMISSION_KEY = "role:permission:%s";
@ -48,8 +50,8 @@ public class RolePermissionCacheServiceImpl implements RolePermissionCacheServic
/** 角色权限缓存过期时间 **/
@Value("${role.permission.expire:180}")
private Long expireInDays;
@Value("${role.permission.expire.minutes:14}")
private Long expireInMinutes;
@Override
public Map<Long, List<PermissionDTO>> list(ListRolePermissionParam param) {
@ -131,7 +133,7 @@ public class RolePermissionCacheServiceImpl implements RolePermissionCacheServic
// 存在hash中部分key移除为了处理快直接把redisKey删除掉修改不频繁
redisTemplate.delete(redisKey);
RedisClient.HashOps.hPutAll(redisKey, redisValues);
redisTemplate.expire(redisKey, expireInDays, TimeUnit.DAYS);
redisTemplate.expire(redisKey, expireInMinutes, TimeUnit.MINUTES);
log.info("succeed to store role permission: redisKey:{} value:{}", redisKey, redisValues);
}
return null;

8
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleSaasFeatureResourceCacheServiceImpl.java
View File

@ -16,6 +16,7 @@ import com.google.common.collect.Streams;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisCallback;
import org.springframework.data.redis.core.RedisOperations;
@ -36,6 +37,7 @@ import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.
@Slf4j
@Service
@RefreshScope
public class RoleSaasFeatureResourceCacheServiceImpl implements RoleSaasFeatureResourceCacheService {
private static final String ROLE_SAAS_FEATURE_RESOURCE_KEY = "role:feature:resource:%s";
@ -49,8 +51,8 @@ public class RoleSaasFeatureResourceCacheServiceImpl implements RoleSaasFeatureR
/** 角色菜单缓存过期时间 **/
@Value("${role.feature.resource.expire:180}")
private Long expireInDays;
@Value("${role.feature.resource.expire.minutes:14}")
private Long expireInMinutes;
@Override
public Map<Long, List<SaasFeatureResourceDTO>> list(ListRoleSaasFeatureResourceParam param) {
@ -84,7 +86,7 @@ public class RoleSaasFeatureResourceCacheServiceImpl implements RoleSaasFeatureR
// 存在hash中部分key移除为了处理快直接把redisKey删除掉修改不频繁
redisTemplate.delete(redisKey);
RedisClient.HashOps.hPutAll(redisKey, redisValues);
redisTemplate.expire(redisKey, expireInDays, TimeUnit.DAYS);
redisTemplate.expire(redisKey, expireInMinutes, TimeUnit.MINUTES);
log.info("succeed to store role featureResource: redisKey:{} value:{}", redisKey, redisValues);
}
return null;

98
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleServiceImpl.java
View File

@ -140,6 +140,11 @@ import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.
public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
implements RoleService {
private static final ListRoleUserRelationParam.WorkspaceOuPair PRESET_WORKSPACE_OU_PAIR = ListRoleUserRelationParam.WorkspaceOuPair.builder()
.ouId(-1L)
.workspaceId(-1L)
.build();
@Autowired
SaasRoleUserRelationDao roleUserRelationDao;
@Autowired
@ -443,6 +448,37 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
.type(OLD_FEATURE)
.build();
saasPgroupPermissionRelationService.saveOrUpdate(upsertPermissionRelationParam);
try {
saveOperateLog4RoleBindFeature(saveOrUpdateRole);
} catch (Exception e) {
log.warn("save operate log error", e);
}
}
private void saveOperateLog4RoleBindFeature(SaveOrUpdateRoleVO saveOrUpdateRole) {
SaasRole saasRole = saasRoleDao.getById(saveOrUpdateRole.getId());
List<String> uniCodes = null;
if (CollectionUtils.isNotEmpty(saveOrUpdateRole.getPermissionIds())) {
uniCodes = saasFeatureResourceDao.lambdaQuery().in(BaseEntity::getId, saveOrUpdateRole.getPermissionIds()).list().stream().map(SaasFeatureResource::getUniCode).collect(Collectors.toList());
}
RelationOperateLogRoleBindResourceDO operateAfter = RelationOperateLogRoleBindResourceDO.builder()
.uniCodes(uniCodes)
.roleCode(saasRole.getRoleCode())
.build();
SaasPgroupPermissionRelationOperateLog operateLog = SaasPgroupPermissionRelationOperateLog.builder()
.tableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_ROLE)
.scene(PermissionRelationOperateLogSceneEnum.OLD_OMS_ROLE_BIND_FEATURE.getValue())
.sceneId(saasRole.getRoleCode())
.createBy(saveOrUpdateRole.getOperatorId())
.createByName(saveOrUpdateRole.getOperatorName())
.traceId(MDC.get(Constants.CTX_LOG_ID_MDC))
.requestData(Objects.isNull(saveOrUpdateRole) ? null : JSONObject.toJSONString(saveOrUpdateRole))
.operateData(JSONObject.toJSONString(Lists.newArrayList(operateAfter)))
.createByRole(JSONObject.toJSONString(saasPgroupPermissionRelationOperateLogService.getPersonBasicRoles(saveOrUpdateRole.getOperatorId())))
.build();
saasPgroupPermissionRelationOperateLogService.batchSave(Lists.newArrayList(operateLog));
}
/**
@ -1181,7 +1217,23 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
public cn.axzo.foundation.page.PageResp<SaasRoleRes> page(PageSaasRoleParam param) {
QueryWrapper<SaasRole> wrapper = QueryWrapperHelper.fromBean(param, SaasRole.class);
wrapper.eq("is_delete", 0);
List<ListRoleUserRelationParam.WorkspaceOuPair> workspaceOuPairs = Lists.newArrayList();
if (Boolean.TRUE.equals(param.getNeedPresetRole())) {
workspaceOuPairs.add(PRESET_WORKSPACE_OU_PAIR);
}
CollectionUtils.addAll(workspaceOuPairs, Optional.ofNullable(param.getWorkspaceOuPairs())
.map(List::listIterator)
.orElseGet(Collections::emptyListIterator));
if (CollectionUtils.isNotEmpty(workspaceOuPairs)) {
wrapper.and(j -> {
for (ListRoleUserRelationParam.WorkspaceOuPair workspaceOuPair : workspaceOuPairs) {
j.or(k -> {
k.eq(Objects.nonNull(workspaceOuPair.getOuId()), "owner_ou_id", workspaceOuPair.getOuId());
k.eq(Objects.nonNull(workspaceOuPair.getWorkspaceId()), "workspace_id", workspaceOuPair.getWorkspaceId());
});
}
});
}
IPage<SaasRole> page = this.page(PageConverter.toMybatis(param, SaasRole.class), wrapper);
Map<Long, List<SaasRoleGroupRes>> saasRoleGroups = listRoleGroups(param, page.getRecords());
@ -1338,9 +1390,44 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
return saasRoleGroupRes;
}
private Set<Long> resolveUpsertRoleIds(List<FeatureRoleRelationReq.RelationRoleSettings> req) {
if (CollectionUtils.isEmpty(req)) {
return Collections.emptySet();
}
Set<Long> newRoleIds = req.stream()
.map(FeatureRoleRelationReq.RelationRoleSettings::getRoleIds)
.filter(Objects::nonNull)
.flatMap(Collection::stream)
.collect(Collectors.toSet());
List<Long> featureIds = req.stream()
.map(FeatureRoleRelationReq.RelationRoleSettings::getFeatureId)
.collect(Collectors.toList());
PagePgroupPermissionRelationReq pagePgroupPermissionRelationReq = PagePgroupPermissionRelationReq.builder()
.featureIds(featureIds)
.build();
List<Long> groupIds = saasPgroupPermissionRelationService.list(pagePgroupPermissionRelationReq).stream()
.map(SaasPgroupPermissionRelation::getGroupId)
.collect(Collectors.toList());
if (CollectionUtils.isEmpty(groupIds)) {
return newRoleIds;
}
Set<Long> oldRoleIds = saasPgroupRoleRelationDao.listByGroupIds(groupIds).stream()
.map(SaasPgroupRoleRelation::getRoleId)
.collect(Collectors.toSet());
newRoleIds.addAll(oldRoleIds);
return newRoleIds;
}
@Override
@Transactional(rollbackFor = Exception.class)
public void saveOrUpdateFeatureRoleRelation(List<FeatureRoleRelationReq.RelationRoleSettings> req, Long operatorId) {
// 查询权限点的历史角色发送mq
Set<Long> allRoleIds = resolveUpsertRoleIds(req);
for (FeatureRoleRelationReq.RelationRoleSettings item : req) {
saasFeatureResourceService.updateFeatureAuthType(item.getFeatureId(), item.getAuthType());
if (CollectionUtil.isEmpty(item.getRoleIds()) || item.getAuthType() == 0) {
@ -1411,6 +1498,15 @@ public class RoleServiceImpl extends ServiceImpl<SaasRoleMapper, SaasRole>
.build())
.build();
mqProducer.send(event);
// 待收口后这个事件需要放在角色权限的upsert方法里
mqProducer.send(Event.builder()
.targetType("saasFeatureResourceId")
.eventCode(ROLE_PERMISSION_CREATED.getEventCode())
.data(RolePermissionCreatedPayload.builder()
.roleIds(allRoleIds)
.build())
.build());
}
@Override

2
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java
View File

@ -357,12 +357,14 @@ public class RoleUserService implements SaasRoleUserService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public void removeWorkspaceOuAllUserRole(Long workspaceId, Long ouId) {
saasRoleDao.removeWorkspaceOuAllRole(workspaceId, ouId);
roleUserRelationDao.removeWorkspaceOuAllUserRole(workspaceId, ouId);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void grantOrUngrantWorkerLeader(GantOrUnGantaWorkerLeaderRoleReq req) {
Boolean grant = req.getGrant();
// 授权

4
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasBasicDictServiceImpl.java
View File

@ -15,6 +15,7 @@ import com.baomidou.mybatisplus.core.exceptions.MybatisPlusException;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.*;
import java.util.stream.Collectors;
@ -103,6 +104,7 @@ public class SaasBasicDictServiceImpl implements SaasBasicDictService {
* @return
*/
@Override
@Transactional(rollbackFor = Exception.class)
public Long create(BasicDictCreateReq req) {
SaasBasicDict parent = saasBasicDictDao.getById(req.getParentId());
if (Objects.isNull(parent)) {
@ -145,6 +147,7 @@ public class SaasBasicDictServiceImpl implements SaasBasicDictService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public Boolean update(BasicDictUpdateReq req) {
BasicDictNodeResp currentNode = getById(req.getId());
if (Objects.isNull(currentNode)) {
@ -166,6 +169,7 @@ public class SaasBasicDictServiceImpl implements SaasBasicDictService {
}
@Override
@Transactional(rollbackFor = Exception.class)
public Boolean updateStauts(BasicDictUpdateStatusReq req) {
return saasBasicDictDao.updateStatus(req);
}

36
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasFeatureResourceServiceImpl.java
View File

@ -68,6 +68,7 @@ import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisOperations;
import org.springframework.data.redis.core.RedisTemplate;
@ -101,6 +102,7 @@ import static cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelation.
*/
@Slf4j
@Service
@RefreshScope
@RequiredArgsConstructor
public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResourceMapper, SaasFeatureResource>
implements SaasFeatureResourceService {
@ -119,8 +121,8 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
private RedisTemplate<String, String> redisTemplate;
/** 菜单树过期时间 **/
@Value("${saas.feature.resource.expire:180}")
private Long expireInDays;
@Value("${saas.feature.resource.expire.minutes:14}")
private Long expireInMinutes;
private static final String SAAS_FEATURE_RESOURCE_KEY = "saas:feature:resource:%s";
@ -268,8 +270,19 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
// 生成唯一编码用于pre菜单同步
baseResource.setFeatureCode(req.getUniCode());
newResource(baseResource, parent == null ? "" : parent.getPath());
Event event = Event.builder()
.targetType(TARGET_TYPE)
.eventCode(SAAS_FEATURE_RESOURCE_UPSERT.getEventCode())
.data(SaasFeatureResourceUpsertPayload.builder()
.newValue(featureResourceDao.getById(baseResource.getId()))
.action(SaasFeatureResource.Action.CREATE)
.build())
.build();
mqProducer.send(event);
} else {
//补充path
SaasFeatureResource newValue = featureResourceDao.getById(baseResource.getId());
if (Objects.nonNull(req.getParentId())) {
SaasFeatureResource parent = featureResourceDao.lambdaQuery().eq(SaasFeatureResource::getId,req.getParentId()).one();
baseResource.setPath(StringUtils.isBlank(parent.getPath()) ? baseResource.getId().toString() + "," : parent.getPath() + baseResource.getId() + ",");
@ -279,6 +292,17 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
}
baseResource.setFeatureCode(req.getUniCode());
featureResourceDao.updateById(baseResource);
Event event = Event.builder()
.targetType(TARGET_TYPE)
.eventCode(SAAS_FEATURE_RESOURCE_UPSERT.getEventCode())
.data(SaasFeatureResourceUpsertPayload.builder()
.oldValue(featureResourceDao.getById(baseResource.getId()))
.newValue(newValue)
.action(SaasFeatureResource.Action.UPDATE)
.build())
.build();
mqProducer.send(event);
}
// 保存组件与页面元素关系如果是页面改的是默认路由
ModifyPageElementRelationDTO modifyPageElementRelation = ModifyPageElementRelationDTO.builder()
@ -319,6 +343,7 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
}
@Override
@Transactional(rollbackFor = Exception.class)
@CacheEvict(value = SaasFeatureResourceCacheService.CACHE_FEATURE_RESOURCE_TREE,allEntries = true)
public void updateFeatureAuthType(Long featureId, Integer authType) {
if (featureId != null && authType != null) {
@ -517,14 +542,13 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
}
/**
* 菜单/页面/应用/分组权限码每个端唯一
* 菜单/页面/应用/分组权限码全局唯一因为其他有代码根据featureCode使用selectOne查询
* 组件权限码不校验唯一
* @param featureResource
*/
void validFeatureCode(SaasFeatureResource featureResource) {
Assert.notNull(featureResource.getUniCode(), "权限码code不能为空");
SaasFeatureResource exist = featureResourceDao.lambdaQuery()
.eq(SaasFeatureResource::getTerminal, featureResource.getTerminal())
.eq(SaasFeatureResource::getUniCode, featureResource.getUniCode())
.eq(BaseEntity::getIsDelete, 0)
.one();
@ -717,6 +741,8 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
.eventCode(SAAS_FEATURE_RESOURCE_UPSERT.getEventCode())
.data(SaasFeatureResourceUpsertPayload.builder()
.terminals(Sets.newHashSet(featureResource.getTerminal()))
.oldValue(featureResource)
.action(SaasFeatureResource.Action.DELETE)
.build())
.build();
mqProducer.send(event);
@ -782,7 +808,7 @@ public class SaasFeatureResourceServiceImpl extends ServiceImpl<SaasFeatureResou
String redisKey = getKey(saasFeatureResource.getTerminal());
String redisValue = JSONObject.toJSONString(saasFeatureResource.getFeatures());
RedisClient.StringOps.setEx(redisKey, redisValue,
expireInDays, TimeUnit.DAYS);
expireInMinutes, TimeUnit.MINUTES);
log.info("succeed to store featureResource: redisKey:{} value:{}", redisKey, redisValue);
}
return null;

20
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasPgroupPermissionRelationOperateLogServiceImpl.java
View File

@ -23,12 +23,15 @@ import com.google.common.collect.Lists;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.MDC;
import org.springframework.stereotype.Service;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
/**
@ -45,6 +48,9 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
public static final String TABLE_NAME_ROLE = "saas_role";
public static final String TABLE_NAME_PAGE_ELEMENT = "saas_page_element";
public static final String TABLE_NAME_PRODUCT = "product_module";
public static final String TABLE_NAME_PRODUCT_MODULE_FEATURE_RELATION = "saas_product_module_feature_relation";
public static final String TABLE_NAME_SAAS_ROLE_GROUP = "saas_role_group";
public static final String TABLE_NAME_SAAS_FEATURE = "saas_feature";
private final SaasPgroupPermissionRelationOperateLogDao saasPgroupPermissionRelationOperateLogDao;
private final SaasRoleUserRelationDao roleUserRelationDao;
@ -80,20 +86,26 @@ public class SaasPgroupPermissionRelationOperateLogServiceImpl implements SaasPg
@Override
public void save(PermissionOperateLogReq req) {
List<PersonProfileDto> personProfileDtos = RpcInternalUtil.rpcListProcessor(() -> userProfileServiceApi.getPersonProfiles(Lists.newArrayList(req.getOperatorId())), "查询用户信息", req.getOperatorId()).getData();
PersonProfileDto operator = CollectionUtils.isEmpty(personProfileDtos) ? null : personProfileDtos.get(0);
String realName = req.getOperatorId() == null ? "" : Optional.ofNullable(getPersonProfileDto(req)).map(PersonProfileDto::getRealName).orElse("");
SaasPgroupPermissionRelationOperateLog operateLog = SaasPgroupPermissionRelationOperateLog.builder()
.tableName(req.getTableName())
.scene(req.getScene())
.sceneId(req.getSceneId())
.createBy(req.getOperatorId())
.createByName(Objects.isNull(operator) ? "" : operator.getRealName())
.createBy(ObjectUtils.firstNonNull(req.getOperatorId(), 0L))
.createByName(StringUtils.firstNonBlank(realName, req.getOperatorName(), ""))
.traceId(MDC.get(Constants.CTX_LOG_ID_MDC))
.requestData(Objects.nonNull(req.getRequestData()) ? JSONObject.toJSONString(req.getRequestData()) : null)
.operateData(Objects.nonNull(req.getOperateData()) ? JSONObject.toJSONString(req.getOperateData()) : null)
.createByRole(JSONObject.toJSONString(getPersonBasicRoles(req.getOperatorId())))
.ext(req.getExt())
.build();
batchSave(Lists.newArrayList(operateLog));
}
private PersonProfileDto getPersonProfileDto(PermissionOperateLogReq req) {
List<PersonProfileDto> personProfileDtos = RpcInternalUtil.rpcListProcessor(() -> userProfileServiceApi.getPersonProfiles(Lists.newArrayList(req.getOperatorId())), "查询用户信息", req.getOperatorId()).getData();
PersonProfileDto operator = CollectionUtils.isEmpty(personProfileDtos) ? null : personProfileDtos.get(0);
return operator;
}
}

82
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleGroupServiceImpl.java
View File

@ -2,26 +2,35 @@ package cn.axzo.tyr.server.service.impl;
import cn.axzo.basics.common.constant.enums.TableIsDeleteEnum;
import cn.axzo.basics.common.exception.ServiceException;
import cn.axzo.foundation.exception.Axssert;
import cn.axzo.foundation.dao.support.converter.PageConverter;
import cn.axzo.foundation.dao.support.mysql.QueryWrapperHelper;
import cn.axzo.foundation.exception.Axssert;
import cn.axzo.foundation.page.PageResp;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.PermissionRelationOperateLogSceneEnum;
import cn.axzo.tyr.client.model.req.ListSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PageSaasRoleGroupParam;
import cn.axzo.tyr.client.model.req.PermissionOperateLogReq;
import cn.axzo.tyr.client.model.req.QuerySaasRoleGroupReq;
import cn.axzo.tyr.client.model.req.SaasRoleGroupDeleteRequest;
import cn.axzo.tyr.client.model.res.SaasRoleGroupDTO;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
import cn.axzo.tyr.server.model.BasicRoleDO;
import cn.axzo.tyr.server.repository.dao.SaasRoleGroupDao;
import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
import cn.axzo.tyr.server.repository.entity.SaasPgroupPermissionRelationOperateLog;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroup;
import cn.axzo.tyr.server.repository.entity.SaasRoleGroupRelation;
import cn.axzo.tyr.server.repository.mapper.SaasRoleGroupMapper;
import cn.axzo.tyr.server.service.RoleService;
import cn.axzo.tyr.server.service.SaasPgroupPermissionRelationOperateLogService;
import cn.axzo.tyr.server.service.SaasRoleGroupRelationService;
import cn.axzo.tyr.server.service.SaasRoleGroupService;
import cn.azxo.framework.common.constatns.Constants;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollectionUtil;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@ -31,8 +40,10 @@ import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.MDC;
import org.springframework.beans.BeanUtils;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.ArrayList;
import java.util.Arrays;
@ -54,10 +65,13 @@ import static cn.axzo.tyr.server.config.exception.BizResultCode.CANT_DELETE_ROLE
@Service
public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, SaasRoleGroup>
implements SaasRoleGroupService {
private final SaasRoleGroupMapper saasRoleGroupMapper;
private final SaasRoleGroupDao saasRoleGroupDao;
private final SaasRoleGroupRelationDao saasRoleGroupRelationDao;
private final SaasRoleGroupRelationService saasRoleGroupRelationService;
private final RoleService roleService;
private final SaasPgroupPermissionRelationOperateLogService saasPgroupPermissionRelationOperateLogService;
@Override
public List<SaasRoleGroupVO> getList(QuerySaasRoleGroupReq req) {
@ -126,18 +140,45 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
}
@Override
@Transactional(rollbackFor = Exception.class)
public Long saveOrUpdate(SaasRoleGroupVO req) {
SaasRoleGroup saasRoleGroup = validAndBuildGroup(req);
saasRoleGroupDao.saveOrUpdate(saasRoleGroup);
try {
saveOperateLogForInsertOrUpdate(req, saasRoleGroup);
} catch (Exception e) {
log.warn("error save operate log", e);
}
return saasRoleGroup.getId();
}
private void saveOperateLogForInsertOrUpdate(SaasRoleGroupVO req, SaasRoleGroup saasRoleGroup) {
PermissionOperateLogReq log = new PermissionOperateLogReq();
log.setTableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_SAAS_ROLE_GROUP);
log.setScene(PermissionRelationOperateLogSceneEnum.OLD_OMS_ROLE_GROUP__SAVE_OR_UPDATE.getValue());
log.setSceneId(saasRoleGroup.getId() + "");
log.setOperatorId(req.determineOperator().getPersonId());
log.setRequestData(req);
SaasRoleGroup updateToDateRoleGroup = saasRoleGroupDao.getById(saasRoleGroup.getId());
log.setOperateData(updateToDateRoleGroup);
saasPgroupPermissionRelationOperateLogService.save(log);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void delete(List<Long> ids) {
SaasRoleGroupDeleteRequest request = new SaasRoleGroupDeleteRequest();
request.setIds(ids);
deleteV2(request);
}
/**
* 只有当分组下面角色为空合分组下没有其他分组时才能删除
* @param ids
* @param request
*/
@Override
public void delete(List<Long> ids) {
public void deleteV2(SaasRoleGroupDeleteRequest request) {
List<Long> ids = request.getIds();
if (CollectionUtils.isEmpty(ids)) {
return;
}
@ -156,6 +197,41 @@ public class SaasRoleGroupServiceImpl extends ServiceImpl<SaasRoleGroupMapper, S
Axssert.check(CollectionUtils.isEmpty(childrenRoleGroups), CANT_DELETE_ROLE_GROUP);
saasRoleGroupDao.delete(ids);
try {
saveOperateLogForDelete(request);
} catch (Exception e) {
log.warn("error save operate log", e);
}
}
private void saveOperateLogForDelete(SaasRoleGroupDeleteRequest request) {
List<Long> ids = request.getIds();
if (CollectionUtils.isEmpty(ids)) {
return;
}
Map<Long, SaasRoleGroup> id2Group = saasRoleGroupMapper.getByIdsDeleteAware(ids)
.stream()
.collect(Collectors.toMap(BaseEntity::getId, Function.identity()));
ArrayList<SaasPgroupPermissionRelationOperateLog> logs = new ArrayList<>();
List<BasicRoleDO> personBasicRoles = saasPgroupPermissionRelationOperateLogService
.getPersonBasicRoles(request.determineOperator().getPersonId());
for (Long id : ids) {
SaasRoleGroup group = id2Group.get(id);
SaasPgroupPermissionRelationOperateLog log = SaasPgroupPermissionRelationOperateLog.builder()
.tableName(SaasPgroupPermissionRelationOperateLogServiceImpl.TABLE_NAME_SAAS_ROLE_GROUP)
.scene(PermissionRelationOperateLogSceneEnum.OLD_OMS_ROLE_GROUP__DELETE.getValue())
.sceneId(id + "")
.createBy(request.determineOperator().getPersonId())
.createByName(request.determineOperator().getRealName())
.traceId(MDC.get(Constants.CTX_LOG_ID_MDC))
.requestData(JSONObject.toJSONString(request))
.operateData(JSONObject.toJSONString(group))
.createByRole(JSONObject.toJSONString(personBasicRoles))
.build();
logs.add(log);
}
saasPgroupPermissionRelationOperateLogService.batchSave(logs);
}
private SaasRoleGroup validAndBuildGroup(SaasRoleGroupVO req) {

33
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/SaasRoleUserRelationServiceImpl.java
View File

@ -9,6 +9,7 @@ import cn.axzo.foundation.dao.support.mysql.QueryWrapperHelper;
import cn.axzo.framework.domain.page.PageResp;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.tyr.client.common.enums.RoleTypeEnum;
import cn.axzo.tyr.client.model.res.SaasRoleRes;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserDTO;
import cn.axzo.tyr.client.model.roleuser.dto.SaasRoleUserV2DTO;
import cn.axzo.tyr.client.model.roleuser.req.ListRoleUserRelationParam;
@ -29,6 +30,7 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.conditions.query.LambdaQueryChainWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.BooleanUtils;
import org.springframework.beans.BeanUtils;
@ -43,6 +45,7 @@ import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
@ -152,6 +155,12 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
});
}
Set<Long> roleIds = resolveRoleIds(param);
if (!CollectionUtils.isEmpty(param.getRoleCodes()) && CollectionUtils.isEmpty(roleIds)) {
return param.toEmpty();
}
wrapper.in(!CollectionUtils.isEmpty(roleIds), "role_id", roleIds);
IPage<SaasRoleUserRelation> page = this.page(PageConverter.toMybatis(param, SaasRoleUserRelation.class), wrapper);
Map<Long, SaasRoleUserV2DTO.SaasRoleUser> saasRoleUsers = listSaasRoleUser(param, page.getRecords());
@ -161,6 +170,28 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
return PageConverter.toResp(page, (record) -> from(record, saasRoleUsers, saasRoles));
}
private Set<Long> resolveRoleIds(PageRoleUserRelationParam param) {
if (CollectionUtils.isEmpty(param.getRoleCodes())) {
return Optional.ofNullable(param.getRoleIds())
.map(Sets::newHashSet)
.orElseGet(Sets::newHashSet);
}
RoleService.ListSaasRoleParam listSaasRoleParam = RoleService.ListSaasRoleParam.builder()
.roleCodes(param.getRoleCodes())
.build();
Set<Long> roleIds = roleService.list(listSaasRoleParam).stream()
.map(SaasRoleRes::getId)
.collect(Collectors.toSet());
if (CollectionUtils.isEmpty(param.getRoleIds())) {
return roleIds;
}
return param.getRoleIds().stream()
.filter(roleIds::contains)
.collect(Collectors.toSet());
}
private Map<Long, SaasRoleUserV2DTO.SaasRoleUser> listSaasRoleUser(PageRoleUserRelationParam param,
List<SaasRoleUserRelation> saasRoleUserRelations) {
if (CollectionUtils.isEmpty(saasRoleUserRelations) || BooleanUtils.isNotTrue(param.getNeedUsers())) {
@ -238,6 +269,8 @@ public class SaasRoleUserRelationServiceImpl extends ServiceImpl<SaasRoleUserRel
.featureIds(param.getFeatureIds())
.featureResourceTypes(param.getFeatureResourceTypes())
.needPermissionRelation(param.getNeedPermissionRelation())
.isDisplay(param.getIsDisplay())
.enabled(param.getEnabled())
.type(param.getType())
.terminal(param.getTerminal())
.needPermission(param.getNeedPermission())

11
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java
View File

@ -390,13 +390,10 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
}
List<IdentityAuthReq.WorkspaceOuPair> pairs = BeanMapper.copyList(req.getWorkspaceAndOU(), IdentityAuthReq.WorkspaceOuPair.class);
request.setWorkspaceOusPairs(pairs);
request.setFeatureCode(Sets.newHashSet(req.getCodes()));
IdentityAuthRes authRes = this.findIdentityAuthMix(request);
HashSet<String> codeSet = new HashSet<>(req.getCodes());
//比较code
return authRes.getPermissions().stream()
.anyMatch(e -> e.getPermissionPoint()
.stream()
.anyMatch(p -> codeSet.contains(p.getFeatureCode())));
.anyMatch(e -> CollectionUtil.isNotEmpty(e.getPermissionPoint()));
}
@Data
@ -869,7 +866,9 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
@Override
public List<ListPermissionFromRoleGroupResp> listAuthByResourceAndRoleGroup(ListPermissionFromRoleGroupReq listPermissionFromRoleGroupReq) {
//确定角色group_id: code对应角色组及其下级
List<SaasRoleGroup> groups = roleGroupService.listByCodes(Collections.singletonList(listPermissionFromRoleGroupReq.getCategoryCode()), 3);
Integer categoryType = Optional.ofNullable(listPermissionFromRoleGroupReq.getCategoryType())
.orElse(3);
List<SaasRoleGroup> groups = roleGroupService.listByCodes(Collections.singletonList(listPermissionFromRoleGroupReq.getCategoryCode()), categoryType);
if (CollectionUtil.isEmpty(groups)) {
log.warn("no role group found for code :{}", listPermissionFromRoleGroupReq.getCategoryCode());
return Collections.emptyList();

62
tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/WorkspaceProductServiceImpl.java
View File

@ -2,7 +2,7 @@ package cn.axzo.tyr.server.service.impl;
import cn.axzo.foundation.exception.Axssert;
import cn.axzo.pokonyan.config.mybatisplus.BaseEntity;
import cn.axzo.pokonyan.config.redis.RedisUtil;
import cn.axzo.pokonyan.config.redis.RedisClient;
import cn.axzo.thrones.client.saas.ServicePkgClient;
import cn.axzo.thrones.client.saas.entity.serivicepgkproduct.ServicePkgProduct;
import cn.axzo.thrones.client.saas.entity.servicepkg.ServicePkgDetailRes;
@ -22,12 +22,9 @@ import com.google.common.collect.Sets;
import com.google.common.collect.Streams;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.DataAccessException;
import org.springframework.data.redis.core.RedisOperations;
import org.springframework.data.redis.core.SessionCallback;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Service;
@ -36,6 +33,7 @@ import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
@ -45,6 +43,7 @@ import static cn.axzo.tyr.server.config.exception.BizResultCode.WORKSPACE_ID_NOT
@Slf4j
@Service
@RefreshScope
public class WorkspaceProductServiceImpl implements WorkspaceProductService {
@Autowired
@ -62,10 +61,10 @@ public class WorkspaceProductServiceImpl implements WorkspaceProductService {
/** 授权缓存过期时间 **/
@Value("${workspace.product.expire:90}")
private Long expireInDays;
@Value("${workspace.product.expire.minutes:14}")
private Long expireInMinutes;
private static final String WORKSPACE_PRODUCT_KEY = "workspace:product:%s";
private static final String WORKSPACE_PRODUCT_KEY = "workspace:product";
@Override
public List<WorkspaceProduct> listWorkspaceProduct(WorkspaceProductParam param) {
@ -182,35 +181,28 @@ public class WorkspaceProductServiceImpl implements WorkspaceProductService {
public void storeWorkspaceProduct(StoreWorkspaceProductParam param) {
Axssert.checkNotEmpty(param.getWorkspaceProducts(), REDIS_PRODUCT_NOT_NULL);
redisTemplate.executePipelined(new SessionCallback<Object>() {
@Override
public Object execute(RedisOperations operations) throws DataAccessException {
for (WorkspaceProductDTO workspaceProduct : param.getWorkspaceProducts()) {
String redisKey = getKey(workspaceProduct.getWorkspaceId());
RedisUtil.StringValueOps.setEx(redisKey, JSON.toJSONString(workspaceProduct.getProductIds()),
expireInDays, TimeUnit.DAYS);
}
return null;
}
});
Map<String, String> redisValues = param.getWorkspaceProducts().stream()
.collect(Collectors.toMap(e -> e.getWorkspaceId().toString(), e -> Optional.ofNullable(e.getProductIds())
.map(JSON::toJSONString)
.orElseGet(() -> JSON.toJSONString(Sets.newHashSet()))));
String redisKey = getKey();
RedisClient.HashOps.hPutAll(redisKey, redisValues);
redisTemplate.expire(redisKey, expireInMinutes, TimeUnit.MINUTES);
log.info("succeed to workspace product: redisKey:{} value:{}", redisKey, redisValues);
}
private Map<Long, Set<Long>> listWorkspaceProduct(ListWorkspaceProductParam param) {
Axssert.checkNotEmpty(param.getWorkspaceIds(), WORKSPACE_ID_NOT_NULL);
List<String> redisKeys = param.getWorkspaceIds().stream()
.map(this::getKey)
.collect(Collectors.toList());
List<String> redisValues = redisTemplate.opsForValue().multiGet(redisKeys);
List<Object> redisValues = RedisClient.HashOps.hMultiGet(getKey(), param.getWorkspaceIds().stream()
.map(String::valueOf)
.collect(Collectors.toList()));
return Streams.zip(param.getWorkspaceIds().stream(),
redisValues.stream(),
(workspaceId, redisValue) -> {
if (StringUtils.isBlank(redisValue)) {
if (Objects.isNull(redisValue)) {
return null;
}
@ -220,6 +212,7 @@ public class WorkspaceProductServiceImpl implements WorkspaceProductService {
.collect(Collectors.toSet());
return Pair.of(workspaceId, productIds);
})
.filter(Objects::nonNull)
.collect(Collectors.toMap(Pair::getKey, Pair::getValue));
@ -273,8 +266,8 @@ public class WorkspaceProductServiceImpl implements WorkspaceProductService {
storeWorkspaceProduct(storeWorkspaceProductParam);
}
private String getKey(Object... params) {
return String.format(WORKSPACE_PRODUCT_KEY, params);
private String getKey() {
return String.format(WORKSPACE_PRODUCT_KEY);
}
@Override
@ -396,4 +389,15 @@ public class WorkspaceProductServiceImpl implements WorkspaceProductService {
})
.collect(Collectors.toList());
}
@Override
public Map<Long, Set<Long>> listAllWorkspaceProductCached() {
return RedisClient.HashOps.hGetAll(getKey()).entrySet()
.stream()
.collect(Collectors.toMap(e -> Long.valueOf(e.getKey().toString()), e -> JSON.parseArray(e.getValue().toString())
.stream()
.map(productId -> Long.valueOf(productId.toString()))
.collect(Collectors.toSet())));
}
}

1
tyr-server/src/main/resources/mapper/TyrSaasAuthMapper.xml
View File

@ -118,6 +118,7 @@
t1.code roleGroupCode,
t3.id roleId,
t3.name roleName,
t3.role_code roleCode,
t4.group_id permissionGroupId
FROM