feat(2046) 班组管理员、代班长设置权限接口调整
This commit is contained in:
TanJ
parent
031132e5bf
commit
fb29af7950
@ -27,22 +27,7 @@ import java.util.List;
|
||||
public class WorkerManagerRoleUserReq {
|
||||
|
||||
|
||||
@NotNull
|
||||
private Long ouId;
|
||||
@NotNull
|
||||
private Long workspaceId;
|
||||
/**
|
||||
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
|
||||
*/
|
||||
@NotNull
|
||||
|
||||
private Integer resourceType;
|
||||
@NotNull
|
||||
private Long resourceId;
|
||||
|
||||
private IdentityType identityType;
|
||||
@Builder.Default
|
||||
private List<IdentityInfo> identityInfos = new ArrayList<>();
|
||||
private List<ManagerInfo> managerInfos;
|
||||
/**
|
||||
* 这个字段在设置后续产品重构了班组管理员、代班长相关功能的时候,要替换成ROLE ID。
|
||||
* 现在保留权限集ID是因为只是做统一权限角色,查询链路先暂时不变(REQ-2046)
|
||||
@ -50,6 +35,11 @@ public class WorkerManagerRoleUserReq {
|
||||
@NotEmpty
|
||||
private List<Long> permissionGroupId;
|
||||
|
||||
private IdentityType identityType;
|
||||
@NotNull
|
||||
|
||||
private Integer resourceType;
|
||||
|
||||
// -------------
|
||||
/**
|
||||
* 是否取消授权
|
||||
@ -69,8 +59,25 @@ public class WorkerManagerRoleUserReq {
|
||||
*/
|
||||
private String roleGroupCategoryCode;
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public static class ManagerInfo {
|
||||
@NotNull
|
||||
private Long ouId;
|
||||
@NotNull
|
||||
private Long workspaceId;
|
||||
/**
|
||||
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
|
||||
*/
|
||||
|
||||
@NotNull
|
||||
private Long resourceId;
|
||||
|
||||
@Builder.Default
|
||||
private List<IdentityInfo> identityInfos = new ArrayList<>();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -7,6 +7,7 @@ import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
@ -19,14 +20,30 @@ import java.util.Set;
|
||||
@Builder
|
||||
@Data
|
||||
public class RoleUserInfo {
|
||||
private Long ouId;
|
||||
private Long workspaceId;
|
||||
private Integer resourceType;
|
||||
private Long resourceId;
|
||||
private IdentityType identityType;
|
||||
private List<IdentityInfo> identityInfos;
|
||||
private Set<Long> roleId;
|
||||
|
||||
private Set<Long> roleId;
|
||||
private IdentityType identityType;
|
||||
private Integer resourceType;
|
||||
private List<RoleUserResourceInfo> roleUserResourceInfos;
|
||||
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Builder
|
||||
@Data
|
||||
public static class RoleUserResourceInfo {
|
||||
|
||||
private Long ouId;
|
||||
private Long workspaceId;
|
||||
/**
|
||||
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
|
||||
*/
|
||||
|
||||
private Long resourceId;
|
||||
|
||||
|
||||
@Builder.Default
|
||||
private List<IdentityInfo> identityInfos = new ArrayList<>();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,28 @@
|
||||
package cn.axzo.tyr.server.repository.dao;
|
||||
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author axzo
|
||||
*/
|
||||
@Builder
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
@Data
|
||||
public class RemoveRoleUserByResource {
|
||||
private IdentityType identityType;
|
||||
private Long resourceId;
|
||||
private int resourceType;
|
||||
private List<Long> identityId;
|
||||
private Long workspaceId;
|
||||
private Long ouId;
|
||||
private Set<Long> roleId;
|
||||
|
||||
}
|
||||
@ -100,23 +100,31 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
|
||||
}
|
||||
|
||||
public List<SaasRoleUserRelation> findByResource(RoleUserInfo req) {
|
||||
List<RoleUserInfo.RoleUserResourceInfo> roleUserResourceInfos = req.getRoleUserResourceInfos();
|
||||
Set<Long> workspaceIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getWorkspaceId).collect(Collectors.toSet());
|
||||
Set<Long> ouIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getOuId).collect(Collectors.toSet());
|
||||
Set<Long> identityIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getIdentityInfos).flatMap(List::stream).map(IdentityInfo::getIdentityId).distinct().collect(Collectors.toSet());
|
||||
Set<Long> resourceIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getResourceId).collect(Collectors.toSet());
|
||||
|
||||
return lambdaQuery()
|
||||
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
|
||||
.in(CollectionUtil.isNotEmpty(req.getRoleId()), SaasRoleUserRelation::getRoleId, req.getRoleId())
|
||||
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
|
||||
.in(CollectionUtil.isNotEmpty(req.getIdentityInfos()),SaasRoleUserRelation::getIdentityId,req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId))
|
||||
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
|
||||
.in(CollectionUtil.isNotEmpty(ouIds),SaasRoleUserRelation::getOuId,ouIds)
|
||||
.in(CollectionUtil.isNotEmpty(identityIds),SaasRoleUserRelation::getIdentityId,identityIds)
|
||||
.in(CollectionUtil.isNotEmpty(workspaceIds),SaasRoleUserRelation::getWorkspaceId,workspaceIds)
|
||||
.in(CollectionUtil.isNotEmpty(resourceIds),SaasRoleUserRelation::getResourceId,resourceIds)
|
||||
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
|
||||
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
|
||||
.in(SaasRoleUserRelation::getRoleId,req.getRoleId())
|
||||
.list();
|
||||
}
|
||||
|
||||
public void removeByResource(RoleUserInfo req) {
|
||||
public void removeByResource(RemoveRoleUserByResource req) {
|
||||
List<Long> identityId = req.getIdentityId();
|
||||
lambdaUpdate()
|
||||
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
|
||||
.in(SaasRoleUserRelation::getRoleId, req.getRoleId())
|
||||
.in(SaasRoleUserRelation::getRoleId,req.getRoleId())
|
||||
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
|
||||
.eq(CollectionUtil.isNotEmpty(req.getIdentityInfos()), SaasRoleUserRelation::getIdentityId, req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).collect(Collectors.toSet()))
|
||||
.eq(CollectionUtil.isNotEmpty(identityId), SaasRoleUserRelation::getIdentityId, identityId)
|
||||
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
|
||||
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
|
||||
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
|
||||
|
||||
@ -11,6 +11,7 @@ import cn.axzo.tyr.client.common.enums.SaasPositionEnum;
|
||||
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
|
||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
|
||||
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
|
||||
@ -19,6 +20,7 @@ import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
|
||||
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
|
||||
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
|
||||
import cn.axzo.tyr.server.model.RoleUserInfo;
|
||||
import cn.axzo.tyr.server.repository.dao.RemoveRoleUserByResource;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
|
||||
import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
|
||||
@ -332,9 +334,7 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
public void grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req) {
|
||||
// 查询出角色ID
|
||||
List<SaasPgroupRoleRelation> saasPgroupRoleRelations = saasPgroupRoleRelationDao.listByIds(req.getPermissionGroupId());
|
||||
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
|
||||
return;
|
||||
}
|
||||
|
||||
List<SaasRole> roleInfos = saasRoleDao.findInitRole(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getRoleId).collect(Collectors.toSet()));
|
||||
|
||||
if (CollectionUtil.isEmpty(roleInfos)) {
|
||||
@ -342,47 +342,71 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
return;
|
||||
}
|
||||
RoleUserInfo roleUserBaseInfo = RoleUserInfo.builder()
|
||||
.resourceType(req.getResourceType())
|
||||
.resourceId(req.getResourceId())
|
||||
.workspaceId(req.getWorkspaceId())
|
||||
.ouId(req.getOuId())
|
||||
.identityType(req.getIdentityType())
|
||||
.identityInfos(req.getIdentityInfos())
|
||||
.roleUserResourceInfos(req.getManagerInfos().stream().map(e -> RoleUserInfo.RoleUserResourceInfo
|
||||
.builder()
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.ouId(e.getOuId())
|
||||
.resourceId(e.getResourceId())
|
||||
.identityInfos(e.getIdentityInfos())
|
||||
.build()).collect(Collectors.toList()))
|
||||
.roleId(roleInfos.stream().map(BaseEntity::getId).collect(Collectors.toSet()))
|
||||
.identityType(req.getIdentityType())
|
||||
.resourceType(req.getResourceType())
|
||||
.build();
|
||||
|
||||
// 授权
|
||||
if (!req.isUngrant()) {
|
||||
if (CollectionUtil.isEmpty(roleUserBaseInfo.getIdentityInfos())) {
|
||||
if (CollectionUtil.isEmpty(roleUserBaseInfo.getRoleUserResourceInfos())) {
|
||||
throw new ServiceException("grant team manager error, not found person info");
|
||||
}
|
||||
|
||||
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
|
||||
// 未指定授权哪些角色
|
||||
return;
|
||||
}
|
||||
List<SaasRoleUserRelation> exist = roleUserRelationDao.findByResource(roleUserBaseInfo);
|
||||
Set<String> existKey = exist.stream().map(e -> KeysUtil.createKey(e.getNaturalPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), e.getResourceType(),e.getRoleId())).collect(Collectors.toSet());
|
||||
// 防止重复插入数据,过滤一次原始数据
|
||||
// 第一个维度,人
|
||||
roleUserRelationDao.saveBatch(roleUserBaseInfo.getIdentityInfos().stream().map(e -> {
|
||||
// 第二个维度,角色
|
||||
return roleUserBaseInfo.getRoleId().stream().map(roleId -> {
|
||||
if (existKey.contains(KeysUtil.createKey(e.getPersonId(), roleUserBaseInfo.getOuId(), roleUserBaseInfo.getWorkspaceId(), roleUserBaseInfo.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) {
|
||||
return null;
|
||||
}
|
||||
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
|
||||
saasRoleUserRelation.setIdentityId(e.getIdentityId());
|
||||
saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode());
|
||||
saasRoleUserRelation.setRoleId(roleId);
|
||||
saasRoleUserRelation.setNaturalPersonId(e.getPersonId());
|
||||
saasRoleUserRelation.setOuId(req.getOuId());
|
||||
saasRoleUserRelation.setWorkspaceId(req.getWorkspaceId());
|
||||
saasRoleUserRelation.setResourceType(req.getResourceType());
|
||||
saasRoleUserRelation.setResourceId(req.getResourceId());
|
||||
return saasRoleUserRelation;
|
||||
}).filter(Objects::nonNull).collect(Collectors.toList());
|
||||
|
||||
}).flatMap(Collection::stream).collect(Collectors.toList()));
|
||||
roleUserRelationDao.saveBatch(
|
||||
// 第一个维度,基础信息
|
||||
roleUserBaseInfo.getRoleUserResourceInfos().stream().map(e -> {
|
||||
|
||||
// 第二个维度 人
|
||||
return e.getIdentityInfos().stream().map(identityInfo -> {
|
||||
|
||||
// 第三个维度角色
|
||||
return roleUserBaseInfo.getRoleId().stream().map(roleId -> {
|
||||
|
||||
if (existKey.contains(KeysUtil.createKey(identityInfo.getPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) {
|
||||
return null;
|
||||
}
|
||||
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
|
||||
saasRoleUserRelation.setIdentityId(identityInfo.getIdentityId());
|
||||
saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode());
|
||||
saasRoleUserRelation.setRoleId(roleId);
|
||||
saasRoleUserRelation.setNaturalPersonId(identityInfo.getPersonId());
|
||||
saasRoleUserRelation.setOuId(e.getOuId());
|
||||
saasRoleUserRelation.setWorkspaceId(e.getWorkspaceId());
|
||||
saasRoleUserRelation.setResourceType(roleUserBaseInfo.getResourceType());
|
||||
saasRoleUserRelation.setResourceId(e.getResourceId());
|
||||
return saasRoleUserRelation;
|
||||
}).filter(Objects::nonNull).collect(Collectors.toList());
|
||||
|
||||
}).flatMap(List::stream).collect(Collectors.toList());
|
||||
}).flatMap(List::stream).collect(Collectors.toList())
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
// 取消授权
|
||||
if (!req.isUngrantAll()) {
|
||||
roleUserRelationDao.removeByResource(roleUserBaseInfo);
|
||||
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
|
||||
// 未指定取消授权哪些角色
|
||||
return;
|
||||
}
|
||||
|
||||
batchRemoveByRoleUserInfo(roleUserBaseInfo);
|
||||
return;
|
||||
}
|
||||
// 取消所有权限
|
||||
@ -397,8 +421,25 @@ public class RoleUserService implements SaasRoleUserService {
|
||||
return;
|
||||
}
|
||||
roleUserBaseInfo.setRoleId(roleIds);
|
||||
roleUserRelationDao.removeByResource(roleUserBaseInfo);
|
||||
|
||||
batchRemoveByRoleUserInfo(roleUserBaseInfo);
|
||||
|
||||
|
||||
}
|
||||
|
||||
private void batchRemoveByRoleUserInfo(RoleUserInfo roleUserBaseInfo) {
|
||||
roleUserBaseInfo.getRoleUserResourceInfos().forEach(e -> {
|
||||
|
||||
roleUserRelationDao.removeByResource(RemoveRoleUserByResource.builder()
|
||||
.ouId(e.getOuId())
|
||||
.workspaceId(e.getWorkspaceId())
|
||||
.resourceId(e.getResourceId())
|
||||
.resourceType(roleUserBaseInfo.getResourceType())
|
||||
.identityId(e.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).distinct().collect(Collectors.toList()))
|
||||
.identityType(roleUserBaseInfo.getIdentityType())
|
||||
.roleId(roleUserBaseInfo.getRoleId())
|
||||
.build());
|
||||
});
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user