diff --git a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/WorkerManagerRoleUserReq.java b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/WorkerManagerRoleUserReq.java index 78e028fe..5883188d 100644 --- a/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/WorkerManagerRoleUserReq.java +++ b/tyr-api/src/main/java/cn/axzo/tyr/client/model/roleuser/req/WorkerManagerRoleUserReq.java @@ -27,22 +27,7 @@ import java.util.List; public class WorkerManagerRoleUserReq { - @NotNull - private Long ouId; - @NotNull - private Long workspaceId; - /** - * #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum } - */ - @NotNull - - private Integer resourceType; - @NotNull - private Long resourceId; - - private IdentityType identityType; - @Builder.Default - private List identityInfos = new ArrayList<>(); + private List managerInfos; /** * 这个字段在设置后续产品重构了班组管理员、代班长相关功能的时候,要替换成ROLE ID。 * 现在保留权限集ID是因为只是做统一权限角色,查询链路先暂时不变(REQ-2046) @@ -50,6 +35,11 @@ public class WorkerManagerRoleUserReq { @NotEmpty private List permissionGroupId; + private IdentityType identityType; + @NotNull + + private Integer resourceType; + // ------------- /** * 是否取消授权 @@ -69,8 +59,25 @@ public class WorkerManagerRoleUserReq { */ private String roleGroupCategoryCode; + @Data + @Builder + @AllArgsConstructor + @NoArgsConstructor + public static class ManagerInfo { + @NotNull + private Long ouId; + @NotNull + private Long workspaceId; + /** + * #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum } + */ + @NotNull + private Long resourceId; + @Builder.Default + private List identityInfos = new ArrayList<>(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/model/RoleUserInfo.java b/tyr-server/src/main/java/cn/axzo/tyr/server/model/RoleUserInfo.java index 59880c1d..befb7df6 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/model/RoleUserInfo.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/model/RoleUserInfo.java @@ -7,6 +7,7 @@ import lombok.Builder; import lombok.Data; import lombok.NoArgsConstructor; +import java.util.ArrayList; import java.util.List; import java.util.Set; @@ -19,14 +20,30 @@ import java.util.Set; @Builder @Data public class RoleUserInfo { - private Long ouId; - private Long workspaceId; - private Integer resourceType; - private Long resourceId; - private IdentityType identityType; - private List identityInfos; - private Set roleId; + private Set roleId; + private IdentityType identityType; + private Integer resourceType; + private List roleUserResourceInfos; + + @AllArgsConstructor + @NoArgsConstructor + @Builder + @Data + public static class RoleUserResourceInfo { + + private Long ouId; + private Long workspaceId; + /** + * #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum } + */ + + private Long resourceId; + + + @Builder.Default + private List identityInfos = new ArrayList<>(); + } } diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/RemoveRoleUserByResource.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/RemoveRoleUserByResource.java new file mode 100644 index 00000000..22adc29a --- /dev/null +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/RemoveRoleUserByResource.java @@ -0,0 +1,28 @@ +package cn.axzo.tyr.server.repository.dao; + +import cn.axzo.tyr.client.model.enums.IdentityType; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; +import java.util.Set; + +/** + * @author axzo + */ +@Builder +@AllArgsConstructor +@NoArgsConstructor +@Data +public class RemoveRoleUserByResource { + private IdentityType identityType; + private Long resourceId; + private int resourceType; + private List identityId; + private Long workspaceId; + private Long ouId; + private Set roleId; + +} diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java index 5bd8ba36..902b2627 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/repository/dao/SaasRoleUserRelationDao.java @@ -100,23 +100,31 @@ public class SaasRoleUserRelationDao extends ServiceImpl findByResource(RoleUserInfo req) { + List roleUserResourceInfos = req.getRoleUserResourceInfos(); + Set workspaceIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getWorkspaceId).collect(Collectors.toSet()); + Set ouIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getOuId).collect(Collectors.toSet()); + Set identityIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getIdentityInfos).flatMap(List::stream).map(IdentityInfo::getIdentityId).distinct().collect(Collectors.toSet()); + Set resourceIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getResourceId).collect(Collectors.toSet()); + return lambdaQuery() .eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode()) .in(CollectionUtil.isNotEmpty(req.getRoleId()), SaasRoleUserRelation::getRoleId, req.getRoleId()) - .eq(SaasRoleUserRelation::getOuId, req.getOuId()) - .in(CollectionUtil.isNotEmpty(req.getIdentityInfos()),SaasRoleUserRelation::getIdentityId,req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId)) - .eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId()) + .in(CollectionUtil.isNotEmpty(ouIds),SaasRoleUserRelation::getOuId,ouIds) + .in(CollectionUtil.isNotEmpty(identityIds),SaasRoleUserRelation::getIdentityId,identityIds) + .in(CollectionUtil.isNotEmpty(workspaceIds),SaasRoleUserRelation::getWorkspaceId,workspaceIds) + .in(CollectionUtil.isNotEmpty(resourceIds),SaasRoleUserRelation::getResourceId,resourceIds) .eq(SaasRoleUserRelation::getResourceType, req.getResourceType()) - .eq(SaasRoleUserRelation::getRoleId, req.getResourceId()) + .in(SaasRoleUserRelation::getRoleId,req.getRoleId()) .list(); } - public void removeByResource(RoleUserInfo req) { + public void removeByResource(RemoveRoleUserByResource req) { + List identityId = req.getIdentityId(); lambdaUpdate() .eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode()) - .in(SaasRoleUserRelation::getRoleId, req.getRoleId()) + .in(SaasRoleUserRelation::getRoleId,req.getRoleId()) .eq(SaasRoleUserRelation::getOuId, req.getOuId()) - .eq(CollectionUtil.isNotEmpty(req.getIdentityInfos()), SaasRoleUserRelation::getIdentityId, req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).collect(Collectors.toSet())) + .eq(CollectionUtil.isNotEmpty(identityId), SaasRoleUserRelation::getIdentityId, identityId) .eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId()) .eq(SaasRoleUserRelation::getResourceType, req.getResourceType()) .eq(SaasRoleUserRelation::getRoleId, req.getResourceId()) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java index 627abf44..c2cdd7fb 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/RoleUserService.java @@ -11,6 +11,7 @@ import cn.axzo.tyr.client.common.enums.SaasPositionEnum; import cn.axzo.tyr.client.model.BaseWorkspaceModel; import cn.axzo.tyr.client.model.enums.IdentityType; import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum; +import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo; import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp; import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam; import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq; @@ -19,6 +20,7 @@ import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam; import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq; import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO; import cn.axzo.tyr.server.model.RoleUserInfo; +import cn.axzo.tyr.server.repository.dao.RemoveRoleUserByResource; import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao; import cn.axzo.tyr.server.repository.dao.SaasRoleDao; import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao; @@ -332,9 +334,7 @@ public class RoleUserService implements SaasRoleUserService { public void grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req) { // 查询出角色ID List saasPgroupRoleRelations = saasPgroupRoleRelationDao.listByIds(req.getPermissionGroupId()); - if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) { - return; - } + List roleInfos = saasRoleDao.findInitRole(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getRoleId).collect(Collectors.toSet())); if (CollectionUtil.isEmpty(roleInfos)) { @@ -342,47 +342,71 @@ public class RoleUserService implements SaasRoleUserService { return; } RoleUserInfo roleUserBaseInfo = RoleUserInfo.builder() - .resourceType(req.getResourceType()) - .resourceId(req.getResourceId()) - .workspaceId(req.getWorkspaceId()) - .ouId(req.getOuId()) - .identityType(req.getIdentityType()) - .identityInfos(req.getIdentityInfos()) + .roleUserResourceInfos(req.getManagerInfos().stream().map(e -> RoleUserInfo.RoleUserResourceInfo + .builder() + .workspaceId(e.getWorkspaceId()) + .ouId(e.getOuId()) + .resourceId(e.getResourceId()) + .identityInfos(e.getIdentityInfos()) + .build()).collect(Collectors.toList())) .roleId(roleInfos.stream().map(BaseEntity::getId).collect(Collectors.toSet())) + .identityType(req.getIdentityType()) + .resourceType(req.getResourceType()) .build(); + // 授权 if (!req.isUngrant()) { - if (CollectionUtil.isEmpty(roleUserBaseInfo.getIdentityInfos())) { + if (CollectionUtil.isEmpty(roleUserBaseInfo.getRoleUserResourceInfos())) { throw new ServiceException("grant team manager error, not found person info"); } + + if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) { + // 未指定授权哪些角色 + return; + } List exist = roleUserRelationDao.findByResource(roleUserBaseInfo); Set existKey = exist.stream().map(e -> KeysUtil.createKey(e.getNaturalPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), e.getResourceType(),e.getRoleId())).collect(Collectors.toSet()); // 防止重复插入数据,过滤一次原始数据 - // 第一个维度,人 - roleUserRelationDao.saveBatch(roleUserBaseInfo.getIdentityInfos().stream().map(e -> { - // 第二个维度,角色 - return roleUserBaseInfo.getRoleId().stream().map(roleId -> { - if (existKey.contains(KeysUtil.createKey(e.getPersonId(), roleUserBaseInfo.getOuId(), roleUserBaseInfo.getWorkspaceId(), roleUserBaseInfo.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) { - return null; - } - SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation(); - saasRoleUserRelation.setIdentityId(e.getIdentityId()); - saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode()); - saasRoleUserRelation.setRoleId(roleId); - saasRoleUserRelation.setNaturalPersonId(e.getPersonId()); - saasRoleUserRelation.setOuId(req.getOuId()); - saasRoleUserRelation.setWorkspaceId(req.getWorkspaceId()); - saasRoleUserRelation.setResourceType(req.getResourceType()); - saasRoleUserRelation.setResourceId(req.getResourceId()); - return saasRoleUserRelation; - }).filter(Objects::nonNull).collect(Collectors.toList()); - }).flatMap(Collection::stream).collect(Collectors.toList())); + roleUserRelationDao.saveBatch( + // 第一个维度,基础信息 + roleUserBaseInfo.getRoleUserResourceInfos().stream().map(e -> { + + // 第二个维度 人 + return e.getIdentityInfos().stream().map(identityInfo -> { + + // 第三个维度角色 + return roleUserBaseInfo.getRoleId().stream().map(roleId -> { + + if (existKey.contains(KeysUtil.createKey(identityInfo.getPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) { + return null; + } + SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation(); + saasRoleUserRelation.setIdentityId(identityInfo.getIdentityId()); + saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode()); + saasRoleUserRelation.setRoleId(roleId); + saasRoleUserRelation.setNaturalPersonId(identityInfo.getPersonId()); + saasRoleUserRelation.setOuId(e.getOuId()); + saasRoleUserRelation.setWorkspaceId(e.getWorkspaceId()); + saasRoleUserRelation.setResourceType(roleUserBaseInfo.getResourceType()); + saasRoleUserRelation.setResourceId(e.getResourceId()); + return saasRoleUserRelation; + }).filter(Objects::nonNull).collect(Collectors.toList()); + + }).flatMap(List::stream).collect(Collectors.toList()); + }).flatMap(List::stream).collect(Collectors.toList()) + ); + return; } // 取消授权 if (!req.isUngrantAll()) { - roleUserRelationDao.removeByResource(roleUserBaseInfo); + if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) { + // 未指定取消授权哪些角色 + return; + } + + batchRemoveByRoleUserInfo(roleUserBaseInfo); return; } // 取消所有权限 @@ -397,8 +421,25 @@ public class RoleUserService implements SaasRoleUserService { return; } roleUserBaseInfo.setRoleId(roleIds); - roleUserRelationDao.removeByResource(roleUserBaseInfo); + + batchRemoveByRoleUserInfo(roleUserBaseInfo); + } + private void batchRemoveByRoleUserInfo(RoleUserInfo roleUserBaseInfo) { + roleUserBaseInfo.getRoleUserResourceInfos().forEach(e -> { + + roleUserRelationDao.removeByResource(RemoveRoleUserByResource.builder() + .ouId(e.getOuId()) + .workspaceId(e.getWorkspaceId()) + .resourceId(e.getResourceId()) + .resourceType(roleUserBaseInfo.getResourceType()) + .identityId(e.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).distinct().collect(Collectors.toList())) + .identityType(roleUserBaseInfo.getIdentityType()) + .roleId(roleUserBaseInfo.getRoleId()) + .build()); + }); + } + }