feat(2046) 班组管理员、代班长设置权限接口调整
This commit is contained in:
TanJ
parent
031132e5bf
commit
fb29af7950
@ -27,22 +27,7 @@ import java.util.List;
|
|||||||
public class WorkerManagerRoleUserReq {
|
public class WorkerManagerRoleUserReq {
|
||||||
|
|
||||||
|
|
||||||
@NotNull
|
private List<ManagerInfo> managerInfos;
|
||||||
private Long ouId;
|
|
||||||
@NotNull
|
|
||||||
private Long workspaceId;
|
|
||||||
/**
|
|
||||||
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
|
|
||||||
*/
|
|
||||||
@NotNull
|
|
||||||
|
|
||||||
private Integer resourceType;
|
|
||||||
@NotNull
|
|
||||||
private Long resourceId;
|
|
||||||
|
|
||||||
private IdentityType identityType;
|
|
||||||
@Builder.Default
|
|
||||||
private List<IdentityInfo> identityInfos = new ArrayList<>();
|
|
||||||
/**
|
/**
|
||||||
* 这个字段在设置后续产品重构了班组管理员、代班长相关功能的时候,要替换成ROLE ID。
|
* 这个字段在设置后续产品重构了班组管理员、代班长相关功能的时候,要替换成ROLE ID。
|
||||||
* 现在保留权限集ID是因为只是做统一权限角色,查询链路先暂时不变(REQ-2046)
|
* 现在保留权限集ID是因为只是做统一权限角色,查询链路先暂时不变(REQ-2046)
|
||||||
@ -50,6 +35,11 @@ public class WorkerManagerRoleUserReq {
|
|||||||
@NotEmpty
|
@NotEmpty
|
||||||
private List<Long> permissionGroupId;
|
private List<Long> permissionGroupId;
|
||||||
|
|
||||||
|
private IdentityType identityType;
|
||||||
|
@NotNull
|
||||||
|
|
||||||
|
private Integer resourceType;
|
||||||
|
|
||||||
// -------------
|
// -------------
|
||||||
/**
|
/**
|
||||||
* 是否取消授权
|
* 是否取消授权
|
||||||
@ -69,8 +59,25 @@ public class WorkerManagerRoleUserReq {
|
|||||||
*/
|
*/
|
||||||
private String roleGroupCategoryCode;
|
private String roleGroupCategoryCode;
|
||||||
|
|
||||||
|
@Data
|
||||||
|
@Builder
|
||||||
|
@AllArgsConstructor
|
||||||
|
@NoArgsConstructor
|
||||||
|
public static class ManagerInfo {
|
||||||
|
@NotNull
|
||||||
|
private Long ouId;
|
||||||
|
@NotNull
|
||||||
|
private Long workspaceId;
|
||||||
|
/**
|
||||||
|
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
|
||||||
|
*/
|
||||||
|
|
||||||
|
@NotNull
|
||||||
|
private Long resourceId;
|
||||||
|
|
||||||
|
@Builder.Default
|
||||||
|
private List<IdentityInfo> identityInfos = new ArrayList<>();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -7,6 +7,7 @@ import lombok.Builder;
|
|||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
@ -19,14 +20,30 @@ import java.util.Set;
|
|||||||
@Builder
|
@Builder
|
||||||
@Data
|
@Data
|
||||||
public class RoleUserInfo {
|
public class RoleUserInfo {
|
||||||
private Long ouId;
|
|
||||||
private Long workspaceId;
|
|
||||||
private Integer resourceType;
|
|
||||||
private Long resourceId;
|
|
||||||
private IdentityType identityType;
|
|
||||||
private List<IdentityInfo> identityInfos;
|
|
||||||
private Set<Long> roleId;
|
|
||||||
|
|
||||||
|
private Set<Long> roleId;
|
||||||
|
private IdentityType identityType;
|
||||||
|
private Integer resourceType;
|
||||||
|
private List<RoleUserResourceInfo> roleUserResourceInfos;
|
||||||
|
|
||||||
|
@AllArgsConstructor
|
||||||
|
@NoArgsConstructor
|
||||||
|
@Builder
|
||||||
|
@Data
|
||||||
|
public static class RoleUserResourceInfo {
|
||||||
|
|
||||||
|
private Long ouId;
|
||||||
|
private Long workspaceId;
|
||||||
|
/**
|
||||||
|
* #{@link cn.axzo.tyr.client.common.enums.RoleResourceTypeEnum }
|
||||||
|
*/
|
||||||
|
|
||||||
|
private Long resourceId;
|
||||||
|
|
||||||
|
|
||||||
|
@Builder.Default
|
||||||
|
private List<IdentityInfo> identityInfos = new ArrayList<>();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,28 @@
|
|||||||
|
package cn.axzo.tyr.server.repository.dao;
|
||||||
|
|
||||||
|
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||||
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @author axzo
|
||||||
|
*/
|
||||||
|
@Builder
|
||||||
|
@AllArgsConstructor
|
||||||
|
@NoArgsConstructor
|
||||||
|
@Data
|
||||||
|
public class RemoveRoleUserByResource {
|
||||||
|
private IdentityType identityType;
|
||||||
|
private Long resourceId;
|
||||||
|
private int resourceType;
|
||||||
|
private List<Long> identityId;
|
||||||
|
private Long workspaceId;
|
||||||
|
private Long ouId;
|
||||||
|
private Set<Long> roleId;
|
||||||
|
|
||||||
|
}
|
||||||
@ -100,23 +100,31 @@ public class SaasRoleUserRelationDao extends ServiceImpl<SaasRoleUserRelationMap
|
|||||||
}
|
}
|
||||||
|
|
||||||
public List<SaasRoleUserRelation> findByResource(RoleUserInfo req) {
|
public List<SaasRoleUserRelation> findByResource(RoleUserInfo req) {
|
||||||
|
List<RoleUserInfo.RoleUserResourceInfo> roleUserResourceInfos = req.getRoleUserResourceInfos();
|
||||||
|
Set<Long> workspaceIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getWorkspaceId).collect(Collectors.toSet());
|
||||||
|
Set<Long> ouIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getOuId).collect(Collectors.toSet());
|
||||||
|
Set<Long> identityIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getIdentityInfos).flatMap(List::stream).map(IdentityInfo::getIdentityId).distinct().collect(Collectors.toSet());
|
||||||
|
Set<Long> resourceIds = roleUserResourceInfos.stream().map(RoleUserInfo.RoleUserResourceInfo::getResourceId).collect(Collectors.toSet());
|
||||||
|
|
||||||
return lambdaQuery()
|
return lambdaQuery()
|
||||||
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
|
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
|
||||||
.in(CollectionUtil.isNotEmpty(req.getRoleId()), SaasRoleUserRelation::getRoleId, req.getRoleId())
|
.in(CollectionUtil.isNotEmpty(req.getRoleId()), SaasRoleUserRelation::getRoleId, req.getRoleId())
|
||||||
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
|
.in(CollectionUtil.isNotEmpty(ouIds),SaasRoleUserRelation::getOuId,ouIds)
|
||||||
.in(CollectionUtil.isNotEmpty(req.getIdentityInfos()),SaasRoleUserRelation::getIdentityId,req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId))
|
.in(CollectionUtil.isNotEmpty(identityIds),SaasRoleUserRelation::getIdentityId,identityIds)
|
||||||
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
|
.in(CollectionUtil.isNotEmpty(workspaceIds),SaasRoleUserRelation::getWorkspaceId,workspaceIds)
|
||||||
|
.in(CollectionUtil.isNotEmpty(resourceIds),SaasRoleUserRelation::getResourceId,resourceIds)
|
||||||
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
|
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
|
||||||
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
|
.in(SaasRoleUserRelation::getRoleId,req.getRoleId())
|
||||||
.list();
|
.list();
|
||||||
}
|
}
|
||||||
|
|
||||||
public void removeByResource(RoleUserInfo req) {
|
public void removeByResource(RemoveRoleUserByResource req) {
|
||||||
|
List<Long> identityId = req.getIdentityId();
|
||||||
lambdaUpdate()
|
lambdaUpdate()
|
||||||
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
|
.eq(SaasRoleUserRelation::getIdentityType, req.getIdentityType().getCode())
|
||||||
.in(SaasRoleUserRelation::getRoleId, req.getRoleId())
|
.in(SaasRoleUserRelation::getRoleId,req.getRoleId())
|
||||||
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
|
.eq(SaasRoleUserRelation::getOuId, req.getOuId())
|
||||||
.eq(CollectionUtil.isNotEmpty(req.getIdentityInfos()), SaasRoleUserRelation::getIdentityId, req.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).collect(Collectors.toSet()))
|
.eq(CollectionUtil.isNotEmpty(identityId), SaasRoleUserRelation::getIdentityId, identityId)
|
||||||
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
|
.eq(SaasRoleUserRelation::getWorkspaceId, req.getWorkspaceId())
|
||||||
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
|
.eq(SaasRoleUserRelation::getResourceType, req.getResourceType())
|
||||||
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
|
.eq(SaasRoleUserRelation::getRoleId, req.getResourceId())
|
||||||
|
|||||||
@ -11,6 +11,7 @@ import cn.axzo.tyr.client.common.enums.SaasPositionEnum;
|
|||||||
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
|
import cn.axzo.tyr.client.model.BaseWorkspaceModel;
|
||||||
import cn.axzo.tyr.client.model.enums.IdentityType;
|
import cn.axzo.tyr.client.model.enums.IdentityType;
|
||||||
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
|
import cn.axzo.tyr.client.model.enums.WorkerLeaderRoleEnum;
|
||||||
|
import cn.axzo.tyr.client.model.roleuser.dto.IdentityInfo;
|
||||||
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
|
import cn.axzo.tyr.client.model.roleuser.dto.SuperAminInfoResp;
|
||||||
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
|
import cn.axzo.tyr.client.model.roleuser.req.CreateSuperAdminRoleParam;
|
||||||
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
|
import cn.axzo.tyr.client.model.roleuser.req.GantOrUnGantaWorkerLeaderRoleReq;
|
||||||
@ -19,6 +20,7 @@ import cn.axzo.tyr.client.model.roleuser.req.SuperAdminParam;
|
|||||||
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
|
import cn.axzo.tyr.client.model.roleuser.req.WorkerManagerRoleUserReq;
|
||||||
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
|
import cn.axzo.tyr.client.model.vo.SaasRoleGroupVO;
|
||||||
import cn.axzo.tyr.server.model.RoleUserInfo;
|
import cn.axzo.tyr.server.model.RoleUserInfo;
|
||||||
|
import cn.axzo.tyr.server.repository.dao.RemoveRoleUserByResource;
|
||||||
import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
|
import cn.axzo.tyr.server.repository.dao.SaasPgroupRoleRelationDao;
|
||||||
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
|
import cn.axzo.tyr.server.repository.dao.SaasRoleDao;
|
||||||
import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
|
import cn.axzo.tyr.server.repository.dao.SaasRoleGroupRelationDao;
|
||||||
@ -332,9 +334,7 @@ public class RoleUserService implements SaasRoleUserService {
|
|||||||
public void grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req) {
|
public void grantOrUngrantWorkerManager(WorkerManagerRoleUserReq req) {
|
||||||
// 查询出角色ID
|
// 查询出角色ID
|
||||||
List<SaasPgroupRoleRelation> saasPgroupRoleRelations = saasPgroupRoleRelationDao.listByIds(req.getPermissionGroupId());
|
List<SaasPgroupRoleRelation> saasPgroupRoleRelations = saasPgroupRoleRelationDao.listByIds(req.getPermissionGroupId());
|
||||||
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
List<SaasRole> roleInfos = saasRoleDao.findInitRole(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getRoleId).collect(Collectors.toSet()));
|
List<SaasRole> roleInfos = saasRoleDao.findInitRole(saasPgroupRoleRelations.stream().map(SaasPgroupRoleRelation::getRoleId).collect(Collectors.toSet()));
|
||||||
|
|
||||||
if (CollectionUtil.isEmpty(roleInfos)) {
|
if (CollectionUtil.isEmpty(roleInfos)) {
|
||||||
@ -342,47 +342,71 @@ public class RoleUserService implements SaasRoleUserService {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
RoleUserInfo roleUserBaseInfo = RoleUserInfo.builder()
|
RoleUserInfo roleUserBaseInfo = RoleUserInfo.builder()
|
||||||
.resourceType(req.getResourceType())
|
.roleUserResourceInfos(req.getManagerInfos().stream().map(e -> RoleUserInfo.RoleUserResourceInfo
|
||||||
.resourceId(req.getResourceId())
|
.builder()
|
||||||
.workspaceId(req.getWorkspaceId())
|
.workspaceId(e.getWorkspaceId())
|
||||||
.ouId(req.getOuId())
|
.ouId(e.getOuId())
|
||||||
.identityType(req.getIdentityType())
|
.resourceId(e.getResourceId())
|
||||||
.identityInfos(req.getIdentityInfos())
|
.identityInfos(e.getIdentityInfos())
|
||||||
|
.build()).collect(Collectors.toList()))
|
||||||
.roleId(roleInfos.stream().map(BaseEntity::getId).collect(Collectors.toSet()))
|
.roleId(roleInfos.stream().map(BaseEntity::getId).collect(Collectors.toSet()))
|
||||||
|
.identityType(req.getIdentityType())
|
||||||
|
.resourceType(req.getResourceType())
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
// 授权
|
// 授权
|
||||||
if (!req.isUngrant()) {
|
if (!req.isUngrant()) {
|
||||||
if (CollectionUtil.isEmpty(roleUserBaseInfo.getIdentityInfos())) {
|
if (CollectionUtil.isEmpty(roleUserBaseInfo.getRoleUserResourceInfos())) {
|
||||||
throw new ServiceException("grant team manager error, not found person info");
|
throw new ServiceException("grant team manager error, not found person info");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
|
||||||
|
// 未指定授权哪些角色
|
||||||
|
return;
|
||||||
|
}
|
||||||
List<SaasRoleUserRelation> exist = roleUserRelationDao.findByResource(roleUserBaseInfo);
|
List<SaasRoleUserRelation> exist = roleUserRelationDao.findByResource(roleUserBaseInfo);
|
||||||
Set<String> existKey = exist.stream().map(e -> KeysUtil.createKey(e.getNaturalPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), e.getResourceType(),e.getRoleId())).collect(Collectors.toSet());
|
Set<String> existKey = exist.stream().map(e -> KeysUtil.createKey(e.getNaturalPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), e.getResourceType(),e.getRoleId())).collect(Collectors.toSet());
|
||||||
// 防止重复插入数据,过滤一次原始数据
|
// 防止重复插入数据,过滤一次原始数据
|
||||||
// 第一个维度,人
|
|
||||||
roleUserRelationDao.saveBatch(roleUserBaseInfo.getIdentityInfos().stream().map(e -> {
|
|
||||||
// 第二个维度,角色
|
|
||||||
return roleUserBaseInfo.getRoleId().stream().map(roleId -> {
|
|
||||||
if (existKey.contains(KeysUtil.createKey(e.getPersonId(), roleUserBaseInfo.getOuId(), roleUserBaseInfo.getWorkspaceId(), roleUserBaseInfo.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
|
|
||||||
saasRoleUserRelation.setIdentityId(e.getIdentityId());
|
|
||||||
saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode());
|
|
||||||
saasRoleUserRelation.setRoleId(roleId);
|
|
||||||
saasRoleUserRelation.setNaturalPersonId(e.getPersonId());
|
|
||||||
saasRoleUserRelation.setOuId(req.getOuId());
|
|
||||||
saasRoleUserRelation.setWorkspaceId(req.getWorkspaceId());
|
|
||||||
saasRoleUserRelation.setResourceType(req.getResourceType());
|
|
||||||
saasRoleUserRelation.setResourceId(req.getResourceId());
|
|
||||||
return saasRoleUserRelation;
|
|
||||||
}).filter(Objects::nonNull).collect(Collectors.toList());
|
|
||||||
|
|
||||||
}).flatMap(Collection::stream).collect(Collectors.toList()));
|
roleUserRelationDao.saveBatch(
|
||||||
|
// 第一个维度,基础信息
|
||||||
|
roleUserBaseInfo.getRoleUserResourceInfos().stream().map(e -> {
|
||||||
|
|
||||||
|
// 第二个维度 人
|
||||||
|
return e.getIdentityInfos().stream().map(identityInfo -> {
|
||||||
|
|
||||||
|
// 第三个维度角色
|
||||||
|
return roleUserBaseInfo.getRoleId().stream().map(roleId -> {
|
||||||
|
|
||||||
|
if (existKey.contains(KeysUtil.createKey(identityInfo.getPersonId(), e.getOuId(), e.getWorkspaceId(), e.getResourceId(), roleUserBaseInfo.getResourceType(), roleId))) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
SaasRoleUserRelation saasRoleUserRelation = new SaasRoleUserRelation();
|
||||||
|
saasRoleUserRelation.setIdentityId(identityInfo.getIdentityId());
|
||||||
|
saasRoleUserRelation.setIdentityType(req.getIdentityType().getCode());
|
||||||
|
saasRoleUserRelation.setRoleId(roleId);
|
||||||
|
saasRoleUserRelation.setNaturalPersonId(identityInfo.getPersonId());
|
||||||
|
saasRoleUserRelation.setOuId(e.getOuId());
|
||||||
|
saasRoleUserRelation.setWorkspaceId(e.getWorkspaceId());
|
||||||
|
saasRoleUserRelation.setResourceType(roleUserBaseInfo.getResourceType());
|
||||||
|
saasRoleUserRelation.setResourceId(e.getResourceId());
|
||||||
|
return saasRoleUserRelation;
|
||||||
|
}).filter(Objects::nonNull).collect(Collectors.toList());
|
||||||
|
|
||||||
|
}).flatMap(List::stream).collect(Collectors.toList());
|
||||||
|
}).flatMap(List::stream).collect(Collectors.toList())
|
||||||
|
);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// 取消授权
|
// 取消授权
|
||||||
if (!req.isUngrantAll()) {
|
if (!req.isUngrantAll()) {
|
||||||
roleUserRelationDao.removeByResource(roleUserBaseInfo);
|
if (CollectionUtil.isEmpty(saasPgroupRoleRelations)) {
|
||||||
|
// 未指定取消授权哪些角色
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
batchRemoveByRoleUserInfo(roleUserBaseInfo);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// 取消所有权限
|
// 取消所有权限
|
||||||
@ -397,8 +421,25 @@ public class RoleUserService implements SaasRoleUserService {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
roleUserBaseInfo.setRoleId(roleIds);
|
roleUserBaseInfo.setRoleId(roleIds);
|
||||||
roleUserRelationDao.removeByResource(roleUserBaseInfo);
|
|
||||||
|
batchRemoveByRoleUserInfo(roleUserBaseInfo);
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void batchRemoveByRoleUserInfo(RoleUserInfo roleUserBaseInfo) {
|
||||||
|
roleUserBaseInfo.getRoleUserResourceInfos().forEach(e -> {
|
||||||
|
|
||||||
|
roleUserRelationDao.removeByResource(RemoveRoleUserByResource.builder()
|
||||||
|
.ouId(e.getOuId())
|
||||||
|
.workspaceId(e.getWorkspaceId())
|
||||||
|
.resourceId(e.getResourceId())
|
||||||
|
.resourceType(roleUserBaseInfo.getResourceType())
|
||||||
|
.identityId(e.getIdentityInfos().stream().map(IdentityInfo::getIdentityId).distinct().collect(Collectors.toList()))
|
||||||
|
.identityType(roleUserBaseInfo.getIdentityType())
|
||||||
|
.roleId(roleUserBaseInfo.getRoleId())
|
||||||
|
.build());
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user