feat(2046-permission): 权限查询综合管理和普通角色
This commit is contained in:
zhansihu
parent
38ca0a3d3a
commit
fb2ae4928e
@ -40,6 +40,7 @@ import cn.azxo.framework.common.model.CommonResponse;
|
||||
import cn.azxo.framework.common.utils.LogUtil;
|
||||
import cn.hutool.core.collection.CollectionUtil;
|
||||
import cn.hutool.core.date.StopWatch;
|
||||
import cn.hutool.core.lang.Pair;
|
||||
import cn.hutool.core.util.ArrayUtil;
|
||||
import cn.hutool.core.util.BooleanUtil;
|
||||
import cn.hutool.core.util.NumberUtil;
|
||||
@ -354,27 +355,47 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
|
||||
Set<SaasRoleVO> roles = ouwRoleInfo.getRoles();
|
||||
if (CollectionUtil.isEmpty(roles)) {
|
||||
log.warn("no roles for ou:{} workspace:{}", ouwRoleInfo.getOuId(), ouwRoleInfo.getWorkspaceId());
|
||||
return resultPermission;
|
||||
}
|
||||
|
||||
//超管和管理员权限
|
||||
boolean hasAdminPermission = buildAdminPermission(ouwRoleInfo, productFeatures, resultPermission);
|
||||
if (hasAdminPermission) {
|
||||
//有管理员角色 不再需要处理其他角色
|
||||
return resultPermission;
|
||||
}
|
||||
|
||||
Pair<Boolean, Set<Long>> adminPermissions = buildAdminPermission(ouwRoleInfo, productFeatures);
|
||||
//标准角和自定义角色权限
|
||||
buildNormalPermission(ouwRoleInfo, productFeatures, resultPermission);
|
||||
Set<Long> normalPermissions = buildNormalPermission(ouwRoleInfo, productFeatures);
|
||||
Set<Long> allPermissionIds = new HashSet<>();
|
||||
allPermissionIds.addAll(adminPermissions.getValue());
|
||||
allPermissionIds.addAll(normalPermissions);
|
||||
|
||||
//查询权限点及父级权限点
|
||||
List<SimplePermissionPointResp> allPermissionPoint = permissionPointService.listPermissionByIds(
|
||||
QueryPermissionByIdsReq.builder()
|
||||
.ids(allPermissionIds)
|
||||
.includeParent(true)
|
||||
.build());
|
||||
//组装返回值
|
||||
//是否超管
|
||||
resultPermission.setSuperAdmin(BooleanUtil.isTrue(adminPermissions.getKey()));
|
||||
//权限数据
|
||||
resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
||||
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
||||
.featureCode(permissionPointTreeNode.getCode())
|
||||
.featureId(permissionPointTreeNode.getId())
|
||||
.terminal(permissionPointTreeNode.getTerminal())
|
||||
.build())
|
||||
.collect(Collectors.toList()));
|
||||
|
||||
return resultPermission;
|
||||
}
|
||||
|
||||
private void buildNormalPermission(OUWRoleInfo userRoleInfoMap, List<ProductFeatureRelationVO> productFeatures, IdentityAuthRes.WorkspacePermission resultPermission) {
|
||||
private Set<Long> buildNormalPermission(OUWRoleInfo userRoleInfoMap, List<ProductFeatureRelationVO> productFeatures) {
|
||||
|
||||
log.info("build permission for ou:{}, workspace:{}", userRoleInfoMap.getOuId(), userRoleInfoMap.getWorkspaceId());
|
||||
Set<Long> allMatchedProductFeatureIds = new HashSet<>();
|
||||
Set<Long> allAuthPermissionIds = new HashSet<>();
|
||||
//聚合实际授权的权限:角色权限和产品权限交集
|
||||
for (SaasRoleVO role : userRoleInfoMap.getRoles()) {
|
||||
log.info("build permission for role:{}", role.getId());
|
||||
Set<Long> rolePermissionIds = role.getMatchFeature(userRoleInfoMap.getWorkspaceId(), userRoleInfoMap.ouId)
|
||||
.stream()
|
||||
.map(PermissionPointTreeNode::getPermissionPointId)
|
||||
@ -388,6 +409,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
// 产品对应权限点 与 角色权限点 取交集
|
||||
Collection<Long> resultHashAuthPointId = CollectionUtil.intersection(productPermissionIds, rolePermissionIds);
|
||||
if (CollectionUtil.isNotEmpty(resultHashAuthPointId)) {
|
||||
log.info("add auth permission for role:{}", role.getId());
|
||||
allAuthPermissionIds.addAll(resultHashAuthPointId);
|
||||
}
|
||||
}
|
||||
@ -398,25 +420,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
.build());
|
||||
allAuthPermissionIds.addAll(noNeedPermissionPoint.stream().map(PermissionPointTreeNode::getPermissionPointId).collect(Collectors.toSet()));
|
||||
|
||||
//查询权限点及父级权限点
|
||||
List<SimplePermissionPointResp> allPermissionPoint = permissionPointService.listPermissionByIds(
|
||||
QueryPermissionByIdsReq.builder()
|
||||
.ids(new HashSet<>(allAuthPermissionIds))
|
||||
.includeParent(true)
|
||||
.build());
|
||||
//构建返回值
|
||||
resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
||||
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
||||
.featureCode(permissionPointTreeNode.getCode())
|
||||
.featureId(permissionPointTreeNode.getId())
|
||||
.terminal(permissionPointTreeNode.getTerminal())
|
||||
// .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType()))
|
||||
.build())
|
||||
.collect(Collectors.toList()));
|
||||
return allAuthPermissionIds;
|
||||
}
|
||||
|
||||
private boolean buildAdminPermission(OUWRoleInfo userRoleInfoMap, List<ProductFeatureRelationVO> productFeatures,
|
||||
IdentityAuthRes.WorkspacePermission resultPermission) {
|
||||
private Pair<Boolean, Set<Long>> buildAdminPermission(OUWRoleInfo userRoleInfoMap, List<ProductFeatureRelationVO> productFeatures) {
|
||||
Boolean superAdmin = false;
|
||||
//超管和管理员角色
|
||||
List<SaasRoleVO> adminRoles = userRoleInfoMap.getRoles().stream()
|
||||
.filter(r -> RoleTypeEnum.SUPER_ADMIN.getValue().equals(r.getRoleType())
|
||||
@ -424,15 +432,17 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
.collect(Collectors.toList());
|
||||
if (CollectionUtil.isEmpty(adminRoles)) {
|
||||
log.info("no admin roles");
|
||||
return false;
|
||||
return Pair.of(superAdmin, Collections.emptySet());
|
||||
}
|
||||
|
||||
log.info("build admin permission for ou:{}, workspace:{}", userRoleInfoMap.getOuId(), userRoleInfoMap.getWorkspaceId());
|
||||
|
||||
//聚合超管和管理员的权限点: 直接取角色标签和产品标签相匹配的权限点
|
||||
Set<Long> permissionIds = new HashSet<>();
|
||||
for (SaasRoleVO adminRole : adminRoles) {
|
||||
//超管:查询工作台对应产品,获取权限点, ( 权限点通过单位类型过滤)
|
||||
if (RoleTypeEnum.SUPER_ADMIN.getValue().equals(adminRole.getRoleType())) {
|
||||
resultPermission.setSuperAdmin(true);
|
||||
superAdmin = true;
|
||||
}
|
||||
//角色标签类型匹配产品标签类型
|
||||
Set<Long> buttonPermissionPointId = productFeatures.stream()
|
||||
@ -445,25 +455,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService {
|
||||
log.warn("empty permission for admin role:{}", adminRole.getId());
|
||||
continue;
|
||||
}
|
||||
log.info("add all permissions for role:{}", adminRole.getId());
|
||||
permissionIds.addAll(buttonPermissionPointId);
|
||||
}
|
||||
|
||||
//查询权限点及父级权限点
|
||||
List<SimplePermissionPointResp> allPermissionPoint = permissionPointService.listPermissionByIds(
|
||||
QueryPermissionByIdsReq.builder()
|
||||
.ids(permissionIds)
|
||||
.includeParent(true)
|
||||
.build());
|
||||
//组装返回值
|
||||
resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream()
|
||||
.map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder()
|
||||
.featureCode(permissionPointTreeNode.getCode())
|
||||
.featureId(permissionPointTreeNode.getId())
|
||||
.terminal(permissionPointTreeNode.getTerminal())
|
||||
.build())
|
||||
.collect(Collectors.toList()));
|
||||
|
||||
return true;
|
||||
return Pair.of(superAdmin, permissionIds);
|
||||
}
|
||||
|
||||
private List<OUWRoleInfo> listRolesWithPermission(List<SaasRoleUserRelation> roleUserRelations, IdentityAuthReq identityAuthReq) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user