From fb2ae4928e5ecdfeb74d3f1e99a538c631bf44dd Mon Sep 17 00:00:00 2001 From: zhansihu Date: Fri, 26 Jan 2024 18:13:41 +0800 Subject: [PATCH] =?UTF-8?q?feat(2046-permission):=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E7=BB=BC=E5=90=88=E7=AE=A1=E7=90=86=E5=92=8C?= =?UTF-8?q?=E6=99=AE=E9=80=9A=E8=A7=92=E8=89=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/impl/TyrSaasAuthServiceImpl.java | 82 +++++++++---------- 1 file changed, 39 insertions(+), 43 deletions(-) diff --git a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java index 67c677b5..4e3d868c 100644 --- a/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java +++ b/tyr-server/src/main/java/cn/axzo/tyr/server/service/impl/TyrSaasAuthServiceImpl.java @@ -40,6 +40,7 @@ import cn.azxo.framework.common.model.CommonResponse; import cn.azxo.framework.common.utils.LogUtil; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.date.StopWatch; +import cn.hutool.core.lang.Pair; import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.BooleanUtil; import cn.hutool.core.util.NumberUtil; @@ -354,27 +355,47 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { Set roles = ouwRoleInfo.getRoles(); if (CollectionUtil.isEmpty(roles)) { + log.warn("no roles for ou:{} workspace:{}", ouwRoleInfo.getOuId(), ouwRoleInfo.getWorkspaceId()); return resultPermission; } //超管和管理员权限 - boolean hasAdminPermission = buildAdminPermission(ouwRoleInfo, productFeatures, resultPermission); - if (hasAdminPermission) { - //有管理员角色 不再需要处理其他角色 - return resultPermission; - } - + Pair> adminPermissions = buildAdminPermission(ouwRoleInfo, productFeatures); //标准角和自定义角色权限 - buildNormalPermission(ouwRoleInfo, productFeatures, resultPermission); + Set normalPermissions = buildNormalPermission(ouwRoleInfo, productFeatures); + Set allPermissionIds = new HashSet<>(); + allPermissionIds.addAll(adminPermissions.getValue()); + allPermissionIds.addAll(normalPermissions); + + //查询权限点及父级权限点 + List allPermissionPoint = permissionPointService.listPermissionByIds( + QueryPermissionByIdsReq.builder() + .ids(allPermissionIds) + .includeParent(true) + .build()); + //组装返回值 + //是否超管 + resultPermission.setSuperAdmin(BooleanUtil.isTrue(adminPermissions.getKey())); + //权限数据 + resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream() + .map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder() + .featureCode(permissionPointTreeNode.getCode()) + .featureId(permissionPointTreeNode.getId()) + .terminal(permissionPointTreeNode.getTerminal()) + .build()) + .collect(Collectors.toList())); + return resultPermission; } - private void buildNormalPermission(OUWRoleInfo userRoleInfoMap, List productFeatures, IdentityAuthRes.WorkspacePermission resultPermission) { + private Set buildNormalPermission(OUWRoleInfo userRoleInfoMap, List productFeatures) { + log.info("build permission for ou:{}, workspace:{}", userRoleInfoMap.getOuId(), userRoleInfoMap.getWorkspaceId()); Set allMatchedProductFeatureIds = new HashSet<>(); Set allAuthPermissionIds = new HashSet<>(); //聚合实际授权的权限:角色权限和产品权限交集 for (SaasRoleVO role : userRoleInfoMap.getRoles()) { + log.info("build permission for role:{}", role.getId()); Set rolePermissionIds = role.getMatchFeature(userRoleInfoMap.getWorkspaceId(), userRoleInfoMap.ouId) .stream() .map(PermissionPointTreeNode::getPermissionPointId) @@ -388,6 +409,7 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { // 产品对应权限点 与 角色权限点 取交集 Collection resultHashAuthPointId = CollectionUtil.intersection(productPermissionIds, rolePermissionIds); if (CollectionUtil.isNotEmpty(resultHashAuthPointId)) { + log.info("add auth permission for role:{}", role.getId()); allAuthPermissionIds.addAll(resultHashAuthPointId); } } @@ -398,25 +420,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { .build()); allAuthPermissionIds.addAll(noNeedPermissionPoint.stream().map(PermissionPointTreeNode::getPermissionPointId).collect(Collectors.toSet())); - //查询权限点及父级权限点 - List allPermissionPoint = permissionPointService.listPermissionByIds( - QueryPermissionByIdsReq.builder() - .ids(new HashSet<>(allAuthPermissionIds)) - .includeParent(true) - .build()); - //构建返回值 - resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream() - .map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder() - .featureCode(permissionPointTreeNode.getCode()) - .featureId(permissionPointTreeNode.getId()) - .terminal(permissionPointTreeNode.getTerminal()) - // .featureType(FeatureType.apply(permissionPointTreeNode.getFeatureType())) - .build()) - .collect(Collectors.toList())); + return allAuthPermissionIds; } - private boolean buildAdminPermission(OUWRoleInfo userRoleInfoMap, List productFeatures, - IdentityAuthRes.WorkspacePermission resultPermission) { + private Pair> buildAdminPermission(OUWRoleInfo userRoleInfoMap, List productFeatures) { + Boolean superAdmin = false; //超管和管理员角色 List adminRoles = userRoleInfoMap.getRoles().stream() .filter(r -> RoleTypeEnum.SUPER_ADMIN.getValue().equals(r.getRoleType()) @@ -424,15 +432,17 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { .collect(Collectors.toList()); if (CollectionUtil.isEmpty(adminRoles)) { log.info("no admin roles"); - return false; + return Pair.of(superAdmin, Collections.emptySet()); } + log.info("build admin permission for ou:{}, workspace:{}", userRoleInfoMap.getOuId(), userRoleInfoMap.getWorkspaceId()); + //聚合超管和管理员的权限点: 直接取角色标签和产品标签相匹配的权限点 Set permissionIds = new HashSet<>(); for (SaasRoleVO adminRole : adminRoles) { //超管:查询工作台对应产品,获取权限点, ( 权限点通过单位类型过滤) if (RoleTypeEnum.SUPER_ADMIN.getValue().equals(adminRole.getRoleType())) { - resultPermission.setSuperAdmin(true); + superAdmin = true; } //角色标签类型匹配产品标签类型 Set buttonPermissionPointId = productFeatures.stream() @@ -445,25 +455,11 @@ public class TyrSaasAuthServiceImpl implements TyrSaasAuthService { log.warn("empty permission for admin role:{}", adminRole.getId()); continue; } + log.info("add all permissions for role:{}", adminRole.getId()); permissionIds.addAll(buttonPermissionPointId); } - //查询权限点及父级权限点 - List allPermissionPoint = permissionPointService.listPermissionByIds( - QueryPermissionByIdsReq.builder() - .ids(permissionIds) - .includeParent(true) - .build()); - //组装返回值 - resultPermission.getPermissionPoint().addAll(allPermissionPoint.stream() - .map(permissionPointTreeNode -> IdentityAuthRes.PermissionPoint.builder() - .featureCode(permissionPointTreeNode.getCode()) - .featureId(permissionPointTreeNode.getId()) - .terminal(permissionPointTreeNode.getTerminal()) - .build()) - .collect(Collectors.toList())); - - return true; + return Pair.of(superAdmin, permissionIds); } private List listRolesWithPermission(List roleUserRelations, IdentityAuthReq identityAuthReq) {