From 9f1d40240fb1b59ee03c00fd6bee3e5acb7054bb Mon Sep 17 00:00:00 2001 From: wxz Date: Sat, 25 Apr 2020 14:28:26 +0800 Subject: [PATCH] =?UTF-8?q?1.=E6=9D=83=E9=99=90=E8=BF=87=E6=BB=A4-?= =?UTF-8?q?=E5=9F=BA=E6=9C=AC=E5=AE=8C=E6=88=90=E4=B8=8B=E7=BA=A7=E7=B3=BB?= =?UTF-8?q?=E5=88=97=EF=BC=8C=E9=98=B6=E6=AE=B5=E6=80=A7=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mybatis/aspect/DataFilterAspect.java | 232 +++++++++++++++--- .../mybatis/constant/OpeScopeConstant.java | 17 ++ .../mybatis/dto/form/OperationScopeDTO.java | 87 +++++++ .../dto/form/OperationScopeFormDTO.java | 18 ++ .../dto/form/StaffPermCacheResultDTO.java | 25 ++ .../mybatis/feign/GovAccessFeignClient.java | 17 +- .../GovAccessFeignClientFallback.java | 12 +- .../commons/tools/aspect/AccessOpeAspect.java | 2 - .../tools/security/dto/GovTokenDto.java | 23 +- .../java/com/epmet/dto/OperationScopeDTO.java | 81 ++++++ .../main/java/com/epmet/dto/RoleScopeDTO.java | 86 +++++++ .../epmet/dto/form/OperationScopeFormDTO.java | 18 ++ .../epmet/dto/form/StaffPermCacheFormDTO.java | 10 + .../dto/result/StaffPermCacheResultDTO.java | 26 ++ .../epmet/controller/AccessController.java | 49 +++- .../java/com/epmet/dao/OperationScopeDao.java | 45 ++++ .../main/java/com/epmet/dao/RoleScopeDao.java | 33 +++ .../epmet/entity/OperationScopeEntity.java | 51 ++++ .../com/epmet/entity/RoleScopeEntity.java | 56 +++++ .../com/epmet/redis/OperationScopeRedis.java | 47 ++++ .../java/com/epmet/redis/RoleScopeRedis.java | 47 ++++ .../java/com/epmet/service/AccessService.java | 16 +- .../epmet/service/OperationScopeService.java | 95 +++++++ .../com/epmet/service/RoleScopeService.java | 95 +++++++ .../epmet/service/impl/AccessServiceImpl.java | 29 ++- .../impl/OperationScopeServiceImpl.java | 104 ++++++++ .../service/impl/RoleScopeServiceImpl.java | 104 ++++++++ .../db.migration/epmet_gov_access.sql | 3 +- .../resources/mapper/OperationScopeDao.xml | 29 +++ .../main/resources/mapper/RoleScopeDao.xml | 20 ++ .../epmet/controller/AccessController.java | 2 +- .../com/epmet/feign/GovOrgFeignClient.java | 8 + .../fallback/GovOrgFeignClientFallBack.java | 6 + .../epmet/service/impl/AccessServiceImpl.java | 47 +++- .../epmet/controller/AgencyController.java | 25 +- .../java/com/epmet/service/AgencyService.java | 8 + .../epmet/service/impl/AgencyServiceImpl.java | 5 + .../mapper/CustomerStaffDepartmentDao.xml | 2 +- .../java/com/epmet/dto/GovStaffRoleDTO.java | 2 +- .../epmet/controller/StaffRoleController.java | 4 +- .../com/epmet/service/StaffRoleService.java | 3 +- .../service/impl/StaffRoleServiceImpl.java | 4 +- 42 files changed, 1512 insertions(+), 81 deletions(-) create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/OpeScopeConstant.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeFormDTO.java create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/OperationScopeDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleScopeDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/OperationScopeFormDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/OperationScopeEntity.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleScopeEntity.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/OperationScopeService.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/RoleScopeService.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml create mode 100644 epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java index 14ce3af0a1..b9431a6c48 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java @@ -1,19 +1,21 @@ /** * Copyright (c) 2018 人人开源 All rights reserved. - * + *

* https://www.renren.io - * + *

* 版权所有,侵权必究! */ package com.epmet.commons.mybatis.aspect; +import com.epmet.commons.mybatis.constant.OpeScopeConstant; +import com.epmet.commons.mybatis.dto.form.OperationScopeDTO; +import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO; import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO; import com.epmet.commons.mybatis.entity.DataScope; import com.epmet.commons.mybatis.feign.GovAccessFeignClient; import com.epmet.commons.tools.aspect.AccessOpeAspect; import com.epmet.commons.tools.exception.EpmetErrorCode; -import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.security.user.LoginUserUtil; import com.epmet.commons.tools.utils.Result; @@ -27,9 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; -import java.util.Arrays; -import java.util.List; -import java.util.Set; +import java.util.*; /** * 数据过滤,切面处理类 @@ -49,6 +49,8 @@ public class DataFilterAspect { @Autowired private GovAccessFeignClient govAccessFeignClient; + public static final String orgIdPathSpliter = ":"; + @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)") public void dataFilter(JoinPoint point) { // 反射的方式 @@ -60,20 +62,39 @@ public class DataFilterAspect { // } //} - String reqiurePermission = AccessOpeAspect.requirePermissionTl.get(); + String requirePermission = AccessOpeAspect.requirePermissionTl.get(); // 没有配置所需权限,不做操作,打印提示日志 - if (StringUtils.isBlank(reqiurePermission)) { + if (StringUtils.isBlank(requirePermission)) { log.warn("Api编码需要指定所需权限,请在Api上使用@RequirePermission注解完成所需权限配置"); return; } + StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO(); + staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp()); + staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient()); + staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId()); + Result result = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO); + + if (result.getCode() != 0) { + // 查询不到权限,记录日志,抛出8000异常 + log.error("调用Access查询权限失败:{}", result.getMsg()); + throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); + } + + StaffPermCacheResultDTO permCacheResultDTO = result.getData(); + + if (permCacheResultDTO == null || CollectionUtils.isEmpty(permCacheResultDTO.getPermissions())) { + log.error("操作权限不足,查询不到权限"); + throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode()); + } + // 校验操作权限 - validateOpePermission(reqiurePermission); + validateOpePermission(permCacheResultDTO.getPermissions(), requirePermission); Object[] methodArgs = point.getArgs(); for (Object methodArg : methodArgs) { if (methodArg instanceof DataScope) { - ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment()); + ((DataScope) methodArg).setSqlFilter(getSqlFilterSegment(permCacheResultDTO.getRoleIdList(), requirePermission, permCacheResultDTO.getOrgIdPath())); return; } } @@ -84,38 +105,187 @@ public class DataFilterAspect { /** * 校验操作权限 */ - private void validateOpePermission(String requirePermission) { - StaffPermissionFormDTO staffPermissionFormDTO = new StaffPermissionFormDTO(); - staffPermissionFormDTO.setApp(loginUserUtil.getLoginUserApp()); - staffPermissionFormDTO.setClient(loginUserUtil.getLoginUserClient()); - staffPermissionFormDTO.setStaffId(loginUserUtil.getLoginUserId()); - Result> permissions = govAccessFeignClient.getStaffCurrPermissions(staffPermissionFormDTO); - if (permissions.getCode() != 0) { - // 查询不到权限,记录日志,抛出8000异常 - log.error("调用Access查询权限失败:{}", permissions.getMsg()); - throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); + private void validateOpePermission(Set permissions, String reqiurePermission) { + if (!permissions.contains(reqiurePermission)) { + // 权限不足 + log.error("操作权限不足"); + throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode()); } - - if (!CollectionUtils.isEmpty(permissions.getData()) && StringUtils.isNotBlank(requirePermission) - && permissions.getData().contains(requirePermission)) { - // 权限允许,正常结束 - return; - } - // 权限不足抛出异常 - throw new RenException(EpmetErrorCode.REQUIRE_PERMISSION.getCode()); } /** * 生成过滤sql片段 + * * @return */ - private String getSqlFilterSegment() { + private String getSqlFilterSegment(Set roleIds, String reqiurePermission, String orgIdPath) { // 根据角色列表查询操作范围列表 + // todo 暂停,先模拟数据 + //roleIds.forEach(roleId -> { + // OperationScopeFormDTO osformDto = new OperationScopeFormDTO(); + // osformDto.setRoleId(roleId); + // osformDto.setOperationKey(reqiurePermission); + // Result> result = govAccessFeignClient.getOperationScopesByRoleId(osformDto); + // List scopeDTOS = result.getData(); + //}); + Set scopeDTOS = genScopeDtos(); - // 拼接sql语句 + // 过滤有效范围 + HashSet scopes = filteScopes(scopeDTOS); + + // 取出父组织ID path 和当前组织ID + String pOrgPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter)); + String currOrgPath = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1); + StringBuilder sb = new StringBuilder(" AND ("); + getOrgScopeSql(sb, scopes, currOrgPath, pOrgPath); + sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, ""); + sb.append(") "); + // 拼接sql语句 + sb.replace(141,142,""); // TODO - return "dept_id in (1,2,3)"; + return ""; + } + + /** + * 计算范围过滤sql + * @param scopes + * @param currOrg + * @param pOrgPath + * @return + */ + private void getOrgScopeSql(StringBuilder sb,HashSet scopes, String currOrg, String pOrgPath) { + for (String scope : scopes) { + switch (scope) { + case OpeScopeConstant.ORG_CURR: + getAgencyCurrScopedSql(sb, currOrg); + sb.append(" OR "); + break; + case OpeScopeConstant.ORG_CURR_AND_SUB: + getAgencyCurrAndSubScopedSql(sb, pOrgPath); + sb.append(" OR "); + break; + case OpeScopeConstant.ORG_CURR_SUB: + getAgencyCurrSubScopedSql(sb, pOrgPath, currOrg); + sb.append(" OR "); + break; + case OpeScopeConstant.ORG_EQUAL: + // todo 同级 + //sb.append(" OR "); + break; + case OpeScopeConstant.ORG_EQUAL_AND_SUB: + // todo 同级及其子级 + //sb.append(" OR "); + break; + case OpeScopeConstant.ORG_EQUAL_SUB: + // todo 同级的子级 + //sb.append(" OR "); + break; + } + } + } + + /** + * 本身 + * @param sb + * @param orgId + */ + public void getAgencyCurrScopedSql(StringBuilder sb,String orgId) { + sb.append(" ORG_ID = ").append(orgId); + } + + /** + * 本身及子级 + * @param sb + * @param pOrgIdPath + */ + public void getAgencyCurrAndSubScopedSql(StringBuilder sb,String pOrgIdPath) { + sb.append(" ORG_ID_PATH like '").append(pOrgIdPath).append("%'"); + } + + /** + * 子级组织(不含本身) + * @param sb + */ + public void getAgencyCurrSubScopedSql(StringBuilder sb,String pOrgIdPath, String currOrgIdPath) { + sb.append("ORG_ID_PATH like '").append(pOrgIdPath).append(orgIdPathSpliter).append(currOrgIdPath).append("%'"); + } + + /** + * 过滤有效范围 + * + * @param scopeDTOS + * @return + */ + private HashSet filteScopes(Set scopeDTOS) { + HashMap filtedScopes = new HashMap<>(); + + for (OperationScopeDTO scope : scopeDTOS) { + String scopeIndex = scope.getScopeIndex(); + String[] currArr = scopeIndex.split("_"); + if ("0".equals(currArr[1])) { + // 为0,说明没有包含关系,直接放入 + filtedScopes.put(scopeIndex, scope); + continue; + } + + OperationScopeDTO tempScope = filtedScopes.get(currArr[0]); + if (tempScope != null) { + // 已经有ac开头的了 + String tempScopeIndex = tempScope.getScopeIndex(); + if (Integer.valueOf(currArr[1]) < Integer.valueOf(tempScopeIndex.split("_")[1])) { + filtedScopes.put(currArr[0], scope); + } + } else { + filtedScopes.put(currArr[0], scope); + } + } + HashSet scopeStrs = new HashSet<>(); + Set> entries = filtedScopes.entrySet(); + for (Map.Entry entry : entries) { + scopeStrs.add(entry.getValue().getScopeKey()); + } + return scopeStrs; + } + + /** + * 模拟范围数据 + * + * @return + */ + private Set genScopeDtos() { + OperationScopeDTO scopeDTO1 = new OperationScopeDTO(); + scopeDTO1.setScopeKey("org_curr"); + scopeDTO1.setScopeName("本机关"); + scopeDTO1.setScopeIndex("ac_0"); + + OperationScopeDTO scopeDTO2 = new OperationScopeDTO(); + scopeDTO2.setScopeKey("org_curr_and_sub"); + scopeDTO2.setScopeName("本机关及下级"); + scopeDTO2.setScopeIndex("ac_501"); + + OperationScopeDTO scopeDTO3 = new OperationScopeDTO(); + scopeDTO3.setScopeKey("org_curr_sub"); + scopeDTO3.setScopeName("本机关的下级"); + scopeDTO3.setScopeIndex("ac_502"); + + OperationScopeDTO scopeDTO4 = new OperationScopeDTO(); + scopeDTO4.setScopeKey("org_equal_and_sub"); + scopeDTO4.setScopeName("同级机关及下级"); + scopeDTO4.setScopeIndex("ae_601"); + + OperationScopeDTO scopeDTO5 = new OperationScopeDTO(); + scopeDTO5.setScopeKey("org_equal_sub"); + scopeDTO5.setScopeName("同级机关的下级"); + scopeDTO5.setScopeIndex("ae_602"); + + Set scopeDTOS = new HashSet<>(); + scopeDTOS.add(scopeDTO1); + scopeDTOS.add(scopeDTO2); + scopeDTOS.add(scopeDTO3); + scopeDTOS.add(scopeDTO4); + scopeDTOS.add(scopeDTO5); + return scopeDTOS; } ///** diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/OpeScopeConstant.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/OpeScopeConstant.java new file mode 100644 index 0000000000..3d415ffb30 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/OpeScopeConstant.java @@ -0,0 +1,17 @@ +package com.epmet.commons.mybatis.constant; + +public class OpeScopeConstant { + //"同级组织的下级" + public static final String ORG_EQUAL_SUB = "org_equal_sub"; + //"同级组织及下级" + public static final String ORG_EQUAL_AND_SUB = "org_equal_and_sub"; + //"同级组织" + public static final String ORG_EQUAL = "org_equal"; + //"本组织的下级" + public static final String ORG_CURR_SUB = "org_curr_sub"; + //"本组织及下级" + public static final String ORG_CURR_AND_SUB = "org_curr_and_sub"; + //"本组织" + public static final String ORG_CURR = "org_curr"; + +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java new file mode 100644 index 0000000000..494cff66b9 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeDTO.java @@ -0,0 +1,87 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.commons.mybatis.dto.form; + +import lombok.Data; + +import java.io.Serializable; +import java.util.Date; + + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Data +public class OperationScopeDTO implements Serializable { + + private static final long serialVersionUID = 1L; + + /** + * id + */ + private String id; + + /** + * 范围key + */ + private String scopeKey; + + /** + * 范围名称 + */ + private String scopeName; + + /** + * 范围序号 + */ + private String scopeIndex; + + /** + * 是否删除,0:未删除,1:已删除 + */ + private Integer delFlag; + + /** + * 乐观锁 + */ + private Integer revision; + + /** + * 创建者id + */ + private String createdBy; + + /** + * 创建时间 + */ + private Date createdTime; + + /** + * 更新者id + */ + private String updatedBy; + + /** + * 更新时间 + */ + private Date updatedTime; + +} \ No newline at end of file diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeFormDTO.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeFormDTO.java new file mode 100644 index 0000000000..fe5aca825b --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/OperationScopeFormDTO.java @@ -0,0 +1,18 @@ +package com.epmet.commons.mybatis.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class OperationScopeFormDTO { + + public interface ListOperationScopeGroup {} + + @NotBlank(message = "角色ID不能为空", groups = {ListOperationScopeGroup.class}) + private String roleId; + + @NotBlank(message = "操作的key不能为空", groups = {ListOperationScopeGroup.class}) + private String operationKey; + +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java new file mode 100644 index 0000000000..6f37ef7033 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/StaffPermCacheResultDTO.java @@ -0,0 +1,25 @@ +package com.epmet.commons.mybatis.dto.form; + +import lombok.Data; + +import java.util.Set; + +@Data +public class StaffPermCacheResultDTO { + + /** + * 权限列表 + */ + private Set permissions; + + /** + * 角色列表 + */ + private Set roleIdList; + + /** + * 机构Id + */ + private String orgIdPath; + +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java index 198d996bc9..4d04adc835 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java @@ -1,12 +1,17 @@ package com.epmet.commons.mybatis.feign; +import com.epmet.commons.mybatis.dto.form.OperationScopeDTO; +import com.epmet.commons.mybatis.dto.form.OperationScopeFormDTO; +import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO; import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO; import com.epmet.commons.mybatis.feign.fallback.GovAccessFeignClientFallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.Result; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import java.util.List; import java.util.Set; /** @@ -17,10 +22,18 @@ import java.util.Set; public interface GovAccessFeignClient { /** - * 查询用户当前权限列表(DataFilterAspect中用到) + * 查询用户当前权限列表 * @return */ @PostMapping("/gov/access/access/getcurrpermissions") - Result> getStaffCurrPermissions(StaffPermissionFormDTO dto); + Result getStaffCurrPermissions(StaffPermissionFormDTO dto); + + /** + * 查询角色的操作key对应操作范围列表 + * @param operationScopeFormDTO + * @return + */ + @PostMapping("/gov/access/access/operationscopes") + Result> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO); } diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java index 3c5ccd599b..2f5b9287a1 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java @@ -1,5 +1,8 @@ package com.epmet.commons.mybatis.feign.fallback; +import com.epmet.commons.mybatis.dto.form.OperationScopeDTO; +import com.epmet.commons.mybatis.dto.form.OperationScopeFormDTO; +import com.epmet.commons.mybatis.dto.form.StaffPermCacheResultDTO; import com.epmet.commons.mybatis.dto.form.StaffPermissionFormDTO; import com.epmet.commons.mybatis.feign.GovAccessFeignClient; import com.epmet.commons.tools.constant.ServiceConstant; @@ -7,7 +10,7 @@ import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; import org.springframework.stereotype.Component; -import java.util.Set; +import java.util.List; /** * 调用政府端权限 @@ -19,7 +22,12 @@ import java.util.Set; public class GovAccessFeignClientFallback implements GovAccessFeignClient { @Override - public Result> getStaffCurrPermissions(StaffPermissionFormDTO dto) { + public Result getStaffCurrPermissions(StaffPermissionFormDTO dto) { return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getStaffCurrPermissions", dto); } + + @Override + public Result> getOperationScopesByRoleId(OperationScopeFormDTO operationScopeFormDTO) { + return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "getOperationScopesByRoleId", operationScopeFormDTO); + } } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java index eeeedc6508..72070ee6e1 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java @@ -37,8 +37,6 @@ public class AccessOpeAspect { RequirePermission requirePermissionAnno = methodSignature.getMethod().getAnnotation(RequirePermission.class); String key = requirePermissionAnno.key(); String desc = requirePermissionAnno.desc(); - System.out.println(key); - System.out.println(desc); // 放入ThreadLocal,供DataFilterAspect中使用 requirePermissionTl.set(key); diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java index 7088bb10a3..49d6cb15a3 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/dto/GovTokenDto.java @@ -34,6 +34,16 @@ public class GovTokenDto extends BaseTokenDto implements Serializable { */ private String customerId; + /** + * 过期时间戳 + */ + private Long expireTime; + + /** + * 最后一次更新时间 + */ + private long updateTime; + /** * 当前登录的组织id(顶级) */ @@ -55,18 +65,13 @@ public class GovTokenDto extends BaseTokenDto implements Serializable { private List deptIdList; /** - * 过期时间戳 - */ - private Long expireTime; - - /** - * 最后一次更新时间 + * 功能权限列表,实际上是gov_staff => staff_role => role_operation查询到的operationKey */ - private long updateTime; + private Set permissions; /** - * 功能权限列表,实际上是gov_staff => staff_role => role_operation查询到的operationKey + * 角色ID列表 */ - private Set permissions; + private Set roleIdList; } diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/OperationScopeDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/OperationScopeDTO.java new file mode 100644 index 0000000000..19e1111e96 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/OperationScopeDTO.java @@ -0,0 +1,81 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.dto; + +import java.io.Serializable; +import java.util.Date; +import lombok.Data; + + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Data +public class OperationScopeDTO implements Serializable { + + private static final long serialVersionUID = 1L; + + /** + * id + */ + private String id; + + /** + * 范围key + */ + private String scopeKey; + + /** + * 范围名称 + */ + private String scopeName; + + /** + * 是否删除,0:未删除,1:已删除 + */ + private Integer delFlag; + + /** + * 乐观锁 + */ + private Integer revision; + + /** + * 创建者id + */ + private String createdBy; + + /** + * 创建时间 + */ + private Date createdTime; + + /** + * 更新者id + */ + private String updatedBy; + + /** + * 更新时间 + */ + private Date updatedTime; + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleScopeDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleScopeDTO.java new file mode 100644 index 0000000000..17f8866215 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/RoleScopeDTO.java @@ -0,0 +1,86 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.dto; + +import java.io.Serializable; +import java.util.Date; +import lombok.Data; + + +/** + * 角色能操作哪些范围 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Data +public class RoleScopeDTO implements Serializable { + + private static final long serialVersionUID = 1L; + + /** + * + */ + private String id; + + /** + * 角色ID + */ + private String roleId; + + /** + * 操作key + */ + private String operationKey; + + /** + * 范围Key + */ + private String scopeKey; + + /** + * 是否删除,0:未删除,1:已删除 + */ + private Integer delFlag; + + /** + * 乐观锁 + */ + private Integer revision; + + /** + * 创建者id + */ + private String createdBy; + + /** + * 创建时间 + */ + private Date createdTime; + + /** + * 更新者id + */ + private String updatedBy; + + /** + * 更新时间 + */ + private Date updatedTime; + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/OperationScopeFormDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/OperationScopeFormDTO.java new file mode 100644 index 0000000000..af992b7d51 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/OperationScopeFormDTO.java @@ -0,0 +1,18 @@ +package com.epmet.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class OperationScopeFormDTO { + + public interface ListOperationScopeGroup {} + + @NotBlank(message = "角色ID不能为空", groups = {ListOperationScopeGroup.class}) + private String roleId; + + @NotBlank(message = "操作的key不能为空", groups = {ListOperationScopeGroup.class}) + private String operationKey; + +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java index 56907e52af..191314af0a 100644 --- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/StaffPermCacheFormDTO.java @@ -36,9 +36,19 @@ public class StaffPermCacheFormDTO { @NotBlank(message = "登录头信息client不能为空", groups = {UpdatePermissionCache.class, GetStaffCurrPermissions.class}) private String client; + /** + * 组织ID路径 + */ + private String orgIdPath; + /** * 权限列表 */ private Set permissions; + /** + * 角色列表 + */ + private Set roleIdList; + } diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java new file mode 100644 index 0000000000..0f6be83e72 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/StaffPermCacheResultDTO.java @@ -0,0 +1,26 @@ +package com.epmet.dto.result; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; +import java.util.Set; + +@Data +public class StaffPermCacheResultDTO { + + /** + * 权限列表 + */ + private Set permissions; + + /** + * 角色列表 + */ + private Set roleIdList; + + /** + * 组织ID + */ + private String orgIdPath; + +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java index aa954dc584..d60f7cb528 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java @@ -1,15 +1,20 @@ package com.epmet.controller; +import com.epmet.commons.tools.security.dto.GovTokenDto; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; +import com.epmet.dto.OperationScopeDTO; +import com.epmet.dto.form.OperationScopeFormDTO; import com.epmet.dto.form.StaffPermCacheFormDTO; +import com.epmet.dto.result.StaffPermCacheResultDTO; +import com.epmet.entity.OperationScopeEntity; import com.epmet.service.AccessService; +import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; +import java.util.ArrayList; +import java.util.List; import java.util.Set; /** @@ -37,7 +42,9 @@ public class AccessController { String app = staffPermCacheFormDTO.getApp(); String client = staffPermCacheFormDTO.getClient(); Set permissions = staffPermCacheFormDTO.getPermissions(); - accessService.updatePermissionCache(staffId, app, client, permissions); + Set roleIdList = staffPermCacheFormDTO.getRoleIdList(); + String orgId = staffPermCacheFormDTO.getOrgIdPath(); + accessService.updatePermissionCache(staffId, app, client, permissions, roleIdList, orgId); return new Result(); } @@ -46,9 +53,35 @@ public class AccessController { * @return */ @PostMapping("getcurrpermissions") - public Result> getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) { + public Result getStaffCurrPermissions(@RequestBody StaffPermCacheFormDTO dto) { ValidatorUtils.validateEntity(dto, StaffPermCacheFormDTO.GetStaffCurrPermissions.class); - Set permissions = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId()); - return new Result>().ok(permissions); + GovTokenDto govTokenDto = accessService.listStaffCurrPermissions(dto.getApp(), dto.getClient(), dto.getStaffId()); + StaffPermCacheResultDTO resultDTO = null; + if (govTokenDto != null) { + resultDTO = new StaffPermCacheResultDTO(); + resultDTO.setPermissions(govTokenDto.getPermissions()); + resultDTO.setRoleIdList(govTokenDto.getRoleIdList()); + resultDTO.setOrgIdPath(govTokenDto.getOrgIdPath()); + } + return new Result().ok(resultDTO); + } + + /** + * 查询角色的操作key对应操作范围列表(需要入缓存) + * @return + */ + // todo 需要加缓存 + @PostMapping("operationscopes") + public Result> getOperationScopesByRoleId(@RequestBody OperationScopeFormDTO operationScopeFormDTO) { + ValidatorUtils.validateEntity(operationScopeFormDTO, OperationScopeFormDTO.ListOperationScopeGroup.class); + List scopes = accessService.listOperationScopesByRoleId(operationScopeFormDTO.getRoleId(), operationScopeFormDTO.getOperationKey()); + ArrayList scopeDtos = new ArrayList<>(); + scopes.forEach(scope -> { + OperationScopeDTO scopeDTO = new OperationScopeDTO(); + BeanUtils.copyProperties(scope, scopeDTO); + scopeDtos.add(scopeDTO); + }); + + return new Result>().ok(scopeDtos); } } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java new file mode 100644 index 0000000000..a944cdd628 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationScopeDao.java @@ -0,0 +1,45 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.dao; + +import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.entity.OperationScopeEntity; +import org.apache.ibatis.annotations.Mapper; +import org.apache.ibatis.annotations.Param; +import org.springframework.context.annotation.Scope; + +import java.util.List; + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Mapper +public interface OperationScopeDao extends BaseDao { + + /** + * 查询角色的操作key对应操作范围列表 + * @param roleId 角色id + * @param operationKey 操作key + * @return + */ + List listOperationScopesByRoleId(@Param("roleId") String roleId, + @Param("operationKey") String operationKey); +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java new file mode 100644 index 0000000000..60982f5528 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java @@ -0,0 +1,33 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.dao; + +import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.entity.RoleScopeEntity; +import org.apache.ibatis.annotations.Mapper; + +/** + * 角色能操作哪些范围 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Mapper +public interface RoleScopeDao extends BaseDao { + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/OperationScopeEntity.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/OperationScopeEntity.java new file mode 100644 index 0000000000..2fd6b18361 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/OperationScopeEntity.java @@ -0,0 +1,51 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.entity; + +import com.baomidou.mybatisplus.annotation.TableName; + +import com.epmet.commons.mybatis.entity.BaseEpmetEntity; +import lombok.Data; +import lombok.EqualsAndHashCode; + +import java.util.Date; + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Data +@EqualsAndHashCode(callSuper=false) +@TableName("operation_scope") +public class OperationScopeEntity extends BaseEpmetEntity { + + private static final long serialVersionUID = 1L; + + /** + * 范围key + */ + private String scopeKey; + + /** + * 范围名称 + */ + private String scopeName; + +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleScopeEntity.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleScopeEntity.java new file mode 100644 index 0000000000..2c3c6f21dc --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/entity/RoleScopeEntity.java @@ -0,0 +1,56 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.entity; + +import com.baomidou.mybatisplus.annotation.TableName; + +import com.epmet.commons.mybatis.entity.BaseEpmetEntity; +import lombok.Data; +import lombok.EqualsAndHashCode; + +import java.util.Date; + +/** + * 角色能操作哪些范围 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Data +@EqualsAndHashCode(callSuper=false) +@TableName("role_scope") +public class RoleScopeEntity extends BaseEpmetEntity { + + private static final long serialVersionUID = 1L; + + /** + * 角色ID + */ + private String roleId; + + /** + * 操作key + */ + private String operationKey; + + /** + * 范围Key + */ + private String scopeKey; + +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java new file mode 100644 index 0000000000..3f5a7c6562 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/OperationScopeRedis.java @@ -0,0 +1,47 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.redis; + +import com.epmet.commons.tools.redis.RedisUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Component +public class OperationScopeRedis { + @Autowired + private RedisUtils redisUtils; + + public void delete(Object[] ids) { + + } + + public void set(){ + + } + + public String get(String id){ + return null; + } + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java new file mode 100644 index 0000000000..1198f8651a --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleScopeRedis.java @@ -0,0 +1,47 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.redis; + +import com.epmet.commons.tools.redis.RedisUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +/** + * 角色能操作哪些范围 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Component +public class RoleScopeRedis { + @Autowired + private RedisUtils redisUtils; + + public void delete(Object[] ids) { + + } + + public void set(){ + + } + + public String get(String id){ + return null; + } + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java index a9e5150db8..4355b2714b 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java @@ -1,5 +1,9 @@ package com.epmet.service; +import com.epmet.commons.tools.security.dto.GovTokenDto; +import com.epmet.entity.OperationScopeEntity; + +import java.util.List; import java.util.Set; public interface AccessService { @@ -8,11 +12,19 @@ public interface AccessService { * @param staffId * @param permissions */ - void updatePermissionCache(String staffId, String app, String client, Set permissions); + void updatePermissionCache(String staffId, String app, String client, Set permissions, Set roleIdList, String orgIdPath); /** * 查询用户当前权限列表 * @return */ - Set listStaffCurrPermissions(String app, String client, String staffId); + GovTokenDto listStaffCurrPermissions(String app, String client, String staffId); + + /** + * 查询角色的操作key对应操作范围列表 + * @param roleId + * @param operationKey + * @return + */ + List listOperationScopesByRoleId(String roleId, String operationKey); } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/OperationScopeService.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/OperationScopeService.java new file mode 100644 index 0000000000..cb24b913c0 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/OperationScopeService.java @@ -0,0 +1,95 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.service; + +import com.epmet.commons.mybatis.service.BaseService; +import com.epmet.commons.tools.page.PageData; +import com.epmet.dto.OperationScopeDTO; +import com.epmet.entity.OperationScopeEntity; + +import java.util.List; +import java.util.Map; + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +public interface OperationScopeService extends BaseService { + + /** + * 默认分页 + * + * @param params + * @return PageData + * @author generator + * @date 2020-04-24 + */ + PageData page(Map params); + + /** + * 默认查询 + * + * @param params + * @return java.util.List + * @author generator + * @date 2020-04-24 + */ + List list(Map params); + + /** + * 单条查询 + * + * @param id + * @return OperationScopeDTO + * @author generator + * @date 2020-04-24 + */ + OperationScopeDTO get(String id); + + /** + * 默认保存 + * + * @param dto + * @return void + * @author generator + * @date 2020-04-24 + */ + void save(OperationScopeDTO dto); + + /** + * 默认更新 + * + * @param dto + * @return void + * @author generator + * @date 2020-04-24 + */ + void update(OperationScopeDTO dto); + + /** + * 批量删除 + * + * @param ids + * @return void + * @author generator + * @date 2020-04-24 + */ + void delete(String[] ids); +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/RoleScopeService.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/RoleScopeService.java new file mode 100644 index 0000000000..34cdd6e07f --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/RoleScopeService.java @@ -0,0 +1,95 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.service; + +import com.epmet.commons.mybatis.service.BaseService; +import com.epmet.commons.tools.page.PageData; +import com.epmet.dto.RoleScopeDTO; +import com.epmet.entity.RoleScopeEntity; + +import java.util.List; +import java.util.Map; + +/** + * 角色能操作哪些范围 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +public interface RoleScopeService extends BaseService { + + /** + * 默认分页 + * + * @param params + * @return PageData + * @author generator + * @date 2020-04-24 + */ + PageData page(Map params); + + /** + * 默认查询 + * + * @param params + * @return java.util.List + * @author generator + * @date 2020-04-24 + */ + List list(Map params); + + /** + * 单条查询 + * + * @param id + * @return RoleScopeDTO + * @author generator + * @date 2020-04-24 + */ + RoleScopeDTO get(String id); + + /** + * 默认保存 + * + * @param dto + * @return void + * @author generator + * @date 2020-04-24 + */ + void save(RoleScopeDTO dto); + + /** + * 默认更新 + * + * @param dto + * @return void + * @author generator + * @date 2020-04-24 + */ + void update(RoleScopeDTO dto); + + /** + * 批量删除 + * + * @param ids + * @return void + * @author generator + * @date 2020-04-24 + */ + void delete(String[] ids); +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java index cd846aa3b8..95b01a1f0c 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java @@ -2,6 +2,8 @@ package com.epmet.service.impl; import com.epmet.commons.tools.security.dto.GovTokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; +import com.epmet.dao.OperationScopeDao; +import com.epmet.entity.OperationScopeEntity; import com.epmet.service.AccessService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -10,6 +12,7 @@ import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; import java.util.HashSet; +import java.util.List; import java.util.Set; @Service @@ -20,19 +23,25 @@ public class AccessServiceImpl implements AccessService { @Autowired private CpUserDetailRedis cpUserDetailRedis; + @Autowired + private OperationScopeDao operationScopeDao; + /** * 更新权限缓存 * @param staffId * @param permissions */ @Override - public void updatePermissionCache(String staffId, String app, String client, Set permissions) { + public void updatePermissionCache(String staffId, String app, String client, Set permissions, Set roleIdList, String orgIdPath) { GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class); if (govTokenDto == null) { logger.warn("更新[{}]用户缓存:Redis中不存在该用户TokenDto缓存信息", staffId); return ; } + // 将权限,角色列表,和当前组织ID存入TokenDto govTokenDto.setPermissions(permissions); + govTokenDto.setRoleIdList(roleIdList); + govTokenDto.setOrgIdPath(orgIdPath); // 将新的TokenDto更新到redis中 long expire = cpUserDetailRedis.getExpire(app, client, staffId); @@ -41,11 +50,17 @@ public class AccessServiceImpl implements AccessService { } @Override - public Set listStaffCurrPermissions(String app, String client, String staffId) { - GovTokenDto govTokenDto = cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class); - if (govTokenDto == null || CollectionUtils.isEmpty(govTokenDto.getPermissions())) { - return new HashSet<>(); - } - return new HashSet<>(govTokenDto.getPermissions()); + public GovTokenDto listStaffCurrPermissions(String app, String client, String staffId) { + return cpUserDetailRedis.get(app, client, staffId, GovTokenDto.class); + } + + /** + * 查询角色的操作key对应操作范围列表 + * @param roleId + * @param operationKey + * @return + */ + public List listOperationScopesByRoleId(String roleId, String operationKey) { + return operationScopeDao.listOperationScopesByRoleId(roleId, operationKey); } } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java new file mode 100644 index 0000000000..fe8f8b4079 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/OperationScopeServiceImpl.java @@ -0,0 +1,104 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.service.impl; + +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.epmet.commons.mybatis.service.impl.BaseServiceImpl; +import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.utils.ConvertUtils; +import com.epmet.commons.tools.constant.FieldConstant; +import com.epmet.dao.OperationScopeDao; +import com.epmet.dto.OperationScopeDTO; +import com.epmet.entity.OperationScopeEntity; +import com.epmet.redis.OperationScopeRedis; +import com.epmet.service.OperationScopeService; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +/** + * 权限范围表 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Service +public class OperationScopeServiceImpl extends BaseServiceImpl implements OperationScopeService { + + @Autowired + private OperationScopeRedis operationScopeRedis; + + @Override + public PageData page(Map params) { + IPage page = baseDao.selectPage( + getPage(params, FieldConstant.CREATED_TIME, false), + getWrapper(params) + ); + return getPageData(page, OperationScopeDTO.class); + } + + @Override + public List list(Map params) { + List entityList = baseDao.selectList(getWrapper(params)); + + return ConvertUtils.sourceToTarget(entityList, OperationScopeDTO.class); + } + + private QueryWrapper getWrapper(Map params){ + String id = (String)params.get(FieldConstant.ID_HUMP); + + QueryWrapper wrapper = new QueryWrapper<>(); + wrapper.eq(StringUtils.isNotBlank(id), FieldConstant.ID, id); + + return wrapper; + } + + @Override + public OperationScopeDTO get(String id) { + OperationScopeEntity entity = baseDao.selectById(id); + return ConvertUtils.sourceToTarget(entity, OperationScopeDTO.class); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void save(OperationScopeDTO dto) { + OperationScopeEntity entity = ConvertUtils.sourceToTarget(dto, OperationScopeEntity.class); + insert(entity); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void update(OperationScopeDTO dto) { + OperationScopeEntity entity = ConvertUtils.sourceToTarget(dto, OperationScopeEntity.class); + updateById(entity); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void delete(String[] ids) { + // 逻辑删除(@TableLogic 注解) + baseDao.deleteBatchIds(Arrays.asList(ids)); + } + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java new file mode 100644 index 0000000000..4417549965 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/RoleScopeServiceImpl.java @@ -0,0 +1,104 @@ +/** + * Copyright 2018 人人开源 https://www.renren.io + *

+ * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package com.epmet.service.impl; + +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.epmet.commons.mybatis.service.impl.BaseServiceImpl; +import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.utils.ConvertUtils; +import com.epmet.commons.tools.constant.FieldConstant; +import com.epmet.dao.RoleScopeDao; +import com.epmet.dto.RoleScopeDTO; +import com.epmet.entity.RoleScopeEntity; +import com.epmet.redis.RoleScopeRedis; +import com.epmet.service.RoleScopeService; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Arrays; +import java.util.List; +import java.util.Map; + +/** + * 角色能操作哪些范围 + * + * @author generator generator@elink-cn.com + * @since v1.0.0 2020-04-24 + */ +@Service +public class RoleScopeServiceImpl extends BaseServiceImpl implements RoleScopeService { + + @Autowired + private RoleScopeRedis roleScopeRedis; + + @Override + public PageData page(Map params) { + IPage page = baseDao.selectPage( + getPage(params, FieldConstant.CREATED_TIME, false), + getWrapper(params) + ); + return getPageData(page, RoleScopeDTO.class); + } + + @Override + public List list(Map params) { + List entityList = baseDao.selectList(getWrapper(params)); + + return ConvertUtils.sourceToTarget(entityList, RoleScopeDTO.class); + } + + private QueryWrapper getWrapper(Map params){ + String id = (String)params.get(FieldConstant.ID_HUMP); + + QueryWrapper wrapper = new QueryWrapper<>(); + wrapper.eq(StringUtils.isNotBlank(id), FieldConstant.ID, id); + + return wrapper; + } + + @Override + public RoleScopeDTO get(String id) { + RoleScopeEntity entity = baseDao.selectById(id); + return ConvertUtils.sourceToTarget(entity, RoleScopeDTO.class); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void save(RoleScopeDTO dto) { + RoleScopeEntity entity = ConvertUtils.sourceToTarget(dto, RoleScopeEntity.class); + insert(entity); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void update(RoleScopeDTO dto) { + RoleScopeEntity entity = ConvertUtils.sourceToTarget(dto, RoleScopeEntity.class); + updateById(entity); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void delete(String[] ids) { + // 逻辑删除(@TableLogic 注解) + baseDao.deleteBatchIds(Arrays.asList(ids)); + } + +} \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql b/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql index bcc1d74a5d..6bcbc33e76 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/db.migration/epmet_gov_access.sql @@ -61,7 +61,8 @@ CREATE TABLE `role_operation` ( CREATE TABLE `role_scope` ( `ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL, `ROLE_ID` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '角色ID', - `SCOPE_KEY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围Key', + `OPERATION_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '操作Key', + `SCOPE_KEY` varchar(30) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL COMMENT '范围Key', `DEL_FLAG` tinyint(1) NULL DEFAULT NULL COMMENT '是否删除,0:未删除,1:已删除', `REVISION` int(10) NULL DEFAULT NULL COMMENT '乐观锁', `CREATED_BY` varchar(64) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL COMMENT '创建者id', diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml new file mode 100644 index 0000000000..dd4554f5d8 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationScopeDao.xml @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml new file mode 100644 index 0000000000..fdca928212 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java index 173e19243a..61944d3939 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/AccessController.java @@ -30,7 +30,7 @@ public class AccessController { private AccessService accessService; /** - * 查询用户可操作功能列表(包含缓存) + * 查询用户可操作功能列表(同时更新缓存) * @param tokenDto * @param staffOperationDTO * @return diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovOrgFeignClient.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovOrgFeignClient.java index 737988fd0b..8c03d28764 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovOrgFeignClient.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/GovOrgFeignClient.java @@ -2,6 +2,7 @@ package com.epmet.feign; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.CustomerAgencyDTO; import com.epmet.dto.form.LatestGridFormDTO; import com.epmet.dto.result.CustomerGridByUserIdResultDTO; import com.epmet.dto.result.LatestCustomerResultDTO; @@ -49,4 +50,11 @@ public interface GovOrgFeignClient { @PostMapping(value = "/gov/org/customerstaffgrid/getstaffgrid") Result getStaffGrid(@RequestBody LatestGridFormDTO latestGridFormDTO); + /** + * 根据Id查询agency + * @param agencyId + * @return + */ + @PostMapping("/gov/org/agency/{agencyId}") + Result getAgencyById(@PathVariable("agencyId") String agencyId); } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovOrgFeignClientFallBack.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovOrgFeignClientFallBack.java index 818a325666..128f81bd50 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovOrgFeignClientFallBack.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/feign/fallback/GovOrgFeignClientFallBack.java @@ -3,6 +3,7 @@ package com.epmet.feign.fallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.CustomerAgencyDTO; import com.epmet.dto.form.LatestGridFormDTO; import com.epmet.dto.result.CustomerGridByUserIdResultDTO; import com.epmet.dto.result.LatestCustomerResultDTO; @@ -28,6 +29,11 @@ public class GovOrgFeignClientFallBack implements GovOrgFeignClient { return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getStaffGrid",latestGridFormDTO); } + @Override + public Result getAgencyById(String agencyId) { + return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getAgencyById", agencyId); + } + @Override public Result getLatestCustomer(String userId) { return ModuleUtils.feignConError(ServiceConstant.GOV_ORG_SERVER, "getLatestCustomer", userId); diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java index 1da258978a..d76e2e2f34 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java @@ -1,14 +1,20 @@ package com.epmet.service.impl; +import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.utils.CpUserDetailRedis; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.CustomerAgencyDTO; import com.epmet.dto.GovStaffRoleDTO; import com.epmet.dto.form.StaffPermCacheFormDTO; import com.epmet.dto.form.StaffRoleFormDTO; import com.epmet.dto.result.RoleOperationResultDTO; import com.epmet.feign.EpmetUserFeignClient; import com.epmet.feign.GovAccessFeignClient; +import com.epmet.feign.GovOrgFeignClient; import com.epmet.service.AccessService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; @@ -21,12 +27,17 @@ import java.util.Set; @Service public class AccessServiceImpl implements AccessService { + private static Logger logger = LoggerFactory.getLogger(AccessServiceImpl.class); + @Autowired private EpmetUserFeignClient userFeignClient; @Autowired private GovAccessFeignClient govAccessFeignClient; + @Autowired + private GovOrgFeignClient govOrgFeignClient; + @Autowired private CpUserDetailRedis cpUserDetailRedis; @@ -49,24 +60,46 @@ public class AccessServiceImpl implements AccessService { roleDTOS.addAll(gridResult.getData()); } - // 拼装 + // 拼装操作key列表 Set opeKeys = new HashSet<>(); + // 角色ID列表 + Set roleIds = new HashSet<>(); roleDTOS.forEach(roleDto -> { String roleId = roleDto.getId(); - List roleOperations = govAccessFeignClient.listOperationsByRoleId(roleId).getData(); - roleOperations.forEach(roleOpe -> { - if (roleOpe != null) { - opeKeys.add(roleOpe.getOperationKey()); - } - }); + Result> result = govAccessFeignClient.listOperationsByRoleId(roleId); + if (result.getCode() != 0) { + // 获取operation异常 + logger.error("调用GovAccess,根据RoleId查询Operation列表失败:{}", result.getMsg()); + throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); + } + List roleOperations = result.getData(); + // 角色id + roleIds.add(roleDto.getId()); + if (!CollectionUtils.isEmpty(roleOperations)) { + roleOperations.forEach(roleOpe -> { + if (roleOpe != null) { + opeKeys.add(roleOpe.getOperationKey()); + } + }); + } }); + // 查询该直属机关的orgIdPath + Result agencyById = govOrgFeignClient.getAgencyById(agencyId); + if (agencyById.getCode() != 0 || agencyById.getData() == null) { + logger.error("根据当前机构id[{}]查询pids失败:{}", agencyId, agencyById.getMsg()); + throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); + } + // 将最新权限缓存到redis,为了尽量统一操作入口,调用gov-access接口实现 StaffPermCacheFormDTO staffPermCacheFormDTO = new StaffPermCacheFormDTO(); staffPermCacheFormDTO.setApp(app); staffPermCacheFormDTO.setClient(client); staffPermCacheFormDTO.setStaffId(staffId); staffPermCacheFormDTO.setPermissions(opeKeys); + staffPermCacheFormDTO.setRoleIdList(roleIds); + // 拼接orgIdPath + staffPermCacheFormDTO.setOrgIdPath(String.format("%s:%s", agencyById.getData().getPids(), agencyId)); govAccessFeignClient.updatePermissionCache(staffPermCacheFormDTO); return opeKeys; } diff --git a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java index b8b8300489..728e6e03a8 100644 --- a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java +++ b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java @@ -18,17 +18,17 @@ package com.epmet.controller; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.CustomerAgencyDTO; import com.epmet.dto.form.*; import com.epmet.dto.result.AddAgencyResultDTO; import com.epmet.dto.result.AgencyListResultDTO; import com.epmet.dto.result.AgencysResultDTO; import com.epmet.dto.result.SubAgencyResultDTO; +import com.epmet.entity.CustomerAgencyEntity; import com.epmet.service.AgencyService; +import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import java.util.List; @@ -110,4 +110,21 @@ public class AgencyController { public Result> agencyList(@RequestBody AgencyListFormDTO formDTO) { return agencyService.agencyList(formDTO); } + + /** + * 根据Id查询agency + * @param agencyId + * @return + */ + @PostMapping("{agencyId}") + public Result getAgencyById(@PathVariable("agencyId") String agencyId) { + CustomerAgencyEntity agency = agencyService.getAgencyById(agencyId); + CustomerAgencyDTO customerAgencyDTO = new CustomerAgencyDTO(); + if (agency != null) { + BeanUtils.copyProperties(agency, customerAgencyDTO); + return new Result().ok(customerAgencyDTO); + } + return new Result(); + } + } \ No newline at end of file diff --git a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/AgencyService.java b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/AgencyService.java index f2edc0c462..d09e56ba05 100644 --- a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/AgencyService.java +++ b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/AgencyService.java @@ -23,6 +23,7 @@ import com.epmet.dto.result.AddAgencyResultDTO; import com.epmet.dto.result.AgencyListResultDTO; import com.epmet.dto.result.AgencysResultDTO; import com.epmet.dto.result.SubAgencyResultDTO; +import com.epmet.entity.CustomerAgencyEntity; import java.util.List; @@ -80,4 +81,11 @@ public interface AgencyService { * @Description 获取组织列表 */ Result> agencyList(AgencyListFormDTO formDTO); + + /** + * 根据Id查询 + * @param agencyId + * @return + */ + CustomerAgencyEntity getAgencyById(String agencyId); } \ No newline at end of file diff --git a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/impl/AgencyServiceImpl.java b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/impl/AgencyServiceImpl.java index a71c53e80a..7177d64d7e 100644 --- a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/impl/AgencyServiceImpl.java +++ b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/service/impl/AgencyServiceImpl.java @@ -184,4 +184,9 @@ public class AgencyServiceImpl implements AgencyService { List agencyList = customerAgencyDao.selectAgencyList(formDTO.getAgencyId()); return new Result>().ok(agencyList); } + + @Override + public CustomerAgencyEntity getAgencyById(String agencyId) { + return customerAgencyDao.selectById(agencyId); + } } \ No newline at end of file diff --git a/epmet-module/gov-org/gov-org-server/src/main/resources/mapper/CustomerStaffDepartmentDao.xml b/epmet-module/gov-org/gov-org-server/src/main/resources/mapper/CustomerStaffDepartmentDao.xml index d0d80492b6..eaedaef1a6 100644 --- a/epmet-module/gov-org/gov-org-server/src/main/resources/mapper/CustomerStaffDepartmentDao.xml +++ b/epmet-module/gov-org/gov-org-server/src/main/resources/mapper/CustomerStaffDepartmentDao.xml @@ -22,7 +22,7 @@ customer_staff_department WHERE del_flag = '0' - AND department_id = #{} + AND department_id = #{departmentId} diff --git a/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/GovStaffRoleDTO.java b/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/GovStaffRoleDTO.java index 78905406ba..9bc2f4c4de 100644 --- a/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/GovStaffRoleDTO.java +++ b/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/GovStaffRoleDTO.java @@ -23,7 +23,7 @@ import lombok.Data; /** - * 政府端角色表 + * 政府端角色字典表 * * @author generator generator@elink-cn.com * @since v1.0.0 2020-04-22 diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java index 795b0a34d9..c3fc1b9f24 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java @@ -1,5 +1,7 @@ package com.epmet.controller; +import com.epmet.commons.mybatis.entity.DataScope; +import com.epmet.commons.tools.annotation.RequirePermission; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.dto.GovStaffRoleDTO; @@ -65,7 +67,7 @@ public class StaffRoleController { ValidatorUtils.validateEntity(staffRoleFormDTO, StaffRoleFormDTO.GetStaffsInRole.class); String roleKey = staffRoleFormDTO.getRoleKey(); String orgId = staffRoleFormDTO.getOrgId(); - List staffRoleDTOS = staffRoleService.listStaffsInRole(roleKey, orgId); + List staffRoleDTOS = staffRoleService.listStaffsInRole(roleKey, orgId , DataScope.getDefault()); return new Result>().ok(staffRoleDTOS); } diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/StaffRoleService.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/StaffRoleService.java index 88742d7400..9c6af5321e 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/StaffRoleService.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/StaffRoleService.java @@ -17,6 +17,7 @@ package com.epmet.service; +import com.epmet.commons.mybatis.entity.DataScope; import com.epmet.commons.mybatis.service.BaseService; import com.epmet.commons.tools.page.PageData; import com.epmet.dto.StaffRoleDTO; @@ -100,7 +101,7 @@ public interface StaffRoleService extends BaseService { * @param orgId * @return */ - List listStaffsInRole(String roleKey, String orgId); + List listStaffsInRole(String roleKey, String orgId, DataScope dataScope); /** * 清空工作人员权限 diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java index 0a9d7ce90d..180521ebe3 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java @@ -19,6 +19,8 @@ package com.epmet.service.impl; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; +import com.epmet.commons.mybatis.annotation.DataFilter; +import com.epmet.commons.mybatis.entity.DataScope; import com.epmet.commons.mybatis.service.impl.BaseServiceImpl; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.utils.ConvertUtils; @@ -110,7 +112,7 @@ public class StaffRoleServiceImpl extends BaseServiceImpl listStaffsInRole(String roleKey, String orgId) { + public List listStaffsInRole(String roleKey, String orgId, DataScope dataScope) { return baseDao.listStaffIdsByRoleKeyAndOrgId(roleKey, orgId); }