|
|
|
@ -1,24 +1,15 @@ |
|
|
|
package com.epmet.service.impl; |
|
|
|
|
|
|
|
import com.epmet.commons.tools.constant.OpeScopeConstant; |
|
|
|
import com.epmet.commons.tools.exception.EpmetErrorCode; |
|
|
|
import com.epmet.commons.tools.exception.RenException; |
|
|
|
import com.epmet.commons.tools.utils.Result; |
|
|
|
import com.epmet.dto.CustomerAgencyDTO; |
|
|
|
import com.epmet.dto.GovStaffRoleDTO; |
|
|
|
import com.epmet.dto.OperationScopeDTO; |
|
|
|
import com.epmet.dto.form.StaffRoleFormDTO; |
|
|
|
import com.epmet.dto.result.RoleOpeScopeResultDTO; |
|
|
|
import com.epmet.feign.EpmetUserFeignClient; |
|
|
|
import com.epmet.dto.form.ListOpePermsFormDTO; |
|
|
|
import com.epmet.feign.GovAccessFeignClient; |
|
|
|
import com.epmet.feign.GovOrgFeignClient; |
|
|
|
import com.epmet.service.AccessService; |
|
|
|
import org.apache.commons.lang3.StringUtils; |
|
|
|
import org.slf4j.Logger; |
|
|
|
import org.slf4j.LoggerFactory; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.stereotype.Service; |
|
|
|
import org.springframework.util.CollectionUtils; |
|
|
|
|
|
|
|
import java.util.*; |
|
|
|
|
|
|
|
@ -27,253 +18,21 @@ public class AccessServiceImpl implements AccessService { |
|
|
|
|
|
|
|
private static Logger logger = LoggerFactory.getLogger(AccessServiceImpl.class); |
|
|
|
|
|
|
|
@Autowired |
|
|
|
private EpmetUserFeignClient userFeignClient; |
|
|
|
|
|
|
|
@Autowired |
|
|
|
private GovAccessFeignClient govAccessFeignClient; |
|
|
|
|
|
|
|
@Autowired |
|
|
|
private GovOrgFeignClient govOrgFeignClient; |
|
|
|
|
|
|
|
public static final String ORG_RELATION_SAME = "same"; |
|
|
|
public static final String ORG_RELATION_SUB = "sub"; |
|
|
|
public static final String ORG_RELATION_SUP = "sup"; |
|
|
|
|
|
|
|
public List<GovStaffRoleDTO> queryGovStaffRoles(String staffId, String orgId) { |
|
|
|
List<GovStaffRoleDTO> roleDTOS = new ArrayList<>(); |
|
|
|
StaffRoleFormDTO formDTO = new StaffRoleFormDTO(); |
|
|
|
formDTO.setStaffId(staffId); |
|
|
|
formDTO.setOrgId(orgId); |
|
|
|
Result<List<GovStaffRoleDTO>> gridResult = userFeignClient.getRolesOfStaff(formDTO); |
|
|
|
if (!CollectionUtils.isEmpty(gridResult.getData())) { |
|
|
|
roleDTOS.addAll(gridResult.getData()); |
|
|
|
} |
|
|
|
return roleDTOS; |
|
|
|
} |
|
|
|
|
|
|
|
@Override |
|
|
|
public Set<String> listOpeKeysByStaffId(String app, String client, String staffId, String currAgencyId, String currGridId) { |
|
|
|
|
|
|
|
// 1.拿到所属组织机构信息
|
|
|
|
Result<CustomerAgencyDTO> agencyByStaffRst = govOrgFeignClient.getAgencyByStaff(staffId); |
|
|
|
if (!agencyByStaffRst.success()) { |
|
|
|
logger.error("根据StaffId查询所属单位出错,StaffId:{}, 错误信息:{}", staffId, agencyByStaffRst.getMsg()); |
|
|
|
throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); |
|
|
|
} |
|
|
|
CustomerAgencyDTO belongAgency = agencyByStaffRst.getData(); |
|
|
|
if (belongAgency == null) { |
|
|
|
logger.error("根据StaffId查询所属单位结果为空,StaffId:{}", staffId); |
|
|
|
throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); |
|
|
|
} |
|
|
|
|
|
|
|
// 2.拿到当前所处机关单位信息
|
|
|
|
Result<CustomerAgencyDTO> currAgencyRst = govOrgFeignClient.getAgencyById(currAgencyId); |
|
|
|
CustomerAgencyDTO currAgencyDto = currAgencyRst.getData(); |
|
|
|
if (!currAgencyRst.success() || currAgencyDto == null) { |
|
|
|
logger.error("根据当前机构id[{}]查询pids失败:{}", currAgencyId, currAgencyRst.getMsg()); |
|
|
|
ListOpePermsFormDTO listOpePermsFormDTO = new ListOpePermsFormDTO(); |
|
|
|
listOpePermsFormDTO.setStaffId(staffId); |
|
|
|
listOpePermsFormDTO.setCurrAgencyId(currAgencyId); |
|
|
|
Result<Set<String>> result = govAccessFeignClient.listOperationPermissions(listOpePermsFormDTO); |
|
|
|
if (!result.success()) { |
|
|
|
logger.error("调用GovAccess服务查询功能权限列表失败,StaffId:{},错误信息:{}", staffId, result.getMsg()); |
|
|
|
throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); |
|
|
|
} |
|
|
|
|
|
|
|
// 拿到该用户所属的组织机构的orgIdPath,拿到当前组织机构的orgIdPath,看当前组织机构的orgIdPath是否在用户所属的组织机构的orgIdPath下
|
|
|
|
|
|
|
|
// 查询机关单位中的角色
|
|
|
|
List<GovStaffRoleDTO> roleDTOS = queryGovStaffRoles(staffId, belongAgency.getId()); |
|
|
|
|
|
|
|
// 拼装操作key列表
|
|
|
|
//Set<String> opeKeys = new HashSet<>();
|
|
|
|
// 角色ID列表
|
|
|
|
//Set<String> roleIds = new HashSet<>();
|
|
|
|
|
|
|
|
// 当前组织和所属组织的orgId路径,以及他们的上下级关系
|
|
|
|
String belongOrgIdPath = getOrgIdPath(belongAgency); |
|
|
|
String currOrgIdPath = getOrgIdPath(currAgencyDto); |
|
|
|
String currOrgRelation = getCurrOrgRelation(belongOrgIdPath, currOrgIdPath); |
|
|
|
|
|
|
|
HashSet<String> filtedOps = new HashSet<>(); |
|
|
|
roleDTOS.forEach(roleDto -> { |
|
|
|
String roleId = roleDto.getId(); |
|
|
|
// 找出该角色的所有功能操作列表
|
|
|
|
Result<List<RoleOpeScopeResultDTO>> result = govAccessFeignClient.listRoleAllOperationScopesByRoleId(roleId); |
|
|
|
if (!result.success()) { |
|
|
|
// 获取operation异常
|
|
|
|
logger.error("调用GovAccess,根据RoleId查询Operation列表失败:{}", result.getMsg()); |
|
|
|
throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); |
|
|
|
} |
|
|
|
List<RoleOpeScopeResultDTO> roleOperations = result.getData(); |
|
|
|
filtedOps.addAll(filterOpesByScope(currOrgRelation, roleOperations)); |
|
|
|
}); |
|
|
|
return filtedOps; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* 根据上下级关系过滤出要返回的权限列表 |
|
|
|
* |
|
|
|
* @param currOrgRelation |
|
|
|
* @param roleOperations |
|
|
|
* @return |
|
|
|
*/ |
|
|
|
private HashSet<String> filterOpesByScope(String currOrgRelation, List<RoleOpeScopeResultDTO> roleOperations) { |
|
|
|
HashSet<String> opeKeys = new HashSet<>(); |
|
|
|
for (RoleOpeScopeResultDTO opeScope : roleOperations) { |
|
|
|
String scopeKey = opeScope.getScopeKey(); |
|
|
|
if (OpeScopeConstant.ORG_ALL.equals(scopeKey)) { |
|
|
|
// 如果该操作的范围是org_all,那就具有所有范围的该操作权限,不需要根据上下级关系判断
|
|
|
|
opeKeys.add(opeScope.getOperationKey()); |
|
|
|
continue; |
|
|
|
} |
|
|
|
switch (currOrgRelation) { |
|
|
|
case ORG_RELATION_SAME:// 就在所在机构下
|
|
|
|
if (OpeScopeConstant.ORG_CURR.equals(scopeKey) |
|
|
|
|| OpeScopeConstant.ORG_CURR_AND_SUB.equals(scopeKey) |
|
|
|
|| OpeScopeConstant.ORG_CURR_AND_SUP.equals(scopeKey)) { |
|
|
|
opeKeys.add(opeScope.getOperationKey()); |
|
|
|
} |
|
|
|
break; |
|
|
|
case ORG_RELATION_SUB:// 所在机构的子级
|
|
|
|
if (OpeScopeConstant.ORG_CURR_SUB.equals(scopeKey) |
|
|
|
|| OpeScopeConstant.ORG_CURR_AND_SUB.equals(scopeKey)) { |
|
|
|
opeKeys.add(opeScope.getOperationKey()); |
|
|
|
} |
|
|
|
break; |
|
|
|
case ORG_RELATION_SUP:// 所在机构的上级
|
|
|
|
if (OpeScopeConstant.ORG_CURR_SUP.equals(scopeKey) |
|
|
|
|| OpeScopeConstant.ORG_CURR_AND_SUP.equals(scopeKey)) { |
|
|
|
opeKeys.add(opeScope.getOperationKey()); |
|
|
|
} |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
return opeKeys; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* 获取当前所处机关与所属机关的关系 |
|
|
|
*/ |
|
|
|
private String getCurrOrgRelation(String belongOrgPath, String currAgencyPath) { |
|
|
|
if (belongOrgPath.equals(currAgencyPath)) { |
|
|
|
// 当前机关即该人员所属机关
|
|
|
|
return ORG_RELATION_SAME; |
|
|
|
} else if (currAgencyPath.indexOf(belongOrgPath.concat(":")) > -1) { |
|
|
|
// 说明当前所在机关是人员所属机关子级,只取出scope为sub的
|
|
|
|
return ORG_RELATION_SUB; |
|
|
|
} else if (belongOrgPath.indexOf(currAgencyPath.concat(":")) > -1) { |
|
|
|
// 说明当前所在机关是人员所属机关的上级
|
|
|
|
return ORG_RELATION_SUP; |
|
|
|
} |
|
|
|
return belongOrgPath; |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
|
* 获取组织的orgId路径 |
|
|
|
*/ |
|
|
|
public String getOrgIdPath(CustomerAgencyDTO agency) { |
|
|
|
// 拼接单位ID全路径
|
|
|
|
if ("0".equals(agency.getPid())) { |
|
|
|
// 顶级组织
|
|
|
|
return agency.getId(); |
|
|
|
} else { |
|
|
|
return agency.getPids().concat(":").concat(agency.getId()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
//private boolean filterCurrOrgKeysByScope(Set<String> roleIds, String opeKey) {
|
|
|
|
// for (String roleId : roleIds) {
|
|
|
|
// Result<Set<RoleOpeScopeResultDTO>> result = govAccessFeignClient.listRoleAllOperationScopesByRoleId(roleId);
|
|
|
|
// if (!result.success()) {
|
|
|
|
// continue;
|
|
|
|
// }
|
|
|
|
// Set<RoleOpeScopeResultDTO> scopeDTOS = result.getData();
|
|
|
|
// Set<String> scopeKeys = scopeDTOS.stream()
|
|
|
|
// .filter(scope -> scope.getScopeKey().equals(opeKey))
|
|
|
|
// .map(scope -> scope.getScopeKey())
|
|
|
|
// .collect(Collectors.toSet());
|
|
|
|
// if (scopeKeys.contains(OpeScopeConstant.ORG_CURR)
|
|
|
|
// || scopeKeys.contains(OpeScopeConstant.ORG_CURR_AND_SUB)
|
|
|
|
// || scopeKeys.contains(OpeScopeConstant.ORG_CURR_AND_SUP)) {
|
|
|
|
// return true;
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// return false;
|
|
|
|
//}
|
|
|
|
|
|
|
|
//private boolean filterSubOrgKeysByScope(Set<String> roleIds, String opeKey) {
|
|
|
|
// for (String roleId : roleIds) {
|
|
|
|
// OperationScopeFormDTO opeScopeFormDTO = new OperationScopeFormDTO();
|
|
|
|
// opeScopeFormDTO.setRoleId(roleId);
|
|
|
|
// opeScopeFormDTO.setOperationKey(opeKey);
|
|
|
|
// Result<Set<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(opeScopeFormDTO);
|
|
|
|
// if (!result.success()) {
|
|
|
|
// continue;
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// Set<OperationScopeDTO> scopeDTOS = result.getData();
|
|
|
|
// Set<String> scopeKeys = scopeDTOS.stream().map(scope -> scope.getScopeKey()).collect(Collectors.toSet());
|
|
|
|
// if (scopeKeys.contains(OpeScopeConstant.ORG_CURR_SUB)
|
|
|
|
// || scopeKeys.contains(OpeScopeConstant.ORG_CURR_AND_SUB)) {
|
|
|
|
// return true;
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// return false;
|
|
|
|
//}
|
|
|
|
|
|
|
|
//private boolean filterSupOrgKeysByScope(Set<String> roleIds, String opeKey) {
|
|
|
|
// for (String roleId : roleIds) {
|
|
|
|
// OperationScopeFormDTO opeScopeFormDTO = new OperationScopeFormDTO();
|
|
|
|
// opeScopeFormDTO.setRoleId(roleId);
|
|
|
|
// opeScopeFormDTO.setOperationKey(opeKey);
|
|
|
|
// Result<Set<OperationScopeDTO>> result = govAccessFeignClient.getOperationScopesByRoleId(opeScopeFormDTO);
|
|
|
|
// if (!result.success()) {
|
|
|
|
// continue;
|
|
|
|
// }
|
|
|
|
//
|
|
|
|
// Set<OperationScopeDTO> scopeDTOS = result.getData();
|
|
|
|
// Set<String> scopeKeys = scopeDTOS.stream().map(scope -> scope.getScopeKey()).collect(Collectors.toSet());
|
|
|
|
// if (scopeKeys.contains(OpeScopeConstant.ORG_CURR_SUP)
|
|
|
|
// || scopeKeys.contains(OpeScopeConstant.ORG_CURR_AND_SUP)) {
|
|
|
|
// return true;
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// return false;
|
|
|
|
//}
|
|
|
|
|
|
|
|
/** |
|
|
|
* 过滤有效范围 |
|
|
|
* |
|
|
|
* @param scopeDTOS |
|
|
|
* @return |
|
|
|
*/ |
|
|
|
private HashSet<String> filteScopes(Set<OperationScopeDTO> scopeDTOS) { |
|
|
|
HashMap<String, OperationScopeDTO> filtedScopes = new HashMap<>(); |
|
|
|
|
|
|
|
for (OperationScopeDTO scope : scopeDTOS) { |
|
|
|
String scopeIndex = scope.getScopeIndex(); |
|
|
|
if (StringUtils.isBlank(scopeIndex)) { |
|
|
|
continue; |
|
|
|
} |
|
|
|
String[] currArr = scopeIndex.split("_"); |
|
|
|
if ("0".equals(currArr[1])) { |
|
|
|
// 为0,说明没有包含关系,直接放入
|
|
|
|
filtedScopes.put(scopeIndex, scope); |
|
|
|
continue; |
|
|
|
} |
|
|
|
|
|
|
|
OperationScopeDTO tempScope = filtedScopes.get(currArr[0]); |
|
|
|
if (tempScope != null) { |
|
|
|
// 已经有ac开头的了
|
|
|
|
String tempScopeIndex = tempScope.getScopeIndex(); |
|
|
|
if (Integer.valueOf(currArr[1]) < Integer.valueOf(tempScopeIndex.split("_")[1])) { |
|
|
|
filtedScopes.put(currArr[0], scope); |
|
|
|
} |
|
|
|
} else { |
|
|
|
filtedScopes.put(currArr[0], scope); |
|
|
|
} |
|
|
|
} |
|
|
|
HashSet<String> scopeStrs = new HashSet<>(); |
|
|
|
Set<Map.Entry<String, OperationScopeDTO>> entries = filtedScopes.entrySet(); |
|
|
|
for (Map.Entry<String, OperationScopeDTO> entry : entries) { |
|
|
|
scopeStrs.add(entry.getValue().getScopeKey()); |
|
|
|
} |
|
|
|
return scopeStrs; |
|
|
|
return result.getData(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
wxz
6 years ago