From e9171055661b1d5c2284115556cc32f5a930b823 Mon Sep 17 00:00:00 2001 From: wxz Date: Wed, 6 May 2020 23:41:08 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9D=83=E9=99=90=E5=9F=BA=E6=9C=AC=E5=AE=8C?= =?UTF-8?q?=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mybatis/aspect/DataFilterAspect.java | 60 +++--- .../dto/form/AccessSettingFormDTO.java | 9 + .../mybatis/feign/GovAccessFeignClient.java | 5 +- .../GovAccessFeignClientFallback.java | 4 +- .../constant/AccessSettingConstant.java | 5 +- .../tools/enums/RequirePermissionEnum.java | 60 +++--- .../epmet/commons/tools/redis/RedisKeys.java | 4 +- .../dto/form/AccessConfigOpesFormDTO.java | 16 ++ .../dto/form/AccessConfigSaveSettingDTO.java | 18 ++ .../dto/form/AccessConfigSettingFormDTO.java | 16 ++ .../epmet/dto/form/AccessSettingFormDTO.java | 4 + .../dto/result/AccessConfigOpesResultDTO.java | 13 ++ .../result/AccessConfigOptionsResultDTO.java | 11 ++ .../result/AccessConfigScopeResultDTO.java | 15 ++ .../result/AccessConfigSettingResultDTO.java | 14 ++ .../controller/AccessConfigController.java | 73 +++++++ .../epmet/controller/AccessController.java | 8 +- .../java/com/epmet/dao/AccessSettingDao.java | 34 +++- .../main/java/com/epmet/dao/OperationDao.java | 2 + .../java/com/epmet/dao/RoleOperationDao.java | 9 + .../main/java/com/epmet/dao/RoleScopeDao.java | 55 +++++- .../epmet/redis/RoleAccessSettingRedis.java | 42 ++-- .../com/epmet/redis/RoleOpeScopeRedis.java | 8 + .../epmet/service/AccessConfigService.java | 17 ++ .../java/com/epmet/service/AccessService.java | 2 +- .../service/impl/AccessConfigServiceImpl.java | 182 ++++++++++++++++++ .../epmet/service/impl/AccessServiceImpl.java | 30 +-- .../resources/mapper/AccessSettingDao.xml | 46 +++++ .../main/resources/mapper/OperationDao.xml | 7 + .../resources/mapper/RoleOperationDao.xml | 34 ++++ .../main/resources/mapper/RoleScopeDao.xml | 55 ++++++ .../test/govaccess/AccessSettingTest.java | 8 +- .../epmet/controller/AgencyController.java | 1 + .../com/epmet/controller/RoleController.java | 15 +- .../src/main/java/com/epmet/dao/RoleDao.java | 10 + .../java/com/epmet/service/RoleService.java | 2 + .../epmet/service/impl/RoleServiceImpl.java | 7 + .../src/main/resources/mapper/RoleDao.xml | 6 + 38 files changed, 809 insertions(+), 98 deletions(-) create mode 100644 epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/AccessSettingFormDTO.java rename epmet-commons/{epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis => epmet-commons-tools/src/main/java/com/epmet/commons/tools}/constant/AccessSettingConstant.java (85%) create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigOpesFormDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSaveSettingDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSettingFormDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOpesResultDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOptionsResultDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigScopeResultDTO.java create mode 100644 epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigSettingResultDTO.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessConfigController.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessConfigService.java create mode 100644 epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessConfigServiceImpl.java diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java index 1440cd3309..b7d6d64e44 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java @@ -9,7 +9,7 @@ package com.epmet.commons.mybatis.aspect; import com.epmet.commons.mybatis.annotation.DataFilter; -import com.epmet.commons.mybatis.constant.AccessSettingConstant; +import com.epmet.commons.tools.constant.AccessSettingConstant; import com.epmet.commons.tools.constant.OpeScopeConstant; import com.epmet.commons.mybatis.dto.form.*; import com.epmet.commons.mybatis.feign.GovAccessFeignClient; @@ -138,7 +138,8 @@ public class DataFilterAspect { // 生成过滤sql String sqlFilterSegment = getSqlFilterSegment(userId, userDetail.getRoleIdList(), requirePermission, - userDetail.getOrgIdPath(), userDetail.getGridIdList(), tableAlias, userDetail.getDeptIdList(), gridId, deptId); + userDetail.getOrgIdPath(), userDetail.getGridIdList(), tableAlias, userDetail.getDeptIdList(), + gridId, deptId, requirePermission); // 方式1.填充到Service方法列表中的DataScope对象中。如果dao入参是用DTO的话,那么再加一个DataScope入参,sql中会报错提示#{}参数找不到,因此改用方法2 //Object[] methodArgs = point.getArgs(); @@ -188,11 +189,12 @@ public class DataFilterAspect { * @return */ private String getSqlFilterSegment(String userId, Set roleIds, String reqiurePermission, String orgIdPath, - Set gridIdList, String tableAlias, Set deptIds, String gridId, String deptId) { + Set gridIdList, String tableAlias, Set deptIds, String gridId, String deptId, + String operationKey) { StringBuilder sb = new StringBuilder(); - Map accessSettings = listRoleAccessSettings(roleIds); + Map accessSettings = listRoleAccessSettings(roleIds, operationKey); // 1.生成sql:组织范围过滤 if (!genOrgScopeSql(sb, orgIdPath, roleIds, reqiurePermission, tableAlias)) { @@ -235,16 +237,19 @@ public class DataFilterAspect { * @param roleIds * @return */ - private Map listRoleAccessSettings(Set roleIds) { + private Map listRoleAccessSettings(Set roleIds, String operationKey) { Map settings = new HashMap<>(); roleIds.forEach(roleId -> { - settings.putAll(listRoleAccessSettings(roleId)); + settings.putAll(listRoleAccessSettings(roleId, operationKey)); }); return settings; } - private Map listRoleAccessSettings(String roleId) { - Result> result = govAccessFeignClient.listAccessSettings(roleId); + private Map listRoleAccessSettings(String roleId, String operationKey) { + AccessSettingFormDTO accessSettingFormDTO = new AccessSettingFormDTO(); + accessSettingFormDTO.setRoleId(roleId); + accessSettingFormDTO.setOperationKey(operationKey); + Result> result = govAccessFeignClient.listAccessSettings(accessSettingFormDTO); if (result.success()) { return result.getData(); } else { @@ -382,10 +387,8 @@ public class DataFilterAspect { return false; } - // 取出父组织ID path 和当前组织ID - String pOrgPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter)); - String currOrgPath = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1); - genOrgScopeSql(sb, scopes, currOrgPath, pOrgPath, tableAlias); + // 生成sql语句 + genOrgScopeSql(sb, scopes, orgIdPath, tableAlias); sb.replace(sb.lastIndexOf("OR"), sb.lastIndexOf("OR") + 3, ""); hasConditions.set(true); return true; @@ -395,48 +398,55 @@ public class DataFilterAspect { * 计算组织范围过滤sql * PS:这个方法需要优化,当前阶段因为逻辑不稳定,暂时不做过度封装 * @param scopes - * @param currOrg - * @param pOrgPath * @return */ - private void genOrgScopeSql(StringBuilder sb, HashSet scopes, String currOrg, String pOrgPath, String tableAlias) { + private void genOrgScopeSql(StringBuilder sb, HashSet scopes, String orgIdPath, String tableAlias) { + // 取出父组织ID path 和当前组织ID + //String parentOrgIDPath = orgIdPath.substring(0, orgIdPath.lastIndexOf(orgIdPathSpliter)); + //String currOrgID = orgIdPath.substring(orgIdPath.lastIndexOf(orgIdPathSpliter) + 1); + for (String scope : scopes) { switch (scope) { + // 当前单位(可以用ORG_ID_PATH,也可以用ORG_ID判断) case OpeScopeConstant.ORG_CURR: if (StringUtils.isBlank(tableAlias)) { - sb.append(" ORG_ID = '").append(currOrg).append("' OR "); + sb.append(" ORG_ID_PATH = '").append(orgIdPath).append("' OR "); + //sb.append(" ORG_ID = '").append(currOrgID).append("' OR "); } else { - sb.append(" ").append(tableAlias).append(".ORG_ID = '").append(currOrg).append("' OR "); + sb.append(" ").append(tableAlias).append(".ORG_ID_PATH = '").append(orgIdPath).append("' OR "); + //sb.append(" ").append(tableAlias).append(".ORG_ID = '").append(currOrgID).append("' OR "); } break; + // 本单位及其子级单位 case OpeScopeConstant.ORG_CURR_AND_SUB: if (StringUtils.isBlank(tableAlias)) { - sb.append(" ORG_ID_PATH like '").append(pOrgPath).append("%' OR "); + sb.append(" ORG_ID_PATH like '").append(orgIdPath).append("%' OR "); } else { - sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append("%' OR "); + sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(orgIdPath).append("%' OR "); } break; + // 本单位的子级单位 case OpeScopeConstant.ORG_CURR_SUB: if (StringUtils.isBlank(tableAlias)) { - sb.append(" ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' OR "); + sb.append(" ORG_ID_PATH like '").append(orgIdPath).append(":%' OR "); } else { - sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("%' OR "); + sb.append(" ").append(tableAlias).append(".ORG_ID_PATH like '").append(orgIdPath).append(":%' OR "); } break; //当前单位的父级单位 case OpeScopeConstant.ORG_CURR_SUP: if (StringUtils.isBlank(tableAlias)) { - sb.append(" '").append(pOrgPath).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR "); + sb.append(" '").append(orgIdPath).append("' like CONCAT(").append("ORG_ID_PATH,':%') OR "); } else { - sb.append(" '").append(pOrgPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%') OR "); + sb.append(" '").append(orgIdPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,':%') OR "); } break; // 当前单位及其父级单位 case OpeScopeConstant.ORG_CURR_AND_SUP: if (StringUtils.isBlank(tableAlias)) { - sb.append(" '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR "); + sb.append(" '").append(orgIdPath).append("' like CONCAT(").append("ORG_ID_PATH,'%') OR "); } else { - sb.append(" '").append(pOrgPath).append(orgIdPathSpliter).append(currOrg).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%' ) OR "); + sb.append(" '").append(orgIdPath).append("' like CONCAT(").append(tableAlias).append(".ORG_ID_PATH,'%' ) OR "); } break; case OpeScopeConstant.ORG_EQUAL: diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/AccessSettingFormDTO.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/AccessSettingFormDTO.java new file mode 100644 index 0000000000..1e64799485 --- /dev/null +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/dto/form/AccessSettingFormDTO.java @@ -0,0 +1,9 @@ +package com.epmet.commons.mybatis.dto.form; + +import lombok.Data; + +@Data +public class AccessSettingFormDTO { + private String roleId; + private String operationKey; +} diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java index c03e99a7e5..adac03e71c 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/GovAccessFeignClient.java @@ -38,11 +38,10 @@ public interface GovAccessFeignClient { /** * 查询角色的权限相关配置 - * @param roleId * @return */ - @PostMapping("/gov/access/access/accesssettings/{roleId}") - Result> listAccessSettings(@PathVariable("roleId") String roleId); + @PostMapping("/gov/access/access/accesssettings") + Result> listAccessSettings(AccessSettingFormDTO accessSettingFormDTO); /** * 查询角色所有operation及其范围(缓存) diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java index a911988f2c..48b25f74f8 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/feign/fallback/GovAccessFeignClientFallback.java @@ -32,8 +32,8 @@ public class GovAccessFeignClientFallback implements GovAccessFeignClient { } @Override - public Result> listAccessSettings(String roleId) { - return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listAccessSettings", roleId); + public Result> listAccessSettings(AccessSettingFormDTO accessSettingFormDTO) { + return ModuleUtils.feignConError(ServiceConstant.GOV_ACCESS_SERVER, "listAccessSettings", accessSettingFormDTO); } @Override diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/constant/AccessSettingConstant.java similarity index 85% rename from epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java rename to epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/constant/AccessSettingConstant.java index dc27659d74..b64a9b0f81 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/constant/AccessSettingConstant.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/constant/AccessSettingConstant.java @@ -1,6 +1,9 @@ -package com.epmet.commons.mybatis.constant; +package com.epmet.commons.tools.constant; public class AccessSettingConstant { + + public static final String ON = "ON"; + public static final String I_CREATED_KEY = "I_CREATED"; public static final String I_CREATED_ON = "ON"; diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java index 13054dc29e..3e39d03c04 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java @@ -2,36 +2,36 @@ package com.epmet.commons.tools.enums; public enum RequirePermissionEnum { - WORK_GRASSROOTS_GROUP_AUDITINGLIST("work_grassroots_group_auditinglist", "基层治理-群组管理-待审核列表", "基层治理-群组管理-待审核列表"), - WORK_GRASSROOTS_GROUP_AUDIT("work_grassroots_group_audit", "基层治理-群组管理-审核建组", "基层治理-群组管理-审核建组"), - WORK_GRASSROOTS_GROUP_GROUPSINTHEGRID("work_grassroots_group_groupsinthegrid", "基层治理-群组管理-本网格小组列表", "基层治理-群组管理-本网格小组列表"), - WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITINGLIST("work_grassroots_resi_warmhearted_auditinglist", "基层治理-居民管理-热心居民待审核列表", "基层治理-居民管理-热心居民待审核列表"), - WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITHISTORYLIST("work_grassroots_resi_warmhearted_audithistorylist", "基层治理-居民管理-热心审核历史", "基层治理-居民管理-热心审核历史"), - WORK_GRASSROOTS_RESI_WARMHEARTED_AUDIT("work_grassroots_resi_warmhearted_audit", "基层治理-居民管理-热心居民审核", "基层治理-居民管理-热心居民审核"), - ORG_AGENCY_TRACE("org_agency_trace", "组织-查看上级机关", "组织-查看上级机关"), - ORG_AGENCY_UPDATE("org_agency_update", "组织-机关单位-编辑", "组织-机关单位-编辑"), - ORG_SUBAGENCY_LIST("org_subagency_list", "组织-下级机关-列表", "组织-下级机关-列表"), - ORG_SUBAGENCY_CREATE("org_subagency_create", "组织-下级机关-新增", "组织-下级机关-新增"), - ORG_SUBAGENCY_DELETE("org_subagency_delete", "组织-下级机关-删除", "组织-下级机关-删除"), - ORG_STAFF_DETAIL("org_staff_detail", "组织-工作人员-详情", "组织-工作人员-详情"), - ORG_STAFF_LIST("org_staff_list", "组织-工作人员-列表", "组织-工作人员-列表"), - ORG_STAFF_CREATE("org_staff_create", "组织-工作人员-新增", "组织-工作人员-新增"), - ORG_STAFF_UPDATE("org_staff_update", "组织-工作人员-编辑", "组织-工作人员-编辑"), - ORG_STAFF_FORBIDDEN("org_staff_forbidden", "组织-工作人员-禁用", "组织-工作人员-禁用"), - ORG_DEPARTMENT_LIST("org_department_list", "组织-直属部门-部门列表", "组织-直属部门-部门列表"), - ORG_DEPARTMENT_CREATE("org_department_create", "组织-直属部门-新增部门", "组织-直属部门-新增部门"), - ORG_DEPARTMENT_UPDATE("org_department_update", "组织-直属部门-编辑部门", "组织-直属部门-编辑部门"), - ORG_DEPARTMENT_DELETE("org_department_delete", "组织-直属部门-删除", "组织-直属部门-删除"), - ORG_DEPARTMENT_STAFF_ADD("org_department_staff_add", "组织-直属部门-添加人员", "组织-直属部门-添加人员"), - ORG_DEPARTMENT_STAFF_REMOVE("org_department_staff_remove", "组织-直属部门-移除人员", "组织-直属部门-移除人员"), - ORG_DEPARTMENT_STAFF_LIST("org_department_staff_list", "组织-直属部门-人员列表", "组织-直属部门-人员列表"), - ORG_GRID_LIST("org_grid_list", "组织-治理网格-网格列表", "组织-治理网格-网格列表"), - ORG_GRID_CREATE("org_grid_create", "组织-治理网格-新增网格", "组织-治理网格-新增网格"), - ORG_GRID_UPDATE("org_grid_update", "组织-治理网格-编辑网格", "组织-治理网格-编辑网格"), - ORG_GRID_DELETE("org_grid_delete", "组织-治理网格-删除", "组织-治理网格-删除"), - ORG_GRID_STAFF_ADD("org_grid_staff_add", "组织-治理网格-新增网格工作人员", "组织-治理网格-新增网格工作人员"), - ORG_GRID_STAFF_REMOVE("org_grid_staff_remove", "组织-治理网格-移除网格工作人员", "组织-治理网格-移除网格工作人员"), - ORG_PARTYMEMBER_SUMMARY("org_partymember_summary", "组织-党员-汇总信息", "组织-党员-汇总信息"); + WORK_GRASSROOTS_GROUP_AUDITINGLIST("work_grassroots_group_auditinglist", "基层治理:群组管理:待审核列表", "基层治理:群组管理:待审核列表"), + WORK_GRASSROOTS_GROUP_AUDIT("work_grassroots_group_audit", "基层治理:群组管理:审核建组", "基层治理:群组管理:审核建组"), + WORK_GRASSROOTS_GROUP_GROUPSINTHEGRID("work_grassroots_group_groupsinthegrid", "基层治理:群组管理:本网格小组列表", "基层治理:群组管理:本网格小组列表"), + WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITINGLIST("work_grassroots_resi_warmhearted_auditinglist", "基层治理:居民管理:热心居民待审核列表", "基层治理:居民管理:热心居民待审核列表"), + WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITHISTORYLIST("work_grassroots_resi_warmhearted_audithistorylist", "基层治理:居民管理:热心审核历史", "基层治理:居民管理:热心审核历史"), + WORK_GRASSROOTS_RESI_WARMHEARTED_AUDIT("work_grassroots_resi_warmhearted_audit", "基层治理:居民管理:热心居民审核", "基层治理:居民管理:热心居民审核"), + ORG_AGENCY_TRACE("org_agency_trace", "组织:查看上级机关", "组织:查看上级机关"), + ORG_AGENCY_UPDATE("org_agency_update", "组织:机关单位:编辑", "组织:机关单位:编辑"), + ORG_SUBAGENCY_LIST("org_subagency_list", "组织:下级机关:列表", "组织:下级机关:列表"), + ORG_SUBAGENCY_CREATE("org_subagency_create", "组织:下级机关:新增", "组织:下级机关:新增"), + ORG_SUBAGENCY_DELETE("org_subagency_delete", "组织:下级机关:删除", "组织:下级机关:删除"), + ORG_STAFF_DETAIL("org_staff_detail", "组织:工作人员:详情", "组织:工作人员:详情"), + ORG_STAFF_LIST("org_staff_list", "组织:工作人员:列表", "组织:工作人员:列表"), + ORG_STAFF_CREATE("org_staff_create", "组织:工作人员:新增", "组织:工作人员:新增"), + ORG_STAFF_UPDATE("org_staff_update", "组织:工作人员:编辑", "组织:工作人员:编辑"), + ORG_STAFF_FORBIDDEN("org_staff_forbidden", "组织:工作人员:禁用", "组织:工作人员:禁用"), + ORG_DEPARTMENT_LIST("org_department_list", "组织:直属部门:部门列表", "组织:直属部门:部门列表"), + ORG_DEPARTMENT_CREATE("org_department_create", "组织:直属部门:新增部门", "组织:直属部门:新增部门"), + ORG_DEPARTMENT_UPDATE("org_department_update", "组织:直属部门:编辑部门", "组织:直属部门:编辑部门"), + ORG_DEPARTMENT_DELETE("org_department_delete", "组织:直属部门:删除", "组织:直属部门:删除"), + ORG_DEPARTMENT_STAFF_ADD("org_department_staff_add", "组织:直属部门:添加人员", "组织:直属部门:添加人员"), + ORG_DEPARTMENT_STAFF_REMOVE("org_department_staff_remove", "组织:直属部门:移除人员", "组织:直属部门:移除人员"), + ORG_DEPARTMENT_STAFF_LIST("org_department_staff_list", "组织:直属部门:人员列表", "组织:直属部门:人员列表"), + ORG_GRID_LIST("org_grid_list", "组织:治理网格:网格列表", "组织:治理网格:网格列表"), + ORG_GRID_CREATE("org_grid_create", "组织:治理网格:新增网格", "组织:治理网格:新增网格"), + ORG_GRID_UPDATE("org_grid_update", "组织:治理网格:编辑网格", "组织:治理网格:编辑网格"), + ORG_GRID_DELETE("org_grid_delete", "组织:治理网格:删除", "组织:治理网格:删除"), + ORG_GRID_STAFF_ADD("org_grid_staff_add", "组织:治理网格:新增网格工作人员", "组织:治理网格:新增网格工作人员"), + ORG_GRID_STAFF_REMOVE("org_grid_staff_remove", "组织:治理网格:移除网格工作人员", "组织:治理网格:移除网格工作人员"), + ORG_PARTYMEMBER_SUMMARY("org_partymember_summary", "组织:党员:汇总信息", "组织:党员:汇总信息"); private String key; private String name; diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java index f4f6be0539..d90feff39e 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java @@ -232,7 +232,7 @@ public class RedisKeys { * @param roleId * @return */ - public static String getRoleAccessSettingKey(String roleId) { - return rootPrefix.concat("gov:access:role:accesssettings:").concat(roleId); + public static String getRoleAccessSettingKey(String roleId, String operationKey) { + return rootPrefix.concat(String.format("gov:access:role:accesssettings:%s:%s", roleId, operationKey)); } } diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigOpesFormDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigOpesFormDTO.java new file mode 100644 index 0000000000..8a84ddf960 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigOpesFormDTO.java @@ -0,0 +1,16 @@ +package com.epmet.dto.form; + +import com.epmet.dto.result.AccessConfigOpesResultDTO; +import lombok.Data; + +import javax.validation.constraints.NotBlank; +import java.util.List; + +@Data +public class AccessConfigOpesFormDTO { + + @NotBlank(message = "角色ID不能为空") + private String roleId; + private List opes; + +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSaveSettingDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSaveSettingDTO.java new file mode 100644 index 0000000000..6a9f46c010 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSaveSettingDTO.java @@ -0,0 +1,18 @@ +package com.epmet.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; +import java.util.Set; + +@Data +public class AccessConfigSaveSettingDTO { + + @NotBlank(message = "角色ID不能为空") + private String roleId; + @NotBlank(message = "操作Key不能为空") + private String operationKey; + private Set scopeKeys; + private Set settingKeys; + +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSettingFormDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSettingFormDTO.java new file mode 100644 index 0000000000..58193ec816 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessConfigSettingFormDTO.java @@ -0,0 +1,16 @@ +package com.epmet.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class AccessConfigSettingFormDTO { + + @NotBlank(message = "角色ID不能为空") + private String roleId; + + @NotBlank(message = "操作的Key不能为空") + private String operationKey; + +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java index 9297426066..ecd5e6b99f 100644 --- a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/form/AccessSettingFormDTO.java @@ -2,7 +2,11 @@ package com.epmet.dto.form; import lombok.Data; +/** + * 查询拥有的权限的DTO,非后台配置用 + */ @Data public class AccessSettingFormDTO { private String roleId; + private String operationKey; } diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOpesResultDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOpesResultDTO.java new file mode 100644 index 0000000000..bf24f851d2 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOpesResultDTO.java @@ -0,0 +1,13 @@ +package com.epmet.dto.result; + +import lombok.Data; + +@Data +public class AccessConfigOpesResultDTO { + + private String operationKey; + private String operationName; + private String brief; + private Boolean assigned; + +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOptionsResultDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOptionsResultDTO.java new file mode 100644 index 0000000000..55d965ae05 --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigOptionsResultDTO.java @@ -0,0 +1,11 @@ +package com.epmet.dto.result; + +import lombok.Data; + +import java.util.List; + +@Data +public class AccessConfigOptionsResultDTO { + private List scopeOptions; + private List settingOptions; +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigScopeResultDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigScopeResultDTO.java new file mode 100644 index 0000000000..e1eb02e9fb --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigScopeResultDTO.java @@ -0,0 +1,15 @@ +package com.epmet.dto.result; + +import lombok.Data; + +@Data +public class AccessConfigScopeResultDTO { + + private String scopeKey; + private String scopeName; + private String scopeIndex; + private String operationKey; + private String roleId; + private Boolean assigned; + +} diff --git a/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigSettingResultDTO.java b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigSettingResultDTO.java new file mode 100644 index 0000000000..150a02a49f --- /dev/null +++ b/epmet-module/gov-access/gov-access-client/src/main/java/com/epmet/dto/result/AccessConfigSettingResultDTO.java @@ -0,0 +1,14 @@ +package com.epmet.dto.result; + +import lombok.Data; + +@Data +public class AccessConfigSettingResultDTO { + + private String settingKey; + private String settingName; + private String roleId; + private Boolean assigned; + private String operationKey; + +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessConfigController.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessConfigController.java new file mode 100644 index 0000000000..70436077be --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessConfigController.java @@ -0,0 +1,73 @@ +package com.epmet.controller; + +import com.epmet.commons.tools.utils.Result; +import com.epmet.commons.tools.validator.ValidatorUtils; +import com.epmet.dto.form.AccessConfigOpesFormDTO; +import com.epmet.dto.form.AccessConfigSaveSettingDTO; +import com.epmet.dto.form.AccessConfigSettingFormDTO; +import com.epmet.dto.result.AccessConfigOpesResultDTO; +import com.epmet.dto.result.AccessConfigOptionsResultDTO; +import com.epmet.service.AccessConfigService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.*; + +import javax.validation.constraints.NotBlank; +import java.util.List; +import java.util.Set; + +@RestController +@RequestMapping("config") +public class AccessConfigController { + + @Autowired + private AccessConfigService accessConfigService; + + /** + * 列出角色的操作列表(及该操作的scope范围) + * @param roleId + * @return + */ + @PostMapping("roleopes/{roleId}") + public Result listRoleOperations(@PathVariable("roleId") String roleId) { + List opes = accessConfigService.listOpesByRole(roleId); + return new Result().ok(opes); + } + + /** + * 保存角色的操作功能列表 + * @return + */ + @PostMapping("saveroleopes") + public Result saveRoleOpes(@RequestBody AccessConfigOpesFormDTO formDTO) { + accessConfigService.saveRoleOpes(formDTO.getRoleId(), formDTO.getOpes()); + return new Result(); + } + + /** + * 查询可配置项列表 + * @return + */ + @PostMapping("settingoptions") + public Result listSettingoptions(@RequestBody AccessConfigSettingFormDTO settingFormDTO) { + ValidatorUtils.validateEntity(settingFormDTO); + AccessConfigOptionsResultDTO options = accessConfigService.listScopeItemsForAccessConfig(settingFormDTO.getRoleId(), settingFormDTO.getOperationKey()); + return new Result().ok(options); + } + + /** + * 保存设置 + * @param settings + * @return + */ + @PostMapping("savesettings") + public Result saveSettings(@RequestBody AccessConfigSaveSettingDTO settings) { + ValidatorUtils.validateEntity(settings); + String roleId = settings.getRoleId(); + String operationKey = settings.getOperationKey(); + Set scopeKeys = settings.getScopeKeys(); + Set settingKeys = settings.getSettingKeys(); + accessConfigService.saveSettings(roleId, operationKey, scopeKeys, settingKeys); + return new Result(); + } + +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java index 66fb87eed6..775496d0a8 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/controller/AccessController.java @@ -90,12 +90,12 @@ public class AccessController { } /** - * 查询角色的权限相关配置 + * 查询角色的权限相关配置(缓存) * @return */ - @PostMapping("/accesssettings/{roleId}") - public Result> listAccessSettings(@PathVariable("roleId") String roleId) { - Map settings = accessService.listAccessSettings(roleId); + @PostMapping("/accesssettings") + public Result> listAccessSettings(@RequestBody AccessSettingFormDTO accessSettingFormDTO) { + Map settings = accessService.listAccessSettings(accessSettingFormDTO.getRoleId(), accessSettingFormDTO.getOperationKey()); return new Result>().ok(settings); } } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java index ad502f0737..1af564a116 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/AccessSettingDao.java @@ -18,11 +18,14 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.result.AccessConfigSettingResultDTO; import com.epmet.dto.result.AccessSettingResultDTO; import com.epmet.entity.AccessSettingEntity; import org.apache.ibatis.annotations.Mapper; +import org.apache.ibatis.annotations.Param; import java.util.List; +import java.util.Set; /** * 权限配置 @@ -38,6 +41,35 @@ public interface AccessSettingDao extends BaseDao { * @param roleId * @return */ - List listAccessSettingsByRoleId(String roleId); + List listAccessSettingsByRoleId(@Param("roleId") String roleId, + @Param("operationKey") String operationKey); + List listSettingOptionsForAccessConfig(@Param("roleId") String roleId, + @Param("operationKey") String operationKey); + + /** + * 删除 + * @param roleId + * @param operationKey + * @param settingKeys2Delete + * @return + */ + int delete(@Param("roleId") String roleId, + @Param("operationKey") String operationKey, + @Param("settingKeys2Delete") Set settingKeys2Delete); + + AccessSettingEntity get(@Param("roleId") String roleId, + @Param("operationKey") String operationKey, + @Param("settingKey") String settingKey); + + /** + * 启用 + * @param roleId + * @param operationKey + * @param settingKey + * @return + */ + int enable(@Param("roleId") String roleId, + @Param("operationKey") String operationKey, + @Param("settingKey") String settingKey); } \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationDao.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationDao.java index 427d458215..6b34908dde 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationDao.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/OperationDao.java @@ -33,4 +33,6 @@ import java.util.List; public interface OperationDao extends BaseDao { List listAllOperationEntities(); + + List listAllValidOperationEntities(); } \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java index a1b408ba7a..46a159e3b6 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleOperationDao.java @@ -18,6 +18,7 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.result.AccessConfigOpesResultDTO; import com.epmet.dto.result.RoleOperationResultDTO; import com.epmet.entity.RoleOperationEntity; import org.apache.ibatis.annotations.Mapper; @@ -35,4 +36,12 @@ import java.util.List; public interface RoleOperationDao extends BaseDao { List listOperationsByRoleId(@Param("roleId") String roleId); + + List listOpesForAccessConfig(@Param("roleId") String roleId); + + void deleteRoleOpe(@Param("roleId") String roleId, @Param("opeKey") String opeKey); + + RoleOperationEntity getRoleOpe(@Param("roleId") String roleId, @Param("opeKey") String opeKey); + + int enableRoleOpe(@Param("roleId") String roleId, @Param("opeKey") String opeKey); } \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java index 60982f5528..361bd033d4 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/dao/RoleScopeDao.java @@ -18,8 +18,14 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.result.AccessConfigScopeResultDTO; +import com.epmet.dto.result.AccessConfigSettingResultDTO; import com.epmet.entity.RoleScopeEntity; import org.apache.ibatis.annotations.Mapper; +import org.apache.ibatis.annotations.Param; + +import java.util.List; +import java.util.Set; /** * 角色能操作哪些范围 @@ -29,5 +35,52 @@ import org.apache.ibatis.annotations.Mapper; */ @Mapper public interface RoleScopeDao extends BaseDao { - + + /** + * 权限配置:列出可选项 + * @param roleId + * @param operationKey + * @return + */ + List listScopeOptionsForAccessConfig(@Param("roleId") String roleId, @Param("operationKey") String operationKey); + + /** + * + * @param roleId + * @param operationKey + * @return + */ + List listScopeEntities(@Param("roleId") String roleId, @Param("operationKey") String operationKey); + + /** + * 使用roleId+OperationKey+ScopeKey删除 + * @param roleId + * @param operationKey + * @param scopeKeys2Remove + * @return + */ + int deleteByRoleIdAndOpeKey(@Param("roleId") String roleId, + @Param("operationKey") String operationKey, + @Param("scopeKeys2Remove") Set scopeKeys2Remove); + + /** + * 启用 + * @param roleId + * @param operationKey + * @param scopeKey + * @return + */ + int enableByRoleIdAndOpeKey(@Param("roleId") String roleId, + @Param("operationKey") String operationKey, + @Param("scopeKey") String scopeKey); + + /** + * 使用RoleId + operationKey + scopeKey + * @param roleId + * @param operationKey + * @param scopeKey + */ + RoleScopeEntity getByRoleIdAndOpeKey(@Param("roleId") String roleId, + @Param("operationKey") String operationKey, + @Param("scopeKey") String scopeKey); } \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java index 72bff8caf3..c188cf2566 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleAccessSettingRedis.java @@ -4,9 +4,11 @@ import com.epmet.commons.tools.redis.RedisKeys; import com.epmet.commons.tools.redis.RedisUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.util.CollectionUtils; import java.util.HashMap; import java.util.Map; +import java.util.Set; @Component public class RoleAccessSettingRedis { @@ -14,21 +16,37 @@ public class RoleAccessSettingRedis { @Autowired private RedisUtils redisUtils; - public void set(Map settings, String roleId) { - String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId); - redisUtils.hMSet(roleAccessSettingKey, settings); + public void set(Map settings, String roleId, String operationKey) { + // 转化Map + HashMap newSettings = new HashMap<>(); + Set> entries = settings.entrySet(); + entries.forEach(entry -> { + newSettings.put(entry.getKey(), entry.getValue()); + }); + + String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId, operationKey); + redisUtils.hMSet(roleAccessSettingKey, newSettings); } - public Map get(String roleId) { - String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId); + public Map get(String roleId, String operationKey) { + String roleAccessSettingKey = RedisKeys.getRoleAccessSettingKey(roleId, operationKey); Map s = redisUtils.hGetAll(roleAccessSettingKey); - Map settings = new HashMap<>(); - s.forEach((s1, o) -> { - if (o != null) { - settings.put(s1, String.valueOf(o)); - } - }); - return settings; + // 转化Map + if (!CollectionUtils.isEmpty(s)) { + Map settings = new HashMap<>(); + s.forEach((s1, o) -> { + if (o != null) { + settings.put(s1, String.valueOf(o)); + } + }); + return settings; + } + + return null; + } + + public void delete(String roleId, String operationKey) { + redisUtils.delete(RedisKeys.getRoleAccessSettingKey(roleId, operationKey)); } } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java index d8e324fb27..af82f0f8b5 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/redis/RoleOpeScopeRedis.java @@ -63,4 +63,12 @@ public class RoleOpeScopeRedis { return JSON.parseObject(stringValue, new TypeReference>(){}); } + /** + * 删除缓存 + * @param roleId + */ + public void delRoleAllOpeScopes(String roleId) { + redisUtils.delete(RedisKeys.getRoleAllOpeScopesKey(roleId)); + } + } diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessConfigService.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessConfigService.java new file mode 100644 index 0000000000..19e7421d6e --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessConfigService.java @@ -0,0 +1,17 @@ +package com.epmet.service; + +import com.epmet.dto.result.AccessConfigOpesResultDTO; +import com.epmet.dto.result.AccessConfigOptionsResultDTO; + +import java.util.List; +import java.util.Set; + +public interface AccessConfigService { + List listOpesByRole(String roleId); + + void saveRoleOpes(String roleId, List opes); + + AccessConfigOptionsResultDTO listScopeItemsForAccessConfig(String roleId, String operationKey); + + void saveSettings(String roleId, String operationKey, Set scopeKeys, Set settingKeys); +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java index e5dda9f15b..7e976d3e65 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/AccessService.java @@ -34,7 +34,7 @@ public interface AccessService { * @param roleId * @return */ - Map listAccessSettings(String roleId); + Map listAccessSettings(String roleId, String operationKey); /** * 查询角色所有operation及其范围(缓存) diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessConfigServiceImpl.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessConfigServiceImpl.java new file mode 100644 index 0000000000..cc39398289 --- /dev/null +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessConfigServiceImpl.java @@ -0,0 +1,182 @@ +package com.epmet.service.impl; + +import com.epmet.commons.tools.constant.AccessSettingConstant; +import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.RenException; +import com.epmet.dao.*; +import com.epmet.dto.result.*; +import com.epmet.entity.AccessSettingEntity; +import com.epmet.entity.RoleOperationEntity; +import com.epmet.entity.RoleScopeEntity; +import com.epmet.redis.RoleAccessSettingRedis; +import com.epmet.redis.RoleOpeScopeRedis; +import com.epmet.service.AccessConfigService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.CollectionUtils; + +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; + +@Service +public class AccessConfigServiceImpl implements AccessConfigService { + + protected static final Logger logger = LoggerFactory.getLogger(AccessConfigServiceImpl.class); + + @Autowired + private RoleOpeScopeRedis roleOpeScopeRedis; + + @Autowired + private RoleOperationDao roleOperationDao; + + @Autowired + private RoleScopeDao roleScopeDao; + + @Autowired + private AccessSettingDao accessSettingDao; + + @Autowired + private RoleAccessSettingRedis roleAccessSettingRedis; + + @Override + public List listOpesByRole(String roleId) { + return roleOperationDao.listOpesForAccessConfig(roleId); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void saveRoleOpes(String roleId, List opes) { + List operationsDB = roleOperationDao.listOperationsByRoleId(roleId); + Set opeKeysDB = operationsDB.stream().map(opeDB -> opeDB.getOperationKey()).collect(Collectors.toSet()); + Set opeKeysForm = opes.stream().map(opeForm -> opeForm.getOperationKey()).collect(Collectors.toSet()); + + for (String s : opeKeysDB) { + if (!opeKeysForm.contains(s)) { + // 说明这个已经被取消 + roleOperationDao.deleteRoleOpe(roleId, s); + } + } + + for (String s : opeKeysForm) { + if (!opeKeysDB.contains(s)) { + // 说明这个是新勾选的 + if (roleOperationDao.getRoleOpe(roleId, s) != null) { + if (roleOperationDao.enableRoleOpe(roleId, s) == 0) { + logger.error("权限配置:启用权限失败,roleId:{}", roleId); + throw new RenException(EpmetErrorCode.SERVER_ERROR.getCode()); + } + continue; + } + + RoleOperationEntity newRoleOpe = new RoleOperationEntity(); + newRoleOpe.setRoleId(roleId); + newRoleOpe.setOperationKey(s); + roleOperationDao.insert(newRoleOpe); + } + } + + // 失效Redis缓存 + roleOpeScopeRedis.delRoleAllOpeScopes(roleId); + } + + @Override + public AccessConfigOptionsResultDTO listScopeItemsForAccessConfig(String roleId, String operationKey) { + List scopeOptions = roleScopeDao.listScopeOptionsForAccessConfig(roleId, operationKey); + List settingOptions = accessSettingDao.listSettingOptionsForAccessConfig(roleId, operationKey); + AccessConfigOptionsResultDTO options = new AccessConfigOptionsResultDTO(); + options.setScopeOptions(scopeOptions); + options.setSettingOptions(settingOptions); + return options; + } + + @Override + @Transactional + public void saveSettings(String roleId, String operationKey, Set scopeKeys, Set settingKeys) { + saveScopeSettings(roleId, operationKey, scopeKeys); + saveAccessSettingSettings(roleId, operationKey, settingKeys); + } + + /** + * 保存设置 + * 可以优化为:遍历时候直接删除或者新增,而不用新建settingKeys2Delete, settingKeys2Add变量 + * @param roleId + * @param operationKey + */ + private void saveAccessSettingSettings(String roleId, String operationKey, Set newSettingKeys) { + Set settingKeysDB = accessSettingDao.listAccessSettingsByRoleId(roleId, operationKey) + .stream() + .map(setting -> setting.getSettingKey()) + .collect(Collectors.toSet()); + + Set settingKeys2Delete = settingKeysDB.stream().filter(settingKeyDB -> !newSettingKeys.contains(settingKeyDB)).collect(Collectors.toSet()); + Set settingKeys2Add = newSettingKeys.stream().filter(newSetting -> !settingKeysDB.contains(newSetting)).collect(Collectors.toSet()); + + // 删除 + if (!CollectionUtils.isEmpty(settingKeys2Delete)) { + accessSettingDao.delete(roleId, operationKey, settingKeys2Delete); + } + + // 新增 + if (!CollectionUtils.isEmpty(settingKeys2Add)) { + settingKeys2Add.forEach(settingKey -> { + if (accessSettingDao.get(roleId, operationKey, settingKey) != null) { + // 数据库中已有 + accessSettingDao.enable(roleId, operationKey, settingKey); + } else { + AccessSettingEntity newSetting = new AccessSettingEntity(); + newSetting.setRoleId(roleId); + newSetting.setOperationKey(operationKey); + newSetting.setSettingKey(settingKey); + newSetting.setSettingValue(AccessSettingConstant.ON); + accessSettingDao.insert(newSetting); + } + }); + } + + // 清空redis缓存 + roleAccessSettingRedis.delete(roleId, operationKey); + } + + /** + * 保存Scope设置 + * @param roleId + * @param operationKey + * @param scopeKeys + */ + private void saveScopeSettings(String roleId, String operationKey, Set scopeKeys) { + List scopesDB = roleScopeDao.listScopeEntities(roleId, operationKey); + // 数据库中已有的scopeKey列表 + Set scopeKeysDB = scopesDB.stream().map(scope -> scope.getScopeKey()).collect(Collectors.toSet()); + + Set scopeKeys2Add = scopeKeys.stream().filter(scopeKey -> !scopeKeysDB.contains(scopeKey)).collect(Collectors.toSet()); + Set scopeKeys2Remove = scopeKeysDB.stream().filter(scopeKeyDB -> !scopeKeys.contains(scopeKeyDB)).collect(Collectors.toSet()); + + // 添加/重新启用 + if (!CollectionUtils.isEmpty(scopeKeys2Add)) { + scopeKeys2Add.forEach(scopeKey -> { + RoleScopeEntity rsDB = roleScopeDao.getByRoleIdAndOpeKey(roleId, operationKey, scopeKey); + if (rsDB != null) { + roleScopeDao.enableByRoleIdAndOpeKey(roleId, operationKey, scopeKey); + } else { + RoleScopeEntity rs2Add = new RoleScopeEntity(); + rs2Add.setRoleId(roleId); + rs2Add.setOperationKey(operationKey); + rs2Add.setScopeKey(scopeKey); + roleScopeDao.insert(rs2Add); + } + }); + } + + // 删除 + if (!CollectionUtils.isEmpty(scopeKeys2Remove)) { + roleScopeDao.deleteByRoleIdAndOpeKey(roleId, operationKey, scopeKeys2Remove); + } + + // 清空redis缓存 + roleOpeScopeRedis.delRoleAllOpeScopes(roleId); + } +} diff --git a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java index 7d33424f09..37a5dfd305 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java +++ b/epmet-module/gov-access/gov-access-server/src/main/java/com/epmet/service/impl/AccessServiceImpl.java @@ -3,7 +3,9 @@ package com.epmet.service.impl; import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.security.dto.GovTokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; +import com.epmet.dao.AccessSettingDao; import com.epmet.dao.OperationScopeDao; +import com.epmet.dto.result.AccessSettingResultDTO; import com.epmet.dto.result.RoleOpeScopeResultDTO; import com.epmet.redis.RoleAccessSettingRedis; import com.epmet.redis.RoleOpeScopeRedis; @@ -12,6 +14,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.CollectionUtils; import java.util.*; @@ -26,6 +29,9 @@ public class AccessServiceImpl implements AccessService { @Autowired private OperationScopeDao operationScopeDao; + @Autowired + private AccessSettingDao accessSettingDao; + @Autowired private RoleOpeScopeRedis roleOpeScopeRedis; @@ -90,18 +96,21 @@ public class AccessServiceImpl implements AccessService { * @return */ @Override - public Map listAccessSettings(String roleId) { - Map settings = roleAccessSettingRedis.get(roleId); - //if (CollectionUtils.isEmpty(settings)) { - // // 数据库查出来,放入redis一份。此处为权限过滤器用到,存在缓存穿透,所以不采用这种方式。 - // // 改用为:变动setting的时候手动更新缓存的方式 - // List settingsDB = roleAccessSettingDao.listRoleAccessSettingsByRoleId(roleId); - // if (!CollectionUtils.isEmpty(settingsDB)) { - // roleAccessSettingRedis.set(settingsDB, roleId); - // } - //} + public Map listAccessSettings(String roleId, String operationKey) { + Map settings = roleAccessSettingRedis.get(roleId, operationKey); if (settings == null) { settings = new HashMap<>(); + // 数据库查出来,放入redis一份。此处为权限过滤器用到 + List accessSettingDtos = accessSettingDao.listAccessSettingsByRoleId(roleId, operationKey); + if (!CollectionUtils.isEmpty(accessSettingDtos)) { + for (AccessSettingResultDTO setting : accessSettingDtos) { + settings.put(setting.getSettingKey(), setting.getSettingValue()); + } + } else { + // 占位,否则空map存不到redis中 + settings.put("-", "-"); + } + roleAccessSettingRedis.set(settings, roleId, operationKey); } return settings; } @@ -109,7 +118,6 @@ public class AccessServiceImpl implements AccessService { @Override public List listAllRoleOperationScopesByRoleId(String roleId) { List roleAllOpeScopes = roleOpeScopeRedis.getRoleAllOpeScopes(roleId); - // 防止缓存穿透 if (roleAllOpeScopes == null) { roleAllOpeScopes = operationScopeDao.listAllRoleOperationScopesByRoleId(roleId); roleOpeScopeRedis.setRoleAllOpeScopes(roleId, roleAllOpeScopes); diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml index d50150529e..1449da2fc0 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/AccessSettingDao.xml @@ -28,7 +28,53 @@ WHERE s.ROLE_ID = #{roleId} AND s.DEL_FLAG = 0 + AND s.OPERATION_KEY = #{operationKey} + AND s.DEL_FLAG = 0 + + + + + + + DELETE + FROM access_setting + WHERE ROLE_ID = #{roleId} + AND OPERATION_KEY = #{operationKey} + AND SETTING_KEY IN + + #{settingKey} + + + + + + + UPDATE access_setting s + SET DEL_FLAG = 0 + WHERE s.ROLE_ID = #{roleId} + AND s.OPERATION_KEY = #{operationKey} + AND s.SETTING_KEY = #{settingKey} + \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationDao.xml b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationDao.xml index 18669ed246..824b7a4feb 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationDao.xml +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/OperationDao.xml @@ -21,5 +21,12 @@ FROM operation o + + \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleOperationDao.xml b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleOperationDao.xml index ebde0d7c2c..7009237115 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleOperationDao.xml +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleOperationDao.xml @@ -31,5 +31,39 @@ and o.DEL_FLAG = '0' + + + + UPDATE role_operation + SET DEL_FLAG = 1 + WHERE ROLE_ID = #{roleId} + AND OPERATION_KEY = #{opeKey} + + + + + + UPDATE role_operation + SET DEL_FLAG = 0 + WHERE ROLE_ID = #{roleId} + AND OPERATION_KEY = #{opeKey} + \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml index fdca928212..7344b4ed6b 100644 --- a/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml +++ b/epmet-module/gov-access/gov-access-server/src/main/resources/mapper/RoleScopeDao.xml @@ -16,5 +16,60 @@ + + + + + DELETE + FROM role_scope + WHERE ROLE_ID = #{roleId} + AND OPERATION_KEY = #{operationKey} + AND SCOPE_KEY IN + + #{scopeKey} + + + + + + DELETE + FROM role_scope + WHERE ROLE_ID = #{roleId} + AND OPERATION_KEY = #{operationKey} + AND SCOPE_KEY = #{scopeKey} + + + + + + \ No newline at end of file diff --git a/epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java b/epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java index ae1de661a2..c40e1c2463 100644 --- a/epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java +++ b/epmet-module/gov-access/gov-access-server/src/test/java/com/epmet/test/govaccess/AccessSettingTest.java @@ -25,13 +25,13 @@ public class AccessSettingTest { @Test public void addAccessSettings2Redis() { - List settings = roleAccessSettingDao.listAccessSettingsByRoleId("1"); - HashMap objectObjectHashMap = new HashMap<>(); + List settings = roleAccessSettingDao.listAccessSettingsByRoleId("1", "org_staff_list"); + HashMap objectObjectHashMap = new HashMap<>(); settings.forEach(setting -> { objectObjectHashMap.put(setting.getSettingKey(), setting.getSettingValue()); }); - roleAccessSettingRedis.set(objectObjectHashMap, "1"); - Map map = roleAccessSettingRedis.get("1"); + roleAccessSettingRedis.set(objectObjectHashMap, "1", "org_staff_list"); + Map map = roleAccessSettingRedis.get("1", "org_staff_list"); System.out.println(map); } diff --git a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java index 31a61eba22..6d128501ed 100644 --- a/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java +++ b/epmet-module/gov-org/gov-org-server/src/main/java/com/epmet/controller/AgencyController.java @@ -83,6 +83,7 @@ public class AgencyController { * @Description 组织名称编辑 */ @PostMapping("editagency") + //@RequirePermission(requirePermission = RequirePermissionEnum.ORG_AGENCY_UPDATE) public Result editAgency(@LoginUser TokenDto tokenDTO, @RequestBody EditAgencyFormDTO formDTO) { formDTO.setUserId(tokenDTO.getUserId()); ValidatorUtils.validateEntity(formDTO); diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/RoleController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/RoleController.java index c5ea7ed1d6..9958251e8f 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/RoleController.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/RoleController.java @@ -45,10 +45,23 @@ import java.util.Map; @RestController @RequestMapping("role") public class RoleController { - + @Autowired private RoleService roleService; + /** + * 根据客户ID查询该客户的角色列表 + * @param customerId + * @return + */ + @PostMapping("rolesbycustomer/{customerId}") + public Result listRolesByCustomer(@PathVariable("customerId") String customerId) { + List roleEntities = roleService.listRolesByCustomer(customerId); + return new Result().ok(roleEntities); + } + + + @GetMapping("page") public Result> page(@RequestParam Map params){ PageData page = roleService.page(params); diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/dao/RoleDao.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/dao/RoleDao.java index 9acbe1fd88..d175c919b1 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/dao/RoleDao.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/dao/RoleDao.java @@ -18,8 +18,12 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.RoleDTO; import com.epmet.entity.RoleEntity; import org.apache.ibatis.annotations.Mapper; +import org.apache.ibatis.annotations.Param; + +import java.util.List; /** * 角色表 @@ -38,4 +42,10 @@ public interface RoleDao extends BaseDao { */ RoleEntity selectRoleByKey(RoleEntity param); + /** + * 通过客户ID查询客户的角色列表 + * @param customerId + * @return + */ + List listRolesByCustomer(@Param("customerId") String customerId); } \ No newline at end of file diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/RoleService.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/RoleService.java index 72e055c4b1..d758c6a64b 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/RoleService.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/RoleService.java @@ -99,4 +99,6 @@ public interface RoleService extends BaseService { * @return RoleDTO */ RoleDTO getRoleByKey(RoleDTO role); + + List listRolesByCustomer(String customerId); } \ No newline at end of file diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/RoleServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/RoleServiceImpl.java index 24914ad22e..c95446d0dd 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/RoleServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/RoleServiceImpl.java @@ -107,4 +107,11 @@ public class RoleServiceImpl extends BaseServiceImpl implem return ConvertUtils.sourceToTarget(entity, RoleDTO.class); } + + + @Override + public List listRolesByCustomer(String customerId) { + return baseDao.listRolesByCustomer(customerId); + } + } \ No newline at end of file diff --git a/epmet-user/epmet-user-server/src/main/resources/mapper/RoleDao.xml b/epmet-user/epmet-user-server/src/main/resources/mapper/RoleDao.xml index 9a6be47188..38e35cf8c3 100644 --- a/epmet-user/epmet-user-server/src/main/resources/mapper/RoleDao.xml +++ b/epmet-user/epmet-user-server/src/main/resources/mapper/RoleDao.xml @@ -28,4 +28,10 @@ and DEL_FLAG = 0 + + \ No newline at end of file