1. 新增 dept 类型的全局上下文权限

2025-12-22 19:32:04 +08:00
parent 02208869f0
commit 5a2ff28c6f
5 changed files with 276 additions and 2 deletions
--- a/zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/context/DeptContextHolder.java
+++ b/zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/context/DeptContextHolder.java
@@ -0,0 +1,61 @@
+package com.zt.plat.framework.tenant.core.context;
+
+import com.alibaba.ttl.TransmittableThreadLocal;
+
+/**
+ * 部门上下文 Holder，使用 {@link TransmittableThreadLocal} 支持在线程池/异步场景下的上下文传递。
+ *
+ * 包含当前部门编号、所属公司编号以及是否忽略部门数据权限的标识。
+ */
+public class DeptContextHolder {
+
+    /** 当前部门编号 */
+    private static final ThreadLocal<Long> DEPT_ID = new TransmittableThreadLocal<>();
+    /** 当前部门所属公司编号（用于一致性校验） */
+    private static final ThreadLocal<Long> COMPANY_ID = new TransmittableThreadLocal<>();
+    /** 是否忽略部门数据权限 */
+    private static final ThreadLocal<Boolean> IGNORE = new TransmittableThreadLocal<>();
+
+    public static Long getDeptId() {
+        return DEPT_ID.get();
+    }
+
+    public static Long getCompanyId() {
+        return COMPANY_ID.get();
+    }
+
+    /**
+     * 设置部门与所属公司编号。
+     */
+    public static void setContext(Long deptId, Long companyId) {
+        DEPT_ID.set(deptId);
+        COMPANY_ID.set(companyId);
+    }
+
+    public static void setDeptId(Long deptId) {
+        DEPT_ID.set(deptId);
+    }
+
+    public static void setCompanyId(Long companyId) {
+        COMPANY_ID.set(companyId);
+    }
+
+    public static boolean hasDeptId() {
+        Long deptId = DEPT_ID.get();
+        return deptId != null && deptId > 0L;
+    }
+
+    public static void setIgnore(Boolean ignore) {
+        IGNORE.set(ignore);
+    }
+
+    public static boolean shouldIgnore() {
+        return Boolean.TRUE.equals(IGNORE.get());
+    }
+
+    public static void clear() {
+        DEPT_ID.remove();
+        COMPANY_ID.remove();
+        IGNORE.remove();
+    }
+}
--- a/zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/web/CompanyVisitContextInterceptor.java
+++ b/zt-framework/zt-spring-boot-starter-biz-tenant/src/main/java/com/zt/plat/framework/tenant/core/web/CompanyVisitContextInterceptor.java
@@ -3,6 +3,7 @@ package com.zt.plat.framework.tenant.core.web;
 import com.zt.plat.framework.security.core.LoginUser;
 import com.zt.plat.framework.security.core.util.SecurityFrameworkUtils;
 import com.zt.plat.framework.tenant.core.context.CompanyContextHolder;
+import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
 import com.zt.plat.framework.web.core.util.WebFrameworkUtils;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -66,11 +67,19 @@ public class CompanyVisitContextInterceptor implements HandlerInterceptor {

        if (companyId == null || companyId <= 0L) {
            CompanyContextHolder.setIgnore(true);
+            DeptContextHolder.clear();
            return true;
        }

        CompanyContextHolder.setIgnore(false);
        CompanyContextHolder.setCompanyId(companyId);
+        // 默认不忽略部门数据权限；如果有有效部门则写入上下文
+        DeptContextHolder.setIgnore(false);
+        if (deptId != null && deptId > 0L) {
+            DeptContextHolder.setContext(deptId, companyId);
+        } else {
+            DeptContextHolder.clear();
+        }
        if (loginUser == null) {
            return true;
        }
@@ -91,7 +100,9 @@ public class CompanyVisitContextInterceptor implements HandlerInterceptor {
        LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
        if (loginUser != null) {
            loginUser.setVisitCompanyId(0L);
+            loginUser.setVisitDeptId(0L);
        }
+        DeptContextHolder.clear();
    }

    private Long resolveLong(Object value) {
--- a/zt-framework/zt-spring-boot-starter-biz-tenant/src/test/java/com/zt/plat/framework/tenant/core/web/CompanyVisitContextInterceptorTest.java
+++ b/zt-framework/zt-spring-boot-starter-biz-tenant/src/test/java/com/zt/plat/framework/tenant/core/web/CompanyVisitContextInterceptorTest.java
@@ -0,0 +1,88 @@
+package com.zt.plat.framework.tenant.core.web;
+
+import com.zt.plat.framework.security.core.LoginUser;
+import com.zt.plat.framework.tenant.core.context.CompanyContextHolder;
+import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+/**
+ * CompanyVisitContextInterceptor 单测，覆盖公司/部门上下文写入及清理。
+ */
+class CompanyVisitContextInterceptorTest {
+
+    private final HandlerInterceptor interceptor = new CompanyVisitContextInterceptor();
+
+    @AfterEach
+    void tearDown() {
+        CompanyContextHolder.clear();
+        DeptContextHolder.clear();
+        SecurityContextHolder.clearContext();
+    }
+
+    @Test // 无公司 id：应 ignore，公司/部门上下文清空
+    void testPreHandle_noCompanyId_ignore() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+
+        boolean result = interceptor.preHandle(request, response, new Object());
+
+        assertTrue(result);
+        assertTrue(CompanyContextHolder.isIgnore());
+        assertNull(CompanyContextHolder.getCompanyId());
+        assertNull(DeptContextHolder.getDeptId());
+    }
+
+    @Test // 有公司无部门：写入公司，部门清空
+    void testPreHandle_companyOnly() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        LoginUser loginUser = new LoginUser();
+        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loginUser, null));
+        request.addHeader("visit-company-id", "11");
+
+        boolean result = interceptor.preHandle(request, response, new Object());
+
+        assertTrue(result);
+        assertFalse(CompanyContextHolder.isIgnore());
+        assertEquals(11L, CompanyContextHolder.getCompanyId());
+        assertFalse(DeptContextHolder.shouldIgnore());
+        assertNull(DeptContextHolder.getDeptId());
+        assertEquals(11L, loginUser.getVisitCompanyId());
+        assertNull(loginUser.getVisitDeptId());
+    }
+
+    @Test // 有公司+部门：写入公司、部门上下文，afterCompletion 清理 visitDeptId & holder
+    void testPreHandle_withCompanyAndDept_andAfterCompletionClear() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        LoginUser loginUser = new LoginUser();
+        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loginUser, null));
+        request.addHeader("visit-company-id", "22");
+        request.addHeader("visit-dept-id", "33");
+
+        boolean result = interceptor.preHandle(request, response, new Object());
+
+        assertTrue(result);
+        assertFalse(CompanyContextHolder.isIgnore());
+        assertEquals(22L, CompanyContextHolder.getCompanyId());
+        assertEquals(33L, DeptContextHolder.getDeptId());
+        assertEquals(22L, DeptContextHolder.getCompanyId());
+        assertEquals(22L, loginUser.getVisitCompanyId());
+        assertEquals(33L, loginUser.getVisitDeptId());
+
+        // afterCompletion: 清理 visitCompanyId/visitDeptId 与 holder
+        interceptor.afterCompletion(request, response, new Object(), null);
+        assertEquals(0L, loginUser.getVisitCompanyId());
+        assertEquals(0L, loginUser.getVisitDeptId());
+        assertNull(DeptContextHolder.getDeptId());
+        assertNull(DeptContextHolder.getCompanyId());
+    }
+}