feat:数据权限修改。增加qms数据权限注解
This commit is contained in:
FCL
@@ -40,4 +40,12 @@ public interface PermissionCommonApi {
|
|||||||
@Parameter(name = "userId", description = "用户编号", example = "2", required = true)
|
@Parameter(name = "userId", description = "用户编号", example = "2", required = true)
|
||||||
CommonResult<DeptDataPermissionRespDTO> getDeptDataPermission(@RequestParam("userId") Long userId);
|
CommonResult<DeptDataPermissionRespDTO> getDeptDataPermission(@RequestParam("userId") Long userId);
|
||||||
|
|
||||||
|
@GetMapping(PREFIX + "/get-dept-data-permission-with-roleCodes")
|
||||||
|
@Operation(summary = "获得登陆用户的部门数据权限")
|
||||||
|
@Parameters({
|
||||||
|
@Parameter(name = "userId", description = "用户编号", example = "2", required = true),
|
||||||
|
@Parameter(name = "roleCodes", description = "角色编码", example = "2", required = true)
|
||||||
|
})
|
||||||
|
CommonResult<DeptDataPermissionRespDTO> getDeptDataPermissionWithRoleCodes(@RequestParam("userId") Long userId, @RequestParam("roleCodes") String roleCodes);
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -2,6 +2,8 @@ package com.zt.plat.framework.tenant.core.context;
|
|||||||
|
|
||||||
import com.alibaba.ttl.TransmittableThreadLocal;
|
import com.alibaba.ttl.TransmittableThreadLocal;
|
||||||
|
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 部门上下文 Holder,使用 {@link TransmittableThreadLocal} 支持在线程池/异步场景下的上下文传递。
|
* 部门上下文 Holder,使用 {@link TransmittableThreadLocal} 支持在线程池/异步场景下的上下文传递。
|
||||||
*
|
*
|
||||||
@@ -15,6 +17,8 @@ public class DeptContextHolder {
|
|||||||
private static final ThreadLocal<Long> COMPANY_ID = new TransmittableThreadLocal<>();
|
private static final ThreadLocal<Long> COMPANY_ID = new TransmittableThreadLocal<>();
|
||||||
/** 是否忽略部门数据权限 */
|
/** 是否忽略部门数据权限 */
|
||||||
private static final ThreadLocal<Boolean> IGNORE = new TransmittableThreadLocal<>();
|
private static final ThreadLocal<Boolean> IGNORE = new TransmittableThreadLocal<>();
|
||||||
|
/** 角色编码列表 */
|
||||||
|
private static final ThreadLocal<List<String>> ROLE_CODE_LIST = new TransmittableThreadLocal<>();
|
||||||
|
|
||||||
public static Long getDeptId() {
|
public static Long getDeptId() {
|
||||||
return DEPT_ID.get();
|
return DEPT_ID.get();
|
||||||
@@ -32,6 +36,12 @@ public class DeptContextHolder {
|
|||||||
COMPANY_ID.set(companyId);
|
COMPANY_ID.set(companyId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void setContext(Long deptId, Long companyId, List<String> roleCodeList) {
|
||||||
|
DEPT_ID.set(deptId);
|
||||||
|
COMPANY_ID.set(companyId);
|
||||||
|
ROLE_CODE_LIST.set(roleCodeList);
|
||||||
|
}
|
||||||
|
|
||||||
public static void setDeptId(Long deptId) {
|
public static void setDeptId(Long deptId) {
|
||||||
DEPT_ID.set(deptId);
|
DEPT_ID.set(deptId);
|
||||||
}
|
}
|
||||||
@@ -53,9 +63,21 @@ public class DeptContextHolder {
|
|||||||
return Boolean.TRUE.equals(IGNORE.get());
|
return Boolean.TRUE.equals(IGNORE.get());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static void setRoleCodeList(List<String> roleCodeList) {
|
||||||
|
ROLE_CODE_LIST.set(roleCodeList);
|
||||||
|
}
|
||||||
|
public static List<String> getRoleCodeList() {
|
||||||
|
return ROLE_CODE_LIST.get();
|
||||||
|
}
|
||||||
|
public static void clearRoleCodeList(){
|
||||||
|
ROLE_CODE_LIST.remove();
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
public static void clear() {
|
public static void clear() {
|
||||||
DEPT_ID.remove();
|
DEPT_ID.remove();
|
||||||
COMPANY_ID.remove();
|
COMPANY_ID.remove();
|
||||||
IGNORE.remove();
|
IGNORE.remove();
|
||||||
|
ROLE_CODE_LIST.remove();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -86,4 +86,8 @@ public class PermissionApiImpl implements PermissionApi {
|
|||||||
return success(permissionService.getDeptDataPermission(userId));
|
return success(permissionService.getDeptDataPermission(userId));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CommonResult<DeptDataPermissionRespDTO> getDeptDataPermissionWithRoleCodes(Long userId, String roleCodes) {
|
||||||
|
return success(permissionService.getDeptDataPermissionWithRoleCodes(userId, roleCodes));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -143,6 +143,7 @@ public interface PermissionService {
|
|||||||
* @return 部门数据权限
|
* @return 部门数据权限
|
||||||
*/
|
*/
|
||||||
DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
|
DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
|
||||||
|
DeptDataPermissionRespDTO getDeptDataPermissionWithRoleCodes(Long userId, String roleCodes);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获得用户的数据权限级别
|
* 获得用户的数据权限级别
|
||||||
|
|||||||
@@ -3,6 +3,7 @@ package com.zt.plat.module.system.service.permission;
|
|||||||
import cn.hutool.core.collection.CollUtil;
|
import cn.hutool.core.collection.CollUtil;
|
||||||
import cn.hutool.core.collection.CollectionUtil;
|
import cn.hutool.core.collection.CollectionUtil;
|
||||||
import cn.hutool.core.util.ArrayUtil;
|
import cn.hutool.core.util.ArrayUtil;
|
||||||
|
import cn.hutool.core.util.ObjectUtil;
|
||||||
import cn.hutool.extra.spring.SpringUtil;
|
import cn.hutool.extra.spring.SpringUtil;
|
||||||
import com.baomidou.dynamic.datasource.annotation.DSTransactional;
|
import com.baomidou.dynamic.datasource.annotation.DSTransactional;
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
@@ -12,6 +13,7 @@ import com.zt.plat.framework.common.biz.system.permission.dto.DeptDataPermission
|
|||||||
import com.zt.plat.framework.common.enums.CommonStatusEnum;
|
import com.zt.plat.framework.common.enums.CommonStatusEnum;
|
||||||
import com.zt.plat.framework.common.util.collection.CollectionUtils;
|
import com.zt.plat.framework.common.util.collection.CollectionUtils;
|
||||||
import com.zt.plat.framework.datapermission.core.annotation.DataPermission;
|
import com.zt.plat.framework.datapermission.core.annotation.DataPermission;
|
||||||
|
import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
|
||||||
import com.zt.plat.module.system.dal.dataobject.permission.MenuDO;
|
import com.zt.plat.module.system.dal.dataobject.permission.MenuDO;
|
||||||
import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
|
import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
|
||||||
import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
|
import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
|
||||||
@@ -43,8 +45,8 @@ import java.util.function.Supplier;
|
|||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
import static com.zt.plat.framework.common.exception.util.ServiceExceptionUtil.exception;
|
import static com.zt.plat.framework.common.exception.util.ServiceExceptionUtil.exception;
|
||||||
import static com.zt.plat.framework.common.util.collection.CollectionUtils.convertSet;
|
import static com.zt.plat.framework.common.pojo.CommonResult.success;
|
||||||
import static com.zt.plat.framework.common.util.collection.CollectionUtils.singleton;
|
import static com.zt.plat.framework.common.util.collection.CollectionUtils.*;
|
||||||
import static com.zt.plat.framework.common.util.json.JsonUtils.toJsonString;
|
import static com.zt.plat.framework.common.util.json.JsonUtils.toJsonString;
|
||||||
import static com.zt.plat.framework.security.core.util.SecurityFrameworkUtils.getLoginUserId;
|
import static com.zt.plat.framework.security.core.util.SecurityFrameworkUtils.getLoginUserId;
|
||||||
import static com.zt.plat.module.system.enums.ErrorCodeConstants.ROLE_CAN_NOT_UPDATE_NORMAL_TYPE_ROLE;
|
import static com.zt.plat.module.system.enums.ErrorCodeConstants.ROLE_CAN_NOT_UPDATE_NORMAL_TYPE_ROLE;
|
||||||
@@ -347,6 +349,12 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
// 获得用户的角色
|
// 获得用户的角色
|
||||||
List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
|
List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
|
||||||
|
|
||||||
|
//使用上下文角色编码过滤
|
||||||
|
List<String> contextRoleCodes = DeptContextHolder.getRoleCodeList();
|
||||||
|
if(!CollectionUtil.isEmpty(contextRoleCodes)){
|
||||||
|
roles = roles.stream().filter(role -> contextRoleCodes.contains(role.getCode())).collect(Collectors.toList());
|
||||||
|
}
|
||||||
|
|
||||||
// 获得用户的部门编号的缓存,通过 Guava 的 Suppliers 惰性求值,即有且仅有第一次发起 DB 的查询
|
// 获得用户的部门编号的缓存,通过 Guava 的 Suppliers 惰性求值,即有且仅有第一次发起 DB 的查询
|
||||||
Supplier<Set<Long>> userDeptIds = Suppliers.memoize(() -> {
|
Supplier<Set<Long>> userDeptIds = Suppliers.memoize(() -> {
|
||||||
List<UserDeptDO> validUserDeptListByUserId = userDeptService.getValidUserDeptListByUserIds(singleton(userId));
|
List<UserDeptDO> validUserDeptListByUserId = userDeptService.getValidUserDeptListByUserIds(singleton(userId));
|
||||||
@@ -414,6 +422,26 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public DeptDataPermissionRespDTO getDeptDataPermissionWithRoleCodes(Long userId, String roleCodes) {
|
||||||
|
// 获得用户的角色
|
||||||
|
List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
|
||||||
|
if(ObjectUtil.isEmpty(roleCodes))
|
||||||
|
return getDeptDataPermission(userId);
|
||||||
|
List<String> roleCodesList = Arrays.asList(roleCodes.split(","));
|
||||||
|
if(CollectionUtil.isEmpty(roles))
|
||||||
|
return getDeptDataPermission(userId);
|
||||||
|
DeptContextHolder.setRoleCodeList(roleCodesList);
|
||||||
|
try{
|
||||||
|
return getDeptDataPermission(userId);
|
||||||
|
}catch (Exception e){
|
||||||
|
log.error("getDeptDataPermission-- error ", e);
|
||||||
|
}finally {
|
||||||
|
DeptContextHolder.clearRoleCodeList();
|
||||||
|
}
|
||||||
|
return getDeptDataPermission(userId);
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@DataPermission(enable = false)
|
@DataPermission(enable = false)
|
||||||
@TenantIgnore
|
@TenantIgnore
|
||||||
|
|||||||
Reference in New Issue
Block a user