1. 新增 permissionApi 查询当前用户权限级别的方法
This commit is contained in:
chenbowen
@@ -4,6 +4,7 @@ import com.zt.plat.framework.common.biz.system.permission.PermissionCommonApi;
|
||||
import com.zt.plat.framework.common.pojo.CommonResult;
|
||||
import com.zt.plat.module.system.api.permission.dto.*;
|
||||
import com.zt.plat.module.system.enums.ApiConstants;
|
||||
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import io.swagger.v3.oas.annotations.Parameter;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
@@ -50,4 +51,9 @@ public interface PermissionApi extends PermissionCommonApi {
|
||||
@Parameter(name = "userId", description = "用户编号", example = "1", required = true)
|
||||
CommonResult<Set<Long>> getUserRoleIdListByUserId(@RequestParam("userId") Long userId);
|
||||
|
||||
@GetMapping(PREFIX + "/user-data-permission-level")
|
||||
@Operation(summary = "获得用户的数据权限级别")
|
||||
@Parameter(name = "userId", description = "用户编号", example = "1", required = true)
|
||||
CommonResult<DataScopeEnum> getUserDataPermissionLevel(@RequestParam("userId") Long userId);
|
||||
|
||||
}
|
||||
@@ -1,10 +1,12 @@
|
||||
package com.zt.plat.module.system.enums.permission;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonValue;
|
||||
import com.zt.plat.framework.common.core.ArrayValuable;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Getter;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* 数据范围枚举类
|
||||
@@ -33,6 +35,26 @@ public enum DataScopeEnum implements ArrayValuable<Integer> {
|
||||
|
||||
public static final Integer[] ARRAYS = Arrays.stream(values()).map(DataScopeEnum::getScope).toArray(Integer[]::new);
|
||||
|
||||
/**
|
||||
* Jackson 序列化时输出整数 code,兼容旧客户端
|
||||
*/
|
||||
@JsonValue
|
||||
public Integer getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
public static DataScopeEnum findByScope(Integer scope) {
|
||||
if (scope == null) {
|
||||
return null;
|
||||
}
|
||||
for (DataScopeEnum value : values()) {
|
||||
if (Objects.equals(value.scope, scope)) {
|
||||
return value;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Integer[] array() {
|
||||
return ARRAYS;
|
||||
|
||||
@@ -6,6 +6,7 @@ import com.zt.plat.framework.common.util.object.BeanUtils;
|
||||
import com.zt.plat.module.system.api.permission.dto.*;
|
||||
import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleDataScopeReqVO;
|
||||
import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignUserRoleReqVO;
|
||||
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||
import com.zt.plat.module.system.service.permission.PermissionService;
|
||||
import org.springframework.context.annotation.Primary;
|
||||
import org.springframework.validation.annotation.Validated;
|
||||
@@ -65,6 +66,11 @@ public class PermissionApiImpl implements PermissionApi {
|
||||
return success(permissionService.getUserRoleIdListByUserIdFromCache(userId));
|
||||
}
|
||||
|
||||
@Override
|
||||
public CommonResult<DataScopeEnum> getUserDataPermissionLevel(Long userId) {
|
||||
return success(permissionService.getUserDataPermissionLevel(userId));
|
||||
}
|
||||
|
||||
@Override
|
||||
public CommonResult<Boolean> hasAnyPermissions(Long userId, String... permissions) {
|
||||
return success(permissionService.hasAnyPermissions(userId, permissions));
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package com.zt.plat.module.system.service.permission;
|
||||
|
||||
import com.zt.plat.framework.common.biz.system.permission.dto.DeptDataPermissionRespDTO;
|
||||
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Set;
|
||||
@@ -143,4 +144,12 @@ public interface PermissionService {
|
||||
*/
|
||||
DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
|
||||
|
||||
/**
|
||||
* 获得用户的数据权限级别
|
||||
*
|
||||
* @param userId 用户编号
|
||||
* @return 数据权限范围枚举
|
||||
*/
|
||||
DataScopeEnum getUserDataPermissionLevel(Long userId);
|
||||
|
||||
}
|
||||
|
||||
@@ -27,6 +27,7 @@ import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
|
||||
import com.zt.plat.module.system.service.dept.DeptService;
|
||||
import com.zt.plat.module.system.service.user.AdminUserService;
|
||||
import com.zt.plat.module.system.service.userdept.UserDeptService;
|
||||
import com.zt.plat.framework.tenant.core.aop.TenantIgnore;
|
||||
import jakarta.annotation.Resource;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -57,6 +58,15 @@ import static com.zt.plat.module.system.enums.ErrorCodeConstants.ROLE_CAN_NOT_UP
|
||||
@Slf4j
|
||||
public class PermissionServiceImpl implements PermissionService {
|
||||
|
||||
private static final List<DataScopeEnum> DATA_SCOPE_PRIORITY = Arrays.asList(
|
||||
DataScopeEnum.ALL,
|
||||
DataScopeEnum.COMPANY_AND_DEPT,
|
||||
DataScopeEnum.DEPT_AND_CHILD,
|
||||
DataScopeEnum.DEPT_ONLY,
|
||||
DataScopeEnum.DEPT_CUSTOM,
|
||||
DataScopeEnum.SELF
|
||||
);
|
||||
|
||||
@Resource
|
||||
private RoleMenuMapper roleMenuMapper;
|
||||
@Resource
|
||||
@@ -404,6 +414,40 @@ public class PermissionServiceImpl implements PermissionService {
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
@DataPermission(enable = false)
|
||||
@TenantIgnore
|
||||
public DataScopeEnum getUserDataPermissionLevel(Long userId) {
|
||||
List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
|
||||
if (CollUtil.isEmpty(roles)) {
|
||||
return DataScopeEnum.SELF;
|
||||
}
|
||||
|
||||
DataScopeEnum best = null;
|
||||
for (RoleDO role : roles) {
|
||||
DataScopeEnum scopeEnum = DataScopeEnum.findByScope(role.getDataScope());
|
||||
if (scopeEnum == null) {
|
||||
continue;
|
||||
}
|
||||
if (best == null || compareScope(scopeEnum, best) < 0) {
|
||||
best = scopeEnum;
|
||||
if (DataScopeEnum.ALL.equals(best)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return best != null ? best : DataScopeEnum.SELF;
|
||||
}
|
||||
|
||||
private int compareScope(DataScopeEnum left, DataScopeEnum right) {
|
||||
return getScopePriority(left) - getScopePriority(right);
|
||||
}
|
||||
|
||||
private int getScopePriority(DataScopeEnum scope) {
|
||||
int idx = DATA_SCOPE_PRIORITY.indexOf(scope);
|
||||
return idx >= 0 ? idx : Integer.MAX_VALUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获得自身的代理对象,解决 AOP 生效问题
|
||||
*
|
||||
|
||||
@@ -1,7 +1,9 @@
|
||||
package com.zt.plat.module.system.service.permission;
|
||||
|
||||
import com.zt.plat.framework.common.exception.ServiceException;
|
||||
import com.zt.plat.framework.common.enums.CommonStatusEnum;
|
||||
import com.zt.plat.framework.test.core.ut.BaseDbUnitTest;
|
||||
import com.zt.plat.framework.common.util.json.JsonUtils;
|
||||
import com.zt.plat.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
|
||||
import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
|
||||
import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
|
||||
@@ -11,6 +13,7 @@ import com.zt.plat.module.system.dal.mysql.permission.RoleMapper;
|
||||
import com.zt.plat.module.system.dal.mysql.permission.RoleMenuMapper;
|
||||
import com.zt.plat.module.system.dal.mysql.permission.UserRoleMapper;
|
||||
import com.zt.plat.module.system.dal.mysql.rolemenuexclusion.RoleMenuExclusionMapper;
|
||||
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||
import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
|
||||
import com.zt.plat.module.system.service.dept.DeptService;
|
||||
import com.zt.plat.module.system.service.user.AdminUserService;
|
||||
@@ -408,4 +411,54 @@ public class PermissionServiceTest extends BaseDbUnitTest {
|
||||
assertEquals(1, exclusionDOS.size());
|
||||
assertEquals(101L, exclusionDOS.get(0).getMenuId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUserDataPermissionLevel_noRolesReturnSelf() {
|
||||
Long userId = 1000L;
|
||||
|
||||
DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
|
||||
|
||||
assertEquals(DataScopeEnum.SELF, result);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUserDataPermissionLevel_pickHighestPriority() {
|
||||
Long userId = 2000L;
|
||||
RoleDO roleCustom = randomPojo(RoleDO.class, o -> o
|
||||
.setStatus(CommonStatusEnum.ENABLE.getStatus())
|
||||
.setDataScope(DataScopeEnum.DEPT_CUSTOM.getScope())
|
||||
.setId(110L)
|
||||
.setTenantId(0L));
|
||||
roleMapper.insert(roleCustom);
|
||||
RoleDO roleCompany = randomPojo(RoleDO.class, o -> o
|
||||
.setStatus(CommonStatusEnum.ENABLE.getStatus())
|
||||
.setDataScope(DataScopeEnum.COMPANY_AND_DEPT.getScope())
|
||||
.setId(120L)
|
||||
.setTenantId(0L));
|
||||
roleMapper.insert(roleCompany);
|
||||
|
||||
userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleCustom.getId())));
|
||||
userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleCompany.getId())));
|
||||
|
||||
DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
|
||||
|
||||
assertEquals(DataScopeEnum.COMPANY_AND_DEPT, result);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testGetUserDataPermissionLevel_serializeAsNumber() {
|
||||
Long userId = 3000L;
|
||||
RoleDO roleAll = randomPojo(RoleDO.class, o -> o
|
||||
.setStatus(CommonStatusEnum.ENABLE.getStatus())
|
||||
.setDataScope(DataScopeEnum.ALL.getScope())
|
||||
.setId(210L)
|
||||
.setTenantId(0L));
|
||||
roleMapper.insert(roleAll);
|
||||
userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleAll.getId())));
|
||||
|
||||
DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
|
||||
|
||||
assertEquals(DataScopeEnum.ALL, result);
|
||||
assertEquals("1", JsonUtils.toJsonString(result));
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user