1. 新增 permissionApi 查询当前用户权限级别的方法
This commit is contained in:
chenbowen
@@ -4,6 +4,7 @@ import com.zt.plat.framework.common.biz.system.permission.PermissionCommonApi;
|
|||||||
import com.zt.plat.framework.common.pojo.CommonResult;
|
import com.zt.plat.framework.common.pojo.CommonResult;
|
||||||
import com.zt.plat.module.system.api.permission.dto.*;
|
import com.zt.plat.module.system.api.permission.dto.*;
|
||||||
import com.zt.plat.module.system.enums.ApiConstants;
|
import com.zt.plat.module.system.enums.ApiConstants;
|
||||||
|
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||||
import io.swagger.v3.oas.annotations.Parameter;
|
import io.swagger.v3.oas.annotations.Parameter;
|
||||||
import io.swagger.v3.oas.annotations.Operation;
|
import io.swagger.v3.oas.annotations.Operation;
|
||||||
@@ -50,4 +51,9 @@ public interface PermissionApi extends PermissionCommonApi {
|
|||||||
@Parameter(name = "userId", description = "用户编号", example = "1", required = true)
|
@Parameter(name = "userId", description = "用户编号", example = "1", required = true)
|
||||||
CommonResult<Set<Long>> getUserRoleIdListByUserId(@RequestParam("userId") Long userId);
|
CommonResult<Set<Long>> getUserRoleIdListByUserId(@RequestParam("userId") Long userId);
|
||||||
|
|
||||||
|
@GetMapping(PREFIX + "/user-data-permission-level")
|
||||||
|
@Operation(summary = "获得用户的数据权限级别")
|
||||||
|
@Parameter(name = "userId", description = "用户编号", example = "1", required = true)
|
||||||
|
CommonResult<DataScopeEnum> getUserDataPermissionLevel(@RequestParam("userId") Long userId);
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -1,10 +1,12 @@
|
|||||||
package com.zt.plat.module.system.enums.permission;
|
package com.zt.plat.module.system.enums.permission;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.annotation.JsonValue;
|
||||||
import com.zt.plat.framework.common.core.ArrayValuable;
|
import com.zt.plat.framework.common.core.ArrayValuable;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
import java.util.Objects;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 数据范围枚举类
|
* 数据范围枚举类
|
||||||
@@ -33,6 +35,26 @@ public enum DataScopeEnum implements ArrayValuable<Integer> {
|
|||||||
|
|
||||||
public static final Integer[] ARRAYS = Arrays.stream(values()).map(DataScopeEnum::getScope).toArray(Integer[]::new);
|
public static final Integer[] ARRAYS = Arrays.stream(values()).map(DataScopeEnum::getScope).toArray(Integer[]::new);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Jackson 序列化时输出整数 code,兼容旧客户端
|
||||||
|
*/
|
||||||
|
@JsonValue
|
||||||
|
public Integer getScope() {
|
||||||
|
return scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static DataScopeEnum findByScope(Integer scope) {
|
||||||
|
if (scope == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
for (DataScopeEnum value : values()) {
|
||||||
|
if (Objects.equals(value.scope, scope)) {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Integer[] array() {
|
public Integer[] array() {
|
||||||
return ARRAYS;
|
return ARRAYS;
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import com.zt.plat.framework.common.util.object.BeanUtils;
|
|||||||
import com.zt.plat.module.system.api.permission.dto.*;
|
import com.zt.plat.module.system.api.permission.dto.*;
|
||||||
import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleDataScopeReqVO;
|
import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignRoleDataScopeReqVO;
|
||||||
import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignUserRoleReqVO;
|
import com.zt.plat.module.system.controller.admin.permission.vo.permission.PermissionAssignUserRoleReqVO;
|
||||||
|
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||||
import com.zt.plat.module.system.service.permission.PermissionService;
|
import com.zt.plat.module.system.service.permission.PermissionService;
|
||||||
import org.springframework.context.annotation.Primary;
|
import org.springframework.context.annotation.Primary;
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
@@ -65,6 +66,11 @@ public class PermissionApiImpl implements PermissionApi {
|
|||||||
return success(permissionService.getUserRoleIdListByUserIdFromCache(userId));
|
return success(permissionService.getUserRoleIdListByUserIdFromCache(userId));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public CommonResult<DataScopeEnum> getUserDataPermissionLevel(Long userId) {
|
||||||
|
return success(permissionService.getUserDataPermissionLevel(userId));
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public CommonResult<Boolean> hasAnyPermissions(Long userId, String... permissions) {
|
public CommonResult<Boolean> hasAnyPermissions(Long userId, String... permissions) {
|
||||||
return success(permissionService.hasAnyPermissions(userId, permissions));
|
return success(permissionService.hasAnyPermissions(userId, permissions));
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package com.zt.plat.module.system.service.permission;
|
package com.zt.plat.module.system.service.permission;
|
||||||
|
|
||||||
import com.zt.plat.framework.common.biz.system.permission.dto.DeptDataPermissionRespDTO;
|
import com.zt.plat.framework.common.biz.system.permission.dto.DeptDataPermissionRespDTO;
|
||||||
|
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
@@ -143,4 +144,12 @@ public interface PermissionService {
|
|||||||
*/
|
*/
|
||||||
DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
|
DeptDataPermissionRespDTO getDeptDataPermission(Long userId);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 获得用户的数据权限级别
|
||||||
|
*
|
||||||
|
* @param userId 用户编号
|
||||||
|
* @return 数据权限范围枚举
|
||||||
|
*/
|
||||||
|
DataScopeEnum getUserDataPermissionLevel(Long userId);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -27,6 +27,7 @@ import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
|
|||||||
import com.zt.plat.module.system.service.dept.DeptService;
|
import com.zt.plat.module.system.service.dept.DeptService;
|
||||||
import com.zt.plat.module.system.service.user.AdminUserService;
|
import com.zt.plat.module.system.service.user.AdminUserService;
|
||||||
import com.zt.plat.module.system.service.userdept.UserDeptService;
|
import com.zt.plat.module.system.service.userdept.UserDeptService;
|
||||||
|
import com.zt.plat.framework.tenant.core.aop.TenantIgnore;
|
||||||
import jakarta.annotation.Resource;
|
import jakarta.annotation.Resource;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
@@ -57,6 +58,15 @@ import static com.zt.plat.module.system.enums.ErrorCodeConstants.ROLE_CAN_NOT_UP
|
|||||||
@Slf4j
|
@Slf4j
|
||||||
public class PermissionServiceImpl implements PermissionService {
|
public class PermissionServiceImpl implements PermissionService {
|
||||||
|
|
||||||
|
private static final List<DataScopeEnum> DATA_SCOPE_PRIORITY = Arrays.asList(
|
||||||
|
DataScopeEnum.ALL,
|
||||||
|
DataScopeEnum.COMPANY_AND_DEPT,
|
||||||
|
DataScopeEnum.DEPT_AND_CHILD,
|
||||||
|
DataScopeEnum.DEPT_ONLY,
|
||||||
|
DataScopeEnum.DEPT_CUSTOM,
|
||||||
|
DataScopeEnum.SELF
|
||||||
|
);
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private RoleMenuMapper roleMenuMapper;
|
private RoleMenuMapper roleMenuMapper;
|
||||||
@Resource
|
@Resource
|
||||||
@@ -404,6 +414,40 @@ public class PermissionServiceImpl implements PermissionService {
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@DataPermission(enable = false)
|
||||||
|
@TenantIgnore
|
||||||
|
public DataScopeEnum getUserDataPermissionLevel(Long userId) {
|
||||||
|
List<RoleDO> roles = getEnableUserRoleListByUserIdFromCache(userId);
|
||||||
|
if (CollUtil.isEmpty(roles)) {
|
||||||
|
return DataScopeEnum.SELF;
|
||||||
|
}
|
||||||
|
|
||||||
|
DataScopeEnum best = null;
|
||||||
|
for (RoleDO role : roles) {
|
||||||
|
DataScopeEnum scopeEnum = DataScopeEnum.findByScope(role.getDataScope());
|
||||||
|
if (scopeEnum == null) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (best == null || compareScope(scopeEnum, best) < 0) {
|
||||||
|
best = scopeEnum;
|
||||||
|
if (DataScopeEnum.ALL.equals(best)) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return best != null ? best : DataScopeEnum.SELF;
|
||||||
|
}
|
||||||
|
|
||||||
|
private int compareScope(DataScopeEnum left, DataScopeEnum right) {
|
||||||
|
return getScopePriority(left) - getScopePriority(right);
|
||||||
|
}
|
||||||
|
|
||||||
|
private int getScopePriority(DataScopeEnum scope) {
|
||||||
|
int idx = DATA_SCOPE_PRIORITY.indexOf(scope);
|
||||||
|
return idx >= 0 ? idx : Integer.MAX_VALUE;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获得自身的代理对象,解决 AOP 生效问题
|
* 获得自身的代理对象,解决 AOP 生效问题
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
package com.zt.plat.module.system.service.permission;
|
package com.zt.plat.module.system.service.permission;
|
||||||
|
|
||||||
import com.zt.plat.framework.common.exception.ServiceException;
|
import com.zt.plat.framework.common.exception.ServiceException;
|
||||||
|
import com.zt.plat.framework.common.enums.CommonStatusEnum;
|
||||||
import com.zt.plat.framework.test.core.ut.BaseDbUnitTest;
|
import com.zt.plat.framework.test.core.ut.BaseDbUnitTest;
|
||||||
|
import com.zt.plat.framework.common.util.json.JsonUtils;
|
||||||
import com.zt.plat.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
|
import com.zt.plat.module.system.controller.admin.permission.vo.role.RoleSaveReqVO;
|
||||||
import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
|
import com.zt.plat.module.system.dal.dataobject.permission.RoleDO;
|
||||||
import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
|
import com.zt.plat.module.system.dal.dataobject.permission.RoleMenuDO;
|
||||||
@@ -11,6 +13,7 @@ import com.zt.plat.module.system.dal.mysql.permission.RoleMapper;
|
|||||||
import com.zt.plat.module.system.dal.mysql.permission.RoleMenuMapper;
|
import com.zt.plat.module.system.dal.mysql.permission.RoleMenuMapper;
|
||||||
import com.zt.plat.module.system.dal.mysql.permission.UserRoleMapper;
|
import com.zt.plat.module.system.dal.mysql.permission.UserRoleMapper;
|
||||||
import com.zt.plat.module.system.dal.mysql.rolemenuexclusion.RoleMenuExclusionMapper;
|
import com.zt.plat.module.system.dal.mysql.rolemenuexclusion.RoleMenuExclusionMapper;
|
||||||
|
import com.zt.plat.module.system.enums.permission.DataScopeEnum;
|
||||||
import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
|
import com.zt.plat.module.system.enums.permission.RoleTypeEnum;
|
||||||
import com.zt.plat.module.system.service.dept.DeptService;
|
import com.zt.plat.module.system.service.dept.DeptService;
|
||||||
import com.zt.plat.module.system.service.user.AdminUserService;
|
import com.zt.plat.module.system.service.user.AdminUserService;
|
||||||
@@ -408,4 +411,54 @@ public class PermissionServiceTest extends BaseDbUnitTest {
|
|||||||
assertEquals(1, exclusionDOS.size());
|
assertEquals(1, exclusionDOS.size());
|
||||||
assertEquals(101L, exclusionDOS.get(0).getMenuId());
|
assertEquals(101L, exclusionDOS.get(0).getMenuId());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserDataPermissionLevel_noRolesReturnSelf() {
|
||||||
|
Long userId = 1000L;
|
||||||
|
|
||||||
|
DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
|
||||||
|
|
||||||
|
assertEquals(DataScopeEnum.SELF, result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserDataPermissionLevel_pickHighestPriority() {
|
||||||
|
Long userId = 2000L;
|
||||||
|
RoleDO roleCustom = randomPojo(RoleDO.class, o -> o
|
||||||
|
.setStatus(CommonStatusEnum.ENABLE.getStatus())
|
||||||
|
.setDataScope(DataScopeEnum.DEPT_CUSTOM.getScope())
|
||||||
|
.setId(110L)
|
||||||
|
.setTenantId(0L));
|
||||||
|
roleMapper.insert(roleCustom);
|
||||||
|
RoleDO roleCompany = randomPojo(RoleDO.class, o -> o
|
||||||
|
.setStatus(CommonStatusEnum.ENABLE.getStatus())
|
||||||
|
.setDataScope(DataScopeEnum.COMPANY_AND_DEPT.getScope())
|
||||||
|
.setId(120L)
|
||||||
|
.setTenantId(0L));
|
||||||
|
roleMapper.insert(roleCompany);
|
||||||
|
|
||||||
|
userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleCustom.getId())));
|
||||||
|
userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleCompany.getId())));
|
||||||
|
|
||||||
|
DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
|
||||||
|
|
||||||
|
assertEquals(DataScopeEnum.COMPANY_AND_DEPT, result);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetUserDataPermissionLevel_serializeAsNumber() {
|
||||||
|
Long userId = 3000L;
|
||||||
|
RoleDO roleAll = randomPojo(RoleDO.class, o -> o
|
||||||
|
.setStatus(CommonStatusEnum.ENABLE.getStatus())
|
||||||
|
.setDataScope(DataScopeEnum.ALL.getScope())
|
||||||
|
.setId(210L)
|
||||||
|
.setTenantId(0L));
|
||||||
|
roleMapper.insert(roleAll);
|
||||||
|
userRoleMapper.insert(randomPojo(UserRoleDO.class, o -> o.setUserId(userId).setRoleId(roleAll.getId())));
|
||||||
|
|
||||||
|
DataScopeEnum result = permissionService.getUserDataPermissionLevel(userId);
|
||||||
|
|
||||||
|
assertEquals(DataScopeEnum.ALL, result);
|
||||||
|
assertEquals("1", JsonUtils.toJsonString(result));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user