feat:qms权限组件-临时提交
This commit is contained in:
FCL
@@ -0,0 +1,78 @@
|
||||
package com.zt.plat.module.qms.core.aspect;
|
||||
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.alibaba.fastjson.parser.Feature;
|
||||
import com.fasterxml.jackson.core.JsonProcessingException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.zt.plat.framework.common.pojo.CommonResult;
|
||||
import com.zt.plat.framework.common.pojo.PageResult;
|
||||
import com.zt.plat.framework.security.core.LoginUser;
|
||||
import com.zt.plat.module.qms.core.aspect.annotation.Dict;
|
||||
import com.zt.plat.module.qms.core.aspect.annotation.QmsPermission;
|
||||
import com.zt.plat.module.qms.core.constant.CommonConstant;
|
||||
import com.zt.plat.module.qms.core.legend.LegendApi;
|
||||
import com.zt.plat.module.qms.core.legend.LegendConvertUtils;
|
||||
import com.zt.plat.module.qms.core.legend.vo.DictModel;
|
||||
import com.zt.plat.module.qms.framework.datapermission.QMSPermissionContextHolder;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
import org.aspectj.lang.ProceedingJoinPoint;
|
||||
import org.aspectj.lang.Signature;
|
||||
import org.aspectj.lang.annotation.Around;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
import org.aspectj.lang.annotation.Before;
|
||||
import org.aspectj.lang.annotation.Pointcut;
|
||||
import org.aspectj.lang.reflect.MethodSignature;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Lazy;
|
||||
import org.springframework.data.redis.core.RedisTemplate;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.*;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import static com.zt.plat.framework.security.core.util.SecurityFrameworkUtils.getLoginUser;
|
||||
import static com.zt.plat.module.qms.core.constant.CacheConstant.QMS_DICT_BIZ_CACHE;
|
||||
import static com.zt.plat.module.qms.core.constant.CacheConstant.QMS_DICT_TABLE_CACHE;
|
||||
import static com.zt.plat.module.qms.core.constant.DataTypeConstant.DICT_ANNOTATION_SPLIT;
|
||||
|
||||
@Aspect
|
||||
@Component
|
||||
@Slf4j
|
||||
public class QmsPermissionAspect {
|
||||
/**
|
||||
* 定义切点Pointcut
|
||||
*/
|
||||
@Pointcut("@annotation(com.zt.plat.module.qms.core.aspect.annotation.QmsPermission)")
|
||||
public void executeService() {
|
||||
}
|
||||
|
||||
@Before("executeService()")
|
||||
public void doBefore(JoinPoint point) throws Throwable {
|
||||
handleDataScope(point);
|
||||
}
|
||||
|
||||
private void handleDataScope(JoinPoint joinPoint){
|
||||
QmsPermission annotation = getAnnotationByJoinPoint(joinPoint);
|
||||
if(annotation == null)
|
||||
return;
|
||||
QMSPermissionContextHolder.setContext(true, annotation.deptDataRoleCodes(), annotation.moduleDataRoleCodes(), annotation.deptIdColumn(), annotation.userIdColumn(), annotation.custom());
|
||||
}
|
||||
|
||||
private QmsPermission getAnnotationByJoinPoint(JoinPoint joinPoint) {
|
||||
Signature signature = joinPoint.getSignature();
|
||||
MethodSignature methodSignature = (MethodSignature) signature;
|
||||
Method method = methodSignature.getMethod();
|
||||
|
||||
if (method != null) {
|
||||
return method.getAnnotation(QmsPermission.class);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,27 @@
|
||||
package com.zt.plat.module.qms.core.aspect.annotation;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Target(ElementType.METHOD)
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface QmsPermission {
|
||||
|
||||
boolean enable() default true; //默认开启
|
||||
|
||||
//部门数据查看权限
|
||||
String deptDataRoleCodes() default ""; //指定部门数据查看角色,多值半角逗号分隔
|
||||
|
||||
//模块数据权限-具有此角色可查看本模块所有数据
|
||||
String moduleDataRoleCodes() default "ytjyAdmin"; //指定所有数据查看角色,多值半角逗号分隔
|
||||
|
||||
String deptIdColumn() default "DEPT_ID"; //部门id列
|
||||
|
||||
String userIdColumn() default "CREATOR"; //人员id列
|
||||
|
||||
//todo 考虑支持模块自定义扩展。参数传入表达式,通过表达式计算权限
|
||||
String custom() default "";
|
||||
|
||||
}
|
||||
@@ -0,0 +1,32 @@
|
||||
package com.zt.plat.module.qms.framework.datapermission;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import lombok.Data;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
@Schema(description = "QMS的数据权限 Response DTO")
|
||||
@Data
|
||||
public class QMSDataPermissionDTO {
|
||||
|
||||
@Schema(description = "是否可查看全部数据", requiredMode = Schema.RequiredMode.REQUIRED, example = "true")
|
||||
private Boolean all;
|
||||
|
||||
@Schema(description = "是否可查看自己的数据", requiredMode = Schema.RequiredMode.REQUIRED, example = "true")
|
||||
private Boolean self;
|
||||
|
||||
@Schema(description = "可查看的部门编号数组", requiredMode = Schema.RequiredMode.REQUIRED, example = "[1, 3]")
|
||||
private Set<Long> deptIds;
|
||||
|
||||
@Schema(description = "可查看的公司编号数组", requiredMode = Schema.RequiredMode.REQUIRED, example = "[1, 3]")
|
||||
private Long companyId;
|
||||
|
||||
public QMSDataPermissionDTO() {
|
||||
this.all = false;
|
||||
this.self = false;
|
||||
this.deptIds = new HashSet<>();
|
||||
this.companyId = 0L;
|
||||
}
|
||||
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,81 @@
|
||||
package com.zt.plat.module.qms.framework.datapermission;
|
||||
|
||||
import com.alibaba.ttl.TransmittableThreadLocal;
|
||||
|
||||
|
||||
public class QMSPermissionContextHolder {
|
||||
// 是否启用
|
||||
private static final ThreadLocal<Boolean> enable = new TransmittableThreadLocal<>();
|
||||
|
||||
private static final ThreadLocal<String> deptDataRoleCodes = new TransmittableThreadLocal<>(); //部门数据查看权限
|
||||
private static final ThreadLocal<String> moduleDataRoleCodes = new TransmittableThreadLocal<>(); //模块数据权限
|
||||
private static final ThreadLocal<String> deptIdColumn = new TransmittableThreadLocal<>(); //部门id列
|
||||
private static final ThreadLocal<String> userIdColumn = new TransmittableThreadLocal<>(); //人员id列
|
||||
private static final ThreadLocal<String> custom = new TransmittableThreadLocal<>(); //人员id列
|
||||
|
||||
public static void setEnable(Boolean ignore) {
|
||||
enable.set(ignore);
|
||||
}
|
||||
|
||||
public static boolean shouldExecute() {
|
||||
return Boolean.TRUE.equals(enable.get());
|
||||
}
|
||||
|
||||
public static void setContext(boolean enable, String deptDataRoleCode, String moduleDataRoleCode, String deptIdColumn, String userIdColumn, String custom){
|
||||
QMSPermissionContextHolder.setEnable(enable);
|
||||
QMSPermissionContextHolder.deptDataRoleCodes.set(deptDataRoleCode);
|
||||
QMSPermissionContextHolder.moduleDataRoleCodes.set(moduleDataRoleCode);
|
||||
QMSPermissionContextHolder.deptIdColumn.set(deptIdColumn);
|
||||
QMSPermissionContextHolder.userIdColumn.set(userIdColumn);
|
||||
QMSPermissionContextHolder.custom.set(custom);
|
||||
}
|
||||
|
||||
public static void setDeptDataRoleCode(String deptDataRoleCode) {
|
||||
QMSPermissionContextHolder.deptDataRoleCodes.set(deptDataRoleCode);
|
||||
}
|
||||
public static String getDeptDataRoleCode() {
|
||||
return deptDataRoleCodes.get();
|
||||
}
|
||||
|
||||
public static void setModuleDataRoleCodes(String moduleDataRoleCodes) {
|
||||
QMSPermissionContextHolder.moduleDataRoleCodes.set(moduleDataRoleCodes);
|
||||
}
|
||||
public static String getModuleDataRoleCodes() {
|
||||
return moduleDataRoleCodes.get();
|
||||
}
|
||||
|
||||
public static void setDeptIdColumn(String deptIdColumn) {
|
||||
QMSPermissionContextHolder.deptIdColumn.set(deptIdColumn);
|
||||
}
|
||||
public static String getDeptIdColumn() {
|
||||
if(deptIdColumn.get() == null || deptIdColumn.get().length() == 0)
|
||||
return "DEPT_ID";
|
||||
return deptIdColumn.get();
|
||||
}
|
||||
|
||||
public static void setUserIdColumn(String userIdColumn) {
|
||||
QMSPermissionContextHolder.userIdColumn.set(userIdColumn);
|
||||
}
|
||||
public static String getUserIdColumn() {
|
||||
if(userIdColumn.get() == null || userIdColumn.get().length() == 0)
|
||||
return "CREATOR";
|
||||
return userIdColumn.get();
|
||||
}
|
||||
|
||||
public static void setCustom(String custom) {
|
||||
QMSPermissionContextHolder.custom.set(custom);
|
||||
}
|
||||
public static String getCustom() {
|
||||
return custom.get();
|
||||
}
|
||||
|
||||
public static void clear() {
|
||||
enable.remove();
|
||||
deptDataRoleCodes.remove();
|
||||
moduleDataRoleCodes.remove();
|
||||
deptIdColumn.remove();
|
||||
userIdColumn.remove();
|
||||
custom.remove();
|
||||
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,42 @@
|
||||
package com.zt.plat.module.qms.framework.mybatis;
|
||||
|
||||
|
||||
import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
|
||||
import com.baomidou.mybatisplus.extension.plugins.inner.DataPermissionInterceptor;
|
||||
import com.baomidou.mybatisplus.extension.plugins.inner.InnerInterceptor;
|
||||
import com.zt.plat.module.qms.framework.datapermission.QMSMultiDataPermissionHandler;
|
||||
import jakarta.annotation.PostConstruct;
|
||||
import org.aspectj.lang.annotation.After;
|
||||
import org.springframework.beans.factory.SmartInitializingSingleton;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
//@Configuration
|
||||
public class QMSDataPermissionConfig implements SmartInitializingSingleton {
|
||||
@Autowired
|
||||
private MybatisPlusInterceptor mybatisPlusInterceptor;
|
||||
|
||||
@Autowired
|
||||
private QMSMultiDataPermissionHandler qmsMultiDataPermissionHandler;
|
||||
|
||||
@Override
|
||||
public void afterSingletonsInstantiated() {
|
||||
List<InnerInterceptor> interceptors = mybatisPlusInterceptor.getInterceptors();
|
||||
// 避免重复注册
|
||||
boolean exists = interceptors.stream()
|
||||
.filter(i -> i instanceof DataPermissionInterceptor)
|
||||
.map(i -> (DataPermissionInterceptor) i)
|
||||
.anyMatch(i -> i.getDataPermissionHandler() == qmsMultiDataPermissionHandler);
|
||||
if (!exists) {
|
||||
mybatisPlusInterceptor.addInnerInterceptor(new DataPermissionInterceptor(qmsMultiDataPermissionHandler));
|
||||
}
|
||||
}
|
||||
|
||||
// @PostConstruct
|
||||
// public void addDataPermissionInterceptor() {
|
||||
//
|
||||
// }
|
||||
|
||||
}
|
||||
@@ -100,7 +100,6 @@ public class DeviceApplyController extends AbstractFileUploadController implemen
|
||||
|
||||
@GetMapping("/page")
|
||||
@Operation(summary = "获得设备通用流程,验收、降级、停用、报废、还原、启用分页")
|
||||
@PreAuthorize("@ss.hasPermission('qms:device-apply:query')")
|
||||
public CommonResult<PageResult<DeviceApplyRespVO>> getDeviceApplyPage(@Valid DeviceApplyPageReqVO pageReqVO) {
|
||||
PageResult<DeviceApplyDO> pageResult = deviceApplyService.getDeviceApplyPage(pageReqVO);
|
||||
return success(BeanUtils.toBean(pageResult, DeviceApplyRespVO.class));
|
||||
|
||||
@@ -97,7 +97,6 @@ public class DeviceConfigFlowController implements BusinessControllerMarker {
|
||||
|
||||
@GetMapping("/page")
|
||||
@Operation(summary = "获得设备通用流程配置分页")
|
||||
@PreAuthorize("@ss.hasPermission('qms:device-config-flow:query')")
|
||||
public CommonResult<PageResult<DeviceConfigFlowRespVO>> getDeviceConfigFlowPage(@Valid DeviceConfigFlowPageReqVO pageReqVO) {
|
||||
PageResult<DeviceConfigFlowDO> pageResult = deviceConfigFlowService.getDeviceConfigFlowPage(pageReqVO);
|
||||
return success(BeanUtils.toBean(pageResult, DeviceConfigFlowRespVO.class));
|
||||
|
||||
@@ -122,7 +122,7 @@ public class DeviceProductController extends AbstractFileUploadController implem
|
||||
|
||||
@GetMapping("/page")
|
||||
@Operation(summary = "获得设备-设备大类分页")
|
||||
@PreAuthorize("@ss.hasPermission('resource:device-product:query')")
|
||||
// @PreAuthorize("@ss.hasPermission('resource:device-product:query')")
|
||||
public CommonResult<PageResult<DeviceProductRespVO>> getDeviceProductPage(@Valid DeviceProductPageReqVO pageReqVO) {
|
||||
PageResult<DeviceProductDO> pageResult = deviceProductService.getDeviceProductPage(pageReqVO);
|
||||
return success(BeanUtils.toBean(pageResult, DeviceProductRespVO.class));
|
||||
|
||||
@@ -3,6 +3,7 @@ package com.zt.plat.module.qms.resource.device.dal.mapper;
|
||||
import com.zt.plat.framework.common.pojo.PageResult;
|
||||
import com.zt.plat.framework.mybatis.core.query.LambdaQueryWrapperX;
|
||||
import com.zt.plat.framework.mybatis.core.mapper.BaseMapperX;
|
||||
import com.zt.plat.module.qms.core.aspect.annotation.QmsPermission;
|
||||
import com.zt.plat.module.qms.resource.device.controller.vo.DeviceApplyPageReqVO;
|
||||
import com.zt.plat.module.qms.resource.device.dal.dataobject.DeviceApplyDO;
|
||||
import org.apache.ibatis.annotations.Mapper;
|
||||
@@ -15,9 +16,10 @@ import org.apache.ibatis.annotations.Mapper;
|
||||
@Mapper
|
||||
public interface DeviceApplyMapper extends BaseMapperX<DeviceApplyDO> {
|
||||
|
||||
@QmsPermission
|
||||
default PageResult<DeviceApplyDO> selectPage(DeviceApplyPageReqVO reqVO) {
|
||||
return selectPage(reqVO, new LambdaQueryWrapperX<DeviceApplyDO>()
|
||||
.likeIfPresent(DeviceApplyDO::getBusinessName, reqVO.getBusinessName())
|
||||
LambdaQueryWrapperX<DeviceApplyDO> wrapper = new LambdaQueryWrapperX<>();
|
||||
wrapper.likeIfPresent(DeviceApplyDO::getBusinessName, reqVO.getBusinessName())
|
||||
.likeIfPresent(DeviceApplyDO::getApplyDepartmentName, reqVO.getApplyDepartmentName())
|
||||
.eqIfPresent(DeviceApplyDO::getApplyDepartment, reqVO.getApplyDepartment())
|
||||
.likeIfPresent(DeviceApplyDO::getApplyUserName, reqVO.getApplyUserName())
|
||||
@@ -39,7 +41,8 @@ public interface DeviceApplyMapper extends BaseMapperX<DeviceApplyDO> {
|
||||
.eqIfPresent(DeviceApplyDO::getSystemDepartmentCode, reqVO.getSystemDepartmentCode())
|
||||
.eqIfPresent(DeviceApplyDO::getRemark, reqVO.getRemark())
|
||||
.betweenIfPresent(DeviceApplyDO::getCreateTime, reqVO.getCreateTime())
|
||||
.orderByDesc(DeviceApplyDO::getId));
|
||||
.orderByDesc(DeviceApplyDO::getId);
|
||||
return selectPage(reqVO, wrapper);
|
||||
}
|
||||
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user