Skip to content

T
test
Commit 7d5e22a5 authored by 雍欢's avatar 雍欢
Browse files
Options

实现引用权限

parent 91d4cb14
Show whitespace changes
Inline Side-by-side
Showing with 296 additions and 206 deletions
huigou-core-api/src/main/java/com/huigou/uasp/bmp/opm/application/AccessApplication.java
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.application;
import java.util.List;
import java.util.Map;
import com.huigou.context.RoleKind;
import com.huigou.data.domain.query.FolderAndCodeAndNameQueryRequest;
import com.huigou.data.domain.query.ParentIdQueryRequest;
......@@ -16,6 +13,9 @@ import com.huigou.uasp.bmp.opm.domain.query.PermissionsByRoleIdQueryRequest;
import com.huigou.uasp.bmp.opm.domain.query.RolesQueryRequestQueryRequest;
import com.huigou.util.SDO;
import java.util.List;
import java.util.Map;
/**
* 访问控制应用
*
......@@ -30,8 +30,7 @@ public interface AccessApplication {
/**
* 保存角色
*
* @param role
* 角色
* @param role 角色
* @return 角色ID
*/
String saveRole(Role role);
......@@ -39,52 +38,44 @@ public interface AccessApplication {
/**
* 从数据库读取一个角色数据
*
* @param id
* 角色ID
* @param id 角色ID
*/
Role loadRole(String id);
/**
* 删除角色
*
* @param ids
* 角色ID列表
* @param ids 角色ID列表
*/
void deleteRoles(List<String> ids);
/**
* 更新排序号
*
* @param roles
* 角色ID和排序号的Map
* @param roles 角色ID和排序号的Map
*/
void updateRolesSequence(Map<String, Integer> params);
/**
* 移动角色
*
* @param ids
* 角色ID列表
* @param parentId
* 父ID
* @param ids 角色ID列表
* @param parentId 父ID
*/
void moveRoles(List<String> ids, String parentId);
/**
* 移动租户角色
*
* @param ids
* 角色ID列表
* @param parentId
* 父ID
* @param ids 角色ID列表
* @param parentId 父ID
*/
void moveTenantRoles(List<String> ids, String parentId);
/**
* 获取角色下一个排序号
*
* @param parentId
* 父ID
* @param parentId 父ID
* @return 角色下一个排序号
*/
Integer getRoleNextSequence(String parentId);
......@@ -92,10 +83,8 @@ public interface AccessApplication {
/**
* 查询角色数据
*
* @param tenantKindId
* 租户类别
* @param parentId
* 父ID
* @param tenantKindId 租户类别
* @param parentId 父ID
* @return
*/
List<Map<String, Object>> queryRoles(String tenantKindId, String parentId);
......@@ -103,8 +92,7 @@ public interface AccessApplication {
/**
* 分页查询角色数据
*
* @param queryRequest
* 查询 对象
* @param queryRequest 查询 对象
* @return
*/
Map<String, Object> slicedQueryRoles(RolesQueryRequestQueryRequest queryRequest);
......@@ -117,8 +105,7 @@ public interface AccessApplication {
/**
* 保存权限
*
* @param permission
* 权限实体
* @param permission 权限实体
* @return 权限ID
*/
String savePermission(Permission permission);
......@@ -126,16 +113,14 @@ public interface AccessApplication {
/**
* 更新权限
*
* @param permission
* 权限实体
* @param permission 权限实体
*/
void updatePermission(Permission permission);
/**
* 加载权限
*
* @param id
* 权限ID
* @param id 权限ID
* @return 权限实体
*/
Permission loadPermission(String id);
......@@ -145,44 +130,37 @@ public interface AccessApplication {
* <p>
* 若权限已分配给角色,不能删除。
*
* @param ids
* 权限ID列表
* @param ids 权限ID列表
*/
void deletePermissions(List<String> ids);
/**
* 更新权限排序号
*
* @param permissions
* 权限ID和排序号的Map
* @param permissions 权限ID和排序号的Map
*/
void updatePermissionsSequence(Map<String, Integer> permissions);
/**
* 更新权限状态
*
* @param ids
* 权限ID列表
* @param status
* 状态
* @param ids 权限ID列表
* @param status 状态
*/
void updatePermissionsStatus(List<String> ids, Integer status);
/**
* 移动权限
*
* @param ids
* 权限ID列表
* @param parentId
* 父ID
* @param ids 权限ID列表
* @param parentId 父ID
*/
void movePermissions(List<String> ids, String parentId);
/**
* 查询权限
*
* @param queryRequest
* 权限查询对象
* @param queryRequest 权限查询对象
* @return 查询结果集
*/
Map<String, Object> queryPermissions(FolderAndCodeAndNameQueryRequest queryRequest);
......@@ -190,24 +168,21 @@ public interface AccessApplication {
/**
* 保存界面元素权限
*
* @param uiElementPermissions
* 界面元素权限列表
* @param uiElementPermissions 界面元素权限列表
*/
void saveUIElementPermissions(List<UIElementPermission> uiElementPermissions);
/**
* 删除界面元素权限
*
* @param ids
* 界面元素ID列表
* @param ids 界面元素ID列表
*/
void deleteUIElementPermissions(List<String> ids);
/**
* 分页查询界面元素权限
*
* @param queryRequest
* 查询模型
* @param queryRequest 查询模型
* @return
*/
Map<String, Object> slicedQueryUIElementPermissions(ParentIdQueryRequest queryRequest);
......@@ -215,8 +190,7 @@ public interface AccessApplication {
/**
* 得到权限的下一个排序号
*
* @param parentId
* 父ID
* @param parentId 父ID
* @return
*/
Integer getPermissionNextSequence(String parentId);
......@@ -224,28 +198,23 @@ public interface AccessApplication {
/**
* 分配角色
*
* @param orgId
* 组织ID
* @param roleIds
* 角色ID列表
* @param orgId 组织ID
* @param roleIds 角色ID列表
*/
void allocateRoles(String orgId, List<String> roleIds);
/**
* 取消分配角色
*
* @param orgId
* 组织ID
* @param roleIds
* 角色ID列表
* @param orgId 组织ID
* @param roleIds 角色ID列表
*/
void deallocateRoles(String orgId, List<String> roleIds);
/**
* 查询授权
*
* @param queryRequest
* 查询模型
* @param queryRequest 查询模型
* @return
*/
Map<String, Object> queryAuthorizations(AuthorizationsQueryRequest queryRequest);
......@@ -253,8 +222,7 @@ public interface AccessApplication {
/**
* 查询权限
*
* @param parentId
* 父ID
* @param parentId 父ID
* @return
*/
List<Map<String, Object>> queryPermissionsByParentId(String parentId);
......@@ -262,10 +230,8 @@ public interface AccessApplication {
/**
* 根据角色ID查询功能权限
*
* @param roleId
* 角色ID
* @param parentId
* 父ID
* @param roleId 角色ID
* @param parentId 父ID
* @return
*/
List<Permission> queryAllocatedPermissions(String roleId, String parentId);
......@@ -273,8 +239,7 @@ public interface AccessApplication {
/**
* 查询权限
*
* @param queryRequest
* 查询模型
* @param queryRequest 查询模型
* @return
*/
Map<String, Object> slicedQueryPermissionsByRoleId(PermissionsByRoleIdQueryRequest queryRequest);
......@@ -282,8 +247,7 @@ public interface AccessApplication {
/**
* 分页查询已授权的权限
*
* @param queryRequest
* 查询模型
* @param queryRequest 查询模型
* @return
*/
Map<String, Object> slicedQueryAuthorizedPermissionsByOrgFullId(AuthorizedPermissionsByOrgFullIdQueryRequest queryRequest);
......@@ -291,30 +255,24 @@ public interface AccessApplication {
/**
* 分配功能权限
*
* @param roleId
* 角色ID
* @param oneLevelPermissionId
* 一级权限ID
* @param permissionIds
* 权限ID列表
* @param roleId 角色ID
* @param oneLevelPermissionId 一级权限ID
* @param permissionIds 权限ID列表
*/
void allocateFunPermissions(String roleId, String oneLevelPermissionId, List<String> permissionIds);
/**
* 取消分配功能权限
*
* @param roleId
* 角色ID
* @param permissionIds
* 权限ID列表
* @param roleId 角色ID
* @param permissionIds 权限ID列表
*/
void deallocateFunPermissions(String roleId, List<String> permissionIds);
/**
* 查询人员的功能权限
*
* @param personId
* 人员ID
* @param personId 人员ID
* @return
*/
List<String> queryPersonFunPermissions(String personId);
......@@ -322,8 +280,7 @@ public interface AccessApplication {
/**
* 查询人员角色
*
* @param personId
* 人员ID
* @param personId 人员ID
* @return
*/
List<String> queryPersonRoleIds(String personId);
......@@ -331,8 +288,7 @@ public interface AccessApplication {
/**
* 获取人员角色类别
*
* @param personId
* 人员ID
* @param personId 人员ID
* @return
*/
RoleKind getPersonRoleKind(String personId);
......@@ -340,20 +296,16 @@ public interface AccessApplication {
/**
* 加载资源操作
*
* @param id
* 资源操作ID
* @return
* 资源操作
* @param id 资源操作ID
* @return 资源操作
*/
ResourceOperation loadResourceOperation(String id);
/**
* 查询人员功能权限
*
* @param personId
* 人员id
* @param parentId
* 父id
* @param personId 人员id
* @param parentId 父id
* @return
*/
List<Map<String, Object>> queryPersonFunctions(String personId, String parentId);
......@@ -379,10 +331,8 @@ public interface AccessApplication {
/**
* 检验人员是否具有某个功能权限
*
* @param personId
* 人员ID
* @param funcCode
* 功能编码
* @param personId 人员ID
* @param funcCode 功能编码
* @return
*/
boolean checkPersonFunPermissions(String personId, String funcCode);
......@@ -390,8 +340,7 @@ public interface AccessApplication {
/**
* 加人员角色
*
* @param personId
* 人员id
* @param personId 人员id
* @return
*/
List<Map<String, Object>> loadPersonRole(String personId);
......@@ -399,9 +348,9 @@ public interface AccessApplication {
/**
* 管理权限鉴权
*
* @author
* @param
* @return boolean
* @author
*/
boolean authenticationManageType(SDO sdo);
......@@ -431,4 +380,9 @@ public interface AccessApplication {
* 同步三员权限
*/
void synThreeMemberPermission();
/**
* 引用角色
*/
void quoteRole(String sourceOrgId, String destOrgId);
}
huigou-core-api/src/main/java/com/huigou/uasp/bmp/opm/domain/model/access/Authorize.java 0 → 100644
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.domain.model.access;
import javax.persistence.EmbeddedId;
import javax.persistence.Entity;
import javax.persistence.Table;
import java.io.Serializable;
/**
* 人员角色授权
*
* @author yonghuan
*/
@Table(name = "sa_opauthorize")
@Entity
public class Authorize implements Serializable {
@EmbeddedId
private AuthorizeId id;
public Authorize() {
}
public Authorize(String orgId, String roleId) {
id = new AuthorizeId(orgId, roleId);
}
public AuthorizeId getId() {
return id;
}
public void setId(AuthorizeId id) {
this.id = id;
}
}
huigou-core-api/src/main/java/com/huigou/uasp/bmp/opm/domain/model/access/AuthorizeId.java 0 → 100644
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.domain.model.access;
import javax.persistence.Column;
import javax.persistence.Embeddable;
import java.io.Serializable;
import java.util.Objects;
/**
* @author yonghuan
*/
@Embeddable
public class AuthorizeId implements Serializable {
/**
* 组织id
*/
@Column(name = "org_id")
private String orgId;
/**
* 角色id
*/
@Column(name = "role_id")
private String roleId;
public AuthorizeId() {
}
public AuthorizeId(String orgId, String roleId) {
this.orgId = orgId;
this.roleId = roleId;
}
public String getOrgId() {
return orgId;
}
public void setOrgId(String orgId) {
this.orgId = orgId;
}
public String getRoleId() {
return roleId;
}
public void setRoleId(String roleId) {
this.roleId = roleId;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;
AuthorizeId that = (AuthorizeId) o;
return orgId.equals(that.orgId) &&
roleId.equals(that.roleId);
}
@Override
public int hashCode() {
return Objects.hash(orgId, roleId);
}
}
huigou-core-api/src/main/java/com/huigou/uasp/bmp/opm/repository/managment/BizManagementRepository.java
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.repository.managment;
import java.util.Collection;
import java.util.List;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import com.huigou.uasp.bmp.opm.domain.model.management.BizManagement;
import com.huigou.uasp.bmp.opm.domain.model.management.BizManagementType;
import com.huigou.uasp.bmp.opm.domain.model.org.Org;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import java.util.Collection;
import java.util.List;
public interface BizManagementRepository extends JpaRepository<BizManagement, String>, JpaSpecificationExecutor<BizManagement> {
List<BizManagement> findByManagerInAndBizManagementTypeAndSubordinationIn(Collection<Org> managers, BizManagementType bizManagementType,
Collection<Org> subordinations);
@Query("from BizManagement bm where bm.manager.id=:managerId and exists (select 1 from Org o where o.id=bm.subordination.id)")
List<BizManagement> findByManagerId(@Param("managerId") String managerId);
}
huigou-core-api/src/main/java/com/huigou/uasp/bmp/opm/repository/org/RoleRepository.java
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.repository.org;
import java.util.List;
import com.huigou.uasp.bmp.opm.domain.model.access.Role;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import com.huigou.uasp.bmp.opm.domain.model.access.Role;
import java.util.List;
public interface RoleRepository extends JpaRepository<Role, String> {
......@@ -21,4 +21,13 @@ public interface RoleRepository extends JpaRepository<Role, String> {
@Query("select count(p) from Role r join r.permissions p where r.id = ?1")
int countPermissionsByRoleId(String roleId);
/**
* 查询组织拥有的有效角色信息。
*
* @param orgId 组织id
* @return 组织拥有的有效角色信息
*/
@Query("from Role r where r.status=1 and exists (select 1 from Authorize a where a.id.orgId=:orgId and a.id.roleId=r.id)")
List<Role> findByOrgId(@Param("orgId") String orgId);
}
huigou-core-impl/src/main/java/com/huigou/uasp/bmp/opm/impl/AccessApplicationImpl.java
View file @ 7d5e22a5
......@@ -4,6 +4,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
......@@ -795,4 +796,14 @@ public class AccessApplicationImpl extends BaseApplication implements AccessAppl
}
}
@Override
public void quoteRole(String sourceOrgId, String destOrgId) {
List<String> roleIds = roleRepository.findByOrgId(sourceOrgId).stream()
.map(Role::getId)
.collect(Collectors.toList());
if (roleIds.size() > 0) {
allocateRoles(destOrgId, roleIds);
}
}
}
\ No newline at end of file
huigou-core-impl/src/main/java/com/huigou/uasp/bmp/opm/impl/ManagementApplicationImpl.java
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.impl;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.springframework.util.Assert;
import com.huigou.context.MessageSourceContext;
import com.huigou.data.domain.model.CommonDomainConstants;
import com.huigou.data.domain.model.MessageConstants;
......@@ -26,6 +20,12 @@ import com.huigou.uasp.bmp.opm.repository.managment.BizManagementRepository;
import com.huigou.uasp.bmp.opm.repository.managment.BizManagementTypeRepository;
import com.huigou.uasp.bmp.opm.repository.org.OrgRepository;
import com.huigou.util.StringUtil;
import org.springframework.util.Assert;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
public class ManagementApplicationImpl extends BaseApplication implements ManagementApplication {
......@@ -339,6 +339,21 @@ public class ManagementApplicationImpl extends BaseApplication implements Manage
@Override
public void quoteBizManagement(String sourceOrgId, String destOrgId) {
if (!orgRepository.exists(sourceOrgId) || !orgRepository.exists(destOrgId)) {
return;
}
this.bizManagementRepository.findByManagerId(sourceOrgId)
.stream()
.collect(Collectors.groupingBy(BizManagement::getBizManagementType))
.forEach((manageType, bizManagements) -> {
List<String> subordinationIds = bizManagements.stream()
.map(BizManagement::getSubordination)
.map(Org::getId)
.collect(Collectors.toList());
if (subordinationIds.size() > 0) {
allocateSubordinations(destOrgId, manageType.getId(), subordinationIds);
}
});
}
}
huigou-core-proxy/src/main/java/com/huigou/uasp/bmp/opm/proxy/AccessApplicationProxy.java
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.proxy;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import com.huigou.context.MessageSourceContext;
import com.huigou.context.RoleKind;
import com.huigou.context.TmspmConifg;
......@@ -28,14 +20,15 @@ import com.huigou.uasp.bmp.opm.domain.query.AuthorizedPermissionsByOrgFullIdQuer
import com.huigou.uasp.bmp.opm.domain.query.PermissionsByRoleIdQueryRequest;
import com.huigou.uasp.bmp.opm.domain.query.RolesQueryRequestQueryRequest;
import com.huigou.uasp.bmp.opm.impl.AccessApplicationImpl;
import com.huigou.uasp.bmp.opm.repository.org.PermissionRepository;
import com.huigou.uasp.bmp.opm.repository.org.ResourceOperationRepository;
import com.huigou.uasp.bmp.opm.repository.org.RolePermissionRepository;
import com.huigou.uasp.bmp.opm.repository.org.RoleRepository;
import com.huigou.uasp.bmp.opm.repository.org.SysFunctionRepository;
import com.huigou.uasp.bmp.opm.repository.org.UIElementPermissionRepository;
import com.huigou.uasp.bmp.opm.repository.org.UIElementRepository;
import com.huigou.uasp.bmp.opm.repository.org.*;
import com.huigou.util.SDO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import java.util.List;
import java.util.Map;
@Service("accessApplicationProxy")
public class AccessApplicationProxy {
......@@ -308,4 +301,13 @@ public class AccessApplicationProxy {
public void synThreeMemberPermission() {
getAccessApplication().synThreeMemberPermission();
}
/**
* 引用角色
*/
@Transactional
public void quoteRole(String sourceOrgId, String destOrgId) {
getAccessApplication().quoteRole(sourceOrgId, destOrgId);
}
}
huigou-core-proxy/src/main/java/com/huigou/uasp/bmp/opm/proxy/OrgApplicationProxy.java
View file @ 7d5e22a5
package com.huigou.uasp.bmp.opm.proxy;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.huigou.data.domain.query.CodeAndNameQueryRequest;
import com.huigou.data.domain.service.CommonDomainService;
import com.huigou.data.query.executor.SQLExecutorDao;
......@@ -20,13 +13,14 @@ import com.huigou.uasp.bmp.opm.domain.model.org.Person;
import com.huigou.uasp.bmp.opm.domain.query.OrgPropertyDefinitionQueryRequest;
import com.huigou.uasp.bmp.opm.domain.query.OrgQueryModel;
import com.huigou.uasp.bmp.opm.impl.OrgApplicationImpl;
import com.huigou.uasp.bmp.opm.repository.org.OrgPropertyDefinitionRepository;
import com.huigou.uasp.bmp.opm.repository.org.OrgRepository;
import com.huigou.uasp.bmp.opm.repository.org.OrgTemplateRepository;
import com.huigou.uasp.bmp.opm.repository.org.OrgTypeRepository;
import com.huigou.uasp.bmp.opm.repository.org.PersonRepository;
import com.huigou.uasp.bmp.opm.repository.org.RoleRepository;
import com.huigou.uasp.bmp.opm.repository.org.*;
import com.huigou.uasp.bmp.securitypolicy.application.SecurityPolicyApplication;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.List;
import java.util.Map;
@Service("orgApplicationProxy")
public class OrgApplicationProxy {
......@@ -65,6 +59,10 @@ public class OrgApplicationProxy {
private CoreApplicationFactory coreApplicationFactory;
private OrgApplication orgApplication;
@Autowired
private AccessApplicationProxy accessApplicationProxy;
@Autowired
private ManagementApplicationProxy managementApplicationProxy;
void initProperties(OrgApplicationImpl orgApplicationImpl) {
orgApplicationImpl.setCommonDomainService(commonDomainService);
......@@ -245,9 +243,10 @@ public class OrgApplicationProxy {
return getOrgApplication().queryPersonMembersByPersonId(personId);
}
@Transactional
@Transactional(rollbackFor = RuntimeException.class)
public void quoteAuthorizationAndBizManagement(String sourceOrgId, String destOrgId) {
getOrgApplication().quoteAuthorizationAndBizManagement(sourceOrgId, destOrgId);
accessApplicationProxy.quoteRole(sourceOrgId, destOrgId);
managementApplicationProxy.quoteBizManagement(sourceOrgId, destOrgId);
}
@Transactional
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment