package jnpf.permission.service.impl; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.text.StrPool; import cn.hutool.core.util.ObjectUtil; import com.baomidou.dynamic.datasource.annotation.DS; import com.baomidou.dynamic.datasource.annotation.DSTransactional; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.google.common.collect.Lists; import jnpf.base.UserInfo; import jnpf.base.entity.ModuleEntity; import jnpf.base.entity.SystemEntity; import jnpf.base.model.base.SystemBaeModel; import jnpf.base.model.button.ButtonModel; import jnpf.base.model.column.ColumnModel; import jnpf.base.model.form.ModuleFormModel; import jnpf.base.model.module.ModuleModel; import jnpf.base.model.portalManage.PortalManagePageDO; import jnpf.base.model.portalManage.PortalModel; import jnpf.base.model.portalManage.SavePortalAuthModel; import jnpf.base.model.resource.ResourceModel; import jnpf.base.service.*; import jnpf.config.ConfigValueUtil; import jnpf.constant.*; import jnpf.consts.DeviceType; import jnpf.database.model.dto.PrepSqlDTO; import jnpf.database.model.superQuery.SuperJsonModel; import jnpf.database.model.superQuery.SuperQueryJsonModel; import jnpf.database.sql.util.SqlFrameFastUtil; import jnpf.database.util.DataSourceUtil; import jnpf.database.util.DbTypeUtil; import jnpf.database.util.JdbcUtil; import jnpf.database.util.TenantDataSourceUtil; import jnpf.exception.DataException; import jnpf.exception.NoPermiLoginException; import jnpf.model.BaseSystemInfo; import jnpf.model.login.UserSystemVO; import jnpf.model.tenant.TenantAuthorizeModel; import jnpf.model.visualJson.FieLdsModel; import jnpf.model.visualJson.config.ConfigModel; import jnpf.permission.entity.*; import jnpf.permission.mapper.AuthorizeMapper; import jnpf.permission.model.authCondition.AuthConditionModel; import jnpf.permission.model.authCondition.AuthGroup; import jnpf.permission.model.authCondition.AuthItem; import jnpf.permission.model.authorize.*; import jnpf.permission.model.position.PosConModel; import jnpf.permission.service.*; import jnpf.permission.util.AuthPermUtil; import jnpf.util.*; import jnpf.util.context.RequestContext; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections4.CollectionUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.net.URLDecoder; import java.util.*; import java.util.function.Function; import java.util.stream.Collectors; /** * 操作权限 * * @author JNPF开发平台组 * @version V3.1.0 * @copyright 引迈信息技术有限公司 * @date 2019年9月26日 上午9:18 */ @Slf4j @Service public class AuthorizeServiceImpl extends SuperServiceImpl implements AuthorizeService { @Autowired private UserRelationService userRelationService; @Autowired private DataSourceUtil dataSourceUtils; @Autowired private CacheKeyUtil cacheKeyUtil; @Autowired private RedisUtil redisUtil; @Autowired private UserService userService; @Autowired private OrganizeAdministratorService organizeAdminIsTratorService; @Autowired private SystemService systemApi; @Autowired private ConfigValueUtil configValueUtil; @Autowired private ModuleService moduleApi; @Autowired private PortalManageService portalManageApi; @Autowired private StandingService standingService; @Autowired private OrganizeService organizeService; @Autowired private PositionService positionService; @Autowired private RoleRelationService roleRelationService; @Autowired private RoleService roleService; @Autowired private SysconfigService sysconfigApi; //当前系统权限 @Override public AuthorizeVO getAuthorize(boolean singletonOrg, String currentSystemCode, Integer isBackend) { return this.getAuthorize(singletonOrg, currentSystemCode, isBackend, false); } //全部系统权限 @Override public AuthorizeVO getAuthorizeByUser(boolean singletonOrg) { //获取全部应用权限 return this.getAuthorize(singletonOrg, null, 0, true); } @Override public AuthorizeVO getAuthorize(boolean singletonOrg, String currentSystemCode, Integer isBackend, Boolean allSystem) { boolean isPc = RequestContext.isOrignPc(); String pcCode = isPc ? JnpfConst.WEB : JnpfConst.APP; BaseSystemInfo baseSystemInfo = sysconfigApi.getSysInfo(); UserInfo userInfo = UserProvider.getUser(); OtherModel otherModel = new OtherModel(); List moduleList = new ArrayList<>(); List buttonList = new ArrayList<>(); List columnList = new ArrayList<>(); List resourceList = new ArrayList<>(); List formsList = new ArrayList<>(); List systemList = new ArrayList<>(); List flowList = new ArrayList<>(); List standingListVo = new ArrayList<>(); boolean isAdmin = userInfo.getIsAdministrator(); String currentSystemId = ""; SystemEntity info = null; if (StringUtil.isNotEmpty(currentSystemCode)) { try { currentSystemCode = URLDecoder.decode(currentSystemCode, "UTF-8"); } catch (Exception e) { } info = systemApi.getInfoByEnCode(currentSystemCode); if (info == null) { throw new NoPermiLoginException(MsgCode.PS032.get()); } currentSystemId = info.getId(); } List moduleAuthorize = new ArrayList<>(); List moduleUrlAddressAuthorize = new ArrayList<>(); if (configValueUtil.isMultiTenancy()) { TenantAuthorizeModel tenantAuthorizeModel = TenantDataSourceUtil.getCacheModuleAuthorize(userInfo.getTenantId()); moduleAuthorize = tenantAuthorizeModel.getModuleIdList(); moduleUrlAddressAuthorize = tenantAuthorizeModel.getUrlAddressList(); } if (!isAdmin) { //获取用户所有权限 List objectIds = new ArrayList<>(); List positionIds = userInfo.getPositionIds(); List roleIds = roleService.getListByIds(userInfo.getRoleIds()).stream() .filter(t -> !PermissionConst.ORGANIZE.equals(t.getType())).map(RoleEntity::getId).collect(Collectors.toList()); objectIds.addAll(positionIds); objectIds.addAll(roleIds); List authorizeList = this.getListByObjectId(objectIds); List standingList = authorizeList.stream().filter(t -> PermissionConst.STAND.equals(t.getItemType())).collect(Collectors.toList()); List posAndRoles = new ArrayList<>(); //非管理员,走身份(standingSwitch) if (CollectionUtil.isNotEmpty(standingList) && configValueUtil.isStandingSwitch()) { //获取身份id列表 List standingIds = standingList.stream().map(AuthorizeEntity::getItemId).collect(Collectors.toList()); //设置当前身份 String standingId = setCurrentStanding(standingIds, standingListVo); if (StringUtil.isNotEmpty(standingId)) { //根据当前身份获取角色和岗位 List stdPos = standingList.stream().filter(t -> t.getItemId().equals(standingId) && PermissionConst.POSITION.equals(t.getObjectType())).map(AuthorizeEntity::getObjectId).collect(Collectors.toList()); //获取当前岗位角色 List stdPosRole = roleRelationService.getListByObjectId(stdPos, null) .stream().map(RoleRelationEntity::getRoleId).collect(Collectors.toList()); List stdRole = standingList.stream().filter(t -> t.getItemId().equals(standingId) && PermissionConst.ROLE.equals(t.getObjectType())).map(AuthorizeEntity::getObjectId).collect(Collectors.toList()); posAndRoles.addAll(stdPos); posAndRoles.addAll(stdPosRole); posAndRoles.addAll(stdRole); //重新设置当前用户角色 List roleList = roleService.getListByIds(stdRole); for (RoleEntity roleEntity : roleList) { if (PermissionConst.MANAGER_CODE.equals(roleEntity.getEnCode())) { otherModel.setIsManageRole(true); } else if (PermissionConst.DEVELOPER_CODE.equals(roleEntity.getEnCode())) { otherModel.setIsDevRole(true); } else if (PermissionConst.USER_CODE.equals(roleEntity.getEnCode())) { otherModel.setIsUserRole(true); } else { otherModel.setIsOtherRole(true); } } //通过身份过滤掉多于的权限 authorizeList = authorizeList.stream().filter(t -> posAndRoles.contains(t.getObjectId())).collect(Collectors.toList()); } } //应用 List systemId = authorizeList.stream().filter(t -> AuthorizeConst.SYSTEM.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); if (systemId.size() > 0) { List systemAdmin = systemApi.getListByIds(systemId, moduleAuthorize); //配置了流程和协作的菜单但是没有主系统菜单时,直接添加主系统权限 List mainList = systemAdmin.stream().filter(t -> JnpfConst.MAIN_SYSTEM_CODE.equals(t.getEnCode())).collect(Collectors.toList()); if (CollectionUtil.isEmpty(mainList)) { List collect = systemAdmin.stream().filter(t -> JnpfConst.WORK_FLOW_CODE.equals(t.getEnCode()) || JnpfConst.TEAMWORK_CODE.equals(t.getEnCode())).collect(Collectors.toList()); if (CollectionUtil.isNotEmpty(collect)) { systemAdmin.add(systemApi.getInfoByEnCode(JnpfConst.MAIN_SYSTEM_CODE)); } } //app无主应用时获取当前第一个应用 if (!isPc && StringUtil.isEmpty(currentSystemCode)) { info = systemAdmin.stream().filter(t -> !Objects.equals(t.getIsMain(), 1)).findFirst().orElse(null); if (info != null) { currentSystemId = info.getId(); currentSystemCode = info.getEnCode(); } } systemList = JsonUtil.getJsonToList(systemAdmin, SystemBaeModel.class); } List moduleId = authorizeList.stream().filter(t -> AuthorizeConst.MODULE.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); if (moduleId.size() > 0) { List allSysMenu = this.baseMapper.findModule(moduleId, null, moduleAuthorize, moduleUrlAddressAuthorize, singletonOrg ? 0 : 1); List currSys = new ArrayList<>(); if (StringUtil.isNotEmpty(currentSystemId) && !allSystem) { currSys.add(currentSystemId); } moduleList = CollectionUtils.isNotEmpty(currSys) ? allSysMenu.stream().filter(t -> currSys.contains(t.getSystemId())).collect(Collectors.toList()) : allSysMenu; //当前系统是否有流程菜单 if (StringUtil.isNotEmpty(currentSystemCode)) { if (JnpfConst.MAIN_SYSTEM_CODE.equals(currentSystemCode)) { otherModel.setWorkflowEnabled(allSysMenu.stream().anyMatch(t -> JnpfConst.MODULE_CODE.contains(t.getEnCode()) && pcCode.equals(t.getCategory())) ? 1 : 0); } else { otherModel.setWorkflowEnabled(moduleList.stream().anyMatch(t -> JnpfConst.MODULE_CODE.contains(t.getEnCode()) && pcCode.equals(t.getCategory())) ? 1 : 0); } } } // 按钮 List buttonId = authorizeList.stream().filter(t -> AuthorizeConst.BUTTON.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); if (buttonId.size() > 0) { buttonList = this.baseMapper.findButton(buttonId); } // 列表 List columnId = authorizeList.stream().filter(t -> AuthorizeConst.COLUMN.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); if (columnId.size() > 0) { columnList = this.baseMapper.findColumn(columnId); } // 数据 List resourceId = authorizeList.stream().filter(t -> AuthorizeConst.RESOURCE.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); if (resourceId.size() > 0) { resourceList = this.baseMapper.findResource(resourceId); if (CollectionUtil.isNotEmpty(posAndRoles)) { resourceList = resourceList.stream().filter(t -> posAndRoles.contains(t.getObjectId())).collect(Collectors.toList()); } } // 表单 List formId = authorizeList.stream().filter(t -> AuthorizeConst.FROM.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); if (formId.size() > 0) { formsList = this.baseMapper.findForms(formId); } // 流程 flowList = authorizeList.stream().filter(t -> AuthorizeConst.FLOW.equals(t.getItemType())).map(AuthorizeEntity::getItemId).collect(Collectors.toList()); } else { buttonList = this.baseMapper.findButtonAdmin(1); columnList = this.baseMapper.findColumnAdmin(1); resourceList = this.baseMapper.findResourceAdmin(1); formsList = this.baseMapper.findFormsAdmin(1); List systemAdmin = systemApi.findSystemAdmin(moduleAuthorize); if (!isPc && StringUtil.isEmpty(currentSystemCode)) { info = systemAdmin.stream().filter(t -> !Objects.equals(t.getIsMain(), 1)).findFirst().orElse(null); if (info != null) { currentSystemId = info.getId(); currentSystemCode = info.getEnCode(); } } systemList = JsonUtil.getJsonToList(systemAdmin, SystemBaeModel.class); List moduleAdmin = moduleApi.findModuleAdmin(singletonOrg ? 0 : 1, null, moduleAuthorize, moduleUrlAddressAuthorize); String thisid = currentSystemId; List allSysMenu = JsonUtil.getJsonToList(moduleAdmin, ModuleModel.class); if (StringUtil.isNotEmpty(currentSystemId) && !allSystem) { moduleList = allSysMenu.stream().filter(t -> Objects.equals(t.getSystemId(), thisid)).collect(Collectors.toList()); } else { moduleList = allSysMenu; } //当前系统是否有流程菜单 if (StringUtil.isNotEmpty(currentSystemCode)) { if (JnpfConst.MAIN_SYSTEM_CODE.equals(currentSystemCode)) { otherModel.setWorkflowEnabled(allSysMenu.stream().anyMatch(t -> JnpfConst.MODULE_CODE.contains(t.getEnCode()) && pcCode.equals(t.getCategory())) ? 1 : 0); } else { otherModel.setWorkflowEnabled(moduleList.stream().anyMatch(t -> JnpfConst.MODULE_CODE.contains(t.getEnCode()) && pcCode.equals(t.getCategory())) ? 1 : 0); } } //超管添加身份 if (configValueUtil.isStandingSwitch()) { UserSystemVO admin = new UserSystemVO(); admin.setId(1 + ""); admin.setName(MsgCode.OA025.get()); admin.setCurrentStanding(true); admin.setIcon(PermissionConst.SD_ADMIN_ICON); standingListVo.add(admin); } } //添加固定菜单 List appComModule = new ArrayList<>(); appComModule.addAll(JnpfConst.APP_CONFIG_MODULE); appComModule.addAll(JnpfConst.ONLINE_DEV_MODULE); if (JnpfConst.MAIN_SYSTEM_CODE.equals(currentSystemCode)) { moduleList = moduleList.stream().filter(t -> !appComModule.contains(t.getEnCode())).collect(Collectors.toList()); } else if (Objects.equals(isBackend, 1)) { //是后台管理 List listByEnCode = moduleApi.getListByEnCode(appComModule); moduleList = JsonUtil.getJsonToList(listByEnCode, ModuleModel.class); } //系统配置-流程开关 moduleList = moduleList.stream().filter(t -> { if (!Objects.equals(baseSystemInfo.getFlowSign(), 1) && JnpfConst.WORK_FLOWSIGN.equals(t.getEnCode())) { return false; } else if (!Objects.equals(baseSystemInfo.getFlowTodo(), 1) && JnpfConst.WORK_FLOWTODO.equals(t.getEnCode())) { return false; } return true; }).collect(Collectors.toList()); //应用前台不需要添加菜单数据 return new AuthorizeVO(moduleList, buttonList, columnList, resourceList, formsList, systemList, standingListVo, info, flowList, otherModel); } /** * 设置当前身份 * * @param standingIds * @param standingListVo */ private String setCurrentStanding(List standingIds, List standingListVo) { List listByIds = standingService.getListByIds(standingIds); UserEntity info = userService.getInfo(UserProvider.getUser().getUserId()); String currentStanding = ""; if (RequestContext.isOrignPc()) { currentStanding = info.getStanding(); } else { currentStanding = info.getAppStanding(); } for (StandingEntity standing : listByIds) { UserSystemVO standingVo = JsonUtil.getJsonToBean(standing, UserSystemVO.class); standingVo.setName(standing.getFullName()); if (StringUtil.isNotEmpty(currentStanding) && currentStanding.equals(standing.getId())) { standingVo.setCurrentStanding(true); } String icon = ""; switch (standing.getEnCode()) { case PermissionConst.MANAGER_CODE: icon = PermissionConst.SD_MANAGER_ICON; break; case PermissionConst.DEVELOPER_CODE: icon = PermissionConst.SD_DEVELOPER_ICON; break; case PermissionConst.USER_CODE: icon = PermissionConst.SD_USER_ICON; break; default: icon = PermissionConst.SD_EXPERIENCER_ICON; break; } standingVo.setIcon(icon); standingListVo.add(standingVo); } if (CollectionUtil.isEmpty(standingListVo)) { return null; } UserSystemVO currStand = standingListVo.stream().filter(t -> t.isCurrentStanding()).findFirst().orElse(null); if (currStand == null) { UserSystemVO userSystemVO = standingListVo.stream().filter(t -> PermissionConst.USER_CODE.equals(t.getEnCode())) .findFirst().orElse(standingListVo.get(0)); userSystemVO.setCurrentStanding(true); if (RequestContext.isOrignPc()) { info.setStanding(userSystemVO.getId()); } else { info.setAppStanding(userSystemVO.getId()); } userService.updateById(info); currentStanding = userSystemVO.getId(); } else { currentStanding = currStand.getId(); } return currentStanding; } @Override public void getPortal(List systemList, List portalList, Long dateTime, List collect) { Map systemBaeModelMap = systemList.stream().collect(Collectors.toMap(SystemEntity::getId, Function.identity())); List systemIds = systemList.stream().map(SystemEntity::getId).collect(Collectors.toList()); List portalManagePageDOS = portalManageApi.selectPortalBySystemIds(systemIds, collect); if (portalManagePageDOS.size() == 0) { return; } Map> systemIdAndPortalMap = portalManagePageDOS.stream().collect(Collectors.groupingBy(PortalManagePageDO::getSystemId)); if (systemIdAndPortalMap != null) { systemIdAndPortalMap.keySet().forEach(t -> { if (Optional.ofNullable(systemBaeModelMap.get(t)).isPresent()) { PortalModel systemModel = JsonUtil.getJsonToBean(systemBaeModelMap.get(t), PortalModel.class); systemModel.setParentId("-1"); portalList.add(systemModel); Map platFormId = new HashMap<>(); List portalManagePageDOList = systemIdAndPortalMap.get(t); Map> platFormMap = portalManagePageDOList.stream().collect(Collectors.groupingBy(PortalManagePageDO::getPlatform)); List web = platFormMap.get(JnpfConst.WEB); List app = platFormMap.get(JnpfConst.APP); if (web != null && web.size() > 0) { PortalModel platForm = new PortalModel(); platForm.setId(systemModel.getId() + "1"); platForm.setParentId(systemModel.getId()); platForm.setFullName("WEB门户"); platForm.setIcon(PermissionConst.PC_ICON); platForm.setSortCode(0L); platForm.setCreatorTime(dateTime); platFormId.put(JnpfConst.WEB, platForm.getId()); portalList.add(platForm); } if (app != null && app.size() > 0) { PortalModel platForm = new PortalModel(); platForm.setId(systemModel.getId() + "2"); platForm.setParentId(systemModel.getId()); platForm.setFullName("APP门户"); platForm.setIcon(PermissionConst.APP_ICON); platForm.setSortCode(0L); platForm.setCreatorTime(dateTime); platFormId.put(JnpfConst.APP, platForm.getId()); portalList.add(platForm); } portalManagePageDOList.forEach(pageDO -> { // if (!categoryList.contains(pageDO.getCategoryId())) { // categoryList.add(pageDO.getCategoryId()); // PortalModel categoryModel = new PortalModel(); // categoryModel.setId(pageDO.getCategoryId()); // categoryModel.setParentId(platFormId.get(pageDO.getPlatform())); // categoryModel.setFullName(pageDO.getCategoryName()); // categoryModel.setOnlyId(RandomUtil.uuId()); // list.add(categoryModel); // } PortalModel model = JsonUtil.getJsonToBean(pageDO, PortalModel.class); // model.setParentId(pageDO.getCategoryId()); model.setParentId(platFormId.get(pageDO.getPlatform())); model.setFullName(pageDO.getPortalName()); portalList.add(model); }); } }); } } @Override @DSTransactional public void saveItemAuth(SavePortalAuthModel portalAuthModel) { List ids = portalAuthModel.getIds(); String id = portalAuthModel.getId(); String type = portalAuthModel.getType(); String userId = UserProvider.getLoginUserId(); // 原始授权角色 List list = new ArrayList<>(); for (int i = 0; i < ids.size(); i++) { AuthorizeEntity authorizeEntity = new AuthorizeEntity(); authorizeEntity.setId(RandomUtil.uuId()); authorizeEntity.setItemType(type); authorizeEntity.setItemId(ids.get(i)); authorizeEntity.setObjectType(portalAuthModel.getObjectType()); authorizeEntity.setObjectId(id); authorizeEntity.setSortCode((long) i); authorizeEntity.setCreatorTime(new Date()); authorizeEntity.setCreatorUserId(userId); list.add(authorizeEntity); } QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getItemType, type); queryWrapper.lambda().eq(AuthorizeEntity::getObjectId, id); this.remove(queryWrapper); list.forEach(this::save); List userIds = new ArrayList<>(); String objectType = portalAuthModel.getObjectType(); if (PermissionConst.ORGANIZE.equals(objectType) || PermissionConst.POSITION.equals(objectType)) { userIds.addAll(userRelationService.getListByObjectId(id).stream().map(UserRelationEntity::getUserId).collect(Collectors.toList())); } if (PermissionConst.ROLE.equals(objectType)) { userIds.addAll(roleRelationService.getListByRoleId(id, PermissionConst.USER).stream().map(RoleRelationEntity::getObjectId).collect(Collectors.toList())); } userService.delCurUser(MsgCode.PS010.get(), userIds); } @Override @DSTransactional public void saveObjectAuth(SavePortalAuthModel portalAuthModel) { List ids = portalAuthModel.getIds(); String id = portalAuthModel.getId(); String type = portalAuthModel.getType(); String userId = UserProvider.getLoginUserId(); QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getItemType, type); queryWrapper.lambda().eq(AuthorizeEntity::getItemId, id); this.remove(queryWrapper); List portalSystem = new ArrayList<>(); boolean isPortal = AuthorizeConst.AUTHORIZE_PORTAL_MANAGE.equals(type); if (isPortal && !ids.isEmpty() && StringUtil.isNotEmpty(portalAuthModel.getSystemId())) { QueryWrapper wrapper = new QueryWrapper<>(); wrapper.lambda().eq(AuthorizeEntity::getItemType, AuthorizeConst.SYSTEM); wrapper.lambda().eq(AuthorizeEntity::getItemId, portalAuthModel.getSystemId()); wrapper.lambda().in(AuthorizeEntity::getObjectId, ids); portalSystem.addAll(this.list(wrapper)); } // 原始授权角色 List list = new ArrayList<>(); for (int i = 0; i < ids.size(); i++) { String objectId = ids.get(i); AuthorizeEntity authorizeEntity = new AuthorizeEntity(); authorizeEntity.setId(RandomUtil.uuId()); authorizeEntity.setItemType(type); authorizeEntity.setObjectId(objectId); authorizeEntity.setObjectType(PermissionConst.ROLE); authorizeEntity.setItemId(id); authorizeEntity.setSortCode((long) i); authorizeEntity.setCreatorTime(new Date()); authorizeEntity.setCreatorUserId(userId); list.add(authorizeEntity); if (isPortal && StringUtil.isNotEmpty(portalAuthModel.getSystemId())) { boolean portalCount = portalSystem.stream().filter(t -> Objects.equals(t.getObjectId(), objectId)).count() == 0; if (portalCount) { AuthorizeEntity systemAuthorize = new AuthorizeEntity(); systemAuthorize.setId(RandomUtil.uuId()); systemAuthorize.setItemType(AuthorizeConst.SYSTEM); systemAuthorize.setObjectId(ids.get(i)); systemAuthorize.setObjectType(PermissionConst.ROLE); systemAuthorize.setItemId(portalAuthModel.getSystemId()); systemAuthorize.setSortCode(0l); systemAuthorize.setCreatorTime(new Date()); systemAuthorize.setCreatorUserId(userId); list.add(systemAuthorize); } } } list.forEach(this::save); } @Override public List getAuthorizeByItem(String itemType, String itemId) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getItemType, itemType); queryWrapper.lambda().eq(AuthorizeEntity::getItemId, itemId); return this.list(queryWrapper); } @Override public List getListByRoleIdsAndItemType(List roleIds, String itemType) { if (roleIds.size() == 0) { return Collections.EMPTY_LIST; } QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getItemType, itemType); queryWrapper.lambda().in(AuthorizeEntity::getObjectId, roleIds); return this.list(queryWrapper); } @Override public String save(AuthorizeDataUpForm form) { String errStr = ""; try { UserInfo userInfo = UserProvider.getUser(); String objectType = form.getObjectType(); String objectId = form.getObjectId(); List objectList = new ArrayList<>(); List authorizeList = new ArrayList<>(); PosConModel posConModel = null; // 设置权限归属对象 if (PermissionConst.ORGANIZE.equals(objectType)) { setEntity(new String[]{objectId}, PermissionConst.ORGANIZE, objectList, true); } if (PermissionConst.POSITION.equals(objectType)) { setEntity(new String[]{objectId}, PermissionConst.POSITION, objectList, true); PositionEntity info = positionService.getInfo(objectId); if (Objects.equals(info.getIsCondition(), 1)) { posConModel = JsonUtil.getJsonToBean(info.getConditionJson(), PosConModel.class); posConModel.init(); } } if (PermissionConst.ROLE.equals(objectType)) { setEntity(new String[]{objectId}, PermissionConst.ROLE, objectList, true); RoleEntity info = roleService.getInfo(objectId); if (Objects.equals(info.getIsCondition(), 1)) { posConModel = JsonUtil.getJsonToBean(info.getConditionJson(), PosConModel.class); posConModel.init(); } } List sysList = systemApi.getList(); List mainSysIds = sysList.stream().filter(t -> Objects.equals(t.getIsMain(), 1)).map(SystemEntity::getId).collect(Collectors.toList()); if (form.getModule() != null) { List menuList = Arrays.asList(form.getModule()); List menuEntityList = moduleApi.getModuleByIds(menuList); Set array = new HashSet<>(menuList); //超出权限基数的截取 if (posConModel != null && posConModel.getNumFlag()) { //移除非菜单数据,用于基数计算 List menuIds = menuEntityList.stream().map(ModuleEntity::getId).collect(Collectors.toList()); array = menuList.stream().filter(menuIds::contains).collect(Collectors.toSet()); List listByObjectId = this.getListByObjectId(objectId, PermissionConst.MODULE).stream().map(AuthorizeEntity::getItemId).collect(Collectors.toList()); listByObjectId.removeAll(mainSysIds); if (listByObjectId.size() > 0 && menuList.size() == listByObjectId.size() && menuList.containsAll(listByObjectId)) { return ""; } //修改的时候权限包含原来的全部权限-并且原权限已达基数。 if (listByObjectId.size() > 0 && menuList.size() > posConModel.getPermissionNum() && menuList.containsAll(listByObjectId)) { throw new DataException(MsgCode.SYS144.get()); } //权限基数的时候只算实际菜单 List collect = menuEntityList.stream().filter(t -> !Objects.equals(t.getType(), 1)).map(ModuleEntity::getId).collect(Collectors.toList()); List collect1 = menuList.stream().filter(t -> collect.contains(t)).collect(Collectors.toList()); int num = collect1.size() - posConModel.getPermissionNum(); if (num > 0) { errStr = MsgCode.SYS145.get(); List newIds = collect1.subList(0, posConModel.getPermissionNum()); newIds.addAll(getParentMenu(menuEntityList, new HashSet<>(newIds))); array = new HashSet<>(newIds); } } Set systemIds = new HashSet<>(); Set moduleIds = new HashSet<>(array); for (ModuleEntity item : menuEntityList) { if (array.contains(item.getId())) { moduleIds.add(item.getSystemId()); systemIds.add(item.getSystemId()); if (mainSysIds.contains(item.getSystemId())) { moduleIds.add(CodeConst.XTCD); } else { moduleIds.add(CodeConst.YYCD); if (JnpfConst.WEB.equals(item.getCategory())) { moduleIds.add(item.getSystemId() + "2"); } if (JnpfConst.APP.equals(item.getCategory())) { moduleIds.add(item.getSystemId() + "1"); } } } } form.setModule(moduleIds.toArray(new String[0])); form.setSystemIds(systemIds.toArray(new String[0])); setEntity(form.getSystemIds(), AuthorizeConst.SYSTEM, authorizeList, false); } // 设置权限模块 setEntity(form.getButton(), AuthorizeConst.BUTTON, authorizeList, false); setEntity(form.getModule(), AuthorizeConst.MODULE, authorizeList, false); setEntity(form.getColumn(), AuthorizeConst.COLUMN, authorizeList, false); setEntity(form.getResource(), AuthorizeConst.RESOURCE, authorizeList, false); setEntity(form.getForm(), AuthorizeConst.FROM, authorizeList, false); //todo 删除角色相关信息 移除下级权限 List allOrgList = organizeService.getList(true); List allPosList = positionService.getList(true); List objectIdAll = objectList.stream().map(AuthorizeEntity::getObjectId).collect(Collectors.toList()); //移除关联子数据 deleteAllAuth(form, allOrgList, allPosList); //移除权限缓存 this.removeAuthByUserOrMenu(null, Arrays.asList(form.getModule())); //移除权限 String ids = String.join(",", objectIdAll); JdbcUtil.creUpDe(new PrepSqlDTO(XSSEscape.escapeEmpty(SqlFrameFastUtil.AUTHOR_DEL.replace("{authorizeIds}", ids))).withConn(dataSourceUtils, null)); //权限变更提示 List userIds = new ArrayList<>(); List listIds = new ArrayList<>(); if (PermissionConst.ORGANIZE.equals(objectType)) { List orgIds = allOrgList.stream().filter(t -> t.getOrganizeIdTree().contains(objectId)) .map(OrganizeEntity::getId).collect(Collectors.toList()); List posIds = allPosList.stream().filter(t -> listIds.contains(t.getOrganizeId())).map(PositionEntity::getId).collect(Collectors.toList()); listIds.addAll(orgIds); listIds.addAll(posIds); } if (PermissionConst.POSITION.equals(objectType)) { List positionIds = allPosList.stream().filter(t -> StringUtil.isNotEmpty(t.getPositionIdTree()) && t.getPositionIdTree().contains(objectId)) .map(PositionEntity::getId).collect(Collectors.toList()); listIds.addAll(positionIds); } if (PermissionConst.ROLE.equals(objectType)) { List listByRoleId = roleRelationService.getListByRoleId(objectId, null); for (RoleRelationEntity rre : listByRoleId) { if (PermissionConst.ORGANIZE.equals(rre.getObjectType())) { List orgIds = allOrgList.stream().filter(t -> t.getOrganizeIdTree().contains(rre.getObjectId())) .map(OrganizeEntity::getId).collect(Collectors.toList()); List posIds = allPosList.stream().filter(t -> listIds.contains(t.getOrganizeId())).map(PositionEntity::getId).collect(Collectors.toList()); listIds.addAll(orgIds); listIds.addAll(posIds); } else if (PermissionConst.POSITION.equals(rre.getObjectType())) { List positionIds = allPosList.stream().filter(t -> t.getPositionIdTree().contains(rre.getObjectId())) .map(PositionEntity::getId).collect(Collectors.toList()); listIds.addAll(positionIds); } else { userIds.addAll(listByRoleId.stream().map(RoleRelationEntity::getObjectId).collect(Collectors.toList())); } } } if (listIds.size() > 0) { List listByObjectIdAll = userRelationService.getListByObjectIdAll(listIds); userIds.addAll(listByObjectIdAll.stream().map(UserRelationEntity::getUserId).collect(Collectors.toList())); } // 插入数据 String sql = DbTypeUtil.checkOracle(dataSourceUtils) || DbTypeUtil.checkPostgre(dataSourceUtils) ? SqlFrameFastUtil.INSERT_AUTHORIZE2 : SqlFrameFastUtil.INSERT_AUTHORIZE; String column_key = StringUtil.EMPTY, column_plceholder = StringUtil.EMPTY, column_value = TenantDataSourceUtil.getTenantColumn(); if (StringUtil.isNotEmpty(column_value)) { column_key = StrPool.COMMA + configValueUtil.getMultiTenantColumn(); column_plceholder = ",?"; } sql = sql.replace("%COLUMN_KEY%", column_key).replace("%COLUMN_PLACEHOLDER%", column_plceholder); PrepSqlDTO dto = new PrepSqlDTO(sql).withConn(dataSourceUtils, null); for (int i = 0; i < objectList.size(); i++) { for (AuthorizeEntity entityItem : authorizeList) { List data = new LinkedList<>(); data.add(RandomUtil.uuId()); data.add(entityItem.getItemType()); data.add(entityItem.getItemId()); data.add(objectList.get(i).getObjectType()); data.add(objectList.get(i).getObjectId()); data.add(i); data.add(DateUtil.getNow()); data.add(userInfo.getUserId()); if (StringUtil.isNotEmpty(column_value)) { data.add(column_value); } dto.addMultiData(data); } } JdbcUtil.creUpDeBatchOneSql(dto); userService.delCurUser(MsgCode.PS010.get(), userIds); } catch (DataException e1) { e1.printStackTrace(); log.error("权限报错:" + e1.getMessage()); throw new DataException(e1.getMessage()); } catch (Exception e) { e.printStackTrace(); log.error("权限报错:" + e.getMessage()); } return errStr; } private Set getParentMenu(List allMenu, Set childIds) { Set newIds = new HashSet<>(); if (CollectionUtil.isNotEmpty(childIds)) { for (ModuleEntity menu : allMenu) { if (childIds.contains(menu.getId()) && !"-1".equals(menu.getParentId())) { newIds.add(menu.getParentId()); } } if (CollectionUtil.isNotEmpty(newIds)) { newIds.addAll(getParentMenu(allMenu, newIds)); } newIds.addAll(childIds); } return newIds; } /** * 删除子权限 * * @param form * @param allOrgList * @param allPosList */ private void deleteAllAuth(AuthorizeDataUpForm form, List allOrgList, List allPosList) { List roleRealationList = roleRelationService.list(new QueryWrapper<>()); List allAuthList = this.list(new QueryWrapper<>()); Map> allAuthMap = allAuthList.stream().collect(Collectors.groupingBy(AuthorizeEntity::getObjectId)); //表单提交的列表 List systemSave = form.getSystemIds() == null ? Collections.EMPTY_LIST : Arrays.asList(form.getModule()); List moduleSave = form.getModule() == null ? Collections.EMPTY_LIST : Arrays.asList(form.getModule()); List buttonSave = form.getButton() == null ? Collections.EMPTY_LIST : Arrays.asList(form.getButton()); List columnSave = form.getColumn() == null ? Collections.EMPTY_LIST : Arrays.asList(form.getColumn()); List resourceSave = form.getResource() == null ? Collections.EMPTY_LIST : Arrays.asList(form.getResource()); List formSave = form.getForm() == null ? Collections.EMPTY_LIST : Arrays.asList(form.getForm()); String objectId = form.getObjectId(); //递归获取 List deleteAllAuth = AuthPermUtil.getDelAllAuth(AuthorizeSaveParam .builder().objectId(form.getObjectId()).objectType(form.getObjectType()).allOrgList(allOrgList).allPosList(allPosList).allAuthMap(allAuthMap) .roleRealationList(roleRealationList) .systemSave(systemSave).moduleSave(moduleSave).buttonSave(buttonSave).columnSave(columnSave).resourceSave(resourceSave).formSave(formSave) .build()); if (CollectionUtil.isNotEmpty(deleteAllAuth)) { QueryWrapper qw = new QueryWrapper<>(); if (deleteAllAuth.size() > 1000) { List> lists = Lists.partition(deleteAllAuth, 1000); for (List list : lists) { qw.lambda().in(AuthorizeEntity::getId, list).or(); } } else { qw.lambda().in(AuthorizeEntity::getId, deleteAllAuth); } this.remove(qw); } } /** * 权限 */ private void setEntity(String[] ids, String type, List entityList, Boolean objectFlag) { if (ids != null) { for (String id : ids) { AuthorizeEntity entity = new AuthorizeEntity(); if (objectFlag) { entity.setObjectType(type); entity.setObjectId(id); } else { entity.setItemType(type); entity.setItemId(id); } entityList.add(entity); } } } @Override public List getListByUserId(boolean isAdmin, String userId, boolean standingfilter) { if (!isAdmin) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(UserRelationEntity::getUserId, userId); queryWrapper.lambda().eq(UserRelationEntity::getObjectType, PermissionConst.POSITION); List list = userRelationService.list(queryWrapper); List userRelationList = list.stream().map(u -> u.getObjectId()).collect(Collectors.toList()); userRelationList.add(userId); List roleList = roleRelationService.getListByObjectId(userRelationList, null) .stream().map(RoleRelationEntity::getRoleId).collect(Collectors.toList()); userRelationList.addAll(roleList); //如果开启身份,根据身份过滤部分权限 List listByObjectId = this.getListByObjectId(userRelationList); List standingList = listByObjectId.stream().filter(t -> PermissionConst.STAND.equals(t.getItemId())).collect(Collectors.toList()); if (standingfilter && configValueUtil.isStandingSwitch() && standingList.size() > 0) { UserEntity info = userService.getInfo(userId); List authorizeByItem = this.getAuthorizeByItem(PermissionConst.STAND, info.getStanding()); List collect = authorizeByItem.stream().map(AuthorizeEntity::getObjectId).collect(Collectors.toList()); userRelationList = userRelationList.stream().filter(t -> collect.contains(t)).collect(Collectors.toList()); } if (CollectionUtil.isEmpty(userRelationList)) { return Collections.EMPTY_LIST; } QueryWrapper wrapper = new QueryWrapper<>(); wrapper.lambda().in(AuthorizeEntity::getObjectId, userRelationList); return this.list(wrapper); } else { return Collections.EMPTY_LIST; } } @Override public List getListByPosOrRoleId(String objectId, String objectType) { QueryWrapper wrapper = new QueryWrapper<>(); if (PermissionConst.POSITION.equals(objectType)) { List posId = userRelationService.getListByObjectId(objectId, objectType).stream().map(u -> u.getObjectId()).collect(Collectors.toList()); List posRoleList = roleRelationService.getListByObjectId(posId, null) .stream().map(RoleRelationEntity::getRoleId).collect(Collectors.toList()); posId.addAll(posRoleList); wrapper.lambda().in(AuthorizeEntity::getObjectId, posId); } else { wrapper.lambda().eq(AuthorizeEntity::getObjectId, objectId); wrapper.lambda().eq(AuthorizeEntity::getObjectType, PermissionConst.ROLE); } return this.list(wrapper); } @Override public List getListByObjectId(List objectId) { if (objectId.size() == 0) { return new ArrayList<>(); } QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().in(AuthorizeEntity::getObjectId, objectId); return this.list(queryWrapper); } @Override public Boolean existAuthorize(String roleId, String systemId) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getObjectId, roleId); if (StringUtil.isNotEmpty(systemId)) { queryWrapper.lambda().eq(AuthorizeEntity::getItemId, systemId); queryWrapper.lambda().eq(AuthorizeEntity::getItemType, AuthorizeConst.SYSTEM); } return this.count(queryWrapper) > 0; } @Override public List getListByRoleId(String roleId) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getObjectId, roleId); return this.list(queryWrapper); } @Override public List getListByObjectId(String objectId, String itemType) { QueryWrapper queryWrapper = new QueryWrapper<>(); if (StringUtil.isNotEmpty(objectId)) { queryWrapper.lambda().eq(AuthorizeEntity::getObjectId, objectId); } queryWrapper.lambda().eq(AuthorizeEntity::getItemType, itemType); return this.list(queryWrapper); } @Override public List getListByObjectAndItem(String itemId, String objectType) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getObjectType, objectType).eq(AuthorizeEntity::getItemId, itemId); return this.list(queryWrapper); } @Override public List getListByObjectAndItemIdAndType(String itemId, String itemType) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(AuthorizeEntity::getItemType, itemType).eq(AuthorizeEntity::getItemId, itemId); return this.list(queryWrapper); } @Override public List getUserStanding(boolean isLogin, String userId) { return getUserStanding(isLogin, userId, null); } @Override public List getUserStanding(boolean isLogin, String userId, String loginDevice) { UserInfo userInfo = UserProvider.getUser(); List systemVOS = new ArrayList<>(); UserEntity info = userService.getInfo(userId); String device = StringUtil.isNotEmpty(loginDevice) ? loginDevice : userInfo.getLoginDevice(); if (DeviceType.PC.getDevice().equals(device)) { if (ObjectUtil.isNotEmpty(info.getStanding())) { UserSystemVO vo = new UserSystemVO(); vo.setId(info.getStanding() + ""); vo.setCurrentStanding(true); systemVOS.add(vo); } } else { if (ObjectUtil.isNotEmpty(info.getAppStanding())) { UserSystemVO vo = new UserSystemVO(); vo.setId(info.getAppStanding() + ""); vo.setCurrentStanding(true); systemVOS.add(vo); } } List infoByUserId = organizeAdminIsTratorService.getInfoByUserId(userId); if (isLogin) { if (infoByUserId.size() > 0) { UserSystemVO vo = new UserSystemVO(); vo.setId("2"); systemVOS.add(vo); } } else { if (systemVOS.size() == 0) { if (Objects.equals(info.getIsAdministrator(), 1)) { UserSystemVO vo = new UserSystemVO(); vo.setId("1"); systemVOS.add(vo); } else if (infoByUserId.size() > 0) { UserSystemVO vo = new UserSystemVO(); vo.setId("2"); systemVOS.add(vo); } else { UserSystemVO vo = new UserSystemVO(); vo.setId("3"); systemVOS.add(vo); } } } return systemVOS; } @Override @DS("") public List getConditionSql(String moduleId, String systemCode) { List list = new ArrayList<>(); UserInfo userInfo = UserProvider.getUser(); String reidsKey = cacheKeyUtil.getUserAuthorize() + moduleId + "_" + userInfo.getUserId(); long time = 60 * 5; AuthorizeVO model; if (redisUtil.exists(reidsKey)) { model = JsonUtil.getJsonToBean(redisUtil.getString(reidsKey).toString(), AuthorizeVO.class); } else { model = this.getAuthorize(false, systemCode, 0); redisUtil.insert(reidsKey, JsonUtil.getObjectToString(model), time); } if (model == null) { return new ArrayList<>(); } List resourceListAll = model.getResourceList().stream().filter(m -> m.getModuleId().equals(moduleId)).collect(Collectors.toList()); //先遍历一次 查找其中有没有全部方案 boolean isAll = resourceListAll.stream().filter(item -> "jnpf_alldata".equals(item.getEnCode()) || item.getEnCode().startsWith("jnpf_alldata")).count() > 0; //未分配权限方案 if (isAll || userInfo.getIsAdministrator()) { SuperJsonModel superJsonModel = new SuperJsonModel(); list.add(superJsonModel); return list; } Map> authorizeMap = resourceListAll.stream().filter(t -> StringUtil.isNotEmpty(t.getObjectId())).collect(Collectors.groupingBy(ma -> ma.getObjectId())); int num = 0; //方案 for (String key : authorizeMap.keySet()) { List resourceList = authorizeMap.get(key); boolean authorizeLogic = num == 0; for (ResourceModel item : resourceList) { AuthConditionModel authConditionModel = JsonUtil.getJsonToBean(item.getConditionJson(), AuthConditionModel.class); String matchLogic = authConditionModel.getMatchLogic(); List conditionList = new ArrayList<>(); //分组 for (AuthGroup group : authConditionModel.getConditionList()) { String logic = group.getLogic(); List groupList = new ArrayList<>(); //条件 for (AuthItem fieldItem : group.getGroups()) { FieLdsModel fieLdsModel = JsonUtil.getJsonToBean(fieldItem, FieLdsModel.class); String itemField = fieldItem.getField(); String table = fieldItem.getTableName(); String vModel = ""; if (itemField.contains("_jnpf_")) { vModel = itemField.split("_jnpf_")[1]; } else if (itemField.toLowerCase().startsWith("tablefield")) { vModel = itemField.split("-")[1]; } else { vModel = itemField; } ConfigModel config = fieLdsModel.getConfig(); String jnpfKey = fieldItem.getJnpfKey(); if (AuthorizeConditionEnum.CURRENTTIME.getCondition().equals(jnpfKey)) { jnpfKey = AuthorizeConst.DATE_PICKER; } config.setJnpfKey(jnpfKey); config.setTableName(table); fieLdsModel.setConfig(config); fieLdsModel.setSymbol(fieldItem.getSymbol()); fieLdsModel.setVModel(vModel); fieLdsModel.setId(itemField); fieLdsModel.setFieldValue(fieldItem.getFieldValue()); groupList.add(fieLdsModel); } //搜索条件 SuperQueryJsonModel queryJsonModel = new SuperQueryJsonModel(); queryJsonModel.setGroups(groupList); queryJsonModel.setLogic(logic); conditionList.add(queryJsonModel); } if (conditionList.size() > 0) { SuperJsonModel superJsonModel = new SuperJsonModel(); superJsonModel.setMatchLogic(matchLogic); superJsonModel.setConditionList(conditionList); superJsonModel.setAuthorizeLogic(authorizeLogic); list.add(superJsonModel); } } num += list.size() > 0 ? 1 : 0; } return list; } @Override public void removeAuthByUserOrMenu(List userIds, List menuIds) { userIds = userIds == null ? new ArrayList<>() : userIds; menuIds = menuIds == null ? new ArrayList<>() : menuIds; Set allKeys = redisUtil.getAllKeys(); for (String cacheKey : allKeys) { for (String user : userIds) { if (cacheKey.startsWith(cacheKeyUtil.getUserAuthorize()) && cacheKey.contains(user)) { redisUtil.remove(cacheKey); } } for (String menuId : menuIds) { if (cacheKey.startsWith(cacheKeyUtil.getUserAuthorize()) && cacheKey.contains(menuId)) { redisUtil.remove(cacheKey); } } } } @Override public boolean getUserCurrentStanding(String userId, Integer standType) { if (UserProvider.getUser() == null || UserProvider.getUser().getUserId() == null) return false; List userStanding = this.getUserStanding(false, UserProvider.getUser().getUserId()); if (standType != null && userStanding.stream().anyMatch(t -> standType.toString().equals(t.getId()))) { return true; } return false; } }