修改集团和区域公司判断功能权限的逻辑，组织机构相关团队中增加附加角色的概念

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/config/AuthMgrConfig.java

@@ -7,11 +7,14 @@ import com.beecode.inz.authmgr.dao.AuthManagerDao;
 import com.beecode.inz.authmgr.exception.ExceptionReaper;
 import com.beecode.inz.authmgr.internal.dao.AuthManagerDaoImpl;
 import com.beecode.inz.authmgr.internal.service.AuthManagerServiceImpl;
+import com.beecode.inz.authmgr.internal.service.FunctionTreeServiceImpl;
 import com.beecode.inz.authmgr.internal.service.RoleManagerServiceImpl;
 import com.beecode.inz.authmgr.log.AuthmgrLogAspect;
 import com.beecode.inz.authmgr.service.AuthManagerService;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
 import com.beecode.inz.authmgr.service.RoleManagerService;
 import com.beecode.inz.authmgr.web.AuthMgrController;
+import com.beecode.inz.authmgr.web.FunctionTreeController;
 import com.beecode.inz.authmgr.web.RoleController;
 import com.beecode.inz.authmgr.web.SysAuthMgrController;
 
@@ -58,4 +61,15 @@ public class AuthMgrConfig {
 	public RoleManagerService createRoleManagerService(){
 		return new RoleManagerServiceImpl();
 	}
+	
+	@Bean
+	public FunctionTreeController createFunctionTreeController() {
+		return new FunctionTreeController();
+	}
+	
+	@Bean
+	public FunctionTreeService createFunctionTreeService(){
+		return new FunctionTreeServiceImpl();
+	}
+	
 }

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/service/FunctionTreeService.java

+package com.beecode.inz.authmgr.service;
+
+import java.util.List;
+
+import com.beecode.bap.functree.FunctionTreeDefinition;
+import com.beecode.inz.authmgr.domain.PrivilegeInfo;
+
+public interface FunctionTreeService {
+
+	FunctionTreeDefinition getFunctionTreeDefinition(String name);
+	
+	List<PrivilegeInfo> getCurrentStaffGrantAuth();
+}

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java

@@ -49,6 +49,7 @@ import com.beecode.inz.authmgr.domain.RoleGroupInfo;
 import com.beecode.inz.authmgr.domain.StaffInfo;
 import com.beecode.inz.authmgr.exception.AuthDataMissingException;
 import com.beecode.inz.authmgr.service.AuthManagerService;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
 import com.beecode.inz.authmgr.vo.AccessorPrivilegePara;
 import com.beecode.inz.common.dao.FollowerDao;
 import com.beecode.inz.common.service.ByIdService;
@@ -78,6 +79,9 @@ public class AuthMgrController {
 	private FollowerPrivilegeService followerPrivilegeService;
 	
 	@Autowired
+	private FunctionTreeService functionTreeService;
+	
+	@Autowired
 	private FollowerDao followerDao;
 
 	@Autowired
@@ -148,11 +152,21 @@ public class AuthMgrController {
 		} else {
 			Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
 			Assert.notNull(privilege, "没有找到对应的权限项：" + privilegeName);
-			if (roleId == null) {
-				return privilegeService.canAccess(privilege.getId(), null);
-			} else {
-				return privilegeService.canAccess(privilege.getId(), roleId, null);
+			//修改判断单个功能权限的逻辑
+			List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
+			boolean result = false;
+			for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
+				if(privilegeInfo.getId().equals(privilege.getId())) {
+					result = true;
+					break;
+				}
 			}
+			return result;
+//			if (roleId == null) {
+//				return privilegeService.canAccess(privilege.getId(), null);
+//			} else {
+//				return privilegeService.canAccess(privilege.getId(), roleId, null);
+//			}
 		}
 
 	}
@@ -215,11 +229,19 @@ public class AuthMgrController {
 		boolean canAccess = false;
 		try {
 			Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
-			if (roleId == null) {
-				canAccess = privilegeService.canAccess(privilege.getId(), null);
-			} else {
-				canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
+			//修改判断单个功能权限的逻辑
+			List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
+			for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
+				if(privilegeInfo.getId().equals(privilege.getId())) {
+					canAccess = true;
+					break;
+				}
 			}
+//			if (roleId == null) {
+//				canAccess = privilegeService.canAccess(privilege.getId(), null);
+//			} else {
+//				canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
+//			}
 		} catch (Exception e) {
 			logger.warn(MessageFormat.format("查询标志权限出错，具体参数为：权限项名称：【{0}】,角色id：【{1}】", privilegeName, roleId), e);
 			canAccess = false;
@@ -228,14 +250,19 @@ public class AuthMgrController {
 	}
 
 	@RequestMapping(value = "rolegroups/commongroup", method = RequestMethod.GET)
-	public List<RoleGroupInfo> getCommonRoleGroups() {
+	public List<RoleGroupInfo> getCommonRoleGroups(@RequestParam(name = "regionalCompanyId", required = false) UUID regionalCompanyId) {
 		List<RoleGroupInfo> roleGroupInfos = new ArrayList<>();
 		List<Group> groups = groupService.getChildren(roleService.getRoleGroupCategoryId(), getRootGroup().getId());
 		if (groups != null) {
 			groups.forEach((children) -> {
 				RoleGroupInfo groupInfo = new RoleGroupInfo(children);
 				List<Role> roles = groupService.getItems(children.getId(), Role.class, null);
-				KObject currentRegionalCompany = getCurrentLoginRegionalCompany();
+				UUID currentRegionalCompany = null;
+				if(regionalCompanyId != null) {
+					currentRegionalCompany = regionalCompanyId;
+				} else {
+					currentRegionalCompany = getCurrentLoginRegionalCompany().getUuid("id");
+				}
 				
 				for(int i = 0; i < roles.size(); i++) {
 					List<User> user = identityService.getUsers(roles.get(i).getCreateUser());
@@ -247,7 +274,7 @@ public class AuthMgrController {
 					for(KObject following : followingList) {
 						organizaitonList.add(following.get("following").getUuid("id"));
 					}
-					if(!organizaitonList.contains(currentRegionalCompany.getUuid("id"))) {
+					if(!organizaitonList.contains(currentRegionalCompany)) {
 						roles.remove(i);
 						i--;
 					}

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/FunctionTreeController.java

+package com.beecode.inz.authmgr.web;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.beecode.bap.functree.FunctionTreeDefinition;
+import com.beecode.bap.functree.util.FunctionTreeConstants;
+import com.beecode.bap.functree.vo.FunctionTreeObj;
+import com.beecode.inz.authmgr.service.FunctionTreeService;
+
+@RestController
+public class FunctionTreeController {
+	
+	@Autowired
+	private FunctionTreeService functionTreeService;
+
+	/**
+	 * 将BAP中的逻辑复制出来，修改其中逻辑
+	 * @param name
+	 * @return
+	 */
+	@RequestMapping(value = "/basis/xyst/functionTree", method = RequestMethod.GET)
+	public Object getFunctionTreeByName(@RequestParam(required = false) String name) {
+		
+		String functreeName = FunctionTreeConstants.DEFAULT_FUNCTION_TREE_METADATA_NAME;
+		if(StringUtils.hasLength(name)) {
+			functreeName = name;
+		}
+		FunctionTreeDefinition functionDefinition = functionTreeService.getFunctionTreeDefinition(functreeName);
+		return new FunctionTreeObj(functionDefinition);
+	}
+}

backend/inz.common/src/main/java/com/beecode/inz/common/internal/service/FollowerServiceImpl.java

@@ -5,6 +5,7 @@ import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;
 
 import javax.transaction.Transactional;
@@ -13,6 +14,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 
 import com.beecode.amino.metadata.context.support.ApplicationMetadataObjectSupport;
 import com.beecode.bap.staff.service.StaffService;
+import com.beecode.bcp.authz.Role;
+import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.type.KClass;
 import com.beecode.bcp.type.KObject;
 import com.beecode.inz.common.dao.FollowerDao;
@@ -33,6 +36,9 @@ public class FollowerServiceImpl extends ApplicationMetadataObjectSupport implem
 	private StaffService staffService;
 	
 	@Autowired
+	private RoleService roleService;
+	
+	@Autowired
 	private ByIdService byIdService;
 
 	@Override
@@ -59,6 +65,10 @@ public class FollowerServiceImpl extends ApplicationMetadataObjectSupport implem
 				KObject kobject = type.newInstance();
 				kobject.set("role", body.getRole());
 				kobject.set("member", staff);
+				if(!body.getAttachRole().equals("")) {
+					Optional<Role> role = roleService.get(UUID.fromString(body.getAttachRole()));
+					kobject.set("attachRole", role.get().getId());
+				}
 				kobject.set(body.getEntityFieldName(), byIdService.byId(body.getEntityModelName(), UUID.fromString(body.getEntityIds()[i])));
 				kobject.set("readonly", body.getReadonly());
 				kobject.validate();

backend/inz.common/src/main/java/com/beecode/inz/common/pojo/FollowerEntityBatchAdd.java

@@ -4,6 +4,8 @@ public class FollowerEntityBatchAdd {
 	
 	private String role;
 	
+	private String attachRole;
+	
 	private String[][] staffIds;
 	
 	private Boolean readonly;
@@ -25,6 +27,14 @@ public class FollowerEntityBatchAdd {
 	}
 
 
+	public String getAttachRole() {
+		return attachRole;
+	}
+
+	public void setAttachRole(String attachRole) {
+		this.attachRole = attachRole;
+	}
+
 	public Boolean getReadonly() {
 		return readonly;
 	}

backend/inz.common/src/main/java/com/beecode/inz/common/web/FollowerController.java

@@ -4,8 +4,11 @@ package com.beecode.inz.common.web;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.Optional;
 import java.util.UUID;
 
+import org.json.JSONArray;
+import org.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -14,6 +17,8 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.beecode.bcp.authz.Role;
+import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.type.KObject;
 import com.beecode.bcp.type.json.JSONObjectUtils;
 import com.beecode.inz.common.pojo.FollowerEntity;
@@ -22,6 +27,7 @@ import com.beecode.inz.common.pojo.FollowerEntityBatchDelete;
 import com.beecode.inz.common.pojo.FollowerEntityBatchEdit;
 import com.beecode.inz.common.pojo.FollowerEntityDelete;
 import com.beecode.inz.common.service.FollowerService;
+import com.fasterxml.jackson.databind.JsonNode;
 
 @RestController
 public class FollowerController {
@@ -29,17 +35,31 @@ public class FollowerController {
 	@Autowired
 	private FollowerService service;
 	
+	@Autowired
+	private RoleService roleService;
+	
 	@RequestMapping(value = "/common/followers/query", method = RequestMethod.POST, consumes = "application/json")
 	public Object query(@RequestBody FollowerEntity body) {
 		List<KObject> o = service.query(body);
+		JSONArray result = new JSONArray();
 		String s="";
 		if(o.size()<1){
 			s="[]";
 		}else{
 			for(KObject kObject : o){
 				kObject.setNull(body.getEntityFieldName());//断开json的死循环，这样做可能不妥
+				JsonNode node = JSONObjectUtils.toJson(kObject);
+				JSONObject obj = new JSONObject(node.toString());
+				UUID attachRole = kObject.getUuid("attachRole");
+				if(attachRole != null) {
+					Optional<Role> role = roleService.get(attachRole);
+					if(role.isPresent()) {
+						obj.put("attachRoleName", role.get().getTitle());
+					}
+				}
+				result.put(obj);
 			}
-			s = JSONObjectUtils.toJson(o, true, false).toString();
+			s = result.toString();
 		}
 	
 		return s;

backend/xyst.dinas.biz/src/main/model/com/xyst/dinas/biz/follower/datamodel/OrganizationFollower.mk

@@ -16,6 +16,10 @@
  				<annotation id='f4ec7a01-60f9-4da3-b262-7503c331d6f3' attributeId='6e6fec32-e8c0-4cca-acce-6fb94301355c' name='length' value='undefined'>
  				</annotation>
 			</attribute>
+			<attribute id='c2e179a2-a40b-421e-9665-0b3b6c9ca626' name='attachRole' columnName='attach_role' title='附加角色' type='uuid' default='' precision='' isArray='false'>
+ 				<annotation id='313c2ab2-5408-4252-b873-08c0fb9dd2a7' attributeId='9d00a458-100b-4b74-8a97-11bdda45a50a' name='length' value='undefined'>
+ 				</annotation>
+			</attribute>
 			<hibernate>/xyst.dinas.biz/src/main/resources/config/OrganizationFollower.hbm.xml</hibernate>
 		</dataModel>
 	</content>

backend/xyst.dinas.biz/src/main/resources/com/xyst/dinas/biz/follower/datamodel/OrganizationFollower.jmx

@@ -60,6 +60,25 @@
 					<m:description></m:description>
 					<m:default></m:default>
 				</m:attribute>
+				<m:attribute>
+					<m:annotations>
+						<m:annotation>
+							<m:type>javax.persistence.Column</m:type>
+							<m:properties>
+								<m:property>
+									<m:key>name</m:key>
+									<m:value>attach_role</m:value>
+								</m:property>
+							</m:properties>
+						</m:annotation>
+					</m:annotations>
+					<m:id>c2e179a2-a40b-421e-9665-0b3b6c9ca626</m:id>
+					<m:name>attachRole</m:name>
+					<m:title>附加角色</m:title>
+					<m:type>uuid</m:type>
+					<m:description></m:description>
+					<m:default></m:default>
+				</m:attribute>
 			</m:attributes>
 		</m:class>
 	</content>

backend/xyst.dinas.biz/src/main/resources/config/OrganizationFollower.hbm.xml

@@ -20,5 +20,8 @@
 		<many-to-one name="following" entity-name="com.xyst.dinas.biz.datamodel.xystOrganization" fetch="select">
 			<column name="following"  not-null="false"/>
 		</many-to-one>
+		<property name="attachRole" type="uuid-binary" not-null="false">
+			<column name="attach_role" length="16"></column>
+		</property>
 	</class>
 </hibernate-mapping>
\ No newline at end of file