增加权限接口用于初始化新业务管理员的授权权限

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/internal/service/AuthManagerServiceImpl.java

 package com.beecode.inz.authmgr.internal.service;
 
 import java.text.MessageFormat;
+import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Comparator;
+import java.util.EnumSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.UUID;
 import java.util.stream.Collectors;
 
@@ -14,6 +18,7 @@ import javax.transaction.Transactional;
 import org.apache.commons.collections4.CollectionUtils;
 import org.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.ApplicationEventPublisherAware;
 import org.springframework.util.Assert;
@@ -27,15 +32,24 @@ import com.beecode.bap.staff.service.StaffService;
 import com.beecode.bap2.common.license.LicenseProperty;
 import com.beecode.bap2.common.license.service.LicensePropertyService;
 import com.beecode.bcp.User;
+import com.beecode.bcp.authz.AuthzConstants;
 import com.beecode.bcp.authz.AuthzType;
 import com.beecode.bcp.authz.Identity;
 import com.beecode.bcp.authz.Privilege;
+import com.beecode.bcp.authz.PrivilegeParam;
 import com.beecode.bcp.authz.Role;
+import com.beecode.bcp.authz.RuleContent;
+import com.beecode.bcp.authz.dao.PrivilegeDao;
+import com.beecode.bcp.authz.internal.Authorization;
 import com.beecode.bcp.authz.internal.InternalAuthzConstants;
+import com.beecode.bcp.authz.internal.ObjectAuthorization;
+import com.beecode.bcp.authz.internal.RuleAuthorization;
+import com.beecode.bcp.authz.internal.TokenAuthorization;
 import com.beecode.bcp.authz.service.IdentityService;
 import com.beecode.bcp.authz.service.PrivilegeMetaService;
 import com.beecode.bcp.authz.service.PrivilegeService;
 import com.beecode.bcp.authz.service.RoleService;
+import com.beecode.bcp.authz.service.SysIdentityService;
 import com.beecode.bcp.group.service.GroupService;
 import com.beecode.bcp.type.KClass;
 import com.beecode.bcp.type.KObject;
@@ -87,6 +101,14 @@ public class AuthManagerServiceImpl implements AuthManagerService,ApplicationEve
 	
 	private ApplicationEventPublisher applicationEventPublisher;
 	
+	@Autowired
+	@Qualifier(AuthzConstants.BEAN_PRIVILEGE_DAO)
+	private PrivilegeDao privilegeDao;
+
+	@Autowired
+	@Qualifier(AuthzConstants.BEAN_SYSIDENTITY_SERVICE)
+	private SysIdentityService sysIdentityService;
+	
 	@Override
 	@Transactional
 	public void grantRole(UUID roleId, List<UUID> staffIds) {
@@ -446,4 +468,109 @@ public class AuthManagerServiceImpl implements AuthManagerService,ApplicationEve
 	public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
 		this.applicationEventPublisher = applicationEventPublisher;
 	}
+
+	@Override
+	@Transactional
+	public void grantDelegate() {
+		List<PrivilegeInfo> privilegeList = getAllPrivilegeInfo().stream()
+				.filter(privilegeInfo -> !InternalAuthzConstants.ADMIN_PRIVILEGE_ID.equals(privilegeInfo.getId()))
+				.sorted(Comparator.comparing(PrivilegeInfo::getOrderIndex)).collect(Collectors.toList());
+		Optional<Role> role = roleService.getByName("xystBizManagerRole");
+		if(role.isPresent()) {
+			UUID roleId = role.get().getId();
+			for (PrivilegeInfo info : privilegeList) {
+				Privilege privilege = getPrivilege(info.getId());
+				Authorization authorization = createAuthorization(privilege, roleId, null, EnumSet.of(AuthzType.DELEGATE));
+				Authorization current = getCurrent(authorization);
+				if (current == null || current.isCanDelegate()) {
+					privilegeDao.grant(authorization);
+				}
+				if (info.getId().equals(InternalAuthzConstants.ADMIN_PRIVILEGE_ID))
+					sysIdentityService.refresh();
+			}
+		}
+	}
+	
+	private Privilege getPrivilege(UUID privilegeId) {
+		return privilegeMetaService.getPrivilege(privilegeId);
+	}
+	
+	private Authorization createAuthorization(Privilege privilege, UUID granteeId, PrivilegeParam<?> param, EnumSet<AuthzType> authzTypes) {
+		Assert.notNull(privilege, "'privilege' must not be null");
+		Assert.notNull(granteeId, "'granteeId' must not be null");
+		Assert.notNull(authzTypes, "'authzTypes' must not be null");
+		verifyParamType(privilege.getType(), param);
+		
+		Authorization authorization = null;
+		switch (privilege.getType()) {
+		case TOKEN:
+			authorization = new TokenAuthorization();
+			break;
+		case OBJECT:
+			ObjectAuthorization oa = new ObjectAuthorization();
+			oa.setObjId((UUID) param.getParam());
+			authorization = oa;
+			break;
+		case RULE:
+			RuleAuthorization ra = new RuleAuthorization();
+			RuleContent rule = (RuleContent) param.getParam();
+			ra.setRule(rule.rule);
+			ra.setDescription(rule.description);
+			authorization = ra;
+			break;
+		default:
+			throw new IllegalArgumentException("illegal privilege type: " + privilege.getType());
+		}
+		
+		Instant now = Instant.now();
+		UUID grantor = getCurrentIdentityId();
+		authorization.setPrivilegeId(privilege.getId());
+		authorization.setGranteeId(granteeId);
+		if (authzTypes.contains(AuthzType.ACCESS)) {
+			authorization.setCanAccess(true);
+			authorization.setAccessGrantor(grantor);
+			authorization.setAccessGrantTime(now);
+		}
+		if (authzTypes.contains(AuthzType.DELEGATE)) {
+			authorization.setCanDelegate(true);
+			authorization.setDelegateGrantor(grantor);
+			authorization.setDelegateGrantTime(now);
+		}
+		return authorization;
+	}
+	
+	private void verifyParamType(Privilege.Type privilegeType, PrivilegeParam<?> param) {
+		Assert.notNull(privilegeType, "'privilegeType' must not be null");
+		switch (privilegeType) {
+		case TOKEN:
+			if (param != null && param != PrivilegeParam.TOKEN_PRIVILEGE_PARAM)
+				throw new IllegalArgumentException("should use PrivilegeParam.TOKEN_PRIVILEGE_PARAM constant for token privilege");
+			break;
+		default:
+			Assert.notNull(param, "'param' must not be null");
+			Object paramData = param.getParam();
+			Assert.notNull(paramData, "'paramData' must not be null");
+			if (!(privilegeType.getDataClass() == paramData.getClass()))
+				throw new IllegalArgumentException(String.format("should use param type '%s', but '%s' founded",
+						privilegeType.getDataClass().getSimpleName(), paramData.getClass().getSimpleName()));
+			break;
+		}
+	}
+	
+	private UUID getCurrentIdentityId() {
+		return identityService.getCurrentIdentityId();
+	}
+	
+	private Authorization getCurrent(Authorization auth) {
+		if (auth instanceof TokenAuthorization) {
+			return privilegeDao.getTokenAuthorization(auth.getPrivilegeId(), auth.getGranteeId());
+		}
+		if (auth instanceof ObjectAuthorization) {
+			return privilegeDao.getObjectAuthorization(auth.getPrivilegeId(), auth.getGranteeId(), ((ObjectAuthorization) auth).getObjId());
+		}
+		if (auth instanceof RuleAuthorization) {
+			return privilegeDao.getRuleAuthorization(auth.getPrivilegeId(), auth.getGranteeId());
+		}
+		throw new IllegalArgumentException("illegal authorization: " + auth);
+	}
 }

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/service/AuthManagerService.java

@@ -36,4 +36,6 @@ public interface AuthManagerService {
 
 	Page<StaffInfo> findStaffInfo(UUID roleId, UUID deptId, String searchStr, Integer pageNo, Integer pageSize,
 			Integer locked, Boolean enabled);
+	
+	void grantDelegate();
 }

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java

@@ -436,4 +436,9 @@ public class AuthMgrController {
 		}
 		throw new AuthDataMissingException("无法获取普通分组的根分组！");
 	}
+	
+	@RequestMapping(value="roles/xystBizRoleManage/grantDelegate" , method = RequestMethod.POST)
+	public void grantDelegate(){
+		authManagerService.grantDelegate();
+	}
 }