Commit 7c32456f by shiwenbo

登录用户如果是区域公司用户,则走旧的逻辑,进一步优化加载速度

parent 548cc0eb
......@@ -6,6 +6,7 @@ import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.slf4j.Logger;
......@@ -14,17 +15,17 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.beecode.amino.core.Amino;
import com.beecode.bap.department.service.DepartmentService;
import com.beecode.bap.functree.FunctionNode;
import com.beecode.bap.functree.FunctionTreeDefinition;
import com.beecode.bap.functree.Mode;
import com.beecode.bap.functree.service.FunctionNodeAuthentication;
import com.beecode.bap.staff.BapContext;
import com.beecode.bap.staff.service.StaffService;
import com.beecode.bap2.common.license.LicenseProperty;
import com.beecode.bap2.common.license.service.LicensePropertyService;
import com.beecode.bcp.authz.Privilege;
import com.beecode.bcp.authz.Role;
import com.beecode.bcp.authz.service.IdentityService;
import com.beecode.bcp.authz.service.PrivilegeService;
import com.beecode.bcp.authz.service.RoleService;
import com.beecode.bcp.core.context.AminoContextHolder;
import com.beecode.bcp.group.Group;
......@@ -37,30 +38,26 @@ import com.beecode.inz.authmgr.exception.AuthDataMissingException;
import com.beecode.inz.authmgr.service.AuthManagerService;
import com.beecode.inz.authmgr.service.FunctionTreeService;
import com.beecode.inz.basis.config.constants.AuthcMessageConstants.CommonRoleGroup;
import com.beecode.inz.common.dao.FollowerDao;
@Service
public class FunctionTreeServiceImpl implements FunctionTreeService {
@Autowired
private PrivilegeService privilegeService;
@Autowired
private LicensePropertyService licensePropertyService;
@Autowired
private RoleService roleService;
@Autowired
private StaffService staffService;
@Autowired
private IdentityService identityService;
private DepartmentService departmentService;
@Autowired
private AuthManagerService authManagerService;
@Autowired
private FollowerDao followerDao;
@Autowired
private GroupService groupService;
@Autowired
......@@ -76,22 +73,27 @@ public class FunctionTreeServiceImpl implements FunctionTreeService {
FunctionTreeDefinition finalFunctionTreeDefinition = definition.clone().mergeParent();
List<FunctionNode> allFunctionNode = finalFunctionTreeDefinition.getFunctionNodes().getAllFunctionNode();
// 获得权限集合
// Set<Privilege> privilegeSet = finalFunctionTreeDefinition.getFunctionNodes().getPrivilegeSet();
Set<Privilege> privilegeSet = finalFunctionTreeDefinition.getFunctionNodes().getPrivilegeSet();
UUID identityId = null;
if(null!= AminoContextHolder.getContext().getIdentity()) {
identityId = AminoContextHolder.getContext().getIdentity().getId();
}
//查询该用户拥有的功能权限列表
List<PrivilegeInfo> hasAuthSet = this.getCurrentStaffGrantAuth();
// 获得对应权限map
// Map<UUID, Boolean> privilegeMap = privilegeService.canAccess(privilegeSet, identityId, null);
//因为只有集团用户存在区域公司任职的情况,反之不会,所以这里判断如果是区域公司用户登录则走旧的逻辑,提高加载速度。
Map<UUID, Boolean> privilegeMap = new HashMap<UUID, Boolean>();
for(PrivilegeInfo privilege : hasAuthSet) {
privilegeMap.put(privilege.getId(), true);
if(this.isRegionalCompanyStaff()) {
// 获得对应权限map
privilegeMap = privilegeService.canAccess(privilegeSet, identityId, null);
} else {
//查询该用户拥有的功能权限列表
List<PrivilegeInfo> hasAuthSet = this.getCurrentStaffGrantAuth();
for(PrivilegeInfo privilege : hasAuthSet) {
privilegeMap.put(privilege.getId(), true);
}
}
// 获得当前角色
List<Role> roles = null;
if(null != identityId) {
......@@ -114,6 +116,26 @@ public class FunctionTreeServiceImpl implements FunctionTreeService {
}
@Override
public boolean isRegionalCompanyStaff() {
boolean isRegionalCompanyStaff = false;
try {
List<KObject> departmentList = departmentService.getByShortname("HXSSJT");//找到集团关联部门
KObject currentStaff = bapContext.getCurrentStaff();
if(currentStaff != null && departmentList.size() > 0) {
String paths = currentStaff.get("department").getString("paths");
KObject department = departmentList.get(0);
if(paths.indexOf(department.getUuid("id").toString()) < 0) { //当前登录用户是区域公司用户
isRegionalCompanyStaff = true;
}
}
} catch (Exception e) {
e.printStackTrace();
}
return isRegionalCompanyStaff;
}
@Override
public List<PrivilegeInfo> getCurrentStaffGrantAuth() {
List<PrivilegeInfo> result = new ArrayList<PrivilegeInfo>();
//根据当前登录的组织机构id查询其自定义角色列表
......
......@@ -10,4 +10,6 @@ public interface FunctionTreeService {
FunctionTreeDefinition getFunctionTreeDefinition(String name);
List<PrivilegeInfo> getCurrentStaffGrantAuth();
boolean isRegionalCompanyStaff();
}
......@@ -27,12 +27,10 @@ import org.springframework.web.bind.annotation.RestController;
import com.beecode.amino.core.Amino;
import com.beecode.bap.staff.BapContext;
import com.beecode.bap.staff.service.StaffService;
import com.beecode.bcp.User;
import com.beecode.bcp.authz.Identity;
import com.beecode.bcp.authz.Privilege;
import com.beecode.bcp.authz.Role;
import com.beecode.bcp.authz.internal.InternalAuthzConstants;
import com.beecode.bcp.authz.service.IdentityService;
import com.beecode.bcp.authz.service.PrivilegeService;
import com.beecode.bcp.authz.service.RoleService;
import com.beecode.bcp.core.context.AminoContextHolder;
......@@ -51,7 +49,6 @@ import com.beecode.inz.authmgr.exception.AuthDataMissingException;
import com.beecode.inz.authmgr.service.AuthManagerService;
import com.beecode.inz.authmgr.service.FunctionTreeService;
import com.beecode.inz.authmgr.vo.AccessorPrivilegePara;
import com.beecode.inz.common.dao.FollowerDao;
import com.beecode.inz.common.service.ByIdService;
import com.beecode.inz.common.service.FollowerPrivilegeService;
import com.beecode.inz.common.service.FollowerPrivilegeType;
......@@ -82,12 +79,6 @@ public class AuthMgrController {
private FunctionTreeService functionTreeService;
@Autowired
private FollowerDao followerDao;
@Autowired
private IdentityService identityService;
@Autowired
private BapContext bapContext;
private final static String HIGHSEA = "Highsea";
......@@ -152,21 +143,24 @@ public class AuthMgrController {
} else {
Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
Assert.notNull(privilege, "没有找到对应的权限项:" + privilegeName);
//修改判断单个功能权限的逻辑
List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
boolean result = false;
for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
if(privilegeInfo.getId().equals(privilege.getId())) {
result = true;
break;
if(functionTreeService.isRegionalCompanyStaff()) {
if (roleId == null) {
return privilegeService.canAccess(privilege.getId(), null);
} else {
return privilegeService.canAccess(privilege.getId(), roleId, null);
}
} else {
//修改判断单个功能权限的逻辑
List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
boolean result = false;
for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
if(privilegeInfo.getId().equals(privilege.getId())) {
result = true;
break;
}
}
return result;
}
return result;
// if (roleId == null) {
// return privilegeService.canAccess(privilege.getId(), null);
// } else {
// return privilegeService.canAccess(privilege.getId(), roleId, null);
// }
}
}
......@@ -229,19 +223,22 @@ public class AuthMgrController {
boolean canAccess = false;
try {
Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
//修改判断单个功能权限的逻辑
List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
if(privilegeInfo.getId().equals(privilege.getId())) {
canAccess = true;
break;
if(functionTreeService.isRegionalCompanyStaff()) {
if (roleId == null) {
canAccess = privilegeService.canAccess(privilege.getId(), null);
} else {
canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
}
} else {
//修改判断单个功能权限的逻辑
List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
if(privilegeInfo.getId().equals(privilege.getId())) {
canAccess = true;
break;
}
}
}
// if (roleId == null) {
// canAccess = privilegeService.canAccess(privilege.getId(), null);
// } else {
// canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
// }
} catch (Exception e) {
logger.warn(MessageFormat.format("查询标志权限出错,具体参数为:权限项名称:【{0}】,角色id:【{1}】", privilegeName, roleId), e);
canAccess = false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment