登录用户如果是区域公司用户，则走旧的逻辑，进一步优化加载速度

7c32456f · shiwenbo · 548cc0eb · 7c32456f · 7c32456f · 7c32456f
Commit 7c32456f authored Jul 16, 2021 by shiwenbo
3 changed files
--- a/backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/internal/service/FunctionTreeServiceImpl.java
+++ b/backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/internal/service/FunctionTreeServiceImpl.java
@@ -6,6 +6,7 @@ import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.UUID;

 import org.slf4j.Logger;
@@ -14,17 +15,17 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

 import com.beecode.amino.core.Amino;
+import com.beecode.bap.department.service.DepartmentService;
 import com.beecode.bap.functree.FunctionNode;
 import com.beecode.bap.functree.FunctionTreeDefinition;
 import com.beecode.bap.functree.Mode;
 import com.beecode.bap.functree.service.FunctionNodeAuthentication;
 import com.beecode.bap.staff.BapContext;
-import com.beecode.bap.staff.service.StaffService;
 import com.beecode.bap2.common.license.LicenseProperty;
 import com.beecode.bap2.common.license.service.LicensePropertyService;
 import com.beecode.bcp.authz.Privilege;
 import com.beecode.bcp.authz.Role;
-import com.beecode.bcp.authz.service.IdentityService;
+import com.beecode.bcp.authz.service.PrivilegeService;
 import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.core.context.AminoContextHolder;
 import com.beecode.bcp.group.Group;
@@ -37,30 +38,26 @@ import com.beecode.inz.authmgr.exception.AuthDataMissingException;
 import com.beecode.inz.authmgr.service.AuthManagerService;
 import com.beecode.inz.authmgr.service.FunctionTreeService;
 import com.beecode.inz.basis.config.constants.AuthcMessageConstants.CommonRoleGroup;
-import com.beecode.inz.common.dao.FollowerDao;

 @Service
 public class FunctionTreeServiceImpl implements FunctionTreeService {
 	
 	@Autowired
+	private PrivilegeService privilegeService;
+	
+	@Autowired
 	private LicensePropertyService licensePropertyService;

 	@Autowired
 	private RoleService roleService;
 	
 	@Autowired
-	private StaffService staffService;
-	
-	@Autowired
-	private IdentityService identityService;
+	private DepartmentService departmentService;
 	
 	@Autowired
 	private AuthManagerService authManagerService;
 	
 	@Autowired
-	private FollowerDao followerDao;
-	
-	@Autowired
 	private GroupService groupService;
 	
 	@Autowired
@@ -76,22 +73,27 @@ public class FunctionTreeServiceImpl implements FunctionTreeService {
 		FunctionTreeDefinition finalFunctionTreeDefinition = definition.clone().mergeParent();
 		List<FunctionNode> allFunctionNode = finalFunctionTreeDefinition.getFunctionNodes().getAllFunctionNode();
 		// 获得权限集合
-//		Set<Privilege> privilegeSet = finalFunctionTreeDefinition.getFunctionNodes().getPrivilegeSet();
+		Set<Privilege> privilegeSet = finalFunctionTreeDefinition.getFunctionNodes().getPrivilegeSet();
 		
 		UUID identityId = null;
 		if(null!= AminoContextHolder.getContext().getIdentity()) {
 			identityId = AminoContextHolder.getContext().getIdentity().getId();
 		}
 		
-		//查询该用户拥有的功能权限列表
-		List<PrivilegeInfo> hasAuthSet = this.getCurrentStaffGrantAuth();
-		
-		// 获得对应权限map
-//		Map<UUID, Boolean> privilegeMap = privilegeService.canAccess(privilegeSet, identityId, null);
+		//因为只有集团用户存在区域公司任职的情况，反之不会，所以这里判断如果是区域公司用户登录则走旧的逻辑，提高加载速度。
 		Map<UUID, Boolean> privilegeMap = new HashMap<UUID, Boolean>();
-		for(PrivilegeInfo privilege : hasAuthSet) {
-			privilegeMap.put(privilege.getId(), true);
+		if(this.isRegionalCompanyStaff()) {
+			// 获得对应权限map
+			privilegeMap = privilegeService.canAccess(privilegeSet, identityId, null);
+		} else {
+			//查询该用户拥有的功能权限列表
+			List<PrivilegeInfo> hasAuthSet = this.getCurrentStaffGrantAuth();
+			
+			for(PrivilegeInfo privilege : hasAuthSet) {
+				privilegeMap.put(privilege.getId(), true);
+			}
 		}
+		
 		// 获得当前角色
 		List<Role> roles = null;
 		if(null != identityId) {
@@ -114,6 +116,26 @@ public class FunctionTreeServiceImpl implements FunctionTreeService {
 	}
 	
 	@Override
+	public boolean isRegionalCompanyStaff() {
+		boolean isRegionalCompanyStaff = false;
+		
+		try {
+			List<KObject> departmentList = departmentService.getByShortname("HXSSJT");//找到集团关联部门
+			KObject currentStaff = bapContext.getCurrentStaff();
+			if(currentStaff != null && departmentList.size() > 0) {
+				String paths = currentStaff.get("department").getString("paths");
+				KObject department = departmentList.get(0);
+				if(paths.indexOf(department.getUuid("id").toString()) < 0) { //当前登录用户是区域公司用户
+					isRegionalCompanyStaff = true;
+				}
+			}
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+		return isRegionalCompanyStaff;
+	}
+	
+	@Override
 	public List<PrivilegeInfo> getCurrentStaffGrantAuth() {
 		List<PrivilegeInfo> result = new ArrayList<PrivilegeInfo>();
 		//根据当前登录的组织机构id查询其自定义角色列表

--- a/backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/service/FunctionTreeService.java
+++ b/backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/service/FunctionTreeService.java
@@ -10,4 +10,6 @@ public interface FunctionTreeService {
 	FunctionTreeDefinition getFunctionTreeDefinition(String name);
 	
 	List<PrivilegeInfo> getCurrentStaffGrantAuth();
+	
+	boolean isRegionalCompanyStaff();
 }
--- a/backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java
+++ b/backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java
@@ -27,12 +27,10 @@ import org.springframework.web.bind.annotation.RestController;
 import com.beecode.amino.core.Amino;
 import com.beecode.bap.staff.BapContext;
 import com.beecode.bap.staff.service.StaffService;
-import com.beecode.bcp.User;
 import com.beecode.bcp.authz.Identity;
 import com.beecode.bcp.authz.Privilege;
 import com.beecode.bcp.authz.Role;
 import com.beecode.bcp.authz.internal.InternalAuthzConstants;
-import com.beecode.bcp.authz.service.IdentityService;
 import com.beecode.bcp.authz.service.PrivilegeService;
 import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.core.context.AminoContextHolder;
@@ -51,7 +49,6 @@ import com.beecode.inz.authmgr.exception.AuthDataMissingException;
 import com.beecode.inz.authmgr.service.AuthManagerService;
 import com.beecode.inz.authmgr.service.FunctionTreeService;
 import com.beecode.inz.authmgr.vo.AccessorPrivilegePara;
-import com.beecode.inz.common.dao.FollowerDao;
 import com.beecode.inz.common.service.ByIdService;
 import com.beecode.inz.common.service.FollowerPrivilegeService;
 import com.beecode.inz.common.service.FollowerPrivilegeType;
@@ -82,12 +79,6 @@ public class AuthMgrController {
 	private FunctionTreeService functionTreeService;
 	
 	@Autowired
-	private FollowerDao followerDao;
-
-	@Autowired
-	private IdentityService identityService;
-	
-	@Autowired
 	private BapContext bapContext;

 	private final static String HIGHSEA = "Highsea";
@@ -152,21 +143,24 @@ public class AuthMgrController {
 		} else {
 			Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
 			Assert.notNull(privilege, "没有找到对应的权限项：" + privilegeName);
-			//修改判断单个功能权限的逻辑
-			List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
-			boolean result = false;
-			for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
-				if(privilegeInfo.getId().equals(privilege.getId())) {
-					result = true;
-					break;
+			if(functionTreeService.isRegionalCompanyStaff()) {
+				if (roleId == null) {
+					return privilegeService.canAccess(privilege.getId(), null);
+				} else {
+					return privilegeService.canAccess(privilege.getId(), roleId, null);
+				}
+			} else {
+				//修改判断单个功能权限的逻辑
+				List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
+				boolean result = false;
+				for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
+					if(privilegeInfo.getId().equals(privilege.getId())) {
+						result = true;
+						break;
+					}
 				}
+				return result;
 			}
-			return result;
-//			if (roleId == null) {
-//				return privilegeService.canAccess(privilege.getId(), null);
-//			} else {
-//				return privilegeService.canAccess(privilege.getId(), roleId, null);
-//			}
 		}

 	}
@@ -229,19 +223,22 @@ public class AuthMgrController {
 		boolean canAccess = false;
 		try {
 			Privilege privilege = Amino.getApplicationMetadataContext().getBean(privilegeName, Privilege.class);
-			//修改判断单个功能权限的逻辑
-			List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
-			for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
-				if(privilegeInfo.getId().equals(privilege.getId())) {
-					canAccess = true;
-					break;
+			if(functionTreeService.isRegionalCompanyStaff()) {
+				if (roleId == null) {
+					canAccess = privilegeService.canAccess(privilege.getId(), null);
+				} else {
+					canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
+				}
+			} else {
+				//修改判断单个功能权限的逻辑
+				List<PrivilegeInfo> privilegeInfoList = functionTreeService.getCurrentStaffGrantAuth();
+				for(PrivilegeInfo privilegeInfo : privilegeInfoList) {
+					if(privilegeInfo.getId().equals(privilege.getId())) {
+						canAccess = true;
+						break;
+					}
 				}
 			}
-//			if (roleId == null) {
-//				canAccess = privilegeService.canAccess(privilege.getId(), null);
-//			} else {
-//				canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
-//			}
 		} catch (Exception e) {
 			logger.warn(MessageFormat.format("查询标志权限出错，具体参数为：权限项名称：【{0}】,角色id：【{1}】", privilegeName, roleId), e);
 			canAccess = false;