Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
cloud-fb
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
王衍超
cloud-fb
Commits
7c32456f
Commit
7c32456f
authored
Jul 16, 2021
by
shiwenbo
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
登录用户如果是区域公司用户,则走旧的逻辑,进一步优化加载速度
parent
548cc0eb
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
72 additions
and
51 deletions
+72
-51
FunctionTreeServiceImpl.java
...inz/authmgr/internal/service/FunctionTreeServiceImpl.java
+40
-18
FunctionTreeService.java
.../com/beecode/inz/authmgr/service/FunctionTreeService.java
+2
-0
AuthMgrController.java
...n/java/com/beecode/inz/authmgr/web/AuthMgrController.java
+30
-33
No files found.
backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/internal/service/FunctionTreeServiceImpl.java
View file @
7c32456f
...
...
@@ -6,6 +6,7 @@ import java.util.HashMap;
import
java.util.Iterator
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Set
;
import
java.util.UUID
;
import
org.slf4j.Logger
;
...
...
@@ -14,17 +15,17 @@ import org.springframework.beans.factory.annotation.Autowired;
import
org.springframework.stereotype.Service
;
import
com.beecode.amino.core.Amino
;
import
com.beecode.bap.department.service.DepartmentService
;
import
com.beecode.bap.functree.FunctionNode
;
import
com.beecode.bap.functree.FunctionTreeDefinition
;
import
com.beecode.bap.functree.Mode
;
import
com.beecode.bap.functree.service.FunctionNodeAuthentication
;
import
com.beecode.bap.staff.BapContext
;
import
com.beecode.bap.staff.service.StaffService
;
import
com.beecode.bap2.common.license.LicenseProperty
;
import
com.beecode.bap2.common.license.service.LicensePropertyService
;
import
com.beecode.bcp.authz.Privilege
;
import
com.beecode.bcp.authz.Role
;
import
com.beecode.bcp.authz.service.
Identity
Service
;
import
com.beecode.bcp.authz.service.
Privilege
Service
;
import
com.beecode.bcp.authz.service.RoleService
;
import
com.beecode.bcp.core.context.AminoContextHolder
;
import
com.beecode.bcp.group.Group
;
...
...
@@ -37,30 +38,26 @@ import com.beecode.inz.authmgr.exception.AuthDataMissingException;
import
com.beecode.inz.authmgr.service.AuthManagerService
;
import
com.beecode.inz.authmgr.service.FunctionTreeService
;
import
com.beecode.inz.basis.config.constants.AuthcMessageConstants.CommonRoleGroup
;
import
com.beecode.inz.common.dao.FollowerDao
;
@Service
public
class
FunctionTreeServiceImpl
implements
FunctionTreeService
{
@Autowired
private
PrivilegeService
privilegeService
;
@Autowired
private
LicensePropertyService
licensePropertyService
;
@Autowired
private
RoleService
roleService
;
@Autowired
private
StaffService
staffService
;
@Autowired
private
IdentityService
identityService
;
private
DepartmentService
departmentService
;
@Autowired
private
AuthManagerService
authManagerService
;
@Autowired
private
FollowerDao
followerDao
;
@Autowired
private
GroupService
groupService
;
@Autowired
...
...
@@ -76,22 +73,27 @@ public class FunctionTreeServiceImpl implements FunctionTreeService {
FunctionTreeDefinition
finalFunctionTreeDefinition
=
definition
.
clone
().
mergeParent
();
List
<
FunctionNode
>
allFunctionNode
=
finalFunctionTreeDefinition
.
getFunctionNodes
().
getAllFunctionNode
();
// 获得权限集合
//
Set<Privilege> privilegeSet = finalFunctionTreeDefinition.getFunctionNodes().getPrivilegeSet();
Set
<
Privilege
>
privilegeSet
=
finalFunctionTreeDefinition
.
getFunctionNodes
().
getPrivilegeSet
();
UUID
identityId
=
null
;
if
(
null
!=
AminoContextHolder
.
getContext
().
getIdentity
())
{
identityId
=
AminoContextHolder
.
getContext
().
getIdentity
().
getId
();
}
//查询该用户拥有的功能权限列表
List
<
PrivilegeInfo
>
hasAuthSet
=
this
.
getCurrentStaffGrantAuth
();
// 获得对应权限map
// Map<UUID, Boolean> privilegeMap = privilegeService.canAccess(privilegeSet, identityId, null);
//因为只有集团用户存在区域公司任职的情况,反之不会,所以这里判断如果是区域公司用户登录则走旧的逻辑,提高加载速度。
Map
<
UUID
,
Boolean
>
privilegeMap
=
new
HashMap
<
UUID
,
Boolean
>();
for
(
PrivilegeInfo
privilege
:
hasAuthSet
)
{
privilegeMap
.
put
(
privilege
.
getId
(),
true
);
if
(
this
.
isRegionalCompanyStaff
())
{
// 获得对应权限map
privilegeMap
=
privilegeService
.
canAccess
(
privilegeSet
,
identityId
,
null
);
}
else
{
//查询该用户拥有的功能权限列表
List
<
PrivilegeInfo
>
hasAuthSet
=
this
.
getCurrentStaffGrantAuth
();
for
(
PrivilegeInfo
privilege
:
hasAuthSet
)
{
privilegeMap
.
put
(
privilege
.
getId
(),
true
);
}
}
// 获得当前角色
List
<
Role
>
roles
=
null
;
if
(
null
!=
identityId
)
{
...
...
@@ -114,6 +116,26 @@ public class FunctionTreeServiceImpl implements FunctionTreeService {
}
@Override
public
boolean
isRegionalCompanyStaff
()
{
boolean
isRegionalCompanyStaff
=
false
;
try
{
List
<
KObject
>
departmentList
=
departmentService
.
getByShortname
(
"HXSSJT"
);
//找到集团关联部门
KObject
currentStaff
=
bapContext
.
getCurrentStaff
();
if
(
currentStaff
!=
null
&&
departmentList
.
size
()
>
0
)
{
String
paths
=
currentStaff
.
get
(
"department"
).
getString
(
"paths"
);
KObject
department
=
departmentList
.
get
(
0
);
if
(
paths
.
indexOf
(
department
.
getUuid
(
"id"
).
toString
())
<
0
)
{
//当前登录用户是区域公司用户
isRegionalCompanyStaff
=
true
;
}
}
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
}
return
isRegionalCompanyStaff
;
}
@Override
public
List
<
PrivilegeInfo
>
getCurrentStaffGrantAuth
()
{
List
<
PrivilegeInfo
>
result
=
new
ArrayList
<
PrivilegeInfo
>();
//根据当前登录的组织机构id查询其自定义角色列表
...
...
backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/service/FunctionTreeService.java
View file @
7c32456f
...
...
@@ -10,4 +10,6 @@ public interface FunctionTreeService {
FunctionTreeDefinition
getFunctionTreeDefinition
(
String
name
);
List
<
PrivilegeInfo
>
getCurrentStaffGrantAuth
();
boolean
isRegionalCompanyStaff
();
}
backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java
View file @
7c32456f
...
...
@@ -27,12 +27,10 @@ import org.springframework.web.bind.annotation.RestController;
import
com.beecode.amino.core.Amino
;
import
com.beecode.bap.staff.BapContext
;
import
com.beecode.bap.staff.service.StaffService
;
import
com.beecode.bcp.User
;
import
com.beecode.bcp.authz.Identity
;
import
com.beecode.bcp.authz.Privilege
;
import
com.beecode.bcp.authz.Role
;
import
com.beecode.bcp.authz.internal.InternalAuthzConstants
;
import
com.beecode.bcp.authz.service.IdentityService
;
import
com.beecode.bcp.authz.service.PrivilegeService
;
import
com.beecode.bcp.authz.service.RoleService
;
import
com.beecode.bcp.core.context.AminoContextHolder
;
...
...
@@ -51,7 +49,6 @@ import com.beecode.inz.authmgr.exception.AuthDataMissingException;
import
com.beecode.inz.authmgr.service.AuthManagerService
;
import
com.beecode.inz.authmgr.service.FunctionTreeService
;
import
com.beecode.inz.authmgr.vo.AccessorPrivilegePara
;
import
com.beecode.inz.common.dao.FollowerDao
;
import
com.beecode.inz.common.service.ByIdService
;
import
com.beecode.inz.common.service.FollowerPrivilegeService
;
import
com.beecode.inz.common.service.FollowerPrivilegeType
;
...
...
@@ -82,12 +79,6 @@ public class AuthMgrController {
private
FunctionTreeService
functionTreeService
;
@Autowired
private
FollowerDao
followerDao
;
@Autowired
private
IdentityService
identityService
;
@Autowired
private
BapContext
bapContext
;
private
final
static
String
HIGHSEA
=
"Highsea"
;
...
...
@@ -152,21 +143,24 @@ public class AuthMgrController {
}
else
{
Privilege
privilege
=
Amino
.
getApplicationMetadataContext
().
getBean
(
privilegeName
,
Privilege
.
class
);
Assert
.
notNull
(
privilege
,
"没有找到对应的权限项:"
+
privilegeName
);
//修改判断单个功能权限的逻辑
List
<
PrivilegeInfo
>
privilegeInfoList
=
functionTreeService
.
getCurrentStaffGrantAuth
();
boolean
result
=
false
;
for
(
PrivilegeInfo
privilegeInfo
:
privilegeInfoList
)
{
if
(
privilegeInfo
.
getId
().
equals
(
privilege
.
getId
()))
{
result
=
true
;
break
;
if
(
functionTreeService
.
isRegionalCompanyStaff
())
{
if
(
roleId
==
null
)
{
return
privilegeService
.
canAccess
(
privilege
.
getId
(),
null
);
}
else
{
return
privilegeService
.
canAccess
(
privilege
.
getId
(),
roleId
,
null
);
}
}
else
{
//修改判断单个功能权限的逻辑
List
<
PrivilegeInfo
>
privilegeInfoList
=
functionTreeService
.
getCurrentStaffGrantAuth
();
boolean
result
=
false
;
for
(
PrivilegeInfo
privilegeInfo
:
privilegeInfoList
)
{
if
(
privilegeInfo
.
getId
().
equals
(
privilege
.
getId
()))
{
result
=
true
;
break
;
}
}
return
result
;
}
return
result
;
// if (roleId == null) {
// return privilegeService.canAccess(privilege.getId(), null);
// } else {
// return privilegeService.canAccess(privilege.getId(), roleId, null);
// }
}
}
...
...
@@ -229,19 +223,22 @@ public class AuthMgrController {
boolean
canAccess
=
false
;
try
{
Privilege
privilege
=
Amino
.
getApplicationMetadataContext
().
getBean
(
privilegeName
,
Privilege
.
class
);
//修改判断单个功能权限的逻辑
List
<
PrivilegeInfo
>
privilegeInfoList
=
functionTreeService
.
getCurrentStaffGrantAuth
();
for
(
PrivilegeInfo
privilegeInfo
:
privilegeInfoList
)
{
if
(
privilegeInfo
.
getId
().
equals
(
privilege
.
getId
()))
{
canAccess
=
true
;
break
;
if
(
functionTreeService
.
isRegionalCompanyStaff
())
{
if
(
roleId
==
null
)
{
canAccess
=
privilegeService
.
canAccess
(
privilege
.
getId
(),
null
);
}
else
{
canAccess
=
privilegeService
.
canAccess
(
privilege
.
getId
(),
roleId
,
null
);
}
}
else
{
//修改判断单个功能权限的逻辑
List
<
PrivilegeInfo
>
privilegeInfoList
=
functionTreeService
.
getCurrentStaffGrantAuth
();
for
(
PrivilegeInfo
privilegeInfo
:
privilegeInfoList
)
{
if
(
privilegeInfo
.
getId
().
equals
(
privilege
.
getId
()))
{
canAccess
=
true
;
break
;
}
}
}
// if (roleId == null) {
// canAccess = privilegeService.canAccess(privilege.getId(), null);
// } else {
// canAccess = privilegeService.canAccess(privilege.getId(), roleId, null);
// }
}
catch
(
Exception
e
)
{
logger
.
warn
(
MessageFormat
.
format
(
"查询标志权限出错,具体参数为:权限项名称:【{0}】,角色id:【{1}】"
,
privilegeName
,
roleId
),
e
);
canAccess
=
false
;
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment