自定义角色实现组织机构之间的隔离

backend/inz.authmgr/src/main/java/com/beecode/inz/authmgr/web/AuthMgrController.java

@@ -25,17 +25,22 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import com.beecode.amino.core.Amino;
+import com.beecode.bap.staff.BapContext;
 import com.beecode.bap.staff.service.StaffService;
+import com.beecode.bcp.User;
 import com.beecode.bcp.authz.Identity;
 import com.beecode.bcp.authz.Privilege;
 import com.beecode.bcp.authz.Role;
 import com.beecode.bcp.authz.internal.InternalAuthzConstants;
+import com.beecode.bcp.authz.service.IdentityService;
 import com.beecode.bcp.authz.service.PrivilegeService;
 import com.beecode.bcp.authz.service.RoleService;
 import com.beecode.bcp.core.context.AminoContextHolder;
 import com.beecode.bcp.group.Group;
 import com.beecode.bcp.group.service.GroupService;
+import com.beecode.bcp.type.KClass;
 import com.beecode.bcp.type.KObject;
+import com.beecode.bcp.type.json.JSONObjectUtils;
 import com.beecode.inz.authmgr.common.AuthMgrConstants.CommonRoleGroup;
 import com.beecode.inz.authmgr.common.AuthMgrConstants.ROLENAME;
 import com.beecode.inz.authmgr.domain.Page;
@@ -45,6 +50,7 @@ import com.beecode.inz.authmgr.domain.StaffInfo;
 import com.beecode.inz.authmgr.exception.AuthDataMissingException;
 import com.beecode.inz.authmgr.service.AuthManagerService;
 import com.beecode.inz.authmgr.vo.AccessorPrivilegePara;
+import com.beecode.inz.common.dao.FollowerDao;
 import com.beecode.inz.common.service.ByIdService;
 import com.beecode.inz.common.service.FollowerPrivilegeService;
 import com.beecode.inz.common.service.FollowerPrivilegeType;
@@ -70,7 +76,15 @@ public class AuthMgrController {
 
 	@Autowired
 	private FollowerPrivilegeService followerPrivilegeService;
+	
+	@Autowired
+	private FollowerDao followerDao;
 
+	@Autowired
+	private IdentityService identityService;
+	
+	@Autowired
+	private BapContext bapContext;
 
 	private final static String HIGHSEA = "Highsea";
 
@@ -220,13 +234,46 @@ public class AuthMgrController {
 		if (groups != null) {
 			groups.forEach((children) -> {
 				RoleGroupInfo groupInfo = new RoleGroupInfo(children);
-				groupInfo.setRoles(groupService.getItems(children.getId(), Role.class, null));
+				List<Role> roles = groupService.getItems(children.getId(), Role.class, null);
+				KObject currentRegionalCompany = getCurrentLoginRegionalCompany();
+				
+				for(int i = 0; i < roles.size(); i++) {
+					List<User> user = identityService.getUsers(roles.get(i).getCreateUser());
+					KObject staff = staffService.getByUserId(user.get(0).getId());
+					List<String> ids = new ArrayList<String>();
+					ids.add(staff.getUuid("id").toString());
+					List<KObject> followingList = followerDao.loadByMemberIds("com.xyst.dinas.biz.follower.datamodel.OrganizationFollower", ids);
+					List<UUID> organizaitonList = new ArrayList<UUID>();
+					for(KObject following : followingList) {
+						organizaitonList.add(following.get("following").getUuid("id"));
+					}
+					if(!organizaitonList.contains(currentRegionalCompany.getUuid("id"))) {
+						roles.remove(i);
+						i--;
+					}
+				}
+				
+				groupInfo.setRoles(roles);
 				roleGroupInfos.add(groupInfo);
 			});
 		}
 
 		return roleGroupInfos;
 	}
+	
+	/**
+	 * 获取当前登录的区域公司
+	 * @return
+	 */
+	public KObject getCurrentLoginRegionalCompany() {
+		Map<String, String> map = bapContext.getCurrentUserDatas();
+		String currentRegionalCompany = map.get("currentRegionalCompany");
+
+		KClass kClass = Amino.getApplicationMetadataContext().getBean("com.xyst.dinas.biz.datamodel.xystOrganization",
+				KClass.class);
+		KObject regionalCompany = JSONObjectUtils.toObject(currentRegionalCompany, kClass);
+		return regionalCompany;
+	}
 
 	@RequestMapping(value = "roles/staffs", method = RequestMethod.GET)
 	public Page<StaffInfo> getStaffByRole(@RequestParam(name = "deptId", required = false) UUID deptId,

backend/inz.common/src/main/java/com/beecode/inz/common/dao/FollowerDao.java

@@ -24,4 +24,6 @@ public interface FollowerDao {
 	
 	List<KObject> loadByStaffIds(String followerModelName, String entityId, String entityAttrName, List<String> ids);
 	
+	List<KObject> loadByMemberIds(String followerModelName, List<String> ids);
+	
 }

backend/inz.common/src/main/java/com/beecode/inz/common/internal/dao/FollowerDaoImpl.java

@@ -65,6 +65,27 @@ public class FollowerDaoImpl implements FollowerDao {
 	
 	@SuppressWarnings("unchecked")
 	@Override
+	public List<KObject> loadByMemberIds(String followerModelName, List<String> ids) {
+		
+		if (ids.isEmpty())return new ArrayList<KObject>();
+		
+		List<UUID> uuIds = new ArrayList<UUID>();
+		for(String id :ids ) {
+			uuIds.add(UUID.fromString(id));
+		}
+		return template.execute(new HibernateCallback<List<KObject>>() {
+			  @Override
+			  public List<KObject> doInHibernate(Session session)
+			  throws HibernateException {
+			    return session.createQuery("from " + followerModelName + " s where s.member.id in(:uuids)" )
+			             .setParameterList("uuids", uuIds)//typeids为集合对象,如果是数组可以自己转下Arrays.asList();
+			             .list();
+			            }
+			        });
+	}
+	
+	@SuppressWarnings("unchecked")
+	@Override
 	public List<KObject> loadByStaffIds(String followerModelName, String entityId, String entityAttrName, List<String> ids) {
 		
 		if (ids.isEmpty())return new ArrayList<KObject>();