修改数据权限配置功能

60dcc93b · 技术总监-万宁 · cf221df2 · 60dcc93b · 60dcc93b · 60dcc93b
Commit 60dcc93b authored Apr 19, 2021 by 技术总监-万宁
5 changed files
--- a/component-service/data-auth/src/main/java/com/ssy/lingxi/dataauth/handler/DataAuthInspector.java
+++ b/component-service/data-auth/src/main/java/com/ssy/lingxi/dataauth/handler/DataAuthInspector.java
@@ -5,6 +5,7 @@ import com.ssy.lingxi.component.redis.service.IRedisUtils;
 import com.ssy.lingxi.dataauth.builder.PgSqlStatementBuilder;
 import com.ssy.lingxi.dataauth.model.constant.DataAuthConstant;
 import com.ssy.lingxi.dataauth.model.dto.ChannelAuthDto;
+import com.ssy.lingxi.dataauth.model.dto.ChannelAuthMemberDto;
 import com.ssy.lingxi.dataauth.model.dto.DataAuthDto;
 import org.hibernate.resource.jdbc.spi.StatementInspector;
 import org.springframework.util.CollectionUtils;
@@ -16,6 +17,7 @@ import org.springframework.web.util.UrlPathHelper;

 import javax.servlet.http.HttpServletRequest;
 import java.util.ArrayList;
+import java.util.List;
 import java.util.Objects;

 /**
@@ -49,14 +51,18 @@ public class DataAuthInspector implements StatementInspector {
        String token = request.getHeader("token");
        String userId = request.getHeader("userId");
        String source = request.getHeader("source");
-        String authUrl = request.getHeader("authUrl");
+        String authUrl = request.getHeader(DataAuthConstant.HTTP_HEADER_DATA_AUTH_URL_KEY);

        String dataAuthKey = String.format(DataAuthConstant.DATA_AUTH_CACHE_KEY_FORMAT, token, userId, source);
        DataAuthDto dataAuthDto = (DataAuthDto) RedisServiceHolder.redisUtils.hGet(dataAuthKey, authUrl, Constants.REDIS_USER_INDEX);
+        List<Long> dataAuthUserIds = dataAuthDto == null ? new ArrayList<>() : dataAuthDto.getUserIds();
+

        String channelAuthKey = String.format(DataAuthConstant.CHANNEL_AUTH_CACHE_KEY_FORMAT, token, userId);
        ChannelAuthDto channelAuthDto = RedisServiceHolder.redisUtils.get(channelAuthKey, Constants.REDIS_USER_INDEX, ChannelAuthDto.class);
-        if(dataAuthDto == null && channelAuthDto == null) {
+        List<ChannelAuthMemberDto> channelAuths = channelAuthDto == null ? new ArrayList<>() : channelAuthDto.getChannels();
+
+        if(CollectionUtils.isEmpty(dataAuthUserIds) && CollectionUtils.isEmpty(channelAuths)) {
            return sql;
        }

@@ -66,11 +72,10 @@ public class DataAuthInspector implements StatementInspector {
        String userIdColumnName = String.valueOf(request.getAttribute(DataAuthConstant.HTTP_ATTRIBUTE_USER_ID_COLUMN_NAME_KEY));

        //Step 4:拼接where语句，返回
-        assert dataAuthDto != null;
        return PgSqlStatementBuilder.simpleSelectBuilder()
                .fromSql(sql)
                .specifyTable(tableName)
-                .addWhere(memberIdColumnName, roleIdColumnName, userIdColumnName, dataAuthDto.getUserIds(), channelAuthDto.getChannels())
+                .addWhere(memberIdColumnName, roleIdColumnName, userIdColumnName, dataAuthUserIds, channelAuths)
                .buildSql()
                .showExecSql()
                .toSql();

--- a/component-service/data-auth/src/main/java/com/ssy/lingxi/dataauth/model/constant/DataAuthConstant.java
+++ b/component-service/data-auth/src/main/java/com/ssy/lingxi/dataauth/model/constant/DataAuthConstant.java
@@ -21,7 +21,7 @@ public class DataAuthConstant {
    /**
     * HttpHeader中，url的key的名称
     */
-    public static final String HTTP_HEADER_DATA_AUTH_URL_KEY = "authUrl";
+    public static final String HTTP_HEADER_DATA_AUTH_URL_KEY = "auth-url";

    /**
     * Aop拦截时，添加到当前Http属性的标记，在Sql拦截时，如果没有此标记，则不做数据权限拦截

--- a/merchant-member-service/src/main/java/com/ssy/lingxi/member/merchant/entity/MemberUserChannelDO.java
+++ b/merchant-member-service/src/main/java/com/ssy/lingxi/member/merchant/entity/MemberUserChannelDO.java
@@ -12,7 +12,7 @@ import java.util.Objects;
 * @date 2021-04-13
 */
 @Entity
-@Table(schema = "public", name = "ms_mc_member_user_channel", indexes = {@Index(name = "ms_mc_member_user_channel_member_id_idx", columnList = "memberId"), @Index(name = "ms_mc_member_user_channel_user_id_idx", columnList = "userId"), @Index(name = "ms_mc_member_user_channel_relation_id_idx", columnList = "memberRelationId")})
+@Table(schema = "public", name = "ms_mc_member_user_channel", indexes = {@Index(name = "ms_mc_member_user_channel_member_id_idx", columnList = "memberId"), @Index(name = "ms_mc_member_user_channel_role_id_idx", columnList = "roleId"), @Index(name = "ms_mc_member_user_channel_user_id_idx", columnList = "userId"), @Index(name = "ms_mc_member_user_channel_relation_id_idx", columnList = "memberRelationId")})
 public class MemberUserChannelDO implements Serializable {
    private static final long serialVersionUID = 4266765345099868158L;

@@ -37,6 +37,12 @@ public class MemberUserChannelDO implements Serializable {
    private Long memberId;

    /**
+     * 角色Id
+     */
+    @Column
+    private Long roleId;
+
+    /**
     * 会员上下级关系Id
     */
    @Column
@@ -84,6 +90,14 @@ public class MemberUserChannelDO implements Serializable {
        this.memberId = memberId;
    }

+    public Long getRoleId() {
+        return roleId;
+    }
+
+    public void setRoleId(Long roleId) {
+        this.roleId = roleId;
+    }
+
    public Long getMemberRelationId() {
        return memberRelationId;
    }

--- a/merchant-member-service/src/main/java/com/ssy/lingxi/member/merchant/repository/MemberUserChannelRepository.java
+++ b/merchant-member-service/src/main/java/com/ssy/lingxi/member/merchant/repository/MemberUserChannelRepository.java
@@ -16,9 +16,9 @@ import java.util.List;
 @Repository
 public interface MemberUserChannelRepository extends JpaRepository<MemberUserChannelDO, Long>, JpaSpecificationExecutor<MemberUserChannelDO> {

-    List<MemberUserChannelDO> findByMemberId(Long memberId);
+    List<MemberUserChannelDO> findByMemberIdAndRoleId(Long memberId, Long roleId);

    boolean existsByMemberId(Long memberId);

-    boolean existsByMemberIdAndMemberRelationIdIn(Long memberId, List<Long> relationIds);
+    boolean existsByMemberIdAndRoleIdAndMemberRelationIdIn(Long memberId, Long roleId, List<Long> relationIds);
 }
--- a/merchant-member-service/src/main/java/com/ssy/lingxi/member/merchant/serviceimpl/web/MemberAbilitySalesServiceImpl.java
+++ b/merchant-member-service/src/main/java/com/ssy/lingxi/member/merchant/serviceimpl/web/MemberAbilitySalesServiceImpl.java
@@ -267,7 +267,7 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
    public Wrapper<PageData<MemberSalesSubChannelQueryVO>> pageChannels(HttpHeaders headers, MemberManagePageByNameVO pageByNameVO) {
        UserLoginCacheDTO loginUser = memberCacheService.needLoginFromBusinessPlatform(headers);

-        List<MemberUserChannelDO> userChannels = memberUserChannelRepository.findByMemberId(loginUser.getMemberId());
+        List<MemberUserChannelDO> userChannels = memberUserChannelRepository.findByMemberIdAndRoleId(loginUser.getMemberId(), loginUser.getMemberRoleId());
        List<Long> relationIds = userChannels.stream().map(MemberUserChannelDO::getMemberRelationId).distinct().collect(Collectors.toList());

        Pageable pageable = PageRequest.of(pageByNameVO.getCurrent() -1 , pageByNameVO.getPageSize(), Sort.by("id").descending());
@@ -275,10 +275,9 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
            List<Predicate> list = new ArrayList<>();

            list.add(criteriaBuilder.equal(root.get("memberId").as(Long.class), loginUser.getMemberId()));
-            list.add(criteriaBuilder.equal(root.get("subRoleId").as(Long.class), loginUser.getMemberRoleId()));
+            list.add(criteriaBuilder.equal(root.get("roleId").as(Long.class), loginUser.getMemberRoleId()));

            Join<Object, Object> subRoleJoin = root.join("subRole", JoinType.LEFT);
-            list.add(criteriaBuilder.equal(subRoleJoin.get("roleType").get("typeEnum").as(Integer.class), RoleTypeEnum.SERVICE_CONSUMER.getCode()));
            list.add(criteriaBuilder.or(criteriaBuilder.equal(subRoleJoin.get("memberType").get("typeEnum").as(Integer.class), MemberTypeEnum.CHANNEL.getCode()), criteriaBuilder.equal(subRoleJoin.get("memberType").get("typeEnum").as(Integer.class), MemberTypeEnum.CHANNEL_PERSONAL.getCode())));
            list.add(criteriaBuilder.equal(root.get("outerStatus").as(Integer.class), MemberOuterStatusEnum.VALIFY_PASSED.getCode()));

@@ -341,7 +340,7 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
        queryVO.setPhone(userDO.getPhone());
        queryVO.setJobTitle(StringUtils.hasLength(userDO.getJobTitle()) ? userDO.getJobTitle() : "");

-        List<MemberUserChannelDO> channels = new ArrayList<>(userDO.getChannels());
+        List<MemberUserChannelDO> channels = userDO.getChannels().stream().filter(channel -> channel.getRoleId().equals(loginUser.getMemberRoleId())).collect(Collectors.toList());
        if(CollectionUtils.isEmpty(channels)) {
            queryVO.setTotalCount(0L);
            queryVO.setData(new ArrayList<>());
@@ -405,13 +404,14 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
            return Wrapper.fail(ResponseCode.MC_MS_MEMBER_USER_DOES_NOT_EXIST);
        }

+        //判断渠道与当前会员是否上下级关系
        List<MemberRelationDO> relationDOList = relationRepository.findByIdIn(bindChannelVO.getRelationIds());
-        if(relationDOList.size() != bindChannelVO.getRelationIds().size() || relationDOList.stream().anyMatch(relationDO -> !relationDO.getMemberId().equals(loginUser.getMemberId()))) {
+        if(relationDOList.size() != bindChannelVO.getRelationIds().size() || relationDOList.stream().anyMatch(relationDO -> !relationDO.getMemberId().equals(loginUser.getMemberId()) || !relationDO.getRoleId().equals(loginUser.getMemberRoleId()))) {
            return Wrapper.fail(ResponseCode.MC_MS_SUB_MEMBER_CHANNEL_DOES_NOT_EXIST);
        }

        //判断渠道是否已经被绑定
-        if(memberUserChannelRepository.existsByMemberIdAndMemberRelationIdIn(loginUser.getMemberId(), bindChannelVO.getRelationIds())) {
+        if(memberUserChannelRepository.existsByMemberIdAndRoleIdAndMemberRelationIdIn(loginUser.getMemberId(), loginUser.getMemberRoleId(), bindChannelVO.getRelationIds())) {
            return Wrapper.fail(ResponseCode.MC_MS_MEMBER_USER_CHANNEL_EXISTS);
        }

@@ -420,6 +420,7 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
            MemberUserChannelDO channelDO = new MemberUserChannelDO();
            channelDO.setCreateTime(LocalDateTime.now());
            channelDO.setMemberId(loginUser.getMemberId());
+            channelDO.setRoleId(loginUser.getMemberRoleId());
            channelDO.setUserId(userDO.getId());
            channelDO.setMemberRelationId(relationDO.getId());
            channelDO.setSubMemberId(relationDO.getSubMemberId());
@@ -430,15 +431,15 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
        memberUserChannelRepository.saveAll(channelList);

        userDO.getChannels().addAll(channelList);
-        List<ChannelAuthBO> channelAuthBOList = channelList.stream().map(channel -> {
+
+        userDO.setChannelAuth(userDO.getChannels().stream().map(channelDO -> {
            ChannelAuthBO channelAuthBO = new ChannelAuthBO();
-            channelAuthBO.setRelationId(channel.getMemberRelationId());
-            channelAuthBO.setMemberId(channel.getMemberId());
-            channelAuthBO.setRoleId(channel.getSubRoleId());
+            channelAuthBO.setRelationId(channelDO.getMemberRelationId());
+            channelAuthBO.setMemberId(channelDO.getSubMemberId());
+            channelAuthBO.setRoleId(channelDO.getSubRoleId());
            return channelAuthBO;
-        }).collect(Collectors.toList());
+        }).collect(Collectors.toList()));

-        userDO.setChannelAuth(ChannelAuthUtil.mergeToSource(userDO.getChannelAuth(), channelAuthBOList));
        memberUserRepository.saveAndFlush(userDO);

        //重新扫描构建所有用户的渠道权限
@@ -463,18 +464,18 @@ public class MemberAbilitySalesServiceImpl implements IMemberAbilitySalesService
            return Wrapper.fail(ResponseCode.MC_MS_MEMBER_USER_DOES_NOT_EXIST);
        }

-        List<MemberUserChannelDO> channelDOList = userDO.getChannels().stream().filter(memberUserChannelDO -> unBindChannelVO.getRelationIds().contains(memberUserChannelDO.getMemberRelationId())).collect(Collectors.toList());
-        if(CollectionUtils.isEmpty(channelDOList)) {
+        List<MemberUserChannelDO> channelDOList = userDO.getChannels().stream().filter(channel -> channel.getRoleId().equals(loginUser.getMemberRoleId()) && unBindChannelVO.getRelationIds().contains(channel.getMemberRelationId())).collect(Collectors.toList());
+        if(unBindChannelVO.getRelationIds().size() != channelDOList.size()) {
            return Wrapper.fail(ResponseCode.MC_MS_MEMBER_USER_CHANNEL_NOT_EXIST);
        }

        userDO.getChannels().removeAll(channelDOList);

-        userDO.setChannelAuth(userDO.getChannels().stream().map(channel -> {
+        userDO.setChannelAuth(userDO.getChannels().stream().map(channelDO -> {
            ChannelAuthBO channelAuthBO = new ChannelAuthBO();
-            channelAuthBO.setRelationId(channel.getMemberRelationId());
-            channelAuthBO.setMemberId(channel.getMemberId());
-            channelAuthBO.setRoleId(channel.getSubRoleId());
+            channelAuthBO.setRelationId(channelDO.getMemberRelationId());
+            channelAuthBO.setMemberId(channelDO.getSubMemberId());
+            channelAuthBO.setRoleId(channelDO.getSubRoleId());
            return channelAuthBO;
        }).collect(Collectors.toList()));