From cd7bb5ccc598943da29297b385aadb9fde3265f3 Mon Sep 17 00:00:00 2001 From: huhanlin Date: Tue, 10 Feb 2026 14:22:55 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BA=94=E7=94=A8=E6=9D=83=E9=99=90=E5=8A=9F?= =?UTF-8?q?=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/resources/application-local.yaml | 2 +- .../controller/OAuth2ClientController.java | 15 ++++- .../controller/PermissionController.java | 19 ++++++ .../oauth2/client/OAuth2ClientPageReqVO.java | 5 ++ .../oauth2/client/OAuth2ClientSaveReqVO.java | 1 + .../PermissionAssignRoleMenuReqVO.java | 3 + .../system/entity/RoleOAuth2ClientDO.java | 34 +++++++++++ .../system/mapper/OAuth2ClientMapper.java | 8 +++ .../system/mapper/RoleOAuth2ClientMapper.java | 36 +++++++++++ .../service/IClientPermissionService.java | 20 +++++++ .../system/service/IOAuth2ClientService.java | 15 +++++ .../system/service/IPermissionService.java | 8 +++ .../impl/ClientPermissionServiceImpl.java | 51 ++++++++++++++++ .../service/impl/OAuth2ClientServiceImpl.java | 60 +++++++++++++++++++ .../service/impl/PermissionServiceImpl.java | 28 +++++++-- 15 files changed, 297 insertions(+), 8 deletions(-) create mode 100644 lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/RoleOAuth2ClientDO.java create mode 100644 lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/RoleOAuth2ClientMapper.java create mode 100644 lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IClientPermissionService.java create mode 100644 lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/ClientPermissionServiceImpl.java diff --git a/lidee-admin/src/main/resources/application-local.yaml b/lidee-admin/src/main/resources/application-local.yaml index b8e57f8..4cd2242 100644 --- a/lidee-admin/src/main/resources/application-local.yaml +++ b/lidee-admin/src/main/resources/application-local.yaml @@ -18,7 +18,7 @@ spring: password: qihua slave: # 日志库单独 lazy: true # 开启懒加载,保证启动速度 - url: jdbc:mysql://10.9.0.16:3307/dgr_repoort?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&lowerCaseTableNames=1 # MySQL Connector/J 8.X 连接的示例 + url: jdbc:mysql://10.9.0.16:3307/gr_repoort?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&lowerCaseTableNames=1 # MySQL Connector/J 8.X 连接的示例 username: root password: qihua bidb: # 日志库单独 diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/OAuth2ClientController.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/OAuth2ClientController.java index f71d8e0..c05c1c9 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/OAuth2ClientController.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/OAuth2ClientController.java @@ -1,13 +1,14 @@ package com.lideeyunji.service.system.controller; -import com.lideeyunji.tool.framework.common.pojo.CommonResult; -import com.lideeyunji.tool.framework.common.pojo.PageResult; -import com.lideeyunji.tool.framework.common.util.object.BeanUtils; import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPageReqVO; import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientRespVO; import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientSaveReqVO; import com.lideeyunji.service.system.entity.OAuth2ClientDO; +import com.lideeyunji.service.system.service.IAdminUserService; import com.lideeyunji.service.system.service.IOAuth2ClientService; +import com.lideeyunji.tool.framework.common.pojo.CommonResult; +import com.lideeyunji.tool.framework.common.pojo.PageResult; +import com.lideeyunji.tool.framework.common.util.object.BeanUtils; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; @@ -70,4 +71,12 @@ public class OAuth2ClientController { return success(BeanUtils.toBean(pageResult, OAuth2ClientRespVO.class)); } + @GetMapping("/myPage") + @Operation(tags = "OAuth2.0管理",summary = "获得用户角色下 OAuth2 客户端分页") + @PreAuthorize("@ss.hasPermission('system:oauth2-client:query')") + public CommonResult> getMyPage(@Valid OAuth2ClientPageReqVO pageVO) { + PageResult pageResult = oAuth2ClientService.getMyPage(pageVO); + return success(BeanUtils.toBean(pageResult, OAuth2ClientRespVO.class)); + } + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/PermissionController.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/PermissionController.java index d2a1a1d..bf6ac12 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/PermissionController.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/PermissionController.java @@ -1,6 +1,7 @@ package com.lideeyunji.service.system.controller; import cn.hutool.core.collection.CollUtil; +import com.lideeyunji.service.system.service.IClientPermissionService; import com.lideeyunji.tool.framework.common.pojo.CommonResult; import com.lideeyunji.service.system.controller.vo.permission.permission.PermissionAssignRoleDataScopeReqVO; import com.lideeyunji.service.system.controller.vo.permission.permission.PermissionAssignRoleMenuReqVO; @@ -34,6 +35,8 @@ public class PermissionController { private IPermissionService permissionService; @Resource private ITenantService tenantService; + @Resource + private IClientPermissionService clientPermissionService; @Operation(tags = "菜单管理",summary = "获得角色拥有的菜单编号") @Parameter(name = "roleId", description = "角色编号", required = true) @@ -79,4 +82,20 @@ public class PermissionController { return success(true); } + @PostMapping("/assign-role-client") + @Operation(tags = "角色管理",summary = "赋予角色应用") + @PreAuthorize("@ss.hasPermission('system:permission:assign-role-app')") + public CommonResult assignRoleClient(@Validated @RequestBody PermissionAssignRoleMenuReqVO reqVO) { + permissionService.assignRoleClient(reqVO.getRoleId(), reqVO.getClientIds()); + return success(true); + } + + @Operation(tags = "角色管理",summary = "获得角色拥有的应用id") + @Parameter(name = "roleId", description = "角色编号", required = true) + @GetMapping("/list-role-clients") + @PreAuthorize("@ss.hasPermission('system:permission:assign-role-menu')") + public CommonResult> getRoleClientList(Long roleId) { + return success(clientPermissionService.getRoleClientListByRoleId(roleId)); + } + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientPageReqVO.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientPageReqVO.java index 77b0852..d388e1d 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientPageReqVO.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientPageReqVO.java @@ -4,6 +4,8 @@ import io.swagger.v3.oas.annotations.media.Schema; import lombok.*; import com.lideeyunji.tool.framework.common.pojo.PageParam; +import java.util.Set; + @Schema(description = "管理后台 - OAuth2 客户端分页 Request VO") @Data @EqualsAndHashCode(callSuper = true) @@ -16,4 +18,7 @@ public class OAuth2ClientPageReqVO extends PageParam { @Schema(description = "状态,参见 CommonStatusEnum 枚举", example = "1") private Integer status; + @Schema(description = "应用id", example = "[1]") + private Set ids; + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientSaveReqVO.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientSaveReqVO.java index b4a5662..f244009 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientSaveReqVO.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientSaveReqVO.java @@ -60,6 +60,7 @@ public class OAuth2ClientSaveReqVO { @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn") + @NotNull(message = "可重定向的 URI 地址不能为空") private String redirectUris; @Schema(description = "授权类型,参见 OAuth2GrantTypeEnum 枚举", requiredMode = Schema.RequiredMode.REQUIRED, example = "password") diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/permission/permission/PermissionAssignRoleMenuReqVO.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/permission/permission/PermissionAssignRoleMenuReqVO.java index 49a1245..6b08867 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/permission/permission/PermissionAssignRoleMenuReqVO.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/permission/permission/PermissionAssignRoleMenuReqVO.java @@ -18,4 +18,7 @@ public class PermissionAssignRoleMenuReqVO { @Schema(description = "菜单编号列表", example = "1,3,5") private Set menuIds = Collections.emptySet(); // 兜底 + @Schema(description = "应用id列表", example = "1,3,5") + private Set clientIds = Collections.emptySet(); + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/RoleOAuth2ClientDO.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/RoleOAuth2ClientDO.java new file mode 100644 index 0000000..b71da52 --- /dev/null +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/RoleOAuth2ClientDO.java @@ -0,0 +1,34 @@ +package com.lideeyunji.service.system.entity; + +import com.baomidou.mybatisplus.annotation.KeySequence; +import com.baomidou.mybatisplus.annotation.TableId; +import com.baomidou.mybatisplus.annotation.TableName; +import com.lideeyunji.tool.framework.mybatis.core.dataobject.BaseDO; +import lombok.Data; +import lombok.EqualsAndHashCode; + +/** + * OAuth2 客户端和角色关联 + * + */ +@TableName(value = "system_role_oauth2_client", autoResultMap = true) +@KeySequence("system_role_oauth2_client_seq") // 用于 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库的主键自增。如果是 MySQL 等数据库,可不写。 +@Data +@EqualsAndHashCode(callSuper = true) +public class RoleOAuth2ClientDO extends BaseDO { + /** + * 自增主键 + */ + @TableId + private Long id; + + /** + * 角色ID + */ + private Long roleId; + /** + * 菜单ID + */ + private Long oauthClientId; + +} diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientMapper.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientMapper.java index ba06fa0..bddd118 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientMapper.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientMapper.java @@ -7,6 +7,8 @@ import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPag import com.lideeyunji.service.system.entity.OAuth2ClientDO; import org.apache.ibatis.annotations.Mapper; +import java.util.List; + /** * OAuth2 客户端 Mapper @@ -20,6 +22,7 @@ public interface OAuth2ClientMapper extends BaseMapperX { return selectPage(reqVO, new LambdaQueryWrapperX() .likeIfPresent(OAuth2ClientDO::getName, reqVO.getName()) .eqIfPresent(OAuth2ClientDO::getStatus, reqVO.getStatus()) + .inIfPresent(OAuth2ClientDO::getId, reqVO.getIds()) .orderByDesc(OAuth2ClientDO::getId)); } @@ -27,4 +30,9 @@ public interface OAuth2ClientMapper extends BaseMapperX { return selectOne(OAuth2ClientDO::getClientId, clientId); } + default List selectEnableList() { + return selectList(new LambdaQueryWrapperX() + .eq(OAuth2ClientDO::getStatus, 0)); + } + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/RoleOAuth2ClientMapper.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/RoleOAuth2ClientMapper.java new file mode 100644 index 0000000..43d3dd3 --- /dev/null +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/RoleOAuth2ClientMapper.java @@ -0,0 +1,36 @@ +package com.lideeyunji.service.system.mapper; + +import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import com.lideeyunji.service.system.entity.RoleOAuth2ClientDO; +import com.lideeyunji.tool.framework.mybatis.core.mapper.BaseMapperX; +import org.apache.ibatis.annotations.Mapper; + +import java.util.Collection; +import java.util.List; + +@Mapper +public interface RoleOAuth2ClientMapper extends BaseMapperX { + + default List selectListByRoleId(Long roleId) { + return selectList(RoleOAuth2ClientDO::getRoleId, roleId); + } + + default List selectListByRoleId(Collection roleIds) { + return selectList(RoleOAuth2ClientDO::getRoleId, roleIds); + } + + default List selectListByMenuId(Long clientId) { + return selectList(RoleOAuth2ClientDO::getOauthClientId, clientId); + } + + default void deleteListByRoleIdAndOauthClientId(Long roleId, Collection clientIds) { + delete(new LambdaQueryWrapper() + .eq(RoleOAuth2ClientDO::getRoleId, roleId) + .in(RoleOAuth2ClientDO::getOauthClientId, clientIds)); + } + + default void deleteListByRoleId(Long roleId) { + delete(new LambdaQueryWrapper().eq(RoleOAuth2ClientDO::getRoleId, roleId)); + } + +} diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IClientPermissionService.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IClientPermissionService.java new file mode 100644 index 0000000..aa54b1b --- /dev/null +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IClientPermissionService.java @@ -0,0 +1,20 @@ +package com.lideeyunji.service.system.service; +import java.util.Collection; +import java.util.Set; +import static java.util.Collections.singleton; +/** + * 应用权限接口 + */ +public interface IClientPermissionService { + + /** + * 获得角色拥有的应用id集合 + * + * @param roleId 角色编号 + * @return 应用id集合 + */ + default Set getRoleClientListByRoleId(Long roleId) { + return getRoleClientListByRoleId(singleton(roleId)); + } + Set getRoleClientListByRoleId(Collection roleIds); +} diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IOAuth2ClientService.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IOAuth2ClientService.java index 1e3db94..ea98d7b 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IOAuth2ClientService.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IOAuth2ClientService.java @@ -7,6 +7,7 @@ import com.lideeyunji.service.system.entity.OAuth2ClientDO; import javax.validation.Valid; import java.util.Collection; +import java.util.List; /** * OAuth2.0 Client Service 接口 @@ -63,6 +64,14 @@ public interface IOAuth2ClientService { */ PageResult getOAuth2ClientPage(OAuth2ClientPageReqVO pageReqVO); + /** + * 获得 OAuth2 客户端分页 + * + * @param pageReqVO 分页查询 + * @return OAuth2 客户端分页 + */ + PageResult getMyPage(OAuth2ClientPageReqVO pageReqVO); + /** * 从缓存中,校验客户端是否合法 * @@ -87,4 +96,10 @@ public interface IOAuth2ClientService { OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType, Collection scopes, String redirectUri); + /** + * 获取所有启用应用 + * @return 应用列表 + */ + List getAllEnableClient(); + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IPermissionService.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IPermissionService.java index 2147d21..77a978b 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IPermissionService.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IPermissionService.java @@ -152,4 +152,12 @@ public interface IPermissionService { //清除缓存 Boolean clearCache(Long userId); + /** + * 设置角色应用 + * + * @param roleId 角色编号 + * @param clientIds 应用集合id + */ + void assignRoleClient(Long roleId, Set clientIds); + } diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/ClientPermissionServiceImpl.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/ClientPermissionServiceImpl.java new file mode 100644 index 0000000..130d8b3 --- /dev/null +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/ClientPermissionServiceImpl.java @@ -0,0 +1,51 @@ +package com.lideeyunji.service.system.service.impl; + +import cn.hutool.core.collection.CollUtil; +import com.lideeyunji.service.system.entity.OAuth2ClientDO; +import com.lideeyunji.service.system.entity.RoleOAuth2ClientDO; +import com.lideeyunji.service.system.mapper.RoleOAuth2ClientMapper; +import com.lideeyunji.service.system.service.IClientPermissionService; +import com.lideeyunji.service.system.service.IOAuth2ClientService; +import com.lideeyunji.service.system.service.IRoleService; +import lombok.extern.slf4j.Slf4j; +import org.springframework.context.annotation.Lazy; +import org.springframework.stereotype.Service; +import org.springframework.validation.annotation.Validated; + +import javax.annotation.Resource; +import java.util.*; +import java.util.stream.Collectors; + +import static com.lideeyunji.tool.framework.common.util.collection.CollectionUtils.convertSet; + +@Service +@Validated +@Slf4j +public class ClientPermissionServiceImpl implements IClientPermissionService { + @Resource + private RoleOAuth2ClientMapper roleOAuth2ClientMapper; + @Resource + private IRoleService roleService; + + @Lazy + @Resource + private IOAuth2ClientService ioAuth2ClientService; + + public Set getRoleClientListByRoleId(Collection roleIds) { + if (CollUtil.isEmpty(roleIds)) { + return Collections.emptySet(); + } + + if (roleService.hasAnySuperAdmin(roleIds)) { + List allEnableClient = ioAuth2ClientService.getAllEnableClient(); + return Optional.ofNullable(allEnableClient) + .map(all -> all.stream() + .map(OAuth2ClientDO::getId) + .collect(Collectors.toSet())) + .orElse(new HashSet<>()); + } + + return convertSet(roleOAuth2ClientMapper.selectListByRoleId(roleIds), + RoleOAuth2ClientDO::getOauthClientId); + } +} diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/OAuth2ClientServiceImpl.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/OAuth2ClientServiceImpl.java index 7135cfe..ddf8b55 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/OAuth2ClientServiceImpl.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/OAuth2ClientServiceImpl.java @@ -1,9 +1,15 @@ package com.lideeyunji.service.system.service.impl; import cn.hutool.core.collection.CollUtil; +import cn.hutool.core.stream.CollectorUtil; import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.StrUtil; import cn.hutool.extra.spring.SpringUtil; +import com.lideeyunji.service.system.entity.AdminUserDO; +import com.lideeyunji.service.system.entity.UserRoleDO; +import com.lideeyunji.service.system.service.IAdminUserService; +import com.lideeyunji.service.system.service.IClientPermissionService; +import com.lideeyunji.service.system.service.IPermissionService; import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum; import com.lideeyunji.tool.framework.common.pojo.PageResult; import com.lideeyunji.tool.framework.common.util.object.BeanUtils; @@ -15,6 +21,7 @@ import com.lideeyunji.service.system.mapper.OAuth2ClientMapper; import com.lideeyunji.service.system.config.redis.RedisKeyConstants; import com.lideeyunji.service.system.service.IOAuth2ClientService; import com.google.common.annotations.VisibleForTesting; +import com.lideeyunji.tool.framework.security.core.LoginUser; import lombok.extern.slf4j.Slf4j; import org.springframework.cache.annotation.CacheEvict; import org.springframework.cache.annotation.Cacheable; @@ -23,9 +30,15 @@ import org.springframework.validation.annotation.Validated; import javax.annotation.Resource; import java.util.Collection; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.stream.Collectors; import static com.lideeyunji.tool.framework.common.exception.util.ServiceExceptionUtil.exception; import static com.lideeyunji.service.system.constant.ErrorCodeConstants.*; +import static com.lideeyunji.tool.framework.security.core.util.SecurityFrameworkUtils.*; +import static com.lideeyunji.tool.framework.security.core.util.SecurityFrameworkUtils.getLoginRoleId; /** * OAuth2.0 Client Service 实现类 @@ -40,6 +53,13 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService { @Resource private OAuth2ClientMapper oauth2ClientMapper; + @Resource + private IClientPermissionService clientPermissionService; + @Resource + private IAdminUserService userService; + @Resource + private IPermissionService permissionService; + @Override public Long createOAuth2Client(OAuth2ClientSaveReqVO createReqVO) { validateClientIdExists(null, createReqVO.getClientId()); @@ -111,6 +131,41 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService { return oauth2ClientMapper.selectPage(pageReqVO); } + @Override + public PageResult getMyPage(OAuth2ClientPageReqVO pageReqVO) { + LoginUser loginUser = getLoginUser(); + if (loginUser == null) { + return new PageResult<>(); + } + boolean supAdminFlag = userService.isSupAdmin(loginUser.getId());//是否是超级管理员 + boolean tenantAdminFlag = userService.isTenantAdmin(loginUser.getId());//是否是租户管理员 + + //获取当前登录部门和角色 + Long loginDeptId = getLoginDeptId(); + Long loginRoleId = getLoginRoleId(); + + Set roleIds = new HashSet<>(); + if (supAdminFlag || tenantAdminFlag) {//超级管理员 或者租户管理员,直接查自身的所有权限 + roleIds = permissionService.getUserRoleIdListByUserId(getLoginUserId()); + } else { + if (loginRoleId != null) {//当前登录有角色 + if (loginRoleId == -1) {//该部门下的所有角色 + List userRoleList = userService.getUserRoleList(loginUser.getId(), loginDeptId); + roleIds = userRoleList.stream() + .map(UserRoleDO::getRoleId) + .collect(Collectors.toSet()); + } else { + roleIds.add(loginRoleId); + } + } + } + if (!CollUtil.isEmpty(roleIds)) { + Set clientIds = clientPermissionService.getRoleClientListByRoleId(roleIds); + pageReqVO.setIds(clientIds); + } + return oauth2ClientMapper.selectPage(pageReqVO); + } + @Override public OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType, Collection scopes, String redirectUri) { @@ -145,6 +200,11 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService { return client; } + @Override + public List getAllEnableClient() { + return oauth2ClientMapper.selectEnableList(); + } + /** * 获得自身的代理对象,解决 AOP 生效问题 * diff --git a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/PermissionServiceImpl.java b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/PermissionServiceImpl.java index febe703..ea522c0 100644 --- a/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/PermissionServiceImpl.java +++ b/lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/PermissionServiceImpl.java @@ -9,12 +9,10 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.collect.Sets; import com.lideeyunji.service.system.config.redis.RedisKeyConstants; import com.lideeyunji.service.system.dto.DeptDataPermissionRespDTO; -import com.lideeyunji.service.system.entity.MenuDO; -import com.lideeyunji.service.system.entity.RoleDO; -import com.lideeyunji.service.system.entity.RoleMenuDO; -import com.lideeyunji.service.system.entity.UserRoleDO; +import com.lideeyunji.service.system.entity.*; import com.lideeyunji.service.system.enums.DataScopeEnum; import com.lideeyunji.service.system.mapper.RoleMenuMapper; +import com.lideeyunji.service.system.mapper.RoleOAuth2ClientMapper; import com.lideeyunji.service.system.mapper.UserRoleMapper; import com.lideeyunji.service.system.service.*; import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum; @@ -33,6 +31,7 @@ import org.springframework.transaction.annotation.Transactional; import javax.annotation.Resource; import java.util.*; +import java.util.stream.Collectors; import static com.lideeyunji.tool.framework.common.util.collection.CollectionUtils.convertSet; import static com.lideeyunji.tool.framework.common.util.json.JsonUtils.toJsonString; @@ -50,6 +49,8 @@ public class PermissionServiceImpl implements IPermissionService { private RoleMenuMapper roleMenuMapper; @Resource private UserRoleMapper userRoleMapper; + @Resource + private RoleOAuth2ClientMapper roleOAuth2ClientMapper; @Resource private IRoleService roleService; @@ -409,6 +410,25 @@ public class PermissionServiceImpl implements IPermissionService { return true; } + @Override + @DSTransactional + public void assignRoleClient(Long roleId, Set clientIds) { + Set dbMenuIds = convertSet(roleOAuth2ClientMapper.selectListByRoleId(roleId), RoleOAuth2ClientDO::getOauthClientId); + Set menuIdList = CollUtil.emptyIfNull(clientIds); + Collection createMenuIds = CollUtil.subtract(menuIdList, dbMenuIds); + Collection deleteMenuIds = CollUtil.subtract(dbMenuIds, menuIdList); + if (CollUtil.isNotEmpty(createMenuIds)) { + roleOAuth2ClientMapper.insertBatch(CollectionUtils.convertList(createMenuIds, clientId -> { + RoleOAuth2ClientDO entity = new RoleOAuth2ClientDO(); + entity.setRoleId(roleId); + entity.setOauthClientId(clientId); + return entity; + })); + } + if (CollUtil.isNotEmpty(deleteMenuIds)) { + roleOAuth2ClientMapper.deleteListByRoleIdAndOauthClientId(roleId, deleteMenuIds); + } + } /**