应用权限功能

lidee-admin/src/main/resources/application-local.yaml

@@ -18,7 +18,7 @@ spring:
           password: qihua
         slave: # 日志库单独
           lazy: true # 开启懒加载，保证启动速度
-          url: jdbc:mysql://10.9.0.16:3307/dgr_repoort?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&lowerCaseTableNames=1 # MySQL Connector/J 8.X 连接的示例
+          url: jdbc:mysql://10.9.0.16:3307/gr_repoort?useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true&nullCatalogMeansCurrent=true&lowerCaseTableNames=1 # MySQL Connector/J 8.X 连接的示例
           username: root
           password: qihua
         bidb: # 日志库单独

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/OAuth2ClientController.java

@@ -1,13 +1,14 @@
 package com.lideeyunji.service.system.controller;
 
-import com.lideeyunji.tool.framework.common.pojo.CommonResult;
-import com.lideeyunji.tool.framework.common.pojo.PageResult;
-import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPageReqVO;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientRespVO;
 import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientSaveReqVO;
 import com.lideeyunji.service.system.entity.OAuth2ClientDO;
+import com.lideeyunji.service.system.service.IAdminUserService;
 import com.lideeyunji.service.system.service.IOAuth2ClientService;
+import com.lideeyunji.tool.framework.common.pojo.CommonResult;
+import com.lideeyunji.tool.framework.common.pojo.PageResult;
+import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
@@ -70,4 +71,12 @@ public class OAuth2ClientController {
         return success(BeanUtils.toBean(pageResult, OAuth2ClientRespVO.class));
     }
 
+    @GetMapping("/myPage")
+    @Operation(tags = "OAuth2.0管理",summary = "获得用户角色下 OAuth2 客户端分页")
+    @PreAuthorize("@ss.hasPermission('system:oauth2-client:query')")
+    public CommonResult<PageResult<OAuth2ClientRespVO>> getMyPage(@Valid OAuth2ClientPageReqVO pageVO) {
+        PageResult<OAuth2ClientDO> pageResult = oAuth2ClientService.getMyPage(pageVO);
+        return success(BeanUtils.toBean(pageResult, OAuth2ClientRespVO.class));
+    }
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/PermissionController.java

@@ -1,6 +1,7 @@
 package com.lideeyunji.service.system.controller;
 
 import cn.hutool.core.collection.CollUtil;
+import com.lideeyunji.service.system.service.IClientPermissionService;
 import com.lideeyunji.tool.framework.common.pojo.CommonResult;
 import com.lideeyunji.service.system.controller.vo.permission.permission.PermissionAssignRoleDataScopeReqVO;
 import com.lideeyunji.service.system.controller.vo.permission.permission.PermissionAssignRoleMenuReqVO;
@@ -34,6 +35,8 @@ public class PermissionController {
     private IPermissionService permissionService;
     @Resource
     private ITenantService tenantService;
+    @Resource
+    private IClientPermissionService clientPermissionService;
 
     @Operation(tags = "菜单管理",summary = "获得角色拥有的菜单编号")
     @Parameter(name = "roleId", description = "角色编号", required = true)
@@ -79,4 +82,20 @@ public class PermissionController {
         return success(true);
     }
 
+    @PostMapping("/assign-role-client")
+    @Operation(tags = "角色管理",summary = "赋予角色应用")
+    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-app')")
+    public CommonResult<Boolean> assignRoleClient(@Validated @RequestBody PermissionAssignRoleMenuReqVO reqVO) {
+        permissionService.assignRoleClient(reqVO.getRoleId(), reqVO.getClientIds());
+        return success(true);
+    }
+
+    @Operation(tags = "角色管理",summary = "获得角色拥有的应用id")
+    @Parameter(name = "roleId", description = "角色编号", required = true)
+    @GetMapping("/list-role-clients")
+    @PreAuthorize("@ss.hasPermission('system:permission:assign-role-menu')")
+    public CommonResult<Set<Long>> getRoleClientList(Long roleId) {
+        return success(clientPermissionService.getRoleClientListByRoleId(roleId));
+    }
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientPageReqVO.java

@@ -4,6 +4,8 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.*;
 import com.lideeyunji.tool.framework.common.pojo.PageParam;
 
+import java.util.Set;
+
 @Schema(description = "管理后台 - OAuth2 客户端分页 Request VO")
 @Data
 @EqualsAndHashCode(callSuper = true)
@@ -16,4 +18,7 @@ public class OAuth2ClientPageReqVO extends PageParam {
     @Schema(description = "状态，参见 CommonStatusEnum 枚举", example = "1")
     private Integer status;
 
+    @Schema(description = "应用id", example = "[1]")
+    private Set<Long> ids;
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/oauth2/client/OAuth2ClientSaveReqVO.java

@@ -60,6 +60,7 @@ public class OAuth2ClientSaveReqVO {
 
 
     @Schema(description = "可重定向的 URI 地址", requiredMode = Schema.RequiredMode.REQUIRED, example = "https://www.iocoder.cn")
+    @NotNull(message = "可重定向的 URI 地址不能为空")
     private String redirectUris;
 
     @Schema(description = "授权类型，参见 OAuth2GrantTypeEnum 枚举", requiredMode = Schema.RequiredMode.REQUIRED, example = "password")

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/controller/vo/permission/permission/PermissionAssignRoleMenuReqVO.java

@@ -18,4 +18,7 @@ public class PermissionAssignRoleMenuReqVO {
     @Schema(description = "菜单编号列表", example = "1,3,5")
     private Set<Long> menuIds = Collections.emptySet(); // 兜底
 
+    @Schema(description = "应用id列表", example = "1,3,5")
+    private Set<Long> clientIds = Collections.emptySet();
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/entity/RoleOAuth2ClientDO.java

@@ -0,0 +1,34 @@
+package com.lideeyunji.service.system.entity;
+
+import com.baomidou.mybatisplus.annotation.KeySequence;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+import com.lideeyunji.tool.framework.mybatis.core.dataobject.BaseDO;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * OAuth2 客户端和角色关联
+ *
+ */
+@TableName(value = "system_role_oauth2_client", autoResultMap = true)
+@KeySequence("system_role_oauth2_client_seq") // 用于 Oracle、PostgreSQL、Kingbase、DB2、H2 数据库的主键自增。如果是 MySQL 等数据库，可不写。
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class RoleOAuth2ClientDO extends BaseDO {
+    /**
+     * 自增主键
+     */
+    @TableId
+    private Long id;
+
+    /**
+     * 角色ID
+     */
+    private Long roleId;
+    /**
+     * 菜单ID
+     */
+    private Long oauthClientId;
+
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/OAuth2ClientMapper.java

@@ -7,6 +7,8 @@ import com.lideeyunji.service.system.controller.vo.oauth2.client.OAuth2ClientPag
 import com.lideeyunji.service.system.entity.OAuth2ClientDO;
 import org.apache.ibatis.annotations.Mapper;
 
+import java.util.List;
+
 
 /**
  * OAuth2 客户端 Mapper
@@ -20,6 +22,7 @@ public interface OAuth2ClientMapper extends BaseMapperX<OAuth2ClientDO> {
         return selectPage(reqVO, new LambdaQueryWrapperX<OAuth2ClientDO>()
                 .likeIfPresent(OAuth2ClientDO::getName, reqVO.getName())
                 .eqIfPresent(OAuth2ClientDO::getStatus, reqVO.getStatus())
+                .inIfPresent(OAuth2ClientDO::getId, reqVO.getIds())
                 .orderByDesc(OAuth2ClientDO::getId));
     }
 
@@ -27,4 +30,9 @@ public interface OAuth2ClientMapper extends BaseMapperX<OAuth2ClientDO> {
         return selectOne(OAuth2ClientDO::getClientId, clientId);
     }
 
+    default List<OAuth2ClientDO> selectEnableList() {
+        return selectList(new LambdaQueryWrapperX<OAuth2ClientDO>()
+                .eq(OAuth2ClientDO::getStatus, 0));
+    }
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/mapper/RoleOAuth2ClientMapper.java

@@ -0,0 +1,36 @@
+package com.lideeyunji.service.system.mapper;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.lideeyunji.service.system.entity.RoleOAuth2ClientDO;
+import com.lideeyunji.tool.framework.mybatis.core.mapper.BaseMapperX;
+import org.apache.ibatis.annotations.Mapper;
+
+import java.util.Collection;
+import java.util.List;
+
+@Mapper
+public interface RoleOAuth2ClientMapper extends BaseMapperX<RoleOAuth2ClientDO> {
+
+    default List<RoleOAuth2ClientDO> selectListByRoleId(Long roleId) {
+        return selectList(RoleOAuth2ClientDO::getRoleId, roleId);
+    }
+
+    default List<RoleOAuth2ClientDO> selectListByRoleId(Collection<Long> roleIds) {
+        return selectList(RoleOAuth2ClientDO::getRoleId, roleIds);
+    }
+
+    default List<RoleOAuth2ClientDO> selectListByMenuId(Long clientId) {
+        return selectList(RoleOAuth2ClientDO::getOauthClientId, clientId);
+    }
+
+    default void deleteListByRoleIdAndOauthClientId(Long roleId, Collection<Long> clientIds) {
+        delete(new LambdaQueryWrapper<RoleOAuth2ClientDO>()
+                .eq(RoleOAuth2ClientDO::getRoleId, roleId)
+                .in(RoleOAuth2ClientDO::getOauthClientId, clientIds));
+    }
+
+    default void deleteListByRoleId(Long roleId) {
+        delete(new LambdaQueryWrapper<RoleOAuth2ClientDO>().eq(RoleOAuth2ClientDO::getRoleId, roleId));
+    }
+
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IClientPermissionService.java

@@ -0,0 +1,20 @@
+package com.lideeyunji.service.system.service;
+import java.util.Collection;
+import java.util.Set;
+import static java.util.Collections.singleton;
+/**
+ * 应用权限接口
+ */
+public interface IClientPermissionService {
+
+     /**
+     * 获得角色拥有的应用id集合
+     *
+     * @param roleId 角色编号
+     * @return 应用id集合
+     */
+    default Set<Long> getRoleClientListByRoleId(Long roleId) {
+        return getRoleClientListByRoleId(singleton(roleId));
+    }
+     Set<Long> getRoleClientListByRoleId(Collection<Long> roleIds);
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IOAuth2ClientService.java

@@ -7,6 +7,7 @@ import com.lideeyunji.service.system.entity.OAuth2ClientDO;
 
 import javax.validation.Valid;
 import java.util.Collection;
+import java.util.List;
 
 /**
  * OAuth2.0 Client Service 接口
@@ -63,6 +64,14 @@ public interface IOAuth2ClientService {
      */
     PageResult<OAuth2ClientDO> getOAuth2ClientPage(OAuth2ClientPageReqVO pageReqVO);
 
+    /**
+     * 获得 OAuth2 客户端分页
+     *
+     * @param pageReqVO 分页查询
+     * @return OAuth2 客户端分页
+     */
+    PageResult<OAuth2ClientDO> getMyPage(OAuth2ClientPageReqVO pageReqVO);
+
     /**
      * 从缓存中，校验客户端是否合法
      *
@@ -87,4 +96,10 @@ public interface IOAuth2ClientService {
     OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType,
                                              Collection<String> scopes, String redirectUri);
 
+    /**
+     * 获取所有启用应用
+     * @return 应用列表
+     */
+    List<OAuth2ClientDO> getAllEnableClient();
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/IPermissionService.java

@@ -152,4 +152,12 @@ public interface IPermissionService {
     //清除缓存
     Boolean clearCache(Long userId);
 
+    /**
+     * 设置角色应用
+     *
+     * @param roleId  角色编号
+     * @param clientIds 应用集合id
+     */
+    void assignRoleClient(Long roleId, Set<Long> clientIds);
+
 }

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/ClientPermissionServiceImpl.java

@@ -0,0 +1,51 @@
+package com.lideeyunji.service.system.service.impl;
+
+import cn.hutool.core.collection.CollUtil;
+import com.lideeyunji.service.system.entity.OAuth2ClientDO;
+import com.lideeyunji.service.system.entity.RoleOAuth2ClientDO;
+import com.lideeyunji.service.system.mapper.RoleOAuth2ClientMapper;
+import com.lideeyunji.service.system.service.IClientPermissionService;
+import com.lideeyunji.service.system.service.IOAuth2ClientService;
+import com.lideeyunji.service.system.service.IRoleService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.stereotype.Service;
+import org.springframework.validation.annotation.Validated;
+
+import javax.annotation.Resource;
+import java.util.*;
+import java.util.stream.Collectors;
+
+import static com.lideeyunji.tool.framework.common.util.collection.CollectionUtils.convertSet;
+
+@Service
+@Validated
+@Slf4j
+public class ClientPermissionServiceImpl implements IClientPermissionService {
+    @Resource
+    private RoleOAuth2ClientMapper roleOAuth2ClientMapper;
+    @Resource
+    private IRoleService roleService;
+
+    @Lazy
+    @Resource
+    private IOAuth2ClientService ioAuth2ClientService;
+
+    public Set<Long> getRoleClientListByRoleId(Collection<Long> roleIds) {
+        if (CollUtil.isEmpty(roleIds)) {
+            return Collections.emptySet();
+        }
+
+        if (roleService.hasAnySuperAdmin(roleIds)) {
+            List<OAuth2ClientDO> allEnableClient = ioAuth2ClientService.getAllEnableClient();
+            return Optional.ofNullable(allEnableClient)
+                    .map(all -> all.stream()
+                            .map(OAuth2ClientDO::getId)
+                            .collect(Collectors.toSet()))
+                    .orElse(new HashSet<>());
+        }
+
+        return convertSet(roleOAuth2ClientMapper.selectListByRoleId(roleIds),
+                RoleOAuth2ClientDO::getOauthClientId);
+    }
+}

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/OAuth2ClientServiceImpl.java

@@ -1,9 +1,15 @@
 package com.lideeyunji.service.system.service.impl;
 
 import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.stream.CollectorUtil;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.spring.SpringUtil;
+import com.lideeyunji.service.system.entity.AdminUserDO;
+import com.lideeyunji.service.system.entity.UserRoleDO;
+import com.lideeyunji.service.system.service.IAdminUserService;
+import com.lideeyunji.service.system.service.IClientPermissionService;
+import com.lideeyunji.service.system.service.IPermissionService;
 import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum;
 import com.lideeyunji.tool.framework.common.pojo.PageResult;
 import com.lideeyunji.tool.framework.common.util.object.BeanUtils;
@@ -15,6 +21,7 @@ import com.lideeyunji.service.system.mapper.OAuth2ClientMapper;
 import com.lideeyunji.service.system.config.redis.RedisKeyConstants;
 import com.lideeyunji.service.system.service.IOAuth2ClientService;
 import com.google.common.annotations.VisibleForTesting;
+import com.lideeyunji.tool.framework.security.core.LoginUser;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
@@ -23,9 +30,15 @@ import org.springframework.validation.annotation.Validated;
 
 import javax.annotation.Resource;
 import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
 
 import static com.lideeyunji.tool.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.lideeyunji.service.system.constant.ErrorCodeConstants.*;
+import static com.lideeyunji.tool.framework.security.core.util.SecurityFrameworkUtils.*;
+import static com.lideeyunji.tool.framework.security.core.util.SecurityFrameworkUtils.getLoginRoleId;
 
 /**
  * OAuth2.0 Client Service 实现类
@@ -40,6 +53,13 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService {
     @Resource
     private OAuth2ClientMapper oauth2ClientMapper;
 
+    @Resource
+    private IClientPermissionService clientPermissionService;
+    @Resource
+    private IAdminUserService userService;
+    @Resource
+    private IPermissionService permissionService;
+
     @Override
     public Long createOAuth2Client(OAuth2ClientSaveReqVO createReqVO) {
         validateClientIdExists(null, createReqVO.getClientId());
@@ -111,6 +131,41 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService {
         return oauth2ClientMapper.selectPage(pageReqVO);
     }
 
+    @Override
+    public PageResult<OAuth2ClientDO> getMyPage(OAuth2ClientPageReqVO pageReqVO) {
+        LoginUser loginUser = getLoginUser();
+        if (loginUser == null) {
+            return new PageResult<>();
+        }
+        boolean supAdminFlag = userService.isSupAdmin(loginUser.getId());//是否是超级管理员
+        boolean tenantAdminFlag = userService.isTenantAdmin(loginUser.getId());//是否是租户管理员
+
+        //获取当前登录部门和角色
+        Long loginDeptId = getLoginDeptId();
+        Long loginRoleId = getLoginRoleId();
+
+        Set<Long> roleIds = new HashSet<>();
+        if (supAdminFlag || tenantAdminFlag) {//超级管理员 或者租户管理员，直接查自身的所有权限
+            roleIds = permissionService.getUserRoleIdListByUserId(getLoginUserId());
+        } else {
+            if (loginRoleId != null) {//当前登录有角色
+                if (loginRoleId == -1) {//该部门下的所有角色
+                    List<UserRoleDO> userRoleList = userService.getUserRoleList(loginUser.getId(), loginDeptId);
+                    roleIds = userRoleList.stream()
+                            .map(UserRoleDO::getRoleId)
+                            .collect(Collectors.toSet());
+                } else {
+                    roleIds.add(loginRoleId);
+                }
+            }
+        }
+        if (!CollUtil.isEmpty(roleIds)) {
+            Set<Long> clientIds = clientPermissionService.getRoleClientListByRoleId(roleIds);
+            pageReqVO.setIds(clientIds);
+        }
+        return oauth2ClientMapper.selectPage(pageReqVO);
+    }
+
     @Override
     public OAuth2ClientDO validOAuthClientFromCache(String clientId, String clientSecret, String authorizedGrantType,
                                                     Collection<String> scopes, String redirectUri) {
@@ -145,6 +200,11 @@ public class OAuth2ClientServiceImpl implements IOAuth2ClientService {
         return client;
     }
 
+    @Override
+    public List<OAuth2ClientDO> getAllEnableClient() {
+        return oauth2ClientMapper.selectEnableList();
+    }
+
     /**
      * 获得自身的代理对象，解决 AOP 生效问题
      *

lidee-service/lidee-service-system-biz/src/main/java/com/lideeyunji/service/system/service/impl/PermissionServiceImpl.java

@@ -9,12 +9,10 @@ import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.Sets;
 import com.lideeyunji.service.system.config.redis.RedisKeyConstants;
 import com.lideeyunji.service.system.dto.DeptDataPermissionRespDTO;
-import com.lideeyunji.service.system.entity.MenuDO;
+import com.lideeyunji.service.system.entity.*;
-import com.lideeyunji.service.system.entity.RoleDO;
-import com.lideeyunji.service.system.entity.RoleMenuDO;
-import com.lideeyunji.service.system.entity.UserRoleDO;
 import com.lideeyunji.service.system.enums.DataScopeEnum;
 import com.lideeyunji.service.system.mapper.RoleMenuMapper;
+import com.lideeyunji.service.system.mapper.RoleOAuth2ClientMapper;
 import com.lideeyunji.service.system.mapper.UserRoleMapper;
 import com.lideeyunji.service.system.service.*;
 import com.lideeyunji.tool.framework.common.enums.CommonStatusEnum;
@@ -33,6 +31,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import javax.annotation.Resource;
 import java.util.*;
+import java.util.stream.Collectors;
 
 import static com.lideeyunji.tool.framework.common.util.collection.CollectionUtils.convertSet;
 import static com.lideeyunji.tool.framework.common.util.json.JsonUtils.toJsonString;
@@ -50,6 +49,8 @@ public class PermissionServiceImpl implements IPermissionService {
     private RoleMenuMapper roleMenuMapper;
     @Resource
     private UserRoleMapper userRoleMapper;
+    @Resource
+    private RoleOAuth2ClientMapper roleOAuth2ClientMapper;
 
     @Resource
     private IRoleService roleService;
@@ -409,6 +410,25 @@ public class PermissionServiceImpl implements IPermissionService {
         return true;
     }
 
+    @Override
+    @DSTransactional
+    public void assignRoleClient(Long roleId, Set<Long> clientIds) {
+        Set<Long> dbMenuIds = convertSet(roleOAuth2ClientMapper.selectListByRoleId(roleId), RoleOAuth2ClientDO::getOauthClientId);
+        Set<Long> menuIdList = CollUtil.emptyIfNull(clientIds);
+        Collection<Long> createMenuIds = CollUtil.subtract(menuIdList, dbMenuIds);
+        Collection<Long> deleteMenuIds = CollUtil.subtract(dbMenuIds, menuIdList);
+        if (CollUtil.isNotEmpty(createMenuIds)) {
+            roleOAuth2ClientMapper.insertBatch(CollectionUtils.convertList(createMenuIds, clientId -> {
+                RoleOAuth2ClientDO entity = new RoleOAuth2ClientDO();
+                entity.setRoleId(roleId);
+                entity.setOauthClientId(clientId);
+                return entity;
+            }));
+        }
+        if (CollUtil.isNotEmpty(deleteMenuIds)) {
+            roleOAuth2ClientMapper.deleteListByRoleIdAndOauthClientId(roleId, deleteMenuIds);
+        }
+    }
 
 
     /**