数据权限绑定

2022-12-09 17:59:51 +08:00
parent 79cf1955e5
commit f31021f907
10 changed files with 1122 additions and 6 deletions
--- a/lms/nladmin-system/src/main/java/org/nl/sso/permission/rest/DataPermissionController.java
+++ b/lms/nladmin-system/src/main/java/org/nl/sso/permission/rest/DataPermissionController.java
@@ -0,0 +1,89 @@
+
+package org.nl.sso.permission.rest;
+
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import org.nl.sso.permission.service.DataPermissionService;
+import org.nl.sso.permission.service.dto.DataPermissionDto;
+import org.springframework.data.domain.Pageable;
+import lombok.RequiredArgsConstructor;
+import org.nl.modules.logging.annotation.Log;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import cn.dev33.satoken.annotation.SaCheckPermission;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+import io.swagger.annotations.*;
+import java.util.Map;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+* @author lyd
+* @date 2022-12-09
+**/
+@RestController
+@RequiredArgsConstructor
+@Api(tags = "数据权限管理")
+@RequestMapping("/api/dataPermission")
+@Slf4j
+public class DataPermissionController {
+
+    private final DataPermissionService dataPermissionService;
+
+    @GetMapping
+    @Log("查询数据权限")
+    @ApiOperation("查询数据权限")
+    //@SaCheckPermission("@el.check('dataPermission:list')")
+    public ResponseEntity<Object> query(@RequestParam Map whereJson, Pageable page){
+        return new ResponseEntity<>(dataPermissionService.queryAll(whereJson,page),HttpStatus.OK);
+    }
+
+    @PostMapping
+    @Log("新增数据权限")
+    @ApiOperation("新增数据权限")
+    //@SaCheckPermission("@el.check('dataPermission:add')")
+    public ResponseEntity<Object> create(@Validated @RequestBody DataPermissionDto dto){
+        dataPermissionService.create(dto);
+        return new ResponseEntity<>(HttpStatus.CREATED);
+    }
+
+    @PutMapping
+    @Log("修改数据权限")
+    @ApiOperation("修改数据权限")
+    //@SaCheckPermission("@el.check('dataPermission:edit')")
+    public ResponseEntity<Object> update(@Validated @RequestBody DataPermissionDto dto){
+        dataPermissionService.update(dto);
+        return new ResponseEntity<>(HttpStatus.NO_CONTENT);
+    }
+
+    @Log("删除数据权限")
+    @ApiOperation("删除数据权限")
+    //@SaCheckPermission("@el.check('dataPermission:del')")
+    @DeleteMapping
+    public ResponseEntity<Object> delete(@RequestBody Long[] ids) {
+        dataPermissionService.deleteAll(ids);
+        return new ResponseEntity<>(HttpStatus.OK);
+    }
+
+    @GetMapping("/scopeType")
+    @Log("获取数据权限范围")
+    @ApiOperation("获取数据权限范围")
+    public ResponseEntity<Object> getDataScopeType(){
+        return new ResponseEntity<>(dataPermissionService.getDataScopeType(),HttpStatus.OK);
+    }
+
+    @GetMapping("/dataPermissionOption")
+    @Log("获取数据权限下拉框")
+    @ApiOperation("获取数据权限下拉框")
+    public ResponseEntity<Object> getDataPermissionOption(){
+        return new ResponseEntity<>(dataPermissionService.getDataPermissionOption(),HttpStatus.OK);
+    }
+
+    @PostMapping("/saveDataPermission")
+    @Log("保存数据权限")
+    @ApiOperation("保存数据权限")
+    public ResponseEntity<Object> saveDataPermission(@RequestBody JSONObject datas){
+        dataPermissionService.savePermission(datas);
+        return new ResponseEntity<>(HttpStatus.CREATED);
+    }
+}
--- a/lms/nladmin-system/src/main/java/org/nl/sso/permission/service/DataPermissionService.java
+++ b/lms/nladmin-system/src/main/java/org/nl/sso/permission/service/DataPermissionService.java
@@ -0,0 +1,84 @@
+package org.nl.sso.permission.service;
+
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import org.nl.sso.permission.service.dto.DataPermissionDto;
+import org.springframework.data.domain.Pageable;
+import java.util.Map;
+import java.util.List;
+import java.io.IOException;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+* @description 服务接口
+* @author lyd
+* @date 2022-12-09
+**/
+public interface DataPermissionService {
+
+    /**
+    * 查询数据分页
+    * @param whereJson 条件
+    * @param page 分页参数
+    * @return Map<String,Object>
+    */
+    Map<String,Object> queryAll(Map whereJson, Pageable page);
+
+    /**
+    * 查询所有数据不分页
+    * @param whereJson 条件参数
+    * @return List<DataPermissionDto>
+    */
+    List<DataPermissionDto> queryAll(Map whereJson);
+
+    /**
+    * 根据ID查询
+    * @param permission_id ID
+    * @return DataPermission
+    */
+    DataPermissionDto findById(Long permission_id);
+
+    /**
+    * 根据编码查询
+    * @param code code
+    * @return DataPermission
+    */
+    DataPermissionDto findByCode(String code);
+
+
+    /**
+    * 创建
+    * @param dto /
+    */
+    void create(DataPermissionDto dto);
+
+    /**
+    * 编辑
+    * @param dto /
+    */
+    void update(DataPermissionDto dto);
+
+    /**
+    * 多选删除
+    * @param ids /
+    */
+    void deleteAll(Long[] ids);
+
+    /**
+     * 获取数据权限
+     * @return
+     */
+    JSONArray getDataScopeType();
+
+    /**
+     * 获取数据权限下拉框
+     * @return
+     */
+    JSONArray getDataPermissionOption();
+
+    /**
+     * 保存数据权限
+     * @param datas
+     */
+    void savePermission(JSONObject datas);
+}
--- a/lms/nladmin-system/src/main/java/org/nl/sso/permission/service/dto/DataPermissionDto.java
+++ b/lms/nladmin-system/src/main/java/org/nl/sso/permission/service/dto/DataPermissionDto.java
@@ -0,0 +1,54 @@
+package org.nl.sso.permission.service.dto;
+
+import lombok.Data;
+import java.math.BigDecimal;
+import java.io.Serializable;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
+
+/**
+* @description /
+* @author lyd
+* @date 2022-12-09
+**/
+@Data
+public class DataPermissionDto implements Serializable {
+
+    /** permission_id */
+    /** 防止精度丢失 */
+    @JsonSerialize(using= ToStringSerializer.class)
+    private Long permission_id;
+
+    /** 编码 */
+    private String code;
+
+    /** 名称 */
+    private String name;
+
+    /** 排序 */
+    private BigDecimal order_sort;
+
+    /** 备注 */
+    private String remark;
+
+    /** 是否删除 */
+    private String is_delete;
+
+    /** 创建人标识 */
+    private Long create_id;
+
+    /** 创建人 */
+    private String create_name;
+
+    /** 修改时间 */
+    private String update_time;
+
+    /*创建时间*/
+    private String create_time;
+
+    /** 修改人标识 */
+    private Long update_optid;
+
+    /** 修改人 */
+    private String update_optname;
+}
--- a/lms/nladmin-system/src/main/java/org/nl/sso/permission/service/impl/DataPermissionServiceImpl.java
+++ b/lms/nladmin-system/src/main/java/org/nl/sso/permission/service/impl/DataPermissionServiceImpl.java
@@ -0,0 +1,213 @@
+
+package org.nl.sso.permission.service.impl;
+
+import org.nl.modules.wql.WQL;
+import org.nl.sso.permission.service.DataPermissionService;
+import org.nl.sso.permission.service.dto.DataPermissionDto;
+import com.alibaba.fastjson.JSON;
+import lombok.RequiredArgsConstructor;
+import org.nl.sso.tools.MapOf;
+import org.nl.sso.tools.SecurityUtils;
+import org.springframework.stereotype.Service;
+import org.nl.modules.common.exception.BadRequestException;
+import org.springframework.transaction.annotation.Transactional;
+
+import org.springframework.data.domain.Pageable;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import cn.hutool.core.date.DateUtil;
+import cn.hutool.core.util.IdUtil;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import org.nl.modules.wql.core.bean.ResultBean;
+import org.nl.modules.wql.core.bean.WQLObject;
+import org.nl.modules.wql.util.WqlUtil;
+import lombok.extern.slf4j.Slf4j;
+import cn.hutool.core.util.ObjectUtil;
+
+/**
+* @description 服务实现
+* @author lyd
+* @date 2022-12-09
+**/
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class DataPermissionServiceImpl implements DataPermissionService {
+
+    @Override
+    public Map<String,Object> queryAll(Map whereJson, Pageable page){
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        ResultBean rb = wo.pagequery(WqlUtil.getHttpContext(page), "1=1", "update_time desc");
+        final JSONObject json = rb.pageResult();
+        return json;
+    }
+
+    @Override
+    public List<DataPermissionDto> queryAll(Map whereJson){
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        JSONArray arr = wo.query().getResultJSONArray(0);
+        if (ObjectUtil.isNotEmpty(arr)) return arr.toJavaList(DataPermissionDto.class);
+        return null;
+    }
+
+    @Override
+    public DataPermissionDto findById(Long permission_id) {
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        JSONObject json = wo.query("permission_id = '" + permission_id + "'").uniqueResult(0);
+        if (ObjectUtil.isNotEmpty(json)){
+            return  json.toJavaObject( DataPermissionDto.class);
+        }
+        return null;
+    }
+
+    @Override
+    public DataPermissionDto findByCode(String  code) {
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        JSONObject json = wo.query("code ='" + code + "'").uniqueResult(0);
+        if (ObjectUtil.isNotEmpty(json)){
+            return  json.toJavaObject( DataPermissionDto.class);
+        }
+        return null;
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void create(DataPermissionDto dto) {
+        Long currentUserId = SecurityUtils.getCurrentUserId();
+        String nickName = SecurityUtils.getCurrentNickName();
+        String now = DateUtil.now();
+
+        dto.setPermission_id(IdUtil.getSnowflake(1, 1).nextId());
+        dto.setCreate_id(currentUserId);
+        dto.setCreate_name(nickName);
+        dto.setUpdate_optid(currentUserId);
+        dto.setUpdate_optname(nickName);
+        dto.setUpdate_time(now);
+        dto.setCreate_time(now);
+
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        JSONObject json = JSONObject.parseObject(JSON.toJSONString(dto));
+        wo.insert(json);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void update(DataPermissionDto dto) {
+        DataPermissionDto entity = this.findById(dto.getPermission_id());
+        if (entity == null) throw new BadRequestException("被删除或无权限，操作失败!");
+
+        Long currentUserId = SecurityUtils.getCurrentUserId();
+        String nickName = SecurityUtils.getCurrentNickName();
+
+        String now = DateUtil.now();
+        dto.setUpdate_time(now);
+        dto.setUpdate_optid(currentUserId);
+        dto.setUpdate_optname(nickName);
+
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        JSONObject json = JSONObject.parseObject(JSON.toJSONString(dto));
+        wo.update(json);
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void deleteAll(Long[] ids) {
+        Long currentUserId = SecurityUtils.getCurrentUserId();
+        String nickName = SecurityUtils.getCurrentNickName();
+        String now = DateUtil.now();
+
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        for (Long permission_id: ids) {
+            JSONObject param = new JSONObject();
+            param.put("permission_id", String.valueOf(permission_id));
+            param.put("is_delete", "1");
+            param.put("update_optid", currentUserId);
+            param.put("update_optname", nickName);
+            param.put("update_time", now);
+            wo.update(param);
+        }
+    }
+
+    /**
+     * 获取数据权限
+     *
+     * @return
+     */
+    @Override
+    public JSONArray getDataScopeType() {
+        WQLObject wo = WQLObject.getWQLObject("sys_dict");
+        JSONArray array = wo.query(" code = 'permission_scope_type'").getResultJSONArray(0);
+        return array;
+    }
+
+    /**
+     * 获取数据权限下拉框
+     *
+     * @return
+     */
+    @Override
+    public JSONArray getDataPermissionOption() {
+        WQLObject wo = WQLObject.getWQLObject("sys_data_permission");
+        JSONArray jsonArray = wo.query().getResultJSONArray(0);
+        return jsonArray;
+    }
+
+    /**
+     * 保存数据权限
+     *
+     * @param datas
+     */
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void savePermission(JSONObject datas) {
+        String user_id = datas.getString("user_id");
+        JSONArray data = datas.getJSONArray("datas");
+        if (ObjectUtil.isEmpty(user_id)) throw new BadRequestException("用户不能为空");
+        WQLObject permissionTab = WQLObject.getWQLObject("sys_user_data_permission");  // 用户数据权限表
+        WQLObject scopeTab = WQLObject.getWQLObject("sys_data_scope");  // 用户数据权限表
+        // 删除用户绑定的数据
+        permissionTab.delete("user_id = '" + user_id + "'");
+        scopeTab.delete("self_user_id = '" + user_id + "'");
+        for (int i = 0; i < data.size(); i++) {
+            JSONObject scopeObj = data.getJSONObject(i);
+            String permission_scope_type = scopeObj.getString("value");
+            String permission_id = scopeObj.getString("permission_id");
+            // 保存用户数据权限
+            permissionTab.insert(MapOf.of("user_id", user_id,
+                    "permission_scope_type", permission_scope_type,
+                    "permission_id", permission_id));
+            JSONArray users = scopeObj.getJSONArray("users");
+            if (ObjectUtil.isNotEmpty(users)) { // 如果是用户直接将用户的id绑定进去
+                for (int j = 0; j < users.size(); j++) {
+                    JSONObject user = users.getJSONObject(j);
+                    String userId = user.getString("user_id");
+                    scopeTab.insert(MapOf.of("self_user_id", user_id,
+                            "permission_scope_type", permission_scope_type,
+                            "user_id", userId));
+                }
+            }
+            JSONArray depts = scopeObj.getJSONArray("depts");
+            if (ObjectUtil.isNotEmpty(depts)) { // 如果是部门，先根据部门id求出所有的用户id
+                for (int j = 0; j < depts.size(); j++) {
+                    JSONObject dept = depts.getJSONObject(j);
+                    JSONArray user_ids = WQL.getWO("Query").addParamMap(
+                            MapOf.of("flag", "1","dept_id", dept.getString("dept_id")))
+                            .process().getResultJSONArray(0);
+                    for (int k = 0; k < user_ids.size(); k++) {
+                        String userId = user_ids.getJSONObject(k).getString("user_id");
+                        scopeTab.insert(MapOf.of("self_user_id", user_id,
+                                "permission_scope_type", permission_scope_type,
+                                "dept_id", dept.getString("dept_id"),
+                                "user_id", userId));
+                    }
+                }
+            }
+        }
+    }
+}
--- a/lms/nladmin-system/src/main/java/org/nl/sso/permission/wql/Query.wql
+++ b/lms/nladmin-system/src/main/java/org/nl/sso/permission/wql/Query.wql
@@ -0,0 +1,54 @@
+[交易说明]
+	交易名：	数据权限相关查询
+	所属模块：
+	功能简述：
+	版权所有：
+	表引用：
+	版本经历：
+
+[数据库]
+	--指定数据库，为空采用默认值，默认为db.properties中列出的第一个库
+
+[IO定义]
+	#################################################
+	##			表字段对应输入参数
+	#################################################
+	输入.flag					                 TYPEAS s_string
+	输入.dept_id					         TYPEAS s_string
+
+[临时表]
+	--这边列出来的临时表就会在运行期动态创建
+
+[临时变量]
+	--所有中间过程变量均可在此处定义
+
+[业务过程]
+
+	##########################################
+	#			1、输入输出检查				 #
+	##########################################
+
+
+	##########################################
+	#			2、主过程前处理				 #
+	##########################################
+
+
+	##########################################
+	#			3、业务主过程			 	 #
+	##########################################
+
+    IF 输入.flag = "1"
+		PAGEQUERY
+            SELECT
+            	DISTINCT user_id
+            FROM
+            	sys_user_dept
+            WHERE
+            	1 = 1
+                OPTION 输入.dept_id <> ""
+                     dept_id = 输入.dept_id
+                ENDOPTION
+            ENDSELECT
+		ENDPAGEQUERY
+	ENDIF