center/dataease-dm
center/dataease-dm
13
0
Fork 0
forked from github/dataease
Code Pull Requests Activity

feat(X-Pack): 重构行权限

Browse Source
This commit is contained in:
junjun 2022-07-11 16:42:43 +08:00
parent f056feef1a
commit 00cf97e035
2 changed files with 219 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
backend/src/main/java/io/dataease/plugins/server/RowPermissionsTreeController.java Normal file
View File

@ -0,0 +1,63 @@
package io.dataease.plugins.server;
import io.dataease.auth.annotation.DePermission;
import io.dataease.commons.constants.DePermissionType;
import io.dataease.commons.constants.ResourceAuthLevel;
import io.dataease.plugins.common.request.permission.DataSetRowPermissionsTreeDTO;
import io.dataease.plugins.config.SpringContextUtil;
import io.dataease.plugins.xpack.auth.service.RowPermissionTreeService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
//@ApiIgnore
@Api(tags = "行权限")
@RestController
@RequestMapping("plugin/dataset/rowPermissionsTree")
public class RowPermissionsTreeController {
@DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
@ApiOperation("保存")
@PostMapping("save")
public void save(@RequestBody DataSetRowPermissionsTreeDTO request) {
RowPermissionTreeService rowPermissionTreeService = SpringContextUtil.getBean(RowPermissionTreeService.class);
rowPermissionTreeService.save(request);
}
@DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
@ApiOperation("删除")
@PostMapping("delete")
public void delete(@RequestBody DataSetRowPermissionsTreeDTO request) {
RowPermissionTreeService rowPermissionTreeService = SpringContextUtil.getBean(RowPermissionTreeService.class);
rowPermissionTreeService.delete(request.getId());
}
@DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
@ApiOperation("根据ID查找行权限")
@PostMapping("getById")
public DataSetRowPermissionsTreeDTO getById(@RequestBody DataSetRowPermissionsTreeDTO request) {
RowPermissionTreeService rowPermissionTreeService = SpringContextUtil.getBean(RowPermissionTreeService.class);
return rowPermissionTreeService.get(request);
}
@DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
@ApiOperation("根据数据集、当前组织/角色/用户查找行权限")
@PostMapping("get")
public DataSetRowPermissionsTreeDTO getBy(@RequestBody DataSetRowPermissionsTreeDTO request) {
RowPermissionTreeService rowPermissionTreeService = SpringContextUtil.getBean(RowPermissionTreeService.class);
return rowPermissionTreeService.get(request);
}
@DePermission(type = DePermissionType.DATASET, value = "datasetId", level = ResourceAuthLevel.DATASET_LEVEL_MANAGE)
@ApiOperation("根据数据集查找行权限")
@PostMapping("getByDs")
public List<DataSetRowPermissionsTreeDTO> getByDs(@RequestBody DataSetRowPermissionsTreeDTO request) {
RowPermissionTreeService rowPermissionTreeService = SpringContextUtil.getBean(RowPermissionTreeService.class);
return rowPermissionTreeService.list(request);
}
}

156
backend/src/main/java/io/dataease/service/dataset/PermissionsTreeService.java Normal file
View File

@ -0,0 +1,156 @@
package io.dataease.service.dataset;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import io.dataease.auth.api.dto.CurrentRoleDto;
import io.dataease.auth.entity.SysUserEntity;
import io.dataease.auth.service.AuthUserService;
import io.dataease.commons.utils.AuthUtils;
import io.dataease.plugins.common.base.domain.DatasetTable;
import io.dataease.plugins.common.base.domain.DatasetTableField;
import io.dataease.plugins.common.request.permission.DataSetRowPermissionsTreeDTO;
import io.dataease.plugins.common.request.permission.DatasetRowPermissionsTreeItem;
import io.dataease.plugins.common.request.permission.DatasetRowPermissionsTreeObj;
import io.dataease.plugins.config.SpringContextUtil;
import io.dataease.plugins.xpack.auth.service.RowPermissionTreeService;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.*;
import java.util.stream.Collectors;
@Service
public class PermissionsTreeService {
@Resource
private AuthUserService authUserService;
@Resource
private DataSetTableFieldsService dataSetTableFieldsService;
public List<DataSetRowPermissionsTreeDTO> getRowPermissionsTree(List<DatasetTableField> fields, DatasetTable datasetTable, Long user) {
// 获取当前数据集下当前用户角色组织所有的行权限非白名单非禁用
List<DataSetRowPermissionsTreeDTO> records = rowPermissionsTree(datasetTable.getId(), user);
// 构建权限tree中的field如果field不存在置为null
for (DataSetRowPermissionsTreeDTO record : records) {
getField(record.getTree());
}
return records;
}
private List<DataSetRowPermissionsTreeDTO> rowPermissionsTree(String datasetId, Long userId) {
List<DataSetRowPermissionsTreeDTO> datasetRowPermissions = new ArrayList<>();
Map<String, RowPermissionTreeService> beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((RowPermissionTreeService.class));
if (beansOfType.keySet().size() == 0) {
return datasetRowPermissions;
}
RowPermissionTreeService rowPermissionTreeService = SpringContextUtil.getBean(RowPermissionTreeService.class);
SysUserEntity userEntity = userId != null ? authUserService.getUserById(userId) : AuthUtils.getUser();
List<Long> roleIds = new ArrayList<>();
Long deptId = null;
if (userEntity == null) {
return datasetRowPermissions;
}
if (userEntity.getIsAdmin()) {
return datasetRowPermissions;
}
userId = userEntity.getUserId();
deptId = userEntity.getDeptId();
List<CurrentRoleDto> currentRoleDtos = authUserService.roleInfos(userId);
roleIds = currentRoleDtos.stream().map(CurrentRoleDto::getId).collect(Collectors.toList());
DataSetRowPermissionsTreeDTO dataSetRowPermissionsDTO = new DataSetRowPermissionsTreeDTO();
dataSetRowPermissionsDTO.setDatasetId(datasetId);
dataSetRowPermissionsDTO.setEnable(true);
if (ObjectUtils.isNotEmpty(userId)) {
dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(userId));
dataSetRowPermissionsDTO.setAuthTargetType("user");
datasetRowPermissions.addAll(rowPermissionTreeService.list(dataSetRowPermissionsDTO));
}
if (ObjectUtils.isNotEmpty(roleIds)) {
dataSetRowPermissionsDTO.setAuthTargetIds(roleIds);
dataSetRowPermissionsDTO.setAuthTargetType("role");
datasetRowPermissions.addAll(rowPermissionTreeService.list(dataSetRowPermissionsDTO));
}
if (ObjectUtils.isNotEmpty(deptId)) {
dataSetRowPermissionsDTO.setAuthTargetIds(Collections.singletonList(deptId));
dataSetRowPermissionsDTO.setAuthTargetType("dept");
datasetRowPermissions.addAll(rowPermissionTreeService.list(dataSetRowPermissionsDTO));
}
if (ObjectUtils.isNotEmpty(deptId)) {
dataSetRowPermissionsDTO.setAuthTargetIds(null);
dataSetRowPermissionsDTO.setAuthTargetType("sysParams");
datasetRowPermissions.addAll(rowPermissionTreeService.list(dataSetRowPermissionsDTO));
}
// 若当前用户是白名单中的则忽略permission tree
// 若当前规则是系统变量则替换变量
List<DataSetRowPermissionsTreeDTO> result = new ArrayList<>();
Gson gson = new Gson();
for (DataSetRowPermissionsTreeDTO record : datasetRowPermissions) {
List<Long> userIdList = gson.fromJson(record.getWhiteListUser(), new TypeToken<List<Long>>() {
}.getType());
List<Long> roleIdList = gson.fromJson(record.getWhiteListRole(), new TypeToken<List<Long>>() {
}.getType());
List<Long> deptIdList = gson.fromJson(record.getWhiteListDept(), new TypeToken<List<Long>>() {
}.getType());
if (ObjectUtils.isNotEmpty(userId) && ObjectUtils.isNotEmpty(userIdList) && userIdList.contains(userId)) {
continue;
}
if (ObjectUtils.isNotEmpty(roleIds) && ObjectUtils.isNotEmpty(roleIdList) && ObjectUtils.isNotEmpty(intersectionForList(roleIds, roleIdList))) {
continue;
}
if (ObjectUtils.isNotEmpty(deptIdList) && ObjectUtils.isNotEmpty(deptIdList) && deptIdList.contains(deptId)) {
continue;
}
// 替换系统变量
if (StringUtils.equalsIgnoreCase(record.getAuthTargetType(), "sysParams")) {
String expressionTree = record.getExpressionTree();
expressionTree = expressionTree.replaceAll("\\$\\{sysParams\\.userId}", userEntity.getUsername());
expressionTree = expressionTree.replaceAll("\\$\\{sysParams\\.userName}", userEntity.getNickName());
expressionTree = expressionTree.replaceAll("\\$\\{sysParams\\.userEmail}", userEntity.getEmail());
expressionTree = expressionTree.replaceAll("\\$\\{sysParams\\.userSource}", userEntity.getFrom() == 0 ? "LOCAL" : "OIDC");
expressionTree = expressionTree.replaceAll("\\$\\{sysParams\\.dept}", userEntity.getDeptName());
expressionTree = expressionTree.replaceAll("\\$\\{sysParams\\.roles}", String.join(",", currentRoleDtos.stream().map(CurrentRoleDto::getName).collect(Collectors.toList())));
record.setExpressionTree(expressionTree);
DatasetRowPermissionsTreeObj tree = gson.fromJson(expressionTree, DatasetRowPermissionsTreeObj.class);
record.setTree(tree);
}
result.add(record);
}
return result;
}
private List<Long> intersectionForList(List<Long> list1, List<Long> list2) {
List<Long> result = new ArrayList<>();
for (Long id : list1) {
if (list2.contains(id)) {
result.add(id);
}
}
return result;
}
private void getField(DatasetRowPermissionsTreeObj tree) {
if (ObjectUtils.isNotEmpty(tree)) {
if (ObjectUtils.isNotEmpty(tree.getItems())) {
for (DatasetRowPermissionsTreeItem item : tree.getItems()) {
if (ObjectUtils.isNotEmpty(item)) {
if (StringUtils.equalsIgnoreCase(item.getType(), "item")) {
item.setField(dataSetTableFieldsService.selectByPrimaryKey(item.getFieldId()));
} else if (StringUtils.equalsIgnoreCase(item.getType(), "tree")) {
getField(item.getSubTree());
}
}
}
}
}
}
}