diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java new file mode 100644 index 00000000..7a224a82 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java @@ -0,0 +1,79 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app; + +import java.io.Serial; + +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.common.enums.PermissionActionType; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; + +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.experimental.Accessors; + +import jakarta.persistence.*; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + +/** + * 应用权限 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/11/2 21:05 + */ +@Getter +@Setter +@ToString +@Entity +@Accessors(chain = true) +@Table(name = "app_permission_action") +@SQLDelete(sql = "update app_permission_action set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionActionEntity extends LogicDeleteEntity { + + @Serial + private static final long serialVersionUID = -3954680915360748087L; + + /** + * 权限值 + */ + @Column(name = "value_") + private String value; + /** + * 描述 + */ + @Column(name = "name_") + private String name; + + /** + * 权限类型 + */ + @Column(name = "type_") + private PermissionActionType type; + + /** + * 资源 + */ + @ManyToOne + @JoinColumn(name = "resource_id") + private AppPermissionResourceEntity resource; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java new file mode 100644 index 00000000..42ed8177 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java @@ -0,0 +1,86 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app; + +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; + +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.experimental.Accessors; + +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.Table; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + +/** + * 应用策略 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/11/4 19:41 + */ +@Getter +@Setter +@ToString +@Entity +@Accessors(chain = true) +@Table(name = "app_permission_policy") +@SQLDelete(sql = "update app_permission_policy set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionPolicyEntity extends LogicDeleteEntity { + + /** + * 应用id + */ + @Column(name = "app_id") + private Long appId; + + /** + * 权限主体ID(用户、角色、分组、组织机构) + */ + @Column(name = "subject_id") + private String subjectId; + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @Column(name = "subject_type") + private AppPolicySubjectType subjectType; + /** + * 权限客体ID(权限、角色) + */ + @Column(name = "object_id") + private Long objectId; + /** + * 权限客体类型(权限、角色) + */ + @Column(name = "object_type") + private AppPolicyObjectType objectType; + /** + * Effect + */ + @Column(name = "effect_") + private AppPolicyEffect effect; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java new file mode 100644 index 00000000..888891ed --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java @@ -0,0 +1,97 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app; + +import java.io.Serial; +import java.util.List; + +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; + +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.experimental.Accessors; + +import jakarta.persistence.*; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + +import static jakarta.persistence.FetchType.LAZY; + +/** + *

+ * 应用资源关联 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Getter +@Setter +@ToString +@Entity +@Accessors(chain = true) +@Table(name = "app_permission_resource") +@SQLDelete(sql = "update app_permission_resource set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionResourceEntity extends LogicDeleteEntity { + + @Serial + private static final long serialVersionUID = 7342074686605139968L; + + /** + * 资源编码 + */ + @Column(name = "code_") + private String code; + + /** + * 资源名称 + */ + @Column(name = "name_") + private String name; + + /** + * 应用ID + */ + @Column(name = "app_id") + private Long appId; + + /** + * 描述 + */ + @Column(name = "desc_") + private String desc; + + /** + * 是否启用 + */ + @Column(name = "is_enabled") + private Boolean enabled; + + /** + * 权限 + */ + @ToString.Exclude + @OneToMany(mappedBy = "resource", fetch = LAZY, cascade = { CascadeType.PERSIST, + CascadeType.REMOVE }) + private List actions; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java new file mode 100644 index 00000000..0c307428 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java @@ -0,0 +1,82 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app; + +import java.io.Serial; + +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; + +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.experimental.Accessors; + +import jakarta.persistence.Column; +import jakarta.persistence.Entity; +import jakarta.persistence.Table; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + +/** + *

+ * 应用角色表 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Getter +@Setter +@ToString +@Entity +@Accessors(chain = true) +@Table(name = "app_permission_role") +@SQLDelete(sql = "update app_permission_role set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionRoleEntity extends LogicDeleteEntity { + + @Serial + private static final long serialVersionUID = -7761332532995424593L; + + /** + * 角色名称 + */ + @Column(name = "name_") + private String name; + + /** + * 角色编码 + */ + @Column(name = "code_") + private String code; + + /** + * 应用ID + */ + @Column(name = "app_id") + private Long appId; + + /** + * 是否启用 + */ + @Column(name = "is_enabled") + private Boolean enabled; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionActionRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionActionRepository.java new file mode 100644 index 00000000..a8113c3a --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionActionRepository.java @@ -0,0 +1,44 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import java.util.List; + +import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.stereotype.Repository; + +import cn.topiam.employee.common.entity.app.AppPermissionActionEntity; +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2021/11/22 23:06 + */ +@Repository +public interface AppPermissionActionRepository extends + LogicDeleteRepository, + QuerydslPredicateExecutor { + /** + * findAllByResource + * + * @param resource {@link AppPermissionResourceEntity} + * @return {@link List} + */ + List findAllByResource(AppPermissionResourceEntity resource); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java new file mode 100644 index 00000000..22720693 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java @@ -0,0 +1,86 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import java.io.Serializable; +import java.util.Collection; + +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; +import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2021/11/4 22:44 + */ +@Repository +public interface AppPermissionPolicyRepository extends AppPermissionPolicyRepositoryCustomized, + LogicDeleteRepository, + QuerydslPredicateExecutor { + /** + * 按主体 ID 删除所有 + * + * @param subjectIds {@link String} + */ + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_permission_policy SET " + SOFT_DELETE_SET + + " WHERE subject_id IN (:subjectIds)", nativeQuery = true) + void deleteAllBySubjectIdIn(@Param("subjectIds") Collection subjectIds); + + /** + * 按客体 ID 删除所有 + * + * @param objectIds {@link String} + */ + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_permission_policy SET " + SOFT_DELETE_SET + + " WHERE object_id IN (:objectIds)", nativeQuery = true) + void deleteAllByObjectIdIn(@Param("objectIds") Collection objectIds); + + /** + * 根据主体删除所有 + * + * @param objectId + */ + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_permission_policy SET " + SOFT_DELETE_SET + + " WHERE object_id = :objectId", nativeQuery = true) + void deleteAllByObjectId(@Param("objectId") Long objectId); + + /** + * 更新启用/禁用 + * + * @param id {@link Serializable} + * @param status {@link Boolean} + * @return {@link Integer} + */ + @Transactional(rollbackFor = Exception.class) + @Modifying + @Query(value = "UPDATE AppPermissionResourceEntity set enabled =:status WHERE id =:id") + Integer updateStatus(@Param(value = "id") Long id, @Param(value = "status") Boolean status); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepositoryCustomized.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepositoryCustomized.java new file mode 100644 index 00000000..c1b05ffc --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepositoryCustomized.java @@ -0,0 +1,39 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import org.springframework.data.domain.Page; +import org.springframework.data.domain.Pageable; + +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2021/11/4 22:44 + */ +public interface AppPermissionPolicyRepositoryCustomized { + /** + * 分页查询权限策略 + * + * @param query {@link AppPolicyQuery} + * @param request {@link Pageable} + * @return {@link AppPermissionPolicyPO} + */ + Page findPage(AppPolicyQuery query, Pageable request); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java new file mode 100644 index 00000000..39e9eeed --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java @@ -0,0 +1,53 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import java.util.Optional; + +import org.jetbrains.annotations.NotNull; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; +import org.springframework.stereotype.Repository; + +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; + +/** + *

+ * 资源权限 Repository 接口 SystemRepositoryCustomized + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Repository +public interface AppPermissionResourceRepository extends + LogicDeleteRepository, + QuerydslPredicateExecutor { + + /** + * findByIdContainsDeleted + * + * @param id must not be {@literal null}. + * @return {@link AppPermissionResourceEntity} + */ + @NotNull + @Query(value = "SELECT * FROM app_permission_resource WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java new file mode 100644 index 00000000..583e3135 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java @@ -0,0 +1,67 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import java.util.Optional; + +import org.jetbrains.annotations.NotNull; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; +import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; + +/** + *

+ * 角色表 Repository 接口 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Repository +public interface AppPermissionRoleRepository extends + LogicDeleteRepository, + QuerydslPredicateExecutor { + /** + * 更新角色状态 + * + * @param id {@link String} + * @param enabled {@link String} + */ + @Transactional(rollbackFor = Exception.class) + @Modifying + @Query(value = "update app_permission_role set is_enabled = ?2 where id_ = ?1", nativeQuery = true) + void updateStatus(@Param(value = "id") String id, @Param(value = "enabled") Boolean enabled); + + /** + * findByIdContainsDeleted + * + * @param id must not be {@literal null}. + * @return {@link AppPermissionRoleEntity} + */ + @NotNull + @Cacheable + @Query(value = "SELECT * FROM app_permission_role WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java new file mode 100644 index 00000000..3f7c883f --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java @@ -0,0 +1,130 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app.impl; + +import java.util.List; + +import org.springframework.data.domain.Page; +import org.springframework.data.domain.PageImpl; +import org.springframework.data.domain.Pageable; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.stereotype.Repository; +import org.springframework.util.ObjectUtils; + +import com.google.common.collect.Lists; + +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepositoryCustomized; +import cn.topiam.employee.common.repository.app.impl.mapper.AppPermissionPolicyPoMapper; + +import lombok.RequiredArgsConstructor; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2021/11/4 22:46 + */ +@Repository +@RequiredArgsConstructor +public class AppPermissionPolicyRepositoryCustomizedImpl implements + AppPermissionPolicyRepositoryCustomized { + + private String leftJoin(String table, String condition) { + return " LEFT JOIN " + table + " ON " + condition + " AND " + table + ".is_deleted = '0' "; + } + + @Override + public Page findPage(AppPolicyQuery query, Pageable pageable) { + //查询条件 + //@formatter:off + // 所属应用 + StringBuilder where = new StringBuilder("WHERE policy.is_deleted = '0' AND policy.app_id = '").append(query.getAppId()).append("' "); + // 主体类型 + where.append(" AND policy.subject_type = '").append(query.getSubjectType().getCode()).append("' "); + // 客体类型 + where.append(" AND policy.object_type = '").append(query.getObjectType().getCode()).append("' "); + // 主体id + if (!ObjectUtils.isEmpty(query.getSubjectId())) { + where.append("policy.subject_id = '").append(query.getSubjectId()).append("' "); + } + // 客体id + if (!ObjectUtils.isEmpty(query.getObjectId())) { + where.append("policy.object_id = '").append(query.getObjectId()).append("' "); + } + // 授权效果 + if (!ObjectUtils.isEmpty(query.getEffect())) { + where.append("policy.effect = '").append(query.getEffect().getCode()).append("' "); + } + + List fields = Lists.newArrayList("policy.subject_id", "policy.object_id", "policy.subject_type", "policy.object_type", "policy.id", "policy.effect"); + String subjectJoin; + String objectJoin = null; + switch (query.getSubjectType()) { + case USER -> { + subjectJoin = leftJoin("app_account account", "policy.subject_id = account.id"); + fields.add("account.account as subject_name"); + } + case USER_GROUP -> { + subjectJoin = leftJoin("user_group group", "policy.subject_id = group.id"); + fields.add("group.name as subject_name"); + } + case ORGANIZATION -> { + subjectJoin = leftJoin("organization org", "policy.subject_id = org.id"); + fields.add("org.name as subject_name"); + } + case ROLE -> { + subjectJoin = leftJoin("app_permission_role role", "policy.subject_id = role.id"); + fields.add("role.name as subject_name"); + } + default -> throw new RuntimeException("暂不支持"); + } + switch (query.getObjectType()) { + case PERMISSION -> { + objectJoin = leftJoin("app_permission_action action", "policy.subject_id = action.id"); + fields.add("action.name as object_name"); + } + case ROLE -> { + objectJoin = leftJoin("app_permission_role role2", "policy.subject_id = role2.id"); + fields.add("role2.name as object_name"); + } + case RESOURCE -> { + objectJoin = leftJoin("app_permission_resource resource", "policy.subject_id = resource.id"); + fields.add("resource.name as object_name"); + } + } + StringBuilder selectSql = new StringBuilder("SELECT ").append(String.join(", ", fields)) + .append(" FROM app_permission_policy policy ").append(subjectJoin).append(objectJoin); + + // @formatter:off + List list = jdbcTemplate + .query( + selectSql.append(" LIMIT ").append(pageable.getPageNumber() * pageable.getPageSize()) + .append(",").append(pageable.getPageSize()).toString(), + new AppPermissionPolicyPoMapper()); + //@formatter:off + String countSql = "SELECT count(*) FROM (" + selectSql + ") app_policy_"; + //@formatter:on + Integer count = jdbcTemplate.queryForObject(countSql, Integer.class); + return new PageImpl<>(list, pageable, count); + } + + /** + * JdbcTemplate + */ + private final JdbcTemplate jdbcTemplate; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppPermissionPolicyPoMapper.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppPermissionPolicyPoMapper.java new file mode 100644 index 00000000..cffe006f --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppPermissionPolicyPoMapper.java @@ -0,0 +1,63 @@ +/* + * eiam-common - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app.impl.mapper; + +import java.sql.ResultSet; +import java.sql.SQLException; + +import org.springframework.jdbc.core.RowMapper; + +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/2/13 23:25 + */ +public class AppPermissionPolicyPoMapper implements RowMapper { + + /** + * Implementations must implement this method to map each row of data + * in the ResultSet. This method should not call {@code next()} on + * the ResultSet; it is only supposed to map values of the current row. + * + * @param rs the ResultSet to map (pre-initialized for the current row) + * @param rowNum the number of the current row + * @return the result object for the current row (may be {@code null}) + * @throws SQLException if an SQLException is encountered getting + * column values (that is, there's no need to catch SQLException) + */ + @SuppressWarnings("DuplicatedCode") + @Override + public AppPermissionPolicyPO mapRow(ResultSet rs, int rowNum) throws SQLException { + AppPermissionPolicyPO appPermissionPolicyPo = new AppPermissionPolicyPO(); + appPermissionPolicyPo.setId(rs.getLong("id_")); + appPermissionPolicyPo.setEffect(AppPolicyEffect.getType(rs.getString("effect"))); + appPermissionPolicyPo.setSubjectId(rs.getString("subject_id")); + appPermissionPolicyPo + .setSubjectType(AppPolicySubjectType.getType(rs.getString("subject_type"))); + appPermissionPolicyPo.setSubjectName(rs.getString("subject_name")); + appPermissionPolicyPo.setObjectId(rs.getLong("object_id")); + appPermissionPolicyPo + .setObjectType(AppPolicyObjectType.getType(rs.getString("object_type"))); + appPermissionPolicyPo.setObjectName(rs.getString("object_name")); + return appPermissionPolicyPo; + } +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java new file mode 100644 index 00000000..46d3652d --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java @@ -0,0 +1,76 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.controller.app; + +import java.util.List; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; +import cn.topiam.employee.console.service.app.AppPermissionActionService; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import static cn.topiam.employee.common.constant.AppConstants.APP_PATH; + +/** + * 应用权限-权限 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 20:28 + */ +@RequiredArgsConstructor +@Validated +@Tag(name = "应用权限-权限项") +@RequestMapping(value = APP_PATH + + "/permission/action", produces = MediaType.APPLICATION_JSON_VALUE) +@RestController +public class AppPermissionActionController { + + /** + * logger + */ + private final Logger logger = LoggerFactory.getLogger(AppPermissionActionController.class); + + /** + * 获取所有权限 + * + * @return {@link AppPermissionActionListResult} + */ + @Operation(summary = "获取权限项列表") + @GetMapping(value = "/list") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult> getPermissionActionList(@Validated AppPermissionActionListQuery query) { + List list = appPermissionActionService + .getPermissionActionList(query); + return ApiRestResult.> builder().result(list).build(); + } + + private final AppPermissionActionService appPermissionActionService; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java new file mode 100644 index 00000000..0e3b202c --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java @@ -0,0 +1,142 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.controller.app; + +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionPolicyCreateParam; +import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; +import cn.topiam.employee.console.service.app.AppPermissionPolicyService; +import cn.topiam.employee.support.lock.Lock; +import cn.topiam.employee.support.preview.Preview; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import static cn.topiam.employee.common.constant.AppConstants.APP_PATH; + +/** + * 应用权限 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/12 22:30 + */ +@Validated +@Tag(name = "应用权限-授权策略") +@RequestMapping(value = APP_PATH + + "/permission/policy", produces = MediaType.APPLICATION_JSON_VALUE) +@RestController +@RequiredArgsConstructor +public class AppPermissionPolicyController { + + /** + * 获取所有策略(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionRoleListResult} + */ + @Operation(summary = "获取策略列表") + @GetMapping(value = "/list") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult> getPermissionPolicyList(PageModel page, + @Validated AppPolicyQuery query) { + Page result = permissionPolicyService + .getPermissionPolicyList(page, query); + return ApiRestResult.> builder().result(result).build(); + } + + /** + * 创建资源 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "创建资源") + @PostMapping(value = "/create") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult createPolicy(@Validated @RequestBody AppPermissionPolicyCreateParam param) { + return ApiRestResult. builder() + .result(permissionPolicyService.createPermissionPolicy(param)).build(); + } + + /** + * 修改资源 + * + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "修改资源") + @PutMapping(value = "/update/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult updatePolicy(@Validated AppPermissionPolicyUpdateParam param) { + return ApiRestResult. builder() + .result(permissionPolicyService.updatePermissionPolicy(param)).build(); + } + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "删除资源") + @DeleteMapping(value = "/delete/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult deletePermissionPolicy(@PathVariable(value = "id") String id) { + return ApiRestResult. builder() + .result(permissionPolicyService.deletePermissionPolicy(id)).build(); + } + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "获取资源信息") + @GetMapping(value = "/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult getPermissionPolicy(@PathVariable(value = "id") String id) { + //返回 + return ApiRestResult. builder() + .result(permissionPolicyService.getPermissionPolicy(id)).build(); + } + + private final AppPermissionPolicyService permissionPolicyService; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java new file mode 100644 index 00000000..f97e50cc --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java @@ -0,0 +1,205 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.controller.app; + +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import cn.topiam.employee.audit.annotation.Audit; +import cn.topiam.employee.audit.event.type.EventType; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.console.pojo.query.app.AppResourceListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceListResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionResourceCreateParam; +import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionResourceUpdateParam; +import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; +import cn.topiam.employee.console.service.app.AppPermissionResourceService; +import cn.topiam.employee.support.lock.Lock; +import cn.topiam.employee.support.preview.Preview; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.NotNull; +import static cn.topiam.employee.common.constant.AppConstants.APP_PATH; + +/** + * 应用权限 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/12 22:30 + */ +@Validated +@Tag(name = "应用权限-资源") +@RequestMapping(value = APP_PATH + + "/permission/resource", produces = MediaType.APPLICATION_JSON_VALUE) +@RestController +@RequiredArgsConstructor +public class AppPermissionResourceController { + + /** + * 获取所有资源(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionRoleListResult} + */ + @Operation(summary = "获取资源列表") + @GetMapping(value = "/list") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult> getPermissionResourceList(PageModel page, + @Validated AppResourceListQuery query) { + Page result = appPermissionResourceService + .getPermissionResourceList(page, query); + return ApiRestResult.> builder().result(result) + .build(); + } + + /** + * 创建资源 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "创建资源") + @Audit(type = EventType.SAVE_APP_PERMISSION_RESOURCE) + @PostMapping(value = "/create") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult createResource(@Validated @RequestBody AppPermissionResourceCreateParam param) { + return ApiRestResult. builder() + .result(appPermissionResourceService.createPermissionResource(param)).build(); + } + + /** + * 修改资源 + * + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "修改资源") + @Audit(type = EventType.UPDATE_APP_PERMISSION_RESOURCE) + @PutMapping(value = "/update") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult updateResource(@RequestBody @Validated AppPermissionResourceUpdateParam param) { + return ApiRestResult. builder() + .result(appPermissionResourceService.updatePermissionResource(param)).build(); + } + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "删除资源") + @Audit(type = EventType.DELETE_APP_PERMISSION_RESOURCE) + @DeleteMapping(value = "/delete/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult deletePermissionResource(@PathVariable(value = "id") String id) { + return ApiRestResult. builder() + .result(appPermissionResourceService.deletePermissionResource(id)).build(); + } + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Operation(summary = "获取资源信息") + @GetMapping(value = "/get/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult getPermissionResource(@PathVariable(value = "id") String id) { + //返回 + return ApiRestResult. builder() + .result(appPermissionResourceService.getPermissionResource(id)).build(); + } + + /** + * 启用资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "启用资源") + @Audit(type = EventType.ENABLE_APP_PERMISSION_RESOURCE) + @PutMapping(value = "/enable/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult enableOrganization(@PathVariable(value = "id") Long id) { + return ApiRestResult. builder() + .result(appPermissionResourceService.updateStatus(id, Boolean.TRUE)).build(); + } + + /** + * 禁用资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "禁用资源") + @Audit(type = EventType.DISABLE_APP_PERMISSION_RESOURCE) + @PutMapping(value = "/disable/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult disableOrganization(@PathVariable(value = "id") Long id) { + return ApiRestResult. builder() + .result(appPermissionResourceService.updateStatus(id, Boolean.FALSE)).build(); + } + + /** + * 参数有效性验证 + * + * @return {@link Boolean} + */ + @Operation(summary = "参数有效性验证") + @GetMapping(value = "/param_check") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult resourceParamCheck(@Parameter(description = "验证类型") @NotNull(message = "验证类型不能为空") CheckValidityType type, + @Parameter(description = "值") @NotEmpty(message = "验证值不能为空") String value, + @Parameter(description = "应用ID") @NotNull(message = "应用ID不能为空") Long appId, + @Parameter(description = "ID") Long id) { + Boolean result = appPermissionResourceService.permissionResourceParamCheck(type, value, + appId, id); + //返回 + return ApiRestResult. builder().result(result).build(); + } + + /** + * 资源服务类 + */ + private final AppPermissionResourceService appPermissionResourceService; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java new file mode 100644 index 00000000..56a3a9a1 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java @@ -0,0 +1,197 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.controller.app; + +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import cn.topiam.employee.audit.annotation.Audit; +import cn.topiam.employee.audit.event.type.EventType; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.console.pojo.query.app.AppPermissionRoleListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleListResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; +import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; +import cn.topiam.employee.console.service.app.AppPermissionRoleService; +import cn.topiam.employee.support.lock.Lock; +import cn.topiam.employee.support.preview.Preview; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.NotNull; +import static cn.topiam.employee.common.constant.AppConstants.APP_PATH; + +/** + * 应用角色 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 20:28 + */ +@RequiredArgsConstructor +@Validated +@Tag(name = "应用权限-角色") +@RequestMapping(value = APP_PATH + "/permission/role", produces = MediaType.APPLICATION_JSON_VALUE) +@RestController +public class AppPermissionRoleController { + + /** + * 获取所有角色(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionRoleListResult} + */ + @Operation(summary = "获取角色列表") + @GetMapping(value = "/list") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult> getPermissionRoleList(PageModel page, + @Validated AppPermissionRoleListQuery query) { + Page result = appPermissionRoleService + .getPermissionRoleList(page, query); + return ApiRestResult.> builder().result(result).build(); + } + + /** + * 创建角色 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "创建角色") + @Audit(type = EventType.SAVE_APP_PERMISSION_ROLE) + @PostMapping(value = "/create") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult createPermissionRole(@Validated @RequestBody AppPermissionRoleCreateParam param) { + return ApiRestResult. builder() + .result(appPermissionRoleService.createPermissionRole(param)).build(); + } + + /** + * 修改角色 + * + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "修改角色") + @Audit(type = EventType.UPDATE_APP_PERMISSION_ROLE) + @PutMapping(value = "/update") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult updatePermissionRole(@RequestBody @Validated PermissionRoleUpdateParam param) { + return ApiRestResult. builder() + .result(appPermissionRoleService.updatePermissionRole(param)).build(); + } + + /** + * 删除角色 + * + * @param ids {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "删除角色") + @Audit(type = EventType.DELETE_APP_PERMISSION_ROLE) + @DeleteMapping(value = "/delete/{ids}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult deletePermissionRole(@PathVariable(value = "ids") String ids) { + return ApiRestResult. builder() + .result(appPermissionRoleService.deletePermissionRole(ids)).build(); + } + + /** + * 获取角色 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Operation(summary = "获取角色信息") + @GetMapping(value = "/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult getPermissionRole(@PathVariable(value = "id") Long id) { + AppPermissionRoleResult details = appPermissionRoleService.getPermissionRole(id); + //返回 + return ApiRestResult. builder().result(details).build(); + } + + /** + * 启用角色 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "启用角色") + @PutMapping(value = "/enable/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult enablePermissionRole(@PathVariable(value = "id") String id) { + Boolean result = appPermissionRoleService.updatePermissionRoleStatus(id, Boolean.TRUE); + return ApiRestResult. builder().result(result).build(); + } + + /** + * 禁用角色 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "禁用角色") + @PutMapping(value = "/disable/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult disablePermissionRole(@PathVariable(value = "id") String id) { + Boolean result = appPermissionRoleService.updatePermissionRoleStatus(id, Boolean.FALSE); + return ApiRestResult. builder().result(result).build(); + } + + /** + * 参数有效性验证 + * + * @return {@link Boolean} + */ + @Operation(summary = "参数有效性验证") + @GetMapping(value = "/param_check") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult permissionRoleParamCheck(@Parameter(description = "验证类型") @NotNull(message = "验证类型不能为空") CheckValidityType type, + @Parameter(description = "值") @NotEmpty(message = "验证值不能为空") String value, + @Parameter(description = "应用ID") @NotNull(message = "应用ID不能为空") Long appId, + @Parameter(description = "ID") Long id) { + Boolean result = appPermissionRoleService.permissionRoleParamCheck(type, value, appId, id); + //返回 + return ApiRestResult. builder().result(result).build(); + } + + /** + * 角色服务类 + */ + private final AppPermissionRoleService appPermissionRoleService; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java index 70e14284..66c65a8f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java @@ -144,7 +144,7 @@ public interface UserConverter { } userEntity.setFullName(param.getFullName()); userEntity.setNickName(param.getNickName()); - userEntity.setLastUpdatePasswordTime(java.time.LocalDateTime.now()); + userEntity.setLastUpdatePasswordTime(LocalDateTime.now()); userEntity.setStatus(cn.topiam.employee.common.enums.UserStatus.ENABLE); userEntity.setAvatar(CommonConstants.getRandomAvatar()); userEntity.setDataOrigin(cn.topiam.employee.common.enums.DataOrigin.INPUT); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java new file mode 100644 index 00000000..ec8d9dbc --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java @@ -0,0 +1,126 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.ObjectUtils; + +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; + +import cn.topiam.employee.common.entity.app.AppPermissionActionEntity; +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; +import cn.topiam.employee.common.enums.PermissionActionType; +import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; + +/** + * 权限映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring") +public interface AppPermissionActionConverter { + /** + * 应用权限资源列表转分页 + * + * @param query {@link AppPermissionActionListQuery} + * @return {@link Predicate} + */ + default Predicate appPermissionActionListQueryConvertToPredicate(AppPermissionActionListQuery query) { + QAppPermissionResourceEntity resource = QAppPermissionResourceEntity.appPermissionResourceEntity; + Predicate predicate = ExpressionUtils.and(resource.isNotNull(), + resource.deleted.eq(Boolean.FALSE)); + //查询条件 + //@formatter:off + // 资源名称 + predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, resource.name.like("%" + query.getName() + "%")); + // 资源ID + predicate = ObjectUtils.isEmpty(query.getId()) ? predicate : ExpressionUtils.and(predicate, resource.id.eq(Long.valueOf(query.getId()))); + //应用ID + predicate = ObjectUtils.isEmpty(query.getAppId()) ? predicate : ExpressionUtils.and(predicate, resource.appId.eq(Long.valueOf(query.getAppId()))); + //@formatter:on + return predicate; + } + + /** + * 实体转资源权限结果返回 + * + * @param list {@link AppPermissionResourceEntity} + * @return {@link AppPermissionActionListResult} + */ + default List entityConvertToResourceActionListResult(List list) { + List results = new ArrayList<>(); + List menus = new ArrayList<>(); + List apis = new ArrayList<>(); + List buttons = new ArrayList<>(); + List others = new ArrayList<>(); + List datas = new ArrayList<>(); + for (AppPermissionResourceEntity resource : list) { + for (AppPermissionActionEntity action : resource.getActions()) { + if (PermissionActionType.MENU.equals(action.getType())) { + menus.add(actionConvertToResourceActionResult(action)); + } + if (PermissionActionType.API.equals(action.getType())) { + apis.add(actionConvertToResourceActionResult(action)); + } + if (PermissionActionType.DATA.equals(action.getType())) { + datas.add(actionConvertToResourceActionResult(action)); + } + if (PermissionActionType.BUTTON.equals(action.getType())) { + buttons.add(actionConvertToResourceActionResult(action)); + } + if (PermissionActionType.OTHER.equals(action.getType())) { + others.add(actionConvertToResourceActionResult(action)); + } + } + AppPermissionActionListResult result = new AppPermissionActionListResult(); + //基本信息 + result.setAppId(resource.getAppId().toString()); + result.setId(resource.getId().toString()); + result.setName(resource.getName()); + result.setEnabled(resource.getEnabled()); + result.setDesc(resource.getDesc()); + //权限资源 + result.setButtons(buttons); + result.setApis(apis); + result.setDatas(datas); + result.setMenus(menus); + result.setOthers(others); + results.add(result); + } + return results; + } + + /** + * actionConvertToResourceActionResult + * + * @param action {@link AppPermissionActionEntity} + * @return {@link AppPermissionActionListResult.Action} + */ + @Mapping(target = "access", source = "value") + AppPermissionActionListResult.Action actionConvertToResourceActionResult(AppPermissionActionEntity action); + +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java new file mode 100644 index 00000000..2152cf3c --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java @@ -0,0 +1,105 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionPolicyCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 策略映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring", uses = AppPermissionActionConverter.class) +public interface AppPermissionPolicyConverter { + + /** + * 资源创建参数转实体类 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link AppPermissionPolicyEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionPolicyEntity policyCreateParamConvertToEntity(AppPermissionPolicyCreateParam param); + + /** + * 资源修改参数转实体类 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link AppPermissionPolicyEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionPolicyEntity policyUpdateParamConvertToEntity(AppPermissionPolicyUpdateParam param); + + /** + * 资源转换为资源列表结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page entityConvertToPolicyListResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + List pageList = page.getContent(); + if (!CollectionUtils.isEmpty(pageList)) { + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + List list = new ArrayList<>(); + for (AppPermissionPolicyPO po : pageList) { + list.add(entityConvertToPolicyListResult(po)); + } + result.setList(list); + } + return result; + } + + /** + * entityConvertToPolicyListResult + * + * @param entity {@link AppPermissionPolicyListResult} + * @return {@link AppPermissionPolicyPO} + */ + AppPermissionPolicyListResult entityConvertToPolicyListResult(AppPermissionPolicyPO entity); +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java new file mode 100644 index 00000000..25fede44 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java @@ -0,0 +1,143 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; +import org.springframework.util.ObjectUtils; + +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; + +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; +import cn.topiam.employee.console.pojo.query.app.AppResourceListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionResourceCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionResourceUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 资源映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring", uses = AppPermissionActionConverter.class) +public interface AppPermissionResourceConverter { + + /** + * 资源分页查询参数转实体 + * + * @param query {@link AppResourceListQuery} + * @return {@link Predicate} + */ + default Predicate resourcePaginationParamConvertToPredicate(AppResourceListQuery query) { + QAppPermissionResourceEntity resource = QAppPermissionResourceEntity.appPermissionResourceEntity; + Predicate predicate = ExpressionUtils.and(resource.isNotNull(), + resource.deleted.eq(Boolean.FALSE)); + //查询条件 + //@formatter:off + // 资源名称 + predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, resource.name.like("%" + query.getName() + "%")); + // 所属应用 + predicate = ObjectUtils.isEmpty(query.getAppId()) ? predicate : ExpressionUtils.and(predicate, resource.appId.eq(query.getAppId())); + //@formatter:on + return predicate; + } + + /** + * 资源创建参数转实体类 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link AppPermissionResourceEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "actions", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionResourceEntity resourceCreateParamConvertToEntity(AppPermissionResourceCreateParam param); + + /** + * 资源修改参数转实体类 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link AppPermissionResourceEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "actions", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionResourceEntity resourceUpdateParamConvertToEntity(AppPermissionResourceUpdateParam param); + + /** + * 资源转换为资源列表结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page entityConvertToResourceListResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + List pageList = page.getContent(); + if (!CollectionUtils.isEmpty(pageList)) { + List list = new ArrayList<>(); + for (AppPermissionResourceEntity resource : pageList) { + list.add(entityConvertToResourceListResult(resource)); + } + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + result.setList(list); + } + return result; + } + + /** + * 实体转换为资源列表结果 + * + * @param data {@link AppPermissionResourceEntity} + * @return {@link AppPermissionResourceListResult} + */ + AppPermissionResourceListResult entityConvertToResourceListResult(AppPermissionResourceEntity data); + + /** + * 实体转获取详情返回 + * + * @param resource {@link AppPermissionResourceEntity} + * @return {@link AppPermissionResourceGetResult} + */ + @Mapping(target = "actions", source = "actions") + AppPermissionResourceGetResult entityConvertToResourceGetResult(AppPermissionResourceEntity resource); +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java new file mode 100644 index 00000000..8c363e0b --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java @@ -0,0 +1,143 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; +import org.springframework.util.ObjectUtils; + +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; + +import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionRoleEntity; +import cn.topiam.employee.console.pojo.query.app.AppPermissionRoleListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleListResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; +import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 角色映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring") +public interface AppPermissionRoleConverter { + + /** + * 角色实体转换为角色分页结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page entityConvertToRolePaginationResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + if (!CollectionUtils.isEmpty(page.getContent())) { + List list = new ArrayList<>(); + for (AppPermissionRoleEntity user : page.getContent()) { + list.add(entityConvertToRolePaginationResult(user)); + } + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + result.setList(list); + } + return result; + } + + /** + * 角色实体转换为角色分页结果 + * + * @param page {@link AppPermissionRoleEntity} + * @return {@link AppPermissionRoleListResult} + */ + AppPermissionRoleListResult entityConvertToRolePaginationResult(AppPermissionRoleEntity page); + + /** + * 角色创建参数转换为角色实体 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link AppPermissionRoleEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "enabled", expression = "java(Boolean.TRUE)") + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionRoleEntity roleCreateParamConvertToEntity(AppPermissionRoleCreateParam param); + + /** + * 角色更新参数转换为角色实体类 + * + * @param param {@link PermissionRoleUpdateParam} 更新参数 + * @return {@link AppPermissionRoleEntity} 角色实体 + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "appId", ignore = true) + @Mapping(target = "enabled", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionRoleEntity roleUpdateParamConvertToEntity(PermissionRoleUpdateParam param); + + /** + * 实体转系统详情结果 + * + * @param role {@link AppPermissionRoleEntity} + * @return {@link AppPermissionRoleResult} + */ + AppPermissionRoleResult entityConvertToRoleDetailResult(AppPermissionRoleEntity role); + + /** + * 角色分页查询参数转实体 + * + * @param query {@link AppPermissionRoleListQuery} + * @return {@link AppPermissionRoleEntity} + */ + default Predicate rolePaginationParamConvertToPredicate(AppPermissionRoleListQuery query) { + QAppPermissionRoleEntity role = QAppPermissionRoleEntity.appPermissionRoleEntity; + Predicate predicate = ExpressionUtils.and(role.isNotNull(), role.deleted.eq(Boolean.FALSE)); + //查询条件 + //@formatter:off + // 角色名称 + predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, role.name.like("%" + query.getName() + "%")); + // 是否启用 + predicate = ObjectUtils.isEmpty(query.getEnabled()) ? predicate : ExpressionUtils.and(predicate, role.enabled.eq(query.getEnabled())); + // 角色编码 + predicate = StringUtils.isBlank(query.getCode()) ? predicate : ExpressionUtils.and(predicate, role.code.eq(query.getCode())); + // 所属应用 + predicate = ObjectUtils.isEmpty(query.getAppId()) ? predicate : ExpressionUtils.and(predicate, role.appId.eq(query.getAppId())); + //@formatter:on + return predicate; + } +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java new file mode 100644 index 00000000..dacb275e --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java @@ -0,0 +1,64 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.query.app; + +import java.io.Serial; +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotEmpty; + +/** + * 查询权限列表入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Schema(description = "查询权限列表入参") +@ParameterObject +public class AppPermissionActionListQuery implements Serializable { + + @Serial + private static final long serialVersionUID = 4307939244290315206L; + + /** + * 资源ID + */ + @Parameter(description = "资源ID") + private String id; + + /** + * 资源名称 + */ + @Parameter(description = "资源名称") + private String name; + + /** + * 应用ID + */ + @Parameter(description = "应用ID") + @NotEmpty(message = "应用ID不能为空") + private String appId; + +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java new file mode 100644 index 00000000..63a020ce --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java @@ -0,0 +1,66 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.query.app; + +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 分页查询角色入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Schema(description = "查询角色列表入参") +@ParameterObject +public class AppPermissionRoleListQuery implements Serializable { + + /** + * 角色名称 + */ + @Parameter(description = "角色名称") + private String name; + + /** + * 角色编码 + */ + @Parameter(description = "角色编码") + private String code; + + /** + * 所属应用 + */ + @NotNull(message = "请选择角色所属应用") + @Parameter(description = "所属应用") + private Long appId; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java new file mode 100644 index 00000000..8fcebefd --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java @@ -0,0 +1,60 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.query.app; + +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 分页查询资源入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Schema(description = "查询权限资源列表入参") +@ParameterObject +public class AppResourceListQuery implements Serializable { + + /** + * 资源名称 + */ + @Parameter(description = "资源名称") + private String name; + + /** + * 所属应用 + */ + @NotNull(message = "请选择资源所属应用") + @Parameter(description = "所属应用") + private Long appId; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java new file mode 100644 index 00000000..c6264ab3 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java @@ -0,0 +1,131 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import lombok.Data; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取应用资源权限列表 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Accessors(chain = true) +@Schema(description = "获取应用资源权限列表") +public class AppPermissionActionListResult implements Serializable { + + @Serial + private static final long serialVersionUID = 3320953184046791392L; + /** + * 资源ID + */ + @Parameter(description = "资源ID") + private String id; + + /** + * 资源编码 + */ + @Parameter(description = "资源编码") + private String code; + + /** + * 资源名称 + */ + @Parameter(description = "资源名称") + private String name; + + /** + * 所属应用 + */ + @Parameter(description = "所属应用") + private String appId; + + /** + * desc + */ + @Parameter(description = "描述") + private String desc; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + + /** + * 路由权限 + */ + @Parameter(description = "菜单权限") + private List menus; + + /** + * 操作权限 + */ + @Parameter(description = "操作权限") + private List buttons; + + /** + * 接口权限 + */ + @Parameter(description = "接口权限") + private List apis; + + /** + * 操作权限 + */ + @Parameter(description = "数据权限") + private List datas; + + /** + * 其他权限 + */ + @Parameter(description = "其他权限") + private List others; + + @Data + @Schema(description = "权限项") + public static class Action implements Serializable { + + /** + * 权限ID + */ + @Parameter(description = "权限ID") + private String id; + + /** + * 权限名称 + */ + @Parameter(description = "权限名称") + private String name; + + /** + * 权限标识 + */ + @Parameter(description = "权限标识") + private String access; + } +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java new file mode 100644 index 00000000..413a49e5 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java @@ -0,0 +1,87 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取资源 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "获取资源结果") +@Data +public class AppPermissionPolicyGetResult implements Serializable { + /** + * ID + */ + @Parameter(description = "id") + private String id; + + /** + * 授权主体id + */ + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 授权主体名称 + */ + @Parameter(description = "授权主体名称") + private String subjectName; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体名菜 + */ + @Parameter(description = "授权客体名称") + private String objectName; + + /** + * 权限客体类型(权限、角色) + */ + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java new file mode 100644 index 00000000..781350dd --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java @@ -0,0 +1,84 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/9 23:33 + */ +@Schema(description = "获取授权列表") +@Data +public class AppPermissionPolicyListResult { + /** + * ID + */ + @Parameter(description = "id") + private String id; + + /** + * 授权主体id + */ + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 授权主体名称 + */ + @Parameter(description = "授权主体名称") + private String subjectName; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体名菜 + */ + @Parameter(description = "授权客体名称") + private String objectName; + + /** + * 权限客体类型(权限、角色) + */ + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java new file mode 100644 index 00000000..36e0a7ae --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java @@ -0,0 +1,107 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Hidden; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取资源 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "获取资源结果") +@Data +public class AppPermissionResourceGetResult implements Serializable { + /** + * 名称 + */ + @Schema(description = "资源名称") + private String name; + + /** + * 编码 + */ + @Schema(description = "资源编码") + private String code; + + /** + * 描述 + */ + @Schema(description = "资源描述") + private String desc; + + /** + * 所属应用 + */ + @Schema(description = "所属应用") + private Long appId; + + /** + * 资源权限 + */ + @Schema(description = "资源权限") + private List actions; + + /** + * AppPermissionsActionParam + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/1 00:18 + */ + @Data + public static class AppPermissionsAction implements Serializable { + + @Serial + private static final long serialVersionUID = -6391182747252245592L; + + /** + * ID + */ + @Hidden + @Schema(description = "ID") + private String id; + + /** + * 权限类型 + */ + @Schema(description = "权限类型") + private PermissionActionType type; + + /** + * 权限值 + */ + @Schema(description = "权限值") + private String value; + + /** + * 权限描述 + */ + @Schema(description = "权限描述") + private String name; + } +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java new file mode 100644 index 00000000..444b737c --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java @@ -0,0 +1,77 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 资源分页查询结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Accessors(chain = true) +@Schema(description = "分页查询资源结果") +public class AppPermissionResourceListResult implements Serializable { + + @Serial + private static final long serialVersionUID = 3320953184046791392L; + /** + * ID + */ + @Parameter(description = "id") + private String id; + + /** + * 资源名称 + */ + @Parameter(description = "资源名称") + private String name; + + /** + * code + */ + @Parameter(description = "资源编码") + private String code; + + /** + * 所属应用 + */ + @Parameter(description = "所属应用") + private String appId; + + /** + * desc + */ + @Parameter(description = "描述") + private String desc; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java new file mode 100644 index 00000000..64fe1136 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java @@ -0,0 +1,75 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 角色分页查询结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Accessors(chain = true) +@Schema(description = "分页查询角色结果") +public class AppPermissionRoleListResult implements Serializable { + + @Serial + private static final long serialVersionUID = 3320953184046791392L; + /** + * ID + */ + @Parameter(description = "id") + private String id; + /** + * 角色名称 + */ + @Parameter(description = "角色名称") + private String name; + + /** + * 角色编码 + */ + @Parameter(description = "角色编码") + private String code; + + /** + * 所属应用 + */ + @Parameter(description = "所属应用") + private String appId; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + /** + * remark + */ + @Parameter(description = "描述") + private String remark; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java new file mode 100644 index 00000000..48868e80 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java @@ -0,0 +1,69 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.app; + +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取角色 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "获取角色") +@Data +public class AppPermissionRoleResult implements Serializable { + /** + * id + */ + @Parameter(description = "id") + private String id; + /** + * appId + */ + @Parameter(description = "应用ID") + private String appId; + /** + * 角色名称 + */ + @Parameter(description = "角色名称") + private String name; + + /** + * 角色编码 + */ + @Parameter(description = "角色编码") + private String code; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + + /** + * 备注 + */ + @Parameter(description = "备注") + private String remark; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java new file mode 100644 index 00000000..61af205a --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java @@ -0,0 +1,83 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.save.app; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 创建策略入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建策略入参") +public class AppPermissionPolicyCreateParam implements Serializable { + + /** + * 所属应用 + */ + @NotNull(message = "资源所属应用不能为空") + @Parameter(description = "所属应用") + private Long appId; + + /** + * 授权主体id + */ + @NotNull(message = "授权主体id不能为空") + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @NotNull(message = "授权主体类型不能为空") + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @NotNull(message = "权限客体ID不能为空") + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体类型(权限、角色) + */ + @NotNull(message = "权限客体类型不能为空") + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @NotNull(message = "授权作用不能为空") + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java new file mode 100644 index 00000000..9521ed6b --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java @@ -0,0 +1,75 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.save.app; + +import java.io.Serializable; +import java.util.List; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * 资源创建参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建资源入参") +public class AppPermissionResourceCreateParam implements Serializable { + /** + * 编码 + */ + @Schema(description = "资源编码") + @NotBlank(message = "资源编码不能为空") + private String code; + /** + * 名称 + */ + @Schema(description = "资源名称") + @NotBlank(message = "资源名称不能为空") + private String name; + /** + * 描述 + */ + @Schema(description = "资源描述") + @NotBlank(message = "资源描述不能为空") + private String desc; + + /** + * 是否启用 + */ + private Boolean enabled = true; + + /** + * 所属应用 + */ + @Schema(description = "所属应用") + @NotNull(message = "所属应用不能为空") + private Long appId; + + /** + * 资源权限 + */ + @Schema(description = "资源权限") + @NotNull(message = "资源权限不能为空") + private List actions; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java new file mode 100644 index 00000000..1c74e08f --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java @@ -0,0 +1,61 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.save.app; + +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * 角色创建参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建角色入参") +public class AppPermissionRoleCreateParam implements Serializable { + /** + * 角色名称 + */ + @NotBlank(message = "角色名称不能为空") + private String name; + /** + * 角色编码 + */ + @NotBlank(message = "角色编码不能为空") + private String code; + /** + * 启用 + */ + private Boolean enabled = true; + /** + * 所属应用 + */ + @NotNull(message = "所属应用不能为空") + private Long appId; + /** + * 备注 + */ + @Schema(description = "备注") + private String remark; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java new file mode 100644 index 00000000..10b03169 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java @@ -0,0 +1,59 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.save.app; + +import java.io.Serial; +import java.io.Serializable; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import jakarta.validation.Valid; +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.NotNull; + +/** + * AppPermissionsActionParam + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/1 00:18 + */ +@Data +@Valid +public class AppPermissionsActionParam implements Serializable { + + @Serial + private static final long serialVersionUID = -6391182747252245592L; + + /** + * 权限类型 + */ + @NotNull(message = "权限类型") + private PermissionActionType type; + /** + * 权限值 + */ + @NotEmpty(message = "权限值") + private String value; + /** + * 权限描述 + */ + @NotEmpty(message = "权限描述") + private String name; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java new file mode 100644 index 00000000..5d9c677d --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java @@ -0,0 +1,88 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.update.app; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 修改策略入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改策略入参") +public class AppPermissionPolicyUpdateParam implements Serializable { + /** + * 所属应用 + */ + @NotNull(message = "资源所属应用不能为空") + @Parameter(description = "所属应用") + private Long appId; + + /** + * 授权主体id + */ + @NotNull(message = "主键id不能为空") + @Parameter(description = "主键id") + private Long id; + /** + * 授权主体id + */ + @NotNull(message = "授权主体id不能为空") + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @NotNull(message = "授权主体类型不能为空") + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @NotNull(message = "权限客体ID不能为空") + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体类型(权限、角色) + */ + @NotNull(message = "权限客体类型不能为空") + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @NotNull(message = "授权作用不能为空") + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java new file mode 100644 index 00000000..74f82d83 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java @@ -0,0 +1,91 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.update.app; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.console.pojo.save.app.AppPermissionsActionParam; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; +import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; + +/** + * 资源修改参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改资源入参") +public class AppPermissionResourceUpdateParam implements Serializable { + @Serial + private static final long serialVersionUID = 6021548372386059064L; + /** + * ID + */ + @Schema(accessMode = READ_ONLY) + @NotBlank(message = "ID不能为空") + private String id; + + /** + * 名称 + */ + @Schema(description = "资源名称") + @NotBlank(message = "资源名称不能为空") + private String name; + + /** + * 编码 + */ + @Schema(description = "资源编码") + @NotBlank(message = "资源编码不能为空") + private String code; + + /** + * 描述 + */ + @Schema(description = "资源描述") + @NotBlank(message = "资源描述不能为空") + private String desc; + + /** + * 所属应用 + */ + @Schema(description = "所属应用") + @NotNull(message = "所属应用不能为空") + private Long appId; + + /** + * 是否启用 + */ + @Schema(description = "是否启用") + private Boolean enabled; + + /** + * 资源权限 + */ + @Schema(description = "资源权限") + @NotNull(message = "资源权限不能为空") + private List actions; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java new file mode 100644 index 00000000..4c05b2cd --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java @@ -0,0 +1,61 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.update.app; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; + +/** + * 角色修改参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改角色入参") +public class PermissionRoleUpdateParam implements Serializable { + @Serial + private static final long serialVersionUID = 6021548372386059064L; + /** + * ID + */ + @Schema(accessMode = READ_ONLY) + @NotBlank(message = "ID不能为空") + private String id; + /** + * 名称 + */ + @Schema(description = "角色名称") + private String name; + /** + * 编码 + */ + @Schema(description = "角色编码") + private String code; + /** + * 备注 + */ + @Schema(description = "备注") + private String remark; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java new file mode 100644 index 00000000..f8fbea59 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java @@ -0,0 +1,43 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app; + +import java.util.List; + +import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; + +/** + *

+ * 权限 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionActionService { + + /** + * 获取资源权限列表 + * + * @param query {@link AppPermissionActionListQuery} + * @return {@link AppPermissionActionListResult} + */ + List getPermissionActionList(AppPermissionActionListQuery query); + +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionPolicyService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionPolicyService.java new file mode 100644 index 00000000..3532357f --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionPolicyService.java @@ -0,0 +1,78 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app; + +import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionPolicyCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + *

+ * 权限策略 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionPolicyService { + /** + * 获取资源列表 + * + * @param page {@link PageModel} + * @param query {@link AppPolicyQuery} + * @return {@link AppPermissionPolicyListResult} + */ + Page getPermissionPolicyList(PageModel page, + AppPolicyQuery query); + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link AppPermissionPolicyGetResult} + */ + AppPermissionPolicyGetResult getPermissionPolicy(String id); + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deletePermissionPolicy(String id); + + /** + * 创建资源 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link Boolean} + */ + Boolean createPermissionPolicy(AppPermissionPolicyCreateParam param); + + /** + * 更新资源 + * + * @param param {@link AppPermissionPolicyUpdateParam} + * @return {@link Boolean} + */ + Boolean updatePermissionPolicy(AppPermissionPolicyUpdateParam param); +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionResourceService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionResourceService.java new file mode 100644 index 00000000..5c789dca --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionResourceService.java @@ -0,0 +1,99 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app; + +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.console.pojo.query.app.AppResourceListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionResourceCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionResourceUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + *

+ * 资源权限 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionResourceService { + /** + * 获取资源列表 + * + * @param page {@link PageModel} + * @param query {@link AppResourceListQuery} + * @return {@link AppPermissionResourceListResult} + */ + Page getPermissionResourceList(PageModel page, + AppResourceListQuery query); + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link AppPermissionResourceGetResult} + */ + AppPermissionResourceGetResult getPermissionResource(String id); + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deletePermissionResource(String id); + + /** + * 启用/禁用 + * + * @param id {@link Long} + * @param enabled {@link Boolean} + * @return {@link Boolean} + */ + Boolean updateStatus(Long id, boolean enabled); + + /** + * 创建资源 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link Boolean} + */ + Boolean createPermissionResource(AppPermissionResourceCreateParam param); + + /** + * 更新资源 + * + * @param param {@link AppPermissionResourceUpdateParam} + * @return {@link Boolean} + */ + Boolean updatePermissionResource(AppPermissionResourceUpdateParam param); + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param appId {@link Long} + * @param id {@link Long} + * @return {@link Boolean} + */ + Boolean permissionResourceParamCheck(CheckValidityType type, String value, Long appId, Long id); +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionRoleService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionRoleService.java new file mode 100644 index 00000000..d186ef34 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionRoleService.java @@ -0,0 +1,100 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app; + +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.console.pojo.query.app.AppPermissionRoleListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleListResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; +import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + *

+ * 角色表 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionRoleService { + + /** + * 获取所有角色(分页) + * + * @param page {@link PageModel} + * @param query {@link AppPermissionRoleListQuery} + * @return {@link AppPermissionRoleListResult} + */ + Page getPermissionRoleList(PageModel page, + AppPermissionRoleListQuery query); + + /** + * 创建角色 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + boolean createPermissionRole(AppPermissionRoleCreateParam param); + + /** + * 更新角色 + * + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + boolean updatePermissionRole(PermissionRoleUpdateParam param); + + /** + * 删除角色 + * + * @param ids {@link String} + * @return {@link Boolean} + */ + boolean deletePermissionRole(String ids); + + /** + * 角色详情 + * + * @param id {@link Long} + * @return {@link AppPermissionRoleResult} + */ + AppPermissionRoleResult getPermissionRole(Long id); + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param appId {@link Long} + * @param id {@link Long} + * @return {@link Boolean} + */ + Boolean permissionRoleParamCheck(CheckValidityType type, String value, Long appId, Long id); + + /** + * 更新角色状态 + * + * @param id {@link String} + * @param status {@link Boolean} + * @return {@link Boolean} + */ + Boolean updatePermissionRoleStatus(String id, Boolean status); +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java new file mode 100644 index 00000000..2430bc4c --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java @@ -0,0 +1,65 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app.impl; + +import java.util.List; + +import org.springframework.stereotype.Service; + +import com.querydsl.core.types.Predicate; + +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.common.repository.app.AppPermissionResourceRepository; +import cn.topiam.employee.console.converter.app.AppPermissionActionConverter; +import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; +import cn.topiam.employee.console.service.app.AppPermissionActionService; + +import lombok.RequiredArgsConstructor; + +/** + *

+ * 资源权限 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionActionServiceImpl implements AppPermissionActionService { + + /** + * 获取资源列表 + * + * @param query {@link AppPermissionActionListQuery} + * @return {@link AppPermissionActionListResult} + */ + @Override + public List getPermissionActionList(AppPermissionActionListQuery query) { + Predicate predicate = appPermissionActionConverter + .appPermissionActionListQueryConvertToPredicate(query); + List list = (List) appPermissionResourceRepository + .findAll(predicate); + return appPermissionActionConverter.entityConvertToResourceActionListResult(list); + } + + private final AppPermissionResourceRepository appPermissionResourceRepository; + + private final AppPermissionActionConverter appPermissionActionConverter; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java new file mode 100644 index 00000000..2a31d7cf --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java @@ -0,0 +1,128 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app.impl; + +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; +import cn.topiam.employee.common.exception.app.AppPolicyNotExistException; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepository; +import cn.topiam.employee.console.converter.app.AppPermissionPolicyConverter; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionPolicyCreateParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.console.service.app.AppPermissionPolicyService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +import lombok.RequiredArgsConstructor; + +/** + *

+ * 权限策略 服务实现类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionPolicyServiceImpl implements AppPermissionPolicyService { + + /** + * 获取策略列表 + * + * @param page {@link PageModel} + * @param query {@link AppPolicyQuery} + * @return {@link AppPermissionPolicyListResult} + */ + @Override + public Page getPermissionPolicyList(PageModel page, + AppPolicyQuery query) { + org.springframework.data.domain.Page data; + QPageRequest request = QPageRequest.of(page.getCurrent(), page.getPageSize()); + data = appPermissionPolicyRepository.findPage(query, request); + return appPermissionPolicyConverter.entityConvertToPolicyListResult(data); + } + + /** + * 获取策略 + * + * @param id {@link String} + * @return {@link AppPermissionPolicyGetResult} + */ + @Override + public AppPermissionPolicyGetResult getPermissionPolicy(String id) { + return null; + } + + /** + * 删除策略 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Override + public Boolean deletePermissionPolicy(String id) { + Long policyId = Long.valueOf(id); + appPermissionPolicyRepository.findById(policyId) + .orElseThrow(AppPolicyNotExistException::new); + appPermissionPolicyRepository.deleteById(policyId); + return true; + } + + /** + * 创建策略 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createPermissionPolicy(AppPermissionPolicyCreateParam param) { + AppPermissionPolicyEntity resource = appPermissionPolicyConverter + .policyCreateParamConvertToEntity(param); + // 新增策略 + appPermissionPolicyRepository.save(resource); + return true; + } + + /** + * 更新策略 + * + * @param param {@link AppPermissionPolicyUpdateParam} + * @return {@link Boolean} + */ + @Override + public Boolean updatePermissionPolicy(AppPermissionPolicyUpdateParam param) { + AppPermissionPolicyEntity resource = appPermissionPolicyConverter + .policyUpdateParamConvertToEntity(param); + // 更新策略 + appPermissionPolicyRepository.save(resource); + return null; + } + + private final AppPermissionPolicyConverter appPermissionPolicyConverter; + + private final AppPermissionPolicyRepository appPermissionPolicyRepository; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java new file mode 100644 index 00000000..86dcae57 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java @@ -0,0 +1,281 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app.impl; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; + +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; +import cn.topiam.employee.common.entity.app.AppPermissionActionEntity; +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.common.exception.app.AppResourceNotExistException; +import cn.topiam.employee.common.repository.app.AppPermissionActionRepository; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepository; +import cn.topiam.employee.common.repository.app.AppPermissionResourceRepository; +import cn.topiam.employee.console.converter.app.AppPermissionResourceConverter; +import cn.topiam.employee.console.pojo.query.app.AppResourceListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceGetResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceListResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionResourceCreateParam; +import cn.topiam.employee.console.pojo.save.app.AppPermissionsActionParam; +import cn.topiam.employee.console.pojo.update.app.AppPermissionResourceUpdateParam; +import cn.topiam.employee.console.service.app.AppPermissionResourceService; +import cn.topiam.employee.support.exception.BadParamsException; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.util.BeanUtils; + +import lombok.RequiredArgsConstructor; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; + +/** + *

+ * 资源权限 服务实现类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionResourceServiceImpl implements AppPermissionResourceService { + + /** + * 获取资源列表 + * + * @param page {@link PageModel} + * @param query {@link AppResourceListQuery} + * @return {@link AppPermissionResourceListResult} + */ + @Override + public Page getPermissionResourceList(PageModel page, + AppResourceListQuery query) { + org.springframework.data.domain.Page data; + Predicate predicate = appPermissionResourceConverter + .resourcePaginationParamConvertToPredicate(query); + QPageRequest request = QPageRequest.of(page.getCurrent(), page.getPageSize()); + data = appResourceRepository.findAll(predicate, request); + return appPermissionResourceConverter.entityConvertToResourceListResult(data); + } + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link AppPermissionResourceGetResult} + */ + @Override + public AppPermissionResourceGetResult getPermissionResource(String id) { + AppPermissionResourceEntity resource = appResourceRepository.findById(Long.valueOf(id)) + .orElseThrow(AppResourceNotExistException::new); + return appPermissionResourceConverter.entityConvertToResourceGetResult(resource); + } + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean deletePermissionResource(String id) { + Long resourceId = Long.valueOf(id); + AppPermissionResourceEntity resource = appResourceRepository.findById(resourceId) + .orElseThrow(AppResourceNotExistException::new); + List actionList = appPermissionActionRepository + .findAllByResource(resource); + List objectIdList = new ArrayList<>( + actionList.stream().map(AppPermissionActionEntity::getId).toList()); + objectIdList.add(resourceId); + appPermissionPolicyRepository.deleteAllByObjectIdIn(objectIdList); + appResourceRepository.deleteById(resourceId); + AuditContext + .setTarget(Target.builder().id(id).type(TargetType.APP_PERMISSION_RESOURCE).build()); + return true; + } + + /** + * 启用/禁用 + * + * @param id {@link String} + * @param enabled {@link Boolean} + * @return {@link Boolean} + */ + @Override + public Boolean updateStatus(Long id, boolean enabled) { + AppPermissionResourceEntity resource = appResourceRepository.findById(Long.valueOf(id)) + .orElseThrow(AppResourceNotExistException::new); + AuditContext.setTarget( + Target.builder().id(id.toString()).type(TargetType.APP_PERMISSION_RESOURCE).build()); + return appPermissionPolicyRepository.updateStatus(id, enabled) > 0; + } + + /** + * 创建资源 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createPermissionResource(AppPermissionResourceCreateParam param) { + AppPermissionResourceEntity resource = appPermissionResourceConverter + .resourceCreateParamConvertToEntity(param); + buildActions(param.getActions(), resource); + // 新增资源 + appResourceRepository.save(resource); + AuditContext.setTarget(Target.builder().id(resource.getId().toString()) + .type(TargetType.APP_PERMISSION_RESOURCE).build()); + return true; + } + + /** + * 更新资源 + * + * @param param {@link AppPermissionResourceUpdateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean updatePermissionResource(AppPermissionResourceUpdateParam param) { + AppPermissionResourceEntity resource = appPermissionResourceConverter + .resourceUpdateParamConvertToEntity(param); + AppPermissionResourceEntity entity = getAppPermissionResourceEntity( + Long.valueOf(param.getId())); + buildActions(param.getActions(), resource); + BeanUtils.merge(resource, entity, LAST_MODIFIED_BY, LAST_MODIFIED_TIME); + // 查询资源下所有权限 + List actionList = appPermissionActionRepository + .findAllByResource(resource); + // 取出未删除的权限id + Set reservedSet = resource.getActions().stream().map(AppPermissionActionEntity::getId) + .collect(Collectors.toSet()); + // 过滤要删除的权限id + List removeActions = actionList.stream() + .filter(item -> !reservedSet.contains(item.getId())) + .map(AppPermissionActionEntity::getId).toList(); + appPermissionActionRepository.deleteAllById(removeActions); + // 更新资源 + appResourceRepository.save(entity); + AuditContext.setTarget( + Target.builder().id(param.getId()).type(TargetType.APP_PERMISSION_RESOURCE).build()); + return true; + } + + /** + * 获取应用权限资源 + * + * @param id {@link Long} + * @return {@link AppPermissionResourceEntity} + */ + private AppPermissionResourceEntity getAppPermissionResourceEntity(Long id) { + return appResourceRepository.findById(id) + .orElseThrow(() -> new BadParamsException("应用权限资源不存在")); + } + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param appId {@link Long} + * @param id {@link Long} + * @return {@link Boolean} + */ + @SuppressWarnings("DuplicatedCode") + @Override + public Boolean permissionResourceParamCheck(CheckValidityType type, String value, Long appId, + Long id) { + QAppPermissionResourceEntity role = QAppPermissionResourceEntity.appPermissionResourceEntity; + AppPermissionResourceEntity entity = new AppPermissionResourceEntity(); + boolean result = false; + // ID存在说明是修改操作,查询一下当前数据 + if (Objects.nonNull(id)) { + entity = appResourceRepository.findById(id) + .orElseThrow(AppResourceNotExistException::new); + } + //资源名称 + if (CheckValidityType.NAME.equals(type)) { + if (StringUtils.equals(entity.getName(), value)) { + return true; + } + BooleanExpression eq = role.name.eq(value).and(role.appId.eq(appId)); + result = !appResourceRepository.exists(eq); + } + //资源编码 + if (CheckValidityType.CODE.equals(type)) { + if (StringUtils.equals(entity.getCode(), value)) { + return true; + } + BooleanExpression eq = role.code.eq(value).and(role.appId.eq(appId)); + result = !appResourceRepository.exists(eq); + } + return result; + } + + /** + * 批量处理actions + * + * @param permissions {@link List} + * @param resource {@link AppPermissionResourceEntity>} + */ + private void buildActions(List permissions, + AppPermissionResourceEntity resource) { + // 权限 + List list = new ArrayList<>(); + for (AppPermissionsActionParam p : permissions) { + AppPermissionActionEntity entity = new AppPermissionActionEntity(); + entity.setResource(resource); + entity.setType(p.getType()); + entity.setName(p.getName()); + //API需要单独处理 + entity.setValue(p.getValue()); + list.add(entity); + } + resource.setActions(list); + } + + private final AppPermissionResourceConverter appPermissionResourceConverter; + + private final AppPermissionResourceRepository appResourceRepository; + /** + * PolicyRepository + */ + private final AppPermissionPolicyRepository appPermissionPolicyRepository; + /** + * ActionRepository + */ + private final AppPermissionActionRepository appPermissionActionRepository; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java new file mode 100644 index 00000000..dfe9a780 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java @@ -0,0 +1,220 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.service.app.impl; + +import java.util.Arrays; +import java.util.List; +import java.util.Objects; +import java.util.Optional; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; + +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; +import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionRoleEntity; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.common.exception.app.AppRoleNotExistException; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepository; +import cn.topiam.employee.common.repository.app.AppPermissionRoleRepository; +import cn.topiam.employee.console.converter.app.AppPermissionRoleConverter; +import cn.topiam.employee.console.pojo.query.app.AppPermissionRoleListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleListResult; +import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleResult; +import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; +import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; +import cn.topiam.employee.console.service.app.AppPermissionRoleService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.util.BeanUtils; + +import lombok.RequiredArgsConstructor; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; + +/** + *

+ * 角色表 服务实现类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionRoleServiceImpl implements AppPermissionRoleService { + + /** + * 获取所有角色(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionRoleListResult} + */ + @Override + public Page getPermissionRoleList(PageModel page, + AppPermissionRoleListQuery query) { + org.springframework.data.domain.Page data; + Predicate predicate = appPermissionRoleConverter + .rolePaginationParamConvertToPredicate(query); + QPageRequest request = QPageRequest.of(page.getCurrent(), page.getPageSize()); + data = appPermissionRoleRepository.findAll(predicate, request); + return appPermissionRoleConverter.entityConvertToRolePaginationResult(data); + } + + /** + * 创建系统 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + @Override + public boolean createPermissionRole(AppPermissionRoleCreateParam param) { + AppPermissionRoleEntity entity = appPermissionRoleConverter + .roleCreateParamConvertToEntity(param); + appPermissionRoleRepository.save(entity); + AuditContext.setTarget(Target.builder().id(entity.getId().toString()) + .type(TargetType.APP_PERMISSION_ROLE).build()); + return true; + } + + /** + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + @Override + public boolean updatePermissionRole(PermissionRoleUpdateParam param) { + AppPermissionRoleEntity source = appPermissionRoleConverter + .roleUpdateParamConvertToEntity(param); + AppPermissionRoleEntity target = appPermissionRoleRepository + .findById(Long.valueOf(param.getId())).orElseThrow(AppRoleNotExistException::new); + BeanUtils.merge(source, target, LAST_MODIFIED_TIME, LAST_MODIFIED_BY); + appPermissionRoleRepository.save(target); + AuditContext.setTarget(Target.builder().id(target.getId().toString()) + .type(TargetType.APP_PERMISSION_ROLE).build()); + return true; + } + + /** + * 删除角色 + * + * @param ids {@link String} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public boolean deletePermissionRole(String ids) { + List idList = Arrays.stream(ids.split(",")).toList(); + List longIds = idList.stream().map(Long::parseLong).toList(); + appPermissionRoleRepository.deleteAllById(longIds); + // 删除对应策略 + appPermissionPolicyRepository.deleteAllBySubjectIdIn(idList); + appPermissionPolicyRepository.deleteAllByObjectIdIn(longIds); + AuditContext + .setTarget(Target.builder().id(ids).type(TargetType.APP_PERMISSION_ROLE).build()); + return true; + } + + /** + * 角色详情 + * + * @param id {@link Long} + * @return {@link AppPermissionRoleResult} + */ + @Override + public AppPermissionRoleResult getPermissionRole(Long id) { + //查询 + Optional entity = appPermissionRoleRepository.findById(id); + //映射 + return appPermissionRoleConverter.entityConvertToRoleDetailResult(entity.orElse(null)); + } + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param id {@link Long} + * @param appId {@link Long} + * @return {@link Boolean} + */ + @SuppressWarnings("DuplicatedCode") + @Override + public Boolean permissionRoleParamCheck(CheckValidityType type, String value, Long appId, + Long id) { + QAppPermissionRoleEntity role = QAppPermissionRoleEntity.appPermissionRoleEntity; + AppPermissionRoleEntity entity = new AppPermissionRoleEntity(); + boolean result = false; + // ID存在说明是修改操作,查询一下当前数据 + if (Objects.nonNull(id)) { + entity = appPermissionRoleRepository.findById(id) + .orElseThrow(AppRoleNotExistException::new); + } + //角色编码 + if (CheckValidityType.CODE.equals(type)) { + if (StringUtils.equals(entity.getCode(), value)) { + return true; + } + BooleanExpression eq = role.code.eq(value); + eq.and(role.appId.eq(appId)); + result = !appPermissionRoleRepository.exists(eq); + } + //角色名称 + if (CheckValidityType.NAME.equals(type)) { + if (StringUtils.equals(entity.getName(), value)) { + return true; + } + BooleanExpression eq = role.name.eq(value); + eq.and(role.appId.eq(appId)); + result = !appPermissionRoleRepository.exists(eq); + } + return result; + } + + /** + * 更新角色状态 + * + * @param id {@link String} + * @param status {@link Boolean} + * @return {@link Boolean} + */ + @Override + public Boolean updatePermissionRoleStatus(String id, Boolean status) { + appPermissionRoleRepository.updateStatus(id, status); + return true; + } + + /** + * 用户数据映射器 + */ + private final AppPermissionRoleConverter appPermissionRoleConverter; + /** + * RoleRepository + */ + private final AppPermissionRoleRepository appPermissionRoleRepository; + /** + * PolicyRepository + */ + private final AppPermissionPolicyRepository appPermissionPolicyRepository; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/constants/OpenApiV1Constants.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/constants/OpenApiV1Constants.java index bae5dbee..6ffb5d3f 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/constants/OpenApiV1Constants.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/constants/OpenApiV1Constants.java @@ -29,32 +29,37 @@ public class OpenApiV1Constants { /** * OpenAPI 路径 */ - public final static String OPEN_API_V1_PATH = V1_API_PATH; + public final static String OPEN_API_V1_PATH = V1_API_PATH; - public final static Integer ACCESS_TOKEN_EXPIRES_IN = 7200; + public final static Integer ACCESS_TOKEN_EXPIRES_IN = 7200; /** * 组名称 */ - public static final String OPEN_API_NAME = "开放接口"; + public static final String OPEN_API_NAME = "开放接口"; /** * 访问凭证 */ - public final static String AUTH_PATH = OPEN_API_V1_PATH + "/auth"; + public final static String AUTH_PATH = OPEN_API_V1_PATH + "/auth"; /** * 账户 */ - public final static String ACCOUNT_PATH = OPEN_API_V1_PATH + "/account"; + public final static String ACCOUNT_PATH = OPEN_API_V1_PATH + "/account"; /** * 用户 */ - public final static String USER_PATH = ACCOUNT_PATH + "/user"; + public final static String USER_PATH = ACCOUNT_PATH + "/user"; /** * 组织 */ - public final static String ORGANIZATION_PATH = ACCOUNT_PATH + "/organization"; + public final static String ORGANIZATION_PATH = ACCOUNT_PATH + "/organization"; + + /** + * 权限管理API 路径 + */ + public final static String OPEN_API_PERMISSION_PATH = OPEN_API_V1_PATH + "/permission"; } diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppAccountConverter.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppAccountConverter.java new file mode 100644 index 00000000..45887402 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppAccountConverter.java @@ -0,0 +1,91 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.common.entity.app.po.AppAccountPO; +import cn.topiam.employee.openapi.pojo.request.app.save.AppAccountCreateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppAccountListResult; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 应用账户映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/6/4 19:08 + */ +@Mapper(componentModel = "spring") +public interface AppAccountConverter { + + /** + * 应用账户分页实体转换应用账户分页结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page appAccountEntityConvertToAppAccountResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + if (!CollectionUtils.isEmpty(page.getContent())) { + List list = new ArrayList<>(); + for (AppAccountPO po : page.getContent()) { + list.add(entityConvertToAppAccountResult(po)); + } + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + result.setList(list); + } + return result; + } + + /** + * 应用账户实体转换为应用账户结果 + * + * @param appAccountPo {@link AppAccountPO} + * @return {@link AppAccountListResult} + */ + AppAccountListResult entityConvertToAppAccountResult(AppAccountPO appAccountPo); + + /** + * 应用账户新增参数转换应用账户实体 + * + * @param param {@link AppAccountCreateParam} + * @return {@link AppAccountEntity} + */ + @Mapping(target = "password", ignore = true) + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppAccountEntity appAccountCreateParamConvertToEntity(AppAccountCreateParam param); + +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionActionConverter.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionActionConverter.java new file mode 100644 index 00000000..83396cdb --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionActionConverter.java @@ -0,0 +1,46 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.converter.app; + +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; + +import cn.topiam.employee.common.entity.app.AppPermissionActionEntity; +import cn.topiam.employee.openapi.pojo.request.app.AppPermissionsActionParam; + +/** + * 权限映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@SuppressWarnings("AlibabaAbstractMethodOrInterfaceMethodMustUseJavadoc") +@Mapper(componentModel = "spring") +public interface AppPermissionActionConverter { + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "resource", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionActionEntity toEntity(AppPermissionsActionParam dto); + + AppPermissionsActionParam toDTO(AppPermissionActionEntity entities); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionPolicyConverter.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionPolicyConverter.java new file mode 100644 index 00000000..1596e1ab --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionPolicyConverter.java @@ -0,0 +1,91 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.converter.app; + +import java.util.List; + +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionPolicyCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 策略映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring", uses = AppPermissionActionConverter.class) +public interface AppPermissionPolicyConverter { + + /** + * 资源创建参数转实体类 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link AppPermissionPolicyEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionPolicyEntity policyCreateParamConvertToEntity(AppPermissionPolicyCreateParam param); + + /** + * 资源修改参数转实体类 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link AppPermissionPolicyEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionPolicyEntity policyUpdateParamConvertToEntity(AppPermissionPolicyUpdateParam param); + + /** + * 资源转换为资源列表结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page entityConvertToPolicyListResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + List pageList = page.getContent(); + if (!CollectionUtils.isEmpty(pageList)) { + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + result.setList(pageList); + } + return result; + } +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionResourceConverter.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionResourceConverter.java new file mode 100644 index 00000000..f039ff60 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionResourceConverter.java @@ -0,0 +1,145 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; + +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; +import cn.topiam.employee.openapi.pojo.request.app.query.AppResourceListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionResourceCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.AppPermissionResourceUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceGetResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceListResult; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 资源映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring", uses = AppPermissionActionConverter.class) +public interface AppPermissionResourceConverter { + + /** + * 资源分页查询参数转实体 + * + * @param query {@link AppResourceListQuery} + * @return {@link Predicate} + */ + default Predicate resourcePaginationParamConvertToPredicate(AppResourceListQuery query) { + QAppPermissionResourceEntity resource = QAppPermissionResourceEntity.appPermissionResourceEntity; + Predicate predicate = ExpressionUtils.and(resource.isNotNull(), + resource.deleted.eq(Boolean.FALSE)); + //查询条件 + //@formatter:off + // 资源名称 + predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, resource.name.like("%" + query.getName() + "%")); + // TODO 从token中获取 所属应用 +// predicate = ExpressionUtils.and(predicate, resource.appId.eq(0L)); + //@formatter:on + return predicate; + } + + /** + * 资源创建参数转实体类 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link AppPermissionResourceEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "actions", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionResourceEntity resourceCreateParamConvertToEntity(AppPermissionResourceCreateParam param); + + /** + * 资源修改参数转实体类 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link AppPermissionResourceEntity} + */ + @Mapping(target = "enabled", expression = "java(Boolean.TRUE)") + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "code", ignore = true) + @Mapping(target = "appId", ignore = true) + @Mapping(target = "actions", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionResourceEntity resourceUpdateParamConvertToEntity(AppPermissionResourceUpdateParam param); + + /** + * 资源转换为资源列表结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page entityConvertToResourceListResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + List pageList = page.getContent(); + if (!CollectionUtils.isEmpty(pageList)) { + List list = new ArrayList<>(); + for (AppPermissionResourceEntity resource : pageList) { + list.add(entityConvertToResourceListResult(resource)); + } + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + result.setList(list); + } + return result; + } + + /** + * 实体转换为资源列表结果 + * + * @param data {@link AppPermissionResourceEntity} + * @return {@link AppPermissionResourceListResult} + */ + AppPermissionResourceListResult entityConvertToResourceListResult(AppPermissionResourceEntity data); + + /** + * 实体转获取详情返回 + * + * @param resource {@link AppPermissionResourceEntity} + * @return {@link AppPermissionResourceGetResult} + */ + @Mapping(target = "actions", source = "actions") + AppPermissionResourceGetResult entityConvertToResourceGetResult(AppPermissionResourceEntity resource); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionRoleConverter.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionRoleConverter.java new file mode 100644 index 00000000..50bcb112 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/app/AppPermissionRoleConverter.java @@ -0,0 +1,142 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.converter.app; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; +import org.springframework.util.ObjectUtils; + +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; + +import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionRoleEntity; +import cn.topiam.employee.openapi.pojo.request.app.query.AppPermissionRoleListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionRoleCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.PermissionRoleUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleListResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleResult; +import cn.topiam.employee.support.repository.page.domain.Page; + +/** + * 角色映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring") +public interface AppPermissionRoleConverter { + + /** + * 角色实体转换为角色分页结果 + * + * @param page {@link Page} + * @return {@link Page} + */ + default Page entityConvertToRolePaginationResult(org.springframework.data.domain.Page page) { + Page result = new Page<>(); + if (!CollectionUtils.isEmpty(page.getContent())) { + List list = new ArrayList<>(); + for (AppPermissionRoleEntity user : page.getContent()) { + list.add(entityConvertToRolePaginationResult(user)); + } + //@formatter:off + result.setPagination(Page.Pagination.builder() + .total(page.getTotalElements()) + .totalPages(page.getTotalPages()) + .current(page.getPageable().getPageNumber() + 1) + .build()); + //@formatter:on + result.setList(list); + } + return result; + } + + /** + * 角色实体转换为角色分页结果 + * + * @param page {@link AppPermissionRoleEntity} + * @return {@link AppPermissionRoleListResult} + */ + AppPermissionRoleListResult entityConvertToRolePaginationResult(AppPermissionRoleEntity page); + + /** + * 角色创建参数转换为角色实体 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link AppPermissionRoleEntity} + */ + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "enabled", expression = "java(Boolean.TRUE)") + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionRoleEntity roleCreateParamConvertToEntity(AppPermissionRoleCreateParam param); + + /** + * 角色更新参数转换为角色实体类 + * + * @param param {@link PermissionRoleUpdateParam} 更新参数 + * @return {@link AppPermissionRoleEntity} 角色实体 + */ + @Mapping(target = "appId", ignore = true) + @Mapping(target = "enabled", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppPermissionRoleEntity roleUpdateParamConvertToEntity(PermissionRoleUpdateParam param); + + /** + * 实体转系统详情结果 + * + * @param role {@link AppPermissionRoleEntity} + * @return {@link AppPermissionRoleResult} + */ + AppPermissionRoleResult entityConvertToRoleDetailResult(AppPermissionRoleEntity role); + + /** + * 角色分页查询参数转实体 + * + * @param query {@link AppPermissionRoleListQuery} + * @return {@link AppPermissionRoleEntity} + */ + default Predicate rolePaginationParamConvertToPredicate(AppPermissionRoleListQuery query) { + QAppPermissionRoleEntity role = QAppPermissionRoleEntity.appPermissionRoleEntity; + Predicate predicate = ExpressionUtils.and(role.isNotNull(), role.deleted.eq(Boolean.FALSE)); + //查询条件 + //@formatter:off + // 角色名称 + predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, role.name.like("%" + query.getName() + "%")); + // 是否启用 + predicate = ObjectUtils.isEmpty(query.getEnabled()) ? predicate : ExpressionUtils.and(predicate, role.enabled.eq(query.getEnabled())); + // 角色编码 + predicate = StringUtils.isBlank(query.getCode()) ? predicate : ExpressionUtils.and(predicate, role.code.eq(query.getCode())); + // TODO 从token中获取 所属应用 + predicate = ExpressionUtils.and(predicate, role.appId.eq(0L)); + //@formatter:on + return predicate; + } +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionPolicyEndpoint.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionPolicyEndpoint.java new file mode 100644 index 00000000..d6d3d9ef --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionPolicyEndpoint.java @@ -0,0 +1,63 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.endpoint.permission; + +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.openapi.pojo.request.app.query.OpenApiPolicyQuery; +import cn.topiam.employee.openapi.service.AppPermissionPolicyService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import static cn.topiam.employee.openapi.constants.OpenApiV1Constants.OPEN_API_PERMISSION_PATH; + +/** + * 应用权限-策略开放API + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/5 21:04 + */ +@RestController +@RequestMapping(value = OPEN_API_PERMISSION_PATH + "/policy") +@RequiredArgsConstructor +public class AppPermissionPolicyEndpoint { + /** + * 获取所有策略(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionPolicyPO} + */ + @Operation(summary = "获取策略列表") + @GetMapping(value = "/list") + public ApiRestResult> getPermissionPolicyList(PageModel page, + @Validated OpenApiPolicyQuery query) { + Page result = permissionPolicyService.getPermissionPolicyList(page, + query); + return ApiRestResult.> builder().result(result).build(); + } + + private final AppPermissionPolicyService permissionPolicyService; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionResourceEndpoint.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionResourceEndpoint.java new file mode 100644 index 00000000..cc955e73 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionResourceEndpoint.java @@ -0,0 +1,72 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.endpoint.permission; + +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import cn.topiam.employee.openapi.pojo.request.app.query.AppResourceListQuery; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceListResult; +import cn.topiam.employee.openapi.service.AppPermissionResourceService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import static cn.topiam.employee.openapi.constants.OpenApiV1Constants.OPEN_API_PERMISSION_PATH; + +/** + * 应用权限-资源开放API + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/5 21:04 + */ +@RestController +@RequestMapping(value = OPEN_API_PERMISSION_PATH + "/resource") +@RequiredArgsConstructor +public class AppPermissionResourceEndpoint { + /** + * 获取应用的所有资源(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionResourceListResult} + */ + @Operation(summary = "获取资源列表") + @GetMapping(value = "/list") + public ApiRestResult> getPermissionResourceList(PageModel page, + @Validated AppResourceListQuery query) { + Page result = appPermissionResourceService + .getPermissionResourceList(page, query); + return ApiRestResult.> builder().result(result) + .build(); + } + //2、新增资源 + + //3、编辑资源 + + //4、删除资源 + + /** + * 资源服务类 + */ + private final AppPermissionResourceService appPermissionResourceService; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionRoleEndpoint.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionRoleEndpoint.java new file mode 100644 index 00000000..5574073f --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/AppPermissionRoleEndpoint.java @@ -0,0 +1,72 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.endpoint.permission; + +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import cn.topiam.employee.openapi.pojo.request.app.query.AppPermissionRoleListQuery; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleListResult; +import cn.topiam.employee.openapi.service.AppPermissionRoleService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.RequiredArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import static cn.topiam.employee.openapi.constants.OpenApiV1Constants.OPEN_API_PERMISSION_PATH; + +/** + * 应用权限-角色开放API + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/5 21:04 + */ +@RestController +@RequestMapping(value = OPEN_API_PERMISSION_PATH + "/role") +@RequiredArgsConstructor +public class AppPermissionRoleEndpoint { + //1、获取应用的所有角色(分页) + /** + * 获取所有角色(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionRoleListResult} + */ + @Operation(summary = "获取角色列表") + @GetMapping(value = "/list") + public ApiRestResult> getPermissionRoleList(PageModel page, + @Validated AppPermissionRoleListQuery query) { + Page result = appPermissionRoleService + .getPermissionRoleList(page, query); + return ApiRestResult.> builder().result(result).build(); + } + //2、新增角色 + + //3、编辑角色 + + //4、删除角色 + + /** + * 角色服务类 + */ + private final AppPermissionRoleService appPermissionRoleService; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/package-info.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/package-info.java new file mode 100644 index 00000000..a6bd9c56 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/permission/package-info.java @@ -0,0 +1,18 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.endpoint.permission; \ No newline at end of file diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/AppPermissionsActionParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/AppPermissionsActionParam.java new file mode 100644 index 00000000..7cbadccc --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/AppPermissionsActionParam.java @@ -0,0 +1,59 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app; + +import java.io.Serial; +import java.io.Serializable; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import jakarta.validation.Valid; +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.NotNull; + +/** + * AppPermissionsActionParam + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/1 00:18 + */ +@Data +@Valid +public class AppPermissionsActionParam implements Serializable { + + @Serial + private static final long serialVersionUID = -6391182747252245592L; + + /** + * 权限类型 + */ + @NotNull(message = "权限类型") + private PermissionActionType type; + /** + * 权限值 + */ + @NotEmpty(message = "权限值") + private String value; + /** + * 权限描述 + */ + @NotEmpty(message = "权限描述") + private String name; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppPermissionListQuery.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppPermissionListQuery.java new file mode 100644 index 00000000..55e67761 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppPermissionListQuery.java @@ -0,0 +1,60 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.query; + +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 查询权限列表入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Schema(description = "查询权限列表入参") +@ParameterObject +public class AppPermissionListQuery implements Serializable { + + /** + * 资源名称 + */ + @Parameter(description = "权限名称") + private String name; + + /** + * 所属资源 + */ + @NotNull(message = "请选择权限所属资源") + @Parameter(description = "所属资源") + private Long resourceId; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppPermissionRoleListQuery.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppPermissionRoleListQuery.java new file mode 100644 index 00000000..c15f492e --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppPermissionRoleListQuery.java @@ -0,0 +1,58 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.query; + +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 分页查询角色入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Schema(description = "查询角色列表入参") +@ParameterObject +public class AppPermissionRoleListQuery implements Serializable { + + /** + * 角色名称 + */ + @Parameter(description = "角色名称") + private String name; + + /** + * 角色编码 + */ + @Parameter(description = "角色编码") + private String code; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppResourceListQuery.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppResourceListQuery.java new file mode 100644 index 00000000..137b9d89 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/AppResourceListQuery.java @@ -0,0 +1,51 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.query; + +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 分页查询资源入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Schema(description = "查询权限资源列表入参") +@ParameterObject +public class AppResourceListQuery implements Serializable { + + /** + * 资源名称 + */ + @Parameter(description = "资源名称") + private String name; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/OpenApiPolicyQuery.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/OpenApiPolicyQuery.java new file mode 100644 index 00000000..3b2ba376 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/query/OpenApiPolicyQuery.java @@ -0,0 +1,75 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.query; + +import java.io.Serializable; + +import org.springdoc.core.annotations.ParameterObject; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 分页查询策略入参 + * + * @author TopIAM + */ +@Data +@Schema(description = "查询权限策略列表入参") +@ParameterObject +public class OpenApiPolicyQuery implements Serializable { + + /** + * 授权主体Id + */ + @Parameter(description = "授权主体Id") + private String subjectId; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @NotNull(message = "授权主体类型不能为空") + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 授权客体Id + */ + @Parameter(description = "授权客体Id") + private String objectId; + + /** + * 权限客体类型(权限、角色) + */ + @NotNull(message = "授权客体类型不能为空") + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 规则效果 + */ + @Parameter(description = "规则效果") + private AppPolicyEffect effect; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppAccountCreateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppAccountCreateParam.java new file mode 100644 index 00000000..4d560de6 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppAccountCreateParam.java @@ -0,0 +1,56 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.save; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * AppAccountCreateParam 应用账户新增入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/5/24 22:13 + */ +@Data +@Schema(description = "应用账户新增入参") +public class AppAccountCreateParam { + + /** + * 应用ID + */ + @Schema(description = "应用ID") + @NotNull(message = "应用ID不能为空") + private Long appId; + + /** + * 用户ID + */ + @Schema(description = "用户ID") + @NotNull(message = "用户ID不能为空") + private Long userId; + + /** + * 账户名称 + */ + @Schema(description = "账户名称") + @NotBlank(message = "账户名称不能为空") + private String account; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionActionCreateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionActionCreateParam.java new file mode 100644 index 00000000..bdaf7662 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionActionCreateParam.java @@ -0,0 +1,77 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.save; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * 权限创建参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建权限入参") +public class AppPermissionActionCreateParam implements Serializable { + /** + * 权限名称 + */ + @Schema(description = "权限名称") + @NotBlank(message = "权限名称不能为空") + private String name; + + /** + * 权限值 + */ + @Schema(description = "权限值") + @NotBlank(message = "权限值不能为空") + private String value; + + /** + * 权限类型 + */ + @Schema(description = "权限类型") + @NotNull(message = "权限类型不能为空") + private PermissionActionType type; + + /** + * 是否启用 + */ + private Boolean enabled = true; + + /** + * 所属资源 + */ + @Schema(description = "所属资源") + @NotBlank(message = "所属资源不能为空") + private Long resourceId; + + /** + * 备注 + */ + @Schema(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionPolicyCreateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionPolicyCreateParam.java new file mode 100644 index 00000000..e5e610aa --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionPolicyCreateParam.java @@ -0,0 +1,83 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.save; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 创建策略入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建策略入参") +public class AppPermissionPolicyCreateParam implements Serializable { + + /** + * 所属应用 + */ + @NotNull(message = "资源所属应用不能为空") + @Parameter(description = "所属应用") + private Long appId; + + /** + * 授权主体id + */ + @NotNull(message = "授权主体id不能为空") + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @NotNull(message = "授权主体类型不能为空") + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @NotNull(message = "权限客体ID不能为空") + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体类型(权限、角色) + */ + @NotNull(message = "权限客体类型不能为空") + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @NotNull(message = "授权作用不能为空") + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionResourceCreateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionResourceCreateParam.java new file mode 100644 index 00000000..f0e7b09d --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionResourceCreateParam.java @@ -0,0 +1,77 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.save; + +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.openapi.pojo.request.app.AppPermissionsActionParam; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * 资源创建参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建资源入参") +public class AppPermissionResourceCreateParam implements Serializable { + /** + * 编码 + */ + @Schema(description = "资源编码") + @NotBlank(message = "资源编码不能为空") + private String code; + /** + * 名称 + */ + @Schema(description = "资源名称") + @NotBlank(message = "资源名称不能为空") + private String name; + /** + * 描述 + */ + @Schema(description = "资源描述") + @NotBlank(message = "资源描述不能为空") + private String desc; + + /** + * 是否启用 + */ + private Boolean enabled = true; + + /** + * 所属应用 + */ + @Schema(description = "所属应用") + @NotNull(message = "所属应用不能为空") + private Long appId; + + /** + * 资源权限 + */ + @Schema(description = "资源权限") + @NotNull(message = "资源权限不能为空") + private List actions; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionRoleCreateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionRoleCreateParam.java new file mode 100644 index 00000000..636bda23 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/save/AppPermissionRoleCreateParam.java @@ -0,0 +1,61 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.save; + +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * 角色创建参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "创建角色入参") +public class AppPermissionRoleCreateParam implements Serializable { + /** + * 角色名称 + */ + @NotBlank(message = "角色名称不能为空") + private String name; + /** + * 角色编码 + */ + @NotBlank(message = "角色编码不能为空") + private String code; + /** + * 启用 + */ + private Boolean enabled = true; + /** + * 所属应用 + */ + @NotNull(message = "所属应用不能为空") + private Long appId; + /** + * 备注 + */ + @Schema(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/AppPermissionPolicyUpdateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/AppPermissionPolicyUpdateParam.java new file mode 100644 index 00000000..d10af289 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/AppPermissionPolicyUpdateParam.java @@ -0,0 +1,88 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.update; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotNull; + +/** + * 修改策略入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改策略入参") +public class AppPermissionPolicyUpdateParam implements Serializable { + /** + * 所属应用 + */ + @NotNull(message = "资源所属应用不能为空") + @Parameter(description = "所属应用") + private Long appId; + + /** + * 授权主体id + */ + @NotNull(message = "主键id不能为空") + @Parameter(description = "主键id") + private Long id; + /** + * 授权主体id + */ + @NotNull(message = "授权主体id不能为空") + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @NotNull(message = "授权主体类型不能为空") + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @NotNull(message = "权限客体ID不能为空") + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体类型(权限、角色) + */ + @NotNull(message = "权限客体类型不能为空") + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @NotNull(message = "授权作用不能为空") + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/AppPermissionResourceUpdateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/AppPermissionResourceUpdateParam.java new file mode 100644 index 00000000..00a8734a --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/AppPermissionResourceUpdateParam.java @@ -0,0 +1,69 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.update; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.openapi.pojo.request.app.AppPermissionsActionParam; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; +import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; + +/** + * 资源修改参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改资源入参") +public class AppPermissionResourceUpdateParam implements Serializable { + @Serial + private static final long serialVersionUID = 6021548372386059064L; + /** + * ID + */ + @Schema(accessMode = READ_ONLY) + @NotBlank(message = "ID不能为空") + private String id; + /** + * 名称 + */ + @Schema(description = "资源名称") + @NotBlank(message = "资源名称不能为空") + private String name; + /** + * 描述 + */ + @Schema(description = "资源描述") + @NotBlank(message = "资源描述不能为空") + private String desc; + + /** + * 资源权限 + */ + @Schema(description = "资源权限") + @NotNull(message = "资源权限不能为空") + private List actions; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/PermissionRoleUpdateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/PermissionRoleUpdateParam.java new file mode 100644 index 00000000..431691eb --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/PermissionRoleUpdateParam.java @@ -0,0 +1,61 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.update; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; + +/** + * 角色修改参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改角色入参") +public class PermissionRoleUpdateParam implements Serializable { + @Serial + private static final long serialVersionUID = 6021548372386059064L; + /** + * ID + */ + @Schema(accessMode = READ_ONLY) + @NotBlank(message = "ID不能为空") + private String id; + /** + * 名称 + */ + @Schema(description = "角色名称") + private String name; + /** + * 编码 + */ + @Schema(description = "角色编码") + private String code; + /** + * 备注 + */ + @Schema(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/ResourceActionUpdateParam.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/ResourceActionUpdateParam.java new file mode 100644 index 00000000..ebc9971b --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/request/app/update/ResourceActionUpdateParam.java @@ -0,0 +1,84 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.request.app.update; + +import java.io.Serial; +import java.io.Serializable; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; + +/** + * 资源修改参数 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:46 + */ +@Data +@Schema(description = "修改资源入参") +public class ResourceActionUpdateParam implements Serializable { + @Serial + private static final long serialVersionUID = 6021548372386059064L; + /** + * ID + */ + @Schema(accessMode = READ_ONLY) + @NotBlank(message = "ID不能为空") + private String id; + + /** + * 权限名称 + */ + @Schema(description = "权限名称") + private String name; + + /** + * 权限值 + */ + @Schema(description = "权限值") + private String value; + + /** + * 权限类型 + */ + @Schema(description = "权限类型") + private PermissionActionType type; + + /** + * 是否启用 + */ + private Boolean enabled = true; + + /** + * 所属资源 + */ + @Schema(description = "所属资源") + @NotBlank(message = "所属资源不能为空") + private Long resourceId; + + /** + * 备注 + */ + @Schema(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppAccountListResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppAccountListResult.java new file mode 100644 index 00000000..2052a3c2 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppAccountListResult.java @@ -0,0 +1,95 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.time.LocalDateTime; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * AppAccountCreateParam 应用账户查询结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/5/24 22:13 + */ +@Data +@Schema(description = "应用账户列表查询结果") +public class AppAccountListResult { + + /** + * id + */ + @Schema(description = "id") + private String id; + + /** + * 应用ID + */ + @Schema(description = "应用ID") + private Long appId; + + /** + * 应用名称 + */ + @Schema(description = "应用名称") + private String appName; + + /** + * 模板 + */ + @Schema(description = "应用模版") + private String appTemplate; + + /** + * 协议 + */ + @Schema(description = "应用协议") + private String appProtocol; + + /** + * 应用类型 + */ + @Schema(description = "应用类型") + private String appType; + + /** + * 用户ID + */ + @Schema(description = "用户ID") + private Long userId; + + /** + * 用户名称 + */ + @Schema(description = "用户名称") + private String username; + + /** + * 账户名称 + */ + @Schema(description = "账户名称") + private String account; + + /** + * 添加时间 + */ + @Schema(description = "添加时间") + private LocalDateTime createTime; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionActionGetResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionActionGetResult.java new file mode 100644 index 00000000..73a569e8 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionActionGetResult.java @@ -0,0 +1,66 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 权限详情 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "权限操作") +@Data +public class AppPermissionActionGetResult implements Serializable { + /** + * ID + */ + @Parameter(description = "ID") + private String id; + /** + * 权限名称 + */ + @Parameter(description = "权限名称") + private String name; + + /** + * 权限值 + */ + @Parameter(description = "权限值") + private String value; + + /** + * 权限类型 + */ + @Parameter(description = "权限类型") + private PermissionActionType type; + + /** + * 备注 + */ + @Parameter(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionActionListResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionActionListResult.java new file mode 100644 index 00000000..61ae3a4d --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionActionListResult.java @@ -0,0 +1,72 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serial; +import java.io.Serializable; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 查询权限列表结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Accessors(chain = true) +@Schema(description = "查询权限列表结果") +public class AppPermissionActionListResult implements Serializable { + + @Serial + private static final long serialVersionUID = 3320953184046791392L; + /** + * ID + */ + @Parameter(description = "ID") + private String id; + /** + * 权限名称 + */ + @Parameter(description = "权限名称") + private String name; + + /** + * 权限值 + */ + @Parameter(description = "权限值") + private String value; + + /** + * 权限类型 + */ + @Parameter(description = "权限类型") + private PermissionActionType type; + + /** + * 备注 + */ + @Parameter(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionPolicyGetResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionPolicyGetResult.java new file mode 100644 index 00000000..7556de53 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionPolicyGetResult.java @@ -0,0 +1,87 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serializable; + +import cn.topiam.employee.common.enums.app.AppPolicyEffect; +import cn.topiam.employee.common.enums.app.AppPolicyObjectType; +import cn.topiam.employee.common.enums.app.AppPolicySubjectType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取资源 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "获取资源结果") +@Data +public class AppPermissionPolicyGetResult implements Serializable { + /** + * ID + */ + @Parameter(description = "id") + private String id; + + /** + * 授权主体id + */ + @Parameter(description = "授权主体id") + private String subjectId; + + /** + * 授权主体名称 + */ + @Parameter(description = "授权主体名称") + private String subjectName; + + /** + * 权限主体类型(用户、角色、分组、组织机构) + */ + @Parameter(description = "授权主体类型") + private AppPolicySubjectType subjectType; + + /** + * 权限客体ID + */ + @Parameter(description = "授权客体id") + private Long objectId; + + /** + * 权限客体名菜 + */ + @Parameter(description = "授权客体名称") + private String objectName; + + /** + * 权限客体类型(权限、角色) + */ + @Parameter(description = "授权客体类型") + private AppPolicyObjectType objectType; + + /** + * 授权作用 + */ + @Parameter(description = "授权作用") + private AppPolicyEffect effect; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionResourceGetResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionResourceGetResult.java new file mode 100644 index 00000000..cc5ad6cc --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionResourceGetResult.java @@ -0,0 +1,107 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.common.enums.PermissionActionType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Hidden; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取资源 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "获取资源结果") +@Data +public class AppPermissionResourceGetResult implements Serializable { + /** + * 名称 + */ + @Schema(description = "资源名称") + private String name; + + /** + * 编码 + */ + @Schema(description = "资源编码") + private String code; + + /** + * 描述 + */ + @Schema(description = "资源描述") + private String desc; + + /** + * 所属应用 + */ + @Schema(description = "所属应用") + private Long appId; + + /** + * 资源权限 + */ + @Schema(description = "资源权限") + private List actions; + + /** + * AppPermissionsActionParam + * + * @author TopIAM + * Created by support@topiam.cn on 2022/9/1 00:18 + */ + @Data + public static class AppPermissionsAction implements Serializable { + + @Serial + private static final long serialVersionUID = -6391182747252245592L; + + /** + * ID + */ + @Hidden + @Schema(description = "ID") + private String id; + + /** + * 权限类型 + */ + @Schema(description = "权限类型") + private PermissionActionType type; + + /** + * 权限值 + */ + @Schema(description = "权限值") + private String value; + + /** + * 权限描述 + */ + @Schema(description = "权限描述") + private String name; + } +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionResourceListResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionResourceListResult.java new file mode 100644 index 00000000..9d3417c1 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionResourceListResult.java @@ -0,0 +1,71 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 资源分页查询结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Accessors(chain = true) +@Schema(description = "分页查询资源结果") +public class AppPermissionResourceListResult implements Serializable { + + @Serial + private static final long serialVersionUID = 3320953184046791392L; + /** + * ID + */ + @Parameter(description = "id") + private String id; + + /** + * 资源名称 + */ + @Parameter(description = "资源名称") + private String name; + + /** + * code + */ + @Parameter(description = "资源编码") + private String code; + + /** + * 所属应用 + */ + @Parameter(description = "所属应用") + private String appId; + + /** + * desc + */ + @Parameter(description = "描述") + private String desc; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionRoleListResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionRoleListResult.java new file mode 100644 index 00000000..8fc63f68 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionRoleListResult.java @@ -0,0 +1,75 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 角色分页查询结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/11 23:08 + */ +@Data +@Accessors(chain = true) +@Schema(description = "分页查询角色结果") +public class AppPermissionRoleListResult implements Serializable { + + @Serial + private static final long serialVersionUID = 3320953184046791392L; + /** + * ID + */ + @Parameter(description = "id") + private String id; + /** + * 角色名称 + */ + @Parameter(description = "角色名称") + private String name; + + /** + * 角色编码 + */ + @Parameter(description = "角色编码") + private String code; + + /** + * 所属应用 + */ + @Parameter(description = "所属应用") + private String appId; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + /** + * remark + */ + @Parameter(description = "描述") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionRoleResult.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionRoleResult.java new file mode 100644 index 00000000..653a3214 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/pojo/response/app/AppPermissionRoleResult.java @@ -0,0 +1,69 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.pojo.response.app; + +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 获取角色 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/26 21:45 + */ +@Schema(description = "获取角色") +@Data +public class AppPermissionRoleResult implements Serializable { + /** + * id + */ + @Parameter(description = "id") + private String id; + /** + * appId + */ + @Parameter(description = "应用ID") + private String appId; + /** + * 角色名称 + */ + @Parameter(description = "角色名称") + private String name; + + /** + * 角色编码 + */ + @Parameter(description = "角色编码") + private String code; + + /** + * 是否启用 + */ + @Parameter(description = "是否启用") + private Boolean enabled; + + /** + * 备注 + */ + @Parameter(description = "备注") + private String remark; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppAccountService.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppAccountService.java new file mode 100644 index 00000000..2d3689d0 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppAccountService.java @@ -0,0 +1,58 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service; + +import cn.topiam.employee.common.entity.app.query.AppAccountQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppAccountCreateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppAccountListResult; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + * 应用账户 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/6/4 19:07 + */ +public interface AppAccountService { + + /** + * 查询应用账户 + * + * @param pageModel {@link PageModel} + * @param query {@link AppAccountQuery} + * @return {@link Page} + */ + Page getAppAccountList(PageModel pageModel, AppAccountQuery query); + + /** + * 新增应用账户 + * + * @param param {@link AppAccountCreateParam} + * @return {@link Boolean} + */ + Boolean createAppAccount(AppAccountCreateParam param); + + /** + * 删除应用账户 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deleteAppAccount(String id); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionActionService.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionActionService.java new file mode 100644 index 00000000..8de589f9 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionActionService.java @@ -0,0 +1,76 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service; + +import java.util.List; + +import cn.topiam.employee.openapi.pojo.request.app.query.AppPermissionListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionActionCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.ResourceActionUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionActionGetResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionActionListResult; + +/** + *

+ * 权限 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionActionService { + /** + * 获取权限列表 + * + * @param query {@link AppPermissionListQuery} + * @return {@link AppPermissionActionListResult} + */ + List getPermissionActionList(AppPermissionListQuery query); + + /** + * 获取权限详情 + * + * @param id {@link String} + * @return {@link AppPermissionActionGetResult} + */ + AppPermissionActionGetResult getPermissionAction(String id); + + /** + * 删除权限 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deletePermissionAction(String id); + + /** + * 创建权限 + * + * @param param {@link AppPermissionActionCreateParam} + * @return {@link Boolean} + */ + Boolean createPermissionAction(AppPermissionActionCreateParam param); + + /** + * 更新权限 + * + * @param param {@link ResourceActionUpdateParam} + * @return {@link Boolean} + */ + Boolean updatePermissionAction(ResourceActionUpdateParam param); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionPolicyService.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionPolicyService.java new file mode 100644 index 00000000..fe7c94e8 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionPolicyService.java @@ -0,0 +1,77 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service; + +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.openapi.pojo.request.app.query.OpenApiPolicyQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionPolicyCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionPolicyGetResult; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + *

+ * 权限策略 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionPolicyService { + /** + * 获取资源列表 + * + * @param page {@link PageModel} + * @param query {@link OpenApiPolicyQuery} + * @return {@link AppPermissionPolicyPO} + */ + Page getPermissionPolicyList(PageModel page, OpenApiPolicyQuery query); + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link AppPermissionPolicyGetResult} + */ + AppPermissionPolicyGetResult getPermissionPolicy(String id); + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deletePermissionPolicy(String id); + + /** + * 创建资源 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link Boolean} + */ + Boolean createPermissionPolicy(AppPermissionPolicyCreateParam param); + + /** + * 更新资源 + * + * @param param {@link AppPermissionPolicyUpdateParam} + * @return {@link Boolean} + */ + Boolean updatePermissionPolicy(AppPermissionPolicyUpdateParam param); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionResourceService.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionResourceService.java new file mode 100644 index 00000000..1cc8b919 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionResourceService.java @@ -0,0 +1,90 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service; + +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.openapi.pojo.request.app.query.AppResourceListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionResourceCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.AppPermissionResourceUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceGetResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceListResult; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + *

+ * 资源权限 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionResourceService { + /** + * 获取资源列表 + * + * @param page {@link PageModel} + * @param query {@link AppResourceListQuery} + * @return {@link AppPermissionResourceListResult} + */ + Page getPermissionResourceList(PageModel page, + AppResourceListQuery query); + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link AppPermissionResourceGetResult} + */ + AppPermissionResourceGetResult getPermissionResource(String id); + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deletePermissionResource(String id); + + /** + * 创建资源 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link Boolean} + */ + Boolean createPermissionResource(AppPermissionResourceCreateParam param); + + /** + * 更新资源 + * + * @param param {@link AppPermissionResourceUpdateParam} + * @return {@link Boolean} + */ + Boolean updatePermissionResource(AppPermissionResourceUpdateParam param); + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param appId {@link Long} + * @param id {@link Long} + * @return {@link Boolean} + */ + Boolean permissionResourceParamCheck(CheckValidityType type, String value, Long appId, Long id); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionRoleService.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionRoleService.java new file mode 100644 index 00000000..ffee1738 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/AppPermissionRoleService.java @@ -0,0 +1,100 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service; + +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.openapi.pojo.request.app.query.AppPermissionRoleListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionRoleCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.PermissionRoleUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleListResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleResult; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +/** + *

+ * 角色表 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +public interface AppPermissionRoleService { + + /** + * 获取所有角色(分页) + * + * @param page {@link PageModel} + * @param query {@link AppPermissionRoleListQuery} + * @return {@link AppPermissionRoleListResult} + */ + Page getPermissionRoleList(PageModel page, + AppPermissionRoleListQuery query); + + /** + * 创建角色 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + boolean createPermissionRole(AppPermissionRoleCreateParam param); + + /** + * 更新角色 + * + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + boolean updatePermissionRole(PermissionRoleUpdateParam param); + + /** + * 删除角色 + * + * @param ids {@link String} + * @return {@link Boolean} + */ + boolean deletePermissionRole(String ids); + + /** + * 角色详情 + * + * @param id {@link Long} + * @return {@link AppPermissionRoleResult} + */ + AppPermissionRoleResult getPermissionRole(Long id); + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param appId {@link Long} + * @param id {@link Long} + * @return {@link Boolean} + */ + Boolean permissionRoleParamCheck(CheckValidityType type, String value, Long appId, Long id); + + /** + * 更新角色状态 + * + * @param id {@link String} + * @param status {@link Boolean} + * @return {@link Boolean} + */ + Boolean updatePermissionRoleStatus(String id, Boolean status); +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppAccountServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppAccountServiceImpl.java new file mode 100644 index 00000000..92a15fea --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppAccountServiceImpl.java @@ -0,0 +1,126 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service.impl; + +import java.util.Optional; + +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.common.entity.app.po.AppAccountPO; +import cn.topiam.employee.common.entity.app.query.AppAccountQuery; +import cn.topiam.employee.common.exception.app.AppAccountExistException; +import cn.topiam.employee.common.repository.app.AppAccountRepository; +import cn.topiam.employee.openapi.converter.app.AppAccountConverter; +import cn.topiam.employee.openapi.pojo.request.app.save.AppAccountCreateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppAccountListResult; +import cn.topiam.employee.openapi.service.AppAccountService; +import cn.topiam.employee.support.exception.TopIamException; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +/** + * 应用账户 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/6/4 19:07 + */ +@Service +@Slf4j +@AllArgsConstructor +public class AppAccountServiceImpl implements AppAccountService { + + /** + * 查询应用账户 + * + * @param pageModel {@link PageModel} + * @param query {@link AppAccountQuery} + * @return {@link Page} + */ + @Override + public Page getAppAccountList(PageModel pageModel, + AppAccountQuery query) { + //分页条件 + QPageRequest request = QPageRequest.of(pageModel.getCurrent(), pageModel.getPageSize()); + //查询映射 + org.springframework.data.domain.Page list = appAccountRepository + .getAppAccountList(query, request); + return appAccountConverter.appAccountEntityConvertToAppAccountResult(list); + } + + /** + * 新增应用账户 + * + * @param param {@link AppAccountCreateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createAppAccount(AppAccountCreateParam param) { + Optional optional = appAccountRepository + .findByAppIdAndUserId(param.getAppId(), param.getUserId()); + if (optional.isPresent()) { + throw new AppAccountExistException(); + } + AppAccountEntity entity = appAccountConverter.appAccountCreateParamConvertToEntity(param); + appAccountRepository.save(entity); + AuditContext.setTarget(Target.builder().id(entity.getId().toString()) + .type(TargetType.APPLICATION_ACCOUNT).build()); + return true; + } + + /** + * 删除应用账户 + * + * @param id {@link Long} + * @return {@link String} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean deleteAppAccount(String id) { + Optional optional = appAccountRepository.findById(Long.valueOf(id)); + //管理员不存在 + if (optional.isEmpty()) { + AuditContext.setContent("删除失败,应用账户不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } + appAccountRepository.deleteById(Long.valueOf(id)); + AuditContext + .setTarget(Target.builder().id(id).type(TargetType.APPLICATION_ACCOUNT).build()); + return true; + } + + /** + * AppAccountConverter + */ + private final AppAccountConverter appAccountConverter; + + /** + * AppAccountRepository + */ + private final AppAccountRepository appAccountRepository; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionActionServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionActionServiceImpl.java new file mode 100644 index 00000000..249cc1d5 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionActionServiceImpl.java @@ -0,0 +1,99 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service.impl; + +import java.util.List; + +import org.springframework.stereotype.Service; + +import cn.topiam.employee.openapi.pojo.request.app.query.AppPermissionListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionActionCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.ResourceActionUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionActionGetResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionActionListResult; +import cn.topiam.employee.openapi.service.AppPermissionActionService; + +import lombok.RequiredArgsConstructor; + +/** + *

+ * 资源权限 服务类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionActionServiceImpl implements AppPermissionActionService { + + /** + * 获取权限列表 + * + * @param query {@link AppPermissionListQuery} + * @return {@link AppPermissionActionListResult} + */ + @Override + public List getPermissionActionList(AppPermissionListQuery query) { + return null; + } + + /** + * 获取权限详情 + * + * @param id {@link String} + * @return {@link AppPermissionActionGetResult} + */ + @Override + public AppPermissionActionGetResult getPermissionAction(String id) { + return null; + } + + /** + * 删除权限 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Override + public Boolean deletePermissionAction(String id) { + return null; + } + + /** + * 创建权限 + * + * @param param {@link AppPermissionActionCreateParam} + * @return {@link Boolean} + */ + @Override + public Boolean createPermissionAction(AppPermissionActionCreateParam param) { + return null; + } + + /** + * 更新权限 + * + * @param param {@link ResourceActionUpdateParam} + * @return {@link Boolean} + */ + @Override + public Boolean updatePermissionAction(ResourceActionUpdateParam param) { + return null; + } +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionPolicyServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionPolicyServiceImpl.java new file mode 100644 index 00000000..643ee508 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionPolicyServiceImpl.java @@ -0,0 +1,136 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service.impl; + +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; +import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; +import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; +import cn.topiam.employee.common.exception.app.AppPolicyNotExistException; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepository; +import cn.topiam.employee.openapi.converter.app.AppPermissionPolicyConverter; +import cn.topiam.employee.openapi.pojo.request.app.query.OpenApiPolicyQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionPolicyCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.AppPermissionPolicyUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionPolicyGetResult; +import cn.topiam.employee.openapi.service.AppPermissionPolicyService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +import lombok.RequiredArgsConstructor; + +/** + *

+ * 权限策略 服务实现类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionPolicyServiceImpl implements AppPermissionPolicyService { + + /** + * 获取策略列表 + * + * @param page {@link PageModel} + * @param query {@link OpenApiPolicyQuery} + * @return {@link AppPermissionPolicyPO} + */ + @Override + public Page getPermissionPolicyList(PageModel page, + OpenApiPolicyQuery query) { + AppPolicyQuery appPolicyQuery = new AppPolicyQuery(); + // TODO token获取所属应用 + // appPolicyQuery.setAppId(0L); + appPolicyQuery.setEffect(query.getEffect()); + appPolicyQuery.setSubjectId(query.getSubjectId()); + appPolicyQuery.setObjectId(query.getObjectId()); + appPolicyQuery.setSubjectType(query.getSubjectType()); + appPolicyQuery.setObjectType(query.getObjectType()); + QPageRequest request = QPageRequest.of(page.getCurrent(), page.getPageSize()); + org.springframework.data.domain.Page data = appPermissionPolicyRepository + .findPage(appPolicyQuery, request); + return appPermissionPolicyConverter.entityConvertToPolicyListResult(data); + } + + /** + * 获取策略 + * + * @param id {@link String} + * @return {@link AppPermissionPolicyGetResult} + */ + @Override + public AppPermissionPolicyGetResult getPermissionPolicy(String id) { + return null; + } + + /** + * 删除策略 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Override + public Boolean deletePermissionPolicy(String id) { + Long policyId = Long.valueOf(id); + appPermissionPolicyRepository.findById(policyId) + .orElseThrow(AppPolicyNotExistException::new); + appPermissionPolicyRepository.deleteById(policyId); + return true; + } + + /** + * 创建策略 + * + * @param param {@link AppPermissionPolicyCreateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createPermissionPolicy(AppPermissionPolicyCreateParam param) { + AppPermissionPolicyEntity resource = appPermissionPolicyConverter + .policyCreateParamConvertToEntity(param); + // 新增策略 + appPermissionPolicyRepository.save(resource); + return true; + } + + /** + * 更新策略 + * + * @param param {@link AppPermissionPolicyUpdateParam} + * @return {@link Boolean} + */ + @Override + public Boolean updatePermissionPolicy(AppPermissionPolicyUpdateParam param) { + AppPermissionPolicyEntity resource = appPermissionPolicyConverter + .policyUpdateParamConvertToEntity(param); + // 更新策略 + appPermissionPolicyRepository.save(resource); + return null; + } + + private final AppPermissionPolicyConverter appPermissionPolicyConverter; + + private final AppPermissionPolicyRepository appPermissionPolicyRepository; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionResourceServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionResourceServiceImpl.java new file mode 100644 index 00000000..e7d1bb26 --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionResourceServiceImpl.java @@ -0,0 +1,241 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service.impl; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; + +import cn.topiam.employee.common.entity.app.AppPermissionActionEntity; +import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.common.exception.app.AppResourceNotExistException; +import cn.topiam.employee.common.repository.app.AppPermissionActionRepository; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepository; +import cn.topiam.employee.common.repository.app.AppPermissionResourceRepository; +import cn.topiam.employee.openapi.converter.app.AppPermissionResourceConverter; +import cn.topiam.employee.openapi.pojo.request.app.AppPermissionsActionParam; +import cn.topiam.employee.openapi.pojo.request.app.query.AppResourceListQuery; +import cn.topiam.employee.openapi.pojo.request.app.query.OpenApiPolicyQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionResourceCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.AppPermissionResourceUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceGetResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionResourceListResult; +import cn.topiam.employee.openapi.service.AppPermissionResourceService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; + +import lombok.RequiredArgsConstructor; + +/** + *

+ * 资源权限 服务实现类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionResourceServiceImpl implements AppPermissionResourceService { + + /** + * 获取资源列表 + * + * @param page {@link PageModel} + * @param query {@link OpenApiPolicyQuery} + * @return {@link AppPermissionResourceListResult} + */ + @Override + public Page getPermissionResourceList(PageModel page, + AppResourceListQuery query) { + org.springframework.data.domain.Page data; + Predicate predicate = appPermissionResourceConverter + .resourcePaginationParamConvertToPredicate(query); + QPageRequest request = QPageRequest.of(page.getCurrent(), page.getPageSize()); + data = appResourceRepository.findAll(predicate, request); + return appPermissionResourceConverter.entityConvertToResourceListResult(data); + } + + /** + * 获取资源 + * + * @param id {@link String} + * @return {@link AppPermissionResourceGetResult} + */ + @Override + public AppPermissionResourceGetResult getPermissionResource(String id) { + AppPermissionResourceEntity resource = appResourceRepository.findById(Long.valueOf(id)) + .orElseThrow(AppResourceNotExistException::new); + return appPermissionResourceConverter.entityConvertToResourceGetResult(resource); + } + + /** + * 删除资源 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean deletePermissionResource(String id) { + Long resourceId = Long.valueOf(id); + AppPermissionResourceEntity resource = appResourceRepository.findById(resourceId) + .orElseThrow(AppResourceNotExistException::new); + List actionList = appPermissionActionRepository + .findAllByResource(resource); + List objectIdList = new ArrayList<>( + actionList.stream().map(AppPermissionActionEntity::getId).toList()); + objectIdList.add(resourceId); + appPermissionPolicyRepository.deleteAllByObjectIdIn(objectIdList); + appResourceRepository.deleteById(resourceId); + return true; + } + + /** + * 创建资源 + * + * @param param {@link AppPermissionResourceCreateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createPermissionResource(AppPermissionResourceCreateParam param) { + AppPermissionResourceEntity resource = appPermissionResourceConverter + .resourceCreateParamConvertToEntity(param); + buildActions(param.getActions(), resource); + // 新增资源 + appResourceRepository.save(resource); + return true; + } + + /** + * 更新资源 + * + * @param param {@link AppPermissionResourceUpdateParam} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean updatePermissionResource(AppPermissionResourceUpdateParam param) { + AppPermissionResourceEntity resource = appPermissionResourceConverter + .resourceUpdateParamConvertToEntity(param); + buildActions(param.getActions(), resource); + // 查询资源下所有权限 + List actionList = appPermissionActionRepository + .findAllByResource(resource); + // 取出未删除的权限id + Set reservedSet = resource.getActions().stream().map(AppPermissionActionEntity::getId) + .collect(Collectors.toSet()); + // 过滤要删除的权限id + List removeActions = actionList.stream() + .filter(item -> reservedSet.contains(item.getId())) + .map(AppPermissionActionEntity::getId).toList(); + appPermissionPolicyRepository.deleteAllByObjectIdIn(removeActions); + // 更新资源 + appResourceRepository.save(resource); + return true; + } + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param appId {@link Long} + * @param id {@link Long} + * @return {@link Boolean} + */ + @SuppressWarnings("DuplicatedCode") + @Override + public Boolean permissionResourceParamCheck(CheckValidityType type, String value, Long appId, + Long id) { + QAppPermissionResourceEntity role = QAppPermissionResourceEntity.appPermissionResourceEntity; + AppPermissionResourceEntity entity = new AppPermissionResourceEntity(); + boolean result = false; + // ID存在说明是修改操作,查询一下当前数据 + if (Objects.nonNull(id)) { + entity = appResourceRepository.findById(id) + .orElseThrow(AppResourceNotExistException::new); + } + //资源名称 + if (CheckValidityType.NAME.equals(type)) { + if (StringUtils.equals(entity.getName(), value)) { + return true; + } + BooleanExpression eq = role.name.eq(value); + eq.and(role.appId.eq(appId)); + result = !appResourceRepository.exists(eq); + } + //资源编码 + if (CheckValidityType.CODE.equals(type)) { + if (StringUtils.equals(entity.getCode(), value)) { + return true; + } + BooleanExpression eq = role.code.eq(value); + eq.and(role.appId.eq(appId)); + result = !appResourceRepository.exists(eq); + } + return result; + } + + /** + * 批量处理actions + * + * @param permissions {@link List} + * @param resource {@link AppPermissionResourceEntity>} + */ + private void buildActions(List permissions, + AppPermissionResourceEntity resource) { + // 权限 + List list = new ArrayList<>(); + for (AppPermissionsActionParam p : permissions) { + AppPermissionActionEntity entity = new AppPermissionActionEntity(); + entity.setResource(resource); + entity.setType(p.getType()); + entity.setName(p.getName()); + //API需要单独处理 + entity.setValue(p.getValue()); + list.add(entity); + } + resource.setActions(list); + } + + private final AppPermissionResourceConverter appPermissionResourceConverter; + + private final AppPermissionResourceRepository appResourceRepository; + /** + * PolicyRepository + */ + private final AppPermissionPolicyRepository appPermissionPolicyRepository; + /** + * ActionRepository + */ + private final AppPermissionActionRepository appPermissionActionRepository; +} diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionRoleServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionRoleServiceImpl.java new file mode 100644 index 00000000..3194c22b --- /dev/null +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/AppPermissionRoleServiceImpl.java @@ -0,0 +1,211 @@ +/* + * eiam-openapi - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.openapi.service.impl; + +import java.util.Arrays; +import java.util.List; +import java.util.Objects; +import java.util.Optional; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; + +import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; +import cn.topiam.employee.common.entity.app.QAppPermissionRoleEntity; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.common.exception.app.AppRoleNotExistException; +import cn.topiam.employee.common.repository.app.AppPermissionPolicyRepository; +import cn.topiam.employee.common.repository.app.AppPermissionRoleRepository; +import cn.topiam.employee.openapi.converter.app.AppPermissionRoleConverter; +import cn.topiam.employee.openapi.pojo.request.app.query.AppPermissionRoleListQuery; +import cn.topiam.employee.openapi.pojo.request.app.save.AppPermissionRoleCreateParam; +import cn.topiam.employee.openapi.pojo.request.app.update.PermissionRoleUpdateParam; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleListResult; +import cn.topiam.employee.openapi.pojo.response.app.AppPermissionRoleResult; +import cn.topiam.employee.openapi.service.AppPermissionRoleService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.util.BeanUtils; + +import lombok.RequiredArgsConstructor; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; + +/** + *

+ * 角色表 服务实现类 + *

+ * + * @author TopIAM + * Created by support@topiam.cn on 2020-08-10 + */ +@Service +@RequiredArgsConstructor +public class AppPermissionRoleServiceImpl implements AppPermissionRoleService { + + /** + * 获取所有角色(分页) + * + * @param page {@link PageModel} + * @return {@link AppPermissionRoleListResult} + */ + @Override + public Page getPermissionRoleList(PageModel page, + AppPermissionRoleListQuery query) { + org.springframework.data.domain.Page data; + Predicate predicate = appPermissionRoleConverter + .rolePaginationParamConvertToPredicate(query); + QPageRequest request = QPageRequest.of(page.getCurrent(), page.getPageSize()); + data = appPermissionRoleRepository.findAll(predicate, request); + return appPermissionRoleConverter.entityConvertToRolePaginationResult(data); + } + + /** + * 创建系统 + * + * @param param {@link AppPermissionRoleCreateParam} + * @return {@link Boolean} + */ + @Override + public boolean createPermissionRole(AppPermissionRoleCreateParam param) { + AppPermissionRoleEntity entity = appPermissionRoleConverter + .roleCreateParamConvertToEntity(param); + appPermissionRoleRepository.save(entity); + return true; + } + + /** + * @param param {@link PermissionRoleUpdateParam} + * @return {@link Boolean} + */ + @Override + public boolean updatePermissionRole(PermissionRoleUpdateParam param) { + AppPermissionRoleEntity source = appPermissionRoleConverter + .roleUpdateParamConvertToEntity(param); + AppPermissionRoleEntity target = appPermissionRoleRepository + .findById(Long.valueOf(param.getId())).orElseThrow(AppRoleNotExistException::new); + BeanUtils.merge(source, target, LAST_MODIFIED_TIME, LAST_MODIFIED_BY); + appPermissionRoleRepository.save(target); + return true; + } + + /** + * 删除角色 + * + * @param ids {@link String} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public boolean deletePermissionRole(String ids) { + List idList = Arrays.stream(ids.split(",")).toList(); + List longIds = idList.stream().map(Long::parseLong).toList(); + appPermissionRoleRepository.deleteAllById(longIds); + // 删除对应策略 + appPermissionPolicyRepository.deleteAllBySubjectIdIn(idList); + appPermissionPolicyRepository.deleteAllByObjectIdIn(longIds); + return true; + } + + /** + * 角色详情 + * + * @param id {@link Long} + * @return {@link AppPermissionRoleResult} + */ + @Override + public AppPermissionRoleResult getPermissionRole(Long id) { + //查询 + Optional entity = appPermissionRoleRepository.findById(id); + //映射 + return appPermissionRoleConverter.entityConvertToRoleDetailResult(entity.orElse(null)); + } + + /** + * 参数有效性验证 + * + * @param type {@link CheckValidityType} + * @param value {@link String} + * @param id {@link Long} + * @param appId {@link Long} + * @return {@link Boolean} + */ + @SuppressWarnings("DuplicatedCode") + @Override + public Boolean permissionRoleParamCheck(CheckValidityType type, String value, Long appId, + Long id) { + QAppPermissionRoleEntity role = QAppPermissionRoleEntity.appPermissionRoleEntity; + AppPermissionRoleEntity entity = new AppPermissionRoleEntity(); + boolean result = false; + // ID存在说明是修改操作,查询一下当前数据 + if (Objects.nonNull(id)) { + entity = appPermissionRoleRepository.findById(id) + .orElseThrow(AppRoleNotExistException::new); + } + //角色编码 + if (CheckValidityType.CODE.equals(type)) { + if (StringUtils.equals(entity.getCode(), value)) { + return true; + } + BooleanExpression eq = role.code.eq(value); + eq.and(role.appId.eq(appId)); + result = !appPermissionRoleRepository.exists(eq); + } + //角色名称 + if (CheckValidityType.NAME.equals(type)) { + if (StringUtils.equals(entity.getName(), value)) { + return true; + } + BooleanExpression eq = role.name.eq(value); + eq.and(role.appId.eq(appId)); + result = !appPermissionRoleRepository.exists(eq); + } + return result; + } + + /** + * 更新角色状态 + * + * @param id {@link String} + * @param status {@link Boolean} + * @return {@link Boolean} + */ + @Override + public Boolean updatePermissionRoleStatus(String id, Boolean status) { + appPermissionRoleRepository.updateStatus(id, status); + return true; + } + + /** + * 用户数据映射器 + */ + private final AppPermissionRoleConverter appPermissionRoleConverter; + /** + * RoleRepository + */ + private final AppPermissionRoleRepository appPermissionRoleRepository; + /** + * PolicyRepository + */ + private final AppPermissionPolicyRepository appPermissionPolicyRepository; +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java new file mode 100644 index 00000000..687503f4 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java @@ -0,0 +1,105 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.controller; + +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import cn.topiam.employee.application.AppAccount; +import cn.topiam.employee.audit.annotation.Audit; +import cn.topiam.employee.audit.event.type.EventType; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; +import cn.topiam.employee.portal.service.AppAccountService; +import cn.topiam.employee.support.lock.Lock; +import cn.topiam.employee.support.preview.Preview; +import cn.topiam.employee.support.result.ApiRestResult; + +import lombok.AllArgsConstructor; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import static cn.topiam.employee.common.constant.AppConstants.APP_PATH; + +/** + * 应用账户资源 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/6/4 21:06 + */ +@Validated +@Tag(name = "应用账户") +@RestController +@AllArgsConstructor +@RequestMapping(value = APP_PATH + "/account", produces = MediaType.APPLICATION_JSON_VALUE) +public class AppAccountController { + + /** + * 获取应用账户列表 + * + * @param appId {@link String} + * @return {@link } + */ + @Operation(summary = "获取应用账户") + @GetMapping("/appId/{appId}") + public ApiRestResult getAppAccountList(@PathVariable String appId) { + AppAccount appAccount = appAccountService.getAppAccount(Long.valueOf(appId)); + return ApiRestResult.ok(appAccount); + } + + /** + * 创建应用账户 + * + * @param param {@link AppAccountRequest} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "创建应用账户") + @Audit(type = EventType.ADD_APP_ACCOUNT) + @PostMapping(value = "/create") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult createAppAccount(@RequestBody @Validated AppAccountRequest param) { + return ApiRestResult. builder().result(appAccountService.createAppAccount(param)) + .build(); + } + + /** + * 删除应用账户 + * + * @param id {@link String} + * @return {@link Boolean} + */ + @Lock + @Preview + @Operation(summary = "删除应用账户") + @Audit(type = EventType.DELETE_APP_ACCOUNT) + @DeleteMapping(value = "/delete/{id}") + @PreAuthorize(value = "authenticated and @sae.hasAuthority(T(cn.topiam.employee.support.security.userdetails.UserType).ADMIN)") + public ApiRestResult deleteAppAccount(@PathVariable(value = "id") String id) { + return ApiRestResult. builder().result(appAccountService.deleteAppAccount(id)) + .build(); + } + + /** + * AppAccountService + */ + private final AppAccountService appAccountService; + +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppAccountConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppAccountConverter.java new file mode 100644 index 00000000..1c6b4598 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppAccountConverter.java @@ -0,0 +1,51 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.converter; + +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; + +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; + +/** + * 应用账户映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 21:08 + */ +@Mapper(componentModel = "spring") +public interface AppAccountConverter { + + /** + * 应用账户新增参数转换应用账户实体 + * + * @param param {@link AppAccountRequest} + * @return {@link AppAccountEntity} + */ + @Mapping(target = "userId", ignore = true) + @Mapping(target = "deleted", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + AppAccountEntity appAccountRequestConvertToEntity(AppAccountRequest param); + +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AppAccountRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AppAccountRequest.java new file mode 100644 index 00000000..120f91fe --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AppAccountRequest.java @@ -0,0 +1,55 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.pojo.request; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotNull; + +/** + * AppAccountRequest 应用账户新增入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 22:13 + */ +@Data +@Schema(description = "应用账户新增入参") +public class AppAccountRequest { + + /** + * 应用ID + */ + @Schema(description = "应用ID") + @NotNull(message = "应用ID不能为空") + private Long appId; + + /** + * 账户名称 + */ + @Schema(description = "账户名称") + @NotBlank(message = "账户名称不能为空") + private String account; + + /** + * 账户密码 + */ + @Schema(description = "账户密码") + private String password; +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AppAccountService.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AppAccountService.java new file mode 100644 index 00000000..782085a0 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AppAccountService.java @@ -0,0 +1,53 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.service; + +import cn.topiam.employee.application.AppAccount; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; + +/** + * 应用账户 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 21:07 + */ +public interface AppAccountService { + + /** + * 新增应用账户 + * + * @param param {@link AppAccountRequest} + * @return {@link Boolean} + */ + Boolean createAppAccount(AppAccountRequest param); + + /** + * 删除应用账户 + * + * @param id {@link String} + * @return {@link Boolean} + */ + Boolean deleteAppAccount(String id); + + /** + * 获取应用账户 + * @param appId {@link Long} + * @return {@link AppAccount} + */ + AppAccount getAppAccount(Long appId); +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppAccountServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppAccountServiceImpl.java new file mode 100644 index 00000000..b9f6488a --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppAccountServiceImpl.java @@ -0,0 +1,134 @@ +/* + * eiam-portal - Employee Identity and Access Management + * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.service.impl; + +import java.nio.charset.StandardCharsets; +import java.util.Optional; + +import org.apache.commons.codec.binary.Base64; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import com.alibaba.excel.util.StringUtils; + +import cn.topiam.employee.application.AppAccount; +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.common.exception.app.AppAccountExistException; +import cn.topiam.employee.common.jackjson.encrypt.EncryptContextHelp; +import cn.topiam.employee.common.repository.app.AppAccountRepository; +import cn.topiam.employee.portal.converter.AppAccountConverter; +import cn.topiam.employee.portal.pojo.request.AppAccountRequest; +import cn.topiam.employee.portal.service.AppAccountService; +import cn.topiam.employee.support.exception.TopIamException; +import cn.topiam.employee.support.security.util.SecurityUtils; + +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; + +/** + * 应用账户 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/8/25 21:07 + */ +@Service +@Slf4j +@AllArgsConstructor +public class AppAccountServiceImpl implements AppAccountService { + + /** + * 新增应用账户 + * + * @param param {@link AppAccountRequest} + * @return {@link Boolean} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean createAppAccount(AppAccountRequest param) { + Optional optional = appAccountRepository + .findByAppIdAndUserId(param.getAppId(), Long.valueOf(SecurityUtils.getCurrentUserId())); + if (optional.isPresent()) { + throw new AppAccountExistException(); + } + AppAccountEntity entity = appAccountConverter.appAccountRequestConvertToEntity(param); + //密码不为空 + if (!StringUtils.isBlank(param.getPassword())) { + Base64 base64 = new Base64(); + String password = new String(base64.decode(param.getPassword()), + StandardCharsets.UTF_8); + entity.setPassword(EncryptContextHelp.encrypt(password)); + } + appAccountRepository.save(entity); + AuditContext.setTarget( + Target.builder().id(entity.getUserId().toString()).type(TargetType.USER).build(), + Target.builder().id(entity.getAccount()).type(TargetType.APPLICATION_ACCOUNT).build(), + Target.builder().id(entity.getAppId().toString()).type(TargetType.APPLICATION).build()); + return true; + } + + /** + * 删除应用账户 + * + * @param id {@link Long} + * @return {@link String} + */ + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean deleteAppAccount(String id) { + Optional optional = appAccountRepository.findById(Long.valueOf(id)); + //管理员不存在 + if (optional.isEmpty()) { + AuditContext.setContent("删除失败,应用账户不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } + appAccountRepository.deleteById(Long.valueOf(id)); + AuditContext.setTarget( + Target.builder().id(optional.get().getId().toString()).type(TargetType.USER).build(), + Target.builder().id(optional.get().getAppId().toString()).type(TargetType.APPLICATION) + .build()); + return true; + } + + @Override + public AppAccount getAppAccount(Long appId) { + Optional optional = appAccountRepository.findByAppIdAndUserId(appId, + Long.valueOf(SecurityUtils.getCurrentUserId())); + if (optional.isPresent()) { + AppAccountEntity entity = optional.get(); + AppAccount account = new AppAccount(); + account.setAppId(entity.getAppId()); + account.setAccount(entity.getAccount()); + return account; + } + return null; + } + + /** + * AppAccountConverter + */ + private final AppAccountConverter appAccountConverter; + + /** + * AppAccountRepository + */ + private final AppAccountRepository appAccountRepository; +}