【8.3.3】【datascope】更新数据范围，从新整理DataScopeConfig类

2025-01-25 22:40:01 +08:00 · 2025-01-25 22:40:01 +08:00 · 36f586f092
parent fe5e2286ab
commit 36f586f092
4 changed files with 147 additions and 62 deletions
--- a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/config/DataScopeConfig.java
+++ b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/config/DataScopeConfig.java
@ -1,10 +1,9 @@
 package cn.stylefeng.roses.kernel.db.mp.datascope.config;

 import cn.stylefeng.roses.kernel.db.mp.datascope.ProjectDataScopeHandler;
-import cn.stylefeng.roses.kernel.rule.enums.permission.DataScopeTypeEnum;
 import lombok.Data;

-import java.util.List;
+import java.util.Set;

 /**
 * 数据范围权限配置
@ -16,38 +15,34 @@ import java.util.List;
 public class DataScopeConfig {

    /**
-     * 用户的数据范围权限类型
+     * 是否是全部的数据范围
+     * <p>
+     * 不限制数据范围的查询
     */
-    private DataScopeTypeEnum dataScopeType;
+    private boolean totalDataScope = false;

    /**
-     * 限制的用户id
+     * 用户拥有权限的用户id
+     * <p>
+     * 一般为用户自己的id
     */
    private Long userId;

-    /**
-     * 用户所在部门id
-     */
-    private Long userDeptId;
-
-    /**
-     * 用户所在公司id
-     */
-    private Long userCompanyId;
-
-    /**
-     * 指定机构的ID列表，仅在数据范围类型为 DEFINE 时使用
-     */
-    private List<Long> specificOrgIds;
-
-    /**
-     * 限制组织机构范围的字段名称
-     */
-    private String orgIdFieldName = ProjectDataScopeHandler.DEFAULT_ORG_ID_FIELD_NAME;
-
    /**
     * 用来限制只查询自己数据的字段名称
     */
    private String userIdFieldName = ProjectDataScopeHandler.DEFAULT_USER_ID_FIELD_NAME;

+    /**
+     * 用户拥有权限的组织机构id集合
+     * <p>
+     * 通过角色权限表，计算出来的最终结果
+     */
+    private Set<Long> userOrgIdList;
+
+    /**
+     * 限制组织机构范围的字段名称
+     */
+    private String orgIdFieldName = ProjectDataScopeHandler.DEFAULT_ORG_ID_FIELD_NAME;
+
 }
--- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleDataScopeService.java
+++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleDataScopeService.java
@ -88,4 +88,12 @@ public interface SysRoleDataScopeService extends IService<SysRoleDataScope> {
     */
    Set<Long> getRoleBindOrgIdList(List<Long> roleIdList);

+    /**
+     * 获取指定角色列表的数据范围列表
+     *
+     * @author fengshuonan
+     * @since 2025/1/25 21:22
+     */
+    List<SysRoleDataScope> getRoleDataScopeList(List<Long> roleIdList);
+
 }
--- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleDataScopeServiceImpl.java
+++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleDataScopeServiceImpl.java
@ -194,6 +194,13 @@ public class SysRoleDataScopeServiceImpl extends ServiceImpl<SysRoleDataScopeMap
        return new HashSet<>();
    }

+    @Override
+    public List<SysRoleDataScope> getRoleDataScopeList(List<Long> roleIdList) {
+        LambdaQueryWrapper<SysRoleDataScope> wrapper = new LambdaQueryWrapper<>();
+        wrapper.in(SysRoleDataScope::getRoleId, roleIdList);
+        return this.list(wrapper);
+    }
+
    @Override
    public void validateHaveRoleBind(Set<Long> beRemovedRoleIdList) {
        // none
--- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java
+++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java
@ -1,21 +1,24 @@
 package cn.stylefeng.roses.kernel.sys.modular.role.service.impl;

 import cn.hutool.core.collection.CollectionUtil;
-import cn.hutool.core.collection.ListUtil;
+import cn.hutool.core.util.ObjectUtil;
 import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.db.api.DbOperatorApi;
+import cn.stylefeng.roses.kernel.db.mp.datascope.ProjectDataScopeHandler;
 import cn.stylefeng.roses.kernel.db.mp.datascope.UserRoleDataScopeApi;
 import cn.stylefeng.roses.kernel.db.mp.datascope.config.DataScopeConfig;
 import cn.stylefeng.roses.kernel.rule.enums.permission.DataScopeTypeEnum;
+import cn.stylefeng.roses.kernel.sys.api.OrganizationServiceApi;
 import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi;
-import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRole;
+import cn.stylefeng.roses.kernel.sys.api.pojo.org.CompanyDeptDTO;
+import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRoleDataScope;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleDataScopeService;
 import cn.stylefeng.roses.kernel.sys.modular.role.service.SysRoleService;
 import jakarta.annotation.Resource;
 import org.springframework.stereotype.Service;

-import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Set;

@ -40,13 +43,16 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi {
    @Resource
    private DbOperatorApi dbOperatorApi;

+    @Resource
+    private OrganizationServiceApi organizationServiceApi;
+
    @Override
    public DataScopeConfig getUserRoleDataScopeConfig() {

        // 获取当前登录用户id
        LoginUser loginUser = LoginContext.me().getLoginUserNullable();
        if (loginUser == null) {
-            return null;
+            return nullDataScopeConfig();
        }

        // 获取用户的角色id集合
@ -58,43 +64,112 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi {
            userRoleIdList.remove(defaultRoleId);
        }

-        // 获取这些角色对应的【最高】的数据范围，取数据范围10-50最大的数字
-        Integer maxDataScope = 0;
-        Long finalRoleId = null;
-        List<SysRole> roleDataScopeType = sysRoleService.getRoleDataScopeType(userRoleIdList);
-        for (SysRole sysRole : roleDataScopeType) {
-            if (sysRole.getDataScopeType() > maxDataScope) {
-                maxDataScope = sysRole.getDataScopeType();
-                finalRoleId = sysRole.getRoleId();
-            }
+        // 获取这些角色的所有的数据范围信息的汇总
+        List<SysRoleDataScope> roleDataScopeList = sysRoleDataScopeService.getRoleDataScopeList(userRoleIdList);
+        if (ObjectUtil.isEmpty(roleDataScopeList)) {
+            return nullDataScopeConfig();
        }

+        // 通过这些角色的数据范围信息，构建出数据范围配置
+        return parseSysRoleDataScope(roleDataScopeList, loginUser);
+    }
+
+    /**
+     * 空的数据范围的配置
+     *
+     * @author fengshuonan
+     * @since 2025/1/25 21:59
+     */
+    private DataScopeConfig nullDataScopeConfig() {
        DataScopeConfig dataScopeConfig = new DataScopeConfig();
-
-        // 设置数据最终的数据范围
-        dataScopeConfig.setDataScopeType(DataScopeTypeEnum.codeToEnum(maxDataScope));
-
-        // 如果数据范围是指定部门，则需要单独查下这个角色对应的部门数据有哪些
-        if (DataScopeTypeEnum.DEFINE.getCode().equals(maxDataScope)) {
-            Set<Long> roleBindOrgIdList = sysRoleDataScopeService.getRoleBindOrgIdList(ListUtil.list(false, finalRoleId));
-            dataScopeConfig.setSpecificOrgIds(new ArrayList<>(roleBindOrgIdList));
-        }
-
-        // 设置用户id
-        dataScopeConfig.setUserId(loginUser.getUserId());
-
-        // 如果数据范围是本公司及以下，则查询当前用户的公司id
-        if (DataScopeTypeEnum.COMPANY_WITH_CHILD.getCode().equals(maxDataScope)) {
-            Long currentUserCompanyId = LoginContext.me().getCurrentUserCompanyId();
-            dataScopeConfig.setUserCompanyId(currentUserCompanyId);
-        }
-
-        // 如果是本部门数据，或者本部门及以下，需要查询当前用户的部门id
-        if (DataScopeTypeEnum.DEPT.getCode().equals(maxDataScope) || DataScopeTypeEnum.DEPT_WITH_CHILD.getCode().equals(maxDataScope)) {
-            dataScopeConfig.setUserDeptId(loginUser.getCurrentOrgId());
-        }
-
+        dataScopeConfig.setUserId(ProjectDataScopeHandler.NONE_ID_VALUE);
+        dataScopeConfig.setUserOrgIdList(CollectionUtil.set(false, ProjectDataScopeHandler.NONE_ID_VALUE));
        return dataScopeConfig;
    }

+    /**
+     * 将角色的数据范围配置，转化为最终的数据权限的结果
+     *
+     * @author fengshuonan
+     * @since 2025/1/25 22:01
+     */
+    private DataScopeConfig parseSysRoleDataScope(List<SysRoleDataScope> sysRoleDataScopeList, LoginUser loginUser) {
+
+        DataScopeConfig dataScopeConfig = new DataScopeConfig();
+
+        // 如果包含了全部数据，则将结果设置为全部数据，并直接返回结果
+        for (SysRoleDataScope sysRoleDataScope : sysRoleDataScopeList) {
+            if (DataScopeTypeEnum.ALL.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                dataScopeConfig.setTotalDataScope(true);
+                return dataScopeConfig;
+            }
+        }
+
+        // 如果有仅包含自己的数据，则将结果设置为仅包含自己的数据
+        for (SysRoleDataScope sysRoleDataScope : sysRoleDataScopeList) {
+            if (DataScopeTypeEnum.SELF.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                dataScopeConfig.setUserId(loginUser.getUserId());
+            }
+        }
+
+        // 开始处理除了仅本人、全部数据外的数据范围
+        Set<Long> userOrgIdList = new HashSet<>();
+        for (SysRoleDataScope sysRoleDataScope : sysRoleDataScopeList) {
+
+            // 如果是20-本部门数据
+            if (DataScopeTypeEnum.DEPT.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                userOrgIdList.add(loginUser.getCurrentOrgId());
+            }
+
+            // 如果是30-本部门及以下数据
+            else if (DataScopeTypeEnum.DEPT_WITH_CHILD.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                Set<Long> pointOrgAndSub = this.getPointOrgAndSub(loginUser.getCurrentOrgId());
+                userOrgIdList.addAll(pointOrgAndSub);
+            }
+
+            // 如果是31-本公司及以下数据
+            else if (DataScopeTypeEnum.COMPANY_WITH_CHILD.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                // 获取当前部门的公司id
+                CompanyDeptDTO companyDeptInfo = organizationServiceApi.getCompanyDeptInfo(loginUser.getCurrentOrgId());
+                if (companyDeptInfo == null) {
+                    continue;
+                }
+                Long companyId = companyDeptInfo.getCompanyId();
+                Set<Long> pointOrgAndSub = this.getPointOrgAndSub(companyId);
+                userOrgIdList.addAll(pointOrgAndSub);
+            }
+
+            // 如果是32-指定机构层级及以下
+            else if (DataScopeTypeEnum.DEFINE_ORG_LEVEL_WITH_CHILD.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                // todo
+            }
+
+            // 如果是40-指定机构集合数据
+            else if (DataScopeTypeEnum.DEFINE.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                userOrgIdList.addAll(sysRoleDataScope.getDefineOrgList());
+            }
+
+            // 如果是41-指定机构及以下
+            else if (DataScopeTypeEnum.DEFINE_ORG_WITH_CHILD.getCode().equals(sysRoleDataScope.getDataScopeType())) {
+                Long defineOrgId = sysRoleDataScope.getDefineOrgId();
+                Set<Long> pointOrgAndSub = this.getPointOrgAndSub(defineOrgId);
+                userOrgIdList.addAll(pointOrgAndSub);
+            }
+        }
+        dataScopeConfig.setUserOrgIdList(userOrgIdList);
+        return dataScopeConfig;
+    }
+
+    /**
+     * 获取指定机构及以下的所有机构的id集合
+     *
+     * @author fengshuonan
+     * @since 2025/1/25 22:24
+     */
+    public Set<Long> getPointOrgAndSub(Long orgId) {
+        Set<Long> subOrgIdList = this.dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", orgId);
+        subOrgIdList.add(orgId);
+        return subOrgIdList;
+    }
+
 }