From c60fc87648960da3b19e1589258e2c4f26158323 Mon Sep 17 00:00:00 2001
From: fengshuonan <sn93@qq.com>
Date: Wed, 21 Jun 2023 16:37:01 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys=E3=80=91?=
 =?UTF-8?q?=E3=80=90permission=E3=80=91=E5=A2=9E=E5=8A=A0=E6=9B=B4?=
 =?UTF-8?q?=E6=96=B0=E7=94=A8=E6=88=B7=E6=BF=80=E6=B4=BB=E7=9A=84=E5=BA=94?=
 =?UTF-8?q?=E7=94=A8id=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../exception/enums/RoleExceptionEnum.java    | 36 +++++++++++++++++++
 .../login/service/UserIndexInfoService.java   | 27 +++++++++++++-
 .../role/service/SysRoleMenuService.java      | 11 ++++++
 .../service/impl/SysRoleMenuServiceImpl.java  |  8 +++++
 4 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/exception/enums/RoleExceptionEnum.java

diff --git a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/exception/enums/RoleExceptionEnum.java b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/exception/enums/RoleExceptionEnum.java
new file mode 100644
index 000000000..7c1e77627
--- /dev/null
+++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/exception/enums/RoleExceptionEnum.java
@@ -0,0 +1,36 @@
+package cn.stylefeng.roses.kernel.sys.api.exception.enums;
+
+import cn.stylefeng.roses.kernel.rule.constants.RuleConstants;
+import cn.stylefeng.roses.kernel.rule.exception.AbstractExceptionEnum;
+import lombok.Getter;
+
+/**
+ * 角色相关的异常
+ *
+ * @author fengshuonan
+ * @since 2023/6/21 16:34
+ */
+@Getter
+public enum RoleExceptionEnum implements AbstractExceptionEnum {
+
+    /**
+     * 用户没有该应用的权限，无法跳转到该应用
+     */
+    USER_HAVE_NO_APP_ID(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10001", "用户没有该应用的权限，无法跳转到该应用");
+
+    /**
+     * 错误编码
+     */
+    private final String errorCode;
+
+    /**
+     * 提示用户信息
+     */
+    private final String userTip;
+
+    RoleExceptionEnum(String errorCode, String userTip) {
+        this.errorCode = errorCode;
+        this.userTip = userTip;
+    }
+
+}
\ No newline at end of file
diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java
index c411ac320..812fed953 100644
--- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java
+++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java
@@ -12,6 +12,7 @@ import cn.stylefeng.roses.kernel.sys.api.SysUserOrgServiceApi;
 import cn.stylefeng.roses.kernel.sys.api.SysUserRoleServiceApi;
 import cn.stylefeng.roses.kernel.sys.api.SysUserServiceApi;
 import cn.stylefeng.roses.kernel.sys.api.exception.enums.OrgExceptionEnum;
+import cn.stylefeng.roses.kernel.sys.api.exception.enums.RoleExceptionEnum;
 import cn.stylefeng.roses.kernel.sys.api.pojo.user.SimpleUserDTO;
 import cn.stylefeng.roses.kernel.sys.api.pojo.user.UserOrgDTO;
 import cn.stylefeng.roses.kernel.sys.modular.app.service.SysAppService;
@@ -124,11 +125,12 @@ public class UserIndexInfoService {
         if (updateUserOrgAppRequest.getNewAppId() != null) {
 
             // 判断当前用户是否有该应用id
-
+            this.validateUserHaveAppId(loginUser, updateUserOrgAppRequest.getNewAppId());
 
             loginUser.setCurrentAppId(updateUserOrgAppRequest.getNewAppId());
         }
 
+        // 更新用户会话信息
         sessionManagerApi.updateSession(loginUser.getToken(), loginUser);
     }
 
@@ -349,4 +351,27 @@ public class UserIndexInfoService {
         userIndexInfo.setWebsocketUrl(webSocketWsUrl);
     }
 
+    /**
+     * 判断用户是否有对应appId的权限
+     *
+     * @param loginUser 登录用户
+     * @param appId     指定的应用id
+     * @return true-用户有该应用下的权限，false-用户没有该应用下的权限
+     * @author fengshuonan
+     * @since 2023/6/21 16:23
+     */
+    private void validateUserHaveAppId(LoginUser loginUser, Long appId) {
+
+        Long userId = loginUser.getUserId();
+
+        // 获取用户拥有的角色id集合
+        List<Long> userRoleIdList = this.sysUserRoleServiceApi.getUserRoleIdList(userId);
+
+        // 获取角色有没有对应应用下的菜单，如果有菜单则代表有该应用的权限
+        boolean permissionFlag = this.sysRoleMenuService.validateRoleHaveAppIdPermission(userRoleIdList, appId);
+        if (!permissionFlag) {
+            throw new ServiceException(RoleExceptionEnum.USER_HAVE_NO_APP_ID);
+        }
+    }
+
 }
diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleMenuService.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleMenuService.java
index 4d3349cef..4f7ce7014 100644
--- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleMenuService.java
+++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleMenuService.java
@@ -88,4 +88,15 @@ public interface SysRoleMenuService extends IService<SysRoleMenu> {
      */
     List<Long> getRoleBindMenuIdList(List<Long> roleIdList);
 
+    /**
+     * 判断指定角色集合，是否有对应应用的权限
+     *
+     * @param roleIdList 角色id集合，一般指的是用户拥有的角色id集合
+     * @param appId      应用id
+     * @return true-角色id集合中包含该应用的权限，false-角色id集合中不包含权限
+     * @author fengshuonan
+     * @since 2023/6/21 16:27
+     */
+    boolean validateRoleHaveAppIdPermission(List<Long> roleIdList, Long appId);
+
 }
\ No newline at end of file
diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleMenuServiceImpl.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleMenuServiceImpl.java
index e6671d97b..e1575c230 100644
--- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleMenuServiceImpl.java
+++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleMenuServiceImpl.java
@@ -128,6 +128,14 @@ public class SysRoleMenuServiceImpl extends ServiceImpl<SysRoleMenuMapper, SysRo
         return sysRoleMenuList.stream().map(SysRoleMenu::getMenuId).collect(Collectors.toList());
     }
 
+    @Override
+    public boolean validateRoleHaveAppIdPermission(List<Long> roleIdList, Long appId) {
+        LambdaQueryWrapper<SysRoleMenu> sysRoleMenuLambdaQueryWrapper = new LambdaQueryWrapper<>();
+        sysRoleMenuLambdaQueryWrapper.in(SysRoleMenu::getRoleId, roleIdList);
+        sysRoleMenuLambdaQueryWrapper.eq(SysRoleMenu::getAppId, appId);
+        return this.count(sysRoleMenuLambdaQueryWrapper) > 0;
+    }
+
     @Override
     public List<SysRoleMenu> findList(SysRoleMenuRequest sysRoleMenuRequest) {
         LambdaQueryWrapper<SysRoleMenu> wrapper = this.createWrapper(sysRoleMenuRequest);