diff --git a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java index 8bbf4a77a..1f96d38ec 100644 --- a/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java +++ b/kernel-d-db/db-sdk-mp/src/main/java/cn/stylefeng/roses/kernel/db/mp/datascope/UserRoleDataScopeApi.java @@ -2,8 +2,6 @@ package cn.stylefeng.roses.kernel.db.mp.datascope; import cn.stylefeng.roses.kernel.db.mp.datascope.config.DataScopeConfig; -import java.util.Set; - /** * 获取用户角色的数据范围 * @@ -20,18 +18,4 @@ public interface UserRoleDataScopeApi { */ DataScopeConfig getUserRoleDataScopeConfig(); - /** - * 获取当前用户拥有的所有组织机构id列表 - *

- * 返回值说明: - * 1. 可以返回null或者空,代表用户有所有权限,也就是全部数据 - * 2. 返回带有userId或者orgId的选项,代表用户有这些人或者这些机构的权限 - * 3. 返回带有负数(例如:-1)的数组,则代表用户没有任何权限 - * - * @return 用户拥有的数据范围,userId或者orgId - * @author fengshuonan - * @since 2023/7/18 22:54 - */ - Set currentUserOrgScopeList(); - } diff --git a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/factory/UserDataScopeFactory.java b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/factory/UserDataScopeFactory.java new file mode 100644 index 000000000..ac7b65219 --- /dev/null +++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/factory/UserDataScopeFactory.java @@ -0,0 +1,121 @@ +package cn.stylefeng.roses.kernel.sys.modular.user.factory; + +import cn.hutool.core.collection.CollectionUtil; +import cn.hutool.core.util.ObjectUtil; +import cn.hutool.extra.spring.SpringUtil; +import cn.stylefeng.roses.kernel.db.api.DbOperatorApi; +import cn.stylefeng.roses.kernel.db.mp.datascope.UserRoleDataScopeApi; +import cn.stylefeng.roses.kernel.db.mp.datascope.config.DataScopeConfig; +import cn.stylefeng.roses.kernel.sys.modular.user.entity.SysUser; +import cn.stylefeng.roses.kernel.sys.modular.user.service.SysUserOrgService; +import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; + +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +/** + * 用户数据范围条件的拼装 + * + * @author fengshuonan + * @since 2024-03-01 16:29 + */ +public class UserDataScopeFactory { + + /** + * 创建用户的带数据范围的条件 + * + * @author fengshuonan + * @since 2024-03-01 16:30 + */ + public static void getUserDataScopeCondition(LambdaQueryWrapper queryWrapper) { + + UserRoleDataScopeApi userRoleDataScopeApi = SpringUtil.getBean(UserRoleDataScopeApi.class); + SysUserOrgService sysUserOrgService = SpringUtil.getBean(SysUserOrgService.class); + DbOperatorApi dbOperatorApi = SpringUtil.getBean(DbOperatorApi.class); + + + // 获取当前用户的数据范围 + DataScopeConfig userRoleDataScopeConfig = userRoleDataScopeApi.getUserRoleDataScopeConfig(); + + switch (userRoleDataScopeConfig.getDataScopeType()) { + // 如果是本人数据 + case SELF: + queryWrapper.eq(SysUser::getUserId, userRoleDataScopeConfig.getUserId()); + break; + + // 如果是本部门数据 + case DEPT: + + // 获取本部门下的所有用户id + Set deptUserIdList = sysUserOrgService.getOrgUserIdList(CollectionUtil.set(false, userRoleDataScopeConfig.getUserDeptId())); + if (ObjectUtil.isEmpty(deptUserIdList)) { + deptUserIdList = CollectionUtil.set(false, -1L); + } + queryWrapper.in(SysUser::getUserId, deptUserIdList); + break; + + // 如果是本部门及有以下部门数据 + case DEPT_WITH_CHILD: + + // 获取本部门及以下部门有哪些部门 + Set subDeptOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", userRoleDataScopeConfig.getUserDeptId()); + if (ObjectUtil.isEmpty(subDeptOrgIdList)) { + subDeptOrgIdList = new HashSet<>(); + } + subDeptOrgIdList.add(userRoleDataScopeConfig.getUserDeptId()); + + // 获取部门下的用户 + Set subDeptOrgUserIdList = sysUserOrgService.getOrgUserIdList(subDeptOrgIdList); + if (ObjectUtil.isEmpty(subDeptOrgUserIdList)) { + subDeptOrgUserIdList = CollectionUtil.set(false, -1L); + } + + queryWrapper.in(SysUser::getUserId, subDeptOrgUserIdList); + break; + + // 如果是本公司及以下部门数据 + case COMPANY_WITH_CHILD: + + // 获取本部门及以下部门有哪些部门 + Set subCompanyOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", userRoleDataScopeConfig.getUserDeptId()); + if (ObjectUtil.isEmpty(subCompanyOrgIdList)) { + subCompanyOrgIdList = new HashSet<>(); + } + subCompanyOrgIdList.add(userRoleDataScopeConfig.getUserDeptId()); + + // 获取部门下的用户 + Set subCompanyUserIdList = sysUserOrgService.getOrgUserIdList(subCompanyOrgIdList); + if (ObjectUtil.isEmpty(subCompanyUserIdList)) { + subCompanyUserIdList = CollectionUtil.set(false, -1L); + } + + queryWrapper.in(SysUser::getUserId, subCompanyUserIdList); + + break; + + // 如果是指定部门数据 + case DEFINE: + + // 获取指定部门下的用户列表 + List specificOrgIds = userRoleDataScopeConfig.getSpecificOrgIds(); + if (ObjectUtil.isEmpty(specificOrgIds)) { + specificOrgIds = CollectionUtil.list(false, -1L); + } + + Set specificOrgUserIdList = sysUserOrgService.getOrgUserIdList(new HashSet<>(specificOrgIds)); + if (ObjectUtil.isEmpty(specificOrgUserIdList)) { + specificOrgUserIdList = CollectionUtil.set(false, -1L); + } + + queryWrapper.in(SysUser::getUserId, specificOrgUserIdList); + break; + + // 如果是全部数据 + case ALL: + break; + } + + } + +} diff --git a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java index 9566e278a..6770be9ab 100644 --- a/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java +++ b/kernel-s-system/system-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java @@ -14,7 +14,6 @@ import cn.stylefeng.roses.kernel.db.api.factory.PageFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory; import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity; import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult; -import cn.stylefeng.roses.kernel.db.mp.datascope.UserRoleDataScopeApi; import cn.stylefeng.roses.kernel.db.mp.tenant.holder.TenantIdHolder; import cn.stylefeng.roses.kernel.db.mp.tenant.holder.TenantSwitchHolder; import cn.stylefeng.roses.kernel.dsctn.api.context.DataSourceContext; @@ -35,6 +34,7 @@ import cn.stylefeng.roses.kernel.sys.api.pojo.user.*; import cn.stylefeng.roses.kernel.sys.modular.user.entity.SysUser; import cn.stylefeng.roses.kernel.sys.modular.user.enums.SysUserExceptionEnum; import cn.stylefeng.roses.kernel.sys.modular.user.factory.SysUserCreateFactory; +import cn.stylefeng.roses.kernel.sys.modular.user.factory.UserDataScopeFactory; import cn.stylefeng.roses.kernel.sys.modular.user.mapper.SysUserMapper; import cn.stylefeng.roses.kernel.sys.modular.user.pojo.request.SysUserRequest; import cn.stylefeng.roses.kernel.sys.modular.user.pojo.response.PersonalInfo; @@ -87,9 +87,6 @@ public class SysUserServiceImpl extends ServiceImpl impl @Resource private SysUserCertificateService sysUserCertificateService; - @Resource - private UserRoleDataScopeApi userRoleDataScopeApi; - @Override @Transactional(rollbackFor = Exception.class) public void add(SysUserRequest sysUserRequest) { @@ -807,11 +804,7 @@ public class SysUserServiceImpl extends ServiceImpl impl } // 数据权限范围控制 - Set dataScope = userRoleDataScopeApi.currentUserOrgScopeList(); - if (ObjectUtil.isNotEmpty(dataScope)) { - Set userIdList = this.sysUserOrgService.getOrgUserIdList(dataScope); - queryWrapper.in(SysUser::getUserId, userIdList); - } + UserDataScopeFactory.getUserDataScopeCondition(queryWrapper); // 按用户排序字段排序 queryWrapper.orderByAsc(SysUser::getUserSort); diff --git a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java index 7cf91f331..07cdf7132 100644 --- a/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java +++ b/kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/UserRoleDataScopeImpl.java @@ -2,7 +2,6 @@ package cn.stylefeng.roses.kernel.sys.modular.role.service.impl; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.collection.ListUtil; -import cn.hutool.core.util.ObjectUtil; import cn.stylefeng.roses.kernel.auth.api.context.LoginContext; import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser; import cn.stylefeng.roses.kernel.db.api.DbOperatorApi; @@ -17,7 +16,6 @@ import org.springframework.stereotype.Service; import javax.annotation.Resource; import java.util.ArrayList; -import java.util.HashSet; import java.util.List; import java.util.Set; @@ -99,68 +97,4 @@ public class UserRoleDataScopeImpl implements UserRoleDataScopeApi { return dataScopeConfig; } - @Override - public Set currentUserOrgScopeList() { - - // 获取当前用户id - Long userId = LoginContext.me().getLoginUser().getUserId(); - - // 获取当前用户的数据范围类型 - DataScopeConfig userRoleDataScopeConfig = this.getUserRoleDataScopeConfig(); - DataScopeTypeEnum dataScopeTypeEnum = userRoleDataScopeConfig.getDataScopeType(); - - // 如果是只有本人数据 - if (DataScopeTypeEnum.SELF.equals(dataScopeTypeEnum)) { - return CollectionUtil.set(false, userId); - } - - // 如果是本部门数据 - else if (DataScopeTypeEnum.DEPT.equals(dataScopeTypeEnum)) { - return CollectionUtil.set(false, userRoleDataScopeConfig.getUserDeptId()); - } - - // 如果是本部门及以下部门 - else if (DataScopeTypeEnum.DEPT_WITH_CHILD.equals(dataScopeTypeEnum)) { - - // 获取指定组织机构下的所有机构id - Set subOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", userRoleDataScopeConfig.getUserDeptId()); - if (ObjectUtil.isEmpty(subOrgIdList)) { - subOrgIdList = new HashSet<>(); - } - subOrgIdList.add(userRoleDataScopeConfig.getUserDeptId()); - return subOrgIdList; - } - - // 如果是本公司及以下部门 - else if (DataScopeTypeEnum.COMPANY_WITH_CHILD.equals(dataScopeTypeEnum)) { - - // 获取指定组织机构下的所有机构id - Set subOrgIdList = dbOperatorApi.findSubListByParentId("sys_hr_organization", "org_pids", "org_id", userRoleDataScopeConfig.getUserCompanyId()); - if (ObjectUtil.isEmpty(subOrgIdList)) { - subOrgIdList = new HashSet<>(); - } - subOrgIdList.add(userRoleDataScopeConfig.getUserCompanyId()); - return subOrgIdList; - } - - // 如果是指定部门数据 - else if (DataScopeTypeEnum.DEFINE.equals(dataScopeTypeEnum)) { - - // 获取用户的角色列表 - List userHaveRoleIds = sysUserRoleServiceApi.getUserRoleIdList(userId); - - // 获取角色指定的所有部门范围 - return sysRoleDataScopeService.getRoleBindOrgIdList(userHaveRoleIds); - } - - // 如果是全部数据 - else if (DataScopeTypeEnum.ALL.equals(dataScopeTypeEnum)) { - - return null; - } - - // 默认返回只有本人数据 - return CollectionUtil.set(false, userId); - } - }