权限中台

b1a49c3e · dong.an · a7dd5d04 · b1a49c3e · b1a49c3e · b1a49c3e
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/RoleResourceMapper.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/RoleResourceMapper.java
@@ -23,6 +23,10 @@ public interface RoleResourceMapper {
    Integer checkDataPrivilegeUsed(int dataPrivilegeId);
+    Integer checkExist(RoleResource roleResource);
+    Integer checkRoleResourceExist(RoleResource roleResource);
    List<RoleResourceDto> getByResourceId(int resourceId);
    List<RoleResourceDto> getList(@Param("productType") int productType, @Param("type") int type);

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/UserRoleMapper.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/mapper/UserRoleMapper.java
@@ -21,4 +21,6 @@ public interface UserRoleMapper {
    Integer checkRoleUsed(int roleId);
+    Integer checkExist(UserRole userRole);
 }
\ No newline at end of file
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/PermissionCacheService.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/PermissionCacheService.java
 package com.pica.cloud.permission.permission.server.service;
-import com.pica.cloud.permission.permission.server.entity.DataPrivilege;
+import com.pica.cloud.permission.permission.server.entity.*;
-import com.pica.cloud.permission.permission.server.entity.Resource;
-import com.pica.cloud.permission.permission.server.entity.RoleResource;
-import com.pica.cloud.permission.permission.server.entity.UserRole;
 /**
 * @author andong
@@ -18,7 +15,7 @@ public interface PermissionCacheService {
    void deleteRoleResource(RoleResource roleResource);
    //删除角色下所有资源
-    void deleteAllRoleResource(int roleId);
+    void deleteAllRoleResource(Role role);
    //添加用户-角色
    void addUserRole(UserRole userRole);

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/DataPrivilegeServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/DataPrivilegeServiceImpl.java
@@ -51,6 +51,9 @@ public class DataPrivilegeServiceImpl implements DataPrivilegeService {
    @Transactional
    public void updateDataPrivilege(DataPrivilege dataPrivilege) {
        DataPrivilege origin = dataPrivilegeMapper.selectByPrimaryKey(dataPrivilege.getId());
+        if (origin == null) {
+            throw new PicaException(PicaResultCode.DATA_EXCEPTION.code(), "数据权限不存在");
+        }
        dataPrivilege.setResourceId(null);  //不支持修改资源ID
        dataPrivilege.setModifiedTime(new Date());
        dataPrivilegeMapper.updateByPrimaryKeySelective(dataPrivilege);

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionCacheServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionCacheServiceImpl.java
@@ -72,16 +72,18 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
        String configExt = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfigExt();
        String dataValue = url + Constants.DATA_SPLIT + config + Constants.DATA_SPLIT + configExt;
        try {
-            cacheClient.srem(Constants.KEY_ROLE_URL + role.getCode(), url);
            cacheClient.srem(Constants.KEY_ROLE_DATA + role.getCode(), dataValue);
+            Integer pk = roleResourceMapper.checkRoleResourceExist(roleResource);
+            if (pk == null) {
+                cacheClient.srem(Constants.KEY_ROLE_URL + role.getCode(), url);
+            }
        } catch (Exception ex) {
            logger.error(ex.getMessage(), ex);
        }
    }
    //删除角色下所有资源
-    public void deleteAllRoleResource(int roleId) {
+    public void deleteAllRoleResource(Role role) {
-        Role role = roleMapper.selectByPrimaryKey(roleId);
        //目前仅更新云鹊医角色资源信息
        if (role.getProductType().intValue() != ProductTypeEnum.DOCTOR.code()) {
            return;
@@ -139,6 +141,18 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
            for (RoleResourceDto dto : list) {
                cacheClient.srem(Constants.KEY_ROLE_URL + dto.getRoleCode(), oldUrl);
                cacheClient.sadd(Constants.KEY_ROLE_URL + dto.getRoleCode(), newUrl);
+                if (dto.getDataPrivilegeId().intValue() == 0) {
+                    cacheClient.srem(Constants.KEY_ROLE_DATA + dto.getRoleCode(), oldUrl + Constants.DATA_SPLIT + Constants.DATA_SPLIT);
+                    cacheClient.sadd(Constants.KEY_ROLE_DATA + dto.getRoleCode(), newUrl + Constants.DATA_SPLIT + Constants.DATA_SPLIT);
+                } else {
+                    DataPrivilege dataPrivilege = dataPrivilegeMapper.selectByPrimaryKey(dto.getDataPrivilegeId().intValue());
+                    String config = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfig();
+                    String configExt = dataPrivilege == null ? StringUtils.EMPTY : dataPrivilege.getConfigExt();
+                    String oldDataValue = oldUrl + Constants.DATA_SPLIT + config + Constants.DATA_SPLIT + configExt;
+                    String newDataValue = newUrl + Constants.DATA_SPLIT + config + Constants.DATA_SPLIT + configExt;
+                    cacheClient.srem(Constants.KEY_ROLE_DATA + dto.getRoleCode(), oldDataValue);
+                    cacheClient.sadd(Constants.KEY_ROLE_DATA + dto.getRoleCode(), newDataValue);
+                }
            }
        } catch (Exception ex) {
            logger.error(ex.getMessage(), ex);
@@ -156,15 +170,15 @@ public class PermissionCacheServiceImpl implements PermissionCacheService {
            return;
        }
        //未修改配置信息
-        if (StringUtils.isBlank(newDataPrivilege.getConfig()) && StringUtils.isBlank(newDataPrivilege.getConfigExt())) {
+        if (newDataPrivilege.getConfig() == null && newDataPrivilege.getConfigExt() == null) {
            return;
        }
        String url = resource.getUrl();
        String oldConfig = oldDataPrivilege.getConfig();
        String oldConfigExt = oldDataPrivilege.getConfigExt();
        String oldDataValue = url + Constants.DATA_SPLIT + oldConfig + Constants.DATA_SPLIT + oldConfigExt;
-        String newConfig = StringUtils.isBlank(newDataPrivilege.getConfig()) ? oldConfig : newDataPrivilege.getConfig();
+        String newConfig = newDataPrivilege.getConfig() == null ? oldConfig : newDataPrivilege.getConfig();
-        String newConfigExt = StringUtils.isBlank(newDataPrivilege.getConfigExt()) ? oldConfigExt : newDataPrivilege.getConfigExt();
+        String newConfigExt = newDataPrivilege.getConfigExt() == null ? oldConfigExt : newDataPrivilege.getConfigExt();
        String newDataValue = url + Constants.DATA_SPLIT + newConfig + Constants.DATA_SPLIT + newConfigExt;
        List<RoleResourceDto> list = roleResourceMapper.getByResourceId(resourceId);

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/PermissionServiceImpl.java
@@ -12,6 +12,8 @@ import com.pica.cloud.permission.permission.server.service.PermissionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
+import org.springframework.util.StringUtils;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
@@ -86,7 +88,12 @@ public class PermissionServiceImpl implements PermissionService {
                    String[] datas = urlData.split(Constants.DATA_SPLIT);
                    if (authDto.getUrl().equals(datas[0])) {
                        access = true;
-                        list.add(new DataPrivilegeDto(datas[1], datas[2]));
+                        if (datas.length == 2) {
+                            list.add(new DataPrivilegeDto(datas[1], ""));
+                        }
+                        if (datas.length == 3) {
+                            list.add(new DataPrivilegeDto(datas[1], datas[2]));
+                        }
                    }
                }
            }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/ResourceServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/ResourceServiceImpl.java
@@ -46,6 +46,9 @@ public class ResourceServiceImpl implements ResourceService {
    @Transactional
    public void updateResource(Resource resource) {
        Resource origin = resourceMapper.selectByPrimaryKey(resource.getId());
+        if (origin == null) {
+            throw new PicaException(PicaResultCode.DATA_EXCEPTION.code(), "资源不存在");
+        }
        resource.setProductType(null);  //不支持修改产品线类型
        resource.setType(null);  //不支持修改资源类型
        resource.setModifiedTime(new Date());

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleResourceServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleResourceServiceImpl.java
@@ -61,6 +61,10 @@ public class RoleResourceServiceImpl implements RoleResourceService {
        if (role.getProductType().intValue() != resource.getProductType().intValue()) {
            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "角色与资源产品线不匹配");
        }
+        Integer pk = roleResourceMapper.checkExist(roleResource);
+        if (pk != null) {
+            return;  //角色-资源关系已经存在，直接返回
+        }
        roleResource.setModifiedId(roleResource.getCreatedId());
        roleResource.setCreatedTime(new Date());
@@ -90,7 +94,8 @@ public class RoleResourceServiceImpl implements RoleResourceService {
    @Override
    @Transactional
    public void deleteAll(int roleId, int modifiedId) {
+        Role role = roleMapper.selectByPrimaryKey(roleId);
        roleResourceMapper.deleteAll(roleId, modifiedId);
-        permissionCacheService.deleteAllRoleResource(roleId);  //更新缓存信息
+        permissionCacheService.deleteAllRoleResource(role);  //更新缓存信息
    }
 }
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/RoleServiceImpl.java
@@ -5,7 +5,9 @@ import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.permission.permission.server.constants.Constants;
 import com.pica.cloud.permission.permission.server.entity.Role;
 import com.pica.cloud.permission.permission.server.mapper.RoleMapper;
+import com.pica.cloud.permission.permission.server.mapper.RoleResourceMapper;
 import com.pica.cloud.permission.permission.server.mapper.UserRoleMapper;
+import com.pica.cloud.permission.permission.server.service.PermissionCacheService;
 import com.pica.cloud.permission.permission.server.service.RoleService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -20,10 +22,15 @@ import java.util.List;
 @Service
 public class RoleServiceImpl implements RoleService {
+    @Autowired
+    private PermissionCacheService permissionCacheService;
    @Autowired
    private RoleMapper roleMapper;
    @Autowired
    private UserRoleMapper userRoleMapper;
+    @Autowired
+    private RoleResourceMapper roleResourceMapper;
    @Override
    @Transactional
@@ -65,11 +72,14 @@ public class RoleServiceImpl implements RoleService {
        if (pk != null) {
            throw new PicaException(PicaResultCode.DATA_EXCEPTION.code(), "角色已被使用，无法删除");
        }
+        Role origin = roleMapper.selectByPrimaryKey(id);
        Role role = new Role();
        role.setId(id);
        role.setDeleteFlag(Constants.DELETE_FLAG_INVALID);
        role.setModifiedId(modifiedId);
        role.setModifiedTime(new Date());
        roleMapper.updateByPrimaryKeySelective(role);
+        roleResourceMapper.deleteAll(id, modifiedId);  //删除角色后，清除角色-资源关系
+        permissionCacheService.deleteAllRoleResource(origin);  //清除缓存信息
    }
 }
--- a/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/UserRoleServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/service/impl/UserRoleServiceImpl.java
@@ -53,6 +53,10 @@ public class UserRoleServiceImpl implements UserRoleService {
        userRole.setModifiedId(userRole.getCreatedId());
        userRole.setCreatedTime(new Date());
        userRole.setModifiedTime(userRole.getCreatedTime());
+        Integer pk = userRoleMapper.checkExist(userRole);
+        if (pk != null) {
+            return;  //用户-角色关系已经存在
+        }
        userRoleMapper.insertSelective(userRole);
        permissionCacheService.addUserRole(userRole);  //更新缓存信息
    }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/validation/DataPrivilegeValidation.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/validation/DataPrivilegeValidation.java
@@ -30,11 +30,16 @@ public class DataPrivilegeValidation {
        if (dataPrivilege.getId() == null) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "数据权限ID为空");
        }
+        if (dataPrivilege.getDescription() != null && StringUtils.isBlank(dataPrivilege.getDescription())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "数据权限描述为空");
+        }
+        if (dataPrivilege.getConfig() != null && StringUtils.isBlank(dataPrivilege.getConfig())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "数据权限配置为空");
+        }
        if (dataPrivilege.getModifiedId() == null) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "操作人ID为空");
        }
-        if (StringUtils.isBlank(dataPrivilege.getDescription()) && StringUtils.isBlank(dataPrivilege.getConfig())
+        if (dataPrivilege.getConfig() == null && dataPrivilege.getDescription() == null && dataPrivilege.getConfigExt() == null) {
-                && StringUtils.isBlank(dataPrivilege.getConfigExt())) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "缺少必要参数");
        }
    }

--- a/server/src/main/java/com/pica/cloud/permission/permission/server/validation/UserRoleValidation.java
+++ b/server/src/main/java/com/pica/cloud/permission/permission/server/validation/UserRoleValidation.java
@@ -2,6 +2,7 @@ package com.pica.cloud.permission.permission.server.validation;
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResultCode;
+import com.pica.cloud.permission.permission.common.constants.ProductTypeEnum;
 import com.pica.cloud.permission.permission.common.dto.UserRoleDto;
 import org.apache.commons.lang.StringUtils;
@@ -12,8 +13,11 @@ import org.apache.commons.lang.StringUtils;
 public class UserRoleValidation {
    public static void addUserRoleValidate(UserRoleDto userRoleDto) {
-        if (userRoleDto.getProductType() == null) {
+        Integer productType = userRoleDto.getProductType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型为空");
+        if (productType == null || (productType.intValue() != ProductTypeEnum.DOCTOR.code()
+                && productType.intValue() != ProductTypeEnum.HEALTH.code()
+                && productType.intValue() != ProductTypeEnum.ADMIN.code())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型不正确");
        }
        if (userRoleDto.getUserId() == null) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "用户ID为空");
@@ -27,8 +31,11 @@ public class UserRoleValidation {
    }
    public static void deleteUserRoleValidate(UserRoleDto userRoleDto) {
-        if (userRoleDto.getProductType() == null) {
+        Integer productType = userRoleDto.getProductType();
-            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型为空");
+        if (productType == null || (productType.intValue() != ProductTypeEnum.DOCTOR.code()
+                && productType.intValue() != ProductTypeEnum.HEALTH.code()
+                && productType.intValue() != ProductTypeEnum.ADMIN.code())) {
+            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "产品线类型不正确");
        }
        if (userRoleDto.getUserId() == null) {
            throw new PicaException(PicaResultCode.PARAM_IS_BLANK.code(), "用户ID为空");

--- a/server/src/main/resources/mybatis/RoleResourceMapper.xml
+++ b/server/src/main/resources/mybatis/RoleResourceMapper.xml
@@ -143,6 +143,27 @@
    limit 1
  </select>
+  <select id="checkExist" resultType="java.lang.Integer" parameterType="com.pica.cloud.permission.permission.server.entity.RoleResource">
+    select id
+    from perm_role_resource
+    where role_id = #{roleId} and resource_id = #{resourceId}
+    <if test="dataPrivilegeId != null">
+      and data_privilege_id = #{dataPrivilegeId}
+    </if>
+    <if test="dataPrivilegeId == null">
+      and data_privilege_id = 0
+    </if>
+    and delete_flag = 1
+    limit 1
+  </select>
+  <select id="checkRoleResourceExist" resultType="java.lang.Integer" parameterType="com.pica.cloud.permission.permission.server.entity.RoleResource">
+    select id
+    from perm_role_resource
+    where role_id = #{roleId} and resource_id = #{resourceId} and delete_flag = 1
+    limit 1
+  </select>
  <select id="getByResourceId" resultType="com.pica.cloud.permission.permission.common.dto.RoleResourceDto" parameterType="java.lang.Integer">
    select r.id as roleId, r.code as roleCode, rr.data_privilege_id as dataPrivilegeId
    from perm_role_resource rr join perm_role r on rr.role_id = r.id and r.delete_flag = 1

--- a/server/src/main/resources/mybatis/UserRoleMapper.xml
+++ b/server/src/main/resources/mybatis/UserRoleMapper.xml
@@ -135,4 +135,11 @@
    limit 1
  </select>
+  <select id="checkExist" resultType="java.lang.Integer" parameterType="com.pica.cloud.permission.permission.server.entity.UserRole">
+    select id
+    from perm_user_role
+    where product_type = #{productType} and user_id = #{userId} and role_id = #{roleId} and delete_flag = 1
+    limit 1
+  </select>
 </mapper>
\ No newline at end of file