角色数据权限规则查询

distributed-print-business/src/main/java/com/qmth/distributed/print/business/bean/dto/DataPermissionQuery.java → distributed-print-business/src/main/java/com/qmth/distributed/print/business/bean/dto/DataPermissionRule.java

@@ -10,7 +10,7 @@ import java.util.Set;
  * @Author: CaoZixuan
  * @Date: 22022-12-07
  */
-public class DataPermissionQuery implements Serializable {
+public class DataPermissionRule implements Serializable {
     @ApiModelProperty("有数据权限的机构集合（所有、本机构及以下、本机构）")
     private Set<Long> orgIdSet;
 

distributed-print-business/src/main/java/com/qmth/distributed/print/business/enums/DataPermissionTypeEnum.java

@@ -1,10 +1,13 @@
 package com.qmth.distributed.print.business.enums;
 
 import com.qmth.teachcloud.common.enums.EnumResult;
+import com.qmth.teachcloud.common.enums.ExceptionResultEnum;
 import io.swagger.annotations.ApiModelProperty;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
+import java.util.stream.Collectors;
 
 /**
  * @Description: 角色数据权限类型
@@ -48,4 +51,23 @@ public enum DataPermissionTypeEnum {
         }
         return list;
     }
+
+    /**
+     * 根据数据权限权重查询枚举
+     *
+     * @param weight 权重
+     * @return 数据权限类型
+     */
+    public static DataPermissionTypeEnum findByWeight(int weight) {
+        List<DataPermissionTypeEnum> dataPermissionTypes = Arrays.stream(DataPermissionTypeEnum.values())
+                .filter(e -> weight == e.getWeight()).collect(Collectors.toList());
+        if (dataPermissionTypes.size() > 1) {
+            throw ExceptionResultEnum.ERROR.exception("数据权限枚举类 权重值异常");
+        }
+        if (dataPermissionTypes.size() == 0) {
+            return null;
+        } else {
+            return dataPermissionTypes.get(0);
+        }
+    }
 }

distributed-print-business/src/main/java/com/qmth/distributed/print/business/service/BasicRoleDataPermissionService.java

@@ -2,9 +2,8 @@ package com.qmth.distributed.print.business.service;
 
 import com.baomidou.mybatisplus.extension.service.IService;
 import com.qmth.distributed.print.business.bean.dto.DataPermissionInfo;
-import com.qmth.distributed.print.business.bean.dto.DataPermissionQuery;
+import com.qmth.distributed.print.business.bean.dto.DataPermissionRule;
 import com.qmth.distributed.print.business.entity.BasicRoleDataPermission;
-import com.qmth.teachcloud.common.entity.SysUser;
 
 import java.util.List;
 
@@ -38,5 +37,5 @@ public interface BasicRoleDataPermissionService extends IService<BasicRoleDataPe
      * @param url           请求的url
      * @return 数据权限查询集合
      */
-    DataPermissionQuery findDataPermission(Long schoolId, Long requestUserId, String url);
+    DataPermissionRule findDataPermission(Long schoolId, Long requestUserId, String url);
 }

distributed-print-business/src/main/java/com/qmth/distributed/print/business/service/impl/BasicRoleDataPermissionServiceImpl.java

@@ -3,8 +3,9 @@ package com.qmth.distributed.print.business.service.impl;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.qmth.distributed.print.business.bean.dto.DataPermissionInfo;
-import com.qmth.distributed.print.business.bean.dto.DataPermissionQuery;
+import com.qmth.distributed.print.business.bean.dto.DataPermissionRule;
 import com.qmth.distributed.print.business.entity.BasicRoleDataPermission;
+import com.qmth.distributed.print.business.enums.DataPermissionTypeEnum;
 import com.qmth.distributed.print.business.mapper.BasicRoleDataPermissionMapper;
 import com.qmth.distributed.print.business.service.BasicRoleDataPermissionService;
 import com.qmth.teachcloud.common.contant.SystemConstant;
@@ -12,14 +13,19 @@ import com.qmth.teachcloud.common.entity.SysPrivilege;
 import com.qmth.teachcloud.common.entity.SysUser;
 import com.qmth.teachcloud.common.enums.ExceptionResultEnum;
 import com.qmth.teachcloud.common.enums.PrivilegeEnum;
+import com.qmth.teachcloud.common.service.SysOrgService;
 import com.qmth.teachcloud.common.service.SysPrivilegeService;
 import com.qmth.teachcloud.common.service.SysRoleService;
+import com.qmth.teachcloud.common.service.SysUserService;
 import com.qmth.teachcloud.common.util.ServletUtil;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
 import javax.annotation.Resource;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
+import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -34,6 +40,10 @@ public class BasicRoleDataPermissionServiceImpl extends ServiceImpl<BasicRoleDat
     SysPrivilegeService sysPrivilegeService;
     @Resource
     SysRoleService sysRoleService;
+    @Resource
+    SysUserService sysUserService;
+    @Resource
+    SysOrgService sysOrgService;
 
     @Transactional(rollbackFor = Exception.class)
     @Override
@@ -89,12 +99,104 @@ public class BasicRoleDataPermissionServiceImpl extends ServiceImpl<BasicRoleDat
     }
 
     @Override
-    public DataPermissionQuery findDataPermission(Long schoolId, Long requestUserId, String url) {
+    public DataPermissionRule findDataPermission(Long schoolId, Long requestUserId, String url) {
+        DataPermissionRule result = new DataPermissionRule();
         // 角色集合
-        List<Long> roleList = sysRoleService.getUserRoles(requestUserId);
+        List<Long> roleIdList = sysRoleService.getUserRoles(requestUserId);
+
+        // 方法的权限
+        SysPrivilege sysPrivilege = sysPrivilegeService.getOne(new QueryWrapper<SysPrivilege>()
+                .lambda()
+                .eq(SysPrivilege::getUrl, url)
+                .eq(SysPrivilege::getType, PrivilegeEnum.URL));
+
+        if (Objects.nonNull(sysPrivilege)) {
+            // 数据库中存在该方法的url
+            int maxWeight = 0;
+            for (Long roleId : roleIdList) {
+                DataPermissionTypeEnum roleDataPermissionType = this.searchRoleDataPermissionByPrivilege(roleId, sysPrivilege);
+                if (Objects.nonNull(roleDataPermissionType)) {
+                    // 角色数据权限不为空时，筛选出所有角色在该url中的最大范围数据权限为该url的最终数据权限
+                    int weight = roleDataPermissionType.getWeight();
+                    if (weight > maxWeight) {
+                        maxWeight = weight;
+                    }
+                }
+            }
+            DataPermissionTypeEnum finalPermissionType = DataPermissionTypeEnum.findByWeight(maxWeight);
+            if (Objects.nonNull(finalPermissionType)) {
+                // 最终数据权限不为空
+                SysUser requestUser = sysUserService.getById(requestUserId);
+                switch (finalPermissionType) {
+                    case SELF:
+                        // 只能看自己创建的
+                        result.setRequestUserId(requestUserId);
+                        break;
+                    case SELF_ORG:
+                        // 只能看自己所在机构
+                        Long orgId = requestUser.getOrgId();
+                        Set<Long> orgIdSet = new HashSet<>();
+                        orgIdSet.add(orgId);
+                        result.setOrgIdSet(orgIdSet);
+                        break;
+                    case SELF_ORG_BELOW:
+                        // 只能看自己所在机构和所辖机构
+                        result.setOrgIdSet(sysOrgService.findDeepOrgIdListByUserId(requestUser.getId()));
+                        break;
+                    case ALL:
+                        break;
+                }
+            }
+        }
+        return result;
+    }
 
-        SysPrivilege sysPrivilege = sysPrivilegeService.getOne(new QueryWrapper<SysPrivilege>().lambda().eq(SysPrivilege::getUrl, url).eq(SysPrivilege::getType, PrivilegeEnum.URL));
-//        sysPrivilege.get
-        return null;
+    /**
+     * 递归搜索角色的数据权限
+     *
+     * @param roleId    角色id
+     * @param privilege url权限
+     * @return 角色数据权限规则
+     */
+    private DataPermissionTypeEnum searchRoleDataPermissionByPrivilege(Long roleId, SysPrivilege privilege) {
+        Long privilegeId = privilege.getId();
+        PrivilegeEnum type = privilege.getType();
+        // 如果是菜单，搜索该菜单是否绑定了数据权限
+        if (PrivilegeEnum.MENU.equals(type)) {
+            BasicRoleDataPermission basicRoleDataPermission = this.getOne(new QueryWrapper<BasicRoleDataPermission>().lambda()
+                    .eq(BasicRoleDataPermission::getRoleId, roleId)
+                    .eq(BasicRoleDataPermission::getPrivilegeId, privilegeId));
+            if (Objects.nonNull(basicRoleDataPermission)) {
+                // 有数据权限
+                return basicRoleDataPermission.getDataPermissionType();
+            } else {
+                // 没数据权限查父菜单
+                return getDataPermissionRule(roleId, privilege);
+            }
+        } else {
+            // 如果该url不是菜单类型则查询其父目录
+            return getDataPermissionRule(roleId, privilege);
+        }
+    }
+
+    /**
+     * 查询父菜单是否包含数据权限
+     *
+     * @param roleId    角色id
+     * @param privilege 权限
+     * @return 数据权限规则
+     */
+    private DataPermissionTypeEnum getDataPermissionRule(Long roleId, SysPrivilege privilege) {
+        Long parentId = privilege.getParentId();
+        if (SystemConstant.longNotNull(parentId)) {
+            SysPrivilege parent = sysPrivilegeService.getById(parentId);
+            if (Objects.nonNull(parent)) {
+                return this.searchRoleDataPermissionByPrivilege(roleId, parent);
+            } else {
+                return null;
+            }
+        } else {
+            return null;
+        }
     }
 }