From 03c87b28d4f50d80dac58cc6172aea6acde4b52e Mon Sep 17 00:00:00 2001 From: lijiahangmax Date: Sun, 24 Dec 2023 22:20:33 +0800 Subject: [PATCH] =?UTF-8?q?feature:=20=E4=B8=BB=E6=9C=BA=E9=A2=9D=E5=A4=96?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E4=BF=9D=E5=AD=98.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/constant/ErrorMessage.java | 2 + .../extra/strategy/HostSshExtraStrategy.java | 57 ++++++++++++++++++- .../asset/service/HostExtraService.java | 14 ----- .../service/impl/HostConfigServiceImpl.java | 7 +-- .../service/impl/HostExtraServiceImpl.java | 10 ---- .../service/impl/HostIdentityServiceImpl.java | 8 +-- .../service/impl/HostKeyServiceImpl.java | 8 +-- .../ops/module/infra/api/DataExtraApi.java | 16 ++++++ .../module/infra/api/DataPermissionApi.java | 10 ++++ .../infra/api/impl/DataExtraApiImpl.java | 16 ++++++ .../infra/api/impl/DataPermissionApiImpl.java | 6 ++ .../ops/module/infra/dao/DataExtraDAO.java | 17 ++++++ .../infra/service/DataPermissionService.java | 11 ++++ .../impl/DataPermissionServiceImpl.java | 47 +++++++-------- .../service/impl/SystemRoleServiceImpl.java | 2 +- .../main/resources/mapper/DataExtraMapper.xml | 22 +++++++ 16 files changed, 187 insertions(+), 66 deletions(-) diff --git a/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java b/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java index 2b8f1c05..c26059ec 100644 --- a/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java +++ b/orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java @@ -67,4 +67,6 @@ public interface ErrorMessage { String BEFORE_PASSWORD_ERROR = "原密码错误"; + String DATA_NO_PERMISSION = "数据无权限"; + } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/extra/strategy/HostSshExtraStrategy.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/extra/strategy/HostSshExtraStrategy.java index af483320..4a279de7 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/extra/strategy/HostSshExtraStrategy.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/extra/strategy/HostSshExtraStrategy.java @@ -1,10 +1,20 @@ package com.orion.ops.module.asset.handler.host.extra.strategy; +import com.orion.ops.framework.common.constant.ErrorMessage; import com.orion.ops.framework.common.handler.data.strategy.MapDataStrategy; +import com.orion.ops.framework.common.utils.Valid; +import com.orion.ops.framework.security.core.utils.SecurityUtils; +import com.orion.ops.module.asset.dao.HostIdentityDAO; +import com.orion.ops.module.asset.dao.HostKeyDAO; import com.orion.ops.module.asset.enums.HostExtraSshAuthTypeEnum; import com.orion.ops.module.asset.handler.host.extra.model.HostSshExtraModel; +import com.orion.ops.module.infra.api.DataPermissionApi; +import com.orion.ops.module.infra.api.SystemUserApi; +import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; import org.springframework.stereotype.Component; +import javax.annotation.Resource; + /** * 主机拓展信息 - ssh 模型处理策略 * @@ -15,6 +25,18 @@ import org.springframework.stereotype.Component; @Component public class HostSshExtraStrategy implements MapDataStrategy { + @Resource + private HostKeyDAO hostKeyDAO; + + @Resource + private HostIdentityDAO hostIdentityDAO; + + @Resource + private SystemUserApi systemUserApi; + + @Resource + private DataPermissionApi dataPermissionApi; + @Override public HostSshExtraModel getDefault() { return HostSshExtraModel.builder() @@ -24,17 +46,46 @@ public class HostSshExtraStrategy implements MapDataStrategy @Override public void updateFill(HostSshExtraModel beforeModel, HostSshExtraModel afterModel) { - } @Override public void preValid(HostSshExtraModel model) { - + HostExtraSshAuthTypeEnum authType = Valid.valid(HostExtraSshAuthTypeEnum::of, model.getAuthType()); + model.setAuthType(authType.name()); + Long keyId = model.getKeyId(); + Long identityId = model.getIdentityId(); + // 必填验证 + if (HostExtraSshAuthTypeEnum.KEY.equals(authType)) { + Valid.notNull(keyId); + } else if (HostExtraSshAuthTypeEnum.IDENTITY.equals(authType)) { + Valid.notNull(identityId); + } + // 验证主机秘钥是否存在 + if (keyId != null) { + Valid.notNull(hostKeyDAO.selectById(keyId), ErrorMessage.KEY_ABSENT); + } + // 验证主机身份是否存在 + if (identityId != null) { + Valid.notNull(hostIdentityDAO.selectById(identityId), ErrorMessage.IDENTITY_ABSENT); + } + // 非管理员验证权限 + Long userId = SecurityUtils.getLoginUserId(); + if (!systemUserApi.isAdminUser(userId)) { + // 验证主机秘钥是否有权限 + if (keyId != null) { + Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_KEY, userId, keyId), + ErrorMessage.DATA_NO_PERMISSION); + } + // 验证主机身份是否有权限 + if (identityId != null) { + Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_IDENTITY, userId, identityId), + ErrorMessage.DATA_NO_PERMISSION); + } + } } @Override public void valid(HostSshExtraModel model) { - } } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java index abe77ad6..bf67fe9f 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java @@ -48,18 +48,4 @@ public interface HostExtraService { */ Integer updateHostExtra(HostExtraUpdateRequest request); - /** - * 删除主机秘钥回调 - * - * @param id id - */ - void deleteHostKeyCallback(Long id); - - /** - * 删除主机身份回调 - * - * @param id id - */ - void deleteHostIdentityCallback(Long id); - } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java index 86b46c66..63afc01e 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java @@ -45,6 +45,7 @@ public class HostConfigServiceImpl implements HostConfigService { private HostConfigDAO hostConfigDAO; // FIXME 动态初始化 + // 改为小写 @Override public HostConfigVO getHostConfig(Long hostId, String type) { @@ -73,12 +74,8 @@ public class HostConfigServiceImpl implements HostConfigService { @Override public List getHostConfigList(Long hostId) { + // 查询 List configs = hostConfigDAO.getHostConfigByHostId(hostId); - if (configs.isEmpty()) { - // 初始化 兜底 - this.initHostConfig(hostId); - configs = hostConfigDAO.getHostConfigByHostId(hostId); - } // 返回 return configs.stream().map(s -> { HostConfigVO vo = HostConfigConvert.MAPPER.to(s); diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java index d3640719..dbda3c76 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java @@ -122,16 +122,6 @@ public class HostExtraServiceImpl implements HostExtraService { return dataExtraApi.updateExtraValue(beforeExtraItem.getId(), newExtra.serial()); } - @Override - public void deleteHostKeyCallback(Long id) { - - } - - @Override - public void deleteHostIdentityCallback(Long id) { - - } - /** * 检查配置项并且转为视图 (不存在则初始化默认值) * diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostIdentityServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostIdentityServiceImpl.java index b313b130..1c8ab06b 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostIdentityServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostIdentityServiceImpl.java @@ -24,8 +24,8 @@ import com.orion.ops.module.asset.entity.request.host.HostIdentityCreateRequest; import com.orion.ops.module.asset.entity.request.host.HostIdentityQueryRequest; import com.orion.ops.module.asset.entity.request.host.HostIdentityUpdateRequest; import com.orion.ops.module.asset.entity.vo.HostIdentityVO; -import com.orion.ops.module.asset.service.HostExtraService; import com.orion.ops.module.asset.service.HostIdentityService; +import com.orion.ops.module.infra.api.DataExtraApi; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; @@ -56,7 +56,7 @@ public class HostIdentityServiceImpl implements HostIdentityService { private HostConfigDAO hostConfigDAO; @Resource - private HostExtraService hostExtraService; + private DataExtraApi dataExtraApi; @Override public Long createHostIdentity(HostIdentityCreateRequest request) { @@ -178,8 +178,8 @@ public class HostIdentityServiceImpl implements HostIdentityService { int effect = hostIdentityDAO.deleteById(id); // 删除主机配置 hostConfigDAO.setIdentityIdWithNull(id); - // 删除主机额外配置 - hostExtraService.deleteHostIdentityCallback(id); + // 删除主机身份额外配置 + dataExtraApi.deleteHostIdentityExtra(id); // 删除缓存 RedisMaps.delete(HostCacheKeyDefine.HOST_IDENTITY.getKey(), record.getId()); log.info("HostIdentityService-deleteHostIdentityById effect: {}", effect); diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostKeyServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostKeyServiceImpl.java index fffe7192..482148d0 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostKeyServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostKeyServiceImpl.java @@ -22,8 +22,8 @@ import com.orion.ops.module.asset.entity.request.host.HostKeyCreateRequest; import com.orion.ops.module.asset.entity.request.host.HostKeyQueryRequest; import com.orion.ops.module.asset.entity.request.host.HostKeyUpdateRequest; import com.orion.ops.module.asset.entity.vo.HostKeyVO; -import com.orion.ops.module.asset.service.HostExtraService; import com.orion.ops.module.asset.service.HostKeyService; +import com.orion.ops.module.infra.api.DataExtraApi; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -53,7 +53,7 @@ public class HostKeyServiceImpl implements HostKeyService { private HostConfigDAO hostConfigDAO; @Resource - private HostExtraService hostExtraService; + private DataExtraApi dataExtraApi; @Override public Long createHostKey(HostKeyCreateRequest request) { @@ -175,8 +175,8 @@ public class HostKeyServiceImpl implements HostKeyService { hostIdentityDAO.setKeyWithNull(id); // 删除主机配置 hostConfigDAO.setKeyIdWithNull(id); - // 删除主机额外配置 - hostExtraService.deleteHostKeyCallback(id); + // 删除主机秘钥额外配置 + dataExtraApi.deleteHostKeyExtra(id); // 删除缓存 RedisMaps.delete(HostCacheKeyDefine.HOST_KEY.getKey(), record.getId()); log.info("HostKeyService-deleteHostKeyById effect: {}", effect); diff --git a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataExtraApi.java b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataExtraApi.java index c627271c..c22b5275 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataExtraApi.java +++ b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataExtraApi.java @@ -96,4 +96,20 @@ public interface DataExtraApi { */ Integer deleteByRelId(DataExtraTypeEnum type, Long relId); + /** + * 删除主机秘钥 + * + * @param keyId keyId + * @return effect + */ + int deleteHostKeyExtra(Long keyId); + + /** + * 删除主机身份 + * + * @param identityId identityId + * @return effect + */ + int deleteHostIdentityExtra(Long identityId); + } diff --git a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataPermissionApi.java b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataPermissionApi.java index b61a2109..383483e0 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataPermissionApi.java +++ b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataPermissionApi.java @@ -30,6 +30,16 @@ public interface DataPermissionApi { */ void updateDataPermission(DataPermissionTypeEnum type, DataPermissionUpdateDTO dto); + /** + * 检查用户是否有权限 + * + * @param type type + * @param userId userId + * @param relId relId + * @return effect + */ + boolean hasPermission(DataPermissionTypeEnum type, Long userId, Long relId); + /** * 通过 userId 查询数据权限 (不包含角色 不走缓存) * diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataExtraApiImpl.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataExtraApiImpl.java index 421ac5a8..cd5e7259 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataExtraApiImpl.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataExtraApiImpl.java @@ -3,6 +3,7 @@ package com.orion.ops.module.infra.api.impl; import com.orion.ops.framework.common.utils.Valid; import com.orion.ops.module.infra.api.DataExtraApi; import com.orion.ops.module.infra.convert.DataExtraProviderConvert; +import com.orion.ops.module.infra.dao.DataExtraDAO; import com.orion.ops.module.infra.entity.domain.DataExtraDO; import com.orion.ops.module.infra.entity.dto.data.DataExtraDTO; import com.orion.ops.module.infra.entity.dto.data.DataExtraQueryDTO; @@ -33,6 +34,9 @@ public class DataExtraApiImpl implements DataExtraApi { @Resource private DataExtraService dataExtraService; + @Resource + private DataExtraDAO dataExtraDAO; + @Override public Integer setExtraItem(DataExtraSetDTO dto, DataExtraTypeEnum type) { Valid.valid(dto); @@ -103,4 +107,16 @@ public class DataExtraApiImpl implements DataExtraApi { return dataExtraService.deleteByRelId(type.name(), relId); } + @Override + public int deleteHostKeyExtra(Long keyId) { + Valid.notNull(keyId); + return dataExtraDAO.deleteHostKey(keyId); + } + + @Override + public int deleteHostIdentityExtra(Long identityId) { + Valid.notNull(identityId); + return dataExtraDAO.deleteHostIdentity(identityId); + } + } diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataPermissionApiImpl.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataPermissionApiImpl.java index 4939edd7..200e889d 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataPermissionApiImpl.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataPermissionApiImpl.java @@ -49,6 +49,12 @@ public class DataPermissionApiImpl implements DataPermissionApi { dataPermissionService.updateDataPermission(request); } + @Override + public boolean hasPermission(DataPermissionTypeEnum type, Long userId, Long relId) { + Valid.allNotNull(userId, relId); + return dataPermissionService.hasPermission(type.name(), userId, relId); + } + @Override public List getRelIdListByUserId(DataPermissionTypeEnum type, Long userId) { return dataPermissionService.getRelIdListByUserId(type.name(), userId); diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/dao/DataExtraDAO.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/dao/DataExtraDAO.java index a7786e08..112a0624 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/dao/DataExtraDAO.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/dao/DataExtraDAO.java @@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.orion.ops.framework.mybatis.core.mapper.IMapper; import com.orion.ops.module.infra.entity.domain.DataExtraDO; import org.apache.ibatis.annotations.Mapper; +import org.apache.ibatis.annotations.Param; /** * 数据拓展信息 Mapper 接口 @@ -41,4 +42,20 @@ public interface DataExtraDAO extends IMapper { return this.delete(wrapper); } + /** + * 删除主机秘钥 + * + * @param keyId keyId + * @return effect + */ + int deleteHostKey(@Param("keyId") Long keyId); + + /** + * 删除主机身份 + * + * @param identityId identityId + * @return effect + */ + int deleteHostIdentity(@Param("identityId") Long identityId); + } diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/DataPermissionService.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/DataPermissionService.java index 661cce64..a0ce7bd1 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/DataPermissionService.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/DataPermissionService.java @@ -1,6 +1,7 @@ package com.orion.ops.module.infra.service; import com.orion.ops.module.infra.entity.request.data.DataPermissionUpdateRequest; +import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; import java.util.List; @@ -27,6 +28,16 @@ public interface DataPermissionService { */ void updateDataPermission(DataPermissionUpdateRequest request); + /** + * 检查用户是否有权限 + * + * @param type type + * @param userId userId + * @param relId relId + * @return effect + */ + boolean hasPermission(String type, Long userId, Long relId); + /** * 通过 userId 查询数据权限 (不包含角色 不走缓存) * diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/DataPermissionServiceImpl.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/DataPermissionServiceImpl.java index 0194292b..d2e49a59 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/DataPermissionServiceImpl.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/DataPermissionServiceImpl.java @@ -104,6 +104,16 @@ public class DataPermissionServiceImpl implements DataPermissionService { this.deleteCache(type, userId, roleId); } + @Override + public boolean hasPermission(String type, Long userId, Long relId) { + // 查询用户授权列表 + List relIdList = this.getUserAuthorizedRelIdList(type, userId); + if (relIdList.isEmpty()) { + return false; + } + return relIdList.contains(relId); + } + @Override public List getRelIdListByUserId(String type, Long userId) { return dataPermissionDAO.of() @@ -185,41 +195,27 @@ public class DataPermissionServiceImpl implements DataPermissionService { .collect(Collectors.toList()); List userIdList = mapper.apply(DataPermissionDO::getUserId); List roleIdList = mapper.apply(DataPermissionDO::getRoleId); - this.deleteCache(Lists.singleton(type), userIdList, roleIdList); + this.deleteCache(userIdList, roleIdList); return effect; } @Override public int deleteByUserId(Long userId) { LambdaQueryWrapper wrapper = Conditions.eq(DataPermissionDO::getUserId, userId); - // 查询 - List typeList = dataPermissionDAO.of() - .wrapper(wrapper) - .stream() - .map(DataPermissionDO::getType) - .distinct() - .collect(Collectors.toList()); // 删除 int effect = dataPermissionDAO.delete(wrapper); // 删除缓存 - this.deleteCache(typeList, Lists.singleton(userId), null); + this.deleteCache(Lists.singleton(userId), null); return effect; } @Override public int deleteByRoleId(Long roleId) { LambdaQueryWrapper wrapper = Conditions.eq(DataPermissionDO::getRoleId, roleId); - // 查询 - List typeList = dataPermissionDAO.of() - .wrapper(wrapper) - .stream() - .map(DataPermissionDO::getType) - .distinct() - .collect(Collectors.toList()); // 删除 int effect = dataPermissionDAO.delete(wrapper); // 删除缓存 - this.deleteCache(typeList, null, Lists.singleton(roleId)); + this.deleteCache(null, Lists.singleton(roleId)); return effect; } @@ -241,12 +237,12 @@ public class DataPermissionServiceImpl implements DataPermissionService { @Override public void clearUserCache(List userIdList) { // 扫描的 key - List keyMatchs = userIdList.stream() + List keyMatches = userIdList.stream() .distinct() .map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format("*", s)) .collect(Collectors.toList()); // 扫描并删除 - RedisUtils.scanKeysDelete(keyMatchs); + RedisUtils.scanKeysDelete(keyMatches); } /** @@ -262,8 +258,10 @@ public class DataPermissionServiceImpl implements DataPermissionService { userIdList.add(userId); } // 查询角色的权限 - List roleUserIdList = systemUserRoleDAO.selectUserIdByRoleId(roleId); - userIdList.addAll(roleUserIdList); + if (roleId != null) { + List roleUserIdList = systemUserRoleDAO.selectUserIdByRoleId(roleId); + userIdList.addAll(roleUserIdList); + } // 删除缓存 if (!userIdList.isEmpty()) { List keys = userIdList.stream() @@ -276,11 +274,10 @@ public class DataPermissionServiceImpl implements DataPermissionService { /** * 删除缓存 * - * @param typeList typeList * @param userIdList userIdList * @param roleIdList roleIdList */ - private void deleteCache(List typeList, List userIdList, List roleIdList) { + private void deleteCache(List userIdList, List roleIdList) { Set deleteUserIdList = new HashSet<>(4); if (!Lists.isEmpty(userIdList)) { deleteUserIdList.addAll(userIdList); @@ -295,10 +292,10 @@ public class DataPermissionServiceImpl implements DataPermissionService { } // 删除缓存 List keys = new ArrayList<>(); - for (String type : typeList) { + for (DataPermissionTypeEnum type : DataPermissionTypeEnum.values()) { userIdList.stream() .filter(Objects::nonNull) - .map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format(type, s)) + .map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format(type.name(), s)) .forEach(keys::add); } RedisLists.delete(keys); diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/SystemRoleServiceImpl.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/SystemRoleServiceImpl.java index 9166ff73..84a962dc 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/SystemRoleServiceImpl.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/SystemRoleServiceImpl.java @@ -185,7 +185,7 @@ public class SystemRoleServiceImpl implements SystemRoleService { // 删除用户缓存中的角色 systemUserRoleService.deleteUserCacheRoleAsync(id, userIdList); // 删除数据权限缓存 - dataPermissionService.clearUserCache(userIdList); + dataPermissionService.deleteByRoleId(id); return effect; } diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/resources/mapper/DataExtraMapper.xml b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/resources/mapper/DataExtraMapper.xml index 1232e02b..e8fc026f 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/resources/mapper/DataExtraMapper.xml +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/resources/mapper/DataExtraMapper.xml @@ -22,4 +22,26 @@ id, user_id, rel_id, type, item, value, create_time, update_time, creator, updater, deleted + + UPDATE data_extra + SET value = JSON_REPLACE(value, + "$.keyId", NULL, + "$.authType", IF(JSON_EXTRACT(value, "$.authType") = 'KEY', 'DEFAULT', JSON_EXTRACT(value, "$.authType"))) + WHERE deleted = 0 + AND type = 'HOST' + AND item = 'ssh' + AND JSON_CONTAINS(value, JSON_OBJECT('keyId', #{keyId})) + + + + UPDATE data_extra + SET value = JSON_REPLACE(value, + "$.identityId", NULL, + "$.authType", IF(JSON_EXTRACT(value, "$.authType") = 'IDENTITY', 'DEFAULT', JSON_EXTRACT(value, "$.authType"))) + WHERE deleted = 0 + AND type = 'HOST' + AND item = 'ssh' + AND JSON_CONTAINS(value, JSON_OBJECT('identityId', #{identityId})) + +