feature: 主机额外配置保存.

orion-ops-framework/orion-ops-framework-common/src/main/java/com/orion/ops/framework/common/constant/ErrorMessage.java

@@ -67,4 +67,6 @@ public interface ErrorMessage {
 
     String BEFORE_PASSWORD_ERROR = "原密码错误";
 
+    String DATA_NO_PERMISSION = "数据无权限";
+
 }

orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/handler/host/extra/strategy/HostSshExtraStrategy.java

@@ -1,10 +1,20 @@
 package com.orion.ops.module.asset.handler.host.extra.strategy;
 
+import com.orion.ops.framework.common.constant.ErrorMessage;
 import com.orion.ops.framework.common.handler.data.strategy.MapDataStrategy;
+import com.orion.ops.framework.common.utils.Valid;
+import com.orion.ops.framework.security.core.utils.SecurityUtils;
+import com.orion.ops.module.asset.dao.HostIdentityDAO;
+import com.orion.ops.module.asset.dao.HostKeyDAO;
 import com.orion.ops.module.asset.enums.HostExtraSshAuthTypeEnum;
 import com.orion.ops.module.asset.handler.host.extra.model.HostSshExtraModel;
+import com.orion.ops.module.infra.api.DataPermissionApi;
+import com.orion.ops.module.infra.api.SystemUserApi;
+import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
 import org.springframework.stereotype.Component;
 
+import javax.annotation.Resource;
+
 /**
  * 主机拓展信息 - ssh 模型处理策略
  *
@@ -15,6 +25,18 @@ import org.springframework.stereotype.Component;
 @Component
 public class HostSshExtraStrategy implements MapDataStrategy<HostSshExtraModel> {
 
+    @Resource
+    private HostKeyDAO hostKeyDAO;
+
+    @Resource
+    private HostIdentityDAO hostIdentityDAO;
+
+    @Resource
+    private SystemUserApi systemUserApi;
+
+    @Resource
+    private DataPermissionApi dataPermissionApi;
+
     @Override
     public HostSshExtraModel getDefault() {
         return HostSshExtraModel.builder()
@@ -24,17 +46,46 @@ public class HostSshExtraStrategy implements MapDataStrategy<HostSshExtraModel>
 
     @Override
     public void updateFill(HostSshExtraModel beforeModel, HostSshExtraModel afterModel) {
-
     }
 
     @Override
     public void preValid(HostSshExtraModel model) {
-
+        HostExtraSshAuthTypeEnum authType = Valid.valid(HostExtraSshAuthTypeEnum::of, model.getAuthType());
+        model.setAuthType(authType.name());
+        Long keyId = model.getKeyId();
+        Long identityId = model.getIdentityId();
+        // 必填验证
+        if (HostExtraSshAuthTypeEnum.KEY.equals(authType)) {
+            Valid.notNull(keyId);
+        } else if (HostExtraSshAuthTypeEnum.IDENTITY.equals(authType)) {
+            Valid.notNull(identityId);
+        }
+        // 验证主机秘钥是否存在
+        if (keyId != null) {
+            Valid.notNull(hostKeyDAO.selectById(keyId), ErrorMessage.KEY_ABSENT);
+        }
+        // 验证主机身份是否存在
+        if (identityId != null) {
+            Valid.notNull(hostIdentityDAO.selectById(identityId), ErrorMessage.IDENTITY_ABSENT);
+        }
+        // 非管理员验证权限
+        Long userId = SecurityUtils.getLoginUserId();
+        if (!systemUserApi.isAdminUser(userId)) {
+            // 验证主机秘钥是否有权限
+            if (keyId != null) {
+                Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_KEY, userId, keyId),
+                        ErrorMessage.DATA_NO_PERMISSION);
+            }
+            // 验证主机身份是否有权限
+            if (identityId != null) {
+                Valid.isTrue(dataPermissionApi.hasPermission(DataPermissionTypeEnum.HOST_IDENTITY, userId, identityId),
+                        ErrorMessage.DATA_NO_PERMISSION);
+            }
+        }
     }
 
     @Override
     public void valid(HostSshExtraModel model) {
-
     }
 
 }

orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostExtraService.java

@@ -48,18 +48,4 @@ public interface HostExtraService {
      */
     Integer updateHostExtra(HostExtraUpdateRequest request);
 
-    /**
-     * 删除主机秘钥回调
-     *
-     * @param id id
-     */
-    void deleteHostKeyCallback(Long id);
-
-    /**
-     * 删除主机身份回调
-     *
-     * @param id id
-     */
-    void deleteHostIdentityCallback(Long id);
-
 }

orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostConfigServiceImpl.java

@@ -45,6 +45,7 @@ public class HostConfigServiceImpl implements HostConfigService {
     private HostConfigDAO hostConfigDAO;
 
     // FIXME 动态初始化
+    // 改为小写
 
     @Override
     public HostConfigVO getHostConfig(Long hostId, String type) {
@@ -73,12 +74,8 @@ public class HostConfigServiceImpl implements HostConfigService {
 
     @Override
     public List<HostConfigVO> getHostConfigList(Long hostId) {
+        // 查询
         List<HostConfigDO> configs = hostConfigDAO.getHostConfigByHostId(hostId);
-        if (configs.isEmpty()) {
-            // 初始化 兜底
-            this.initHostConfig(hostId);
-            configs = hostConfigDAO.getHostConfigByHostId(hostId);
-        }
         // 返回
         return configs.stream().map(s -> {
             HostConfigVO vo = HostConfigConvert.MAPPER.to(s);

orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostExtraServiceImpl.java

@@ -122,16 +122,6 @@ public class HostExtraServiceImpl implements HostExtraService {
         return dataExtraApi.updateExtraValue(beforeExtraItem.getId(), newExtra.serial());
     }
 
-    @Override
-    public void deleteHostKeyCallback(Long id) {
-
-    }
-
-    @Override
-    public void deleteHostIdentityCallback(Long id) {
-
-    }
-
     /**
      * 检查配置项并且转为视图 (不存在则初始化默认值)
      *

orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostIdentityServiceImpl.java

@@ -24,8 +24,8 @@ import com.orion.ops.module.asset.entity.request.host.HostIdentityCreateRequest;
 import com.orion.ops.module.asset.entity.request.host.HostIdentityQueryRequest;
 import com.orion.ops.module.asset.entity.request.host.HostIdentityUpdateRequest;
 import com.orion.ops.module.asset.entity.vo.HostIdentityVO;
-import com.orion.ops.module.asset.service.HostExtraService;
 import com.orion.ops.module.asset.service.HostIdentityService;
+import com.orion.ops.module.infra.api.DataExtraApi;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 
@@ -56,7 +56,7 @@ public class HostIdentityServiceImpl implements HostIdentityService {
     private HostConfigDAO hostConfigDAO;
 
     @Resource
-    private HostExtraService hostExtraService;
+    private DataExtraApi dataExtraApi;
 
     @Override
     public Long createHostIdentity(HostIdentityCreateRequest request) {
@@ -178,8 +178,8 @@ public class HostIdentityServiceImpl implements HostIdentityService {
         int effect = hostIdentityDAO.deleteById(id);
         // 删除主机配置
         hostConfigDAO.setIdentityIdWithNull(id);
-        // 删除主机额外配置
+        // 删除主机身份额外配置
-        hostExtraService.deleteHostIdentityCallback(id);
+        dataExtraApi.deleteHostIdentityExtra(id);
         // 删除缓存
         RedisMaps.delete(HostCacheKeyDefine.HOST_IDENTITY.getKey(), record.getId());
         log.info("HostIdentityService-deleteHostIdentityById effect: {}", effect);

orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostKeyServiceImpl.java

@@ -22,8 +22,8 @@ import com.orion.ops.module.asset.entity.request.host.HostKeyCreateRequest;
 import com.orion.ops.module.asset.entity.request.host.HostKeyQueryRequest;
 import com.orion.ops.module.asset.entity.request.host.HostKeyUpdateRequest;
 import com.orion.ops.module.asset.entity.vo.HostKeyVO;
-import com.orion.ops.module.asset.service.HostExtraService;
 import com.orion.ops.module.asset.service.HostKeyService;
+import com.orion.ops.module.infra.api.DataExtraApi;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -53,7 +53,7 @@ public class HostKeyServiceImpl implements HostKeyService {
     private HostConfigDAO hostConfigDAO;
 
     @Resource
-    private HostExtraService hostExtraService;
+    private DataExtraApi dataExtraApi;
 
     @Override
     public Long createHostKey(HostKeyCreateRequest request) {
@@ -175,8 +175,8 @@ public class HostKeyServiceImpl implements HostKeyService {
         hostIdentityDAO.setKeyWithNull(id);
         // 删除主机配置
         hostConfigDAO.setKeyIdWithNull(id);
-        // 删除主机额外配置
+        // 删除主机秘钥额外配置
-        hostExtraService.deleteHostKeyCallback(id);
+        dataExtraApi.deleteHostKeyExtra(id);
         // 删除缓存
         RedisMaps.delete(HostCacheKeyDefine.HOST_KEY.getKey(), record.getId());
         log.info("HostKeyService-deleteHostKeyById effect: {}", effect);

orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataExtraApi.java

@@ -96,4 +96,20 @@ public interface DataExtraApi {
      */
     Integer deleteByRelId(DataExtraTypeEnum type, Long relId);
 
+    /**
+     * 删除主机秘钥
+     *
+     * @param keyId keyId
+     * @return effect
+     */
+    int deleteHostKeyExtra(Long keyId);
+
+    /**
+     * 删除主机身份
+     *
+     * @param identityId identityId
+     * @return effect
+     */
+    int deleteHostIdentityExtra(Long identityId);
+
 }

orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataPermissionApi.java

@@ -30,6 +30,16 @@ public interface DataPermissionApi {
      */
     void updateDataPermission(DataPermissionTypeEnum type, DataPermissionUpdateDTO dto);
 
+    /**
+     * 检查用户是否有权限
+     *
+     * @param type   type
+     * @param userId userId
+     * @param relId  relId
+     * @return effect
+     */
+    boolean hasPermission(DataPermissionTypeEnum type, Long userId, Long relId);
+
     /**
      * 通过 userId 查询数据权限 (不包含角色 不走缓存)
      *

orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataExtraApiImpl.java

@@ -3,6 +3,7 @@ package com.orion.ops.module.infra.api.impl;
 import com.orion.ops.framework.common.utils.Valid;
 import com.orion.ops.module.infra.api.DataExtraApi;
 import com.orion.ops.module.infra.convert.DataExtraProviderConvert;
+import com.orion.ops.module.infra.dao.DataExtraDAO;
 import com.orion.ops.module.infra.entity.domain.DataExtraDO;
 import com.orion.ops.module.infra.entity.dto.data.DataExtraDTO;
 import com.orion.ops.module.infra.entity.dto.data.DataExtraQueryDTO;
@@ -33,6 +34,9 @@ public class DataExtraApiImpl implements DataExtraApi {
     @Resource
     private DataExtraService dataExtraService;
 
+    @Resource
+    private DataExtraDAO dataExtraDAO;
+
     @Override
     public Integer setExtraItem(DataExtraSetDTO dto, DataExtraTypeEnum type) {
         Valid.valid(dto);
@@ -103,4 +107,16 @@ public class DataExtraApiImpl implements DataExtraApi {
         return dataExtraService.deleteByRelId(type.name(), relId);
     }
 
+    @Override
+    public int deleteHostKeyExtra(Long keyId) {
+        Valid.notNull(keyId);
+        return dataExtraDAO.deleteHostKey(keyId);
+    }
+
+    @Override
+    public int deleteHostIdentityExtra(Long identityId) {
+        Valid.notNull(identityId);
+        return dataExtraDAO.deleteHostIdentity(identityId);
+    }
+
 }

orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataPermissionApiImpl.java

@@ -49,6 +49,12 @@ public class DataPermissionApiImpl implements DataPermissionApi {
         dataPermissionService.updateDataPermission(request);
     }
 
+    @Override
+    public boolean hasPermission(DataPermissionTypeEnum type, Long userId, Long relId) {
+        Valid.allNotNull(userId, relId);
+        return dataPermissionService.hasPermission(type.name(), userId, relId);
+    }
+
     @Override
     public List<Long> getRelIdListByUserId(DataPermissionTypeEnum type, Long userId) {
         return dataPermissionService.getRelIdListByUserId(type.name(), userId);

orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/dao/DataExtraDAO.java

@@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.orion.ops.framework.mybatis.core.mapper.IMapper;
 import com.orion.ops.module.infra.entity.domain.DataExtraDO;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
 
 /**
  * 数据拓展信息 Mapper 接口
@@ -41,4 +42,20 @@ public interface DataExtraDAO extends IMapper<DataExtraDO> {
         return this.delete(wrapper);
     }
 
+    /**
+     * 删除主机秘钥
+     *
+     * @param keyId keyId
+     * @return effect
+     */
+    int deleteHostKey(@Param("keyId") Long keyId);
+
+    /**
+     * 删除主机身份
+     *
+     * @param identityId identityId
+     * @return effect
+     */
+    int deleteHostIdentity(@Param("identityId") Long identityId);
+
 }

orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/DataPermissionService.java

@@ -1,6 +1,7 @@
 package com.orion.ops.module.infra.service;
 
 import com.orion.ops.module.infra.entity.request.data.DataPermissionUpdateRequest;
+import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
 
 import java.util.List;
 
@@ -27,6 +28,16 @@ public interface DataPermissionService {
      */
     void updateDataPermission(DataPermissionUpdateRequest request);
 
+    /**
+     * 检查用户是否有权限
+     *
+     * @param type   type
+     * @param userId userId
+     * @param relId  relId
+     * @return effect
+     */
+    boolean hasPermission(String type, Long userId, Long relId);
+
     /**
      * 通过 userId 查询数据权限 (不包含角色 不走缓存)
      *

orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/DataPermissionServiceImpl.java

@@ -104,6 +104,16 @@ public class DataPermissionServiceImpl implements DataPermissionService {
         this.deleteCache(type, userId, roleId);
     }
 
+    @Override
+    public boolean hasPermission(String type, Long userId, Long relId) {
+        // 查询用户授权列表
+        List<Long> relIdList = this.getUserAuthorizedRelIdList(type, userId);
+        if (relIdList.isEmpty()) {
+            return false;
+        }
+        return relIdList.contains(relId);
+    }
+
     @Override
     public List<Long> getRelIdListByUserId(String type, Long userId) {
         return dataPermissionDAO.of()
@@ -185,41 +195,27 @@ public class DataPermissionServiceImpl implements DataPermissionService {
                         .collect(Collectors.toList());
         List<Long> userIdList = mapper.apply(DataPermissionDO::getUserId);
         List<Long> roleIdList = mapper.apply(DataPermissionDO::getRoleId);
-        this.deleteCache(Lists.singleton(type), userIdList, roleIdList);
+        this.deleteCache(userIdList, roleIdList);
         return effect;
     }
 
     @Override
     public int deleteByUserId(Long userId) {
         LambdaQueryWrapper<DataPermissionDO> wrapper = Conditions.eq(DataPermissionDO::getUserId, userId);
-        // 查询
-        List<String> typeList = dataPermissionDAO.of()
-                .wrapper(wrapper)
-                .stream()
-                .map(DataPermissionDO::getType)
-                .distinct()
-                .collect(Collectors.toList());
         // 删除
         int effect = dataPermissionDAO.delete(wrapper);
         // 删除缓存
-        this.deleteCache(typeList, Lists.singleton(userId), null);
+        this.deleteCache(Lists.singleton(userId), null);
         return effect;
     }
 
     @Override
     public int deleteByRoleId(Long roleId) {
         LambdaQueryWrapper<DataPermissionDO> wrapper = Conditions.eq(DataPermissionDO::getRoleId, roleId);
-        // 查询
-        List<String> typeList = dataPermissionDAO.of()
-                .wrapper(wrapper)
-                .stream()
-                .map(DataPermissionDO::getType)
-                .distinct()
-                .collect(Collectors.toList());
         // 删除
         int effect = dataPermissionDAO.delete(wrapper);
         // 删除缓存
-        this.deleteCache(typeList, null, Lists.singleton(roleId));
+        this.deleteCache(null, Lists.singleton(roleId));
         return effect;
     }
 
@@ -241,12 +237,12 @@ public class DataPermissionServiceImpl implements DataPermissionService {
     @Override
     public void clearUserCache(List<Long> userIdList) {
         // 扫描的 key
-        List<String> keyMatchs = userIdList.stream()
+        List<String> keyMatches = userIdList.stream()
                 .distinct()
                 .map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format("*", s))
                 .collect(Collectors.toList());
         // 扫描并删除
-        RedisUtils.scanKeysDelete(keyMatchs);
+        RedisUtils.scanKeysDelete(keyMatches);
     }
 
     /**
@@ -262,8 +258,10 @@ public class DataPermissionServiceImpl implements DataPermissionService {
             userIdList.add(userId);
         }
         // 查询角色的权限
-        List<Long> roleUserIdList = systemUserRoleDAO.selectUserIdByRoleId(roleId);
+        if (roleId != null) {
-        userIdList.addAll(roleUserIdList);
+            List<Long> roleUserIdList = systemUserRoleDAO.selectUserIdByRoleId(roleId);
+            userIdList.addAll(roleUserIdList);
+        }
         // 删除缓存
         if (!userIdList.isEmpty()) {
             List<String> keys = userIdList.stream()
@@ -276,11 +274,10 @@ public class DataPermissionServiceImpl implements DataPermissionService {
     /**
      * 删除缓存
      *
-     * @param typeList   typeList
      * @param userIdList userIdList
      * @param roleIdList roleIdList
      */
-    private void deleteCache(List<String> typeList, List<Long> userIdList, List<Long> roleIdList) {
+    private void deleteCache(List<Long> userIdList, List<Long> roleIdList) {
         Set<Long> deleteUserIdList = new HashSet<>(4);
         if (!Lists.isEmpty(userIdList)) {
             deleteUserIdList.addAll(userIdList);
@@ -295,10 +292,10 @@ public class DataPermissionServiceImpl implements DataPermissionService {
         }
         // 删除缓存
         List<String> keys = new ArrayList<>();
-        for (String type : typeList) {
+        for (DataPermissionTypeEnum type : DataPermissionTypeEnum.values()) {
             userIdList.stream()
                     .filter(Objects::nonNull)
-                    .map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format(type, s))
+                    .map(s -> DataPermissionCacheKeyDefine.DATA_PERMISSION_USER.format(type.name(), s))
                     .forEach(keys::add);
         }
         RedisLists.delete(keys);

orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/service/impl/SystemRoleServiceImpl.java

@@ -185,7 +185,7 @@ public class SystemRoleServiceImpl implements SystemRoleService {
         // 删除用户缓存中的角色
         systemUserRoleService.deleteUserCacheRoleAsync(id, userIdList);
         // 删除数据权限缓存
-        dataPermissionService.clearUserCache(userIdList);
+        dataPermissionService.deleteByRoleId(id);
         return effect;
     }
 

orion-ops-module-infra/orion-ops-module-infra-service/src/main/resources/mapper/DataExtraMapper.xml

@@ -22,4 +22,26 @@
         id, user_id, rel_id, type, item, value, create_time, update_time, creator, updater, deleted
     </sql>
 
+    <delete id="deleteHostKey">
+        UPDATE data_extra
+        SET value = JSON_REPLACE(value,
+                                 "$.keyId", NULL,
+                                 "$.authType", IF(JSON_EXTRACT(value, "$.authType") = 'KEY', 'DEFAULT', JSON_EXTRACT(value, "$.authType")))
+        WHERE deleted = 0
+          AND type = 'HOST'
+          AND item = 'ssh'
+          AND JSON_CONTAINS(value, JSON_OBJECT('keyId', #{keyId}))
+    </delete>
+
+    <delete id="deleteHostIdentity">
+        UPDATE data_extra
+        SET value = JSON_REPLACE(value,
+                                 "$.identityId", NULL,
+                                 "$.authType", IF(JSON_EXTRACT(value, "$.authType") = 'IDENTITY', 'DEFAULT', JSON_EXTRACT(value, "$.authType")))
+        WHERE deleted = 0
+          AND type = 'HOST'
+          AND item = 'ssh'
+          AND JSON_CONTAINS(value, JSON_OBJECT('identityId', #{identityId}))
+    </delete>
+
 </mapper>