review code.
This commit is contained in:
lijiahangmax
@@ -1,9 +1,12 @@
|
||||
### 查询已授权的主机分组
|
||||
GET {{baseUrl}}/asset/authorized-data/host-group
|
||||
### 查询当前用户已授权的主机分组及主机
|
||||
GET {{baseUrl}}/asset/authorized-data/current-host-group
|
||||
Authorization: {{token}}
|
||||
|
||||
|
||||
### 获取已授权的分组
|
||||
GET {{baseUrl}}/asset/authorized-data/get-authorized-group?userId=1
|
||||
### 查询当前用户已授权的主机秘钥
|
||||
GET {{baseUrl}}/asset/authorized-data/current-host-key
|
||||
Authorization: {{token}}
|
||||
|
||||
### 查询当前用户已授权的主机身份
|
||||
GET {{baseUrl}}/asset/authorized-data/current-host-identity
|
||||
Authorization: {{token}}
|
||||
|
||||
|
||||
@@ -4,13 +4,13 @@ import com.orion.ops.framework.log.core.annotation.IgnoreLog;
|
||||
import com.orion.ops.framework.log.core.enums.IgnoreLogMode;
|
||||
import com.orion.ops.framework.security.core.utils.SecurityUtils;
|
||||
import com.orion.ops.framework.web.core.annotation.RestWrapper;
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest;
|
||||
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
|
||||
import com.orion.ops.module.asset.entity.vo.AuthorizedHostGroupWrapperVO;
|
||||
import com.orion.ops.module.asset.entity.vo.HostIdentityVO;
|
||||
import com.orion.ops.module.asset.entity.vo.HostKeyVO;
|
||||
import com.orion.ops.module.asset.service.AssetAuthorizedDataService;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.validation.annotation.Validated;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@@ -34,26 +34,28 @@ import java.util.List;
|
||||
@RequestMapping("/asset/authorized-data")
|
||||
public class AssetAuthorizedDataServiceController {
|
||||
|
||||
// FIXME 字典 菜单 http api
|
||||
|
||||
|
||||
@Resource
|
||||
private AssetAuthorizedDataService assetAuthorizedDataService;
|
||||
|
||||
@IgnoreLog(IgnoreLogMode.RET)
|
||||
@GetMapping("/host-group")
|
||||
@Operation(summary = "查询已授权的主机分组")
|
||||
public List<HostGroupTreeVO> getAuthorizedHostGroup() {
|
||||
@GetMapping("/current-host-group")
|
||||
@Operation(summary = "查询当前用户已授权的主机分组及主机")
|
||||
public AuthorizedHostGroupWrapperVO getCurrentAuthorizedHostGroup() {
|
||||
return assetAuthorizedDataService.getUserAuthorizedHostGroup(SecurityUtils.getLoginUserId());
|
||||
}
|
||||
|
||||
@IgnoreLog(IgnoreLogMode.RET)
|
||||
@GetMapping("/get-host-group")
|
||||
@Operation(summary = "获取已授权的分组")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
|
||||
public List<Long> getAuthorizedHostGroup(AssetAuthorizedDataRequest request) {
|
||||
return assetAuthorizedDataService.getAuthorizedData(request);
|
||||
@GetMapping("/current-host-key")
|
||||
@Operation(summary = "查询当前用户已授权的主机秘钥")
|
||||
public List<HostKeyVO> getCurrentAuthorizedHostKey() {
|
||||
return assetAuthorizedDataService.getUserAuthorizedHostKey(SecurityUtils.getLoginUserId());
|
||||
}
|
||||
|
||||
@IgnoreLog(IgnoreLogMode.RET)
|
||||
@GetMapping("/current-host-identity")
|
||||
@Operation(summary = "查询当前用户已授权的主机身份")
|
||||
public List<HostIdentityVO> getCurrentAuthorizedHostIdentity() {
|
||||
return assetAuthorizedDataService.getUserAuthorizedHostIdentity(SecurityUtils.getLoginUserId());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
### 主机分组授权
|
||||
PUT {{baseUrl}}/asset/data-grant/host-group
|
||||
PUT {{baseUrl}}/asset/data-grant/grant-host-group
|
||||
Content-Type: application/json
|
||||
Authorization: {{token}}
|
||||
|
||||
@@ -11,21 +11,29 @@ Authorization: {{token}}
|
||||
]
|
||||
}
|
||||
|
||||
### 获取已授权的主机分组
|
||||
GET {{baseUrl}}/asset/data-grant/get-host-group?userId=10
|
||||
Authorization: {{token}}
|
||||
|
||||
### 主机秘钥授权
|
||||
PUT {{baseUrl}}/asset/data-grant/host-key
|
||||
PUT {{baseUrl}}/asset/data-grant/grant-host-key
|
||||
Content-Type: application/json
|
||||
Authorization: {{token}}
|
||||
|
||||
{
|
||||
"userId": 10,
|
||||
"idList": [
|
||||
3,
|
||||
5
|
||||
2,
|
||||
3
|
||||
]
|
||||
}
|
||||
|
||||
### 获取已授权的主机秘钥
|
||||
GET {{baseUrl}}/asset/data-grant/get-host-key?userId=10
|
||||
Authorization: {{token}}
|
||||
|
||||
### 主机身份授权
|
||||
PUT {{baseUrl}}/asset/data-grant/host-identity
|
||||
PUT {{baseUrl}}/asset/data-grant/grant-host-identity
|
||||
Content-Type: application/json
|
||||
Authorization: {{token}}
|
||||
|
||||
@@ -36,3 +44,7 @@ Authorization: {{token}}
|
||||
5
|
||||
]
|
||||
}
|
||||
|
||||
### 获取已授权的主机身份
|
||||
GET {{baseUrl}}/asset/data-grant/get-host-identity?userId=10
|
||||
Authorization: {{token}}
|
||||
|
||||
@@ -2,23 +2,26 @@ package com.orion.ops.module.asset.controller;
|
||||
|
||||
import com.orion.lang.define.wrapper.HttpWrapper;
|
||||
import com.orion.ops.framework.biz.operator.log.core.annotation.OperatorLog;
|
||||
import com.orion.ops.framework.log.core.annotation.IgnoreLog;
|
||||
import com.orion.ops.framework.log.core.enums.IgnoreLogMode;
|
||||
import com.orion.ops.framework.web.core.annotation.RestWrapper;
|
||||
import com.orion.ops.module.asset.define.operator.HostGroupOperatorType;
|
||||
import com.orion.ops.module.asset.define.operator.HostIdentityOperatorType;
|
||||
import com.orion.ops.module.asset.define.operator.HostKeyOperatorType;
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataQueryRequest;
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest;
|
||||
import com.orion.ops.module.asset.service.AssetAuthorizedDataService;
|
||||
import com.orion.ops.module.asset.service.AssetDataGrantService;
|
||||
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.validation.annotation.Validated;
|
||||
import org.springframework.web.bind.annotation.PutMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 资产模块 授权数据服务
|
||||
@@ -35,13 +38,14 @@ import javax.annotation.Resource;
|
||||
@RequestMapping("/asset/data-grant")
|
||||
public class AssetDataGrantServiceController {
|
||||
|
||||
// FIXME 字典 菜单 http 前端api
|
||||
|
||||
@Resource
|
||||
private AssetDataGrantService assetDataGrantService;
|
||||
|
||||
@Resource
|
||||
private AssetAuthorizedDataService assetAuthorizedDataService;
|
||||
|
||||
@OperatorLog(HostGroupOperatorType.GRANT)
|
||||
@PutMapping("/host-group")
|
||||
@PutMapping("/grant-host-group")
|
||||
@Operation(summary = "主机分组授权")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
|
||||
public HttpWrapper<?> grantHostGroup(@RequestBody AssetDataGrantRequest request) {
|
||||
@@ -49,8 +53,16 @@ public class AssetDataGrantServiceController {
|
||||
return HttpWrapper.ok();
|
||||
}
|
||||
|
||||
@IgnoreLog(IgnoreLogMode.RET)
|
||||
@GetMapping("/get-host-group")
|
||||
@Operation(summary = "获取已授权的主机分组")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
|
||||
public List<Long> getAuthorizedHostGroup(AssetAuthorizedDataQueryRequest request) {
|
||||
return assetAuthorizedDataService.getAuthorizedDataRelId(DataPermissionTypeEnum.HOST_GROUP, request);
|
||||
}
|
||||
|
||||
@OperatorLog(HostKeyOperatorType.GRANT)
|
||||
@PutMapping("/host-key")
|
||||
@PutMapping("/grant-host-key")
|
||||
@Operation(summary = "主机秘钥授权")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-key:grant')")
|
||||
public HttpWrapper<?> grantHostKey(@RequestBody AssetDataGrantRequest request) {
|
||||
@@ -58,8 +70,16 @@ public class AssetDataGrantServiceController {
|
||||
return HttpWrapper.ok();
|
||||
}
|
||||
|
||||
@IgnoreLog(IgnoreLogMode.RET)
|
||||
@GetMapping("/get-host-key")
|
||||
@Operation(summary = "获取已授权的主机秘钥")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-key:grant')")
|
||||
public List<Long> getAuthorizedHostKey(AssetAuthorizedDataQueryRequest request) {
|
||||
return assetAuthorizedDataService.getAuthorizedDataRelId(DataPermissionTypeEnum.HOST_KEY, request);
|
||||
}
|
||||
|
||||
@OperatorLog(HostIdentityOperatorType.GRANT)
|
||||
@PutMapping("/host-identity")
|
||||
@PutMapping("/grant-host-identity")
|
||||
@Operation(summary = "主机身份授权")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-identity:grant')")
|
||||
public HttpWrapper<?> grantHostIdentity(@RequestBody AssetDataGrantRequest request) {
|
||||
@@ -67,4 +87,12 @@ public class AssetDataGrantServiceController {
|
||||
return HttpWrapper.ok();
|
||||
}
|
||||
|
||||
@IgnoreLog(IgnoreLogMode.RET)
|
||||
@GetMapping("/get-host-identity")
|
||||
@Operation(summary = "获取已授权的主机身份")
|
||||
@PreAuthorize("@ss.hasPermission('asset:host-identity:grant')")
|
||||
public List<Long> getAuthorizedHostIdentity(AssetAuthorizedDataQueryRequest request) {
|
||||
return assetAuthorizedDataService.getAuthorizedDataRelId(DataPermissionTypeEnum.HOST_IDENTITY, request);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -36,7 +36,7 @@ public class HostGroupOperatorType extends InitializingOperatorTypes {
|
||||
new OperatorType(L, MOVE, "移动主机分组 <sb>${source}</sb> 到 <sb>${target}(${position})</sb>"),
|
||||
new OperatorType(H, DELETE, "删除主机分组 <sb>${groupName}</sb>"),
|
||||
new OperatorType(M, UPDATE_REL, "修改分组内主机 <sb>${groupName}</sb>"),
|
||||
new OperatorType(H, GRANT, "将主机分组权限授予 <sb>${type}</sb> <sb>${name}</sb>"),
|
||||
new OperatorType(H, GRANT, "将主机分组权限授予 <sb>${grantType}</sb> <sb>${grantName}</sb>"),
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ public class HostIdentityOperatorType extends InitializingOperatorTypes {
|
||||
new OperatorType(L, CREATE, "创建主机身份 <sb>${name}</sb>"),
|
||||
new OperatorType(L, UPDATE, "修改主机身份 <sb>${name}</sb>"),
|
||||
new OperatorType(H, DELETE, "删除主机身份 <sb>${name}</sb>"),
|
||||
new OperatorType(H, GRANT, "将主机身份权限授予 <sb>${type}</sb> <sb>${name}</sb>"),
|
||||
new OperatorType(H, GRANT, "将主机身份权限授予 <sb>${grantType}</sb> <sb>${grantName}</sb>"),
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -31,7 +31,7 @@ public class HostKeyOperatorType extends InitializingOperatorTypes {
|
||||
new OperatorType(L, CREATE, "创建主机秘钥 <sb>${name}</sb>"),
|
||||
new OperatorType(L, UPDATE, "修改主机秘钥 <sb>${name}</sb>"),
|
||||
new OperatorType(H, DELETE, "删除主机秘钥 <sb>${name}</sb>"),
|
||||
new OperatorType(H, GRANT, "将主机秘钥权限授予 <sb>${type}</sb> <sb>${name}</sb>"),
|
||||
new OperatorType(H, GRANT, "将主机秘钥权限授予 <sb>${grantType}</sb> <sb>${grantName}</sb>"),
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -19,8 +19,8 @@ import java.io.Serializable;
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
@Schema(name = "AssetAuthorizedDataRequest", description = "授权资产数据 查询请求对象")
|
||||
public class AssetAuthorizedDataRequest implements Serializable {
|
||||
@Schema(name = "AssetAuthorizedDataQueryRequest", description = "资产授权数据 查询请求对象")
|
||||
public class AssetAuthorizedDataQueryRequest implements Serializable {
|
||||
|
||||
@Schema(description = "用户id")
|
||||
private Long userId;
|
||||
@@ -0,0 +1,31 @@
|
||||
package com.orion.ops.module.asset.entity.vo;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 已授权的主机分组 视图响应对象
|
||||
*
|
||||
* @author Jiahang Li
|
||||
* @version 1.0.0
|
||||
* @since 2023/11/30 21:37
|
||||
*/
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
@Schema(name = "AuthorizedHostGroupWrapperVO", description = "已授权的主机分组 视图响应对象")
|
||||
public class AuthorizedHostGroupWrapperVO {
|
||||
|
||||
@Schema(description = "授权的主机分组")
|
||||
private List<HostGroupTreeVO> groupTree;
|
||||
|
||||
@Schema(description = "授权的主机列表")
|
||||
private List<HostVO> hostList;
|
||||
|
||||
}
|
||||
@@ -9,7 +9,6 @@ import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
@@ -45,7 +44,7 @@ public class HostGroupTreeVO implements TreeNode<HostGroupTreeVO>, Serializable
|
||||
@Schema(description = "子节点")
|
||||
private List<HostGroupTreeVO> children;
|
||||
|
||||
@Schema(description = "分组内主机id")
|
||||
private Collection<Long> hosts;
|
||||
@Schema(description = "分组内主机")
|
||||
private List<HostVO> hostList;
|
||||
|
||||
}
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
package com.orion.ops.module.asset.service;
|
||||
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest;
|
||||
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataQueryRequest;
|
||||
import com.orion.ops.module.asset.entity.vo.AuthorizedHostGroupWrapperVO;
|
||||
import com.orion.ops.module.asset.entity.vo.HostIdentityVO;
|
||||
import com.orion.ops.module.asset.entity.vo.HostKeyVO;
|
||||
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@@ -15,12 +18,13 @@ import java.util.List;
|
||||
public interface AssetAuthorizedDataService {
|
||||
|
||||
/**
|
||||
* 获取已授权的数据
|
||||
* 获取已被授权的数据 id
|
||||
*
|
||||
* @param request request
|
||||
* @param type type
|
||||
* @return dataId
|
||||
*/
|
||||
List<Long> getAuthorizedData(AssetAuthorizedDataRequest request);
|
||||
List<Long> getAuthorizedDataRelId(DataPermissionTypeEnum type, AssetAuthorizedDataQueryRequest request);
|
||||
|
||||
/**
|
||||
* 查询用户已授权的主机分组和主机
|
||||
@@ -28,6 +32,22 @@ public interface AssetAuthorizedDataService {
|
||||
* @param userId userId
|
||||
* @return group
|
||||
*/
|
||||
List<HostGroupTreeVO> getUserAuthorizedHostGroup(Long userId);
|
||||
AuthorizedHostGroupWrapperVO getUserAuthorizedHostGroup(Long userId);
|
||||
|
||||
/**
|
||||
* 查询用户已授权的主机秘钥
|
||||
*
|
||||
* @param userId userId
|
||||
* @return key
|
||||
*/
|
||||
List<HostKeyVO> getUserAuthorizedHostKey(Long userId);
|
||||
|
||||
/**
|
||||
* 查询用户已授权的主机身份
|
||||
*
|
||||
* @param userId userId
|
||||
* @return identity
|
||||
*/
|
||||
List<HostIdentityVO> getUserAuthorizedHostIdentity(Long userId);
|
||||
|
||||
}
|
||||
|
||||
@@ -1,13 +1,17 @@
|
||||
package com.orion.ops.module.asset.service.impl;
|
||||
|
||||
import com.orion.lang.function.Functions;
|
||||
import com.orion.lang.utils.collect.Lists;
|
||||
import com.orion.ops.framework.common.constant.Const;
|
||||
import com.orion.ops.framework.common.utils.TreeUtils;
|
||||
import com.orion.ops.framework.common.utils.Valid;
|
||||
import com.orion.ops.module.asset.convert.HostGroupConvert;
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest;
|
||||
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
|
||||
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataQueryRequest;
|
||||
import com.orion.ops.module.asset.entity.vo.*;
|
||||
import com.orion.ops.module.asset.service.AssetAuthorizedDataService;
|
||||
import com.orion.ops.module.asset.service.HostIdentityService;
|
||||
import com.orion.ops.module.asset.service.HostKeyService;
|
||||
import com.orion.ops.module.asset.service.HostService;
|
||||
import com.orion.ops.module.infra.api.DataGroupApi;
|
||||
import com.orion.ops.module.infra.api.DataGroupRelApi;
|
||||
import com.orion.ops.module.infra.api.DataPermissionApi;
|
||||
@@ -20,6 +24,8 @@ import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.*;
|
||||
import java.util.function.Function;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 资产模块 授权数据服务实现类
|
||||
@@ -44,32 +50,89 @@ public class AssetAuthorizedDataServiceImpl implements AssetAuthorizedDataServic
|
||||
@Resource
|
||||
private SystemUserApi systemUserApi;
|
||||
|
||||
@Resource
|
||||
private HostService hostService;
|
||||
|
||||
@Resource
|
||||
private HostKeyService hostKeyService;
|
||||
|
||||
@Resource
|
||||
private HostIdentityService hostIdentityService;
|
||||
|
||||
@Override
|
||||
public List<Long> getAuthorizedData(AssetAuthorizedDataRequest request) {
|
||||
public List<Long> getAuthorizedDataRelId(DataPermissionTypeEnum type, AssetAuthorizedDataQueryRequest request) {
|
||||
Long userId = request.getUserId();
|
||||
Long roleId = request.getRoleId();
|
||||
Valid.isTrue(userId != null || roleId != null);
|
||||
if (userId != null) {
|
||||
// 查询用户数据
|
||||
return dataPermissionApi.getRelIdListByUserId(DataPermissionTypeEnum.HOST_GROUP, userId);
|
||||
return dataPermissionApi.getRelIdListByUserId(type, userId);
|
||||
} else {
|
||||
// 查询角色数据
|
||||
return dataPermissionApi.getRelIdListByRoleId(DataPermissionTypeEnum.HOST_GROUP, roleId);
|
||||
return dataPermissionApi.getRelIdListByRoleId(type, roleId);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<HostGroupTreeVO> getUserAuthorizedHostGroup(Long userId) {
|
||||
public AuthorizedHostGroupWrapperVO getUserAuthorizedHostGroup(Long userId) {
|
||||
if (systemUserApi.isAdminUser(userId)) {
|
||||
// 管理员查询所有
|
||||
return this.buildUserAuthorizedHostGroup(null);
|
||||
} else {
|
||||
// 其他用户查询授权的分组
|
||||
List<Long> authorizedGroupIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId);
|
||||
if (authorizedGroupIdList.isEmpty()) {
|
||||
// 其他用户 查询授权的数据
|
||||
List<Long> authorizedIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId);
|
||||
if (authorizedIdList.isEmpty()) {
|
||||
// 无数据
|
||||
return AuthorizedHostGroupWrapperVO.builder()
|
||||
.groupTree(Lists.empty())
|
||||
.hostList(Lists.empty())
|
||||
.build();
|
||||
}
|
||||
return this.buildUserAuthorizedHostGroup(authorizedIdList);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<HostKeyVO> getUserAuthorizedHostKey(Long userId) {
|
||||
if (systemUserApi.isAdminUser(userId)) {
|
||||
// 管理员查询所有
|
||||
return hostKeyService.getHostKeyList();
|
||||
} else {
|
||||
// 其他用户 查询授权的数据
|
||||
List<Long> authorizedIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_KEY, userId);
|
||||
if (authorizedIdList.isEmpty()) {
|
||||
return Lists.empty();
|
||||
}
|
||||
return this.buildUserAuthorizedHostGroup(authorizedGroupIdList);
|
||||
// 映射数据
|
||||
Map<Long, HostKeyVO> keys = hostKeyService.getHostKeyList()
|
||||
.stream()
|
||||
.collect(Collectors.toMap(HostKeyVO::getId, Function.identity(), Functions.right()));
|
||||
return authorizedIdList.stream()
|
||||
.map(keys::get)
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<HostIdentityVO> getUserAuthorizedHostIdentity(Long userId) {
|
||||
if (systemUserApi.isAdminUser(userId)) {
|
||||
// 管理员查询所有
|
||||
return hostIdentityService.getHostIdentityList();
|
||||
} else {
|
||||
// 其他用户 查询授权的数据
|
||||
List<Long> authorizedIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_IDENTITY, userId);
|
||||
if (authorizedIdList.isEmpty()) {
|
||||
return Lists.empty();
|
||||
}
|
||||
// 映射数据
|
||||
Map<Long, HostIdentityVO> identities = hostIdentityService.getHostIdentityList()
|
||||
.stream()
|
||||
.collect(Collectors.toMap(HostIdentityVO::getId, Function.identity(), Functions.right()));
|
||||
return authorizedIdList.stream()
|
||||
.map(identities::get)
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -79,36 +142,60 @@ public class AssetAuthorizedDataServiceImpl implements AssetAuthorizedDataServic
|
||||
* @param authorizedGroupIdList authorizedGroupIdList
|
||||
* @return tree
|
||||
*/
|
||||
private List<HostGroupTreeVO> buildUserAuthorizedHostGroup(List<Long> authorizedGroupIdList) {
|
||||
private AuthorizedHostGroupWrapperVO buildUserAuthorizedHostGroup(List<Long> authorizedGroupIdList) {
|
||||
final boolean allData = Lists.isEmpty(authorizedGroupIdList);
|
||||
AuthorizedHostGroupWrapperVO wrapper = new AuthorizedHostGroupWrapperVO();
|
||||
// 查询主机列表
|
||||
List<HostVO> hosts = hostService.getHostListByCache();
|
||||
Map<Long, HostVO> hostMap = hosts.stream()
|
||||
.collect(Collectors.toMap(HostVO::getId, Function.identity(), Functions.right()));
|
||||
// 查询分组引用
|
||||
Map<Long, Set<Long>> groupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST);
|
||||
// 查询分组
|
||||
List<DataGroupDTO> dataGroup = dataGroupApi.getDataGroupList(DataGroupTypeEnum.HOST);
|
||||
// 过滤分组
|
||||
if (!Lists.isEmpty(authorizedGroupIdList)) {
|
||||
if (!allData) {
|
||||
// 构建已授权的分组
|
||||
List<DataGroupDTO> relNodes = new ArrayList<>();
|
||||
TreeUtils.getAllNodes(dataGroup, authorizedGroupIdList, relNodes);
|
||||
dataGroup = new ArrayList<>(new HashSet<>(relNodes));
|
||||
}
|
||||
// 查询分组引用
|
||||
Map<Long, Set<Long>> groupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST);
|
||||
// 设置组内数据
|
||||
List<HostGroupTreeVO> groupList = HostGroupConvert.MAPPER.toList(dataGroup);
|
||||
if (Lists.isEmpty(authorizedGroupIdList)) {
|
||||
// 设置全部数据
|
||||
groupList.forEach(s -> s.setHosts(groupRel.get(s.getId())));
|
||||
} else {
|
||||
// 仅设置已授权的数据
|
||||
groupList.stream()
|
||||
.filter(s -> authorizedGroupIdList.contains(s.getId()))
|
||||
.forEach(s -> s.setHosts(groupRel.get(s.getId())));
|
||||
}
|
||||
// 构建树
|
||||
groupList.stream()
|
||||
// 因为可能父菜单没有授权 这里需要判断组
|
||||
.filter(s -> allData || authorizedGroupIdList.contains(s.getId()))
|
||||
.forEach(s -> {
|
||||
List<HostVO> groupHosts = Lists.stream(groupRel.get(s.getId()))
|
||||
.map(hostMap::get)
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
s.setHostList(groupHosts);
|
||||
});
|
||||
// 构建主机树
|
||||
HostGroupTreeVO rootNode = HostGroupTreeVO.builder()
|
||||
.id(Const.ROOT_PARENT_ID)
|
||||
.sort(Const.DEFAULT_SORT)
|
||||
.build();
|
||||
TreeUtils.buildGroupTree(rootNode, groupList);
|
||||
return rootNode.getChildren();
|
||||
wrapper.setGroupTree(rootNode.getChildren());
|
||||
// 设置授权的主机
|
||||
if (allData) {
|
||||
// 设置全部数据
|
||||
wrapper.setHostList(hosts);
|
||||
} else {
|
||||
// 仅设置已授权的数据
|
||||
List<HostVO> groupHosts = groupList.stream()
|
||||
.filter(s -> authorizedGroupIdList.contains(s.getId()))
|
||||
.map(s -> groupRel.get(s.getId()))
|
||||
.filter(Lists::isNoneEmpty)
|
||||
.flatMap(Collection::stream)
|
||||
.map(hostMap::get)
|
||||
.filter(Objects::nonNull)
|
||||
.collect(Collectors.toList());
|
||||
wrapper.setHostList(groupHosts);
|
||||
}
|
||||
return wrapper;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
package com.orion.ops.module.asset.service.impl;
|
||||
|
||||
import com.orion.lang.utils.collect.Lists;
|
||||
import com.orion.ops.framework.biz.operator.log.core.uitls.OperatorLogs;
|
||||
import com.orion.ops.framework.common.constant.Const;
|
||||
import com.orion.ops.framework.common.constant.ErrorMessage;
|
||||
import com.orion.ops.framework.common.utils.Valid;
|
||||
import com.orion.ops.module.asset.dao.HostIdentityDAO;
|
||||
@@ -128,14 +130,15 @@ public class AssetDataGrantServiceImpl implements AssetDataGrantService {
|
||||
// 检测用户是否存在
|
||||
SystemUserDTO user = systemUserApi.getUserById(userId);
|
||||
Valid.notNull(user, ErrorMessage.USER_ABSENT);
|
||||
// TODO 日志查看 type name
|
||||
OperatorLogs.add(OperatorLogs.GRANT_TYPE, Const.CN_USER);
|
||||
OperatorLogs.add(OperatorLogs.GRANT_NAME, user.getNickname() + "(" + user.getUsername() + ")");
|
||||
}
|
||||
if (roleId != null) {
|
||||
// 检测角色是否存在
|
||||
SystemRoleDTO role = systemRoleApi.getRoleById(roleId);
|
||||
Valid.notNull(role, ErrorMessage.ROLE_ABSENT);
|
||||
// TODO 日志查看 type name
|
||||
|
||||
OperatorLogs.add(OperatorLogs.GRANT_TYPE, Const.CN_ROLE);
|
||||
OperatorLogs.add(OperatorLogs.GRANT_NAME, role.getName() + "(" + role.getCode() + ")");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user