manager/orion-visor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 重构代码.

Browse Source
This commit is contained in:
lijiahang
2023-11-30 19:23:15 +08:00
parent 550366e929
commit af0ea29f72
20 changed files with 524 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.http Normal file
View File

@@ -0,0 +1,9 @@
### 查询已授权的主机分组
GET {{baseUrl}}/asset/authorized-data/host-group
Authorization: {{token}}
### 获取已授权的分组
GET {{baseUrl}}/asset/authorized-data/get-authorized-group?userId=1
Authorization: {{token}}

22
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.java → orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.java
View File

@@ -4,11 +4,13 @@ import com.orion.ops.framework.log.core.annotation.IgnoreLog;
import com.orion.ops.framework.log.core.enums.IgnoreLogMode;
import com.orion.ops.framework.security.core.utils.SecurityUtils;
import com.orion.ops.framework.web.core.annotation.RestWrapper;
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest;
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
import com.orion.ops.module.asset.service.HostGroupService;
import com.orion.ops.module.asset.service.AssetAuthorizedDataService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -30,16 +32,28 @@ import java.util.List;
@RestWrapper
@RestController
@RequestMapping("/asset/authorized-data")
public class AssetDataController {
public class AssetAuthorizedDataServiceController {
// FIXME 字典 菜单 http api
@Resource
private HostGroupService hostGroupService;
private AssetAuthorizedDataService assetAuthorizedDataService;
@IgnoreLog(IgnoreLogMode.RET)
@GetMapping("/host-group")
@Operation(summary = "查询已授权的主机分组")
public List<HostGroupTreeVO> getAuthorizedHostGroup() {
return hostGroupService.getUserAuthorizedHostGroup(SecurityUtils.getLoginUserId());
return assetAuthorizedDataService.getUserAuthorizedHostGroup(SecurityUtils.getLoginUserId());
}
@IgnoreLog(IgnoreLogMode.RET)
@GetMapping("/get-host-group")
@Operation(summary = "获取已授权的分组")
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
public List<Long> getAuthorizedHostGroup(AssetAuthorizedDataRequest request) {
return assetAuthorizedDataService.getAuthorizedData(request);
}
}

4
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.http
View File

@@ -1,4 +0,0 @@
### 查询已授权的主机分组
GET {{baseUrl}}/asset/authorized-data/host-group
Authorization: {{token}}

38
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.http Normal file
View File

@@ -0,0 +1,38 @@
### 主机分组授权
PUT {{baseUrl}}/asset/data-grant/host-group
Content-Type: application/json
Authorization: {{token}}
{
"userId": 10,
"idList": [
3,
5
]
}
### 主机秘钥授权
PUT {{baseUrl}}/asset/data-grant/host-key
Content-Type: application/json
Authorization: {{token}}
{
"userId": 10,
"idList": [
3,
5
]
}
### 主机身份授权
PUT {{baseUrl}}/asset/data-grant/host-identity
Content-Type: application/json
Authorization: {{token}}
{
"userId": 10,
"idList": [
3,
5
]
}

70
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.java Normal file
View File

@@ -0,0 +1,70 @@
package com.orion.ops.module.asset.controller;
import com.orion.lang.define.wrapper.HttpWrapper;
import com.orion.ops.framework.biz.operator.log.core.annotation.OperatorLog;
import com.orion.ops.framework.web.core.annotation.RestWrapper;
import com.orion.ops.module.asset.define.operator.HostGroupOperatorType;
import com.orion.ops.module.asset.define.operator.HostIdentityOperatorType;
import com.orion.ops.module.asset.define.operator.HostKeyOperatorType;
import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest;
import com.orion.ops.module.asset.service.AssetDataGrantService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
/**
* 资产模块 授权数据服务
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/11/23 14:10
*/
@Tag(name = "asset - 授权数据服务")
@Slf4j
@Validated
@RestWrapper
@RestController
@RequestMapping("/asset/data-grant")
public class AssetDataGrantServiceController {
// FIXME 字典 菜单 http 前端api
@Resource
private AssetDataGrantService assetDataGrantService;
@OperatorLog(HostGroupOperatorType.GRANT)
@PutMapping("/host-group")
@Operation(summary = "主机分组授权")
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
public HttpWrapper<?> grantHostGroup(@RequestBody AssetDataGrantRequest request) {
assetDataGrantService.grantHostGroup(request);
return HttpWrapper.ok();
}
@OperatorLog(HostKeyOperatorType.GRANT)
@PutMapping("/host-key")
@Operation(summary = "主机秘钥授权")
@PreAuthorize("@ss.hasPermission('asset:host-key:grant')")
public HttpWrapper<?> grantHostKey(@RequestBody AssetDataGrantRequest request) {
assetDataGrantService.grantHostKey(request);
return HttpWrapper.ok();
}
@OperatorLog(HostIdentityOperatorType.GRANT)
@PutMapping("/host-identity")
@Operation(summary = "主机身份授权")
@PreAuthorize("@ss.hasPermission('asset:host-identity:grant')")
public HttpWrapper<?> grantHostIdentity(@RequestBody AssetDataGrantRequest request) {
assetDataGrantService.grantHostIdentity(request);
return HttpWrapper.ok();
}
}

19
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.http
View File

@@ -41,23 +41,4 @@ Authorization: {{token}}
DELETE {{baseUrl}}/asset/host-group/delete?id=1
Authorization: {{token}}
### 获取已授权的分组
GET {{baseUrl}}/asset/host-group/get-authorized-group?userId=1
Authorization: {{token}}
### 主机分组授权
PUT {{baseUrl}}/asset/host-group/grant
Content-Type: application/json
Authorization: {{token}}
{
"userId": 10,
"groupIdList": [
3,
5
]
}
###

19
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.java
View File

@@ -6,8 +6,6 @@ import com.orion.ops.framework.log.core.annotation.IgnoreLog;
import com.orion.ops.framework.log.core.enums.IgnoreLogMode;
import com.orion.ops.framework.web.core.annotation.RestWrapper;
import com.orion.ops.module.asset.define.operator.HostGroupOperatorType;
import com.orion.ops.module.asset.entity.request.host.HostGroupGrantQueryRequest;
import com.orion.ops.module.asset.entity.request.host.HostGroupGrantRequest;
import com.orion.ops.module.asset.entity.request.host.HostGroupRelUpdateRequest;
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
import com.orion.ops.module.asset.service.HostGroupService;
@@ -103,22 +101,5 @@ public class HostGroupController {
return HttpWrapper.ok();
}
@IgnoreLog(IgnoreLogMode.RET)
@GetMapping("/get-authorized-group")
@Operation(summary = "获取已授权的分组")
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
public List<Long> getAuthorizedHostGroup(HostGroupGrantQueryRequest request) {
return hostGroupService.getAuthorizedHostGroup(request);
}
@OperatorLog(HostGroupOperatorType.GRANT)
@PutMapping("/grant")
@Operation(summary = "主机分组授权")
@PreAuthorize("@ss.hasPermission('asset:host-group:grant')")
public HttpWrapper<?> grantHostGroup(@RequestBody HostGroupGrantRequest request) {
hostGroupService.grantHostGroup(request);
return HttpWrapper.ok();
}
}

3
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostIdentityOperatorType.java
View File

@@ -23,12 +23,15 @@ public class HostIdentityOperatorType extends InitializingOperatorTypes {
public static final String DELETE = "host-identity:delete";
public static final String GRANT = "host-identity:grant";
@Override
public OperatorType[] types() {
return new OperatorType[]{
new OperatorType(L, CREATE, "创建主机身份 <sb>${name}</sb>"),
new OperatorType(L, UPDATE, "修改主机身份 <sb>${name}</sb>"),
new OperatorType(H, DELETE, "删除主机身份 <sb>${name}</sb>"),
new OperatorType(H, GRANT, "将主机身份权限授予 <sb>${type}</sb> <sb>${name}</sb>"),
};
}

3
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostKeyOperatorType.java
View File

@@ -23,12 +23,15 @@ public class HostKeyOperatorType extends InitializingOperatorTypes {
public static final String DELETE = "host-key:delete";
public static final String GRANT = "host-key:grant";
@Override
public OperatorType[] types() {
return new OperatorType[]{
new OperatorType(L, CREATE, "创建主机秘钥 <sb>${name}</sb>"),
new OperatorType(L, UPDATE, "修改主机秘钥 <sb>${name}</sb>"),
new OperatorType(H, DELETE, "删除主机秘钥 <sb>${name}</sb>"),
new OperatorType(H, GRANT, "将主机秘钥权限授予 <sb>${type}</sb> <sb>${name}</sb>"),
};
}

8
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantQueryRequest.java → orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetAuthorizedDataRequest.java
View File

@@ -1,4 +1,4 @@
package com.orion.ops.module.asset.entity.request.host;
package com.orion.ops.module.asset.entity.request.asset;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.AllArgsConstructor;
@@ -9,7 +9,7 @@ import lombok.NoArgsConstructor;
import java.io.Serializable;
/**
* 主机分组授权 查询请求对象
* 授权资产数据 查询请求对象
*
* @author Jiahang Li
* @version 1.0.0
@@ -19,8 +19,8 @@ import java.io.Serializable;
@Builder
@NoArgsConstructor
@AllArgsConstructor
@Schema(name = "HostGroupQueryRequest", description = "主机分组授权 查询请求对象")
public class HostGroupGrantQueryRequest implements Serializable {
@Schema(name = "AssetAuthorizedDataRequest", description = "授权资产数据 查询请求对象")
public class AssetAuthorizedDataRequest implements Serializable {
@Schema(description = "用户id")
private Long userId;

10
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantRequest.java → orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetDataGrantRequest.java
View File

@@ -1,4 +1,4 @@
package com.orion.ops.module.asset.entity.request.host;
package com.orion.ops.module.asset.entity.request.asset;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.AllArgsConstructor;
@@ -10,7 +10,7 @@ import java.io.Serializable;
import java.util.List;
/**
* 主机分组 授权请求对象
* 资产数据 授权请求对象
*
* @author Jiahang Li
* @version 1.0.0
@@ -20,8 +20,8 @@ import java.util.List;
@Builder
@NoArgsConstructor
@AllArgsConstructor
@Schema(name = "HostGroupGrantRequest", description = "主机分组 授权请求对象")
public class HostGroupGrantRequest implements Serializable {
@Schema(name = "AssetDataGrantRequest", description = "资产数据 授权请求对象")
public class AssetDataGrantRequest implements Serializable {
@Schema(description = "用户id")
private Long userId;
@@ -30,6 +30,6 @@ public class HostGroupGrantRequest implements Serializable {
private Long roleId;
@Schema(description = "分组id")
private List<Long> groupIdList;
private List<Long> idList;
}

33
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java Normal file
View File

@@ -0,0 +1,33 @@
package com.orion.ops.module.asset.service;
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest;
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
import java.util.List;
/**
* 资产模块 授权数据服务
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/11/30 18:33
*/
public interface AssetAuthorizedDataService {
/**
* 获取已授权的数据
*
* @param request request
* @return dataId
*/
List<Long> getAuthorizedData(AssetAuthorizedDataRequest request);
/**
* 查询用户已授权的主机分组和主机
*
* @param userId userId
* @return group
*/
List<HostGroupTreeVO> getUserAuthorizedHostGroup(Long userId);
}

44
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetDataGrantService.java Normal file
View File

@@ -0,0 +1,44 @@
package com.orion.ops.module.asset.service;
import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest;
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
/**
* 资产模块 数据授权服务
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/11/30 18:33
*/
public interface AssetDataGrantService {
/**
* 主机分组授权
*
* @param request request
*/
void grantHostGroup(AssetDataGrantRequest request);
/**
* 主机秘钥授权
*
* @param request request
*/
void grantHostKey(AssetDataGrantRequest request);
/**
* 主机身份授权
*
* @param request request
*/
void grantHostIdentity(AssetDataGrantRequest request);
/**
* 数据授权
*
* @param type type
* @param request request
*/
void grantData(DataPermissionTypeEnum type, AssetDataGrantRequest request);
}

25
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostGroupService.java
View File

@@ -1,7 +1,5 @@
package com.orion.ops.module.asset.service;
import com.orion.ops.module.asset.entity.request.host.HostGroupGrantQueryRequest;
import com.orion.ops.module.asset.entity.request.host.HostGroupGrantRequest;
import com.orion.ops.module.asset.entity.request.host.HostGroupRelUpdateRequest;
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
import com.orion.ops.module.infra.entity.dto.data.DataGroupCreateDTO;
@@ -74,27 +72,4 @@ public interface HostGroupService {
*/
void updateHostGroupRel(HostGroupRelUpdateRequest request);
/**
* 获取已授权的分组
*
* @param request request
* @return grantGroupId
*/
List<Long> getAuthorizedHostGroup(HostGroupGrantQueryRequest request);
/**
* 授权主机分组
*
* @param request request
*/
void grantHostGroup(HostGroupGrantRequest request);
/**
* 查询用户已授权的主机分组和主机
*
* @param userId userId
* @return group
*/
List<HostGroupTreeVO> getUserAuthorizedHostGroup(Long userId);
}

114
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java Normal file
View File

@@ -0,0 +1,114 @@
package com.orion.ops.module.asset.service.impl;
import com.orion.lang.utils.collect.Lists;
import com.orion.ops.framework.common.constant.Const;
import com.orion.ops.framework.common.utils.TreeUtils;
import com.orion.ops.framework.common.utils.Valid;
import com.orion.ops.module.asset.convert.HostGroupConvert;
import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest;
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
import com.orion.ops.module.asset.service.AssetAuthorizedDataService;
import com.orion.ops.module.infra.api.DataGroupApi;
import com.orion.ops.module.infra.api.DataGroupRelApi;
import com.orion.ops.module.infra.api.DataPermissionApi;
import com.orion.ops.module.infra.api.SystemUserApi;
import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO;
import com.orion.ops.module.infra.enums.DataGroupTypeEnum;
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.*;
/**
* 资产模块 授权数据服务实现类
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/11/30 18:35
*/
@Slf4j
@Service
public class AssetAuthorizedDataServiceImpl implements AssetAuthorizedDataService {
@Resource
private DataGroupApi dataGroupApi;
@Resource
private DataGroupRelApi dataGroupRelApi;
@Resource
private DataPermissionApi dataPermissionApi;
@Resource
private SystemUserApi systemUserApi;
@Override
public List<Long> getAuthorizedData(AssetAuthorizedDataRequest request) {
Long userId = request.getUserId();
Long roleId = request.getRoleId();
Valid.isTrue(userId != null || roleId != null);
if (userId != null) {
// 查询用户数据
return dataPermissionApi.getRelIdListByUserId(DataPermissionTypeEnum.HOST_GROUP, userId);
} else {
// 查询角色数据
return dataPermissionApi.getRelIdListByRoleId(DataPermissionTypeEnum.HOST_GROUP, roleId);
}
}
@Override
public List<HostGroupTreeVO> getUserAuthorizedHostGroup(Long userId) {
if (systemUserApi.isAdminUser(userId)) {
// 管理员查询所有
return this.buildUserAuthorizedHostGroup(null);
} else {
// 其他用户查询授权的分组
List<Long> authorizedGroupIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId);
if (authorizedGroupIdList.isEmpty()) {
return Lists.empty();
}
return this.buildUserAuthorizedHostGroup(authorizedGroupIdList);
}
}
/**
* 构建授权的主机分组树
*
* @param authorizedGroupIdList authorizedGroupIdList
* @return tree
*/
private List<HostGroupTreeVO> buildUserAuthorizedHostGroup(List<Long> authorizedGroupIdList) {
// 查询分组
List<DataGroupDTO> dataGroup = dataGroupApi.getDataGroupList(DataGroupTypeEnum.HOST);
// 过滤分组
if (!Lists.isEmpty(authorizedGroupIdList)) {
// 构建已授权的分组
List<DataGroupDTO> relNodes = new ArrayList<>();
TreeUtils.getAllNodes(dataGroup, authorizedGroupIdList, relNodes);
dataGroup = new ArrayList<>(new HashSet<>(relNodes));
}
// 查询分组引用
Map<Long, Set<Long>> groupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST);
// 设置组内数据
List<HostGroupTreeVO> groupList = HostGroupConvert.MAPPER.toList(dataGroup);
if (Lists.isEmpty(authorizedGroupIdList)) {
// 设置全部数据
groupList.forEach(s -> s.setHosts(groupRel.get(s.getId())));
} else {
// 仅设置已授权的数据
groupList.stream()
.filter(s -> authorizedGroupIdList.contains(s.getId()))
.forEach(s -> s.setHosts(groupRel.get(s.getId())));
}
// 构建树
HostGroupTreeVO rootNode = HostGroupTreeVO.builder()
.id(Const.ROOT_PARENT_ID)
.sort(Const.DEFAULT_SORT)
.build();
TreeUtils.buildGroupTree(rootNode, groupList);
return rootNode.getChildren();
}
}

142
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetDataGrantServiceImpl.java Normal file
View File

@@ -0,0 +1,142 @@
package com.orion.ops.module.asset.service.impl;
import com.orion.lang.utils.collect.Lists;
import com.orion.ops.framework.common.constant.ErrorMessage;
import com.orion.ops.framework.common.utils.Valid;
import com.orion.ops.module.asset.dao.HostIdentityDAO;
import com.orion.ops.module.asset.dao.HostKeyDAO;
import com.orion.ops.module.asset.entity.domain.HostIdentityDO;
import com.orion.ops.module.asset.entity.domain.HostKeyDO;
import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest;
import com.orion.ops.module.asset.service.AssetDataGrantService;
import com.orion.ops.module.infra.api.DataGroupApi;
import com.orion.ops.module.infra.api.DataPermissionApi;
import com.orion.ops.module.infra.api.SystemRoleApi;
import com.orion.ops.module.infra.api.SystemUserApi;
import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO;
import com.orion.ops.module.infra.entity.dto.data.DataPermissionUpdateDTO;
import com.orion.ops.module.infra.entity.dto.role.SystemRoleDTO;
import com.orion.ops.module.infra.entity.dto.user.SystemUserDTO;
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
import com.orion.spring.SpringHolder;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.annotation.Resource;
import java.util.List;
/**
* 资产模块 数据授权服务实现类
*
* @author Jiahang Li
* @version 1.0.0
* @since 2023/11/30 18:34
*/
@Slf4j
@Service
public class AssetDataGrantServiceImpl implements AssetDataGrantService {
@Resource
private DataPermissionApi dataPermissionApi;
@Resource
private SystemRoleApi systemRoleApi;
@Resource
private SystemUserApi systemUserApi;
@Resource
private DataGroupApi dataGroupApi;
@Resource
private HostKeyDAO hostKeyDAO;
@Resource
private HostIdentityDAO hostIdentityDAO;
@Override
@Transactional(rollbackFor = Exception.class)
public void grantHostGroup(AssetDataGrantRequest request) {
// 检查身份
this.checkGrantIdentity(request);
// 检查数据是否存在
List<Long> idList = request.getIdList();
if (!Lists.isEmpty(idList)) {
List<DataGroupDTO> groupList = dataGroupApi.getByIdList(idList);
Valid.eq(groupList.size(), idList.size(), ErrorMessage.DATA_MODIFIED);
}
// 数据授权
SpringHolder.getBean(AssetDataGrantService.class)
.grantData(DataPermissionTypeEnum.HOST_GROUP, request);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void grantHostKey(AssetDataGrantRequest request) {
// 检查身份
this.checkGrantIdentity(request);
// 检查数据是否存在
List<Long> idList = request.getIdList();
if (!Lists.isEmpty(idList)) {
List<HostKeyDO> keys = hostKeyDAO.selectBatchIds(idList);
Valid.eq(keys.size(), idList.size(), ErrorMessage.DATA_MODIFIED);
}
// 数据授权
SpringHolder.getBean(AssetDataGrantService.class)
.grantData(DataPermissionTypeEnum.HOST_KEY, request);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void grantHostIdentity(AssetDataGrantRequest request) {
// 检查身份
this.checkGrantIdentity(request);
// 检查数据是否存在
List<Long> idList = request.getIdList();
if (!Lists.isEmpty(idList)) {
List<HostIdentityDO> identities = hostIdentityDAO.selectBatchIds(idList);
Valid.eq(identities.size(), idList.size(), ErrorMessage.DATA_MODIFIED);
}
// 数据授权
SpringHolder.getBean(AssetDataGrantService.class)
.grantData(DataPermissionTypeEnum.HOST_IDENTITY, request);
}
@Override
@Transactional(rollbackFor = Exception.class)
public void grantData(DataPermissionTypeEnum type, AssetDataGrantRequest request) {
// 授权
DataPermissionUpdateDTO grant = DataPermissionUpdateDTO.builder()
.roleId(request.getRoleId())
.userId(request.getUserId())
.relIdList(request.getIdList())
.build();
dataPermissionApi.updateDataPermission(type, grant);
}
/**
* 检查授权身份
*
* @param request request
*/
private void checkGrantIdentity(AssetDataGrantRequest request) {
Long userId = request.getUserId();
Long roleId = request.getRoleId();
Valid.isTrue(userId != null || roleId != null);
if (userId != null) {
// 检测用户是否存在
SystemUserDTO user = systemUserApi.getUserById(userId);
Valid.notNull(user, ErrorMessage.USER_ABSENT);
// TODO 日志查看 type name
}
if (roleId != null) {
// 检测角色是否存在
SystemRoleDTO role = systemRoleApi.getRoleById(roleId);
Valid.notNull(role, ErrorMessage.ROLE_ABSENT);
// TODO 日志查看 type name
}
}
}

114
orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostGroupServiceImpl.java
View File

@@ -1,25 +1,24 @@
package com.orion.ops.module.asset.service.impl;
import com.orion.lang.utils.collect.Lists;
import com.orion.ops.framework.common.constant.Const;
import com.orion.ops.framework.common.constant.ErrorMessage;
import com.orion.ops.framework.common.utils.TreeUtils;
import com.orion.ops.framework.common.utils.Valid;
import com.orion.ops.module.asset.convert.HostGroupConvert;
import com.orion.ops.module.asset.entity.request.host.HostGroupGrantQueryRequest;
import com.orion.ops.module.asset.entity.request.host.HostGroupGrantRequest;
import com.orion.ops.module.asset.entity.request.host.HostGroupRelUpdateRequest;
import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO;
import com.orion.ops.module.asset.service.HostGroupService;
import com.orion.ops.module.infra.api.*;
import com.orion.ops.module.infra.entity.dto.data.*;
import com.orion.ops.module.infra.api.DataGroupApi;
import com.orion.ops.module.infra.api.DataGroupRelApi;
import com.orion.ops.module.infra.api.DataPermissionApi;
import com.orion.ops.module.infra.entity.dto.data.DataGroupCreateDTO;
import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO;
import com.orion.ops.module.infra.entity.dto.data.DataGroupMoveDTO;
import com.orion.ops.module.infra.entity.dto.data.DataGroupRenameDTO;
import com.orion.ops.module.infra.enums.DataGroupTypeEnum;
import com.orion.ops.module.infra.enums.DataPermissionTypeEnum;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.annotation.Resource;
import java.util.*;
import java.util.List;
import java.util.Set;
/**
* 主机分组服务 实现类
@@ -40,12 +39,6 @@ public class HostGroupServiceImpl implements HostGroupService {
@Resource
private DataPermissionApi dataPermissionApi;
@Resource
private SystemRoleApi systemRoleApi;
@Resource
private SystemUserApi systemUserApi;
@Override
public Long createHostGroup(DataGroupCreateDTO request) {
return dataGroupApi.createDataGroup(DataGroupTypeEnum.HOST, request);
@@ -87,93 +80,4 @@ public class HostGroupServiceImpl implements HostGroupService {
dataGroupRelApi.updateGroupRel(request.getGroupId(), request.getHostIdList());
}
@Override
public List<Long> getAuthorizedHostGroup(HostGroupGrantQueryRequest request) {
Long userId = request.getUserId();
Long roleId = request.getRoleId();
Valid.isTrue(userId != null || roleId != null);
if (userId != null) {
// 查询用户数据
return dataPermissionApi.getRelIdListByUserId(DataPermissionTypeEnum.HOST_GROUP, userId);
} else {
// 查询角色数据
return dataPermissionApi.getRelIdListByRoleId(DataPermissionTypeEnum.HOST_GROUP, roleId);
}
}
@Override
public void grantHostGroup(HostGroupGrantRequest request) {
Long userId = request.getUserId();
Long roleId = request.getRoleId();
Valid.isTrue(userId != null || roleId != null);
if (userId != null) {
// 检测用户是否存在
Valid.notNull(systemUserApi.getUserById(userId), ErrorMessage.USER_ABSENT);
}
if (roleId != null) {
// 检测角色是否存在
Valid.notNull(systemRoleApi.getRoleById(roleId), ErrorMessage.ROLE_ABSENT);
}
// 授权
DataPermissionUpdateDTO grant = DataPermissionUpdateDTO.builder()
.roleId(roleId)
.userId(userId)
.relIdList(request.getGroupIdList())
.build();
dataPermissionApi.updateDataPermission(DataPermissionTypeEnum.HOST_GROUP, grant);
}
@Override
public List<HostGroupTreeVO> getUserAuthorizedHostGroup(Long userId) {
if (systemUserApi.isAdminUser(userId)) {
// 管理员查询所有
return this.buildUserAuthorizedHostGroup(null);
} else {
// 其他用户查询授权的分组
List<Long> authorizedGroupIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId);
if (authorizedGroupIdList.isEmpty()) {
return Lists.empty();
}
return this.buildUserAuthorizedHostGroup(authorizedGroupIdList);
}
}
/**
* 构建授权的主机分组树
*
* @param authorizedGroupIdList authorizedGroupIdList
* @return tree
*/
private List<HostGroupTreeVO> buildUserAuthorizedHostGroup(List<Long> authorizedGroupIdList) {
// 查询分组
List<DataGroupDTO> dataGroup = dataGroupApi.getDataGroupList(DataGroupTypeEnum.HOST);
// 过滤分组
if (!Lists.isEmpty(authorizedGroupIdList)) {
// 构建已授权的分组
List<DataGroupDTO> relNodes = new ArrayList<>();
TreeUtils.getAllNodes(dataGroup, authorizedGroupIdList, relNodes);
dataGroup = new ArrayList<>(new HashSet<>(relNodes));
}
// 查询分组引用
Map<Long, Set<Long>> groupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST);
// 设置组内数据
List<HostGroupTreeVO> groupList = HostGroupConvert.MAPPER.toList(dataGroup);
if (Lists.isEmpty(authorizedGroupIdList)) {
// 设置全部数据
groupList.forEach(s -> s.setHosts(groupRel.get(s.getId())));
} else {
// 仅设置已授权的数据
groupList.stream()
.filter(s -> authorizedGroupIdList.contains(s.getId()))
.forEach(s -> s.setHosts(groupRel.get(s.getId())));
}
// 构建树
HostGroupTreeVO rootNode = HostGroupTreeVO.builder()
.id(Const.ROOT_PARENT_ID)
.sort(Const.DEFAULT_SORT)
.build();
TreeUtils.buildGroupTree(rootNode, groupList);
return rootNode.getChildren();
}
}

8
orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataGroupApi.java
View File

@@ -58,6 +58,14 @@ public interface DataGroupApi {
*/
List<DataGroupDTO> getDataGroupTree(DataGroupTypeEnum type);
/**
* 通过 id 查询
*
* @param idList idList
* @return rows
*/
List<DataGroupDTO> getByIdList(List<Long> idList);
/**
* 删除数据分组
*

10
orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java
View File

@@ -19,6 +19,16 @@ public enum DataPermissionTypeEnum {
*/
HOST_GROUP(true),
/**
* 主机秘钥
*/
HOST_KEY(true),
/**
* 主机身份
*/
HOST_IDENTITY(true),
;
/**

14
orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataGroupApiImpl.java
View File

@@ -3,6 +3,8 @@ package com.orion.ops.module.infra.api.impl;
import com.orion.ops.framework.common.utils.Valid;
import com.orion.ops.module.infra.api.DataGroupApi;
import com.orion.ops.module.infra.convert.DataGroupProviderConvert;
import com.orion.ops.module.infra.dao.DataGroupDAO;
import com.orion.ops.module.infra.entity.domain.DataGroupDO;
import com.orion.ops.module.infra.entity.dto.DataGroupCacheDTO;
import com.orion.ops.module.infra.entity.dto.data.DataGroupCreateDTO;
import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO;
@@ -18,6 +20,7 @@ import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
import java.util.stream.Collectors;
/**
* 数据分组 对外服务实现类
@@ -33,6 +36,9 @@ public class DataGroupApiImpl implements DataGroupApi {
@Resource
private DataGroupService dataGroupService;
@Resource
private DataGroupDAO dataGroupDAO;
@Override
public Long createDataGroup(DataGroupTypeEnum type, DataGroupCreateDTO dto) {
Valid.valid(dto);
@@ -67,6 +73,14 @@ public class DataGroupApiImpl implements DataGroupApi {
return DataGroupProviderConvert.MAPPER.toList(rows);
}
@Override
public List<DataGroupDTO> getByIdList(List<Long> idList) {
List<DataGroupDO> rows = dataGroupDAO.selectBatchIds(idList);
return rows.stream()
.map(DataGroupProviderConvert.MAPPER::to)
.collect(Collectors.toList());
}
@Override
public Integer deleteDataGroupById(Long id) {
return dataGroupService.deleteDataGroupById(id);