From af0ea29f7252c19dfbd1632c489c25b31b2b7b96 Mon Sep 17 00:00:00 2001 From: lijiahang Date: Thu, 30 Nov 2023 19:23:15 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E9=87=8D=E6=9E=84=E4=BB=A3=E7=A0=81.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AssetAuthorizedDataServiceController.http | 9 ++ ...AssetAuthorizedDataServiceController.java} | 22 ++- .../asset/controller/AssetDataController.http | 4 - .../AssetDataGrantServiceController.http | 38 +++++ .../AssetDataGrantServiceController.java | 70 +++++++++ .../asset/controller/HostGroupController.http | 19 --- .../asset/controller/HostGroupController.java | 19 --- .../operator/HostIdentityOperatorType.java | 3 + .../define/operator/HostKeyOperatorType.java | 3 + .../AssetAuthorizedDataRequest.java} | 8 +- .../AssetDataGrantRequest.java} | 10 +- .../service/AssetAuthorizedDataService.java | 33 ++++ .../asset/service/AssetDataGrantService.java | 44 ++++++ .../asset/service/HostGroupService.java | 25 --- .../impl/AssetAuthorizedDataServiceImpl.java | 114 ++++++++++++++ .../impl/AssetDataGrantServiceImpl.java | 142 ++++++++++++++++++ .../service/impl/HostGroupServiceImpl.java | 114 ++------------ .../ops/module/infra/api/DataGroupApi.java | 8 + .../infra/enums/DataPermissionTypeEnum.java | 10 ++ .../infra/api/impl/DataGroupApiImpl.java | 14 ++ 20 files changed, 524 insertions(+), 185 deletions(-) create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.http rename orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/{AssetDataController.java => AssetAuthorizedDataServiceController.java} (60%) delete mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.http create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.http create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.java rename orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/{host/HostGroupGrantQueryRequest.java => asset/AssetAuthorizedDataRequest.java} (63%) rename orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/{host/HostGroupGrantRequest.java => asset/AssetDataGrantRequest.java} (65%) create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetDataGrantService.java create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java create mode 100644 orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetDataGrantServiceImpl.java diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.http b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.http new file mode 100644 index 00000000..e1a9e1f1 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.http @@ -0,0 +1,9 @@ +### 查询已授权的主机分组 +GET {{baseUrl}}/asset/authorized-data/host-group +Authorization: {{token}} + + +### 获取已授权的分组 +GET {{baseUrl}}/asset/authorized-data/get-authorized-group?userId=1 +Authorization: {{token}} + diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.java similarity index 60% rename from orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.java rename to orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.java index 04fd743d..e61c2ac1 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetAuthorizedDataServiceController.java @@ -4,11 +4,13 @@ import com.orion.ops.framework.log.core.annotation.IgnoreLog; import com.orion.ops.framework.log.core.enums.IgnoreLogMode; import com.orion.ops.framework.security.core.utils.SecurityUtils; import com.orion.ops.framework.web.core.annotation.RestWrapper; +import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest; import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO; -import com.orion.ops.module.asset.service.HostGroupService; +import com.orion.ops.module.asset.service.AssetAuthorizedDataService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -30,16 +32,28 @@ import java.util.List; @RestWrapper @RestController @RequestMapping("/asset/authorized-data") -public class AssetDataController { +public class AssetAuthorizedDataServiceController { + + // FIXME 字典 菜单 http api + @Resource - private HostGroupService hostGroupService; + private AssetAuthorizedDataService assetAuthorizedDataService; @IgnoreLog(IgnoreLogMode.RET) @GetMapping("/host-group") @Operation(summary = "查询已授权的主机分组") public List getAuthorizedHostGroup() { - return hostGroupService.getUserAuthorizedHostGroup(SecurityUtils.getLoginUserId()); + return assetAuthorizedDataService.getUserAuthorizedHostGroup(SecurityUtils.getLoginUserId()); } + @IgnoreLog(IgnoreLogMode.RET) + @GetMapping("/get-host-group") + @Operation(summary = "获取已授权的分组") + @PreAuthorize("@ss.hasPermission('asset:host-group:grant')") + public List getAuthorizedHostGroup(AssetAuthorizedDataRequest request) { + return assetAuthorizedDataService.getAuthorizedData(request); + } + + } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.http b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.http deleted file mode 100644 index 4d010c3a..00000000 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataController.http +++ /dev/null @@ -1,4 +0,0 @@ -### 查询已授权的主机分组 -GET {{baseUrl}}/asset/authorized-data/host-group -Authorization: {{token}} - diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.http b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.http new file mode 100644 index 00000000..b7312ec0 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.http @@ -0,0 +1,38 @@ +### 主机分组授权 +PUT {{baseUrl}}/asset/data-grant/host-group +Content-Type: application/json +Authorization: {{token}} + +{ + "userId": 10, + "idList": [ + 3, + 5 + ] +} + +### 主机秘钥授权 +PUT {{baseUrl}}/asset/data-grant/host-key +Content-Type: application/json +Authorization: {{token}} + +{ + "userId": 10, + "idList": [ + 3, + 5 + ] +} + +### 主机身份授权 +PUT {{baseUrl}}/asset/data-grant/host-identity +Content-Type: application/json +Authorization: {{token}} + +{ + "userId": 10, + "idList": [ + 3, + 5 + ] +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.java new file mode 100644 index 00000000..ae913862 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/AssetDataGrantServiceController.java @@ -0,0 +1,70 @@ +package com.orion.ops.module.asset.controller; + +import com.orion.lang.define.wrapper.HttpWrapper; +import com.orion.ops.framework.biz.operator.log.core.annotation.OperatorLog; +import com.orion.ops.framework.web.core.annotation.RestWrapper; +import com.orion.ops.module.asset.define.operator.HostGroupOperatorType; +import com.orion.ops.module.asset.define.operator.HostIdentityOperatorType; +import com.orion.ops.module.asset.define.operator.HostKeyOperatorType; +import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest; +import com.orion.ops.module.asset.service.AssetDataGrantService; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.extern.slf4j.Slf4j; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import javax.annotation.Resource; + +/** + * 资产模块 授权数据服务 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/11/23 14:10 + */ +@Tag(name = "asset - 授权数据服务") +@Slf4j +@Validated +@RestWrapper +@RestController +@RequestMapping("/asset/data-grant") +public class AssetDataGrantServiceController { + + // FIXME 字典 菜单 http 前端api + + @Resource + private AssetDataGrantService assetDataGrantService; + + @OperatorLog(HostGroupOperatorType.GRANT) + @PutMapping("/host-group") + @Operation(summary = "主机分组授权") + @PreAuthorize("@ss.hasPermission('asset:host-group:grant')") + public HttpWrapper grantHostGroup(@RequestBody AssetDataGrantRequest request) { + assetDataGrantService.grantHostGroup(request); + return HttpWrapper.ok(); + } + + @OperatorLog(HostKeyOperatorType.GRANT) + @PutMapping("/host-key") + @Operation(summary = "主机秘钥授权") + @PreAuthorize("@ss.hasPermission('asset:host-key:grant')") + public HttpWrapper grantHostKey(@RequestBody AssetDataGrantRequest request) { + assetDataGrantService.grantHostKey(request); + return HttpWrapper.ok(); + } + + @OperatorLog(HostIdentityOperatorType.GRANT) + @PutMapping("/host-identity") + @Operation(summary = "主机身份授权") + @PreAuthorize("@ss.hasPermission('asset:host-identity:grant')") + public HttpWrapper grantHostIdentity(@RequestBody AssetDataGrantRequest request) { + assetDataGrantService.grantHostIdentity(request); + return HttpWrapper.ok(); + } + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.http b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.http index 7f1749df..fcff43e9 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.http +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.http @@ -41,23 +41,4 @@ Authorization: {{token}} DELETE {{baseUrl}}/asset/host-group/delete?id=1 Authorization: {{token}} - -### 获取已授权的分组 -GET {{baseUrl}}/asset/host-group/get-authorized-group?userId=1 -Authorization: {{token}} - - -### 主机分组授权 -PUT {{baseUrl}}/asset/host-group/grant -Content-Type: application/json -Authorization: {{token}} - -{ - "userId": 10, - "groupIdList": [ - 3, - 5 - ] -} - ### diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.java index 204d322c..0b92f8b6 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/controller/HostGroupController.java @@ -6,8 +6,6 @@ import com.orion.ops.framework.log.core.annotation.IgnoreLog; import com.orion.ops.framework.log.core.enums.IgnoreLogMode; import com.orion.ops.framework.web.core.annotation.RestWrapper; import com.orion.ops.module.asset.define.operator.HostGroupOperatorType; -import com.orion.ops.module.asset.entity.request.host.HostGroupGrantQueryRequest; -import com.orion.ops.module.asset.entity.request.host.HostGroupGrantRequest; import com.orion.ops.module.asset.entity.request.host.HostGroupRelUpdateRequest; import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO; import com.orion.ops.module.asset.service.HostGroupService; @@ -103,22 +101,5 @@ public class HostGroupController { return HttpWrapper.ok(); } - @IgnoreLog(IgnoreLogMode.RET) - @GetMapping("/get-authorized-group") - @Operation(summary = "获取已授权的分组") - @PreAuthorize("@ss.hasPermission('asset:host-group:grant')") - public List getAuthorizedHostGroup(HostGroupGrantQueryRequest request) { - return hostGroupService.getAuthorizedHostGroup(request); - } - - @OperatorLog(HostGroupOperatorType.GRANT) - @PutMapping("/grant") - @Operation(summary = "主机分组授权") - @PreAuthorize("@ss.hasPermission('asset:host-group:grant')") - public HttpWrapper grantHostGroup(@RequestBody HostGroupGrantRequest request) { - hostGroupService.grantHostGroup(request); - return HttpWrapper.ok(); - } - } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostIdentityOperatorType.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostIdentityOperatorType.java index 6f52e902..169a34ae 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostIdentityOperatorType.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostIdentityOperatorType.java @@ -23,12 +23,15 @@ public class HostIdentityOperatorType extends InitializingOperatorTypes { public static final String DELETE = "host-identity:delete"; + public static final String GRANT = "host-identity:grant"; + @Override public OperatorType[] types() { return new OperatorType[]{ new OperatorType(L, CREATE, "创建主机身份 ${name}"), new OperatorType(L, UPDATE, "修改主机身份 ${name}"), new OperatorType(H, DELETE, "删除主机身份 ${name}"), + new OperatorType(H, GRANT, "将主机身份权限授予 ${type} ${name}"), }; } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostKeyOperatorType.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostKeyOperatorType.java index 4a6630f3..e1c75023 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostKeyOperatorType.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/define/operator/HostKeyOperatorType.java @@ -23,12 +23,15 @@ public class HostKeyOperatorType extends InitializingOperatorTypes { public static final String DELETE = "host-key:delete"; + public static final String GRANT = "host-key:grant"; + @Override public OperatorType[] types() { return new OperatorType[]{ new OperatorType(L, CREATE, "创建主机秘钥 ${name}"), new OperatorType(L, UPDATE, "修改主机秘钥 ${name}"), new OperatorType(H, DELETE, "删除主机秘钥 ${name}"), + new OperatorType(H, GRANT, "将主机秘钥权限授予 ${type} ${name}"), }; } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantQueryRequest.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetAuthorizedDataRequest.java similarity index 63% rename from orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantQueryRequest.java rename to orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetAuthorizedDataRequest.java index 1163b4d0..886b6c79 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantQueryRequest.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetAuthorizedDataRequest.java @@ -1,4 +1,4 @@ -package com.orion.ops.module.asset.entity.request.host; +package com.orion.ops.module.asset.entity.request.asset; import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; @@ -9,7 +9,7 @@ import lombok.NoArgsConstructor; import java.io.Serializable; /** - * 主机分组授权 查询请求对象 + * 授权资产数据 查询请求对象 * * @author Jiahang Li * @version 1.0.0 @@ -19,8 +19,8 @@ import java.io.Serializable; @Builder @NoArgsConstructor @AllArgsConstructor -@Schema(name = "HostGroupQueryRequest", description = "主机分组授权 查询请求对象") -public class HostGroupGrantQueryRequest implements Serializable { +@Schema(name = "AssetAuthorizedDataRequest", description = "授权资产数据 查询请求对象") +public class AssetAuthorizedDataRequest implements Serializable { @Schema(description = "用户id") private Long userId; diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantRequest.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetDataGrantRequest.java similarity index 65% rename from orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantRequest.java rename to orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetDataGrantRequest.java index 08335243..9bba66ac 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/host/HostGroupGrantRequest.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/entity/request/asset/AssetDataGrantRequest.java @@ -1,4 +1,4 @@ -package com.orion.ops.module.asset.entity.request.host; +package com.orion.ops.module.asset.entity.request.asset; import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; @@ -10,7 +10,7 @@ import java.io.Serializable; import java.util.List; /** - * 主机分组 授权请求对象 + * 资产数据 授权请求对象 * * @author Jiahang Li * @version 1.0.0 @@ -20,8 +20,8 @@ import java.util.List; @Builder @NoArgsConstructor @AllArgsConstructor -@Schema(name = "HostGroupGrantRequest", description = "主机分组 授权请求对象") -public class HostGroupGrantRequest implements Serializable { +@Schema(name = "AssetDataGrantRequest", description = "资产数据 授权请求对象") +public class AssetDataGrantRequest implements Serializable { @Schema(description = "用户id") private Long userId; @@ -30,6 +30,6 @@ public class HostGroupGrantRequest implements Serializable { private Long roleId; @Schema(description = "分组id") - private List groupIdList; + private List idList; } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java new file mode 100644 index 00000000..4eca6a8b --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetAuthorizedDataService.java @@ -0,0 +1,33 @@ +package com.orion.ops.module.asset.service; + +import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest; +import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO; + +import java.util.List; + +/** + * 资产模块 授权数据服务 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/11/30 18:33 + */ +public interface AssetAuthorizedDataService { + + /** + * 获取已授权的数据 + * + * @param request request + * @return dataId + */ + List getAuthorizedData(AssetAuthorizedDataRequest request); + + /** + * 查询用户已授权的主机分组和主机 + * + * @param userId userId + * @return group + */ + List getUserAuthorizedHostGroup(Long userId); + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetDataGrantService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetDataGrantService.java new file mode 100644 index 00000000..3b0e8445 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/AssetDataGrantService.java @@ -0,0 +1,44 @@ +package com.orion.ops.module.asset.service; + +import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest; +import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; + +/** + * 资产模块 数据授权服务 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/11/30 18:33 + */ +public interface AssetDataGrantService { + + /** + * 主机分组授权 + * + * @param request request + */ + void grantHostGroup(AssetDataGrantRequest request); + + /** + * 主机秘钥授权 + * + * @param request request + */ + void grantHostKey(AssetDataGrantRequest request); + + /** + * 主机身份授权 + * + * @param request request + */ + void grantHostIdentity(AssetDataGrantRequest request); + + /** + * 数据授权 + * + * @param type type + * @param request request + */ + void grantData(DataPermissionTypeEnum type, AssetDataGrantRequest request); + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostGroupService.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostGroupService.java index dbd997c0..6eb85dd8 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostGroupService.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/HostGroupService.java @@ -1,7 +1,5 @@ package com.orion.ops.module.asset.service; -import com.orion.ops.module.asset.entity.request.host.HostGroupGrantQueryRequest; -import com.orion.ops.module.asset.entity.request.host.HostGroupGrantRequest; import com.orion.ops.module.asset.entity.request.host.HostGroupRelUpdateRequest; import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO; import com.orion.ops.module.infra.entity.dto.data.DataGroupCreateDTO; @@ -74,27 +72,4 @@ public interface HostGroupService { */ void updateHostGroupRel(HostGroupRelUpdateRequest request); - /** - * 获取已授权的分组 - * - * @param request request - * @return grantGroupId - */ - List getAuthorizedHostGroup(HostGroupGrantQueryRequest request); - - /** - * 授权主机分组 - * - * @param request request - */ - void grantHostGroup(HostGroupGrantRequest request); - - /** - * 查询用户已授权的主机分组和主机 - * - * @param userId userId - * @return group - */ - List getUserAuthorizedHostGroup(Long userId); - } diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java new file mode 100644 index 00000000..e47f5007 --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetAuthorizedDataServiceImpl.java @@ -0,0 +1,114 @@ +package com.orion.ops.module.asset.service.impl; + +import com.orion.lang.utils.collect.Lists; +import com.orion.ops.framework.common.constant.Const; +import com.orion.ops.framework.common.utils.TreeUtils; +import com.orion.ops.framework.common.utils.Valid; +import com.orion.ops.module.asset.convert.HostGroupConvert; +import com.orion.ops.module.asset.entity.request.asset.AssetAuthorizedDataRequest; +import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO; +import com.orion.ops.module.asset.service.AssetAuthorizedDataService; +import com.orion.ops.module.infra.api.DataGroupApi; +import com.orion.ops.module.infra.api.DataGroupRelApi; +import com.orion.ops.module.infra.api.DataPermissionApi; +import com.orion.ops.module.infra.api.SystemUserApi; +import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO; +import com.orion.ops.module.infra.enums.DataGroupTypeEnum; +import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; + +import javax.annotation.Resource; +import java.util.*; + +/** + * 资产模块 授权数据服务实现类 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/11/30 18:35 + */ +@Slf4j +@Service +public class AssetAuthorizedDataServiceImpl implements AssetAuthorizedDataService { + + @Resource + private DataGroupApi dataGroupApi; + + @Resource + private DataGroupRelApi dataGroupRelApi; + + @Resource + private DataPermissionApi dataPermissionApi; + + @Resource + private SystemUserApi systemUserApi; + + @Override + public List getAuthorizedData(AssetAuthorizedDataRequest request) { + Long userId = request.getUserId(); + Long roleId = request.getRoleId(); + Valid.isTrue(userId != null || roleId != null); + if (userId != null) { + // 查询用户数据 + return dataPermissionApi.getRelIdListByUserId(DataPermissionTypeEnum.HOST_GROUP, userId); + } else { + // 查询角色数据 + return dataPermissionApi.getRelIdListByRoleId(DataPermissionTypeEnum.HOST_GROUP, roleId); + } + } + + @Override + public List getUserAuthorizedHostGroup(Long userId) { + if (systemUserApi.isAdminUser(userId)) { + // 管理员查询所有 + return this.buildUserAuthorizedHostGroup(null); + } else { + // 其他用户查询授权的分组 + List authorizedGroupIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId); + if (authorizedGroupIdList.isEmpty()) { + return Lists.empty(); + } + return this.buildUserAuthorizedHostGroup(authorizedGroupIdList); + } + } + + /** + * 构建授权的主机分组树 + * + * @param authorizedGroupIdList authorizedGroupIdList + * @return tree + */ + private List buildUserAuthorizedHostGroup(List authorizedGroupIdList) { + // 查询分组 + List dataGroup = dataGroupApi.getDataGroupList(DataGroupTypeEnum.HOST); + // 过滤分组 + if (!Lists.isEmpty(authorizedGroupIdList)) { + // 构建已授权的分组 + List relNodes = new ArrayList<>(); + TreeUtils.getAllNodes(dataGroup, authorizedGroupIdList, relNodes); + dataGroup = new ArrayList<>(new HashSet<>(relNodes)); + } + // 查询分组引用 + Map> groupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST); + // 设置组内数据 + List groupList = HostGroupConvert.MAPPER.toList(dataGroup); + if (Lists.isEmpty(authorizedGroupIdList)) { + // 设置全部数据 + groupList.forEach(s -> s.setHosts(groupRel.get(s.getId()))); + } else { + // 仅设置已授权的数据 + groupList.stream() + .filter(s -> authorizedGroupIdList.contains(s.getId())) + .forEach(s -> s.setHosts(groupRel.get(s.getId()))); + } + // 构建树 + HostGroupTreeVO rootNode = HostGroupTreeVO.builder() + .id(Const.ROOT_PARENT_ID) + .sort(Const.DEFAULT_SORT) + .build(); + TreeUtils.buildGroupTree(rootNode, groupList); + return rootNode.getChildren(); + } + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetDataGrantServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetDataGrantServiceImpl.java new file mode 100644 index 00000000..52bb449e --- /dev/null +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/AssetDataGrantServiceImpl.java @@ -0,0 +1,142 @@ +package com.orion.ops.module.asset.service.impl; + +import com.orion.lang.utils.collect.Lists; +import com.orion.ops.framework.common.constant.ErrorMessage; +import com.orion.ops.framework.common.utils.Valid; +import com.orion.ops.module.asset.dao.HostIdentityDAO; +import com.orion.ops.module.asset.dao.HostKeyDAO; +import com.orion.ops.module.asset.entity.domain.HostIdentityDO; +import com.orion.ops.module.asset.entity.domain.HostKeyDO; +import com.orion.ops.module.asset.entity.request.asset.AssetDataGrantRequest; +import com.orion.ops.module.asset.service.AssetDataGrantService; +import com.orion.ops.module.infra.api.DataGroupApi; +import com.orion.ops.module.infra.api.DataPermissionApi; +import com.orion.ops.module.infra.api.SystemRoleApi; +import com.orion.ops.module.infra.api.SystemUserApi; +import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO; +import com.orion.ops.module.infra.entity.dto.data.DataPermissionUpdateDTO; +import com.orion.ops.module.infra.entity.dto.role.SystemRoleDTO; +import com.orion.ops.module.infra.entity.dto.user.SystemUserDTO; +import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; +import com.orion.spring.SpringHolder; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import javax.annotation.Resource; +import java.util.List; + +/** + * 资产模块 数据授权服务实现类 + * + * @author Jiahang Li + * @version 1.0.0 + * @since 2023/11/30 18:34 + */ +@Slf4j +@Service +public class AssetDataGrantServiceImpl implements AssetDataGrantService { + + @Resource + private DataPermissionApi dataPermissionApi; + + @Resource + private SystemRoleApi systemRoleApi; + + @Resource + private SystemUserApi systemUserApi; + + @Resource + private DataGroupApi dataGroupApi; + + @Resource + private HostKeyDAO hostKeyDAO; + + @Resource + private HostIdentityDAO hostIdentityDAO; + + @Override + @Transactional(rollbackFor = Exception.class) + public void grantHostGroup(AssetDataGrantRequest request) { + // 检查身份 + this.checkGrantIdentity(request); + // 检查数据是否存在 + List idList = request.getIdList(); + if (!Lists.isEmpty(idList)) { + List groupList = dataGroupApi.getByIdList(idList); + Valid.eq(groupList.size(), idList.size(), ErrorMessage.DATA_MODIFIED); + } + // 数据授权 + SpringHolder.getBean(AssetDataGrantService.class) + .grantData(DataPermissionTypeEnum.HOST_GROUP, request); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void grantHostKey(AssetDataGrantRequest request) { + // 检查身份 + this.checkGrantIdentity(request); + // 检查数据是否存在 + List idList = request.getIdList(); + if (!Lists.isEmpty(idList)) { + List keys = hostKeyDAO.selectBatchIds(idList); + Valid.eq(keys.size(), idList.size(), ErrorMessage.DATA_MODIFIED); + } + // 数据授权 + SpringHolder.getBean(AssetDataGrantService.class) + .grantData(DataPermissionTypeEnum.HOST_KEY, request); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void grantHostIdentity(AssetDataGrantRequest request) { + // 检查身份 + this.checkGrantIdentity(request); + // 检查数据是否存在 + List idList = request.getIdList(); + if (!Lists.isEmpty(idList)) { + List identities = hostIdentityDAO.selectBatchIds(idList); + Valid.eq(identities.size(), idList.size(), ErrorMessage.DATA_MODIFIED); + } + // 数据授权 + SpringHolder.getBean(AssetDataGrantService.class) + .grantData(DataPermissionTypeEnum.HOST_IDENTITY, request); + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void grantData(DataPermissionTypeEnum type, AssetDataGrantRequest request) { + // 授权 + DataPermissionUpdateDTO grant = DataPermissionUpdateDTO.builder() + .roleId(request.getRoleId()) + .userId(request.getUserId()) + .relIdList(request.getIdList()) + .build(); + dataPermissionApi.updateDataPermission(type, grant); + } + + /** + * 检查授权身份 + * + * @param request request + */ + private void checkGrantIdentity(AssetDataGrantRequest request) { + Long userId = request.getUserId(); + Long roleId = request.getRoleId(); + Valid.isTrue(userId != null || roleId != null); + if (userId != null) { + // 检测用户是否存在 + SystemUserDTO user = systemUserApi.getUserById(userId); + Valid.notNull(user, ErrorMessage.USER_ABSENT); + // TODO 日志查看 type name + } + if (roleId != null) { + // 检测角色是否存在 + SystemRoleDTO role = systemRoleApi.getRoleById(roleId); + Valid.notNull(role, ErrorMessage.ROLE_ABSENT); + // TODO 日志查看 type name + + } + } + +} diff --git a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostGroupServiceImpl.java b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostGroupServiceImpl.java index d56bf0bc..bdc6228e 100644 --- a/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostGroupServiceImpl.java +++ b/orion-ops-module-asset/orion-ops-module-asset-service/src/main/java/com/orion/ops/module/asset/service/impl/HostGroupServiceImpl.java @@ -1,25 +1,24 @@ package com.orion.ops.module.asset.service.impl; -import com.orion.lang.utils.collect.Lists; -import com.orion.ops.framework.common.constant.Const; -import com.orion.ops.framework.common.constant.ErrorMessage; -import com.orion.ops.framework.common.utils.TreeUtils; -import com.orion.ops.framework.common.utils.Valid; import com.orion.ops.module.asset.convert.HostGroupConvert; -import com.orion.ops.module.asset.entity.request.host.HostGroupGrantQueryRequest; -import com.orion.ops.module.asset.entity.request.host.HostGroupGrantRequest; import com.orion.ops.module.asset.entity.request.host.HostGroupRelUpdateRequest; import com.orion.ops.module.asset.entity.vo.HostGroupTreeVO; import com.orion.ops.module.asset.service.HostGroupService; -import com.orion.ops.module.infra.api.*; -import com.orion.ops.module.infra.entity.dto.data.*; +import com.orion.ops.module.infra.api.DataGroupApi; +import com.orion.ops.module.infra.api.DataGroupRelApi; +import com.orion.ops.module.infra.api.DataPermissionApi; +import com.orion.ops.module.infra.entity.dto.data.DataGroupCreateDTO; +import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO; +import com.orion.ops.module.infra.entity.dto.data.DataGroupMoveDTO; +import com.orion.ops.module.infra.entity.dto.data.DataGroupRenameDTO; import com.orion.ops.module.infra.enums.DataGroupTypeEnum; import com.orion.ops.module.infra.enums.DataPermissionTypeEnum; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import javax.annotation.Resource; -import java.util.*; +import java.util.List; +import java.util.Set; /** * 主机分组服务 实现类 @@ -40,12 +39,6 @@ public class HostGroupServiceImpl implements HostGroupService { @Resource private DataPermissionApi dataPermissionApi; - @Resource - private SystemRoleApi systemRoleApi; - - @Resource - private SystemUserApi systemUserApi; - @Override public Long createHostGroup(DataGroupCreateDTO request) { return dataGroupApi.createDataGroup(DataGroupTypeEnum.HOST, request); @@ -87,93 +80,4 @@ public class HostGroupServiceImpl implements HostGroupService { dataGroupRelApi.updateGroupRel(request.getGroupId(), request.getHostIdList()); } - @Override - public List getAuthorizedHostGroup(HostGroupGrantQueryRequest request) { - Long userId = request.getUserId(); - Long roleId = request.getRoleId(); - Valid.isTrue(userId != null || roleId != null); - if (userId != null) { - // 查询用户数据 - return dataPermissionApi.getRelIdListByUserId(DataPermissionTypeEnum.HOST_GROUP, userId); - } else { - // 查询角色数据 - return dataPermissionApi.getRelIdListByRoleId(DataPermissionTypeEnum.HOST_GROUP, roleId); - } - } - - @Override - public void grantHostGroup(HostGroupGrantRequest request) { - Long userId = request.getUserId(); - Long roleId = request.getRoleId(); - Valid.isTrue(userId != null || roleId != null); - if (userId != null) { - // 检测用户是否存在 - Valid.notNull(systemUserApi.getUserById(userId), ErrorMessage.USER_ABSENT); - } - if (roleId != null) { - // 检测角色是否存在 - Valid.notNull(systemRoleApi.getRoleById(roleId), ErrorMessage.ROLE_ABSENT); - } - // 授权 - DataPermissionUpdateDTO grant = DataPermissionUpdateDTO.builder() - .roleId(roleId) - .userId(userId) - .relIdList(request.getGroupIdList()) - .build(); - dataPermissionApi.updateDataPermission(DataPermissionTypeEnum.HOST_GROUP, grant); - } - - @Override - public List getUserAuthorizedHostGroup(Long userId) { - if (systemUserApi.isAdminUser(userId)) { - // 管理员查询所有 - return this.buildUserAuthorizedHostGroup(null); - } else { - // 其他用户查询授权的分组 - List authorizedGroupIdList = dataPermissionApi.getUserAuthorizedRelIdList(DataPermissionTypeEnum.HOST_GROUP, userId); - if (authorizedGroupIdList.isEmpty()) { - return Lists.empty(); - } - return this.buildUserAuthorizedHostGroup(authorizedGroupIdList); - } - } - - /** - * 构建授权的主机分组树 - * - * @param authorizedGroupIdList authorizedGroupIdList - * @return tree - */ - private List buildUserAuthorizedHostGroup(List authorizedGroupIdList) { - // 查询分组 - List dataGroup = dataGroupApi.getDataGroupList(DataGroupTypeEnum.HOST); - // 过滤分组 - if (!Lists.isEmpty(authorizedGroupIdList)) { - // 构建已授权的分组 - List relNodes = new ArrayList<>(); - TreeUtils.getAllNodes(dataGroup, authorizedGroupIdList, relNodes); - dataGroup = new ArrayList<>(new HashSet<>(relNodes)); - } - // 查询分组引用 - Map> groupRel = dataGroupRelApi.getGroupRelList(DataGroupTypeEnum.HOST); - // 设置组内数据 - List groupList = HostGroupConvert.MAPPER.toList(dataGroup); - if (Lists.isEmpty(authorizedGroupIdList)) { - // 设置全部数据 - groupList.forEach(s -> s.setHosts(groupRel.get(s.getId()))); - } else { - // 仅设置已授权的数据 - groupList.stream() - .filter(s -> authorizedGroupIdList.contains(s.getId())) - .forEach(s -> s.setHosts(groupRel.get(s.getId()))); - } - // 构建树 - HostGroupTreeVO rootNode = HostGroupTreeVO.builder() - .id(Const.ROOT_PARENT_ID) - .sort(Const.DEFAULT_SORT) - .build(); - TreeUtils.buildGroupTree(rootNode, groupList); - return rootNode.getChildren(); - } - } diff --git a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataGroupApi.java b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataGroupApi.java index f4d25b09..74158af2 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataGroupApi.java +++ b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/api/DataGroupApi.java @@ -58,6 +58,14 @@ public interface DataGroupApi { */ List getDataGroupTree(DataGroupTypeEnum type); + /** + * 通过 id 查询 + * + * @param idList idList + * @return rows + */ + List getByIdList(List idList); + /** * 删除数据分组 * diff --git a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java index 3cea4a06..98a8a102 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java +++ b/orion-ops-module-infra/orion-ops-module-infra-provider/src/main/java/com/orion/ops/module/infra/enums/DataPermissionTypeEnum.java @@ -19,6 +19,16 @@ public enum DataPermissionTypeEnum { */ HOST_GROUP(true), + /** + * 主机秘钥 + */ + HOST_KEY(true), + + /** + * 主机身份 + */ + HOST_IDENTITY(true), + ; /** diff --git a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataGroupApiImpl.java b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataGroupApiImpl.java index fb1ca671..f7dc6e24 100644 --- a/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataGroupApiImpl.java +++ b/orion-ops-module-infra/orion-ops-module-infra-service/src/main/java/com/orion/ops/module/infra/api/impl/DataGroupApiImpl.java @@ -3,6 +3,8 @@ package com.orion.ops.module.infra.api.impl; import com.orion.ops.framework.common.utils.Valid; import com.orion.ops.module.infra.api.DataGroupApi; import com.orion.ops.module.infra.convert.DataGroupProviderConvert; +import com.orion.ops.module.infra.dao.DataGroupDAO; +import com.orion.ops.module.infra.entity.domain.DataGroupDO; import com.orion.ops.module.infra.entity.dto.DataGroupCacheDTO; import com.orion.ops.module.infra.entity.dto.data.DataGroupCreateDTO; import com.orion.ops.module.infra.entity.dto.data.DataGroupDTO; @@ -18,6 +20,7 @@ import org.springframework.stereotype.Service; import javax.annotation.Resource; import java.util.List; +import java.util.stream.Collectors; /** * 数据分组 对外服务实现类 @@ -33,6 +36,9 @@ public class DataGroupApiImpl implements DataGroupApi { @Resource private DataGroupService dataGroupService; + @Resource + private DataGroupDAO dataGroupDAO; + @Override public Long createDataGroup(DataGroupTypeEnum type, DataGroupCreateDTO dto) { Valid.valid(dto); @@ -67,6 +73,14 @@ public class DataGroupApiImpl implements DataGroupApi { return DataGroupProviderConvert.MAPPER.toList(rows); } + @Override + public List getByIdList(List idList) { + List rows = dataGroupDAO.selectBatchIds(idList); + return rows.stream() + .map(DataGroupProviderConvert.MAPPER::to) + .collect(Collectors.toList()); + } + @Override public Integer deleteDataGroupById(Long id) { return dataGroupService.deleteDataGroupById(id);