更新portal相关功能

gly-base-core/src/main/java/cn/com/taiji/core/repo/jpa/user/UserPermRepo.java

 
 import cn.com.taiji.common.repo.jpa.AbstractJpaRepo;
 import cn.com.taiji.core.entity.dict.user.RbacStatus;
-import cn.com.taiji.core.entity.user.UserMenu;
 import cn.com.taiji.core.entity.user.UserPerm;
 import org.springframework.data.jpa.repository.Query;
 
     @Query(value = " from UserPerm where status='ENABLE' and id in ( select permId from UserRoleMenuPerm where roleId in (?1)) ")
     List<UserPerm> listBy(List<String> roleIds);
 
+    @Query(value = " from UserPerm where status='ENABLE' and id in ( select permId from UserRoleMenuPerm where roleId in (?1) and menuId=?2) ")
+    List<UserPerm> listBy(List<String> roleIds, String menuId);
+
 }

zhywpt-app-userw/src/main/java/cn/com/taiji/userw/api/rbac/RabcSystemTypeController.java

 import cn.com.taiji.userw.api.MyValidController;
 import cn.com.taiji.userw.dto.rbac.*;
 import cn.com.taiji.userw.manager.rbac.RbacMenuManger;
+import cn.com.taiji.userw.manager.rbac.RbacPermManager;
 import cn.com.taiji.userw.manager.rbac.RbacSystemTypeManager;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
+import javax.validation.Valid;
 
 /**
  * @Author ChenChao
     @Resource
     private RbacMenuManger rbacMenuManger;
     @Resource
+    private RbacPermManager rbacPermManger;
+    @Resource
     private RbacSystemTypeManager rbacSystemTypeManager;
 
     @ApiOperation(value = "根据系统类型获取菜单列表")
     @ApiOperation(value = "根据系统类别获取所属系统列表")
     @PostMapping(value = "/systemTypeByAccountRole")
     public ApiResponse<RbacSystemTypeByOpenIdResponseDTO> systemTypeByAccountRole(@RequestBody RbacSystemTypeByOpenIdRequestDTO dto) throws ServiceHandleException {
-        return ApiResponse.of(rbacSystemTypeManager.systemTypeByOpneId(dto)).setMessage("获取小程序系统下的所有角色成功");
+        return ApiResponse.of(rbacSystemTypeManager.systemTypeByOpneId(dto)).setMessage("操作成功");
     }
 
     @ApiOperation(value = "根据系统类型和openId获取菜单列表")
     @PostMapping(value = "/menuListBySystemTypeAndOpenId")
     public ApiResponse<RbacMenuListBySystemTypeAndOpenIdResponseDTO> systemTypeByAccountRole(@RequestBody RbacMenuListBySystemTypeAndOpenIdRequestDTO dto) throws ServiceHandleException {
-        return ApiResponse.of(rbacMenuManger.menuListBySystemTypeAndOpenId(dto)).setMessage("获取小程序系统下的所有角色成功");
+        return ApiResponse.of(rbacMenuManger.menuListBySystemTypeAndOpenId(dto)).setMessage("操作成功");
+    }
+
+    @ApiOperation(value = "根据openId和菜单id，获取用户在该菜单下的权限标识")
+    @PostMapping(value = "/permsByOpenIdAndMenuId")
+    public ApiResponse<RbacPermListByOpenIdAndMenuIdResponseDTO> permsByOpenIdAndMenuId(@Valid @RequestBody RbacPermListByOpenIdAndMenuIdRequestDTO dto) throws ManagerException {
+        RbacPermListByOpenIdAndMenuIdResponseDTO res = rbacPermManger.listByOpenIdAndMenuId(dto);
+        return ApiResponse.of(res).setMessage("操作成功");
     }
 
 }

zhywpt-app-userw/src/main/java/cn/com/taiji/userw/dto/rbac/RbacPermListByOpenIdAndMenuIdRequestDTO.java

+package cn.com.taiji.userw.dto.rbac;
+
+import cn.com.taiji.core.dto.AbstractBizRequestDTO;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+
+import javax.validation.constraints.NotBlank;
+
+@Getter
+@Setter
+@Accessors(chain = true)
+public class RbacPermListByOpenIdAndMenuIdRequestDTO extends AbstractBizRequestDTO {
+    @NotBlank(message = "菜单id不能为空")
+    private String menuId;
+}

zhywpt-app-userw/src/main/java/cn/com/taiji/userw/dto/rbac/RbacPermListByOpenIdAndMenuIdResponseDTO.java

+package cn.com.taiji.userw.dto.rbac;
+
+import cn.com.taiji.common.model.BaseModel;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+
+import java.util.List;
+
+@Getter
+@Setter
+@Accessors(chain = true)
+public class RbacPermListByOpenIdAndMenuIdResponseDTO extends BaseModel {
+    private List<String> data;
+}

zhywpt-app-userw/src/main/java/cn/com/taiji/userw/manager/rbac/RbacMenuMangerImpl.java

 @Service
 public class RbacMenuMangerImpl extends RedisCacheManager implements RbacMenuManger {
 
-    private final static String appBaseRoleId = "d1eb3eebfac846d39aea7d39aea7s365";
-    private final static String miniProgramBaseRoleId = "d1eb3eebfac846d39aea7d39aea7s124";
-    private final static String zfbMiniProgramBaseRoleId = "7acb029592c84738a8f509af6e179ffc";
+    private final String appBaseRoleId = "d1eb3eebfac846d39aea7d39aea7s365";
+    private final String miniProgramBaseRoleId = "d1eb3eebfac846d39aea7d39aea7s124";
+    private final String zfbMiniProgramBaseRoleId = "7acb029592c84738a8f509af6e179ffc";
 
     @Resource
     private AccountUserRoleRepo accountUserRoleRepo;

zhywpt-app-userw/src/main/java/cn/com/taiji/userw/manager/rbac/RbacPermManager.java

+package cn.com.taiji.userw.manager.rbac;
+
+import cn.com.taiji.common.manager.net.http.ServiceHandleException;
+import cn.com.taiji.userw.dto.rbac.RbacPermListByOpenIdAndMenuIdRequestDTO;
+import cn.com.taiji.userw.dto.rbac.RbacPermListByOpenIdAndMenuIdResponseDTO;
+
+public interface RbacPermManager {
+    RbacPermListByOpenIdAndMenuIdResponseDTO listByOpenIdAndMenuId(RbacPermListByOpenIdAndMenuIdRequestDTO dto) throws ServiceHandleException;
+}

zhywpt-app-userw/src/main/java/cn/com/taiji/userw/manager/rbac/RbacPermManagerImpl.java

+package cn.com.taiji.userw.manager.rbac;
+
+import cn.com.taiji.common.manager.net.http.ServiceHandleException;
+import cn.com.taiji.core.entity.dict.basic.SourceType;
+import cn.com.taiji.core.entity.dict.user.SystemType;
+import cn.com.taiji.core.entity.user.UserMenu;
+import cn.com.taiji.core.entity.user.UserPerm;
+import cn.com.taiji.core.manager.cache.RedisCacheManager;
+import cn.com.taiji.core.model.comm.protocol.valid.GlyServiceError;
+import cn.com.taiji.core.repo.jpa.user.AccountUserRoleRepo;
+import cn.com.taiji.core.repo.jpa.user.UserMenuRepo;
+import cn.com.taiji.core.repo.jpa.user.UserPermRepo;
+import cn.com.taiji.userw.dto.rbac.RbacPermListByOpenIdAndMenuIdRequestDTO;
+import cn.com.taiji.userw.dto.rbac.RbacPermListByOpenIdAndMenuIdResponseDTO;
+import com.google.common.collect.Lists;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+import java.util.List;
+import java.util.stream.Collectors;
+
+@Service
+public class RbacPermManagerImpl extends RedisCacheManager implements RbacPermManager {
+    private final String appBaseRoleId = "d1eb3eebfac846d39aea7d39aea7s365";
+    private final String miniProgramBaseRoleId = "d1eb3eebfac846d39aea7d39aea7s124";
+    private final String zfbMiniProgramBaseRoleId = "7acb029592c84738a8f509af6e179ffc";
+
+    @Resource
+    private AccountUserRoleRepo accountUserRoleRepo;
+    @Resource
+    private UserMenuRepo userMenuRepo;
+    @Resource
+    private UserPermRepo userPermRepo;
+
+    @Override
+    public RbacPermListByOpenIdAndMenuIdResponseDTO listByOpenIdAndMenuId(RbacPermListByOpenIdAndMenuIdRequestDTO dto) throws ServiceHandleException {
+        String openId = findOpenIdByToken(dto.getAccessToken());
+        UserMenu menu = userMenuRepo.findMenuById(dto.getMenuId());
+        if (menu == null) throw GlyServiceError.BUSINESS_VALIDATE_ERR.toHandleException("菜单不存在");
+        SourceType loginSource = SourceType.findByCode(dto.getLoginSource());
+        if (loginSource == null) throw GlyServiceError.BUSINESS_VALIDATE_ERR.toHandleException("来源错误");
+        if (!isMatch(loginSource, menu.getSystemType()))
+            throw GlyServiceError.BUSINESS_VALIDATE_ERR.toHandleException("登录来源方与菜单所属系统不匹配，请核实入参！");
+        List<String> roleIds = accountUserRoleRepo.findRoleByOpenIdAndSystemType(openId, menu.getSystemType());
+        if (isEmpty(roleIds))
+            throw GlyServiceError.BUSINESS_VALIDATE_ERR.toHandleException("该账号在该系统中没有分配角色，无法访问该系统！");
+        if (loginSource == SourceType.SERVICE_HALL) roleIds.add(appBaseRoleId);// APP
+        if (loginSource == SourceType.WECHAT) roleIds.add(miniProgramBaseRoleId);// 微信小程序
+        if (loginSource == SourceType.ALI) roleIds.add(zfbMiniProgramBaseRoleId);// 支付宝小程序
+        if (loginSource == SourceType.WEB && roleIds.size() > 1)
+            throw GlyServiceError.BUSINESS_VALIDATE_ERR.toHandleException("该账号在一个系统中只能分配一个角色，该账户在该系统中分配了多个角色，暂时无法访问，请联系管理员处理！");
+        List<UserPerm> perms = userPermRepo.listBy(roleIds, menu.getId());
+        List<String> permIdentitys = perms.stream().map(UserPerm::getPermIdentity).distinct().collect(Collectors.toList());
+        RbacPermListByOpenIdAndMenuIdResponseDTO res = new RbacPermListByOpenIdAndMenuIdResponseDTO();
+        res.setData(permIdentitys);
+        return res;
+    }
+
+    private boolean isMatch(SourceType loginSource, SystemType systemType) {
+        switch (loginSource) {
+            case SERVICE_HALL:
+                return systemType == SystemType.APP;
+            case ALI:
+                return systemType == SystemType.ZFB_MINI_PROGRAM;
+            case WECHAT:
+                return systemType == SystemType.MINI_PROGRAM;
+            case WEB:
+                return !Lists.newArrayList(SystemType.APP, SystemType.ZFB_MINI_PROGRAM, SystemType.MINI_PROGRAM).contains(systemType);
+            default:
+                return false;
+        }
+    }
+
+}