mirror of
https://github.com/continew-org/continew-admin.git
synced 2025-09-08 12:57:13 +08:00
refactor: 梳理用户和角色体系,内置角色:超级管理员、租户管理员(系统管理员),且内置用户和角色不允许变更及分配
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
/*
|
||||
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.admin.auth.constant;
|
||||
|
||||
/**
|
||||
* 认证相关常量
|
||||
*
|
||||
* @author Charles7c
|
||||
* @since 2025/7/26 12:05
|
||||
*/
|
||||
public class AuthConstants {
|
||||
|
||||
/**
|
||||
* 登录 URI
|
||||
*/
|
||||
public static final String LOGIN_URI = "/auth/login";
|
||||
|
||||
/**
|
||||
* 登出 URI
|
||||
*/
|
||||
public static final String LOGOUT_URI = "/auth/logout";
|
||||
|
||||
private AuthConstants() {
|
||||
}
|
||||
}
|
||||
@@ -30,7 +30,7 @@ import top.continew.admin.auth.enums.AuthTypeEnum;
|
||||
import top.continew.admin.auth.model.req.AccountLoginReq;
|
||||
import top.continew.admin.auth.model.resp.LoginResp;
|
||||
import top.continew.admin.common.constant.CacheConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.constant.GlobalConstants;
|
||||
import top.continew.admin.common.util.SecureUtils;
|
||||
import top.continew.admin.system.enums.PasswordPolicyEnum;
|
||||
import top.continew.admin.system.model.entity.user.UserDO;
|
||||
@@ -78,7 +78,7 @@ public class AccountLoginHandler extends AbstractLoginHandler<AccountLoginReq> {
|
||||
super.preLogin(req, client, request);
|
||||
// 校验验证码
|
||||
int loginCaptchaEnabled = optionService.getValueByCode2Int("LOGIN_CAPTCHA_ENABLED");
|
||||
if (SysConstants.YES.equals(loginCaptchaEnabled)) {
|
||||
if (GlobalConstants.Boolean.YES.equals(loginCaptchaEnabled)) {
|
||||
ValidationUtils.throwIfBlank(req.getCaptcha(), "验证码不能为空");
|
||||
ValidationUtils.throwIfBlank(req.getUuid(), "验证码标识不能为空");
|
||||
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + req.getUuid();
|
||||
@@ -104,7 +104,7 @@ public class AccountLoginHandler extends AbstractLoginHandler<AccountLoginReq> {
|
||||
private void checkUserLocked(String username, HttpServletRequest request, boolean isError) {
|
||||
// 不锁定
|
||||
int maxErrorCount = optionService.getValueByCode2Int(PasswordPolicyEnum.PASSWORD_ERROR_LOCK_COUNT.name());
|
||||
if (maxErrorCount <= SysConstants.NO) {
|
||||
if (maxErrorCount <= GlobalConstants.Boolean.NO) {
|
||||
return;
|
||||
}
|
||||
// 检测是否已被锁定
|
||||
|
||||
@@ -38,9 +38,10 @@ import top.continew.admin.auth.enums.AuthTypeEnum;
|
||||
import top.continew.admin.auth.model.req.SocialLoginReq;
|
||||
import top.continew.admin.auth.model.resp.LoginResp;
|
||||
import top.continew.admin.common.constant.RegexConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.common.enums.GenderEnum;
|
||||
import top.continew.admin.common.enums.RoleCodeEnum;
|
||||
import top.continew.admin.system.constant.SystemConstants;
|
||||
import top.continew.admin.system.enums.MessageTemplateEnum;
|
||||
import top.continew.admin.system.enums.MessageTypeEnum;
|
||||
import top.continew.admin.system.model.entity.user.UserDO;
|
||||
@@ -107,11 +108,12 @@ public class SocialLoginHandler extends AbstractLoginHandler<SocialLoginReq> {
|
||||
user.setGender(GenderEnum.valueOf(authUser.getGender().name()));
|
||||
}
|
||||
user.setAvatar(authUser.getAvatar());
|
||||
user.setDeptId(SysConstants.SUPER_DEPT_ID);
|
||||
user.setDeptId(SystemConstants.SUPER_DEPT_ID);
|
||||
user.setStatus(DisEnableStatusEnum.ENABLE);
|
||||
userService.save(user);
|
||||
Long userId = user.getId();
|
||||
userRoleService.assignRolesToUser(Collections.singletonList(SysConstants.GENERAL_ROLE_ID), userId);
|
||||
userRoleService.assignRolesToUser(Collections.singletonList(roleService
|
||||
.getIdByCode(RoleCodeEnum.GENERAL_USER.getCode())), userId);
|
||||
userSocial = new UserSocialDO();
|
||||
userSocial.setUserId(userId);
|
||||
userSocial.setSource(source);
|
||||
|
||||
@@ -31,9 +31,9 @@ import top.continew.admin.auth.model.req.LoginReq;
|
||||
import top.continew.admin.auth.model.resp.LoginResp;
|
||||
import top.continew.admin.auth.model.resp.RouteResp;
|
||||
import top.continew.admin.auth.service.AuthService;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.context.RoleContext;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.system.constant.SystemConstants;
|
||||
import top.continew.admin.system.enums.MenuTypeEnum;
|
||||
import top.continew.admin.system.model.resp.ClientResp;
|
||||
import top.continew.admin.system.model.resp.MenuResp;
|
||||
@@ -93,8 +93,8 @@ public class AuthServiceImpl implements AuthService {
|
||||
}
|
||||
// 查询菜单列表
|
||||
Set<MenuResp> menuSet = new LinkedHashSet<>();
|
||||
if (roleSet.stream().anyMatch(r -> SysConstants.SUPER_ROLE_ID.equals(r.getId()))) {
|
||||
menuSet.addAll(menuService.listByRoleId(SysConstants.SUPER_ROLE_ID));
|
||||
if (roleSet.stream().anyMatch(r -> SystemConstants.SUPER_ADMIN_ROLE_ID.equals(r.getId()))) {
|
||||
menuSet.addAll(menuService.listByRoleId(SystemConstants.SUPER_ADMIN_ROLE_ID));
|
||||
} else {
|
||||
roleSet.forEach(r -> menuSet.addAll(menuService.listByRoleId(r.getId())));
|
||||
}
|
||||
|
||||
@@ -19,11 +19,8 @@ package top.continew.admin.system.api;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Service;
|
||||
import top.continew.admin.common.api.system.RoleApi;
|
||||
import top.continew.admin.system.model.entity.RoleDO;
|
||||
import top.continew.admin.system.service.RoleService;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
/**
|
||||
* 角色业务 API 实现
|
||||
*
|
||||
@@ -38,7 +35,7 @@ public class RoleApiImpl implements RoleApi {
|
||||
|
||||
@Override
|
||||
public Long getIdByCode(String code) {
|
||||
return Optional.ofNullable(baseService.getByCode(code)).map(RoleDO::getId).orElse(null);
|
||||
return baseService.getIdByCode(code);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -27,11 +27,12 @@ import org.springframework.transaction.annotation.Transactional;
|
||||
import top.continew.admin.common.api.tenant.PackageMenuApi;
|
||||
import top.continew.admin.common.api.tenant.TenantApi;
|
||||
import top.continew.admin.common.api.tenant.TenantDataApi;
|
||||
import top.continew.admin.common.constant.GlobalConstants;
|
||||
import top.continew.admin.common.constant.RegexConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.enums.DataScopeEnum;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.common.enums.GenderEnum;
|
||||
import top.continew.admin.common.enums.RoleCodeEnum;
|
||||
import top.continew.admin.common.model.dto.TenantDTO;
|
||||
import top.continew.admin.common.util.SecureUtils;
|
||||
import top.continew.admin.system.mapper.*;
|
||||
@@ -44,7 +45,7 @@ import top.continew.admin.system.model.entity.RoleDO;
|
||||
import top.continew.admin.system.model.entity.user.UserDO;
|
||||
import top.continew.admin.system.service.FileService;
|
||||
import top.continew.admin.system.service.RoleMenuService;
|
||||
import top.continew.admin.system.service.RoleService;
|
||||
import top.continew.admin.system.service.UserRoleService;
|
||||
import top.continew.starter.core.util.CollUtils;
|
||||
import top.continew.starter.core.util.ExceptionUtils;
|
||||
import top.continew.starter.core.util.validation.ValidationUtils;
|
||||
@@ -66,7 +67,7 @@ public class TenantDataApiForSystemImpl implements TenantDataApi {
|
||||
|
||||
private final PackageMenuApi packageMenuApi;
|
||||
private final TenantApi tenantApi;
|
||||
private final RoleService roleService;
|
||||
private final UserRoleService userRoleService;
|
||||
private final FileService fileService;
|
||||
private final RoleMenuService roleMenuService;
|
||||
private final DeptMapper deptMapper;
|
||||
@@ -97,7 +98,7 @@ public class TenantDataApiForSystemImpl implements TenantDataApi {
|
||||
// 初始化管理用户
|
||||
Long userId = this.initUserData(tenant, deptId);
|
||||
// 用户绑定角色
|
||||
roleService.assignToUsers(roleId, ListUtil.of(userId));
|
||||
userRoleService.assignRoleToUsers(roleId, ListUtil.of(userId));
|
||||
// 租户绑定用户
|
||||
tenantApi.bindAdminUser(tenantId, userId);
|
||||
});
|
||||
@@ -146,11 +147,12 @@ public class TenantDataApiForSystemImpl implements TenantDataApi {
|
||||
private Long initDeptData(TenantDTO tenant) {
|
||||
DeptDO dept = new DeptDO();
|
||||
dept.setName(tenant.getName());
|
||||
dept.setParentId(SysConstants.SUPER_PARENT_ID);
|
||||
dept.setAncestors("0");
|
||||
dept.setParentId(GlobalConstants.ROOT_PARENT_ID);
|
||||
dept.setAncestors(GlobalConstants.ROOT_PARENT_ID.toString());
|
||||
dept.setDescription("系统初始部门");
|
||||
dept.setSort(1);
|
||||
dept.setStatus(DisEnableStatusEnum.ENABLE);
|
||||
dept.setIsSystem(true);
|
||||
deptMapper.insert(dept);
|
||||
return dept.getId();
|
||||
}
|
||||
@@ -163,8 +165,9 @@ public class TenantDataApiForSystemImpl implements TenantDataApi {
|
||||
*/
|
||||
private Long initRoleData(TenantDTO tenant) {
|
||||
RoleDO role = new RoleDO();
|
||||
role.setName("系统管理员");
|
||||
role.setCode(SysConstants.TENANT_ADMIN_ROLE_CODE);
|
||||
RoleCodeEnum tenantAdmin = RoleCodeEnum.TENANT_ADMIN;
|
||||
role.setName(tenantAdmin.getDescription());
|
||||
role.setCode(tenantAdmin.getCode());
|
||||
role.setDataScope(DataScopeEnum.ALL);
|
||||
role.setDescription("系统初始角色");
|
||||
role.setSort(1);
|
||||
@@ -191,7 +194,7 @@ public class TenantDataApiForSystemImpl implements TenantDataApi {
|
||||
// 初始化用户
|
||||
UserDO user = new UserDO();
|
||||
user.setUsername(tenant.getUsername());
|
||||
user.setNickname("系统管理员");
|
||||
user.setNickname(RoleCodeEnum.TENANT_ADMIN.getDescription());
|
||||
user.setPassword(rawPassword);
|
||||
user.setGender(GenderEnum.UNKNOWN);
|
||||
user.setDescription("系统初始用户");
|
||||
|
||||
@@ -20,7 +20,7 @@ import cn.hutool.core.map.MapUtil;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.stereotype.Component;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.constant.GlobalConstants;
|
||||
import top.continew.admin.system.enums.OptionCategoryEnum;
|
||||
import top.continew.admin.system.service.OptionService;
|
||||
import top.continew.starter.messaging.mail.core.MailConfig;
|
||||
@@ -52,7 +52,7 @@ public class MailConfigurerImpl implements MailConfigurer {
|
||||
mailConfig.setPort(MapUtil.getInt(map, "MAIL_PORT"));
|
||||
mailConfig.setUsername(MapUtil.getStr(map, "MAIL_USERNAME"));
|
||||
mailConfig.setPassword(MapUtil.getStr(map, "MAIL_PASSWORD"));
|
||||
mailConfig.setSslEnabled(SysConstants.YES.equals(MapUtil.getInt(map, "MAIL_SSL_ENABLED")));
|
||||
mailConfig.setSslEnabled(GlobalConstants.Boolean.YES.equals(MapUtil.getInt(map, "MAIL_SSL_ENABLED")));
|
||||
if (mailConfig.isSslEnabled()) {
|
||||
mailConfig.setSslPort(MapUtil.getInt(map, "MAIL_SSL_PORT"));
|
||||
}
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
/*
|
||||
* Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package top.continew.admin.system.constant;
|
||||
|
||||
/**
|
||||
* 系统管理相关常量
|
||||
*
|
||||
* @author Charles7c
|
||||
* @since 2025/7/26 12:05
|
||||
*/
|
||||
public class SystemConstants {
|
||||
|
||||
/**
|
||||
* 超级管理员角色 ID(内置且仅有一位超级管理员用户)
|
||||
*/
|
||||
public static final Long SUPER_ADMIN_ROLE_ID = 1L;
|
||||
|
||||
/**
|
||||
* 顶级部门 ID
|
||||
*/
|
||||
public static final Long SUPER_DEPT_ID = 1L;
|
||||
|
||||
/**
|
||||
* 全部权限标识
|
||||
*/
|
||||
public static final String ALL_PERMISSION = "*:*:*";
|
||||
|
||||
private SystemConstants() {
|
||||
}
|
||||
}
|
||||
@@ -25,7 +25,7 @@ import cn.hutool.extra.spring.SpringUtil;
|
||||
import lombok.Getter;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import top.continew.admin.common.constant.RegexConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.constant.GlobalConstants;
|
||||
import top.continew.admin.system.model.entity.user.UserDO;
|
||||
import top.continew.admin.system.service.OptionService;
|
||||
import top.continew.admin.system.service.UserPasswordHistoryService;
|
||||
@@ -47,7 +47,7 @@ public enum PasswordPolicyEnum {
|
||||
/**
|
||||
* 密码错误锁定阈值
|
||||
*/
|
||||
PASSWORD_ERROR_LOCK_COUNT("密码错误锁定阈值取值范围为 %d-%d", SysConstants.NO, 10, "由于您连续 %s 次输入错误密码,账号已被锁定 %s 分钟,预计解锁时间为 %s,请稍后再试"),
|
||||
PASSWORD_ERROR_LOCK_COUNT("密码错误锁定阈值取值范围为 %d-%d", GlobalConstants.Boolean.NO, 10, "由于您连续 %s 次输入错误密码,账号已被锁定 %s 分钟,预计解锁时间为 %s,请稍后再试"),
|
||||
|
||||
/**
|
||||
* 账号锁定时长(分钟)
|
||||
@@ -57,12 +57,12 @@ public enum PasswordPolicyEnum {
|
||||
/**
|
||||
* 密码有效期(天)
|
||||
*/
|
||||
PASSWORD_EXPIRATION_DAYS("密码有效期取值范围为 %d-%d 天", SysConstants.NO, 999, null),
|
||||
PASSWORD_EXPIRATION_DAYS("密码有效期取值范围为 %d-%d 天", GlobalConstants.Boolean.NO, 999, null),
|
||||
|
||||
/**
|
||||
* 密码到期提醒(天)
|
||||
*/
|
||||
PASSWORD_EXPIRATION_WARNING_DAYS("密码到期提醒取值范围为 %d-%d 天", SysConstants.NO, 998, null) {
|
||||
PASSWORD_EXPIRATION_WARNING_DAYS("密码到期提醒取值范围为 %d-%d 天", GlobalConstants.Boolean.NO, 998, null) {
|
||||
@Override
|
||||
public void validateRange(int value, Map<String, String> policyMap) {
|
||||
if (CollUtil.isEmpty(policyMap)) {
|
||||
@@ -72,7 +72,7 @@ public enum PasswordPolicyEnum {
|
||||
Integer passwordExpirationDays = ObjectUtil.defaultIfNull(Convert.toInt(policyMap
|
||||
.get(PASSWORD_EXPIRATION_DAYS.name())), SpringUtil.getBean(OptionService.class)
|
||||
.getValueByCode2Int(PASSWORD_EXPIRATION_DAYS.name()));
|
||||
if (passwordExpirationDays > SysConstants.NO) {
|
||||
if (passwordExpirationDays > GlobalConstants.Boolean.NO) {
|
||||
ValidationUtils.throwIf(value >= passwordExpirationDays, "密码到期提醒时间应小于密码有效期");
|
||||
return;
|
||||
}
|
||||
@@ -98,16 +98,17 @@ public enum PasswordPolicyEnum {
|
||||
/**
|
||||
* 密码是否必须包含特殊字符
|
||||
*/
|
||||
PASSWORD_REQUIRE_SYMBOLS("密码是否必须包含特殊字符取值只能为是(%d)或否(%d)", SysConstants.NO, SysConstants.YES, "密码必须包含特殊字符") {
|
||||
PASSWORD_REQUIRE_SYMBOLS("密码是否必须包含特殊字符取值只能为是(%d)或否(%d)", GlobalConstants.Boolean.NO, GlobalConstants.Boolean.YES, "密码必须包含特殊字符") {
|
||||
@Override
|
||||
public void validateRange(int value, Map<String, String> policyMap) {
|
||||
ValidationUtils.throwIf(value != SysConstants.YES && value != SysConstants.NO, this.getDescription()
|
||||
.formatted(SysConstants.YES, SysConstants.NO));
|
||||
ValidationUtils.throwIf(value != GlobalConstants.Boolean.YES && value != GlobalConstants.Boolean.NO, this
|
||||
.getDescription()
|
||||
.formatted(GlobalConstants.Boolean.YES, GlobalConstants.Boolean.NO));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void validate(String password, int value, UserDO user) {
|
||||
ValidationUtils.throwIf(value == SysConstants.YES && !ReUtil
|
||||
ValidationUtils.throwIf(value == GlobalConstants.Boolean.YES && !ReUtil
|
||||
.isMatch(RegexConstants.SPECIAL_CHARACTER, password), this.getMsg());
|
||||
}
|
||||
},
|
||||
@@ -115,16 +116,17 @@ public enum PasswordPolicyEnum {
|
||||
/**
|
||||
* 密码是否允许包含用户名
|
||||
*/
|
||||
PASSWORD_ALLOW_CONTAIN_USERNAME("密码是否允许包含用户名取值只能为是(%d)或否(%d)", SysConstants.NO, SysConstants.YES, "密码不允许包含正反序用户名") {
|
||||
PASSWORD_ALLOW_CONTAIN_USERNAME("密码是否允许包含用户名取值只能为是(%d)或否(%d)", GlobalConstants.Boolean.NO, GlobalConstants.Boolean.YES, "密码不允许包含正反序用户名") {
|
||||
@Override
|
||||
public void validateRange(int value, Map<String, String> policyMap) {
|
||||
ValidationUtils.throwIf(value != SysConstants.YES && value != SysConstants.NO, this.getDescription()
|
||||
.formatted(SysConstants.YES, SysConstants.NO));
|
||||
ValidationUtils.throwIf(value != GlobalConstants.Boolean.YES && value != GlobalConstants.Boolean.NO, this
|
||||
.getDescription()
|
||||
.formatted(GlobalConstants.Boolean.YES, GlobalConstants.Boolean.NO));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void validate(String password, int value, UserDO user) {
|
||||
if (value <= SysConstants.NO) {
|
||||
if (value <= GlobalConstants.Boolean.NO) {
|
||||
String username = user.getUsername();
|
||||
ValidationUtils.throwIf(StrUtil.containsAnyIgnoreCase(password, username, StrUtil
|
||||
.reverse(username)), this.getMsg());
|
||||
|
||||
@@ -20,7 +20,7 @@ import com.baomidou.mybatisplus.annotation.FieldStrategy;
|
||||
import com.baomidou.mybatisplus.annotation.TableField;
|
||||
import com.baomidou.mybatisplus.annotation.TableName;
|
||||
import lombok.Data;
|
||||
import top.continew.admin.common.base.model.entity.TenantBaseDO;
|
||||
import top.continew.admin.common.base.model.entity.BaseDO;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.common.enums.GenderEnum;
|
||||
import top.continew.starter.extension.crud.annotation.DictModel;
|
||||
@@ -39,7 +39,7 @@ import java.time.LocalDateTime;
|
||||
@Data
|
||||
@DictModel(labelKey = "nickname", extraKeys = {"username"})
|
||||
@TableName("sys_user")
|
||||
public class UserDO extends TenantBaseDO {
|
||||
public class UserDO extends BaseDO {
|
||||
|
||||
@Serial
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@@ -61,7 +61,7 @@ public class MenuQuery implements Serializable {
|
||||
/**
|
||||
* 排除的菜单 ID 列表
|
||||
*/
|
||||
@Schema(hidden = true, description = "菜单 ID 列表", example = "[9000]")
|
||||
@Schema(hidden = true, description = "排除的菜单 ID 列表", example = "[9000]")
|
||||
@Query(columns = "id", type = QueryType.NOT_IN)
|
||||
private List<Long> excludeMenuIdList;
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ import top.continew.starter.data.enums.QueryType;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* 角色查询条件
|
||||
@@ -43,4 +44,11 @@ public class RoleQuery implements Serializable {
|
||||
@Schema(description = "关键词", example = "测试人员")
|
||||
@Query(columns = {"name", "code", "description"}, type = QueryType.LIKE)
|
||||
private String description;
|
||||
|
||||
/**
|
||||
* 排除的编码列表
|
||||
*/
|
||||
@Schema(description = "排除的编码列表", example = "[super_admin,tenant_admin]")
|
||||
@Query(columns = "code", type = QueryType.NOT_IN)
|
||||
private List<String> excludeRoleCodes;
|
||||
}
|
||||
|
||||
@@ -23,14 +23,12 @@ import cn.crane4j.core.executor.handler.OneToManyAssembleOperationHandler;
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import lombok.Data;
|
||||
import top.continew.admin.common.constant.ContainerConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.common.enums.GenderEnum;
|
||||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* 角色关联用户响应参数
|
||||
@@ -126,6 +124,6 @@ public class RoleUserResp implements Serializable {
|
||||
private List<String> roleNames;
|
||||
|
||||
public Boolean getDisabled() {
|
||||
return this.getIsSystem() && Objects.equals(roleId, SysConstants.SUPER_ROLE_ID);
|
||||
return this.getIsSystem();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -85,12 +85,12 @@ public interface RoleService extends BaseService<RoleResp, RoleDetailResp, RoleQ
|
||||
Set<RoleContext> listByUserId(Long userId);
|
||||
|
||||
/**
|
||||
* 根据角色编码查询
|
||||
* 根据编码查询 ID
|
||||
*
|
||||
* @param code 角色编码
|
||||
* @return 角色信息
|
||||
* @param code 编码
|
||||
* @return ID
|
||||
*/
|
||||
RoleDO getByCode(String code);
|
||||
Long getIdByCode(String code);
|
||||
|
||||
/**
|
||||
* 根据角色名称查询
|
||||
|
||||
@@ -28,12 +28,12 @@ import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import top.continew.admin.common.base.service.BaseServiceImpl;
|
||||
import top.continew.admin.common.constant.CacheConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.common.enums.RoleCodeEnum;
|
||||
import top.continew.admin.system.constant.SystemConstants;
|
||||
import top.continew.admin.system.enums.MenuTypeEnum;
|
||||
import top.continew.admin.system.mapper.MenuMapper;
|
||||
import top.continew.admin.system.model.entity.MenuDO;
|
||||
import top.continew.admin.system.model.entity.RoleDO;
|
||||
import top.continew.admin.system.model.query.MenuQuery;
|
||||
import top.continew.admin.system.model.req.MenuReq;
|
||||
import top.continew.admin.system.model.resp.MenuResp;
|
||||
@@ -113,7 +113,7 @@ public class MenuServiceImpl extends BaseServiceImpl<MenuMapper, MenuDO, MenuRes
|
||||
@Override
|
||||
@Cached(key = "#roleId", name = CacheConstants.ROLE_MENU_KEY_PREFIX)
|
||||
public List<MenuResp> listByRoleId(Long roleId) {
|
||||
if (SysConstants.SUPER_ROLE_ID.equals(roleId)) {
|
||||
if (SystemConstants.SUPER_ADMIN_ROLE_ID.equals(roleId)) {
|
||||
return super.list(new MenuQuery(DisEnableStatusEnum.ENABLE), null);
|
||||
}
|
||||
List<MenuDO> menuList = baseMapper.selectListByRoleId(roleId);
|
||||
@@ -124,9 +124,9 @@ public class MenuServiceImpl extends BaseServiceImpl<MenuMapper, MenuDO, MenuRes
|
||||
|
||||
@Override
|
||||
public List<Long> listExcludeTenantMenu() {
|
||||
RoleDO role = roleService.getByCode(SysConstants.TENANT_ADMIN_ROLE_CODE);
|
||||
Long roleId = roleService.getIdByCode(RoleCodeEnum.TENANT_ADMIN.getCode());
|
||||
List<Long> allMenuIdList = CollUtils.mapToList(super.list(), MenuDO::getId);
|
||||
List<Long> menuIdList = CollUtils.mapToList(baseMapper.selectListByRoleId(role.getId()), MenuDO::getId);
|
||||
List<Long> menuIdList = CollUtils.mapToList(baseMapper.selectListByRoleId(roleId), MenuDO::getId);
|
||||
return CollUtil.disjunction(allMenuIdList, menuIdList).stream().toList();
|
||||
}
|
||||
|
||||
|
||||
@@ -26,11 +26,12 @@ import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import top.continew.admin.common.base.service.BaseServiceImpl;
|
||||
import top.continew.admin.common.constant.CacheConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.context.RoleContext;
|
||||
import top.continew.admin.common.context.UserContext;
|
||||
import top.continew.admin.common.context.UserContextHolder;
|
||||
import top.continew.admin.common.enums.DataScopeEnum;
|
||||
import top.continew.admin.common.enums.RoleCodeEnum;
|
||||
import top.continew.admin.system.constant.SystemConstants;
|
||||
import top.continew.admin.system.mapper.RoleMapper;
|
||||
import top.continew.admin.system.model.entity.RoleDO;
|
||||
import top.continew.admin.system.model.query.RoleQuery;
|
||||
@@ -42,6 +43,8 @@ import top.continew.admin.system.model.resp.role.RoleResp;
|
||||
import top.continew.admin.system.service.*;
|
||||
import top.continew.starter.core.util.CollUtils;
|
||||
import top.continew.starter.core.util.validation.CheckUtils;
|
||||
import top.continew.starter.extension.crud.model.query.SortQuery;
|
||||
import top.continew.starter.extension.crud.model.resp.LabelValueResp;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
@@ -60,9 +63,10 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
|
||||
@Resource
|
||||
private MenuService menuService;
|
||||
@Resource
|
||||
private UserRoleService userRoleService;
|
||||
private final RoleMenuService roleMenuService;
|
||||
private final RoleDeptService roleDeptService;
|
||||
private final UserRoleService userRoleService;
|
||||
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
@@ -70,8 +74,8 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
this.checkNameRepeat(req.getName(), null);
|
||||
String code = req.getCode();
|
||||
this.checkCodeRepeat(code, null);
|
||||
// 防止租户添加超管
|
||||
CheckUtils.throwIfEqual(SysConstants.SUPER_ROLE_CODE, code, "编码 [{}] 禁止使用", code);
|
||||
// 防止租户添加超级管理员
|
||||
CheckUtils.throwIfEqual(RoleCodeEnum.SUPER_ADMIN.getCode(), code, "编码 [{}] 禁止使用", code);
|
||||
// 新增信息
|
||||
Long roleId = super.create(req);
|
||||
// 保存角色和部门关联
|
||||
@@ -91,7 +95,7 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
}
|
||||
// 更新信息
|
||||
super.update(req, id);
|
||||
if (SysConstants.SUPER_ROLE_CODE.equals(req.getCode())) {
|
||||
if (RoleCodeEnum.isSuperRoleCode(req.getCode())) {
|
||||
return;
|
||||
}
|
||||
// 保存角色和部门关联
|
||||
@@ -129,11 +133,18 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<LabelValueResp> listDict(RoleQuery query, SortQuery sortQuery) {
|
||||
query.setExcludeRoleCodes(RoleCodeEnum.getSuperRoleCodes());
|
||||
return super.listDict(query, sortQuery);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
@CacheInvalidate(key = "#id", name = CacheConstants.ROLE_MENU_KEY_PREFIX)
|
||||
public void updatePermission(Long id, RoleUpdatePermissionReq req) {
|
||||
super.getById(id);
|
||||
RoleDO role = super.getById(id);
|
||||
CheckUtils.throwIf(Boolean.TRUE.equals(role.getIsSystem()), "[{}] 是系统内置角色,不允许修改角色功能权限", role.getName());
|
||||
// 保存角色和菜单关联
|
||||
boolean isSaveMenuSuccess = roleMenuService.add(req.getMenuIds(), id);
|
||||
// 如果功能权限有变更,则更新在线用户权限信息
|
||||
@@ -148,7 +159,8 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
|
||||
@Override
|
||||
public void assignToUsers(Long id, List<Long> userIds) {
|
||||
super.getById(id);
|
||||
RoleDO role = super.getById(id);
|
||||
CheckUtils.throwIf(Boolean.TRUE.equals(role.getIsSystem()), "[{}] 是系统内置角色,不允许分配角色给其他用户", role.getName());
|
||||
// 保存用户和角色关联
|
||||
userRoleService.assignRoleToUsers(id, userIds);
|
||||
// 更新用户上下文
|
||||
@@ -172,8 +184,8 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
public Set<String> listPermissionByUserId(Long userId) {
|
||||
Set<String> roleCodeSet = this.listCodeByUserId(userId);
|
||||
// 超级管理员赋予全部权限
|
||||
if (roleCodeSet.contains(SysConstants.SUPER_ROLE_CODE)) {
|
||||
return CollUtil.newHashSet(SysConstants.ALL_PERMISSION);
|
||||
if (roleCodeSet.contains(RoleCodeEnum.SUPER_ADMIN.getCode())) {
|
||||
return CollUtil.newHashSet(SystemConstants.ALL_PERMISSION);
|
||||
}
|
||||
return menuService.listPermissionByUserId(userId);
|
||||
}
|
||||
@@ -202,8 +214,8 @@ public class RoleServiceImpl extends BaseServiceImpl<RoleMapper, RoleDO, RoleRes
|
||||
}
|
||||
|
||||
@Override
|
||||
public RoleDO getByCode(String code) {
|
||||
return baseMapper.lambdaQuery().eq(RoleDO::getCode, code).one();
|
||||
public Long getIdByCode(String code) {
|
||||
return baseMapper.lambdaQuery().eq(RoleDO::getCode, code).oneOpt().map(RoleDO::getId).orElse(null);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -22,14 +22,19 @@ import cn.hutool.core.util.StrUtil;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
|
||||
import jakarta.annotation.Resource;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.context.annotation.Lazy;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.context.RoleContext;
|
||||
import top.continew.admin.common.enums.RoleCodeEnum;
|
||||
import top.continew.admin.system.constant.SystemConstants;
|
||||
import top.continew.admin.system.mapper.UserRoleMapper;
|
||||
import top.continew.admin.system.model.entity.UserRoleDO;
|
||||
import top.continew.admin.system.model.query.RoleUserQuery;
|
||||
import top.continew.admin.system.model.resp.role.RoleUserResp;
|
||||
import top.continew.admin.system.service.RoleService;
|
||||
import top.continew.admin.system.service.UserRoleService;
|
||||
import top.continew.starter.core.util.CollUtils;
|
||||
import top.continew.starter.core.util.validation.CheckUtils;
|
||||
@@ -38,6 +43,7 @@ import top.continew.starter.extension.crud.model.query.PageQuery;
|
||||
import top.continew.starter.extension.crud.model.resp.PageResp;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* 用户和角色业务实现
|
||||
@@ -50,6 +56,9 @@ import java.util.List;
|
||||
public class UserRoleServiceImpl implements UserRoleService {
|
||||
|
||||
private final UserRoleMapper baseMapper;
|
||||
@Lazy
|
||||
@Resource
|
||||
private RoleService roleService;
|
||||
|
||||
@Override
|
||||
@AutoOperate(type = RoleUserResp.class, on = "list")
|
||||
@@ -70,6 +79,10 @@ public class UserRoleServiceImpl implements UserRoleService {
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public boolean assignRolesToUser(List<Long> roleIds, Long userId) {
|
||||
// 超级管理员和租户管理员角色不允许分配
|
||||
CheckUtils.throwIf(roleIds.contains(SystemConstants.SUPER_ADMIN_ROLE_ID), "不允许分配超级管理员角色");
|
||||
Set<String> roleCodeSet = CollUtils.mapToSet(roleService.listByUserId(userId), RoleContext::getCode);
|
||||
CheckUtils.throwIf(roleCodeSet.contains(RoleCodeEnum.TENANT_ADMIN.getCode()), "不允许分配系统管理员角色");
|
||||
// 检查是否有变更
|
||||
List<Long> oldRoleIdList = baseMapper.lambdaQuery()
|
||||
.select(UserRoleDO::getRoleId)
|
||||
@@ -81,8 +94,6 @@ public class UserRoleServiceImpl implements UserRoleService {
|
||||
if (CollUtil.isEmpty(CollUtil.disjunction(roleIds, oldRoleIdList))) {
|
||||
return false;
|
||||
}
|
||||
CheckUtils.throwIf(SysConstants.SUPER_USER_ID.equals(userId) && !roleIds
|
||||
.contains(SysConstants.SUPER_ROLE_ID), "不允许变更超管用户角色");
|
||||
// 删除原有关联
|
||||
baseMapper.lambdaUpdate().eq(UserRoleDO::getUserId, userId).remove();
|
||||
// 保存最新关联
|
||||
|
||||
@@ -55,11 +55,11 @@ import org.springframework.web.multipart.MultipartFile;
|
||||
import top.continew.admin.auth.service.OnlineUserService;
|
||||
import top.continew.admin.common.base.service.BaseServiceImpl;
|
||||
import top.continew.admin.common.constant.CacheConstants;
|
||||
import top.continew.admin.common.constant.SysConstants;
|
||||
import top.continew.admin.common.context.UserContext;
|
||||
import top.continew.admin.common.context.UserContextHolder;
|
||||
import top.continew.admin.common.enums.DisEnableStatusEnum;
|
||||
import top.continew.admin.common.enums.GenderEnum;
|
||||
import top.continew.admin.system.constant.SystemConstants;
|
||||
import top.continew.admin.system.enums.OptionCategoryEnum;
|
||||
import top.continew.admin.system.mapper.user.UserMapper;
|
||||
import top.continew.admin.system.model.entity.DeptDO;
|
||||
@@ -510,7 +510,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
|
||||
.eq(status != null, "t1.status", status)
|
||||
.between(CollUtil.isNotEmpty(createTimeList), "t1.create_time", CollUtil.getFirst(createTimeList), CollUtil
|
||||
.getLast(createTimeList))
|
||||
.and(deptId != null && !SysConstants.SUPER_DEPT_ID.equals(deptId), q -> {
|
||||
.and(deptId != null && !SystemConstants.SUPER_DEPT_ID.equals(deptId), q -> {
|
||||
List<Long> deptIdList = CollUtils.mapToList(deptService.listChildren(deptId), DeptDO::getId);
|
||||
deptIdList.add(deptId);
|
||||
q.in("t1.dept_id", deptIdList);
|
||||
|
||||
Reference in New Issue
Block a user