feat：优化鉴权实体，增加用户权限标记

2021-12-05 11:59:47 +08:00 · 2021-12-05 11:59:47 +08:00 · 64ce96303b
parent d4d80d2d55
commit 64ce96303b
4 changed files with 20 additions and 27 deletions
--- a/flyfish-data/src/main/java/com/flyfish/framework/domain/po/Department.java
+++ b/flyfish-data/src/main/java/com/flyfish/framework/domain/po/Department.java
@ -17,6 +17,8 @@ import org.springframework.data.mongodb.core.mapping.Document;
@Builder
 public class Department extends TreeDomain<Department> {

+    public static final String PUBLIC = "public";
+
    /**
     * 默认选中
     */
--- a/flyfish-user/src/main/java/com/flyfish/framework/domain/AdminUserDetails.java
+++ b/flyfish-user/src/main/java/com/flyfish/framework/domain/AdminUserDetails.java
@ -35,17 +35,6 @@ public class AdminUserDetails implements UserDetails, IUser {
    private static final long serialVersionUID = -2441854985340378429L;

    private static final List<UserType> adminTypes = Arrays.asList(UserType.ADMIN, UserType.SUPER_ADMIN);
-
-
-    /**
-     * 判断是否是管理员
-     * @param user 用户
-     * @return 结果
-     */
-    public static boolean isAdmin(User user) {
-        return adminTypes.contains(user.getType());
-    }
-
    /**
     * 主键
     */
@ -58,74 +47,71 @@ public class AdminUserDetails implements UserDetails, IUser {
     * 名称
     */
    protected String name;
-
    /**
     * 用户类型
     */
    private UserType type;
-
    /**
     * 用户状态
     */
    private UserStatus status;
-
    /**
     * 冗余的电话号码
     */
    private String phone;
-
    /**
     * 用户名
     */
    private String username;
-
    /**
     * 密码
     */
    private String password;
-
    /**
     * 是否启用
     */
    private Boolean enable;
-
    /**
     * 能否登录移动端
     */
    private Boolean app;
-
    /**
     * 有效期
     */
    @JsonFormat(pattern = "yyyy-MM-dd")
    private Date validDate;
-
    /**
     * 可操作校区
     */
    private List<Department> departments;
-
    /**
     * 所属角色
     */
    private List<Role> roles;
-
    /**
     * 微信openId
     */
    private String openId;
-
    /**
     * 当前用户的鉴权标记
     */
    @Getter(AccessLevel.NONE)
    private String authority;
-
    /**
     * 查询冗余，标记用户信息
     */
    private Object detail;

+    /**
+     * 判断是否是管理员
+     *
+     * @param user 用户
+     * @return 结果
+     */
+    public static boolean isAdmin(User user) {
+        return adminTypes.contains(user.getType());
+    }
+
    @Override
    @JsonIgnore
    public Collection<? extends GrantedAuthority> getAuthorities() {
@ -161,7 +147,7 @@ public class AdminUserDetails implements UserDetails, IUser {
    }

    public String getAuthority() {
-        if (StringUtils.isBlank(authority)) {
+        if (StringUtils.isBlank(authority) && null != departments) {
            authority = departments.stream().findFirst().map(Domain::getId).orElse(null);
        }
        return authority;
--- a/flyfish-user/src/main/java/com/flyfish/framework/domain/authorized/AuthorizedDomain.java
+++ b/flyfish-user/src/main/java/com/flyfish/framework/domain/authorized/AuthorizedDomain.java
@ -2,11 +2,14 @@ package com.flyfish.framework.domain.authorized;

 import com.flyfish.framework.context.UserContext;
 import com.flyfish.framework.domain.base.AuditDomain;
+import com.flyfish.framework.domain.po.Department;
 import com.flyfish.framework.domain.po.User;
 import com.flyfish.framework.exception.biz.InvalidBusinessException;
 import lombok.Setter;
 import org.apache.commons.lang3.StringUtils;

+import javax.validation.constraints.NotBlank;
+
 /**
 * 带鉴权的实体，主要以部门隔绝
 */
@ -14,6 +17,7 @@ import org.apache.commons.lang3.StringUtils;
 public abstract class AuthorizedDomain extends AuditDomain {

    // 作用域id，一般是部门。用户存储时插入
+    @NotBlank(message = "请选择当前部")
    private String authorizeId;

    public String getAuthorizeId() {
@ -24,7 +28,7 @@ public abstract class AuthorizedDomain extends AuditDomain {
                    .map(UserContext::currentUser)
                    .map(User::getAuthority)
                    .filter(StringUtils::isNotBlank)
-                    .orElseThrow(() -> new InvalidBusinessException("您尚未选择所在部门！请确认您使用的部门身份！"));
+                    .orElse(Department.PUBLIC);
        }
    }
 }
--- a/flyfish-user/src/main/java/com/flyfish/framework/domain/authorized/AuthorizedQo.java
+++ b/flyfish-user/src/main/java/com/flyfish/framework/domain/authorized/AuthorizedQo.java
@ -8,6 +8,7 @@ import com.flyfish.framework.domain.po.User;
 import com.flyfish.framework.service.DepartmentService;
 import lombok.Getter;
 import lombok.Setter;
+import org.springframework.security.core.parameters.P;

 import java.util.Collections;
 import java.util.List;
@ -36,7 +37,7 @@ public abstract class AuthorizedQo<T extends AuthorizedDomain> extends NameLikeQ
                .map(User::getDepartments)
                .map(departs -> departs.stream().map(Department::getId).collect(Collectors.toList()))
                .map(this::getSubAuthorities)
-                .orElse(Collections.emptyList());
+                .orElse(Collections.singletonList(Department.PUBLIC));
    }

    @Override