mirror of
https://github.com/PowerJob/PowerJob.git
synced 2025-07-17 00:00:04 +08:00
feat: [auth] global admins
This commit is contained in:
tjq
parent
686189e6ca
commit
7b7582dd91
@ -1,25 +1,24 @@
|
||||
package tech.powerjob.server.web.controller;
|
||||
|
||||
import com.google.common.collect.Maps;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import tech.powerjob.common.response.ResultDTO;
|
||||
import tech.powerjob.common.serialize.JsonUtils;
|
||||
import tech.powerjob.server.auth.*;
|
||||
import tech.powerjob.common.utils.CollectionUtils;
|
||||
import tech.powerjob.server.auth.Permission;
|
||||
import tech.powerjob.server.auth.PowerJobUser;
|
||||
import tech.powerjob.server.auth.RoleScope;
|
||||
import tech.powerjob.server.auth.common.AuthConstants;
|
||||
import tech.powerjob.server.auth.interceptor.ApiPermission;
|
||||
import tech.powerjob.server.auth.login.LoginTypeInfo;
|
||||
import tech.powerjob.server.auth.service.WebAuthService;
|
||||
import tech.powerjob.server.auth.service.login.LoginRequest;
|
||||
import tech.powerjob.server.auth.service.login.PowerJobLoginService;
|
||||
import tech.powerjob.server.auth.service.permission.PowerJobPermissionService;
|
||||
import tech.powerjob.server.web.request.GrantPermissionRequest;
|
||||
import tech.powerjob.server.web.request.ComponentUserRoleInfo;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
/**
|
||||
@ -33,9 +32,9 @@ import java.util.Optional;
|
||||
public class AuthController {
|
||||
|
||||
@Resource
|
||||
private PowerJobLoginService powerJobLoginService;
|
||||
private WebAuthService webAuthService;
|
||||
@Resource
|
||||
private PowerJobPermissionService powerJobPermissionService;
|
||||
private PowerJobLoginService powerJobLoginService;
|
||||
|
||||
@GetMapping("/supportLoginTypes")
|
||||
public ResultDTO<List<LoginTypeInfo>> listSupportLoginTypes() {
|
||||
@ -97,31 +96,25 @@ public class AuthController {
|
||||
}
|
||||
|
||||
/* ****************** 授权相关 ****************** */
|
||||
@PostMapping("/grantAdmin")
|
||||
@ApiPermission(name = "Auth-GrantAdmin", roleScope = RoleScope.GLOBAL, requiredPermission = Permission.SU)
|
||||
public ResultDTO<Void> grantAppPermission(GrantPermissionRequest grantPermissionRequest) {
|
||||
|
||||
grantPermissionRequest.setRole(Role.ADMIN.getV());
|
||||
grantPermissionRequest.setTargetId(AuthConstants.GLOBAL_ADMIN_TARGET_ID);
|
||||
|
||||
grantPermission(RoleScope.GLOBAL, grantPermissionRequest);
|
||||
return ResultDTO.success(null);
|
||||
@GetMapping("/listGlobalAdmin")
|
||||
public ResultDTO<List<Long>> listGlobalAdmin() {
|
||||
// 全局只设置超级管理员权限
|
||||
ComponentUserRoleInfo componentUserRoleInfo = webAuthService.fetchComponentUserRoleInfo(RoleScope.GLOBAL, AuthConstants.GLOBAL_ADMIN_TARGET_ID);
|
||||
return ResultDTO.success(componentUserRoleInfo.getAdmin());
|
||||
}
|
||||
|
||||
@PostMapping("/saveGlobalAdmin")
|
||||
@ApiPermission(name = "Auth-GrantAdmin", roleScope = RoleScope.GLOBAL, requiredPermission = Permission.SU)
|
||||
public ResultDTO<Void> grantAppPermission(@RequestBody ComponentUserRoleInfo componentUserRoleInfo) {
|
||||
|
||||
private void grantPermission(RoleScope roleScope, GrantPermissionRequest grantPermissionRequest) {
|
||||
if (CollectionUtils.isEmpty(componentUserRoleInfo.getAdmin())) {
|
||||
throw new IllegalArgumentException("At least one super administrator is required!");
|
||||
}
|
||||
|
||||
Role role = Role.of(grantPermissionRequest.getRole());
|
||||
|
||||
Optional.ofNullable(grantPermissionRequest.getUserIds()).orElse(Collections.emptyList()).forEach(uid -> {
|
||||
// 记录授权人信息
|
||||
Map<String, Object> extraInfo = Maps.newHashMap();
|
||||
extraInfo.put("grantor", LoginUserHolder.getUserName());
|
||||
String extra = JsonUtils.toJSONString(extraInfo);
|
||||
|
||||
powerJobPermissionService.grantRole(roleScope, grantPermissionRequest.getTargetId(), uid, role, extra);
|
||||
});
|
||||
webAuthService.processPermissionOnSave(RoleScope.GLOBAL, AuthConstants.GLOBAL_ADMIN_TARGET_ID, componentUserRoleInfo);
|
||||
|
||||
return ResultDTO.success(null);
|
||||
}
|
||||
|
||||
private void fillJwt4LoginUser(PowerJobUser powerJobUser, HttpServletResponse httpServletResponse) {
|
||||
|
||||
@ -83,7 +83,7 @@ public class NamespaceController {
|
||||
nv.setId(nd.getId());
|
||||
nv.setCode(nd.getCode());
|
||||
nv.setName(nd.getName());
|
||||
nv.genFrontName();
|
||||
nv.genShowName();
|
||||
return nv;
|
||||
}).collect(Collectors.toList());
|
||||
return ResultDTO.success(namespaceBaseVOList);
|
||||
|
||||
@ -124,6 +124,7 @@ public class UserInfoController {
|
||||
}
|
||||
UserDetailVO userDetailVO = new UserDetailVO();
|
||||
BeanUtils.copyProperties(userinfoDoOpt.get(), userDetailVO);
|
||||
userDetailVO.genShowName();
|
||||
|
||||
// 权限信息
|
||||
Map<Role, List<Long>> globalPermissions = webAuthService.fetchMyPermissionTargets(RoleScope.GLOBAL);
|
||||
@ -144,7 +145,7 @@ public class UserInfoController {
|
||||
}
|
||||
NamespaceBaseVO namespaceBaseVO = JsonUtils.parseObjectIgnoreException(JsonUtils.toJSONString(NamespaceConverter.do2BaseVo(namespaceDO)), NamespaceBaseVO.class);
|
||||
if (namespaceBaseVO != null) {
|
||||
namespaceBaseVO.genFrontName();
|
||||
namespaceBaseVO.genShowName();
|
||||
namespaceBaseVOS.add(namespaceBaseVO);
|
||||
}
|
||||
});
|
||||
|
||||
@ -12,10 +12,14 @@ import tech.powerjob.server.web.response.UserBaseVO;
|
||||
public class UserConverter {
|
||||
|
||||
public static UserBaseVO do2BaseVo(UserInfoDO x) {
|
||||
|
||||
UserBaseVO userBaseVO = new UserBaseVO();
|
||||
|
||||
userBaseVO.setId(x.getId());
|
||||
userBaseVO.setUsername(x.getUsername());
|
||||
userBaseVO.setNick(x.getNick());
|
||||
|
||||
userBaseVO.genShowName();
|
||||
return userBaseVO;
|
||||
}
|
||||
|
||||
|
||||
@ -30,9 +30,9 @@ public class NamespaceBaseVO implements Serializable {
|
||||
/**
|
||||
* 前端名称(拼接 code + name,更容易辨认)
|
||||
*/
|
||||
protected String frontName;
|
||||
protected String showName;
|
||||
|
||||
public void genFrontName() {
|
||||
frontName = String.format("%s(%s)", name, code);
|
||||
public void genShowName() {
|
||||
showName = String.format("%s(%s)", name, code);
|
||||
}
|
||||
}
|
||||
|
||||
@ -3,6 +3,7 @@ package tech.powerjob.server.web.response;
|
||||
import lombok.Getter;
|
||||
import lombok.NoArgsConstructor;
|
||||
import lombok.Setter;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
/**
|
||||
* 用户基础信息
|
||||
@ -17,4 +18,18 @@ public class UserBaseVO {
|
||||
protected Long id;
|
||||
protected String username;
|
||||
protected String nick;
|
||||
|
||||
/**
|
||||
* 前端展示名称,更容易辨认
|
||||
*/
|
||||
protected String showName;
|
||||
|
||||
public void genShowName() {
|
||||
if (StringUtils.isEmpty(nick)) {
|
||||
showName = username;
|
||||
} else {
|
||||
showName = String.format("%s (%s)", nick, username);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user