From 7b7582dd91a9c210574f9d9c92c38160b76bb96b Mon Sep 17 00:00:00 2001 From: tjq Date: Fri, 16 Feb 2024 13:28:58 +0800 Subject: [PATCH] feat: [auth] global admins --- .../server/web/controller/AuthController.java | 49 ++++++++----------- .../web/controller/NamespaceController.java | 2 +- .../web/controller/UserInfoController.java | 3 +- .../server/web/converter/UserConverter.java | 4 ++ .../server/web/response/NamespaceBaseVO.java | 6 +-- .../server/web/response/UserBaseVO.java | 15 ++++++ 6 files changed, 46 insertions(+), 33 deletions(-) diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AuthController.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AuthController.java index 26ba74f4..dc7e0d6f 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AuthController.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AuthController.java @@ -1,25 +1,24 @@ package tech.powerjob.server.web.controller; -import com.google.common.collect.Maps; import org.springframework.web.bind.annotation.*; import tech.powerjob.common.response.ResultDTO; -import tech.powerjob.common.serialize.JsonUtils; -import tech.powerjob.server.auth.*; +import tech.powerjob.common.utils.CollectionUtils; +import tech.powerjob.server.auth.Permission; +import tech.powerjob.server.auth.PowerJobUser; +import tech.powerjob.server.auth.RoleScope; import tech.powerjob.server.auth.common.AuthConstants; import tech.powerjob.server.auth.interceptor.ApiPermission; import tech.powerjob.server.auth.login.LoginTypeInfo; +import tech.powerjob.server.auth.service.WebAuthService; import tech.powerjob.server.auth.service.login.LoginRequest; import tech.powerjob.server.auth.service.login.PowerJobLoginService; -import tech.powerjob.server.auth.service.permission.PowerJobPermissionService; -import tech.powerjob.server.web.request.GrantPermissionRequest; +import tech.powerjob.server.web.request.ComponentUserRoleInfo; import javax.annotation.Resource; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.util.Collections; import java.util.List; -import java.util.Map; import java.util.Optional; /** @@ -33,9 +32,9 @@ import java.util.Optional; public class AuthController { @Resource - private PowerJobLoginService powerJobLoginService; + private WebAuthService webAuthService; @Resource - private PowerJobPermissionService powerJobPermissionService; + private PowerJobLoginService powerJobLoginService; @GetMapping("/supportLoginTypes") public ResultDTO> listSupportLoginTypes() { @@ -97,31 +96,25 @@ public class AuthController { } /* ****************** 授权相关 ****************** */ - @PostMapping("/grantAdmin") - @ApiPermission(name = "Auth-GrantAdmin", roleScope = RoleScope.GLOBAL, requiredPermission = Permission.SU) - public ResultDTO grantAppPermission(GrantPermissionRequest grantPermissionRequest) { - grantPermissionRequest.setRole(Role.ADMIN.getV()); - grantPermissionRequest.setTargetId(AuthConstants.GLOBAL_ADMIN_TARGET_ID); - - grantPermission(RoleScope.GLOBAL, grantPermissionRequest); - return ResultDTO.success(null); + @GetMapping("/listGlobalAdmin") + public ResultDTO> listGlobalAdmin() { + // 全局只设置超级管理员权限 + ComponentUserRoleInfo componentUserRoleInfo = webAuthService.fetchComponentUserRoleInfo(RoleScope.GLOBAL, AuthConstants.GLOBAL_ADMIN_TARGET_ID); + return ResultDTO.success(componentUserRoleInfo.getAdmin()); } + @PostMapping("/saveGlobalAdmin") + @ApiPermission(name = "Auth-GrantAdmin", roleScope = RoleScope.GLOBAL, requiredPermission = Permission.SU) + public ResultDTO grantAppPermission(@RequestBody ComponentUserRoleInfo componentUserRoleInfo) { - private void grantPermission(RoleScope roleScope, GrantPermissionRequest grantPermissionRequest) { + if (CollectionUtils.isEmpty(componentUserRoleInfo.getAdmin())) { + throw new IllegalArgumentException("At least one super administrator is required!"); + } - Role role = Role.of(grantPermissionRequest.getRole()); - - Optional.ofNullable(grantPermissionRequest.getUserIds()).orElse(Collections.emptyList()).forEach(uid -> { - // 记录授权人信息 - Map extraInfo = Maps.newHashMap(); - extraInfo.put("grantor", LoginUserHolder.getUserName()); - String extra = JsonUtils.toJSONString(extraInfo); - - powerJobPermissionService.grantRole(roleScope, grantPermissionRequest.getTargetId(), uid, role, extra); - }); + webAuthService.processPermissionOnSave(RoleScope.GLOBAL, AuthConstants.GLOBAL_ADMIN_TARGET_ID, componentUserRoleInfo); + return ResultDTO.success(null); } private void fillJwt4LoginUser(PowerJobUser powerJobUser, HttpServletResponse httpServletResponse) { diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/NamespaceController.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/NamespaceController.java index fef34e3d..f318e0be 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/NamespaceController.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/NamespaceController.java @@ -83,7 +83,7 @@ public class NamespaceController { nv.setId(nd.getId()); nv.setCode(nd.getCode()); nv.setName(nd.getName()); - nv.genFrontName(); + nv.genShowName(); return nv; }).collect(Collectors.toList()); return ResultDTO.success(namespaceBaseVOList); diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/UserInfoController.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/UserInfoController.java index dd23df4f..27e92060 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/UserInfoController.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/UserInfoController.java @@ -124,6 +124,7 @@ public class UserInfoController { } UserDetailVO userDetailVO = new UserDetailVO(); BeanUtils.copyProperties(userinfoDoOpt.get(), userDetailVO); + userDetailVO.genShowName(); // 权限信息 Map> globalPermissions = webAuthService.fetchMyPermissionTargets(RoleScope.GLOBAL); @@ -144,7 +145,7 @@ public class UserInfoController { } NamespaceBaseVO namespaceBaseVO = JsonUtils.parseObjectIgnoreException(JsonUtils.toJSONString(NamespaceConverter.do2BaseVo(namespaceDO)), NamespaceBaseVO.class); if (namespaceBaseVO != null) { - namespaceBaseVO.genFrontName(); + namespaceBaseVO.genShowName(); namespaceBaseVOS.add(namespaceBaseVO); } }); diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/converter/UserConverter.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/converter/UserConverter.java index 74deec7c..77876d93 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/converter/UserConverter.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/converter/UserConverter.java @@ -12,10 +12,14 @@ import tech.powerjob.server.web.response.UserBaseVO; public class UserConverter { public static UserBaseVO do2BaseVo(UserInfoDO x) { + UserBaseVO userBaseVO = new UserBaseVO(); + userBaseVO.setId(x.getId()); userBaseVO.setUsername(x.getUsername()); userBaseVO.setNick(x.getNick()); + + userBaseVO.genShowName(); return userBaseVO; } diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/NamespaceBaseVO.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/NamespaceBaseVO.java index 103b267c..2f898a07 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/NamespaceBaseVO.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/NamespaceBaseVO.java @@ -30,9 +30,9 @@ public class NamespaceBaseVO implements Serializable { /** * 前端名称(拼接 code + name,更容易辨认) */ - protected String frontName; + protected String showName; - public void genFrontName() { - frontName = String.format("%s(%s)", name, code); + public void genShowName() { + showName = String.format("%s(%s)", name, code); } } diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/UserBaseVO.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/UserBaseVO.java index 9af769da..fb15d663 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/UserBaseVO.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/response/UserBaseVO.java @@ -3,6 +3,7 @@ package tech.powerjob.server.web.response; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; +import org.apache.commons.lang3.StringUtils; /** * 用户基础信息 @@ -17,4 +18,18 @@ public class UserBaseVO { protected Long id; protected String username; protected String nick; + + /** + * 前端展示名称,更容易辨认 + */ + protected String showName; + + public void genShowName() { + if (StringUtils.isEmpty(nick)) { + showName = username; + } else { + showName = String.format("%s (%s)", nick, username); + } + } + } \ No newline at end of file