mirror of
https://github.com/PowerJob/PowerJob.git
synced 2025-07-17 00:00:04 +08:00
feat: [auth] global admins
This commit is contained in:
tjq
parent
686189e6ca
commit
7b7582dd91
@ -1,25 +1,24 @@
|
|||||||
package tech.powerjob.server.web.controller;
|
package tech.powerjob.server.web.controller;
|
||||||
|
|
||||||
import com.google.common.collect.Maps;
|
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import tech.powerjob.common.response.ResultDTO;
|
import tech.powerjob.common.response.ResultDTO;
|
||||||
import tech.powerjob.common.serialize.JsonUtils;
|
import tech.powerjob.common.utils.CollectionUtils;
|
||||||
import tech.powerjob.server.auth.*;
|
import tech.powerjob.server.auth.Permission;
|
||||||
|
import tech.powerjob.server.auth.PowerJobUser;
|
||||||
|
import tech.powerjob.server.auth.RoleScope;
|
||||||
import tech.powerjob.server.auth.common.AuthConstants;
|
import tech.powerjob.server.auth.common.AuthConstants;
|
||||||
import tech.powerjob.server.auth.interceptor.ApiPermission;
|
import tech.powerjob.server.auth.interceptor.ApiPermission;
|
||||||
import tech.powerjob.server.auth.login.LoginTypeInfo;
|
import tech.powerjob.server.auth.login.LoginTypeInfo;
|
||||||
|
import tech.powerjob.server.auth.service.WebAuthService;
|
||||||
import tech.powerjob.server.auth.service.login.LoginRequest;
|
import tech.powerjob.server.auth.service.login.LoginRequest;
|
||||||
import tech.powerjob.server.auth.service.login.PowerJobLoginService;
|
import tech.powerjob.server.auth.service.login.PowerJobLoginService;
|
||||||
import tech.powerjob.server.auth.service.permission.PowerJobPermissionService;
|
import tech.powerjob.server.web.request.ComponentUserRoleInfo;
|
||||||
import tech.powerjob.server.web.request.GrantPermissionRequest;
|
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.Cookie;
|
import javax.servlet.http.Cookie;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -33,9 +32,9 @@ import java.util.Optional;
|
|||||||
public class AuthController {
|
public class AuthController {
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private PowerJobLoginService powerJobLoginService;
|
private WebAuthService webAuthService;
|
||||||
@Resource
|
@Resource
|
||||||
private PowerJobPermissionService powerJobPermissionService;
|
private PowerJobLoginService powerJobLoginService;
|
||||||
|
|
||||||
@GetMapping("/supportLoginTypes")
|
@GetMapping("/supportLoginTypes")
|
||||||
public ResultDTO<List<LoginTypeInfo>> listSupportLoginTypes() {
|
public ResultDTO<List<LoginTypeInfo>> listSupportLoginTypes() {
|
||||||
@ -97,31 +96,25 @@ public class AuthController {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* ****************** 授权相关 ****************** */
|
/* ****************** 授权相关 ****************** */
|
||||||
@PostMapping("/grantAdmin")
|
|
||||||
@ApiPermission(name = "Auth-GrantAdmin", roleScope = RoleScope.GLOBAL, requiredPermission = Permission.SU)
|
|
||||||
public ResultDTO<Void> grantAppPermission(GrantPermissionRequest grantPermissionRequest) {
|
|
||||||
|
|
||||||
grantPermissionRequest.setRole(Role.ADMIN.getV());
|
@GetMapping("/listGlobalAdmin")
|
||||||
grantPermissionRequest.setTargetId(AuthConstants.GLOBAL_ADMIN_TARGET_ID);
|
public ResultDTO<List<Long>> listGlobalAdmin() {
|
||||||
|
// 全局只设置超级管理员权限
|
||||||
grantPermission(RoleScope.GLOBAL, grantPermissionRequest);
|
ComponentUserRoleInfo componentUserRoleInfo = webAuthService.fetchComponentUserRoleInfo(RoleScope.GLOBAL, AuthConstants.GLOBAL_ADMIN_TARGET_ID);
|
||||||
return ResultDTO.success(null);
|
return ResultDTO.success(componentUserRoleInfo.getAdmin());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostMapping("/saveGlobalAdmin")
|
||||||
|
@ApiPermission(name = "Auth-GrantAdmin", roleScope = RoleScope.GLOBAL, requiredPermission = Permission.SU)
|
||||||
|
public ResultDTO<Void> grantAppPermission(@RequestBody ComponentUserRoleInfo componentUserRoleInfo) {
|
||||||
|
|
||||||
private void grantPermission(RoleScope roleScope, GrantPermissionRequest grantPermissionRequest) {
|
if (CollectionUtils.isEmpty(componentUserRoleInfo.getAdmin())) {
|
||||||
|
throw new IllegalArgumentException("At least one super administrator is required!");
|
||||||
|
}
|
||||||
|
|
||||||
Role role = Role.of(grantPermissionRequest.getRole());
|
webAuthService.processPermissionOnSave(RoleScope.GLOBAL, AuthConstants.GLOBAL_ADMIN_TARGET_ID, componentUserRoleInfo);
|
||||||
|
|
||||||
Optional.ofNullable(grantPermissionRequest.getUserIds()).orElse(Collections.emptyList()).forEach(uid -> {
|
|
||||||
// 记录授权人信息
|
|
||||||
Map<String, Object> extraInfo = Maps.newHashMap();
|
|
||||||
extraInfo.put("grantor", LoginUserHolder.getUserName());
|
|
||||||
String extra = JsonUtils.toJSONString(extraInfo);
|
|
||||||
|
|
||||||
powerJobPermissionService.grantRole(roleScope, grantPermissionRequest.getTargetId(), uid, role, extra);
|
|
||||||
});
|
|
||||||
|
|
||||||
|
return ResultDTO.success(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void fillJwt4LoginUser(PowerJobUser powerJobUser, HttpServletResponse httpServletResponse) {
|
private void fillJwt4LoginUser(PowerJobUser powerJobUser, HttpServletResponse httpServletResponse) {
|
||||||
|
|||||||
@ -83,7 +83,7 @@ public class NamespaceController {
|
|||||||
nv.setId(nd.getId());
|
nv.setId(nd.getId());
|
||||||
nv.setCode(nd.getCode());
|
nv.setCode(nd.getCode());
|
||||||
nv.setName(nd.getName());
|
nv.setName(nd.getName());
|
||||||
nv.genFrontName();
|
nv.genShowName();
|
||||||
return nv;
|
return nv;
|
||||||
}).collect(Collectors.toList());
|
}).collect(Collectors.toList());
|
||||||
return ResultDTO.success(namespaceBaseVOList);
|
return ResultDTO.success(namespaceBaseVOList);
|
||||||
|
|||||||
@ -124,6 +124,7 @@ public class UserInfoController {
|
|||||||
}
|
}
|
||||||
UserDetailVO userDetailVO = new UserDetailVO();
|
UserDetailVO userDetailVO = new UserDetailVO();
|
||||||
BeanUtils.copyProperties(userinfoDoOpt.get(), userDetailVO);
|
BeanUtils.copyProperties(userinfoDoOpt.get(), userDetailVO);
|
||||||
|
userDetailVO.genShowName();
|
||||||
|
|
||||||
// 权限信息
|
// 权限信息
|
||||||
Map<Role, List<Long>> globalPermissions = webAuthService.fetchMyPermissionTargets(RoleScope.GLOBAL);
|
Map<Role, List<Long>> globalPermissions = webAuthService.fetchMyPermissionTargets(RoleScope.GLOBAL);
|
||||||
@ -144,7 +145,7 @@ public class UserInfoController {
|
|||||||
}
|
}
|
||||||
NamespaceBaseVO namespaceBaseVO = JsonUtils.parseObjectIgnoreException(JsonUtils.toJSONString(NamespaceConverter.do2BaseVo(namespaceDO)), NamespaceBaseVO.class);
|
NamespaceBaseVO namespaceBaseVO = JsonUtils.parseObjectIgnoreException(JsonUtils.toJSONString(NamespaceConverter.do2BaseVo(namespaceDO)), NamespaceBaseVO.class);
|
||||||
if (namespaceBaseVO != null) {
|
if (namespaceBaseVO != null) {
|
||||||
namespaceBaseVO.genFrontName();
|
namespaceBaseVO.genShowName();
|
||||||
namespaceBaseVOS.add(namespaceBaseVO);
|
namespaceBaseVOS.add(namespaceBaseVO);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|||||||
@ -12,10 +12,14 @@ import tech.powerjob.server.web.response.UserBaseVO;
|
|||||||
public class UserConverter {
|
public class UserConverter {
|
||||||
|
|
||||||
public static UserBaseVO do2BaseVo(UserInfoDO x) {
|
public static UserBaseVO do2BaseVo(UserInfoDO x) {
|
||||||
|
|
||||||
UserBaseVO userBaseVO = new UserBaseVO();
|
UserBaseVO userBaseVO = new UserBaseVO();
|
||||||
|
|
||||||
userBaseVO.setId(x.getId());
|
userBaseVO.setId(x.getId());
|
||||||
userBaseVO.setUsername(x.getUsername());
|
userBaseVO.setUsername(x.getUsername());
|
||||||
userBaseVO.setNick(x.getNick());
|
userBaseVO.setNick(x.getNick());
|
||||||
|
|
||||||
|
userBaseVO.genShowName();
|
||||||
return userBaseVO;
|
return userBaseVO;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -30,9 +30,9 @@ public class NamespaceBaseVO implements Serializable {
|
|||||||
/**
|
/**
|
||||||
* 前端名称(拼接 code + name,更容易辨认)
|
* 前端名称(拼接 code + name,更容易辨认)
|
||||||
*/
|
*/
|
||||||
protected String frontName;
|
protected String showName;
|
||||||
|
|
||||||
public void genFrontName() {
|
public void genShowName() {
|
||||||
frontName = String.format("%s(%s)", name, code);
|
showName = String.format("%s(%s)", name, code);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,6 +3,7 @@ package tech.powerjob.server.web.response;
|
|||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 用户基础信息
|
* 用户基础信息
|
||||||
@ -17,4 +18,18 @@ public class UserBaseVO {
|
|||||||
protected Long id;
|
protected Long id;
|
||||||
protected String username;
|
protected String username;
|
||||||
protected String nick;
|
protected String nick;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 前端展示名称,更容易辨认
|
||||||
|
*/
|
||||||
|
protected String showName;
|
||||||
|
|
||||||
|
public void genShowName() {
|
||||||
|
if (StringUtils.isEmpty(nick)) {
|
||||||
|
showName = username;
|
||||||
|
} else {
|
||||||
|
showName = String.format("%s (%s)", nick, username);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user