# Conflicts: # pmapi/src/main/java/com/ningdatech/pmapi/user/manage/UserInfoManage.javatags/24080901
@@ -19,6 +19,7 @@ import com.ningdatech.pmapi.sys.model.dto.RoleUpdateDTO; | |||
import com.ningdatech.pmapi.sys.model.entity.*; | |||
import com.ningdatech.pmapi.sys.service.*; | |||
import com.ningdatech.pmapi.sys.utils.AuthCacheKeyUtils; | |||
import com.ningdatech.pmapi.user.manage.UserAuthLoginManage; | |||
import lombok.RequiredArgsConstructor; | |||
import lombok.extern.slf4j.Slf4j; | |||
import org.springframework.stereotype.Service; | |||
@@ -47,6 +48,7 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements IR | |||
private final CachePlusOps cachePlusOps; | |||
private final IRoleMenuService roleMenuService; | |||
private final IMenuService menuService; | |||
private final UserAuthLoginManage userAuthLoginManage; | |||
/** | |||
* 删除角色时,需要级联删除跟角色相关的一切资源: | |||
@@ -157,7 +159,10 @@ public class RoleServiceImpl extends ServiceImpl<RoleMapper, Role> implements IR | |||
saveRoleMenu(data.getMenuIds(), role.getId()); | |||
saveRoleMenuDatascope(data.getMenuDataScopeList(), role.getId()); | |||
List<Long> userIdList = userRoleService.listUserIdByRoleId(role.getId()); | |||
userIdList.forEach(w -> cachePlusOps.del(AuthCacheKeyUtils.userResourceCacheKey(w))); | |||
userIdList.forEach(w -> { | |||
cachePlusOps.del(AuthCacheKeyUtils.userResourceCacheKey(w)); | |||
userAuthLoginManage.refreshSession(w); | |||
}); | |||
} | |||
@Override | |||
@@ -72,15 +72,17 @@ public class WithDrawHandle { | |||
// 判断当前操作人 是上一个节点的审批人 | |||
public Boolean checkUserIsBefore(List<ProgressNode> currentProgressInfo, ReqProcessHandlerDTO param) { | |||
UserFullInfoDTO user = userInfoHelper.getUserFullInfo(LoginUserUtil.getUserId()); | |||
//1.判断出 当前审批人和上一个审批人 | |||
ProgressNode progressNode = currentProgressInfo.get(currentProgressInfo.size() - 1); | |||
ProgressNode beforeProgressNode = null; | |||
ProgressNode currentProgressNode = null; | |||
// 先排除掉抄送任务节点 | |||
currentProgressInfo = currentProgressInfo.stream() | |||
.filter(c -> !NodeTypeEnum.CC.name().equals(c.getNodeType().name())) | |||
.collect(Collectors.toList()); | |||
//1.判断出 当前审批人和上一个审批人 | |||
ProgressNode progressNode = currentProgressInfo.get(currentProgressInfo.size() - 1); | |||
ProgressNode beforeProgressNode = null; | |||
ProgressNode currentProgressNode = null; | |||
if (CollUtil.isEmpty(currentProgressInfo)){ | |||
return Boolean.FALSE; | |||
} | |||
@@ -108,7 +110,7 @@ public class WithDrawHandle { | |||
// 判断当前工作流任务前一个审核人的部门和当前登录用户的部门是否是同一个,如果是同一个才可以撤回,否则抛出异常 | |||
// 获取当前当前工作流任务当前审核人信息 | |||
UserFullInfoDTO currentUserInfo = userInfoHelper.getUserFullInfoByEmployeeCode(currentProgressNode.getUserId()); | |||
if(!currentUserInfo.getEmpPosUnitCode().equals(user.getEmpPosUnitCode())){ | |||
if(Objects.isNull(currentUserInfo) || !currentUserInfo.getEmpPosUnitCode().equals(user.getEmpPosUnitCode())){ | |||
return Boolean.FALSE; | |||
} | |||
@@ -550,6 +550,7 @@ public class TodoCenterManage { | |||
res.setProcessStatusName(d.getStatus()); | |||
res.setProcessLaunchTime(d.getCreateTime()); | |||
res.setProcessHandleTime(d.getTaskEndTime()); | |||
res.setTaskId(d.getTaskId()); | |||
return res; | |||
}).collect(Collectors.toList()); | |||
return PageVo.of(resVos, iDoList.size()); | |||
@@ -3,6 +3,7 @@ package com.ningdatech.pmapi.user.manage; | |||
import cn.hutool.core.collection.CollectionUtil; | |||
import com.baomidou.mybatisplus.core.toolkit.StringUtils; | |||
import com.baomidou.mybatisplus.core.toolkit.Wrappers; | |||
import com.ningdatech.pmapi.common.util.StrUtils; | |||
import com.ningdatech.pmapi.organization.model.entity.DingEmployeeInfo; | |||
import com.ningdatech.pmapi.organization.model.entity.DingOrganization; | |||
import com.ningdatech.pmapi.organization.service.IDingEmployeeInfoService; | |||
@@ -11,11 +12,17 @@ import com.ningdatech.pmapi.sys.model.entity.Role; | |||
import com.ningdatech.pmapi.sys.model.entity.UserRole; | |||
import com.ningdatech.pmapi.sys.service.IRoleService; | |||
import com.ningdatech.pmapi.sys.service.IUserRoleService; | |||
import com.ningdatech.pmapi.user.convert.UserInfoConvertor; | |||
import com.ningdatech.pmapi.user.entity.UserInfo; | |||
import com.ningdatech.pmapi.user.security.auth.credential.CredentialAuthToken; | |||
import com.ningdatech.pmapi.user.security.auth.model.UserFullInfoDTO; | |||
import com.ningdatech.pmapi.user.service.IUserAuthService; | |||
import com.ningdatech.pmapi.user.security.auth.model.UserInfoDetails; | |||
import com.ningdatech.pmapi.user.service.IUserInfoService; | |||
import lombok.RequiredArgsConstructor; | |||
import org.springframework.security.core.context.SecurityContextImpl; | |||
import org.springframework.session.Session; | |||
import org.springframework.session.SessionRepository; | |||
import org.springframework.session.data.redis.RedisIndexedSessionRepository; | |||
import org.springframework.stereotype.Component; | |||
import java.util.ArrayList; | |||
@@ -32,13 +39,12 @@ import java.util.stream.Collectors; | |||
@RequiredArgsConstructor | |||
public class UserAuthLoginManage { | |||
private final IUserAuthService iUserAuthService; | |||
private final IUserInfoService iUserInfoService; | |||
private final IRoleService iRoleService; | |||
private final IDingOrganizationService iDingOrganizationService; | |||
private final IDingEmployeeInfoService iDingEmployeeInfoService; | |||
private final IUserRoleService iUserRoleService; | |||
private final RedisIndexedSessionRepository redisIndexedSessionRepository; | |||
/** | |||
* 根据用户id 获取用户全量信息 | |||
@@ -186,4 +192,47 @@ public class UserAuthLoginManage { | |||
userFullInfoAssembler(userInfo, userFullInfoDTO); | |||
return userFullInfoDTO; | |||
} | |||
@SuppressWarnings({"rawtypes", "unchecked"}) | |||
public void refreshSession(Long userId) { | |||
UserFullInfoDTO userFullInfo = getUserFullInfo(userId); | |||
List<String> sessionIds = getSessionIds(userFullInfo); | |||
if (sessionIds.isEmpty()) { | |||
return; | |||
} | |||
SessionRepository redisSessionRepository = redisIndexedSessionRepository; | |||
UserInfoDetails details = UserInfoConvertor.toUserInfoDetails(userFullInfo); | |||
CredentialAuthToken cat = new CredentialAuthToken(details, details.getPassword(), details.getAuthorities()); | |||
sessionIds.forEach(sessionId -> { | |||
Session session = redisIndexedSessionRepository.findById(sessionId); | |||
SecurityContextImpl context = session.getAttribute("SPRING_SECURITY_CONTEXT"); | |||
context.setAuthentication(cat); | |||
session.setAttribute("SPRING_SECURITY_CONTEXT", context); | |||
redisSessionRepository.save(session); | |||
}); | |||
} | |||
private List<String> getSessionIds(UserFullInfoDTO userFullInfo) { | |||
List<String> sessionIds = new ArrayList<>(); | |||
String identifier = userFullInfo.getIdentifier(); | |||
if (StrUtils.isNotBlank(identifier)) { | |||
sessionIds.addAll(redisIndexedSessionRepository.findByPrincipalName(identifier).keySet()); | |||
} | |||
String mobile = userFullInfo.getMobile(); | |||
if (StrUtils.isNotBlank(mobile)) { | |||
sessionIds.addAll(redisIndexedSessionRepository.findByPrincipalName(mobile).keySet()); | |||
} | |||
Long accountId = userFullInfo.getAccountId(); | |||
if (accountId != null) { | |||
sessionIds.addAll(redisIndexedSessionRepository.findByPrincipalName(accountId.toString()).keySet()); | |||
} | |||
return sessionIds; | |||
} | |||
public void kickOff(Long userId) { | |||
UserFullInfoDTO userFullInfo = getUserFullInfo(userId); | |||
List<String> sessionIds = getSessionIds(userFullInfo); | |||
sessionIds.forEach(redisIndexedSessionRepository::deleteById); | |||
} | |||
} |
@@ -10,7 +10,6 @@ import com.ningdatech.basic.model.PageVo; | |||
import com.ningdatech.pmapi.common.constant.RegionConst; | |||
import com.ningdatech.pmapi.common.helper.RegionCacheHelper; | |||
import com.ningdatech.pmapi.common.helper.UserInfoHelper; | |||
import com.ningdatech.pmapi.common.util.BizUtils; | |||
import com.ningdatech.pmapi.organization.model.entity.DingEmployeeInfo; | |||
import com.ningdatech.pmapi.organization.model.entity.DingOrganization; | |||
import com.ningdatech.pmapi.organization.service.IDingEmployeeInfoService; | |||
@@ -20,7 +19,6 @@ import com.ningdatech.pmapi.sys.model.entity.UserRole; | |||
import com.ningdatech.pmapi.sys.service.IRoleService; | |||
import com.ningdatech.pmapi.sys.service.IUserRoleService; | |||
import com.ningdatech.pmapi.user.constant.UserAvailableEnum; | |||
import com.ningdatech.pmapi.user.convert.UserInfoConvertor; | |||
import com.ningdatech.pmapi.user.entity.UserInfo; | |||
import com.ningdatech.pmapi.user.model.po.ReqUserDetailEditPO; | |||
import com.ningdatech.pmapi.user.model.po.ReqUserDetailPO; | |||
@@ -29,17 +27,11 @@ import com.ningdatech.pmapi.user.model.po.ReqUserInfoListPO; | |||
import com.ningdatech.pmapi.user.model.vo.ResUserDetailVO; | |||
import com.ningdatech.pmapi.user.model.vo.ResUserInfoListVO; | |||
import com.ningdatech.pmapi.user.model.vo.UserRoleVO; | |||
import com.ningdatech.pmapi.user.security.auth.credential.CredentialAuthToken; | |||
import com.ningdatech.pmapi.user.security.auth.model.UserFullInfoDTO; | |||
import com.ningdatech.pmapi.user.security.auth.model.UserInfoDetails; | |||
import com.ningdatech.pmapi.user.service.IUserInfoService; | |||
import com.ningdatech.pmapi.user.util.LoginUserUtil; | |||
import com.wflow.workflow.bean.dto.ProcessInstanceUserDto; | |||
import lombok.RequiredArgsConstructor; | |||
import org.springframework.security.core.context.SecurityContextImpl; | |||
import org.springframework.session.Session; | |||
import org.springframework.session.SessionRepository; | |||
import org.springframework.session.data.redis.RedisIndexedSessionRepository; | |||
import org.springframework.stereotype.Component; | |||
import org.springframework.transaction.annotation.Transactional; | |||
@@ -61,7 +53,6 @@ public class UserInfoManage { | |||
private final IUserRoleService iUserRoleService; | |||
private final IRoleService iRoleService; | |||
private final UserInfoHelper userInfoHelper; | |||
private final RedisIndexedSessionRepository redisIndexedSessionRepository; | |||
private final RegionCacheHelper regionCacheHelper; | |||
private final UserAuthLoginManage userAuthLoginManage; | |||
@@ -268,6 +259,10 @@ public class UserInfoManage { | |||
UserInfo userInfo = iUserInfoService.getById(userId); | |||
userInfo.setAvailable(reqUserDisableOrEnablePO.getOperation()); | |||
iUserInfoService.updateById(userInfo); | |||
if (userInfo.getAvailable().equals("DISABLE")) { | |||
userAuthLoginManage.kickOff(userId); | |||
} | |||
} | |||
public ResUserDetailVO userInfoDetail(ReqUserDetailPO reqUserDetailPO) { | |||
@@ -341,7 +336,7 @@ public class UserInfoManage { | |||
iUserRoleService.saveBatch(userRoleList); | |||
} | |||
// 刷新用户权限 | |||
refreshSession(userId); | |||
userAuthLoginManage.refreshSession(userId); | |||
} | |||
/** | |||
@@ -502,63 +497,4 @@ public class UserInfoManage { | |||
return processInstanceUserDto; | |||
} | |||
public void refreshSession(Long userId) { | |||
UserFullInfoDTO ufi = userAuthLoginManage.getUserFullInfo(userId); | |||
List<String> sessionIds = new ArrayList<>(); | |||
BizUtils.notNull(ufi.getIdentifier(), w -> sessionIds.addAll(redisIndexedSessionRepository.findByPrincipalName(w).keySet())); | |||
BizUtils.notNull(ufi.getMobile(), w -> sessionIds.addAll(redisIndexedSessionRepository.findByPrincipalName(w).keySet())); | |||
BizUtils.notNull(ufi.getAccountId(), w -> sessionIds.addAll(redisIndexedSessionRepository.findByPrincipalName(w.toString()).keySet())); | |||
if (sessionIds.isEmpty()) { | |||
return; | |||
} | |||
SessionRepository redisSessionRepository = redisIndexedSessionRepository; | |||
UserInfoDetails details = UserInfoConvertor.toUserInfoDetails(ufi); | |||
CredentialAuthToken cat = new CredentialAuthToken(details, details.getPassword(), details.getAuthorities()); | |||
sessionIds.forEach(sessionId -> { | |||
Session session = redisIndexedSessionRepository.findById(sessionId); | |||
SecurityContextImpl context = session.getAttribute("SPRING_SECURITY_CONTEXT"); | |||
context.setAuthentication(cat); | |||
session.setAttribute("SPRING_SECURITY_CONTEXT", context); | |||
redisSessionRepository.save(session); | |||
}); | |||
} | |||
/** | |||
* 获取当前用户可控角色列表 | |||
* | |||
* @return | |||
*/ | |||
public List<UserRoleVO> getControlledRoleList() { | |||
Long userId = LoginUserUtil.getUserId(); | |||
// 装配用户角色信息列表 | |||
List<UserRole> userRoleList = iUserRoleService.list(Wrappers.lambdaQuery(UserRole.class) | |||
.eq(UserRole::getUserId, userId)); | |||
List<UserRoleVO> controlledRoleVOList = new ArrayList<>(); | |||
List<Long> controlledRoleIdList = new ArrayList<>(); | |||
if (CollUtil.isNotEmpty(userRoleList)) { | |||
List<Long> roleIdList = userRoleList.stream().map(UserRole::getRoleId).distinct().collect(Collectors.toList()); | |||
controlledRoleIdList.addAll(roleIdList); | |||
List<Role> roleList = iRoleService.list(Wrappers.lambdaQuery(Role.class).in(Role::getId, roleIdList)); | |||
for (Role role : roleList) { | |||
List<Long> manageRoleIdList = BizUtils.splitToLong(role.getManageRoleIds()); | |||
if (CollUtil.isNotEmpty(manageRoleIdList)) { | |||
controlledRoleIdList.addAll(manageRoleIdList); | |||
} | |||
} | |||
controlledRoleIdList = controlledRoleIdList.stream().distinct().collect(Collectors.toList()); | |||
List<Role> controlledRoleList = iRoleService.list(Wrappers.lambdaQuery(Role.class).in(Role::getId, controlledRoleIdList)); | |||
controlledRoleVOList = controlledRoleList.stream().map(r -> { | |||
UserRoleVO userRoleVO = new UserRoleVO(); | |||
userRoleVO.setId(r.getId()); | |||
userRoleVO.setName(r.getName()); | |||
userRoleVO.setCode(r.getCode()); | |||
return userRoleVO; | |||
}).collect(Collectors.toList()); | |||
} | |||
return controlledRoleVOList; | |||
} | |||
} |