add online monitor and fix admin scopes
This commit is contained in:
@@ -6,6 +6,7 @@ import com.xspaceagi.system.application.dto.UserDto;
|
||||
import com.xspaceagi.system.application.dto.UserQueryDto;
|
||||
import com.xspaceagi.system.application.service.NotifyMessageApplicationService;
|
||||
import com.xspaceagi.system.application.service.SysGroupApplicationService;
|
||||
import com.xspaceagi.system.application.service.SysRoleApplicationService;
|
||||
import com.xspaceagi.system.application.service.UserApplicationService;
|
||||
import com.xspaceagi.system.infra.dao.entity.SysGroup;
|
||||
import com.xspaceagi.system.infra.dao.entity.NotifyMessage;
|
||||
@@ -19,6 +20,7 @@ import com.xspaceagi.system.spec.dto.PageQueryVo;
|
||||
import com.xspaceagi.system.spec.dto.ReqResult;
|
||||
import com.xspaceagi.system.spec.enums.ErrorCodeEnum;
|
||||
import com.xspaceagi.system.spec.enums.GroupEnum;
|
||||
import com.xspaceagi.system.spec.enums.RoleEnum;
|
||||
import com.xspaceagi.system.spec.exception.BizException;
|
||||
import com.xspaceagi.system.spec.exception.BizExceptionCodeEnum;
|
||||
import com.xspaceagi.system.web.dto.UserAddDto;
|
||||
@@ -49,6 +51,9 @@ public class UserManageController {
|
||||
@Resource
|
||||
private SysGroupApplicationService sysGroupApplicationService;
|
||||
|
||||
@Resource
|
||||
private SysRoleApplicationService sysRoleApplicationService;
|
||||
|
||||
@Resource
|
||||
private NotifyMessageApplicationService notifyMessageApplicationService;
|
||||
|
||||
@@ -189,12 +194,16 @@ public class UserManageController {
|
||||
}
|
||||
|
||||
private void checkCurrentTenantUser(Long userId) {
|
||||
if (userId == null || userService.getById(userId) == null || !visibleUserIds().contains(userId)) {
|
||||
User user = userId == null ? null : userService.getById(userId);
|
||||
if (user == null || !isCurrentTenantUser(user) || (!isPlatformAdmin() && !visibleUserIds().contains(userId))) {
|
||||
throw BizException.of(ErrorCodeEnum.PERMISSION_DENIED, BizExceptionCodeEnum.permissionDenied);
|
||||
}
|
||||
}
|
||||
|
||||
private void applyUserManageScope(PageQueryVo<UserQueryDto> pageQueryVo) {
|
||||
if (isPlatformAdmin()) {
|
||||
return;
|
||||
}
|
||||
if (pageQueryVo.getQueryFilter() == null) {
|
||||
pageQueryVo.setQueryFilter(new UserQueryDto());
|
||||
}
|
||||
@@ -215,6 +224,18 @@ public class UserManageController {
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
private boolean isPlatformAdmin() {
|
||||
UserDto currentUser = getCurrentUserDto();
|
||||
return currentUser.getRole() == User.Role.Admin
|
||||
&& (currentUserGroupIds().isEmpty()
|
||||
|| sysRoleApplicationService.getRoleListByUserId(currentUser.getId()).stream()
|
||||
.anyMatch(role -> RoleEnum.SUPER_ADMIN.getCode().equals(role.getCode())));
|
||||
}
|
||||
|
||||
private boolean isCurrentTenantUser(User user) {
|
||||
return user != null && (getCurrentUserDto().getTenantId() == null || getCurrentUserDto().getTenantId().equals(user.getTenantId()));
|
||||
}
|
||||
|
||||
private UserDto getCurrentUserDto() {
|
||||
UserDto userDto = (UserDto) RequestContext.get().getUser();
|
||||
if (userDto == null) {
|
||||
|
||||
@@ -8,6 +8,7 @@ import com.xspaceagi.system.application.converter.SysDataPermissionConverter;
|
||||
import com.xspaceagi.system.application.dto.permission.*;
|
||||
import com.xspaceagi.system.application.service.SysDataPermissionApplicationService;
|
||||
import com.xspaceagi.system.application.service.SysGroupApplicationService;
|
||||
import com.xspaceagi.system.application.service.SysRoleApplicationService;
|
||||
import com.xspaceagi.system.application.service.SysSubjectPermissionApplicationService;
|
||||
import com.xspaceagi.system.application.dto.UserDto;
|
||||
import com.xspaceagi.system.domain.model.GroupBindMenuModel;
|
||||
@@ -52,6 +53,8 @@ public class SysGroupController extends BaseController {
|
||||
@Resource
|
||||
private SysGroupApplicationService sysGroupApplicationService;
|
||||
@Resource
|
||||
private SysRoleApplicationService sysRoleApplicationService;
|
||||
@Resource
|
||||
private SysDataPermissionApplicationService sysDataPermissionApplicationService;
|
||||
@Resource
|
||||
private SysSubjectPermissionApplicationService sysSubjectPermissionApplicationService;
|
||||
@@ -397,6 +400,9 @@ public class SysGroupController extends BaseController {
|
||||
if (CollectionUtils.isEmpty(groupList)) {
|
||||
return groupList;
|
||||
}
|
||||
if (isPlatformAdmin()) {
|
||||
return groupList;
|
||||
}
|
||||
Set<Long> allowedGroupIds = currentUserGroupIds();
|
||||
return groupList.stream()
|
||||
.filter(group -> group.getId() != null && allowedGroupIds.contains(group.getId()))
|
||||
@@ -404,6 +410,9 @@ public class SysGroupController extends BaseController {
|
||||
}
|
||||
|
||||
private void checkGroupManageScope(Long groupId) {
|
||||
if (isPlatformAdmin()) {
|
||||
return;
|
||||
}
|
||||
if (groupId == null || !currentUserGroupIds().contains(groupId)) {
|
||||
throw BizException.of(ErrorCodeEnum.PERMISSION_DENIED, BizExceptionCodeEnum.permissionDenied);
|
||||
}
|
||||
@@ -416,6 +425,14 @@ public class SysGroupController extends BaseController {
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
private boolean isPlatformAdmin() {
|
||||
UserDto currentUser = getCurrentUserDto();
|
||||
return currentUser.getRole() == User.Role.Admin
|
||||
&& (currentUserGroupIds().isEmpty()
|
||||
|| sysRoleApplicationService.getRoleListByUserId(currentUser.getId()).stream()
|
||||
.anyMatch(role -> RoleEnum.SUPER_ADMIN.getCode().equals(role.getCode())));
|
||||
}
|
||||
|
||||
private UserDto getCurrentUserDto() {
|
||||
UserDto userDto = (UserDto) RequestContext.get().getUser();
|
||||
if (userDto == null) {
|
||||
|
||||
@@ -17,6 +17,7 @@ import com.xspaceagi.system.spec.common.RequestContext;
|
||||
import com.xspaceagi.system.spec.dto.ReqResult;
|
||||
import com.xspaceagi.system.spec.enums.ErrorCodeEnum;
|
||||
import com.xspaceagi.system.spec.enums.GroupEnum;
|
||||
import com.xspaceagi.system.spec.enums.RoleEnum;
|
||||
import com.xspaceagi.system.spec.exception.BizException;
|
||||
import com.xspaceagi.system.spec.exception.BizExceptionCodeEnum;
|
||||
import com.xspaceagi.system.spec.utils.I18nUtil;
|
||||
@@ -157,6 +158,9 @@ public class SysUserController extends BaseController {
|
||||
if (targetUser == null || !Objects.equals(targetUser.getTenantId(), RequestContext.get().getTenantId())) {
|
||||
throw BizException.of(ErrorCodeEnum.PERMISSION_DENIED, BizExceptionCodeEnum.permissionDenied);
|
||||
}
|
||||
if (isPlatformAdmin()) {
|
||||
return;
|
||||
}
|
||||
|
||||
Set<Long> allowedGroupIds = currentUserGroupIds();
|
||||
boolean inScope = sysGroupApplicationService.getGroupListByUserId(userId).stream()
|
||||
@@ -171,6 +175,9 @@ public class SysUserController extends BaseController {
|
||||
if (CollectionUtils.isEmpty(groupIds)) {
|
||||
return;
|
||||
}
|
||||
if (isPlatformAdmin()) {
|
||||
return;
|
||||
}
|
||||
Set<Long> allowedGroupIds = currentUserGroupIds();
|
||||
boolean allInScope = groupIds.stream().allMatch(allowedGroupIds::contains);
|
||||
if (!allInScope) {
|
||||
@@ -182,6 +189,9 @@ public class SysUserController extends BaseController {
|
||||
if (CollectionUtils.isEmpty(roleIds)) {
|
||||
return;
|
||||
}
|
||||
if (isPlatformAdmin()) {
|
||||
return;
|
||||
}
|
||||
Set<Long> allowedRoleIds = sysRoleApplicationService.getRoleListByUserId(getCurrentUserDto().getId()).stream()
|
||||
.map(SysRole::getId)
|
||||
.collect(Collectors.toSet());
|
||||
@@ -205,6 +215,14 @@ public class SysUserController extends BaseController {
|
||||
.collect(Collectors.toSet());
|
||||
}
|
||||
|
||||
private boolean isPlatformAdmin() {
|
||||
UserDto currentUser = getCurrentUserDto();
|
||||
return currentUser.getRole() == User.Role.Admin
|
||||
&& (currentUserGroupIds().isEmpty()
|
||||
|| sysRoleApplicationService.getRoleListByUserId(currentUser.getId()).stream()
|
||||
.anyMatch(role -> RoleEnum.SUPER_ADMIN.getCode().equals(role.getCode())));
|
||||
}
|
||||
|
||||
private UserDto getCurrentUserDto() {
|
||||
UserDto userDto = (UserDto) RequestContext.get().getUser();
|
||||
if (userDto == null) {
|
||||
|
||||
Reference in New Issue
Block a user