增加数据权限控制

iot-dao/iot-data-serviceImpl-rdb/src/main/java/cc/iotkit/data/model/TbProduct.java

@@ -47,6 +47,13 @@ public class TbProduct implements TenantAware {
     @ApiModelProperty(value = "产品key")
     private String productKey;
 
+    /**
+     * 创建部门
+     */
+    @ApiModelProperty(value = "创建部门")
+    private Long createDept;
+
+
     @ApiModelProperty(value = "产品密钥")
     private String productSecret;
 

iot-dao/iot-data-serviceImpl-rdb/src/main/java/cc/iotkit/data/service/SysDeptDataImpl.java

@@ -1,6 +1,10 @@
 package cc.iotkit.data.service;
 
+import cc.iotkit.common.constant.GlobalConstants;
 import cc.iotkit.common.constant.UserConstants;
+import cc.iotkit.common.redis.utils.RedisUtils;
+import cc.iotkit.common.satoken.utils.LoginHelper;
+import cc.iotkit.common.tenant.helper.TenantHelper;
 import cc.iotkit.common.utils.MapstructUtils;
 import cc.iotkit.common.utils.StringUtils;
 import cc.iotkit.data.dao.IJPACommData;
@@ -9,6 +13,7 @@ import cc.iotkit.data.model.TbSysDept;
 import cc.iotkit.data.system.ISysDeptData;
 import cc.iotkit.data.util.PredicateBuilder;
 import cc.iotkit.model.system.SysDept;
+import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.util.ObjectUtil;
 import com.querydsl.jpa.impl.JPAQueryFactory;
 import lombok.RequiredArgsConstructor;
@@ -17,6 +22,9 @@ import org.springframework.context.annotation.Primary;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
@@ -63,6 +71,7 @@ public class SysDeptDataImpl implements ISysDeptData, IJPACommData<SysDept, Long
                 .and(StringUtils.isNotEmpty(dept.getDeptName()), () -> tbSysDept.deptName.like(dept.getDeptName()))
                 .and(StringUtils.isNotEmpty(dept.getTenantId()), () -> tbSysDept.tenantId.like(dept.getTenantId()))
                 .and(StringUtils.isNotEmpty(dept.getStatus()), () -> tbSysDept.status.eq(dept.getStatus()));
+        checkDataPermission(predicateBuilder, TenantHelper.getTenantId());
         return MapstructUtils.convert(StreamSupport.stream(deptRepository.findAll(predicateBuilder.build()).spliterator(), false).collect(Collectors.toList()), SysDept.class);
     }
 
@@ -104,7 +113,23 @@ public class SysDeptDataImpl implements ISysDeptData, IJPACommData<SysDept, Long
 
         PredicateBuilder predicateBuilder = PredicateBuilder.instance().and(tbSysDept.status.eq(UserConstants.DEPT_NORMAL));
         return jpaQueryFactory.select(tbSysDept.ancestors).where(predicateBuilder.build()).fetch().stream().filter(o -> o.indexOf(deptId.toString()) != -1).count();
+    }
 
+    private void checkDataPermission(PredicateBuilder predicateBuilder, String tenantId){
+        Long deptId = LoginHelper.getDeptId();
+        List<Long> deptList = new ArrayList<>();
+        if(ObjectUtil.isNotNull(deptId)){
+           String ChildDept = RedisUtils.getCacheObject(GlobalConstants.DEPT_CHILD_PREFIX+tenantId+":"+LoginHelper.getDeptId());
+           if(StringUtils.isNotEmpty(ChildDept)){
+               deptList= Arrays.stream(StringUtils.split(ChildDept,",")).map(Long::parseLong).collect(Collectors.toList());
+               deptList.add(LoginHelper.getDeptId());
+           }else{
+               deptList = Collections.singletonList(LoginHelper.getDeptId());
+           }
+        }
+        List<Long> finalDeptList = deptList;
+        predicateBuilder.and(CollectionUtil.isNotEmpty(deptList),()->tbSysDept.id.in(finalDeptList));
 
     }
+
 }

iot-dao/iot-data-serviceImpl-rdb/src/main/java/cc/iotkit/data/service/SysLogininfoDataImpl.java

@@ -2,6 +2,9 @@ package cc.iotkit.data.service;
 
 import cc.iotkit.common.api.PageRequest;
 import cc.iotkit.common.api.Paging;
+import cc.iotkit.common.constant.GlobalConstants;
+import cc.iotkit.common.redis.utils.RedisUtils;
+import cc.iotkit.common.satoken.utils.LoginHelper;
 import cc.iotkit.common.utils.MapstructUtils;
 import cc.iotkit.common.utils.StringUtils;
 import cc.iotkit.data.dao.IJPACommData;
@@ -11,6 +14,8 @@ import cc.iotkit.data.system.ISysLogininforData;
 import cc.iotkit.data.util.PageBuilder;
 import cc.iotkit.data.util.PredicateBuilder;
 import cc.iotkit.model.system.SysLoginInfo;
+import cn.hutool.core.collection.CollectionUtil;
+import cn.hutool.core.util.ObjectUtil;
 import com.querydsl.core.types.Predicate;
 import com.querydsl.jpa.impl.JPAQueryFactory;
 import lombok.RequiredArgsConstructor;
@@ -19,8 +24,13 @@ import org.springframework.data.domain.Page;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Service;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
+import java.util.stream.Collectors;
 
+import static cc.iotkit.data.model.QTbSysDept.tbSysDept;
 import static cc.iotkit.data.model.QTbSysLogininfor.tbSysLogininfor;
 
 /**
@@ -66,11 +76,31 @@ public class SysLogininfoDataImpl implements ISysLogininforData, IJPACommData<Sy
     }
 
     private static Predicate genPredicate(SysLoginInfo data) {
-        return PredicateBuilder.instance()
+        PredicateBuilder predicateBuilder = PredicateBuilder.instance()
+//                .and(StringUtils.isNotBlank(LoginHelper.getTenantId()),()->tbSysLogininfor.tenantId.eq(LoginHelper.getTenantId()))
                 .and(StringUtils.isNotBlank(data.getIpaddr()), () -> tbSysLogininfor.ipaddr.like(data.getIpaddr()))
                 .and(StringUtils.isNotBlank(data.getStatus()), () -> tbSysLogininfor.status.eq(data.getStatus()))
-                .and(StringUtils.isNotBlank(data.getUserName()), () -> tbSysLogininfor.userName.like(data.getUserName()))
-                .build();
+                .and(StringUtils.isNotBlank(data.getUserName()), () -> tbSysLogininfor.userName.like(data.getUserName()));
+        //增加数据权限
+        checkDataPermission(predicateBuilder, LoginHelper.getTenantId());
+        return predicateBuilder.build();
+    }
+
+    private static void checkDataPermission(PredicateBuilder predicateBuilder, String tenantId){
+        Long deptId = LoginHelper.getDeptId();
+        List<Long> deptList = new ArrayList<>();
+        if(ObjectUtil.isNotNull(deptId)){
+            String ChildDept = RedisUtils.getCacheObject(GlobalConstants.DEPT_CHILD_PREFIX+tenantId+":"+LoginHelper.getDeptId());
+            if(StringUtils.isNotEmpty(ChildDept)){
+                deptList= Arrays.stream(StringUtils.split(ChildDept,",")).map(Long::parseLong).collect(Collectors.toList());
+                deptList.add(LoginHelper.getDeptId());
+            }else{
+                deptList = Collections.singletonList(LoginHelper.getDeptId());
+            }
+        }
+        List<Long> finalDeptList = deptList;
+        predicateBuilder.and(CollectionUtil.isNotEmpty(deptList),()->tbSysLogininfor.createDept.in(finalDeptList));
+
     }
 
     @Override
@@ -89,4 +119,6 @@ public class SysLogininfoDataImpl implements ISysLogininforData, IJPACommData<Sy
         logininfoRepository.deleteAll();
     }
 
+
+
 }

iot-module/iot-system/src/main/java/cc/iotkit/system/controller/SysUserController.java

@@ -3,11 +3,13 @@ package cc.iotkit.system.controller;
 import cc.iotkit.common.api.PageRequest;
 import cc.iotkit.common.api.Paging;
 import cc.iotkit.common.api.Request;
+import cc.iotkit.common.constant.GlobalConstants;
 import cc.iotkit.common.excel.core.ExcelResult;
 import cc.iotkit.common.excel.utils.ExcelUtil;
 import cc.iotkit.common.log.annotation.Log;
 import cc.iotkit.common.log.enums.BusinessType;
 import cc.iotkit.common.model.LoginUser;
+import cc.iotkit.common.redis.utils.RedisUtils;
 import cc.iotkit.common.satoken.utils.LoginHelper;
 import cc.iotkit.common.tenant.helper.TenantHelper;
 import cc.iotkit.common.utils.MapstructUtils;
@@ -36,10 +38,7 @@ import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
 import javax.servlet.http.HttpServletResponse;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 /**
@@ -65,6 +64,8 @@ public class SysUserController extends BaseController {
     @PostMapping("/list")
     public Paging<SysUserVo> list(@RequestBody @Validated(QueryGroup.class) PageRequest<SysUserBo> query) {
         query.getData().setTenantId(TenantHelper.getTenantId());
+        //增加数据权限
+        checkAndModifyDeptId(query);
         Paging<SysUserVo> page = userService.selectPageUserList(query);
         List<SysUserVo> sysUserVos = page.getRows();
         Set<Long> deptIds = sysUserVos.stream().map(SysUserVo::getDeptId).collect(Collectors.toSet());
@@ -74,6 +75,27 @@ public class SysUserController extends BaseController {
         return page;
     }
 
+    /**
+     * 增加部门数据
+     * @param query
+     */
+    private static void checkAndModifyDeptId(PageRequest<SysUserBo> query) {
+        if(ObjectUtil.isNull(query.getData().getDeptId())){
+            query.getData().setDeptId(LoginHelper.getDeptId());
+        }else{
+            String ChildDept = RedisUtils.getCacheObject(GlobalConstants.DEPT_CHILD_PREFIX+TenantHelper.getTenantId()+":"+LoginHelper.getDeptId());
+            if(StringUtils.isNotEmpty(ChildDept)){
+                List deptList= Arrays.stream(StringUtils.split(ChildDept,",")).map(Long::parseLong).collect(Collectors.toList());
+                deptList.add(LoginHelper.getDeptId());
+                if(!deptList.contains(query.getData().getDeptId())){
+                    query.getData().setDeptId(-1L);
+                }
+            }else{
+                query.getData().setDeptId(LoginHelper.getDeptId());
+            }
+        }
+    }
+
     @ApiOperation("导出用户列表")
     @Log(title = "用户管理", businessType = BusinessType.EXPORT)
     @SaCheckPermission("system:user:export")

iot-starter/src/main/java/cc/iotkit/config/DeptStartupRunner.java

@@ -1,5 +1,6 @@
 package cc.iotkit.config;
 
+import cc.iotkit.common.constant.GlobalConstants;
 import cc.iotkit.common.redis.utils.RedisUtils;
 import cc.iotkit.model.system.SysDept;
 import cc.iotkit.system.dto.vo.SysDeptVo;
@@ -18,7 +19,7 @@ public class DeptStartupRunner implements CommandLineRunner{
     @Resource
     private ISysDeptService deptService;
 
-    private static final String DEPT_CHILD_PREFIX = "dept_child_prefix:";
+
 
     @Override
     public void run(String... args) throws Exception {
@@ -33,7 +34,7 @@ public class DeptStartupRunner implements CommandLineRunner{
                 ancestors= sysDept.getAncestors();
                 splits= ancestors.split(",");
                 for(String split:splits ){
-                    key = DEPT_CHILD_PREFIX + sysDept.getTenantId() + ":" + String.valueOf(split);
+                    key = GlobalConstants.DEPT_CHILD_PREFIX + sysDept.getTenantId() + ":" + String.valueOf(split);
                     List<String> children = deptChildMap.get(key);
                     if(CollectionUtil.isEmpty(children)){
                         children = new ArrayList<>();