From 2d524c13cc0e0cc9c7e1917d107e0e9999dbc7a1 Mon Sep 17 00:00:00 2001 From: linbangquan <1437892690@qq.com> Date: Mon, 25 Dec 2023 17:02:17 +0800 Subject: [PATCH 1/3] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=20=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E6=A0=91=E7=9B=AE=E5=BD=95=E4=B8=AD=E7=9A=84=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD=E9=80=BB?= =?UTF-8?q?=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 关联 #[1054336795246592]模型树目录中的模型增加权限判断逻辑 http://192.168.0.96:8090/demo/rdm.html#/task-detail/939050947543040/939050947543050/1054336795246592 --- .../ListCiCatalogAndCiForTreeApi.java | 131 ++++++++++-------- .../cmdb/dao/mapper/ci/CiAuthMapper.java | 2 + .../cmdb/dao/mapper/ci/CiAuthMapper.xml | 13 ++ 3 files changed, 91 insertions(+), 55 deletions(-) diff --git a/src/main/java/neatlogic/module/cmdb/api/cicatalog/ListCiCatalogAndCiForTreeApi.java b/src/main/java/neatlogic/module/cmdb/api/cicatalog/ListCiCatalogAndCiForTreeApi.java index a80676b5..f3740e83 100644 --- a/src/main/java/neatlogic/module/cmdb/api/cicatalog/ListCiCatalogAndCiForTreeApi.java +++ b/src/main/java/neatlogic/module/cmdb/api/cicatalog/ListCiCatalogAndCiForTreeApi.java @@ -2,25 +2,31 @@ package neatlogic.module.cmdb.api.cicatalog; import com.alibaba.fastjson.JSONObject; import neatlogic.framework.auth.core.AuthAction; +import neatlogic.framework.auth.core.AuthActionChecker; +import neatlogic.framework.cmdb.auth.label.CIENTITY_MODIFY; +import neatlogic.framework.cmdb.auth.label.CI_MODIFY; import neatlogic.framework.cmdb.auth.label.CMDB_BASE; +import neatlogic.framework.cmdb.dto.ci.CiAuthVo; import neatlogic.framework.cmdb.dto.ci.CiVo; import neatlogic.framework.cmdb.dto.cicatalog.CiCatalogNodeVo; import neatlogic.framework.cmdb.dto.cicatalog.CiCatalogVo; +import neatlogic.framework.cmdb.enums.CiAuthType; +import neatlogic.framework.cmdb.enums.group.GroupType; import neatlogic.framework.common.constvalue.ApiParamType; import neatlogic.framework.restful.annotation.*; import neatlogic.framework.restful.constvalue.OperationTypeEnum; import neatlogic.framework.restful.core.privateapi.PrivateApiComponentBase; +import neatlogic.module.cmdb.dao.mapper.ci.CiAuthMapper; import neatlogic.module.cmdb.dao.mapper.ci.CiMapper; +import neatlogic.module.cmdb.service.ci.CiAuthChecker; import neatlogic.module.cmdb.service.cicatalog.CiCatalogService; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Service; import javax.annotation.Resource; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; +import java.util.stream.Collectors; @Service @AuthAction(action = CMDB_BASE.class) @@ -30,6 +36,9 @@ public class ListCiCatalogAndCiForTreeApi extends PrivateApiComponentBase { @Resource private CiMapper ciMapper; + @Resource + private CiAuthMapper ciAuthMapper; + @Resource private CiCatalogService ciCatalogService; @@ -47,88 +56,73 @@ public class ListCiCatalogAndCiForTreeApi extends PrivateApiComponentBase { @Description(desc = "nmcac.listcicatalogandcifortreeapi.getname") @Override public Object myDoService(JSONObject paramObj) throws Exception { - CiCatalogNodeVo rootNode = null; List catalogList = new ArrayList<>(); - Map id2NodeMap = new HashMap<>(); + List matchCiCatalogNodeList = new ArrayList<>(); List noCatalogCiNodeList = new ArrayList<>(); - List ciNodeList = new ArrayList<>(); + List hasCatalogCiNodeList = new ArrayList<>(); List allNodeList = ciCatalogService.getAllCiCatalogList(); + Map id2NodeMap = allNodeList.stream().collect(Collectors.toMap(e -> e.getId(), e -> e)); List ciList = ciMapper.getAllCi(null); String keyword = paramObj.getString("keyword"); if (StringUtils.isNotBlank(keyword)) { keyword = keyword.toLowerCase(); - List matchKeywordCiCatalogNodeList = new ArrayList<>(); - if (CollectionUtils.isNotEmpty(allNodeList)) { - rootNode = allNodeList.get(0); - for (CiCatalogNodeVo node : allNodeList) { - node.setType(CiCatalogNodeVo.CATALOG); - id2NodeMap.put(node.getId(), node); - if (node.getName().toLowerCase().contains(keyword)) { - matchKeywordCiCatalogNodeList.add(node); - } + List matchKeywordCiCatalogNodeIdList = new ArrayList<>(); + for (CiCatalogNodeVo node : allNodeList) { + if (node.getName().toLowerCase().contains(keyword)) { + matchCiCatalogNodeList.add(node); + matchKeywordCiCatalogNodeIdList.add(node.getId()); } } - for (CiVo ciVo : ciList) { - if (!ciVo.getName().toLowerCase().contains(keyword) && !ciVo.getLabel().toLowerCase().contains(keyword)) { - continue; - } - CiCatalogNodeVo ciNode = new CiCatalogNodeVo(ciVo); - if (ciVo.getCatalogId() == null) { - noCatalogCiNodeList.add(ciNode); + Iterator iterator = ciList.iterator(); + while (iterator.hasNext()) { + CiVo ciVo = iterator.next(); + if (matchKeywordCiCatalogNodeIdList.contains(ciVo.getCatalogId())) { continue; } - CiCatalogNodeVo node = id2NodeMap.get(ciVo.getCatalogId()); - if (node == null) { - noCatalogCiNodeList.add(ciNode); - continue; + if (!ciVo.getName().toLowerCase().contains(keyword) && !ciVo.getLabel().toLowerCase().contains(keyword)) { + iterator.remove(); } - matchKeywordCiCatalogNodeList.add(node); - ciNodeList.add(ciNode); } - for (CiCatalogNodeVo node : allNodeList) { - for (CiCatalogNodeVo matchKeywordCiCatalogNode : matchKeywordCiCatalogNodeList) { - if (node.getLft() <= matchKeywordCiCatalogNode.getLft() && node.getRht() >= matchKeywordCiCatalogNode.getRht()) { - catalogList.add(node); - } - } + } + checkCiAuth(ciList); + for (CiVo ciVo : ciList) { + CiCatalogNodeVo ciNode = new CiCatalogNodeVo(ciVo); + if (ciVo.getCatalogId() == null) { + noCatalogCiNodeList.add(ciNode); + continue; } - } else { - if (CollectionUtils.isNotEmpty(allNodeList)) { - rootNode = allNodeList.get(0); - for (CiCatalogNodeVo node : allNodeList) { - node.setType(CiCatalogNodeVo.CATALOG); - id2NodeMap.put(node.getId(), node); - catalogList.add(node); - } + CiCatalogNodeVo node = id2NodeMap.get(ciVo.getCatalogId()); + if (node == null) { + noCatalogCiNodeList.add(ciNode); + continue; } - for (CiVo ciVo : ciList) { - CiCatalogNodeVo ciNode = new CiCatalogNodeVo(ciVo); - if (ciVo.getCatalogId() == null) { - noCatalogCiNodeList.add(ciNode); - continue; - } - CiCatalogNodeVo node = id2NodeMap.get(ciVo.getCatalogId()); - if (node == null) { - noCatalogCiNodeList.add(ciNode); - continue; + matchCiCatalogNodeList.add(node); + hasCatalogCiNodeList.add(ciNode); + } + + for (CiCatalogNodeVo node : allNodeList) { + for (CiCatalogNodeVo matchCiCatalogNode : matchCiCatalogNodeList) { + if (node.getLft() <= matchCiCatalogNode.getLft() && node.getRht() >= matchCiCatalogNode.getRht()) { + catalogList.add(node); } - ciNodeList.add(ciNode); } } if (CollectionUtils.isNotEmpty(catalogList)) { for (CiCatalogNodeVo node : catalogList) { + node.setType(CiCatalogNodeVo.CATALOG); CiCatalogNodeVo parent = id2NodeMap.get(node.getParentId()); if (parent != null) { parent.addChild(node); } } - for (CiCatalogNodeVo node : ciNodeList) { + for (CiCatalogNodeVo node : hasCatalogCiNodeList) { CiCatalogNodeVo parent = id2NodeMap.get(node.getParentId()); if (parent != null) { parent.addChild(node); } } + CiCatalogNodeVo rootNode = allNodeList.get(0); for (CiCatalogNodeVo node : noCatalogCiNodeList) { rootNode.addChild(node); } @@ -143,4 +137,31 @@ public class ListCiCatalogAndCiForTreeApi extends PrivateApiComponentBase { return "cmdb/cicatalogandci/listtree"; } + private void checkCiAuth(List ciList) { + //如果没有管理权限则需要检查每个模型的权限 + if (!AuthActionChecker.check(CI_MODIFY.class, CIENTITY_MODIFY.class)) { + Map> ciId2CiAuthListMap = new HashMap<>(); + List ciIdList = ciList.stream().map(CiVo::getId).collect(Collectors.toList()); + List ciAuthList = ciAuthMapper.getCiAuthByCiIdList(ciIdList); + for (CiAuthVo ciAuth : ciAuthList) { + ciId2CiAuthListMap.computeIfAbsent(ciAuth.getCiId(), key -> new ArrayList<>()).add(ciAuth); + } + Iterator iterator = ciList.iterator(); + while (iterator.hasNext()) { + CiVo ciVo = iterator.next(); + List ciAuths = ciId2CiAuthListMap.get(ciVo.getId()); + if (CollectionUtils.isNotEmpty(ciAuths)) { + if (!CiAuthChecker.hasPrivilege(ciAuths, CiAuthType.CIMANAGE, CiAuthType.CIENTITYUPDATE, CiAuthType.CIENTITYDELETE, CiAuthType.TRANSACTIONMANAGE, CiAuthType.CIENTITYQUERY)) { + if (!CiAuthChecker.isCiInGroup(ciVo.getId(), GroupType.READONLY, GroupType.MAINTAIN)) { + iterator.remove(); + } + } + } else { + if (!CiAuthChecker.isCiInGroup(ciVo.getId(), GroupType.READONLY, GroupType.MAINTAIN)) { + iterator.remove(); + } + } + } + } + } } diff --git a/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.java b/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.java index 56e0de12..0b3c82d7 100644 --- a/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.java +++ b/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.java @@ -30,6 +30,8 @@ import java.util.List; public interface CiAuthMapper { public List getCiAuthByCiId(Long ciId); + List getCiAuthByCiIdList(List ciIdList); + public int insertCiAuth(CiAuthVo ciAuthVo); public int deleteCiAuthByCiId(Long ciId); diff --git a/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.xml b/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.xml index 118f8a69..97f7d8c8 100644 --- a/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.xml +++ b/src/main/java/neatlogic/module/cmdb/dao/mapper/ci/CiAuthMapper.xml @@ -29,6 +29,19 @@ WHERE ci_id = #{value} + + INSERT INTO `cmdb_ci_auth` (`ci_id`, `auth_type`, -- Gitee From c0bca8964ef1a9f2e6a5e2b00f7e3bcaea100e9c Mon Sep 17 00:00:00 2001 From: linbangquan <1437892690@qq.com> Date: Mon, 25 Dec 2023 17:15:05 +0800 Subject: [PATCH 2/3] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=20=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E6=A0=91=E7=9B=AE=E5=BD=95=E4=B8=AD=E7=9A=84=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD=E9=80=BB?= =?UTF-8?q?=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 关联 #[1054336795246592]模型树目录中的模型增加权限判断逻辑 http://192.168.0.96:8090/demo/rdm.html#/task-detail/939050947543040/939050947543050/1054336795246592 --- .../module/cmdb/dao/mapper/globalattr/GlobalAttrMapper.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/neatlogic/module/cmdb/dao/mapper/globalattr/GlobalAttrMapper.xml b/src/main/java/neatlogic/module/cmdb/dao/mapper/globalattr/GlobalAttrMapper.xml index a2ab2134..2608a989 100644 --- a/src/main/java/neatlogic/module/cmdb/dao/mapper/globalattr/GlobalAttrMapper.xml +++ b/src/main/java/neatlogic/module/cmdb/dao/mapper/globalattr/GlobalAttrMapper.xml @@ -35,7 +35,7 @@ -- Gitee From e7e51a936caddd90bc3b13bad1ba0a4a8da964f6 Mon Sep 17 00:00:00 2001 From: linbangquan <1437892690@qq.com> Date: Tue, 26 Dec 2023 09:52:43 +0800 Subject: [PATCH 3/3] =?UTF-8?q?[=E5=8A=9F=E8=83=BD]=20=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E6=A0=91=E7=9B=AE=E5=BD=95=E4=B8=AD=E7=9A=84=E6=A8=A1=E5=9E=8B?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD=E9=80=BB?= =?UTF-8?q?=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 关联 #[1054336795246592]模型树目录中的模型增加权限判断逻辑 http://192.168.0.96:8090/demo/rdm.html#/task-detail/939050947543040/939050947543050/1054336795246592 --- src/main/resources/neatlogic/resources/cmdb/sqlscript/dml.sql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/neatlogic/resources/cmdb/sqlscript/dml.sql b/src/main/resources/neatlogic/resources/cmdb/sqlscript/dml.sql index 09840d04..9ab42756 100644 --- a/src/main/resources/neatlogic/resources/cmdb/sqlscript/dml.sql +++ b/src/main/resources/neatlogic/resources/cmdb/sqlscript/dml.sql @@ -29,7 +29,7 @@ insert ignore into `cmdb_resourcecenter_entity`(`name`,`label`,`status`,`error`, -- ---------------------------- -- Records of cmdb_global_attr -- ---------------------------- -insert ignore into `cmdb_global_attr`(`id`,`name`,`label`,`is_active`,`is_multiple`,`description`) values (979768512987136,'app_environment','应用环境',1,0,NULL); +insert ignore into `cmdb_global_attr`(`id`,`name`,`label`,`is_active`,`is_multiple`,`description`, `is_private`) values (979768512987136,'app_environment','应用环境',1,0,NULL,1); -- ---------------------------- -- Records of cmdb_global_attritem -- Gitee