Merge branch 'role-apply-update-230718' into 'release/v1.2.0'

Role apply update 230718

See merge request dcuc-tjdsj/auth-service!237

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/IRoleAuthInfoFacade.java

@@ -3,6 +3,9 @@ package com.dragoninfo.dcuc.auth.auth.facade;
 import com.dragoninfo.dcuc.auth.auth.entity.StaffAssignAuthInfo;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleInfoVO;
 import com.dragoninfo.dcuc.auth.auth.vo.TreeInfoVO;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.data.domain.Page;
@@ -78,4 +81,20 @@ public interface IRoleAuthInfoFacade {
     List<TreeInfoVO> getRptOrgListByPid(@RequestParam(value = "appId", required = true) String appId,
                                         @RequestParam(value = "orgId", required = false) String orgId,
                                         @RequestParam(value = "isInit", required = false) boolean isInit);
+
+    /**
+     * 角色授权申请
+     * @param saveVo
+     * @return
+     */
+    @PostMapping("roleAuthApply")
+    ResponseStatus roleAuthApply(@RequestBody RoleAuthApplySaveVo saveVo);
+
+    /**
+     * 角色授权-角色列表
+     * @param searchDTO
+     * @return
+     */
+    @PostMapping("applyRoleList")
+    List<ApplyRoleInVo> applyRoleList(@RequestBody SearchDTO searchDTO);
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/entity/zerotrust/RoleAuthApply.java

@@ -0,0 +1,69 @@
+package com.dragoninfo.dcuc.auth.auth.entity.zerotrust;
+
+import com.dragonsoft.duceap.base.entity.persistent.IdEntity;
+import com.dragonsoft.duceap.core.persistent.audit.JpaAuditingEntityListener;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.hibernate.annotations.GenericGenerator;
+import org.hibernate.annotations.Where;
+
+import javax.persistence.*;
+
+/**
+ * 角色授权申请操作内容
+ *
+ * @author mazq
+ * @date 2023/4/21
+ */
+@EqualsAndHashCode(callSuper = true)
+@EntityListeners({JpaAuditingEntityListener.class})
+@Data
+@Entity
+@Table(name = "T_AUTH_ROLE_AUTH_APPLY")
+@Where(clause = "deleted = '0'")
+public class RoleAuthApply extends BaseUpdateEntity implements IdEntity<String> {
+
+    /**
+     * 主键id
+     */
+    @Id
+    @GeneratedValue(generator="idGenerator")
+    @GenericGenerator(name="idGenerator", strategy="uuid")
+    private String id;
+
+    /**
+     * 操作申请人id
+     */
+    @Column(name = "USER_ID")
+    private String userId;
+
+    /**
+     * 应用id
+     */
+    @Column(name = "APP_ID")
+    private String appId;
+
+    /**
+     * 角色code
+     */
+    @Column(name = "ROLE_CODE")
+    private String roleCode;
+
+    /**
+     * 流程实例id
+     */
+    @Column(name = "PROCESS_INST_ID")
+    private String processInstId;
+
+    /**
+     * 任务节点实例id
+     */
+    @Column(name = "TASK_INST_ID")
+    private String taskInstId;
+
+    /**
+     * 审批结果
+     */
+    @Column(name = "APPROVAL_RESULT")
+    private String approvalResult;
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/vo/zerotrust/roleauthapply/ApplyRoleInVo.java

@@ -0,0 +1,29 @@
+package com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Data
+@ApiModel("角色授权申请内容")
+public class ApplyRoleInVo {
+
+    @ApiModelProperty(value = "应用id")
+    private String appId;
+
+    @ApiModelProperty(value = "应用名称")
+    private String appName;
+
+    @ApiModelProperty(value = "角色名称")
+    private String roleName;
+
+    @ApiModelProperty(value = "角色编码")
+    private String roleCode;
+
+    @ApiModelProperty(value = "是否是申请中的角色 0：否 1：是")
+    private String apply;
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/vo/zerotrust/roleauthapply/RoleAuthApplySaveVo.java

@@ -0,0 +1,24 @@
+package com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * 角色授权申请保存Vo
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Data
+@ApiModel(value = "角色授权申请保存Vo")
+public class RoleAuthApplySaveVo {
+
+    @ApiModelProperty(value = "申请人人员id")
+    private String userId;
+
+    @ApiModelProperty(value = "申请角色内容")
+    private List<ApplyRoleInVo> applyRoleInVos;
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/bpo/RoleInfoBPO.java

@@ -301,4 +301,9 @@ public class RoleInfoBPO extends BaseBPO<RoleInfo, String> {
                sql+= "appId in (" + appIds + ") group by appId";
         return PersistentFactory.getHibernateDao().find(sql);
     }
+
+    public RoleInfo getByAppIdAndCode(String appId, String code) {
+        String sql = "SELECT * FROM T_ROLE_INFO WHERE APP_ID = ? AND CODE = ? AND IS_ACITVE = '1'";
+        return PersistentFactory.getJdbcDao().queryForObject(sql, RoleInfo.class, new Object[]{appId, code});
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/RoleAuthInfoFacade.java

@@ -1,10 +1,21 @@
 package com.dragoninfo.dcuc.auth.auth.facade;
 
+import com.dragoninfo.dcuc.app.entity.ApplyInfo;
+import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.auth.auth.entity.RoleInfo;
 import com.dragoninfo.dcuc.auth.auth.entity.StaffAssignAuthInfo;
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleOperateContent;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleAuthInfoService;
+import com.dragoninfo.dcuc.auth.auth.service.IRoleInfoService;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleAuthApplyService;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleOperateApplyService;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleInfoVO;
 import com.dragoninfo.dcuc.auth.auth.vo.TreeInfoVO;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
+import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.core.search.Searchable;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
@@ -13,6 +24,7 @@ import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
 import java.util.Map;
+import java.util.stream.Collectors;
 
 /**
  * @Description:
@@ -28,11 +40,24 @@ public class RoleAuthInfoFacade implements IRoleAuthInfoFacade {
     @Autowired
     private IRoleAuthInfoService roleAuthInfoService;
 
+    @Autowired
+    private IRoleInfoService roleInfoService;
+
+    @Autowired
+    private IRoleAuthApplyService roleAuthApplyService;
+
+    @Autowired
+    private IRoleOperateApplyService roleOperateApplyService;
+
+    @Autowired
+    private IApplyInfoFacade applyInfoFacade;
+
     @Override
     public List<StaffAssignAuthInfo> getStaff(String roleId, String orgId) {
         return roleAuthInfoService.getStaff(roleId, orgId);
     }
 
+    @Override
     public Page<RoleInfoVO> getOrgRoleQuotaList(String appId, String orgId, SearchDTO searchDTO) {
         return roleAuthInfoService.getOrgRoleQuotaList(appId, orgId, Searchable.toSearchable(searchDTO));
     }
@@ -53,7 +78,7 @@ public class RoleAuthInfoFacade implements IRoleAuthInfoFacade {
     }
 
     @Override
-    public Map<String, Object> getRoleTjInfo(String appId,String orgCode) {
+    public Map<String, Object> getRoleTjInfo(String appId, String orgCode) {
         return roleAuthInfoService.getRoleTjInfo(appId, orgCode);
     }
 
@@ -62,4 +87,55 @@ public class RoleAuthInfoFacade implements IRoleAuthInfoFacade {
         Searchable searchable = Searchable.newSearchable();
         return roleAuthInfoService.getRptOrgListByPid(orgId, appId, isInit, searchable.toSearchDTO());
     }
+
+    @Override
+    public ResponseStatus roleAuthApply(RoleAuthApplySaveVo saveVo) {
+        return roleAuthApplyService.roleAuthApply(saveVo);
+    }
+
+    @Override
+    public List<ApplyRoleInVo> applyRoleList(SearchDTO searchDTO) {
+        // 查询申请中的角色
+        List<RoleOperateContent> applyRolesContent = roleOperateApplyService.getApplyingRoleInfos();
+        List<ApplyRoleInVo> applyRoles = applyRolesContent.stream()
+                .map(e -> {
+                    ApplyRoleInVo vo = new ApplyRoleInVo();
+                    vo.setAppId(e.getAppId());
+                    vo.setRoleName(e.getName());
+                    vo.setRoleCode(e.getCode());
+                    vo.setApply(BooleanEnum.TRUE.value);
+                    return vo;
+                }).collect(Collectors.toList());
+
+        // 查所有的已存在的角色列表
+        List<RoleInfo> all = roleInfoService.findAll();
+        List<ApplyRoleInVo> collect = all.stream()
+                .filter(e -> BooleanEnum.TRUE.value.equals(e.getIsActive()))
+                .map(e -> {
+                    ApplyRoleInVo vo = new ApplyRoleInVo();
+                    vo.setAppId(e.getAppId());
+                    vo.setRoleName(e.getName());
+                    vo.setRoleCode(e.getCode());
+                    vo.setApply(BooleanEnum.FALSE.value);
+                    return vo;
+                }).collect(Collectors.toList());
+        applyRoles.addAll(collect);
+
+        // 设置应用信息
+        List<String> appIds = applyRoles.stream()
+                .map(ApplyRoleInVo::getAppId)
+                .distinct()
+                .collect(Collectors.toList());
+
+        List<ApplyInfo> applyInfos = applyInfoFacade.getAppById(appIds);
+        Map<String, String> appInfoMap = applyInfos.stream()
+                .collect(Collectors.toMap(ApplyInfo::getId, ApplyInfo::getApplyName));
+        applyRoles.forEach(e-> {
+            String appId = e.getAppId();
+            String appName = appInfoMap.get(appId);
+            e.setAppName(appName);
+        });
+
+        return applyRoles;
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/repo/zerotrust/RoleAuthApplyRepository.java

@@ -0,0 +1,25 @@
+package com.dragoninfo.dcuc.auth.auth.repo.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
+import com.dragonsoft.duceap.core.persistent.repository.BaseRepository;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+/**
+ * @author mazq
+ * @date 2023/7/13
+ */
+@Repository
+public interface RoleAuthApplyRepository extends BaseRepository<RoleAuthApply, String> {
+
+    /**
+     * 更新审批结果
+     * @param processInstId
+     * @param approvalResult
+     */
+    @Modifying
+    @Query(value = "UPDATE T_AUTH_ROLE_AUTH_APPLY SET APPROVAL_RESULT = :approvalResult WHERE PROCESS_INST_ID = :processInstId AND DELETED = '0'", nativeQuery = true)
+    void updateApprovalResult(@Param("processInstId") String processInstId, @Param("approvalResult") String approvalResult);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/IRoleInfoService.java

@@ -135,6 +135,14 @@ public interface IRoleInfoService {
      */
     RoleInfo getRoleInfoByCode(String roleCode);
 
+    /**
+     * 根据应用和角色编码获取
+     * @param appId
+     * @param code
+     * @return
+     */
+    RoleInfo getByAppIdAndCode(String appId, String code);
+
     RoleInfo getRoleInfoByRoleId(String roleId);
 
     /**

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/RoleInfoService.java

@@ -519,6 +519,11 @@ public class RoleInfoService implements IRoleInfoService {
         return list.get(0);
     }
 
+    @Override
+    public RoleInfo getByAppIdAndCode(String appId, String code) {
+        return roleInfoBPO.getByAppIdAndCode(appId, code);
+    }
+
     @Override
     public RoleInfo getRoleInfoByRoleId(String roleId) {
         return roleInfoBPO.get(roleId);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/ServiceAuthResultServiceImpl.java

@@ -378,6 +378,7 @@ public class ServiceAuthResultServiceImpl implements IServiceAuthResultService {
             ServiceResource serviceResource = serviceResourceFacade.detailByCode(dto.getServiceCode());
             result.setServiceId(serviceResource.getId());
             result.setAuthStatus(AuthStatusEnum.START.getValue());
+            result.setServiceResourceId(ResourceTypeEnum.TJ_SERVICE.getResourceId());
             this.saveAuthResult(result);
             List<String> addServiceCodes = new ArrayList<>();
             addServiceCodes.add(result.getServiceCode());

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/ApprovalResultServiceImpl.java

@@ -23,7 +23,7 @@ public class ApprovalResultServiceImpl implements IApprovalResultService {
     private ApprovalResultRepository repository;
 
     @Autowired
-    public void setMapper(ApprovalResultRepository repository) {
+    public void setRepository(ApprovalResultRepository repository) {
         this.repository = repository;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleAuthApplyServiceImpl.java

@@ -0,0 +1,153 @@
+package com.dragoninfo.dcuc.auth.auth.service.impl.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowApplyReqDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowSubmitRespDTO;
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalApplyTypeEnum;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.AuthApplyStatusEnum;
+import com.dragoninfo.dcuc.auth.auth.repo.zerotrust.RoleAuthApplyRepository;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleAuthApplyService;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
+import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
+import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
+import com.dragonsoft.duceap.base.utils.UserContextUtils;
+import com.dragonsoft.duceap.commons.util.UUIDUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Example;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * 角色授权申请业务类
+ *
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Slf4j
+@Service
+public class RoleAuthApplyServiceImpl implements IRoleAuthApplyService {
+
+    private RoleAuthApplyRepository repository;
+
+    private IApprovalBusiness approvalBusiness;
+
+    private ApprovalProperties approvalProperties;
+
+    private IAuthUserInfoService authUserInfoService;
+
+    @Autowired
+    public void setAuthUserInfoService(IAuthUserInfoService authUserInfoService) {
+        this.authUserInfoService = authUserInfoService;
+    }
+
+    @Autowired
+    public void setRepository(RoleAuthApplyRepository repository) {
+        this.repository = repository;
+    }
+
+    @Autowired
+    public void setApprovalBusiness(IApprovalBusiness approvalBusiness) {
+        this.approvalBusiness = approvalBusiness;
+    }
+
+    @Autowired
+    public void setApprovalProperties(ApprovalProperties approvalProperties) {
+        this.approvalProperties = approvalProperties;
+    }
+
+    @Transactional(rollbackFor = Exception.class)
+    @Override
+    public ResponseStatus roleAuthApply(RoleAuthApplySaveVo saveVo) {
+        String userId = saveVo.getUserId();
+        AuthUserInfo userInfo = authUserInfoService.findById(userId);
+        if (null == userInfo) {
+            return ResponseStatus.fail("授权主体人员不存在");
+        }
+
+        // 填充业务数据
+        Map<String, String> bizData = getBizData(saveVo, userInfo);
+
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
+        String format = formatter.format(LocalDate.now());
+        // 先推送成功后保存权限申请内容
+        String title = format + "-" + UserContextUtils.getCurrentUser().getName() + "角色授权申请";
+        FlowApplyReqDto applyDto = FlowApplyReqDto.builder()
+                .title(title)
+                .processDefId(ApprovalApplyTypeEnum.ROLE_AUTH_APPLY.getValue())
+                // TODO 后续填入
+                .bo(Collections.emptyMap())
+                .bizData(bizData)
+                .taskClass(approvalProperties.getRoleAuthTaskType())
+                .build();
+        ResponseDTO<FlowSubmitRespDTO> applyRespDto = approvalBusiness.approvalFlowApplyAndSubmitFirst(applyDto, UUIDUtils.getUUID());
+        if (ResponseUtil.isFail(applyRespDto)) {
+            log.info("申请推送审批失败");
+            return ResponseDTO.fail("申请推送审批失败", (Object) null);
+        }
+        FlowSubmitRespDTO flowSubmitRespDTO = ResponseUtil.getResult(applyRespDto);
+        String processInstId = flowSubmitRespDTO.getProcessInstId();
+
+        // 推送成功之后保存角色授权内容
+        List<ApplyRoleInVo> applyRoleInVos = saveVo.getApplyRoleInVos();
+        List<RoleAuthApply> collect = applyRoleInVos.stream()
+                .map(e -> {
+                    RoleAuthApply roleAuthApply = new RoleAuthApply();
+                    roleAuthApply.setUserId(userId);
+                    roleAuthApply.setProcessInstId(processInstId);
+                    roleAuthApply.setAppId(e.getAppId());
+                    roleAuthApply.setRoleCode(e.getRoleCode());
+                    roleAuthApply.setApprovalResult(AuthApplyStatusEnum.APPLYING.getValue());
+                    return roleAuthApply;
+                }).collect(Collectors.toList());
+
+        repository.saveAll(collect);
+
+        return ResponseDTO.success("", (Object) null);
+    }
+
+    @Override
+    public List<RoleAuthApply> getByProcessInstId(String processInstId) {
+        RoleAuthApply roleAuthApply = new RoleAuthApply();
+        roleAuthApply.setProcessInstId(processInstId);
+        Example<RoleAuthApply> example = Example.of(roleAuthApply);
+        return repository.findAll(example);
+    }
+
+    @Transactional(rollbackFor = Exception.class)
+    @Override
+    public void updateApprovalResult(String processInstId, String approvalResult) {
+        repository.updateApprovalResult(processInstId, approvalResult);
+    }
+
+    private Map<String, String> getBizData(RoleAuthApplySaveVo saveVo, AuthUserInfo userInfo) {
+        Map<String, String> bizData = new HashMap<>();
+        // 授权主体人员信息
+        bizData.put("authUserName", userInfo.getName());
+        bizData.put("authUserIdcard", userInfo.getIdcard());
+        // 授权客体角色信息
+        List<ApplyRoleInVo> applyRoleInVos = saveVo.getApplyRoleInVos();
+        bizData.put("authRoleInfos", JsonUtils.toJSONString(applyRoleInVos));
+        // 授权操作人信息
+        BaseSecurityUser currentUser = UserContextUtils.getCurrentUser();
+        bizData.put("authOperateUserName", currentUser.getName());
+        bizData.put("authOperateUserIdcard", currentUser.getIdcard());
+        return bizData;
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleOperateApplyServiceImpl.java

@@ -4,9 +4,9 @@ import cn.hutool.core.bean.BeanUtil;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowApplyReqDto;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowSubmitRespDTO;
 import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleOperateContent;
-import com.dragoninfo.dcuc.auth.auth.enumresources.RoleManageOpeTypeEnum;
 import com.dragoninfo.dcuc.auth.auth.enumresources.YesNotEnum;
 import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalApplyTypeEnum;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.AuthApplyStatusEnum;
 import com.dragoninfo.dcuc.auth.auth.repo.zerotrust.RoleOperateContentRepository;
 import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleOperateApplyService;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.rolemanage.RoleOperateApplyVo;
@@ -29,8 +29,7 @@ import org.springframework.transaction.annotation.Transactional;
 
 import java.time.LocalDate;
 import java.time.format.DateTimeFormatter;
-import java.util.Collections;
-import java.util.Optional;
+import java.util.*;
 
 /**
  * 角色操作申请业务类
@@ -73,6 +72,9 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
         String uuid = UUIDUtils.getUUID();
 
         // 先推送送审批
+        Map<String, String> bizData = new HashMap<>();
+        bizData.put("roleCode", roleSaveVo.getCode());
+        bizData.put("roleName", roleSaveVo.getName());
         DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
         String format = formatter.format(LocalDate.now());
         String title = format + "-" + currentUser.getName() + "-角色" + typeEnum.getLabel() + "申请";
@@ -81,6 +83,7 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
                 .processDefId(ApprovalApplyTypeEnum.ROLE_OPERATE.getValue())
                 // TODO 后续填入
                 .bo(Collections.emptyMap())
+                .bizData(bizData)
                 .taskClass(approvalProperties.getRoleManageTaskType())
                 .build();
         ResponseDTO<FlowSubmitRespDTO> applyRespDto = approvalBusiness.approvalFlowApplyAndSubmitFirst(applyDto, uuid);
@@ -101,6 +104,7 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
         operateContent.setOperateType(typeEnum.getValue());
         operateContent.setPoliceCategory(roleSaveVo.getPoliceCategory());
         operateContent.setRoleBusiness(roleSaveVo.getRoleBusiness());
+        operateContent.setApprovalResult(AuthApplyStatusEnum.APPLYING.getValue());
         String notLimitCount = roleSaveVo.getIsNotLimitCount();
         if (StringUtils.isNotBlank(notLimitCount)) {
             operateContent.setLimitCount(
@@ -131,5 +135,14 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
         repository.updateApprovalResult(id, approvalResult);
     }
 
+    @Override
+    public List<RoleOperateContent> getApplyingRoleInfos() {
+        RoleOperateContent content = new RoleOperateContent();
+        content.setOperateType(OperateTypeEnum.ADD.getValue());
+        content.setApprovalResult(AuthApplyStatusEnum.APPLYING.getValue());
+        Example<RoleOperateContent> example = Example.of(content);
+        return repository.findAll(example);
+    }
+
 
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/zerotrust/IRoleAuthApplyService.java

@@ -0,0 +1,36 @@
+package com.dragoninfo.dcuc.auth.auth.service.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+
+import java.util.List;
+
+/**
+ * 角色授权申请Service
+ * @author mazq
+ * @date 2023/7/19
+ */
+public interface IRoleAuthApplyService {
+
+    /**
+     * 角色授权申请
+     * @param saveVo
+     * @return
+     */
+    ResponseStatus roleAuthApply(RoleAuthApplySaveVo saveVo);
+
+    /**
+     * 根据流程实例id查询申请内容
+     * @param processInstId
+     * @return
+     */
+    List<RoleAuthApply> getByProcessInstId(String processInstId);
+
+    /**
+     * 更新审批结果
+     * @param processInstId
+     * @param approvalResult
+     */
+    void updateApprovalResult(String processInstId, String approvalResult);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/zerotrust/IRoleOperateApplyService.java

@@ -4,6 +4,8 @@ import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleOperateContent;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.rolemanage.RoleOperateApplyVo;
 import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
 
+import java.util.List;
+
 /**
  * 角色操作申请业务类
  *
@@ -42,4 +44,11 @@ public interface IRoleOperateApplyService {
      * @param approvalResult
      */
     void updateApprovalResult(String id, String approvalResult);
+
+    /**
+     * 获取申请中的角色信息
+     * @return
+     */
+    List<RoleOperateContent> getApplyingRoleInfos();
+
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApprovalBusinessImpl.java

@@ -11,11 +11,13 @@ import com.dragoninfo.dcuc.auth.auth.constance.zerotrust.approval.ApprovalConsta
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.*;
 import com.dragoninfo.dcuc.auth.auth.entity.RoleInfo;
 import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.ApprovalResult;
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
 import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleOperateContent;
 import com.dragoninfo.dcuc.auth.auth.enumresources.YesNotEnum;
 import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.*;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleInfoService;
 import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IApprovalResultService;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleAuthApplyService;
 import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleOperateApplyService;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.approval.ApprovalCallBackReqVO;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
@@ -31,10 +33,12 @@ import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.enums.BooleanEnum;
 import com.dragonsoft.duceap.base.utils.UserContextUtils;
 import com.dragonsoft.duceap.commons.util.ObjectUtils;
+import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
 import com.dragonsoft.duceap.commons.util.date.DateConst;
 import com.dragonsoft.duceap.commons.util.date.DateUtils;
 import com.dragonsoft.duceap.commons.util.enums.EnumUtils;
 import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import com.gentlyweb.utils.CollectionsUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
@@ -68,6 +72,12 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
 
     private IApproveRemoteCallBusiness approveRemoteCallBusiness;
 
+    private IRoleAuthApplyService roleAuthApplyService;
+
+    @Autowired
+    public void setRoleAuthApplyService(IRoleAuthApplyService roleAuthApplyService) {
+        this.roleAuthApplyService = roleAuthApplyService;
+    }
 
     @Autowired
     public void setApproveRemoteCallBusiness(IApproveRemoteCallBusiness approveRemoteCallBusiness) {
@@ -109,6 +119,8 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         String applyType = processDefId;
         if (ApprovalApplyTypeEnum.ROLE_OPERATE.getValue().equals(processDefId)) {
             processDefId = approvalProperties.getRoleOperateDefId();
+        } else if (ApprovalApplyTypeEnum.ROLE_AUTH_APPLY.getValue().equals(processDefId)) {
+            processDefId = approvalProperties.getRoleAuthApplyDefId();
         } else {
             return ResponseDTO.fail("未定义的流程类型", (Object) null);
         }
@@ -285,6 +297,8 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
             ApprovalBaseRespDto approvalBaseRespDto = new ApprovalBaseRespDto().success();
             if (ApprovalApplyTypeEnum.ROLE_OPERATE.getValue().equals(applyType)) {
                 approvalBaseRespDto = roleOperateCallBackHandle(processInstId, type, endFlag);
+            } else if (ApprovalApplyTypeEnum.ROLE_AUTH_APPLY.getValue().equals(applyType)) {
+                approvalBaseRespDto = roleAuthCallBackHandle(processInstId, type, endFlag);
             }
 
             // 更新审批结果
@@ -299,6 +313,24 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
 
     }
 
+    private ApprovalBaseRespDto roleAuthCallBackHandle(String processInstId, String type, String endFlag) {
+        log.info("开始处理角色权限申请");
+        List<RoleAuthApply> authApplies = roleAuthApplyService.getByProcessInstId(processInstId);
+        if (CollectionUtils.isEmpty(authApplies)) {
+            log.info("查询不到权限申请内容");
+            return new ApprovalBaseRespDto().success();
+        }
+        // 回调修改流程状态
+        String approvalResult = getApplyStatus(type, endFlag);
+        roleAuthApplyService.updateApprovalResult(processInstId, approvalResult);
+
+        if (!AuthApplyStatusEnum.AGREE.getValue().equals(approvalResult)) {
+            return new ApprovalBaseRespDto().success();
+        }
+        // 角色授权暂时不做处理,只为演示审批风险。
+        return new ApprovalBaseRespDto().success();
+    }
+
     private void updateApprovalResult(ApprovalResult approvalResult, ApprovalCallBackReqVO approvalCallBackReqVO) {
         BeanUtil.copyProperties(approvalCallBackReqVO, approvalResult, "taskId", "businessKey");
         approvalResult.setCallBack(BooleanEnum.TRUE.value);
@@ -308,6 +340,7 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
     private ApprovalBaseRespDto roleOperateCallBackHandle(String processInstId, String type, String endFlag) {
         RoleOperateContent roleOperateContent = roleOperateApplyService.getByProcessInstIdId(processInstId);
         if (null == roleOperateContent) {
+            log.info("查询不到角色申请内容");
             return new ApprovalBaseRespDto().success();
         }
 
@@ -316,6 +349,7 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
     }
 
     private ApprovalBaseRespDto handleRoleOperateApproval(RoleOperateContent roleOperateContent, String type, String endFlag) {
+        log.info("开始处理角色申请");
         String id = roleOperateContent.getId();
         // 流程被删除对应删除本地申请
         if (FlowCallBackTypeEnum.DELETE.getValue().equals(type)) {
@@ -334,13 +368,28 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         String operateType = roleOperateContent.getOperateType();
         if (OperateTypeEnum.ADD.getValue().equals(operateType)) {
             RoleInfo roleInfo = getNewRoleInfo(roleOperateContent);
-            roleInfoService.save(roleInfo);
+            // 判断角色代码是否重复
+            RoleInfo roleInfoByCode = roleInfoService.getByAppIdAndCode(roleInfo.getAppId(), roleInfo.getCode());
+            if (null != roleInfoByCode) {
+                log.info("角色代码已存在:{}", roleInfo.getCode());
+            } else {
+                log.info("保存新增角色");
+                roleInfoService.save(roleInfo);
+            }
         } else if (OperateTypeEnum.DELETE.getValue().equals(operateType)) {
+            log.info("删除角色:{}", roleOperateContent.getRoleId());
             roleInfoService.deleteRole(roleOperateContent.getRoleId());
         } else if (OperateTypeEnum.UPDATE.getValue().equals(operateType)) {
             RoleInfo roleInfo = getNewRoleInfo(roleOperateContent);
             roleInfo.setId(roleOperateContent.getRoleId());
-            roleInfoService.update(roleInfo);
+            // 判断角色代码是否重复
+            RoleInfo roleInfoByCode = roleInfoService.getByAppIdAndCode(roleInfo.getAppId(), roleInfo.getCode());
+            if (null != roleInfoByCode && !roleInfoByCode.getId().equals(roleInfo.getId())) {
+                log.info("角色代码已存在");
+            } else {
+                log.info("更新角色:{}", roleInfo.getId());
+                roleInfoService.update(roleInfo);
+            }
         }
 
         return new ApprovalBaseRespDto().success();
@@ -356,11 +405,11 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         roleInfo.setRoleBusiness(roleOperateContent.getRoleBusiness());
         roleInfo.setPoliceCategory(roleOperateContent.getPoliceCategory());
         String limitCount = roleOperateContent.getLimitCount();
-        if( StringUtils.isNotBlank(limitCount)){
+        if (StringUtils.isNotBlank(limitCount)) {
             roleInfo.setIsNotLimitCount(
                     YesNotEnum.YES.getValue().equals(limitCount) ? "0" : "1");
         }
-        roleInfo.setIsActive("1");
+        roleInfo.setIsActive(BooleanEnum.TRUE.value);
         return roleInfo;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/ApprovalProperties.java

@@ -33,4 +33,13 @@ public class ApprovalProperties {
      */
     private String roleManageTaskType;
 
+    /**
+     * 角色授权自助申请流程定义id
+     */
+    private String roleAuthApplyDefId;
+
+    /**
+     * 角色授权自助申请任务类型
+     */
+    private String roleAuthTaskType;
 }

dcuc-auth-service/src/main/resources/config/mysql/V4_3_0034__AddCallBack.sql

@@ -1,2 +1,24 @@
 alter table t_auth_approval_result
-    add CALL_BACK varchar(2) default '0' null comment '是否已经回调处理';
+    add CALL_BACK varchar(2) default '0' null comment '是否已经回调处理';
+
+create table t_auth_role_auth_apply
+(
+    ID              int                    not null comment '主键id'
+        primary key,
+    USER_ID         varchar(32)            null comment '授权主体人员id',
+    APP_ID          varchar(32)            null comment '角色所属应用id',
+    ROLE_CODE       varchar(32)            null comment '角色编码',
+    PROCESS_INST_ID varchar(64)            null comment '审批回调后返回的流程实例id',
+    TASK_INST_ID    varchar(128)           null comment '审批返回的任务节点',
+    APPROVAL_RESULT varchar(10)            null comment '转为后的审批结果',
+    UPDATE_USER     varchar(32)            null comment '更新人',
+    UPDATE_TIME     datetime               null comment '更新时间',
+    CREATE_USER     varchar(32)            null comment '创建人',
+    CREATE_TIME     datetime               null comment '创建时间',
+    DELETED         varchar(5) default '0' null comment '是否删除',
+    DELETE_USER     varchar(32)            null comment '删除人',
+    DELETE_TIME     datetime               null comment '删除时间'
+)
+    comment '角色授权申请表';
+
+create index T_AUTH_ROLE_AUTH_APPLY_INX_INST_ID on t_auth_role_auth_apply (PROCESS_INST_ID);