服务授权申请开发

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/auth/api/IZeroTrustAuthApplyFacade.java

@@ -3,6 +3,7 @@ package com.dragoninfo.dcuc.auth.auth.api;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiRoleAuthReqVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiServiceAuthReqVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.AuthApplyRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiAppRoleRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiRolesReqVo;
@@ -37,6 +38,15 @@ public interface IZeroTrustAuthApplyFacade {
     @PostMapping(value = "roleAuthApply")
     ZeroTrustDataRespVO<AuthApplyRespVo> roleAuthApply(@RequestBody ApiRoleAuthReqVo reqVo);
 
+    /**
+     * 服务授权申请
+     *
+     * @param reqVo
+     * @return
+     */
+    @PostMapping("serviceAuthApply")
+    ZeroTrustDataRespVO<AuthApplyRespVo> serviceAuthApply(@RequestBody ApiServiceAuthReqVo reqVo);
+
     /**
      * 授权申请审批结果回调
      * @param callBackReqVO

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/enums/zerotrust/AuthApplyRespEnum.java

@@ -9,10 +9,10 @@ import com.dragonsoft.duceap.base.enums.ICodeEnum;
 public enum AuthApplyRespEnum implements ICodeEnum {
 
     SUCCESS("0", "操作成功"),
-    USER_NOT_EXIST("1", "人员不存在"),
-    APP_NOT_EXIST("2", "应用资源不存在"),
-    ROLE_NOT_EXIST("3", "应用角色不存在"),
-    SERVICE_NOT_EXIST("4", "服务资源不存在"),
+    USER_NOT_EXIST("1", "授权申请人员不存在"),
+    APP_NOT_EXIST("2", "授权申请应用资源不存在"),
+    ROLE_NOT_EXIST("3", "授权申请应用角色不存在"),
+    SERVICE_NOT_EXIST("4", "授权申请服务资源不存在"),
 
     OTHER("99", "其他类型错误");
 

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/authapply/ApiServiceAuthContentVo.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import javax.validation.constraints.NotEmpty;
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2023/11/22
+ */
+@Data
+@ApiModel(value = "角色授权申请内容Vo")
+public class ApiServiceAuthContentVo {
+
+    @ApiModelProperty(value = "需要申请授权的应用资源编码")
+    private String appCode;
+
+    @NotEmpty
+    @ApiModelProperty(value = "需要授权的服务资源编码集合")
+    private List<String> serviceCodes;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/authapply/ApiServiceAuthReqVo.java

@@ -0,0 +1,28 @@
+package com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
+import java.util.List;
+
+/**
+ * @author mazq
+ * @date 2023/11/24
+ */
+@Data
+@ApiModel("服务授权申请Vo")
+public class ApiServiceAuthReqVo {
+
+    @NotBlank
+    @ApiModelProperty(value = "申请方应用令牌")
+    private String appTokenId;
+
+    @NotEmpty
+    @ApiModelProperty(value = "授权申请内容")
+    private List<ApiServiceAuthContentVo> contents;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/api/vo/zerotrust/authapply/AuthApplyRespVo.java

@@ -1,6 +1,5 @@
 package com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply;
 
-import com.dragoninfo.dcuc.auth.api.enums.zerotrust.AuthApplyRespEnum;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 
@@ -25,12 +24,4 @@ public class AuthApplyRespVo {
     @ApiModelProperty(value = "业务消息提示")
     private String respMsg;
 
-    public static AuthApplyRespVo success() {
-        AuthApplyRespVo vo = new AuthApplyRespVo();
-        vo.setRespMsg(AuthApplyRespEnum.SUCCESS.getLabel());
-        vo.setRespCode(AuthApplyRespEnum.SUCCESS.getValue());
-        return vo;
-    }
-
-
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/dto/RoleAuthApplyDto.java → dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/dto/zerotrust/authapply/RoleAuthApplyDto.java

@@ -1,4 +1,4 @@
-package com.dragoninfo.dcuc.auth.auth.dto;
+package com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply;
 
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/dto/zerotrust/authapply/ServiceAuthApplyDto.java

@@ -0,0 +1,28 @@
+package com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply;
+
+import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
+import com.dragoninfo.dcuc.auth.sub.vo.ServiceResourceVo;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * 服务授权申请推送审批Dto
+ * @author mazq
+ * @date 2023/11/23
+ */
+@Data
+public class ServiceAuthApplyDto {
+
+    /**
+     * 应用信息
+     */
+    private ApplyInfoVo applyInfoVo;
+
+    /**
+     * 服务信息
+     */
+    private List<ServiceResourceVo> serviceVos;
+
+
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/entity/zerotrust/ServiceAuthApply.java

@@ -0,0 +1,63 @@
+package com.dragoninfo.dcuc.auth.auth.entity.zerotrust;
+
+import com.dragonsoft.duceap.base.entity.persistent.IdEntity;
+import com.dragonsoft.duceap.core.persistent.audit.JpaAuditingEntityListener;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.hibernate.annotations.GenericGenerator;
+import org.hibernate.annotations.Where;
+
+import javax.persistence.*;
+
+/**
+ * 角色授权申请操作内容
+ *
+ * @author mazq
+ * @date 2023/4/21
+ */
+@EqualsAndHashCode(callSuper = true)
+@EntityListeners({JpaAuditingEntityListener.class})
+@Data
+@Entity
+@Table(name = "T_AUTH_SERVICE_AUTH_APPLY")
+@Where(clause = "deleted = '0'")
+public class ServiceAuthApply extends BaseEntity implements IdEntity<String> {
+
+    /**
+     * 主键id
+     */
+    @Id
+    @GeneratedValue(generator="idGenerator")
+    @GenericGenerator(name="idGenerator", strategy="uuid")
+    private String id;
+
+    /**
+     * 应用id
+     */
+    @Column(name = "APP_ID")
+    private String appId;
+
+    /**
+     * 服务资源id
+     */
+    @Column(name = "SERVICE_ID")
+    private String serviceId;
+
+    /**
+     * 流程实例id
+     */
+    @Column(name = "PROCESS_INST_ID")
+    private String processInstId;
+
+    /**
+     * 任务节点实例id
+     */
+    @Column(name = "TASK_INST_ID")
+    private String taskInstId;
+
+    /**
+     * 审批结果
+     */
+    @Column(name = "APPROVAL_RESULT")
+    private String approvalResult;
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/enumresources/zerotrust/approval/ApprovalApplyTypeEnum.java

@@ -8,6 +8,11 @@ public enum ApprovalApplyTypeEnum implements ICodeEnum {
      */
     ROLE_AUTH_APPLY("功能级权限申请", "ROLE_AUTH_APPLY"),
 
+    /**
+     * 服务级权限申请
+     */
+    SERVICE_AUTH_APPLY("服务级权限申请", "SERVICE_AUTH_APPLY"),
+
     /**
      * 数据级权限申请
      */

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/api/ZeroTrustAuthApplyFacade.java

@@ -3,6 +3,7 @@ package com.dragoninfo.dcuc.auth.auth.facade.api;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustMessageRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiRoleAuthReqVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiServiceAuthReqVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.AuthApplyRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiAppRoleRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiRolesReqVo;
@@ -14,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.validation.Valid;
 import java.util.List;
 
 /**
@@ -40,6 +42,11 @@ public class ZeroTrustAuthApplyFacade implements IZeroTrustAuthApplyFacade {
         return zeroTrustAuthApplyBusiness.roleAuthApply(reqVo);
     }
 
+    @Override
+    public ZeroTrustDataRespVO<AuthApplyRespVo> serviceAuthApply(@Valid ApiServiceAuthReqVo reqVo) {
+        return zeroTrustAuthApplyBusiness.serviceAuthApply(reqVo);
+    }
+
     @Override
     public ZeroTrustMessageRespVO callBack(ApprovalCallBackReqVO approvalCallBackReqVO) {
         return zeroTrustApprovalBusiness.approvalCallBack(approvalCallBackReqVO);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/repo/zerotrust/ServiceAuthApplyRepository.java

@@ -0,0 +1,25 @@
+package com.dragoninfo.dcuc.auth.auth.repo.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.ServiceAuthApply;
+import com.dragonsoft.duceap.core.persistent.repository.BaseRepository;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+/**
+ * @author mazq
+ * @date 2023/7/13
+ */
+@Repository
+public interface ServiceAuthApplyRepository extends BaseRepository<ServiceAuthApply, String> {
+
+    /**
+     * 更新审批结果
+     * @param processInstId
+     * @param approvalResult
+     */
+    @Modifying
+    @Query(value = "UPDATE T_AUTH_SERVICE_AUTH_APPLY SET APPROVAL_RESULT = :approvalResult WHERE PROCESS_INST_ID = :processInstId AND DELETED = '0'", nativeQuery = true)
+    void updateApprovalResult(@Param("processInstId") String processInstId, @Param("approvalResult") String approvalResult);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleAuthApplyServiceImpl.java

@@ -1,7 +1,7 @@
 package com.dragoninfo.dcuc.auth.auth.service.impl.zerotrust;
 
 import cn.hutool.core.bean.BeanUtil;
-import com.dragoninfo.dcuc.auth.auth.dto.RoleAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.RoleAuthApplyDto;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowApplyReqDto;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowSubmitRespDTO;
 import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/ServiceAuthApplyServiceImpl.java

@@ -0,0 +1,159 @@
+package com.dragoninfo.dcuc.auth.auth.service.impl.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowApplyReqDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowSubmitRespDTO;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.RoleAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.ServiceAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.ServiceAuthApply;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalApplyTypeEnum;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.AuthApplyStatusEnum;
+import com.dragoninfo.dcuc.auth.auth.repo.zerotrust.ServiceAuthApplyRepository;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IServiceAuthApplyService;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IZeroTrustApprovalBusiness;
+import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
+import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
+import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.sub.vo.ServiceResourceVo;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
+import com.dragonsoft.duceap.base.utils.UserContextUtils;
+import com.dragonsoft.duceap.commons.util.UUIDUtils;
+import com.dragonsoft.duceap.commons.util.collections.CollectionUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import com.dragonsoft.duceap.commons.util.string.StringUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.domain.Example;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * 角色授权申请业务类
+ *
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Slf4j
+@Service
+public class ServiceAuthApplyServiceImpl implements IServiceAuthApplyService {
+
+    private IZeroTrustApprovalBusiness approvalBusiness;
+
+    private ApprovalProperties approvalProperties;
+
+    private ServiceAuthApplyRepository repository;
+
+    @Autowired
+    public void setServiceAuthApplyRepository(ServiceAuthApplyRepository serviceAuthApplyRepository) {
+        this.repository = serviceAuthApplyRepository;
+    }
+
+    @Autowired
+    public void setApprovalBusiness(IZeroTrustApprovalBusiness approvalBusiness) {
+        this.approvalBusiness = approvalBusiness;
+    }
+
+    @Autowired
+    public void setApprovalProperties(ApprovalProperties approvalProperties) {
+        this.approvalProperties = approvalProperties;
+    }
+
+    private String getAuthApplyTitle(String applyUserName) {
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
+        String format = formatter.format(LocalDate.now());
+        return format + "-" + applyUserName + "服务授权申请";
+    }
+
+    @Override
+    public ResponseStatus applyAndPushToApproval(List<ServiceAuthApplyDto> authApplyDtos, String taskTypeClass) {
+        String title = getAuthApplyTitle(UserContextUtils.getCurrentUser().getName());
+        // 填充业务数据
+        Map<String, String> bizData = getBizData(authApplyDtos);
+
+        if (StringUtils.isBlank(taskTypeClass)) {
+            taskTypeClass = approvalProperties.getRoleAuthTaskType();
+        }
+
+        FlowApplyReqDto applyDto = FlowApplyReqDto.builder()
+                .title(title)
+                .processDefId(ApprovalApplyTypeEnum.SERVICE_AUTH_APPLY.getValue())
+                // TODO 后续填入
+                .bo(Collections.emptyMap())
+                .bizData(bizData)
+                .taskClass(taskTypeClass)
+                .build();
+        ResponseDTO<FlowSubmitRespDTO> applyRespDto = approvalBusiness.approvalFlowApplyAndSubmitFirst(applyDto, UUIDUtils.getUUID());
+        if (ResponseUtil.isFail(applyRespDto)) {
+            log.info("申请推送审批失败");
+            return ResponseDTO.fail("申请推送审批失败", (Object) null);
+        }
+        // 先推送成功后保存权限申请内容
+        FlowSubmitRespDTO flowSubmitRespDTO = ResponseUtil.getResult(applyRespDto);
+        String processInstId = flowSubmitRespDTO.getProcessInstId();
+
+        // 推送成功之后保存角色授权内容
+        List<ServiceAuthApply> collect = authApplyDtos.stream().flatMap(e -> {
+            ApplyInfoVo applyInfoVo = e.getApplyInfoVo();
+            List<ServiceResourceVo> serviceVos = e.getServiceVos();
+            return serviceVos.stream()
+                    .map(vo -> {
+                        ServiceAuthApply authApply = new ServiceAuthApply();
+                        authApply.setProcessInstId(processInstId);
+                        authApply.setAppId(applyInfoVo.getId());
+                        authApply.setServiceId(vo.getId());
+                        authApply.setApprovalResult(AuthApplyStatusEnum.APPLYING.getValue());
+                        return authApply;
+                    });
+        }).collect(Collectors.toList());
+
+        if (CollectionUtils.isNotEmpty(collect)) {
+            repository.saveAll(collect);
+        }
+
+        return ResponseStatus.success();
+    }
+
+    @Override
+    public List<ServiceAuthApply> getByProcessInstId(String processInstId) {
+        ServiceAuthApply serviceAuthApply = new ServiceAuthApply();
+        serviceAuthApply.setProcessInstId(processInstId);
+        Example<ServiceAuthApply> example = Example.of(serviceAuthApply);
+        return repository.findAll(example);
+    }
+
+    @Transactional(rollbackFor = Exception.class)
+    @Override
+    public void updateApprovalResult(String processInstId, String approvalResult) {
+        repository.updateApprovalResult(processInstId, approvalResult);
+    }
+
+    private Map<String, String> getBizData(List<ServiceAuthApplyDto> applyDtos) {
+        Map<String, String> bizData = new HashMap<>();
+        List<Map<String, String>> list = new ArrayList<>();
+        for (ServiceAuthApplyDto applyDto : applyDtos) {
+            ApplyInfoVo applyInfoVo = applyDto.getApplyInfoVo();
+            Map<String, String> map = new HashMap<>();
+            // 授权主体人员信息
+            map.put("authAppName", applyInfoVo.getApplyName());
+            map.put("authAppCode", applyInfoVo.getApplyCode());
+            // 授权客体角色信息
+            List<ServiceResourceVo> applyVos = applyDto.getServiceVos();
+            map.put("authServiceInfos", JsonUtils.toJSONString(applyVos));
+            list.add(map);
+        }
+        bizData.put("authInfos", JsonUtils.toJSONString(list));
+        // 授权操作人信息
+        BaseSecurityUser currentUser = UserContextUtils.getCurrentUser();
+        bizData.put("authOperateUserName", currentUser.getName());
+        bizData.put("authOperateUserIdcard", currentUser.getIdcard());
+        return bizData;
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/zerotrust/IRoleAuthApplyService.java

@@ -1,6 +1,6 @@
 package com.dragoninfo.dcuc.auth.auth.service.zerotrust;
 
-import com.dragoninfo.dcuc.auth.auth.dto.RoleAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.RoleAuthApplyDto;
 import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
 import com.dragonsoft.duceap.base.entity.http.ResponseStatus;

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/zerotrust/IServiceAuthApplyService.java

@@ -0,0 +1,39 @@
+package com.dragoninfo.dcuc.auth.auth.service.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.RoleAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.ServiceAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.ServiceAuthApply;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+
+import java.util.List;
+
+/**
+ * 角色授权申请Service
+ * @author mazq
+ * @date 2023/7/19
+ */
+public interface IServiceAuthApplyService {
+
+
+    /**
+     * 角色授权批量申请
+     * @param authApplyDtos
+     * @param taskTypeClass
+     * @return
+     */
+    ResponseStatus applyAndPushToApproval(List<ServiceAuthApplyDto> authApplyDtos, String taskTypeClass);
+
+    /**
+     * 根据流程实例id查询申请内容
+     * @param processInstId
+     * @return
+     */
+    List<ServiceAuthApply> getByProcessInstId(String processInstId);
+
+    /**
+     * 更新审批结果
+     * @param processInstId
+     * @param approvalResult
+     */
+    void updateApprovalResult(String processInstId, String approvalResult);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ZeroTrustApprovalBusinessImpl.java

@@ -120,6 +120,8 @@ public class ZeroTrustApprovalBusinessImpl implements IZeroTrustApprovalBusiness
             processDefId = approvalProperties.getRoleOperateDefId();
         } else if (ApprovalApplyTypeEnum.ROLE_AUTH_APPLY.getValue().equals(processDefId)) {
             processDefId = approvalProperties.getRoleAuthApplyDefId();
+        } else if (ApprovalApplyTypeEnum.SERVICE_AUTH_APPLY.getValue().equals(processDefId)) {
+            processDefId = approvalProperties.getServiceAuthApplyDefId();
         } else {
             return ResponseDTO.fail("未定义的流程类型", (Object) null);
         }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ZeroTrustAuthApplyBusinessImpl.java

@@ -2,21 +2,23 @@ package com.dragoninfo.dcuc.auth.business.impl.zerotrust;
 
 import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
+import com.dragoninfo.dcuc.app.dto.ServiceResourceDTO;
 import com.dragoninfo.dcuc.app.entity.ApplyInfo;
 import com.dragoninfo.dcuc.app.facade.IApplyInfoFacade;
+import com.dragoninfo.dcuc.app.facade.IServiceResourceFacade;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.AuthApplyRespEnum;
 import com.dragoninfo.dcuc.auth.api.enums.zerotrust.ZeroTrustBusinessRespEnum;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiRoleAuthContentVo;
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiRoleAuthReqVo;
-import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.AuthApplyRespVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.*;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiAppRoleRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiRoleRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiRolesReqVo;
-import com.dragoninfo.dcuc.auth.auth.dto.RoleAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.RoleAuthApplyDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.authapply.ServiceAuthApplyDto;
 import com.dragoninfo.dcuc.auth.auth.entity.RoleInfo;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleInfoService;
 import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleAuthApplyService;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IServiceAuthApplyService;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IAuthTokenBusiness;
 import com.dragoninfo.dcuc.auth.business.zerotrust.IZeroTrustAuthApplyBusiness;
@@ -24,6 +26,7 @@ import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
 import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
 import com.dragoninfo.dcuc.auth.sub.vo.ApplyInfoVo;
 import com.dragoninfo.dcuc.auth.sub.vo.AuthUserVo;
+import com.dragoninfo.dcuc.auth.sub.vo.ServiceResourceVo;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenDetailRespVo;
 import com.dragoninfo.dcuc.auth.token.vo.AppTokenInfoRespVO;
 import com.dragoninfo.dcuc.auth.token.vo.UserTokenInfoRespVO;
@@ -42,6 +45,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import javax.validation.Valid;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -55,14 +59,23 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
 
     private IRoleAuthApplyService roleAuthApplyService;
 
+    private IServiceAuthApplyService serviceAuthApplyService;
+
     private IApplyInfoFacade applyInfoFacade;
 
+    private IServiceResourceFacade serviceResourceFacade;
+
     private IRoleInfoService roleInfoService;
 
     private IAuthUserInfoService userInfoService;
 
     private IAuthTokenBusiness authTokenBusiness;
 
+    @Autowired
+    public void setServiceAuthApplyService(IServiceAuthApplyService serviceAuthApplyService) {
+        this.serviceAuthApplyService = serviceAuthApplyService;
+    }
+
     @Autowired
     public void setUserInfoService(IAuthUserInfoService userInfoService) {
         this.userInfoService = userInfoService;
@@ -152,7 +165,12 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
             return getErrorApplyResp(AuthApplyRespEnum.USER_NOT_EXIST, users);
         }
         // 校验申请的应用
-        Result<List<ApplyInfoVo>> appResult = getAppInfos(reqVo, tokenAppInfo);
+        List<ApiRoleAuthContentVo> contents = reqVo.getContents();
+        List<String> appCodes = contents.stream().map(ApiRoleAuthContentVo::getAppCode)
+                .filter(StringUtils::isNotBlank)
+                .distinct()
+                .collect(Collectors.toList());
+        Result<List<ApplyInfoVo>> appResult = getAppInfos(appCodes, tokenAppInfo);
         List<ApplyInfoVo> applyInfoVos = appResult.getContent();
         if (appResult.isFail()) {
             return getErrorApplyResp(AuthApplyRespEnum.APP_NOT_EXIST, applyInfoVos);
@@ -167,17 +185,125 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
         Map<String, List<RoleInfo>> roleMap = roles.stream().collect(Collectors.groupingBy(RoleInfo::getAppId));
         Map<String, AuthUserVo> userVoMap = users.stream().collect(Collectors.toMap(AuthUserVo::getIdcard, e -> e));
         Map<String, ApplyInfoVo> appVoMap = applyInfoVos.stream().collect(Collectors.toMap(ApplyInfoVo::getApplyCode, e -> e));
-        // 设置为当前登录人
+
+        // 设置操作人为当前登录人
         setSecurityUser(appTokenDetail);
 
         // 组装批量申请dto
-        List<RoleAuthApplyDto> applyDtos = getApplyDtos(reqVo, tokenUserInfo.getIdcard(), tokenAppInfo.getApplyCode(), userVoMap, appVoMap, roleMap);
+        String tokenUserInfoIdcard = tokenUserInfo.getIdcard();
+        String tokenAppInfoApplyCode = tokenAppInfo.getApplyCode();
+        List<RoleAuthApplyDto> applyDtos = getRoleAuthApplyDtos(reqVo, tokenUserInfoIdcard, tokenAppInfoApplyCode, userVoMap, appVoMap, roleMap);
 
         ResponseStatus status = roleAuthApplyService.applyAndPushToApproval(applyDtos, null);
         if (ResponseUtil.isFail(status)) {
             return getErrorApplyResp(AuthApplyRespEnum.OTHER, status.getMessage());
         }
-        return ZeroTrustDataRespVO.success(AuthApplyRespVo.success());
+        return ZeroTrustDataRespVO.success(null);
+    }
+
+    @Override
+    public ZeroTrustDataRespVO<AuthApplyRespVo> serviceAuthApply(@Valid ApiServiceAuthReqVo reqVo) {
+        log.info("服务授权申请,应用令牌:{}, 申请内容:{}", reqVo.getAppTokenId(), JSONUtil.toJsonStr(reqVo));
+
+        // 校验应用令牌
+        AppTokenDetailRespVo appTokenDetail = authTokenBusiness.getByAppTokenId(reqVo.getAppTokenId(), false, true);
+        if (appTokenDetail.isEmpty()) {
+            return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.TOKEN_FAIL);
+        }
+        ApplyInfoVo tokenAppInfo = appTokenDetail.getApplyInfo();
+        // 校验应用资源
+        List<String> appCodes = reqVo.getContents().stream()
+                .map(ApiServiceAuthContentVo::getAppCode)
+                .filter(StringUtils::isNotBlank)
+                .distinct()
+                .collect(Collectors.toList());
+        Result<List<ApplyInfoVo>> appResult = getAppInfos(appCodes, tokenAppInfo);
+        List<ApplyInfoVo> applyInfoVos = appResult.getContent();
+        if (appResult.isFail()) {
+            return getErrorApplyResp(AuthApplyRespEnum.APP_NOT_EXIST, applyInfoVos);
+        }
+        // 校验服务资源
+        Result<List<ServiceResourceDTO>> serviceResult = getApplyServiceInfos(reqVo, applyInfoVos);
+        List<ServiceResourceDTO> serviceInfos = serviceResult.getContent();
+        if (serviceResult.isFail()) {
+            return getErrorApplyResp(AuthApplyRespEnum.SERVICE_NOT_EXIST, serviceInfos);
+        }
+
+        // 设置操作人为当前登录人
+        setSecurityUser(appTokenDetail);
+
+        // 组装批量申请dto
+        List<ServiceAuthApplyDto> applyDtos = getServiceAuthApplyDtos(reqVo, applyInfoVos, serviceInfos);
+
+        ResponseStatus status = serviceAuthApplyService.applyAndPushToApproval(applyDtos, null);
+        if (ResponseUtil.isFail(status)) {
+            return getErrorApplyResp(AuthApplyRespEnum.OTHER, status.getMessage());
+        }
+
+        return ZeroTrustDataRespVO.success(null);
+    }
+
+    private List<ServiceAuthApplyDto> getServiceAuthApplyDtos(ApiServiceAuthReqVo reqVo, List<ApplyInfoVo> applyInfoVos, List<ServiceResourceDTO> serviceInfos) {
+        Map<String, ApplyInfoVo> appMap = applyInfoVos.stream().collect(Collectors.toMap(ApplyInfoVo::getApplyCode, e -> e));
+        List<ServiceResourceVo> serviceResourceVos = DcucBeanUtil.createCopyToObjectList(serviceInfos, ServiceResourceVo.class);
+        Map<String, ServiceResourceVo> serviceMap = serviceResourceVos.stream().collect(Collectors.toMap(ServiceResourceVo::getServiceCode, e -> e));
+
+        return reqVo.getContents().stream().map(e -> {
+            ApplyInfoVo applyInfoVo = appMap.get( e.getAppCode());
+            List<String> serviceCodes = e.getServiceCodes();
+            ServiceAuthApplyDto dto = new ServiceAuthApplyDto();
+            dto.setApplyInfoVo(applyInfoVo);
+            List<ServiceResourceVo> collect = serviceCodes.stream().map(s -> {
+                ServiceResourceVo vo = serviceMap.get(s);
+                vo.setAppName(applyInfoVo.getApplyName());
+                return vo;
+            }).collect(Collectors.toList());
+            dto.setServiceVos(collect);
+            return dto;
+        }).collect(Collectors.toList());
+    }
+
+    private Result<List<ServiceResourceDTO>> getApplyServiceInfos(ApiServiceAuthReqVo reqVo, List<ApplyInfoVo> applyInfoVos) {
+        List<ApiServiceAuthContentVo> contents = reqVo.getContents();
+        List<String> serviceCodes = contents.stream()
+                .map(ApiServiceAuthContentVo::getServiceCodes)
+                .flatMap(List::stream)
+                .distinct()
+                .collect(Collectors.toList());
+        List<ServiceResourceDTO> serviceInfos = serviceResourceFacade.getServiceByServiceCodes(serviceCodes);
+        Result<List<ServiceResourceDTO>> validated = validateServiceInfos(serviceInfos, contents);
+        if (validated.isFail()) {
+            return validated;
+        }
+        return Result.success(serviceInfos);
+    }
+
+    private Result<List<ServiceResourceDTO>> validateServiceInfos(List<ServiceResourceDTO> serviceInfos, List<ApiServiceAuthContentVo> contents) {
+        Map<String, List<ServiceResourceDTO>> collect = serviceInfos.stream()
+                .collect(Collectors.groupingBy(ServiceResourceDTO::getAppCode));
+        for (ApiServiceAuthContentVo authVo : contents) {
+            String appCode = authVo.getAppCode();
+            List<ServiceResourceDTO> exist = collect.get(appCode);
+            List<String> authServiceCodes = authVo.getServiceCodes();
+            if (CollectionUtils.isEmpty(exist)) {
+                List<ServiceResourceDTO> notExist = authServiceCodes.stream().map(e -> {
+                    ServiceResourceDTO dto = new ServiceResourceDTO();
+                    dto.setServiceCode(e);
+                    return dto;
+                }).collect(Collectors.toList());
+                return Result.fail(ResultEnum.FAIL.getValue(), AuthApplyRespEnum.SERVICE_NOT_EXIST.getValue(), notExist);
+            }
+            Set<String> existCodes = exist.stream().map(ServiceResourceDTO::getServiceCode).collect(Collectors.toSet());
+            List<ServiceResourceDTO> notExist = authServiceCodes.stream().filter(e -> !existCodes.contains(e)).map(e -> {
+                ServiceResourceDTO dto = new ServiceResourceDTO();
+                dto.setServiceCode(e);
+                return dto;
+            }).collect(Collectors.toList());
+            if (CollectionUtils.isNotEmpty(notExist)) {
+                return Result.fail(ResultEnum.FAIL.getValue(), AuthApplyRespEnum.SERVICE_NOT_EXIST.getValue(), notExist);
+            }
+        }
+        return Result.success();
     }
 
     private ZeroTrustDataRespVO<AuthApplyRespVo> getErrorApplyResp(AuthApplyRespEnum authApplyRespEnum, Object content) {
@@ -199,16 +325,26 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
                 List<RoleInfo> roleInfos = (List<RoleInfo>) content;
                 Map<String, List<String>> roleAppMap = roleInfos.stream()
                         .collect(Collectors.groupingBy(RoleInfo::getAppId, Collectors.mapping(RoleInfo::getCode, Collectors.toList())));
-                List<String> collect = roleAppMap.entrySet().stream().map(e -> {
+                List<String> roleResp = roleAppMap.entrySet().stream().map(e -> {
                     JSONObject jsonObject = new JSONObject();
                     jsonObject.put("appCode", e.getKey());
                     jsonObject.put("roleCodes", e.getValue());
                     return jsonObject.toString();
                 }).collect(Collectors.toList());
-                vo.setRespContent(collect);
+                vo.setRespContent(roleResp);
                 break;
             case SERVICE_NOT_EXIST:
-                // TODO
+                List<ServiceResourceDTO> services = (List<ServiceResourceDTO>) content;
+                Map<String, List<String>> serviceAppMap = services.stream()
+                        .collect(Collectors.groupingBy(ServiceResourceDTO::getAppCode,
+                                Collectors.mapping(ServiceResourceDTO::getServiceCode, Collectors.toList())));
+                List<String> serviceResp = serviceAppMap.entrySet().stream().map(e -> {
+                    JSONObject jsonObject = new JSONObject();
+                    jsonObject.put("appCode", e.getKey());
+                    jsonObject.put("serviceCodes", e.getValue());
+                    return jsonObject.toString();
+                }).collect(Collectors.toList());
+                vo.setRespContent(serviceResp);
                 break;
             case OTHER:
             default:
@@ -219,8 +355,8 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
         return ZeroTrustDataRespVO.resultEnumMessage(ZeroTrustBusinessRespEnum.OPERATE_FAIL, vo);
     }
 
-    private List<RoleAuthApplyDto> getApplyDtos(ApiRoleAuthReqVo reqVo, String defaultIdcard, String defaultAppCode,
-                                                Map<String, AuthUserVo> userVoMap, Map<String, ApplyInfoVo> appVoMap, Map<String, List<RoleInfo>> roleMap) {
+    private List<RoleAuthApplyDto> getRoleAuthApplyDtos(ApiRoleAuthReqVo reqVo, String defaultIdcard, String defaultAppCode,
+                                                        Map<String, AuthUserVo> userVoMap, Map<String, ApplyInfoVo> appVoMap, Map<String, List<RoleInfo>> roleMap) {
         List<ApiRoleAuthContentVo> contents = reqVo.getContents();
         return contents.stream().map(e -> {
             String applyUserIdcard = Optional.ofNullable(e.getApplyUserIdcard()).orElse(defaultIdcard);
@@ -246,13 +382,21 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
     }
 
     private Result<List<RoleInfo>> getApplyRoles(ApiRoleAuthReqVo reqVo, List<ApplyInfoVo> applyInfoVos) {
-        Map<String, ApplyInfoVo> appMap = applyInfoVos.stream().collect(Collectors.toMap(ApplyInfoVo::getApplyCode, e -> e));
         List<ApiRoleAuthContentVo> contents = reqVo.getContents();
         List<String> roleCodes = contents.stream()
                 .map(ApiRoleAuthContentVo::getRoleCodes)
                 .flatMap(List::stream)
                 .collect(Collectors.toList());
         List<RoleInfo> roleInfos = roleInfoService.getByCodes(roleCodes);
+        Result<List<RoleInfo>> validated = validateApplyRoles(applyInfoVos, roleInfos, contents);
+        if (validated.isFail()) {
+            return validated;
+        }
+        return Result.success(roleInfos);
+    }
+
+    private Result<List<RoleInfo>> validateApplyRoles(List<ApplyInfoVo> applyInfoVos, List<RoleInfo> roleInfos, List<ApiRoleAuthContentVo> contents) {
+        Map<String, ApplyInfoVo> appMap = applyInfoVos.stream().collect(Collectors.toMap(ApplyInfoVo::getApplyCode, e -> e));
         Map<String, List<RoleInfo>> roleMap = roleInfos.stream().collect(Collectors.groupingBy(RoleInfo::getAppId));
         for (ApiRoleAuthContentVo authVo : contents) {
             String appCode = authVo.getAppCode();
@@ -261,16 +405,16 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
             List<RoleInfo> roles = roleMap.get(applyInfoVo.getId());
             if (CollectionUtils.isEmpty(roles)) {
                 List<RoleInfo> notExistRoles = mapNotExistRoles(appRoleCodes, applyInfoVo);
-                return Result.fail(ResultEnum.FAIL.getValue(), "角色不存在", notExistRoles);
+                return Result.fail(ResultEnum.FAIL.getValue(), AuthApplyRespEnum.ROLE_NOT_EXIST.getValue(), notExistRoles);
             }
             Set<String> exist = roles.stream().map(RoleInfo::getCode).collect(Collectors.toSet());
             List<String> notExist = appRoleCodes.stream().filter(e -> !exist.contains(e)).collect(Collectors.toList());
             if (CollectionUtils.isEmpty(notExist)) {
                 List<RoleInfo> notExistRoles = mapNotExistRoles(notExist, applyInfoVo);
-                return Result.fail(ResultEnum.FAIL.getValue(), "角色不存在", notExistRoles);
+                return Result.fail(ResultEnum.FAIL.getValue(), AuthApplyRespEnum.ROLE_NOT_EXIST.getValue(), notExistRoles);
             }
         }
-        return Result.success(roleInfos);
+        return Result.success();
     }
 
     private static List<RoleInfo> mapNotExistRoles(List<String> appRoleCodes, ApplyInfoVo applyInfoVo) {
@@ -282,25 +426,14 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
         }).collect(Collectors.toList());
     }
 
-    private Result<List<ApplyInfoVo>> getAppInfos(ApiRoleAuthReqVo reqVo, ApplyInfoVo defaultApp) {
-        List<ApiRoleAuthContentVo> contents = reqVo.getContents();
-        List<String> appCodes = contents.stream().map(ApiRoleAuthContentVo::getAppCode)
-                .filter(StringUtils::isNotBlank)
-                .distinct()
-                .collect(Collectors.toList());
+    private Result<List<ApplyInfoVo>> getAppInfos(List<String> applyAppCodes, ApplyInfoVo defaultApp) {
         List<ApplyInfoVo> appInfoVos = new ArrayList<>();
         appInfoVos.add(defaultApp);
-        if (CollectionUtils.isNotEmpty(appCodes)) {
-            List<ApplyInfo> appInfos = applyInfoFacade.getListByCodes(appCodes);
-            Set<String> exist = appInfos.stream().map(ApplyInfo::getApplyCode).collect(Collectors.toSet());
-            List<String> collect = appCodes.stream().filter(e -> !exist.contains(e)).collect(Collectors.toList());
-            if (CollectionUtils.isNotEmpty(collect)) {
-                List<ApplyInfoVo> notExistApps = collect.stream().map(e -> {
-                    ApplyInfoVo vo = new ApplyInfoVo();
-                    vo.setApplyCode(e);
-                    return vo;
-                }).collect(Collectors.toList());
-                return Result.fail(ResultEnum.FAIL.getValue(), "应用资源不存在", notExistApps);
+        if (CollectionUtils.isNotEmpty(applyAppCodes)) {
+            List<ApplyInfo> appInfos = applyInfoFacade.getListByCodes(applyAppCodes);
+            Result<List<ApplyInfoVo>> validated = validateApplyApps(applyAppCodes, appInfos);
+            if (validated.isFail()) {
+                return validated;
             }
             List<ApplyInfoVo> list = DcucBeanUtil.createCopyToObjectList(appInfos, ApplyInfoVo.class);
             appInfoVos.addAll(list);
@@ -308,6 +441,20 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
         return Result.success(appInfoVos);
     }
 
+    private Result<List<ApplyInfoVo>> validateApplyApps(List<String> appCodes, List<ApplyInfo> appInfos) {
+        Set<String> exist = appInfos.stream().map(ApplyInfo::getApplyCode).collect(Collectors.toSet());
+        List<String> collect = appCodes.stream().filter(e -> !exist.contains(e)).collect(Collectors.toList());
+        if (CollectionUtils.isNotEmpty(collect)) {
+            List<ApplyInfoVo> notExistApps = collect.stream().map(e -> {
+                ApplyInfoVo vo = new ApplyInfoVo();
+                vo.setApplyCode(e);
+                return vo;
+            }).collect(Collectors.toList());
+            return Result.fail(ResultEnum.FAIL.getValue(), AuthApplyRespEnum.APP_NOT_EXIST.getValue(), notExistApps);
+        }
+        return Result.success();
+    }
+
     private Result<List<AuthUserVo>> getApplyUserInfo(ApiRoleAuthReqVo reqVo, AuthUserVo defaultUserVo) {
         List<String> applyUserIdcards = reqVo.getContents()
                 .stream()
@@ -321,15 +468,9 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
         if (CollectionUtils.isNotEmpty(applyUserIdcards)) {
             List<AuthUserInfo> userInfos = userInfoService.findByIdcards(applyUserIdcards);
             // 判断人员是否都存在
-            Set<String> exist = userInfos.stream().map(AuthUserInfo::getIdcard).collect(Collectors.toSet());
-            List<String> collect = applyUserIdcards.stream().filter(e -> !exist.contains(e)).collect(Collectors.toList());
-            if (CollectionUtils.isNotEmpty(collect)) {
-                List<AuthUserVo> notExistUsers = collect.stream().map(e -> {
-                    AuthUserVo vo = new AuthUserVo();
-                    vo.setIdcard(e);
-                    return vo;
-                }).collect(Collectors.toList());
-                return Result.fail(ResultEnum.FAIL.getValue(), "申请授权人员不存在", notExistUsers);
+            Result<List<AuthUserVo>> validated = validateApplyUsers(userInfos, applyUserIdcards);
+            if (validated.isFail()) {
+                return validated;
             }
             List<AuthUserVo> userVos = DcucBeanUtil.createCopyToObjectList(userInfos, AuthUserVo.class);
             list.addAll(userVos);
@@ -337,6 +478,20 @@ public class ZeroTrustAuthApplyBusinessImpl implements IZeroTrustAuthApplyBusine
         return Result.success(list);
     }
 
+    private Result<List<AuthUserVo>> validateApplyUsers(List<AuthUserInfo> userInfos, List<String> applyUserIdcards) {
+        Set<String> exist = userInfos.stream().map(AuthUserInfo::getIdcard).collect(Collectors.toSet());
+        List<String> collect = applyUserIdcards.stream().filter(e -> !exist.contains(e)).collect(Collectors.toList());
+        if (CollectionUtils.isNotEmpty(collect)) {
+            List<AuthUserVo> notExistUsers = collect.stream().map(e -> {
+                AuthUserVo vo = new AuthUserVo();
+                vo.setIdcard(e);
+                return vo;
+            }).collect(Collectors.toList());
+            return Result.fail(ResultEnum.FAIL.getValue(), AuthApplyRespEnum.USER_NOT_EXIST.getValue(), notExistUsers);
+        }
+        return Result.success();
+    }
+
     private void setSecurityUser(AppTokenDetailRespVo appTokenDetail) {
         UserTokenInfoRespVO userToken = appTokenDetail.getUserToken();
         AppTokenInfoRespVO appToken = appTokenDetail.getAppToken();

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/zerotrust/IZeroTrustAuthApplyBusiness.java

@@ -2,10 +2,12 @@ package com.dragoninfo.dcuc.auth.business.zerotrust;
 
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.ZeroTrustDataRespVO;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiRoleAuthReqVo;
+import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.ApiServiceAuthReqVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.authapply.AuthApplyRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiAppRoleRespVo;
 import com.dragoninfo.dcuc.auth.api.vo.zerotrust.role.ApiRolesReqVo;
 
+import javax.validation.Valid;
 import java.util.List;
 
 /**
@@ -31,4 +33,12 @@ public interface IZeroTrustAuthApplyBusiness {
      * @return
      */
     ZeroTrustDataRespVO<AuthApplyRespVo> roleAuthApply(ApiRoleAuthReqVo reqVo);
+
+    /**
+     * 服务授权申请
+     *
+     * @param reqVo
+     * @return
+     */
+    ZeroTrustDataRespVO<AuthApplyRespVo> serviceAuthApply(@Valid ApiServiceAuthReqVo reqVo);
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/ApprovalProperties.java

@@ -38,6 +38,11 @@ public class ApprovalProperties {
      */
     private String roleAuthApplyDefId;
 
+    /**
+     * 服务授权申请申请流程定义id
+     */
+    private String serviceAuthApplyDefId;
+
     /**
      * 角色授权自助申请任务类型
      */