feature: 角色授权申请开发

dcuc-auth-api/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/IRoleAuthInfoFacade.java

@@ -3,6 +3,8 @@ package com.dragoninfo.dcuc.auth.auth.facade;
 import com.dragoninfo.dcuc.auth.auth.entity.StaffAssignAuthInfo;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleInfoVO;
 import com.dragoninfo.dcuc.auth.auth.vo.TreeInfoVO;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.data.domain.Page;
@@ -78,4 +80,12 @@ public interface IRoleAuthInfoFacade {
     List<TreeInfoVO> getRptOrgListByPid(@RequestParam(value = "appId", required = true) String appId,
                                         @RequestParam(value = "orgId", required = false) String orgId,
                                         @RequestParam(value = "isInit", required = false) boolean isInit);
+
+    /**
+     * 角色授权申请
+     * @param saveVo
+     * @return
+     */
+    @PostMapping("roleAuthApply")
+    ResponseStatus roleAuthApply(@RequestBody RoleAuthApplySaveVo saveVo);
 }

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/entity/zerotrust/RoleAuthApply.java

@@ -0,0 +1,69 @@
+package com.dragoninfo.dcuc.auth.auth.entity.zerotrust;
+
+import com.dragonsoft.duceap.base.entity.persistent.IdEntity;
+import com.dragonsoft.duceap.core.persistent.audit.JpaAuditingEntityListener;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.hibernate.annotations.GenericGenerator;
+import org.hibernate.annotations.Where;
+
+import javax.persistence.*;
+
+/**
+ * 角色授权申请操作内容
+ *
+ * @author mazq
+ * @date 2023/4/21
+ */
+@EqualsAndHashCode(callSuper = true)
+@EntityListeners({JpaAuditingEntityListener.class})
+@Data
+@Entity
+@Table(name = "T_AUTH_ROLE_AUTH_APPLY")
+@Where(clause = "deleted = '0'")
+public class RoleAuthApply extends BaseUpdateEntity implements IdEntity<String> {
+
+    /**
+     * 主键id
+     */
+    @Id
+    @GeneratedValue(generator="idGenerator")
+    @GenericGenerator(name="idGenerator", strategy="uuid")
+    private String id;
+
+    /**
+     * 操作申请人id
+     */
+    @Column(name = "USER_ID")
+    private String userId;
+
+    /**
+     * 应用id
+     */
+    @Column(name = "APP_ID")
+    private String appId;
+
+    /**
+     * 角色code
+     */
+    @Column(name = "ROLE_CODE")
+    private String roleCode;
+
+    /**
+     * 流程实例id
+     */
+    @Column(name = "PROCESS_INST_ID")
+    private String processInstId;
+
+    /**
+     * 任务节点实例id
+     */
+    @Column(name = "TASK_INST_ID")
+    private String taskInstId;
+
+    /**
+     * 审批结果
+     */
+    @Column(name = "APPROVAL_RESULT")
+    private String approvalResult;
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/vo/zerotrust/roleauthapply/ApplyRoleInVo.java

@@ -0,0 +1,26 @@
+package com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+/**
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Data
+@ApiModel("角色授权申请内容")
+public class ApplyRoleInVo {
+
+    @ApiModelProperty(value = "应用id")
+    private String appId;
+
+    @ApiModelProperty(value = "角色名称")
+    private String roleName;
+
+    @ApiModelProperty(value = "角色编码")
+    private String roleCode;
+
+    @ApiModelProperty(value = "是否是申请中的角色 0：否 1：是")
+    private String apply;
+}

dcuc-auth-model/src/main/java/com/dragoninfo/dcuc/auth/auth/vo/zerotrust/roleauthapply/RoleAuthApplySaveVo.java

@@ -0,0 +1,24 @@
+package com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+/**
+ * 角色授权申请保存Vo
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Data
+@ApiModel(value = "角色授权申请保存Vo")
+public class RoleAuthApplySaveVo {
+
+    @ApiModelProperty(value = "申请人人员id")
+    private String userId;
+
+    @ApiModelProperty(value = "申请角色内容")
+    private List<ApplyRoleInVo> applyRoleInVos;
+
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/bpo/RoleInfoBPO.java

@@ -301,4 +301,9 @@ public class RoleInfoBPO extends BaseBPO<RoleInfo, String> {
                sql+= "appId in (" + appIds + ") group by appId";
         return PersistentFactory.getHibernateDao().find(sql);
     }
+
+    public RoleInfo getByAppIdAndCode(String appId, String code) {
+        String sql = "SELECT * FROM T_ROLE_INFO WHERE APP_ID = ? AND CODE = ? AND IS_ACITVE = '1'";
+        return PersistentFactory.getJdbcDao().queryForObject(sql, RoleInfo.class, new Object[]{appId, code});
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/facade/RoleAuthInfoFacade.java

@@ -2,8 +2,11 @@ package com.dragoninfo.dcuc.auth.auth.facade;
 
 import com.dragoninfo.dcuc.auth.auth.entity.StaffAssignAuthInfo;
 import com.dragoninfo.dcuc.auth.auth.service.IRoleAuthInfoService;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleAuthApplyService;
 import com.dragoninfo.dcuc.auth.auth.vo.RoleInfoVO;
 import com.dragoninfo.dcuc.auth.auth.vo.TreeInfoVO;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
 import com.dragonsoft.duceap.base.entity.search.SearchDTO;
 import com.dragonsoft.duceap.core.search.Searchable;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -28,6 +31,9 @@ public class RoleAuthInfoFacade implements IRoleAuthInfoFacade {
     @Autowired
     private IRoleAuthInfoService roleAuthInfoService;
 
+    @Autowired
+    private IRoleAuthApplyService roleAuthApplyService;
+
     @Override
     public List<StaffAssignAuthInfo> getStaff(String roleId, String orgId) {
         return roleAuthInfoService.getStaff(roleId, orgId);
@@ -62,4 +68,9 @@ public class RoleAuthInfoFacade implements IRoleAuthInfoFacade {
         Searchable searchable = Searchable.newSearchable();
         return roleAuthInfoService.getRptOrgListByPid(orgId, appId, isInit, searchable.toSearchDTO());
     }
+
+    @Override
+    public ResponseStatus roleAuthApply(RoleAuthApplySaveVo saveVo) {
+        return roleAuthApplyService.roleAuthApply(saveVo);
+    }
 }

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/repo/zerotrust/RoleAuthApplyRepository.java

@@ -0,0 +1,13 @@
+package com.dragoninfo.dcuc.auth.auth.repo.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
+import com.dragonsoft.duceap.core.persistent.repository.BaseRepository;
+import org.springframework.stereotype.Repository;
+
+/**
+ * @author mazq
+ * @date 2023/7/13
+ */
+@Repository
+public interface RoleAuthApplyRepository extends BaseRepository<RoleAuthApply, String> {
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/IRoleInfoService.java

@@ -135,6 +135,14 @@ public interface IRoleInfoService {
      */
     RoleInfo getRoleInfoByCode(String roleCode);
 
+    /**
+     * 根据应用和角色编码获取
+     * @param appId
+     * @param code
+     * @return
+     */
+    RoleInfo getByAppIdAndCode(String appId, String code);
+
     RoleInfo getRoleInfoByRoleId(String roleId);
 
     /**

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/RoleInfoService.java

@@ -519,6 +519,11 @@ public class RoleInfoService implements IRoleInfoService {
         return list.get(0);
     }
 
+    @Override
+    public RoleInfo getByAppIdAndCode(String appId, String code) {
+        return roleInfoBPO.getByAppIdAndCode(appId, code);
+    }
+
     @Override
     public RoleInfo getRoleInfoByRoleId(String roleId) {
         return roleInfoBPO.get(roleId);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/ApprovalResultServiceImpl.java

@@ -23,10 +23,13 @@ public class ApprovalResultServiceImpl implements IApprovalResultService {
     private ApprovalResultRepository repository;
 
     @Autowired
-    public void setMapper(ApprovalResultRepository repository) {
+    public void setRepository(ApprovalResultRepository repository) {
         this.repository = repository;
     }
 
+    @Autowired
+
+
     @Override
     public void save(ApprovalResult approvalResult) {
         repository.save(approvalResult);

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleAuthApplyServiceImpl.java

@@ -0,0 +1,138 @@
+package com.dragoninfo.dcuc.auth.auth.service.impl.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowApplyReqDto;
+import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowSubmitRespDTO;
+import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleAuthApply;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalApplyTypeEnum;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.AuthApplyStatusEnum;
+import com.dragoninfo.dcuc.auth.auth.repo.zerotrust.RoleAuthApplyRepository;
+import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleAuthApplyService;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.ApplyRoleInVo;
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragoninfo.dcuc.auth.business.zerotrust.IApprovalBusiness;
+import com.dragoninfo.dcuc.auth.config.zerotrust.ApprovalProperties;
+import com.dragoninfo.dcuc.auth.sub.entity.AuthUserInfo;
+import com.dragoninfo.dcuc.auth.sub.service.IAuthUserInfoService;
+import com.dragoninfo.dcuc.common.utils.ResponseUtil;
+import com.dragonsoft.duceap.base.entity.http.ResponseDTO;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+import com.dragonsoft.duceap.base.entity.security.BaseSecurityUser;
+import com.dragonsoft.duceap.base.utils.UserContextUtils;
+import com.dragonsoft.duceap.commons.util.UUIDUtils;
+import com.dragonsoft.duceap.commons.util.json.JsonUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeFormatter;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * 角色授权申请业务类
+ *
+ * @author mazq
+ * @date 2023/7/19
+ */
+@Slf4j
+@Service
+public class RoleAuthApplyServiceImpl implements IRoleAuthApplyService {
+
+    private RoleAuthApplyRepository repository;
+
+    private IApprovalBusiness approvalBusiness;
+
+    private ApprovalProperties approvalProperties;
+
+    private IAuthUserInfoService authUserInfoService;
+
+    @Autowired
+    public void setAuthUserInfoService(IAuthUserInfoService authUserInfoService) {
+        this.authUserInfoService = authUserInfoService;
+    }
+
+    @Autowired
+    public void setRepository(RoleAuthApplyRepository repository) {
+        this.repository = repository;
+    }
+
+    @Autowired
+    public void setApprovalBusiness(IApprovalBusiness approvalBusiness) {
+        this.approvalBusiness = approvalBusiness;
+    }
+
+    @Autowired
+    public void setApprovalProperties(ApprovalProperties approvalProperties) {
+        this.approvalProperties = approvalProperties;
+    }
+
+    @Transactional(rollbackFor = Exception.class)
+    @Override
+    public ResponseStatus roleAuthApply(RoleAuthApplySaveVo saveVo) {
+        String userId = saveVo.getUserId();
+        AuthUserInfo userInfo = authUserInfoService.findById(userId);
+        if (null == userInfo) {
+            return ResponseStatus.fail("授权主体人员不存在");
+        }
+
+        // 填充业务数据
+        Map<String, String> bizData = getBizData(saveVo, userInfo);
+
+        DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd");
+        String format = formatter.format(LocalDate.now());
+        // 先推送成功后保存权限申请内容
+        String title = format + "-" + UserContextUtils.getCurrentUser().getName() + "角色授权申请";
+        FlowApplyReqDto applyDto = FlowApplyReqDto.builder()
+                .title(title)
+                .processDefId(ApprovalApplyTypeEnum.ROLE_AUTH_APPLY.getValue())
+                // TODO 后续填入
+                .bo(Collections.emptyMap())
+                .bizData(bizData)
+                .taskClass(approvalProperties.getRoleAuthTaskType())
+                .build();
+        ResponseDTO<FlowSubmitRespDTO> applyRespDto = approvalBusiness.approvalFlowApplyAndSubmitFirst(applyDto, UUIDUtils.getUUID());
+        if (ResponseUtil.isFail(applyRespDto)) {
+            log.info("申请推送审批失败");
+            return ResponseDTO.fail("申请推送审批失败", (Object) null);
+        }
+        FlowSubmitRespDTO flowSubmitRespDTO = ResponseUtil.getResult(applyRespDto);
+        String processInstId = flowSubmitRespDTO.getProcessInstId();
+
+        // 推送成功之后保存角色授权内容
+        List<ApplyRoleInVo> applyRoleInVos = saveVo.getApplyRoleInVos();
+        List<RoleAuthApply> collect = applyRoleInVos.stream()
+                .map(e -> {
+                    RoleAuthApply roleAuthApply = new RoleAuthApply();
+                    roleAuthApply.setUserId(userId);
+                    roleAuthApply.setProcessInstId(processInstId);
+                    roleAuthApply.setAppId(e.getAppId());
+                    roleAuthApply.setRoleCode(e.getRoleCode());
+                    roleAuthApply.setApprovalResult(AuthApplyStatusEnum.APPLYING.getValue());
+                    return roleAuthApply;
+                }).collect(Collectors.toList());
+
+        repository.saveAll(collect);
+
+        return ResponseDTO.success("", (Object) null);
+    }
+
+    private Map<String, String> getBizData(RoleAuthApplySaveVo saveVo, AuthUserInfo userInfo) {
+        Map<String, String> bizData = new HashMap<>();
+        // 授权主体人员信息
+        bizData.put("authUserName", userInfo.getName());
+        bizData.put("authUserIdcard", userInfo.getIdcard());
+        // 授权客体角色信息
+        List<ApplyRoleInVo> applyRoleInVos = saveVo.getApplyRoleInVos();
+        bizData.put("authRoleInfos", JsonUtils.toJSONString(applyRoleInVos));
+        // 授权操作人信息
+        BaseSecurityUser currentUser = UserContextUtils.getCurrentUser();
+        bizData.put("authOperateUserName", currentUser.getName());
+        bizData.put("authOperateUserIdcard", currentUser.getIdcard());
+        return bizData;
+    }
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/impl/zerotrust/RoleOperateApplyServiceImpl.java

@@ -4,9 +4,9 @@ import cn.hutool.core.bean.BeanUtil;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowApplyReqDto;
 import com.dragoninfo.dcuc.auth.auth.dto.zerotrust.approval.FlowSubmitRespDTO;
 import com.dragoninfo.dcuc.auth.auth.entity.zerotrust.RoleOperateContent;
-import com.dragoninfo.dcuc.auth.auth.enumresources.RoleManageOpeTypeEnum;
 import com.dragoninfo.dcuc.auth.auth.enumresources.YesNotEnum;
 import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.ApprovalApplyTypeEnum;
+import com.dragoninfo.dcuc.auth.auth.enumresources.zerotrust.approval.AuthApplyStatusEnum;
 import com.dragoninfo.dcuc.auth.auth.repo.zerotrust.RoleOperateContentRepository;
 import com.dragoninfo.dcuc.auth.auth.service.zerotrust.IRoleOperateApplyService;
 import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.rolemanage.RoleOperateApplyVo;
@@ -107,6 +107,7 @@ public class RoleOperateApplyServiceImpl implements IRoleOperateApplyService {
         operateContent.setOperateType(typeEnum.getValue());
         operateContent.setPoliceCategory(roleSaveVo.getPoliceCategory());
         operateContent.setRoleBusiness(roleSaveVo.getRoleBusiness());
+        operateContent.setApprovalResult(AuthApplyStatusEnum.APPLYING.getValue());
         String notLimitCount = roleSaveVo.getIsNotLimitCount();
         if (StringUtils.isNotBlank(notLimitCount)) {
             operateContent.setLimitCount(

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/auth/service/zerotrust/IRoleAuthApplyService.java

@@ -0,0 +1,19 @@
+package com.dragoninfo.dcuc.auth.auth.service.zerotrust;
+
+import com.dragoninfo.dcuc.auth.auth.vo.zerotrust.roleauthapply.RoleAuthApplySaveVo;
+import com.dragonsoft.duceap.base.entity.http.ResponseStatus;
+
+/**
+ * 角色授权申请Service
+ * @author mazq
+ * @date 2023/7/19
+ */
+public interface IRoleAuthApplyService {
+
+    /**
+     * 角色授权申请
+     * @param saveVo
+     * @return
+     */
+    ResponseStatus roleAuthApply(RoleAuthApplySaveVo saveVo);
+}

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/business/impl/zerotrust/ApprovalBusinessImpl.java

@@ -109,6 +109,8 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         String applyType = processDefId;
         if (ApprovalApplyTypeEnum.ROLE_OPERATE.getValue().equals(processDefId)) {
             processDefId = approvalProperties.getRoleOperateDefId();
+        } else if (ApprovalApplyTypeEnum.ROLE_AUTH_APPLY.getValue().equals(processDefId)) {
+            processDefId = approvalProperties.getRoleAuthApplyDefId();
         } else {
             return ResponseDTO.fail("未定义的流程类型", (Object) null);
         }
@@ -334,13 +336,25 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         String operateType = roleOperateContent.getOperateType();
         if (OperateTypeEnum.ADD.getValue().equals(operateType)) {
             RoleInfo roleInfo = getNewRoleInfo(roleOperateContent);
-            roleInfoService.save(roleInfo);
+            // 判断角色代码是否重复
+            RoleInfo roleInfoByCode = roleInfoService.getByAppIdAndCode(roleInfo.getAppId(), roleInfo.getCode());
+            if (null != roleInfoByCode) {
+                log.info("角色代码已存在:{}", roleInfo.getCode());
+            } else {
+                roleInfoService.save(roleInfo);
+            }
         } else if (OperateTypeEnum.DELETE.getValue().equals(operateType)) {
             roleInfoService.deleteRole(roleOperateContent.getRoleId());
         } else if (OperateTypeEnum.UPDATE.getValue().equals(operateType)) {
             RoleInfo roleInfo = getNewRoleInfo(roleOperateContent);
             roleInfo.setId(roleOperateContent.getRoleId());
-            roleInfoService.update(roleInfo);
+            // 判断角色代码是否重复
+            RoleInfo roleInfoByCode = roleInfoService.getByAppIdAndCode(roleInfo.getAppId(), roleInfo.getCode());
+            if (null != roleInfoByCode && !roleInfoByCode.getId().equals(roleInfo.getId())) {
+                log.info("角色代码已存在");
+            } else {
+                roleInfoService.update(roleInfo);
+            }
         }
 
         return new ApprovalBaseRespDto().success();
@@ -356,11 +370,11 @@ public class ApprovalBusinessImpl implements IApprovalBusiness {
         roleInfo.setRoleBusiness(roleOperateContent.getRoleBusiness());
         roleInfo.setPoliceCategory(roleOperateContent.getPoliceCategory());
         String limitCount = roleOperateContent.getLimitCount();
-        if( StringUtils.isNotBlank(limitCount)){
+        if (StringUtils.isNotBlank(limitCount)) {
             roleInfo.setIsNotLimitCount(
                     YesNotEnum.YES.getValue().equals(limitCount) ? "0" : "1");
         }
-        roleInfo.setIsActive("1");
+        roleInfo.setIsActive(BooleanEnum.TRUE.value);
         return roleInfo;
     }
 

dcuc-auth-service/src/main/java/com/dragoninfo/dcuc/auth/config/zerotrust/ApprovalProperties.java

@@ -33,4 +33,13 @@ public class ApprovalProperties {
      */
     private String roleManageTaskType;
 
+    /**
+     * 角色授权自助申请流程定义id
+     */
+    private String roleAuthApplyDefId;
+
+    /**
+     * 角色授权自助申请任务类型
+     */
+    private String roleAuthTaskType;
 }