卡片跳转权限控制

13827460 · duanxincheng · c6803426 · 13827460 · 13827460 · 13827460
--- a/src/main/java/com/cmeeting/ad/controller/UserController.java
+++ b/src/main/java/com/cmeeting/ad/controller/UserController.java
@@ -38,7 +38,12 @@ public class UserController {

    @PostMapping(value = "/tokenAuth")
    public R tokenAuth(@Validated @RequestBody ApplicationUserVO.LoginDecrypt vo) {
-        return R.ok(userService.tokenAuth(vo));
+        try {
+            Object token = userService.tokenAuth(vo);
+            return R.ok(token);
+        } catch (Exception e) {
+            return R.error(e.getMessage());
+        }
    }

    @PostMapping(value = "/emailAuth")

--- a/src/main/java/com/cmeeting/ad/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/cmeeting/ad/service/impl/UserServiceImpl.java
@@ -11,6 +11,7 @@ import com.cmeeting.ad.util.SecurityUtil;
 import com.cmeeting.ad.vo.UserVo;
 import com.cmeeting.dto.UserDTO;
 import com.cmeeting.exception.RobotBaseException;
+import com.cmeeting.mapper.primary.AuthMapper;
 import com.cmeeting.mapper.primary.CommonMapper;
 import com.cmeeting.ad.service.ILdapService;
 import com.cmeeting.ad.service.ISysTenantService;
@@ -55,6 +56,8 @@ public class UserServiceImpl implements UserService {
    public String permissionTenantId;
    @Value("${permission.admin-white_users}")
    public String adminWhiteUsers;
+    @Value(value = "${permission.applicationId}")
+    private String permissionApplicationId;
    @Resource
    private ILdapService iLdapService;
    @Resource
@@ -71,6 +74,10 @@ public class UserServiceImpl implements UserService {
    private CommonMapper commonMapper;
    @Resource
    private SysUserSysMapper sysUserSysMapper;
+    @Resource
+    private AuthMapper authMapper;
+    @Resource
+    private SysUserSysMapper sysUserSyncMapper;

    @Override
    public R login(String agentId, String data, String ip) {
@@ -246,6 +253,27 @@ public class UserServiceImpl implements UserService {
        JSONObject data = object.getJSONObject("data");
        RobotSecurityUser robotSecurityUser = JSON.parseObject(data.toJSONString(), RobotSecurityUser.class);
        String userId = String.format("%08d", robotSecurityUser.getUserId());
+
+        //权限控制
+        List<CoreModulePermissions> auths = authMapper.getAuthByTargetId(permissionApplicationId, permissionTenantId);
+        //先判断智能体是否有直接授权给当前登录人
+        boolean userAccess = auths.stream().anyMatch(item -> item.getType().equals(1) && item.getRelId().equals(userId));
+        //未直接授权到人，判断是否有授权给当前登录人所在组织
+        if(!userAccess){
+            List<CoreModulePermissions> authDepts = auths.stream().filter(item -> item.getType().equals(0)).collect(Collectors.toList());
+            List<String> deptPath = new ArrayList<>();
+            for (CoreModulePermissions authDept : authDepts) {
+                String deptId = authDept.getRelId();
+                String tenantId = authDept.getTenantId();
+                getDeptPath(deptPath,deptId,tenantId);
+            }
+            //已被授权部门下的userid
+            List<String> accessUserIds = !CollectionUtils.isEmpty(deptPath) ? sysUserSyncMapper.getUsersByDept(deptPath,permissionTenantId) : new ArrayList<>();
+            if(!accessUserIds.contains(userId)){
+                throw new RobotBaseException("您暂无权限");
+            }
+        }
+
        UserVo.Auth authParams = UserVo.Auth.builder().id(userId).nick(robotSecurityUser.getNickName()).build();
        String token = auth(authParams);
        return token;
@@ -311,4 +339,25 @@ public class UserServiceImpl implements UserService {
            return R.error("账号/密码错误！");
        }
    }
+
+    /**
+     * 获取部门的路径
+     * @param deptPath
+     * @param deptId
+     * @param tenantId
+     */
+    private void getDeptPath(List<String> deptPath, String deptId, String tenantId) {
+        if(!deptPath.contains(deptId)) deptPath.add(deptId);
+        List<String> subDeptIds = sysUserSyncMapper.getSubDeptId(deptId,tenantId);
+        if(CollectionUtils.isEmpty(subDeptIds)) return;
+
+        for (String subDeptId : subDeptIds) {
+            //部门id去重
+            if(!deptPath.contains(subDeptId)){
+                deptPath.add(subDeptId);
+                getDeptPath(deptPath,subDeptId,tenantId);
+            }
+        }
+
+    }
 }
\ No newline at end of file
--- a/src/main/java/com/cmeeting/pojo/UserId.java
+++ b/src/main/java/com/cmeeting/pojo/UserId.java
 package com.cmeeting.pojo;

+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
 import lombok.*;
 import lombok.experimental.Accessors;
@@ -15,6 +17,7 @@ public class UserId {
    /**
     * 主键ID
     */
+    @TableId(type = IdType.AUTO)
    private Integer id;

    /**

--- a/src/main/java/com/cmeeting/service/impl/TencentMeetingServiceImpl.java
+++ b/src/main/java/com/cmeeting/service/impl/TencentMeetingServiceImpl.java
@@ -607,7 +607,7 @@ public class TencentMeetingServiceImpl extends ServiceImpl<TecentMeetingMapper,T
                return null;
            }
            String hostUserId = meetingInfo.getCurrentHosts().get(0).getUserid();
-            System.out.println("成功获取主持人userid: {}" + hostUserId);
+            log.info("成功获取主持人userid: {}",hostUserId);
            return hostUserId;
        } catch (Exception e) {
            return null;