94 lines
3.6 KiB
Java
94 lines
3.6 KiB
Java
|
package com.labelsys.backend.service;
|
|||
|
|
|
|||
|
|
import com.labelsys.backend.context.LoginUser;
|
|||
|
|
import com.labelsys.backend.entity.BizDataRecord;
|
|||
|
|
import com.labelsys.backend.enums.UserRole;
|
|||
|
|
import com.labelsys.backend.mapper.BizDataRecordMapper;
|
|||
|
|
import java.util.List;
|
|||
|
|
import java.util.function.Function;
|
|||
|
|
import java.util.stream.Collectors;
|
|||
|
|
|
|||
|
|
import lombok.RequiredArgsConstructor;
|
|||
|
|
import org.springframework.stereotype.Service;
|
|||
|
|
|
|||
|
|
@Service
|
|||
|
|
@RequiredArgsConstructor
|
|||
|
|
public class DataPermissionService {
|
|||
|
|
|
|||
|
|
private final BizDataRecordMapper bizDataRecordMapper;
|
|||
|
|
|
|||
|
|
public List<BizDataRecord> listVisibleRecords(LoginUser currentUser) {
|
|||
|
|
return switch (currentUser.role()) {
|
|||
|
|
case EMPLOYEE -> bizDataRecordMapper.listVisibleByEmployee(currentUser.companyId(), currentUser.userId());
|
|||
|
|
case MANAGER -> bizDataRecordMapper.listVisibleByManager(currentUser.companyId());
|
|||
|
|
case ENGINEER -> bizDataRecordMapper.listVisibleByEngineer(currentUser.companyId());
|
|||
|
|
};
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
public boolean canAccessCreator(LoginUser currentUser, Long creatorId, UserRole creatorRole) {
|
|||
|
|
return switch (currentUser.role()) {
|
|||
|
|
case EMPLOYEE -> currentUser.userId().equals(creatorId);
|
|||
|
|
case MANAGER -> creatorRole == UserRole.EMPLOYEE || creatorRole == UserRole.MANAGER;
|
|||
|
|
case ENGINEER -> true;
|
|||
|
|
};
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* 通用数据过滤方法
|
|||
|
|
*
|
|||
|
|
* @param currentUser 当前登录用户
|
|||
|
|
* @param allRecords 待过滤的全量数据列表
|
|||
|
|
* @param roleExtractor 从数据对象中提取“关联角色”或“创建者角色”的函数
|
|||
|
|
* @param ownerIdExtractor 从数据对象中提取“所有者ID”的函数(用于员工只能看自己的情况)
|
|||
|
|
* @param <T> 数据类型
|
|||
|
|
* @return 过滤后的数据列表
|
|||
|
|
*/
|
|||
|
|
public <T> List<T> filterByRole(
|
|||
|
|
LoginUser currentUser,
|
|||
|
|
List<T> allRecords,
|
|||
|
|
Function<T, UserRole> roleExtractor,
|
|||
|
|
Function<T, Long> ownerIdExtractor) {
|
|||
|
|
|
|||
|
|
if (allRecords == null || allRecords.isEmpty()) {
|
|||
|
|
return List.of();
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
UserRole currentRole = currentUser.role();
|
|||
|
|
Long currentUserId = currentUser.userId();
|
|||
|
|
|
|||
|
|
return allRecords.stream()
|
|||
|
|
.filter(record -> {
|
|||
|
|
UserRole recordRole = roleExtractor.apply(record);
|
|||
|
|
Long recordOwnerId = ownerIdExtractor.apply(record);
|
|||
|
|
|
|||
|
|
return switch (currentRole) {
|
|||
|
|
case EMPLOYEE ->
|
|||
|
|
// 员工只能查看自己创建/拥有的数据
|
|||
|
|
currentUserId.equals(recordOwnerId);
|
|||
|
|
|
|||
|
|
case MANAGER ->
|
|||
|
|
// 经理可以查看员工和经理的数据,不能查看总工程师的数据
|
|||
|
|
recordRole == UserRole.EMPLOYEE || recordRole == UserRole.MANAGER;
|
|||
|
|
|
|||
|
|
case ENGINEER ->
|
|||
|
|
// 总工程师可以查看所有数据
|
|||
|
|
true;
|
|||
|
|
};
|
|||
|
|
})
|
|||
|
|
.collect(Collectors.toList());
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
/**
|
|||
|
|
* 针对 BizDataRecord 的便捷调用方法
|
|||
|
|
*/
|
|||
|
|
// public List<BizDataRecord> listVisibleRecordsGeneric(LoginUser currentUser, List<BizDataRecord> allRecords) {
|
|||
|
|
// return filterByRole(
|
|||
|
|
// currentUser,
|
|||
|
|
// allRecords,
|
|||
|
|
// BizDataRecord::
|
|||
|
|
// BizDataRecord::getCreatorRole, // 提取创建者角色
|
|||
|
|
// BizDataRecord::getCreatorId // 提取创建者ID
|
|||
|
|
// );
|
|||
|
|
// }
|
|||
|
|
}
|