2026-04-23 11:59:31 +08:00
|
|
|
package com.labelsys.backend.service;
|
|
|
|
|
|
|
|
|
|
import com.labelsys.backend.context.LoginUser;
|
2026-04-27 10:27:57 +08:00
|
|
|
import com.labelsys.backend.entity.BizDataRecord;
|
2026-04-23 11:59:31 +08:00
|
|
|
import com.labelsys.backend.enums.UserRole;
|
2026-05-08 16:07:12 +08:00
|
|
|
import lombok.RequiredArgsConstructor;
|
|
|
|
|
import lombok.extern.slf4j.Slf4j;
|
|
|
|
|
import org.springframework.jdbc.core.JdbcTemplate;
|
|
|
|
|
import org.springframework.stereotype.Service;
|
|
|
|
|
|
2026-04-23 11:59:31 +08:00
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.function.Function;
|
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
|
2026-05-08 16:07:12 +08:00
|
|
|
@Slf4j
|
2026-04-23 11:59:31 +08:00
|
|
|
@Service
|
2026-04-27 10:27:57 +08:00
|
|
|
@RequiredArgsConstructor
|
2026-04-23 11:59:31 +08:00
|
|
|
public class DataPermissionService {
|
|
|
|
|
|
2026-04-27 10:27:57 +08:00
|
|
|
private final JdbcTemplate jdbcTemplate;
|
|
|
|
|
|
2026-04-23 11:59:31 +08:00
|
|
|
public boolean canAccessCreator(LoginUser currentUser, Long creatorId, UserRole creatorRole) {
|
2026-05-08 16:07:12 +08:00
|
|
|
try {
|
|
|
|
|
return switch (currentUser.role()) {
|
|
|
|
|
case EMPLOYEE -> currentUser.userId().equals(creatorId);
|
|
|
|
|
case MANAGER -> creatorRole == UserRole.EMPLOYEE || creatorRole == UserRole.MANAGER;
|
|
|
|
|
case ENGINEER -> true;
|
|
|
|
|
};
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
log.error("canAccessCreator failed, companyId={}, userId={}, creatorId={}, error={}",
|
|
|
|
|
currentUser.companyId(), currentUser.userId(), creatorId, e.getMessage(), e);
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2026-04-23 11:59:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public <T> List<T> filterByRole(
|
|
|
|
|
LoginUser currentUser,
|
|
|
|
|
List<T> allRecords,
|
|
|
|
|
Function<T, UserRole> roleExtractor,
|
|
|
|
|
Function<T, Long> ownerIdExtractor) {
|
2026-05-08 16:07:12 +08:00
|
|
|
try {
|
|
|
|
|
if (allRecords == null || allRecords.isEmpty()) {
|
|
|
|
|
return List.of();
|
|
|
|
|
}
|
2026-04-27 00:05:59 +08:00
|
|
|
|
2026-05-08 16:07:12 +08:00
|
|
|
UserRole currentRole = currentUser.role();
|
|
|
|
|
Long currentUserId = currentUser.userId();
|
2026-04-23 11:59:31 +08:00
|
|
|
|
2026-05-08 16:07:12 +08:00
|
|
|
return allRecords.stream()
|
|
|
|
|
.filter(record -> {
|
|
|
|
|
UserRole recordRole = roleExtractor.apply(record);
|
|
|
|
|
Long recordOwnerId = ownerIdExtractor.apply(record);
|
2026-04-23 11:59:31 +08:00
|
|
|
|
2026-05-08 16:07:12 +08:00
|
|
|
return switch (currentRole) {
|
|
|
|
|
case EMPLOYEE -> currentUserId.equals(recordOwnerId);
|
|
|
|
|
case MANAGER -> recordRole == UserRole.EMPLOYEE || recordRole == UserRole.MANAGER;
|
|
|
|
|
case ENGINEER -> true;
|
|
|
|
|
};
|
|
|
|
|
})
|
|
|
|
|
.collect(Collectors.toList());
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
log.error("filterByRole failed, companyId={}, userId={}, error={}",
|
|
|
|
|
currentUser.companyId(), currentUser.userId(), e.getMessage(), e);
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2026-04-23 11:59:31 +08:00
|
|
|
}
|
|
|
|
|
|
2026-04-23 17:38:39 +08:00
|
|
|
public List<String> getAllowedRoles(LoginUser currentUser) {
|
2026-05-08 16:07:12 +08:00
|
|
|
try {
|
|
|
|
|
return switch (currentUser.role()) {
|
|
|
|
|
case EMPLOYEE -> List.of();
|
|
|
|
|
case MANAGER -> List.of("EMPLOYEE", "MANAGER");
|
|
|
|
|
case ENGINEER -> List.of("EMPLOYEE", "MANAGER", "ENGINEER");
|
|
|
|
|
};
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
log.error("getAllowedRoles failed, companyId={}, userId={}, error={}",
|
|
|
|
|
currentUser.companyId(), currentUser.userId(), e.getMessage(), e);
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2026-04-23 17:38:39 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public boolean shouldFilterByUserId(LoginUser currentUser) {
|
2026-05-08 16:07:12 +08:00
|
|
|
try {
|
|
|
|
|
return currentUser.role() == UserRole.EMPLOYEE;
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
log.error("shouldFilterByUserId failed, companyId={}, userId={}, error={}",
|
|
|
|
|
currentUser.companyId(), currentUser.userId(), e.getMessage(), e);
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2026-04-23 17:38:39 +08:00
|
|
|
}
|
2026-04-27 10:27:57 +08:00
|
|
|
|
|
|
|
|
public List<BizDataRecord> listVisibleRecords(LoginUser currentUser) {
|
2026-05-08 16:07:12 +08:00
|
|
|
try {
|
|
|
|
|
List<BizDataRecord> allRecords = jdbcTemplate.query("""
|
|
|
|
|
select id, company_id, creator_id, creator_role, record_name, created_at, updated_at
|
|
|
|
|
from biz_data_record
|
|
|
|
|
where company_id = ?
|
|
|
|
|
order by id
|
|
|
|
|
""",
|
|
|
|
|
(rs, rowNum) -> BizDataRecord.builder()
|
|
|
|
|
.id(rs.getLong("id"))
|
|
|
|
|
.companyId(rs.getLong("company_id"))
|
|
|
|
|
.creatorId(rs.getLong("creator_id"))
|
|
|
|
|
.creatorRole(UserRole.valueOf(rs.getString("creator_role")))
|
|
|
|
|
.recordName(rs.getString("record_name"))
|
|
|
|
|
.createdAt(rs.getTimestamp("created_at") == null ?
|
|
|
|
|
null :
|
|
|
|
|
rs.getTimestamp("created_at").toLocalDateTime())
|
|
|
|
|
.updatedAt(rs.getTimestamp("updated_at") == null ?
|
|
|
|
|
null :
|
|
|
|
|
rs.getTimestamp("updated_at").toLocalDateTime())
|
|
|
|
|
.build(),
|
|
|
|
|
currentUser.companyId());
|
2026-04-27 10:27:57 +08:00
|
|
|
|
2026-05-08 16:07:12 +08:00
|
|
|
return filterByRole(currentUser, allRecords, BizDataRecord::getCreatorRole, BizDataRecord::getCreatorId);
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
log.error("listVisibleRecords failed, companyId={}, userId={}, error={}",
|
|
|
|
|
currentUser.companyId(), currentUser.userId(), e.getMessage(), e);
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2026-04-27 10:27:57 +08:00
|
|
|
}
|
2026-04-27 00:05:59 +08:00
|
|
|
}
|
