main主干首次提交，包含用户认证模块

2026-04-23 11:59:31 +08:00
commit cbef58aee5
65 changed files with 2335 additions and 0 deletions
--- a/src/main/java/com/labelsys/backend/service/DataPermissionService.java
+++ b/src/main/java/com/labelsys/backend/service/DataPermissionService.java
@@ -0,0 +1,93 @@
+package com.labelsys.backend.service;
+
+import com.labelsys.backend.context.LoginUser;
+import com.labelsys.backend.entity.BizDataRecord;
+import com.labelsys.backend.enums.UserRole;
+import com.labelsys.backend.mapper.BizDataRecordMapper;
+import java.util.List;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+@Service
+@RequiredArgsConstructor
+public class DataPermissionService {
+
+    private final BizDataRecordMapper bizDataRecordMapper;
+
+    public List<BizDataRecord> listVisibleRecords(LoginUser currentUser) {
+        return switch (currentUser.role()) {
+            case EMPLOYEE -> bizDataRecordMapper.listVisibleByEmployee(currentUser.companyId(), currentUser.userId());
+            case MANAGER -> bizDataRecordMapper.listVisibleByManager(currentUser.companyId());
+            case ENGINEER -> bizDataRecordMapper.listVisibleByEngineer(currentUser.companyId());
+        };
+    }
+
+    public boolean canAccessCreator(LoginUser currentUser, Long creatorId, UserRole creatorRole) {
+        return switch (currentUser.role()) {
+            case EMPLOYEE -> currentUser.userId().equals(creatorId);
+            case MANAGER -> creatorRole == UserRole.EMPLOYEE || creatorRole == UserRole.MANAGER;
+            case ENGINEER -> true;
+        };
+    }
+
+     /**
+     * 通用数据过滤方法
+     *
+     * @param currentUser 当前登录用户
+     * @param allRecords 待过滤的全量数据列表
+     * @param roleExtractor 从数据对象中提取“关联角色”或“创建者角色”的函数
+     * @param ownerIdExtractor 从数据对象中提取“所有者ID”的函数（用于员工只能看自己的情况）
+     * @param <T> 数据类型
+     * @return 过滤后的数据列表
+     */
+    public <T> List<T> filterByRole(
+            LoginUser currentUser,
+            List<T> allRecords,
+            Function<T, UserRole> roleExtractor,
+            Function<T, Long> ownerIdExtractor) {
+        
+        if (allRecords == null || allRecords.isEmpty()) {
+            return List.of();
+        }
+
+        UserRole currentRole = currentUser.role();
+        Long currentUserId = currentUser.userId();
+
+        return allRecords.stream()
+                .filter(record -> {
+                    UserRole recordRole = roleExtractor.apply(record);
+                    Long recordOwnerId = ownerIdExtractor.apply(record);
+
+                    return switch (currentRole) {
+                        case EMPLOYEE -> 
+                            // 员工只能查看自己创建/拥有的数据
+                            currentUserId.equals(recordOwnerId);
+                        
+                        case MANAGER -> 
+                            // 经理可以查看员工和经理的数据，不能查看总工程师的数据
+                            recordRole == UserRole.EMPLOYEE || recordRole == UserRole.MANAGER;
+                        
+                        case ENGINEER -> 
+                            // 总工程师可以查看所有数据
+                            true;
+                    };
+                })
+                .collect(Collectors.toList());
+    }
+
+    /**
+     * 针对 BizDataRecord 的便捷调用方法
+     */
+    // public List<BizDataRecord> listVisibleRecordsGeneric(LoginUser currentUser, List<BizDataRecord> allRecords) {
+    //     return filterByRole(
+    //             currentUser,
+    //             allRecords,
+    //             BizDataRecord::
+    //             BizDataRecord::getCreatorRole, // 提取创建者角色
+    //             BizDataRecord::getCreatorId    // 提取创建者ID
+    //     );
+    // }
+}