门店选择器权限控制

src/main/java/com/gic/plug/web/controller/StoreBrandController.java

+package com.gic.plug.web.controller;
+
+import com.gic.api.base.commons.ServiceResponse;
+import com.gic.commons.webapi.reponse.RestResponse;
+import com.gic.enterprise.utils.UserDetailUtils;
+import com.gic.plug.web.utils.storeresourceauth.StoreResourceUtils;
+import com.gic.store.constant.StoreESFieldsEnum;
+import com.gic.store.dto.StoreBrandDTO;
+import com.gic.store.service.StoreBrandApiService;
+import com.gic.store.service.StoreWidgetApiService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.List;
+
+/**
+ * 门店选择器-店招品牌查询
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 6:50 PM

+ */
+@RestController
+@RequestMapping("/store-brand")
+public class StoreBrandController {
+
+    @Autowired
+    private StoreBrandApiService storeBrandApiService;
+    @Autowired
+    private StoreWidgetApiService storeWidgetApiService;
+
+    @RequestMapping("/list-store-brand")
+    public RestResponse listStoreBrand(String search) {
+        Integer enterpriseId = UserDetailUtils.getUserDetail().getEnterpriseId();
+        ServiceResponse<List<StoreBrandDTO>> serviceResponse = storeBrandApiService.listAllStoreBrand(enterpriseId, search);
+        if (serviceResponse.isSuccess()) {
+            return RestResponse.success(StoreResourceUtils.auth(
+                    serviceResponse.getResult(),
+                    StoreESFieldsEnum.STOREBRANDIDLIST.getField(),
+                    storeWidgetApiService ));
+        } else {
+            return RestResponse.failure(serviceResponse.getCode(), serviceResponse.getMessage());
+        }
+    }
+}

src/main/java/com/gic/plug/web/controller/StoreController.java

@@ -8,8 +8,11 @@ import com.gic.auth.dto.ResourceGroupDTO;
 import com.gic.auth.service.ResourceGroupApiService;
 import com.gic.enterprise.error.ErrorCode;
 import com.gic.enterprise.utils.ResultControllerUtils;
+import com.gic.plug.web.utils.StoreResourceAuthUtils;
+import com.gic.plug.web.utils.storeresourceauth.StoreResourceUtils;
 import com.gic.store.dto.StoreWidgetLogDTO;
 import com.gic.store.service.StoreWidgetLogApiService;
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -74,7 +77,7 @@ public class StoreController {
     public RestResponse listStoreRegion(String search) {
         UserDetail userDetail = UserDetailUtils.getUserDetail();
         Integer enterpriseId = userDetail.getEnterpriseId();
-        Set<String> authRegionSet = StoreRegionAuthUtil.getUserRegion(storeWidgetApiService);
+        Set<String> authRegionSet = StoreResourceAuthUtils.getAuthData(StoreESFieldsEnum.REGIONID.getField(), storeWidgetApiService);
         ServiceResponse<List<StoreRegionDTO>> serviceResponse = storeRegionApiService.listStoreRegion(enterpriseId, search);
         if (serviceResponse.isSuccess()) {
             List<StoreRegionDTO> result = serviceResponse.getResult();
@@ -98,6 +101,17 @@ public class StoreController {
     public RestResponse listPartStore(Integer storeGroupId, String search) {
         Integer enterpriseId = UserDetailUtils.getUserDetail().getEnterpriseId();
         StoreSearchDTO storeSearchDTO = new StoreSearchDTO();
+
+        //权限过滤部分门店
+        List<Integer> authStorePart = StoreResourceUtils.auth(null, StoreESFieldsEnum.STOREID.getField(), storeWidgetApiService);
+        if (CollectionUtils.isNotEmpty(authStorePart)) {
+            StringBuilder storeIds = new StringBuilder();
+            authStorePart.forEach(e -> {
+                storeIds.append(e).append(" ");
+            });
+            storeSearchDTO.setStoreIds(storeIds.toString());
+        }
+
         storeSearchDTO.setEnterpriseId(enterpriseId);
         storeSearchDTO.setStoreGroupId(storeGroupId);
         storeSearchDTO.setSearch(search);

src/main/java/com/gic/plug/web/controller/StoreFieldController.java

@@ -3,6 +3,9 @@ package com.gic.plug.web.controller;
 import java.util.*;
 
 import com.gic.plug.web.utils.StoreRegionAuthUtil;
+import com.gic.plug.web.utils.StoreResourceAuthUtils;
+import com.gic.plug.web.utils.storeresourceauth.StoreResourceUtils;
+import com.gic.store.constant.StoreESFieldsEnum;
 import com.gic.store.service.StoreWidgetApiService;
 import com.gic.store.utils.StoreRedisKeyUtils;
 import org.slf4j.Logger;
@@ -44,6 +47,8 @@ public class StoreFieldController {
     private StoreFieldSelectApiService storeFieldSelectApiService;
     @Autowired
     private StoreWidgetApiService widgetApiService;
+    @Autowired
+    private StoreWidgetApiService storeWidgetApiService;
 
     @RequestMapping("/list-store-field-type")
     public RestResponse listStoreFieldType() {
@@ -113,11 +118,13 @@ public class StoreFieldController {
     }
 
     private List<StoreFieldRegionVO> transferDtoToVo(List<StoreFieldDTO> dtoList, Integer enterpriseId) {
+        //自定义字段权限过滤数据
+        List<StoreFieldDTO> storeFieldAuthData = StoreResourceUtils
+                .auth(dtoList, StoreResourceUtils.STORE_FIELD_KEY, storeWidgetApiService);
 
-        String key = "enterprise:store:storeField:" + enterpriseId + ":";
-        List<StoreFieldRegionVO> voList = new ArrayList<>(dtoList.size());
-        Set<String> userRegion = StoreRegionAuthUtil.getUserRegion(widgetApiService);
-        for (StoreFieldDTO dto : dtoList) {
+        List<StoreFieldRegionVO> voList = new ArrayList<>(storeFieldAuthData.size());
+        Set<String> userRegion = StoreResourceAuthUtils.getAuthData(StoreESFieldsEnum.REGIONID.getField(), widgetApiService);
+        for (StoreFieldDTO dto : storeFieldAuthData) {
             //不需要文本类型字段
             if(!userRegion.isEmpty()){
                 if(!userRegion.contains(dto.getStoreRegionId()+"")){

src/main/java/com/gic/plug/web/controller/StoreTagController.java

+package com.gic.plug.web.controller;
+
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.gic.api.base.commons.ServiceResponse;
+import com.gic.commons.util.EntityUtil;
+import com.gic.commons.webapi.reponse.RestResponse;
+import com.gic.enterprise.utils.UserDetailUtils;
+import com.gic.plug.web.utils.storeresourceauth.StoreResourceUtils;
+import com.gic.plug.web.vo.StoreTagVO;
+import com.gic.store.constant.StoreESFieldsEnum;
+import com.gic.store.dto.StoreTagDTO;
+import com.gic.store.service.StoreTagApiService;
+import com.gic.store.service.StoreWidgetApiService;
+
+/**
+ * 门店选择器-门店标签
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/15 10:24 AM

+ */
+@RestController
+@RequestMapping("/store-tag")
+public class StoreTagController {
+    @Autowired
+    private StoreTagApiService storeTagApiService;
+    @Autowired
+    private StoreWidgetApiService storeWidgetApiService;
+
+    @RequestMapping("/list-store-tag")
+    public RestResponse list() {
+        ServiceResponse<List<StoreTagDTO>> response = storeTagApiService.listByEnterprise(UserDetailUtils.getUserDetail().getEnterpriseId());
+        if (response.isSuccess()) {
+            List<StoreTagDTO> result = StoreResourceUtils.auth(
+                    response.getResult(),
+                    StoreESFieldsEnum.STORETAG.getField(),
+                    storeWidgetApiService);
+            return RestResponse.success(EntityUtil.changeEntityListNew(StoreTagVO.class, result));
+        }
+        return RestResponse.failure(response.getCode(), response.getMessage());
+    }
+}

src/main/java/com/gic/plug/web/utils/StoreRegionAuthUtil.java

@@ -21,6 +21,7 @@ import java.util.Set;
  * @date 2020/9/14 10:45 AM

  */
 public class StoreRegionAuthUtil {
+    @Deprecated
     public static Set<String> getUserRegion(StoreWidgetApiService storeWidgetApiService){
         Set<String> authRegionSet = new HashSet<>();
         UserDetail userDetail = UserDetailUtils.getUserDetail();

src/main/java/com/gic/plug/web/utils/StoreResourceAuthUtils.java

+package com.gic.plug.web.utils;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.gic.api.base.commons.ServiceResponse;
+import com.gic.enterprise.utils.UserDetail;
+import com.gic.enterprise.utils.UserDetailUtils;
+import com.gic.plug.web.utils.storeresourceauth.StoreResourceUtils;
+import com.gic.store.constant.StoreESFieldsEnum;
+import com.gic.store.dto.StoreWidgetDTO;
+import com.gic.store.service.StoreWidgetApiService;
+
+/**
+ * 资源组-门店资源
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 3:56 PM

+ */
+public class StoreResourceAuthUtils {
+
+    /**
+     * 获取用户的资源组-门店数据
+     * @param field 门店域/门店分组......StoreESFieldsEnum
+     * @param storeWidgetApiService
+     * @return 空集合，表示全部权限
+     */
+    public static Set<String> getAuthData(String field, StoreWidgetApiService storeWidgetApiService) {
+        UserDetail userDetail = UserDetailUtils.getUserDetail();
+        boolean isAdmin = userDetail.getUserInfo().getSuperAdmin() == 1 || userDetail.getUserResourceInfo() == null;
+        //超管
+        if (isAdmin) {
+            return getAuthDataWhenAdmin();
+        }
+        Integer storeWidgetId = getStoreWidgetId();
+        if (storeWidgetId == null) {
+            //数据错误。正确情况管理员必有资源组数据
+            return getAuthDataWhenNo();
+        }
+        ServiceResponse<StoreWidgetDTO> storeWidget = storeWidgetApiService.getStoreWidget(storeWidgetId);
+        if (storeWidget.isSuccess()) {
+            return getAuthData(storeWidget.getResult(), field);
+        } else {
+            //不存在
+            return getAuthDataWhenNo();
+        }
+    }
+
+    private static Set<String> getAuthData(StoreWidgetDTO storeWidget, String field) {
+        Set<String> authRegionSet = new HashSet<>();
+
+        String searchParam = storeWidget.getSearchParam();
+        JSONObject json = JSON.parseArray(searchParam).getJSONObject(0);
+        JSONArray list = json.getJSONArray("list");
+
+        Set<String> storeFieldKey = getStoreFieldKey();
+
+        //是否是自定义字段类型的数据
+        //因为这两者解析不一致
+        boolean isStoreField = isStoreField(field);
+
+        for (int i = 0, len = list.size(); i < len; i ++) {
+            JSONObject o = list.getJSONObject(i).getJSONObject("data");
+            String key = o.getString("key");
+
+            if (isStoreField) {
+                //如果是自定义字段，应该存key，而不是value
+                if (storeFieldKey.contains(key)) {
+                    authRegionSet.add(key);
+                }
+                continue;
+            }
+            if (key.equals(field)) {
+                String[] arr = o.getString("value").split(" ");
+                for(String s : arr){
+                    authRegionSet.add(s);
+                }
+            }
+        }
+        return authRegionSet;
+    }
+
+    /**
+     * 超级管理员资源
+     * @return
+     */
+    private static Set<String> getAuthDataWhenAdmin() {
+        return  new HashSet<>(2);
+    }
+
+    /**
+     * 没有资源的时候
+     * @return
+     */
+    private static Set<String> getAuthDataWhenNo() {
+        return new HashSet<>(Arrays.asList("-1"));
+    }
+
+    /**
+     * 管理员资源组-门店选择器ID
+     * @return
+     */
+    private static Integer getStoreWidgetId() {
+        //todo 前端资源组对齐后，调整最新接口
+        return UserDetailUtils.getUserDetail().getUserResourceInfo().getStoreResource().intValue();
+    }
+
+    private static boolean isStoreField(String field) {
+        if (StoreResourceUtils.STORE_FIELD_KEY.equals(field)) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * 自定义字段的key
+     * @return
+     */
+    private static Set<String> getStoreFieldKey() {
+        Set<String> storeField = new HashSet<>();
+        storeField.add(StoreESFieldsEnum.C1.getField());
+        storeField.add(StoreESFieldsEnum.C2.getField());
+        storeField.add(StoreESFieldsEnum.C3.getField());
+        storeField.add(StoreESFieldsEnum.C4.getField());
+        storeField.add(StoreESFieldsEnum.C5.getField());
+        storeField.add(StoreESFieldsEnum.C6.getField());
+        storeField.add(StoreESFieldsEnum.C7.getField());
+        storeField.add(StoreESFieldsEnum.C8.getField());
+        storeField.add(StoreESFieldsEnum.C9.getField());
+        storeField.add(StoreESFieldsEnum.C10.getField());
+        return storeField;
+    }
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/IStoreResourceAuth.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import java.util.List;
+import java.util.Set;
+
+/**
+ * 资源组-门店资源过滤
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 4:36 PM

+ */
+public interface IStoreResourceAuth<T> {
+
+    /**
+     * 门店资源权限过滤
+     * @param data
+     * @param authData
+     * @return
+     */
+    List<T> auth(List<T> data, Set<String> authData);
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/StoreBrandAuth.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import com.gic.store.dto.StoreBrandDTO;
+import org.apache.commons.collections.CollectionUtils;
+
+/**
+ * 店招品牌过滤
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 6:41 PM

+ */
+public class StoreBrandAuth implements IStoreResourceAuth<StoreBrandDTO>{
+    @Override
+    public List<StoreBrandDTO> auth(List<StoreBrandDTO> data, Set<String> authData) {
+        if (CollectionUtils.isEmpty(data)) {
+            return data;
+        }
+        if (authData.isEmpty()) {
+            return data;
+        }
+        //权限过滤
+        List<StoreBrandDTO> authList = new ArrayList<>();
+        for (StoreBrandDTO obj : data) {
+            if (authData.contains(obj.getStoreBrandId() + "")) {
+                authList.add(obj);
+            }
+        }
+        return authList;
+    }
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/StoreFieldAuth.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import com.gic.enterprise.utils.UserDetailUtils;
+import com.gic.redis.data.util.RedisUtil;
+import com.gic.store.utils.StoreRedisKeyUtils;
+import org.apache.commons.collections.CollectionUtils;
+
+import com.gic.store.dto.StoreFieldDTO;
+/**
+ * 自定义属性权限过滤
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 7:02 PM

+ */
+public class StoreFieldAuth implements IStoreResourceAuth<StoreFieldDTO>{
+    @Override
+    public List<StoreFieldDTO> auth(List<StoreFieldDTO> data, Set<String> authData) {
+        if (CollectionUtils.isEmpty(data)) {
+            return data;
+        }
+        if (authData.isEmpty()) {
+            return data;
+        }
+        //权限过滤
+        List<StoreFieldDTO> authList = new ArrayList<>();
+        //转化自定义字段key为ID
+        //因为自定义字段，ES最多10个，c1-c10，选择器存的是key值，需要先转化为ID
+        String keyC = StoreRedisKeyUtils.getStoreFieldKeyC(UserDetailUtils.getUserDetail().getEnterpriseId(), "");
+        Set<String> authStoreFieldSet = new HashSet<>(authData.size());
+        for (String key : authData) {
+            Object storeFieldId = RedisUtil.getCache(keyC + key);
+            if (storeFieldId != null) {
+                authStoreFieldSet.add((String) storeFieldId);
+            }
+        }
+        for (StoreFieldDTO obj : data) {
+            if (authStoreFieldSet.contains(obj.getStoreFieldId() + "")) {
+                authList.add(obj);
+            }
+        }
+        return authList;
+    }
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/StoreGroupAuth.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import com.gic.store.dto.StoreGroupDTO;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * 门店分组过滤
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 4:37 PM

+ */
+public class StoreGroupAuth implements IStoreResourceAuth<StoreGroupDTO>{
+    @Override
+    public List<StoreGroupDTO> auth(List<StoreGroupDTO> data, Set<String> authData) {
+        if (authData.isEmpty()) {
+            return data;
+        }
+        //权限过滤
+        List<StoreGroupDTO> authList = new ArrayList<>();
+        for (StoreGroupDTO obj : data) {
+            if (authData.contains(obj.getStoreGroupId() + "")) {
+                authList.add(obj);
+            }
+        }
+        return authList;
+    }
+
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/StorePartAuth.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * 部分门店
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/15 9:56 AM

+ */
+public class StorePartAuth implements IStoreResourceAuth<Integer>{
+    @Override
+    public List<Integer> auth(List<Integer> data, Set<String> authData) {
+        if (authData.isEmpty()) {
+            return null;
+        }
+        //返回权限选择的部分门店ID集合，用于作为过滤条件去查询部分门店，达到权限过滤的目的
+        return authData.stream().mapToInt(e -> Integer.valueOf(e)).boxed().collect(Collectors.toList());
+    }
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/StoreResourceUtils.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import com.gic.plug.web.utils.StoreResourceAuthUtils;
+import com.gic.store.constant.StoreESFieldsEnum;
+import com.gic.store.service.StoreWidgetApiService;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * 资源组-门店资源过滤工具类
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/14 4:57 PM

+ */
+public class StoreResourceUtils {
+    private static Map<String, IStoreResourceAuth> map = new HashMap<>(16);
+    public final static String STORE_FIELD_KEY = "storeFieldKey";
+
+    static {
+        //门店分组不用过滤
+        map.put(StoreESFieldsEnum.STOREGROUPIDLIST.getField(), new StoreGroupAuth());
+        map.put(StoreESFieldsEnum.STOREBRANDIDLIST.getField(), new StoreBrandAuth());
+        map.put(STORE_FIELD_KEY, new StoreFieldAuth());
+        map.put(StoreESFieldsEnum.STOREID.getField(), new StorePartAuth());
+        map.put(StoreESFieldsEnum.STORETAG.getField(), new StoreTagAuth());
+    }
+
+    /**
+     * 业务方过滤权限
+     * @param serviceData 业务方数据
+     * @param field StoreESFieldsEnum 门店分组/门店域.....
+     * @param storeWidgetApiService 门店选择器服务
+     * @param <T>
+     * @return
+     */
+    public static <T> T auth(List serviceData, String field, StoreWidgetApiService storeWidgetApiService) {
+        Set<String> authSet = StoreResourceAuthUtils.getAuthData(field, storeWidgetApiService);
+        return (T) map.get(field).auth(serviceData, authSet);
+    }
+}

src/main/java/com/gic/plug/web/utils/storeresourceauth/StoreTagAuth.java

+package com.gic.plug.web.utils.storeresourceauth;
+
+import com.gic.store.dto.StoreTagDTO;
+import org.apache.commons.collections.CollectionUtils;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+/**
+ * 门店标签的权限过滤
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/15 10:30 AM

+ */
+public class StoreTagAuth implements IStoreResourceAuth<StoreTagDTO>{
+    @Override
+    public List<StoreTagDTO> auth(List<StoreTagDTO> data, Set<String> authData) {
+        if (CollectionUtils.isEmpty(data)) {
+            return data;
+        }
+        if (authData.isEmpty()) {
+            return data;
+        }
+        List<StoreTagDTO> result = new ArrayList<>(authData.size());
+        for (StoreTagDTO storeTagDTO : data) {
+            if (authData.contains(storeTagDTO.getStoreTagId() + "")) {
+                result.add(storeTagDTO);
+            }
+        }
+        return result;
+    }
+}

src/main/java/com/gic/plug/web/vo/StoreTagVO.java

+package com.gic.plug.web.vo;
+
+import java.io.Serializable;
+/**
+ * 门店选择器-门店标签
+ * @ClassName:
+ * @Description: 

+ * @author guojuxing

+ * @date 2021/1/15 10:26 AM

+ */
+public class StoreTagVO implements Serializable{
+    private static final long serialVersionUID = -4887472846978408322L;
+
+    /**
+     *
+     */
+    private Integer storeTagId;
+
+    /**
+     * 门店标签名称
+     */
+    private String storeTagName;
+
+    /**
+     * 门店选择器id
+     */
+    private Integer storeWidgetId;
+
+    public Integer getStoreTagId() {
+        return storeTagId;
+    }
+
+    public StoreTagVO setStoreTagId(Integer storeTagId) {
+        this.storeTagId = storeTagId;
+        return this;
+    }
+
+    public String getStoreTagName() {
+        return storeTagName;
+    }
+
+    public StoreTagVO setStoreTagName(String storeTagName) {
+        this.storeTagName = storeTagName;
+        return this;
+    }
+
+    public Integer getStoreWidgetId() {
+        return storeWidgetId;
+    }
+
+    public StoreTagVO setStoreWidgetId(Integer storeWidgetId) {
+        this.storeWidgetId = storeWidgetId;
+        return this;
+    }
+
+    @Override
+    public String toString() {
+        return "StoreTagVO{" +
+                "storeTagId=" + storeTagId +
+                ", storeTagName='" + storeTagName + '\'' +
+                ", storeWidgetId=" + storeWidgetId +
+                '}';
+    }
+}