家族授权接口和踢出接口处理

This commit is contained in:
tianfeng 2025-12-24 18:25:13 +08:00
parent 8b92c32af3
commit e540f18ef6
3 changed files with 72 additions and 70 deletions

View File

@ -9,17 +9,11 @@ import com.red.circle.other.infra.database.rds.service.family.FamilyMemberInfoSe
import com.red.circle.other.infra.enums.family.FamilyRoleEnum;
import com.red.circle.other.inner.asserts.FamilyErrorCode;
import java.util.Objects;
import java.util.Optional;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
/**
* <p>
* 授权用户家族权限.
* </p>
*
* @author pengshigang
* @since 2021-07-22
*/
@Component
@RequiredArgsConstructor
@ -29,75 +23,87 @@ public class FamilyGrantUserRoleExe {
private final FamilyMemberInfoService familyMemberInfoService;
public void execute(FamilyGrantUserRoleCmd cmd) {
ResponseAssert.isTrue(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, getExistFamilyByUserId(cmd));
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, isGrantAdmin(cmd));
ResponseAssert.isTrue(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA,
familyCommon.isExistFamilyByUserId(cmd.getReqUserId()));
FamilyRoleEnum familyRoleEnum = FamilyRoleEnum.valueOf(cmd.getRoleKey());
FamilyMemberInfo manageMember = getOperatorMember(cmd);
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, manageMember);
FamilyMemberInfo member = getAuthorizedMember(cmd);
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, member);
ResponseAssert
.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, isPermissionDenied(manageMember, member));
ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT,
Objects.equals(member.getMemberUserId(), cmd.getReqUserId()));
FamilyMemberInfo operator = familyMemberInfoService.getFamilyMemberByUserId(cmd.getReqUserId());
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, operator);
checkGrantManage(cmd, manageMember);
FamilyMemberInfo target = familyMemberInfoService.geMemberByMemberId(cmd.getAuthorizedMemberId());
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, target);
updateRoleById(cmd);
}
validateBasicRules(cmd, operator, target);
private boolean isPermissionDenied(FamilyMemberInfo manageMember, FamilyMemberInfo member) {
return Objects.equals(manageMember.getMemberRole(), member.getMemberRole()) && Objects
.equals(manageMember.getMemberRole(), FamilyRoleEnum.MANAGE.getKey());
}
validatePermission(cmd, operator, target);
validateBusinessRules(cmd, operator);
private void checkGrantManage(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo manageMember) {
ResponseAssert.isFalse(FamilyErrorCode.FAMILY_MANAGE_MAX,
Objects.equals(manageMember.getMemberRole(), FamilyRoleEnum.MEMBER.getKey()));
if (!Objects.equals(cmd.getRoleKey(), FamilyRoleEnum.MANAGE.getKey())) {
return;
}
ResponseAssert.isTrue(FamilyErrorCode.FAMILY_MANAGE_MAX, isAllowGrant(cmd, manageMember));
}
private boolean isAllowGrant(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo manageMember) {
return getFamilyCurrentManagerCount(manageMember) < getFamilyLevelMaxManagerCount(cmd,
manageMember);
}
private Integer getFamilyCurrentManagerCount(FamilyMemberInfo manageMember) {
return familyMemberInfoService.getManagerCount(manageMember.getFamilyId());
}
private Integer getFamilyLevelMaxManagerCount(FamilyGrantUserRoleCmd cmd,
FamilyMemberInfo manageMember) {
return Optional.ofNullable(
familyCommon.getFamilyDetails(cmd.getReqSysOrigin().getOrigin(), manageMember.getFamilyId())
.getMaxManager()).orElse(0);
}
private Boolean getExistFamilyByUserId(FamilyGrantUserRoleCmd cmd) {
return familyCommon.isExistFamilyByUserId(cmd.getReqUserId());
}
private void updateRoleById(FamilyGrantUserRoleCmd cmd) {
familyMemberInfoService.updateRoleById(cmd.getAuthorizedMemberId(), cmd.getRoleKey());
}
private boolean isGrantAdmin(FamilyGrantUserRoleCmd cmd) {
return Objects.equals(FamilyRoleEnum.ADMIN.getKey(), cmd.getRoleKey());
/**
* 基础规则校验.
*/
private void validateBasicRules(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator, FamilyMemberInfo target) {
// 不能授予族长权限
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
FamilyRoleEnum.ADMIN.getKey().equals(cmd.getRoleKey()));
// 不能操作自己
ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT,
Objects.equals(operator.getMemberUserId(), target.getMemberUserId()));
ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT, Objects.equals(target.getMemberRole(), cmd.getRoleKey()));
}
private FamilyMemberInfo getAuthorizedMember(FamilyGrantUserRoleCmd cmd) {
return familyMemberInfoService
.geMemberByMemberId(cmd.getAuthorizedMemberId());
/**
* 权限校验.
*/
private void validatePermission(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator, FamilyMemberInfo target) {
String operatorRole = operator.getMemberRole();
String targetRole = target.getMemberRole();
String newRole = cmd.getRoleKey();
// 操作者是族长
if (FamilyRoleEnum.ADMIN.getKey().equals(operatorRole)) {
return;
}
// 操作者是管理员
if (FamilyRoleEnum.MANAGE.getKey().equals(operatorRole)) {
// 管理员不能操作族长
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
FamilyRoleEnum.ADMIN.getKey().equals(targetRole));
// 管理员不能操作同级管理员
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
FamilyRoleEnum.MANAGE.getKey().equals(targetRole));
// 管理员只能将成员降级不能授予管理员权限
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
FamilyRoleEnum.MANAGE.getKey().equals(newRole));
return;
}
// 操作者是普通成员 - 没有任何授权权限
ResponseAssert.isTrue(CommonErrorCode.INSUFFICIENT_PERMISSION, false);
}
private FamilyMemberInfo getOperatorMember(FamilyGrantUserRoleCmd cmd) {
return familyMemberInfoService.getFamilyMemberByUserId(cmd.getReqUserId());
}
/**
* 业务规则校验.
*/
private void validateBusinessRules(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator) {
// 如果要授予管理员权限检查管理员数量限制
if (FamilyRoleEnum.MANAGE.getKey().equals(cmd.getRoleKey())) {
int currentManagerCount = familyMemberInfoService.getManagerCount(operator.getFamilyId());
int maxManagerCount = familyCommon
.getFamilyDetails(cmd.getReqSysOrigin().getOrigin(), operator.getFamilyId())
.getMaxManager();
ResponseAssert.isTrue(FamilyErrorCode.FAMILY_MANAGE_MAX,
currentManagerCount < maxManagerCount);
}
}
}

View File

@ -146,13 +146,9 @@ public class FamilyServiceImpl implements FamilyService {
@Override
public void grantUserRole(FamilyGrantUserRoleCmd cmd) {
if (Objects.equals(cmd.getRoleKey(), "REMOVE")) {
Long userId = familyMemberIdGetUserIdExe.execute(cmd.getAuthorizedMemberId());
if (Objects.isNull(userId)) {
return;
}
FamilyRemoveUserCmd removeUserCmd = new FamilyRemoveUserCmd();
removeUserCmd.setRemoveMemberId(userId);
removeUserCmd.setRemoveMemberId(cmd.getAuthorizedMemberId());
removeUserCmd.setReqUserId(cmd.getReqUserId());
familyRemoveUserExe.execute(removeUserCmd);
return;
}

View File

@ -24,7 +24,7 @@ public class FamilyGrantUserRoleCmd extends AppExtCommand {
private Long authorizedMemberId;
/**
* 被授权成员ID.
* MANAGE-管理员MEMBER-用户
*/
private String roleKey;