diff --git a/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/command/family/FamilyGrantUserRoleExe.java b/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/command/family/FamilyGrantUserRoleExe.java index 521432d8..85992f42 100644 --- a/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/command/family/FamilyGrantUserRoleExe.java +++ b/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/command/family/FamilyGrantUserRoleExe.java @@ -9,17 +9,11 @@ import com.red.circle.other.infra.database.rds.service.family.FamilyMemberInfoSe import com.red.circle.other.infra.enums.family.FamilyRoleEnum; import com.red.circle.other.inner.asserts.FamilyErrorCode; import java.util.Objects; -import java.util.Optional; import lombok.RequiredArgsConstructor; import org.springframework.stereotype.Component; /** - *
* 授权用户家族权限. - *
- * - * @author pengshigang - * @since 2021-07-22 */ @Component @RequiredArgsConstructor @@ -29,75 +23,87 @@ public class FamilyGrantUserRoleExe { private final FamilyMemberInfoService familyMemberInfoService; public void execute(FamilyGrantUserRoleCmd cmd) { - ResponseAssert.isTrue(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, getExistFamilyByUserId(cmd)); - ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, isGrantAdmin(cmd)); + ResponseAssert.isTrue(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, + familyCommon.isExistFamilyByUserId(cmd.getReqUserId())); + FamilyRoleEnum familyRoleEnum = FamilyRoleEnum.valueOf(cmd.getRoleKey()); - FamilyMemberInfo manageMember = getOperatorMember(cmd); - ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, manageMember); - FamilyMemberInfo member = getAuthorizedMember(cmd); - ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, member); - ResponseAssert - .isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, isPermissionDenied(manageMember, member)); - ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT, - Objects.equals(member.getMemberUserId(), cmd.getReqUserId())); + FamilyMemberInfo operator = familyMemberInfoService.getFamilyMemberByUserId(cmd.getReqUserId()); + ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, operator); - checkGrantManage(cmd, manageMember); + FamilyMemberInfo target = familyMemberInfoService.geMemberByMemberId(cmd.getAuthorizedMemberId()); + ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, target); - updateRoleById(cmd); - } + validateBasicRules(cmd, operator, target); - private boolean isPermissionDenied(FamilyMemberInfo manageMember, FamilyMemberInfo member) { - return Objects.equals(manageMember.getMemberRole(), member.getMemberRole()) && Objects - .equals(manageMember.getMemberRole(), FamilyRoleEnum.MANAGE.getKey()); - } + validatePermission(cmd, operator, target); + validateBusinessRules(cmd, operator); - private void checkGrantManage(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo manageMember) { - - ResponseAssert.isFalse(FamilyErrorCode.FAMILY_MANAGE_MAX, - Objects.equals(manageMember.getMemberRole(), FamilyRoleEnum.MEMBER.getKey())); - - if (!Objects.equals(cmd.getRoleKey(), FamilyRoleEnum.MANAGE.getKey())) { - return; - } - ResponseAssert.isTrue(FamilyErrorCode.FAMILY_MANAGE_MAX, isAllowGrant(cmd, manageMember)); - } - - private boolean isAllowGrant(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo manageMember) { - return getFamilyCurrentManagerCount(manageMember) < getFamilyLevelMaxManagerCount(cmd, - manageMember); - } - - private Integer getFamilyCurrentManagerCount(FamilyMemberInfo manageMember) { - return familyMemberInfoService.getManagerCount(manageMember.getFamilyId()); - } - - private Integer getFamilyLevelMaxManagerCount(FamilyGrantUserRoleCmd cmd, - FamilyMemberInfo manageMember) { - return Optional.ofNullable( - familyCommon.getFamilyDetails(cmd.getReqSysOrigin().getOrigin(), manageMember.getFamilyId()) - .getMaxManager()).orElse(0); - } - - private Boolean getExistFamilyByUserId(FamilyGrantUserRoleCmd cmd) { - return familyCommon.isExistFamilyByUserId(cmd.getReqUserId()); - } - - private void updateRoleById(FamilyGrantUserRoleCmd cmd) { familyMemberInfoService.updateRoleById(cmd.getAuthorizedMemberId(), cmd.getRoleKey()); } - private boolean isGrantAdmin(FamilyGrantUserRoleCmd cmd) { - return Objects.equals(FamilyRoleEnum.ADMIN.getKey(), cmd.getRoleKey()); + /** + * 基础规则校验. + */ + private void validateBasicRules(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator, FamilyMemberInfo target) { + // 不能授予族长权限 + ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, + FamilyRoleEnum.ADMIN.getKey().equals(cmd.getRoleKey())); + + // 不能操作自己 + ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT, + Objects.equals(operator.getMemberUserId(), target.getMemberUserId())); + + ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT, Objects.equals(target.getMemberRole(), cmd.getRoleKey())); } - private FamilyMemberInfo getAuthorizedMember(FamilyGrantUserRoleCmd cmd) { - return familyMemberInfoService - .geMemberByMemberId(cmd.getAuthorizedMemberId()); + /** + * 权限校验. + */ + private void validatePermission(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator, FamilyMemberInfo target) { + String operatorRole = operator.getMemberRole(); + String targetRole = target.getMemberRole(); + String newRole = cmd.getRoleKey(); + + // 操作者是族长 + if (FamilyRoleEnum.ADMIN.getKey().equals(operatorRole)) { + return; + } + + // 操作者是管理员 + if (FamilyRoleEnum.MANAGE.getKey().equals(operatorRole)) { + // 管理员不能操作族长 + ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, + FamilyRoleEnum.ADMIN.getKey().equals(targetRole)); + + // 管理员不能操作同级管理员 + ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, + FamilyRoleEnum.MANAGE.getKey().equals(targetRole)); + + // 管理员只能将成员降级,不能授予管理员权限 + ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, + FamilyRoleEnum.MANAGE.getKey().equals(newRole)); + + return; + } + + // 操作者是普通成员 - 没有任何授权权限 + ResponseAssert.isTrue(CommonErrorCode.INSUFFICIENT_PERMISSION, false); } - private FamilyMemberInfo getOperatorMember(FamilyGrantUserRoleCmd cmd) { - return familyMemberInfoService.getFamilyMemberByUserId(cmd.getReqUserId()); - } + /** + * 业务规则校验. + */ + private void validateBusinessRules(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator) { + // 如果要授予管理员权限,检查管理员数量限制 + if (FamilyRoleEnum.MANAGE.getKey().equals(cmd.getRoleKey())) { + int currentManagerCount = familyMemberInfoService.getManagerCount(operator.getFamilyId()); + int maxManagerCount = familyCommon + .getFamilyDetails(cmd.getReqSysOrigin().getOrigin(), operator.getFamilyId()) + .getMaxManager(); + ResponseAssert.isTrue(FamilyErrorCode.FAMILY_MANAGE_MAX, + currentManagerCount < maxManagerCount); + } + } } diff --git a/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/service/family/FamilyServiceImpl.java b/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/service/family/FamilyServiceImpl.java index 04d94944..bf08aea0 100644 --- a/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/service/family/FamilyServiceImpl.java +++ b/rc-service/rc-service-other/other-application/src/main/java/com/red/circle/other/app/service/family/FamilyServiceImpl.java @@ -146,13 +146,9 @@ public class FamilyServiceImpl implements FamilyService { @Override public void grantUserRole(FamilyGrantUserRoleCmd cmd) { if (Objects.equals(cmd.getRoleKey(), "REMOVE")) { - - Long userId = familyMemberIdGetUserIdExe.execute(cmd.getAuthorizedMemberId()); - if (Objects.isNull(userId)) { - return; - } FamilyRemoveUserCmd removeUserCmd = new FamilyRemoveUserCmd(); - removeUserCmd.setRemoveMemberId(userId); + removeUserCmd.setRemoveMemberId(cmd.getAuthorizedMemberId()); + removeUserCmd.setReqUserId(cmd.getReqUserId()); familyRemoveUserExe.execute(removeUserCmd); return; } diff --git a/rc-service/rc-service-other/other-client/src/main/java/com/red/circle/other/app/dto/cmd/family/FamilyGrantUserRoleCmd.java b/rc-service/rc-service-other/other-client/src/main/java/com/red/circle/other/app/dto/cmd/family/FamilyGrantUserRoleCmd.java index 811d432b..e9e92a8c 100644 --- a/rc-service/rc-service-other/other-client/src/main/java/com/red/circle/other/app/dto/cmd/family/FamilyGrantUserRoleCmd.java +++ b/rc-service/rc-service-other/other-client/src/main/java/com/red/circle/other/app/dto/cmd/family/FamilyGrantUserRoleCmd.java @@ -24,7 +24,7 @@ public class FamilyGrantUserRoleCmd extends AppExtCommand { private Long authorizedMemberId; /** - * 被授权成员ID. + * MANAGE-管理员;MEMBER-用户 */ private String roleKey;