家族授权接口和踢出接口处理
This commit is contained in:
parent
8b92c32af3
commit
e540f18ef6
@ -9,17 +9,11 @@ import com.red.circle.other.infra.database.rds.service.family.FamilyMemberInfoSe
|
|||||||
import com.red.circle.other.infra.enums.family.FamilyRoleEnum;
|
import com.red.circle.other.infra.enums.family.FamilyRoleEnum;
|
||||||
import com.red.circle.other.inner.asserts.FamilyErrorCode;
|
import com.red.circle.other.inner.asserts.FamilyErrorCode;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.Optional;
|
|
||||||
import lombok.RequiredArgsConstructor;
|
import lombok.RequiredArgsConstructor;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
|
||||||
* 授权用户家族权限.
|
* 授权用户家族权限.
|
||||||
* </p>
|
|
||||||
*
|
|
||||||
* @author pengshigang
|
|
||||||
* @since 2021-07-22
|
|
||||||
*/
|
*/
|
||||||
@Component
|
@Component
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@ -29,75 +23,87 @@ public class FamilyGrantUserRoleExe {
|
|||||||
private final FamilyMemberInfoService familyMemberInfoService;
|
private final FamilyMemberInfoService familyMemberInfoService;
|
||||||
|
|
||||||
public void execute(FamilyGrantUserRoleCmd cmd) {
|
public void execute(FamilyGrantUserRoleCmd cmd) {
|
||||||
ResponseAssert.isTrue(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, getExistFamilyByUserId(cmd));
|
ResponseAssert.isTrue(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA,
|
||||||
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, isGrantAdmin(cmd));
|
familyCommon.isExistFamilyByUserId(cmd.getReqUserId()));
|
||||||
|
FamilyRoleEnum familyRoleEnum = FamilyRoleEnum.valueOf(cmd.getRoleKey());
|
||||||
|
|
||||||
FamilyMemberInfo manageMember = getOperatorMember(cmd);
|
FamilyMemberInfo operator = familyMemberInfoService.getFamilyMemberByUserId(cmd.getReqUserId());
|
||||||
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, manageMember);
|
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, operator);
|
||||||
FamilyMemberInfo member = getAuthorizedMember(cmd);
|
|
||||||
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, member);
|
|
||||||
ResponseAssert
|
|
||||||
.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION, isPermissionDenied(manageMember, member));
|
|
||||||
ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT,
|
|
||||||
Objects.equals(member.getMemberUserId(), cmd.getReqUserId()));
|
|
||||||
|
|
||||||
checkGrantManage(cmd, manageMember);
|
FamilyMemberInfo target = familyMemberInfoService.geMemberByMemberId(cmd.getAuthorizedMemberId());
|
||||||
|
ResponseAssert.notNull(FamilyErrorCode.NOT_EXIST_FAMILY_INFO_DATA, target);
|
||||||
|
|
||||||
updateRoleById(cmd);
|
validateBasicRules(cmd, operator, target);
|
||||||
}
|
|
||||||
|
|
||||||
private boolean isPermissionDenied(FamilyMemberInfo manageMember, FamilyMemberInfo member) {
|
validatePermission(cmd, operator, target);
|
||||||
return Objects.equals(manageMember.getMemberRole(), member.getMemberRole()) && Objects
|
|
||||||
.equals(manageMember.getMemberRole(), FamilyRoleEnum.MANAGE.getKey());
|
|
||||||
}
|
|
||||||
|
|
||||||
|
validateBusinessRules(cmd, operator);
|
||||||
|
|
||||||
private void checkGrantManage(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo manageMember) {
|
|
||||||
|
|
||||||
ResponseAssert.isFalse(FamilyErrorCode.FAMILY_MANAGE_MAX,
|
|
||||||
Objects.equals(manageMember.getMemberRole(), FamilyRoleEnum.MEMBER.getKey()));
|
|
||||||
|
|
||||||
if (!Objects.equals(cmd.getRoleKey(), FamilyRoleEnum.MANAGE.getKey())) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
ResponseAssert.isTrue(FamilyErrorCode.FAMILY_MANAGE_MAX, isAllowGrant(cmd, manageMember));
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean isAllowGrant(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo manageMember) {
|
|
||||||
return getFamilyCurrentManagerCount(manageMember) < getFamilyLevelMaxManagerCount(cmd,
|
|
||||||
manageMember);
|
|
||||||
}
|
|
||||||
|
|
||||||
private Integer getFamilyCurrentManagerCount(FamilyMemberInfo manageMember) {
|
|
||||||
return familyMemberInfoService.getManagerCount(manageMember.getFamilyId());
|
|
||||||
}
|
|
||||||
|
|
||||||
private Integer getFamilyLevelMaxManagerCount(FamilyGrantUserRoleCmd cmd,
|
|
||||||
FamilyMemberInfo manageMember) {
|
|
||||||
return Optional.ofNullable(
|
|
||||||
familyCommon.getFamilyDetails(cmd.getReqSysOrigin().getOrigin(), manageMember.getFamilyId())
|
|
||||||
.getMaxManager()).orElse(0);
|
|
||||||
}
|
|
||||||
|
|
||||||
private Boolean getExistFamilyByUserId(FamilyGrantUserRoleCmd cmd) {
|
|
||||||
return familyCommon.isExistFamilyByUserId(cmd.getReqUserId());
|
|
||||||
}
|
|
||||||
|
|
||||||
private void updateRoleById(FamilyGrantUserRoleCmd cmd) {
|
|
||||||
familyMemberInfoService.updateRoleById(cmd.getAuthorizedMemberId(), cmd.getRoleKey());
|
familyMemberInfoService.updateRoleById(cmd.getAuthorizedMemberId(), cmd.getRoleKey());
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean isGrantAdmin(FamilyGrantUserRoleCmd cmd) {
|
/**
|
||||||
return Objects.equals(FamilyRoleEnum.ADMIN.getKey(), cmd.getRoleKey());
|
* 基础规则校验.
|
||||||
|
*/
|
||||||
|
private void validateBasicRules(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator, FamilyMemberInfo target) {
|
||||||
|
// 不能授予族长权限
|
||||||
|
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
|
||||||
|
FamilyRoleEnum.ADMIN.getKey().equals(cmd.getRoleKey()));
|
||||||
|
|
||||||
|
// 不能操作自己
|
||||||
|
ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT,
|
||||||
|
Objects.equals(operator.getMemberUserId(), target.getMemberUserId()));
|
||||||
|
|
||||||
|
ResponseAssert.isFalse(CommonErrorCode.OPERATION_CONFLICT, Objects.equals(target.getMemberRole(), cmd.getRoleKey()));
|
||||||
}
|
}
|
||||||
|
|
||||||
private FamilyMemberInfo getAuthorizedMember(FamilyGrantUserRoleCmd cmd) {
|
/**
|
||||||
return familyMemberInfoService
|
* 权限校验.
|
||||||
.geMemberByMemberId(cmd.getAuthorizedMemberId());
|
*/
|
||||||
|
private void validatePermission(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator, FamilyMemberInfo target) {
|
||||||
|
String operatorRole = operator.getMemberRole();
|
||||||
|
String targetRole = target.getMemberRole();
|
||||||
|
String newRole = cmd.getRoleKey();
|
||||||
|
|
||||||
|
// 操作者是族长
|
||||||
|
if (FamilyRoleEnum.ADMIN.getKey().equals(operatorRole)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 操作者是管理员
|
||||||
|
if (FamilyRoleEnum.MANAGE.getKey().equals(operatorRole)) {
|
||||||
|
// 管理员不能操作族长
|
||||||
|
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
|
||||||
|
FamilyRoleEnum.ADMIN.getKey().equals(targetRole));
|
||||||
|
|
||||||
|
// 管理员不能操作同级管理员
|
||||||
|
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
|
||||||
|
FamilyRoleEnum.MANAGE.getKey().equals(targetRole));
|
||||||
|
|
||||||
|
// 管理员只能将成员降级,不能授予管理员权限
|
||||||
|
ResponseAssert.isFalse(CommonErrorCode.INSUFFICIENT_PERMISSION,
|
||||||
|
FamilyRoleEnum.MANAGE.getKey().equals(newRole));
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// 操作者是普通成员 - 没有任何授权权限
|
||||||
|
ResponseAssert.isTrue(CommonErrorCode.INSUFFICIENT_PERMISSION, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
private FamilyMemberInfo getOperatorMember(FamilyGrantUserRoleCmd cmd) {
|
/**
|
||||||
return familyMemberInfoService.getFamilyMemberByUserId(cmd.getReqUserId());
|
* 业务规则校验.
|
||||||
}
|
*/
|
||||||
|
private void validateBusinessRules(FamilyGrantUserRoleCmd cmd, FamilyMemberInfo operator) {
|
||||||
|
// 如果要授予管理员权限,检查管理员数量限制
|
||||||
|
if (FamilyRoleEnum.MANAGE.getKey().equals(cmd.getRoleKey())) {
|
||||||
|
int currentManagerCount = familyMemberInfoService.getManagerCount(operator.getFamilyId());
|
||||||
|
int maxManagerCount = familyCommon
|
||||||
|
.getFamilyDetails(cmd.getReqSysOrigin().getOrigin(), operator.getFamilyId())
|
||||||
|
.getMaxManager();
|
||||||
|
|
||||||
|
ResponseAssert.isTrue(FamilyErrorCode.FAMILY_MANAGE_MAX,
|
||||||
|
currentManagerCount < maxManagerCount);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -146,13 +146,9 @@ public class FamilyServiceImpl implements FamilyService {
|
|||||||
@Override
|
@Override
|
||||||
public void grantUserRole(FamilyGrantUserRoleCmd cmd) {
|
public void grantUserRole(FamilyGrantUserRoleCmd cmd) {
|
||||||
if (Objects.equals(cmd.getRoleKey(), "REMOVE")) {
|
if (Objects.equals(cmd.getRoleKey(), "REMOVE")) {
|
||||||
|
|
||||||
Long userId = familyMemberIdGetUserIdExe.execute(cmd.getAuthorizedMemberId());
|
|
||||||
if (Objects.isNull(userId)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
FamilyRemoveUserCmd removeUserCmd = new FamilyRemoveUserCmd();
|
FamilyRemoveUserCmd removeUserCmd = new FamilyRemoveUserCmd();
|
||||||
removeUserCmd.setRemoveMemberId(userId);
|
removeUserCmd.setRemoveMemberId(cmd.getAuthorizedMemberId());
|
||||||
|
removeUserCmd.setReqUserId(cmd.getReqUserId());
|
||||||
familyRemoveUserExe.execute(removeUserCmd);
|
familyRemoveUserExe.execute(removeUserCmd);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -24,7 +24,7 @@ public class FamilyGrantUserRoleCmd extends AppExtCommand {
|
|||||||
private Long authorizedMemberId;
|
private Long authorizedMemberId;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 被授权成员ID.
|
* MANAGE-管理员;MEMBER-用户
|
||||||
*/
|
*/
|
||||||
private String roleKey;
|
private String roleKey;
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user