feat-数据权限-支持按监管区划过滤并准备对应的单元测试

muyun-authorization/src/main/java/net/ximatai/muyun/authorization/AuthorizationService.java

@@ -47,6 +47,10 @@ public class AuthorizationService implements IAuthorizationService {
         .expireAfterWrite(1, TimeUnit.MINUTES)
         .build(this::loadRoles);
 
+    private final LoadingCache<String, Set<String>> organizationToRegions = Caffeine.newBuilder()
+        .expireAfterWrite(1, TimeUnit.MINUTES)
+        .build(this::loadRegions);
+
     private final LoadingCache<String, List<Map<String, Object>>> allOrgAndDept = Caffeine.newBuilder()
         .expireAfterWrite(3, TimeUnit.MINUTES)
         .build(this::loadOrgAndDept);
@@ -56,6 +60,7 @@ public void invalidateAll() {
         userinfoCache.invalidateAll();
         actionCache.invalidateAll();
         userToRoles.invalidateAll();
+        organizationToRegions.invalidateAll();
         allOrgAndDept.invalidateAll();
     }
 
@@ -92,6 +97,21 @@ and exists(select * from platform.auth_role where auth_role.id = id_at_auth_role
         return rows.stream().map(it -> it.get("id_at_auth_role").toString()).collect(Collectors.toSet());
     }
 
+    private Set<String> loadRegions(String organizationID) {
+        List<Map<String, Object>> rows = db.query("""
+            select id_at_app_region
+            from platform.org_organization_supervision
+            where id_at_org_organization = ?
+            """, organizationID);
+        Set<String> result = rows.stream().map(it -> it.get("id_at_app_region").toString()).collect(Collectors.toSet());
+
+        if (result.isEmpty()) {
+            return Set.of("NULL_DATA");
+        } else {
+            return result;
+        }
+    }
+
     private List<Map<String, Object>> loadOrgAndDept(String type) {
         return switch (type) {
             case "org" -> db.query("select id,pid from platform.org_organization");
@@ -313,6 +333,10 @@ private String dictDataAuthToCondition(String userID, String module, String dict
                 .formatted(departmentColumn, departmentAndSubordinates(organizationID)
                     .stream().map("'%s'"::formatted)
                     .collect(Collectors.joining(",")));
+            case "supervision_region" -> "%s in (%s)"
+                .formatted("id_at_app_region", supervisionRegion(organizationID)
+                    .stream().map("'%s'"::formatted)
+                    .collect(Collectors.joining(",")));
             case "self" -> "%s='%s'".formatted(userColumn, userID);
             default -> "1=2";
         };
@@ -352,6 +376,10 @@ private Set<String> meAndChildren(String me, List<Map<String, Object>> list) {
         return all;
     }
 
+    private Set<String> supervisionRegion(String organizationID) {
+        return organizationToRegions.get(organizationID);
+    }
+
     @Override
     public List<String> getAllowedActions(String userID, String module) {
         if (config.isSuperUser(userID)) {

muyun-boot/src/test/java/net/ximatai/muyun/test/auth/TestDataAuth.java

@@ -12,7 +12,9 @@
 import net.ximatai.muyun.platform.PlatformConst;
 import net.ximatai.muyun.platform.controller.AuthorizationController;
 import net.ximatai.muyun.platform.controller.ModuleController;
+import net.ximatai.muyun.platform.controller.RegionController;
 import net.ximatai.muyun.platform.controller.RoleController;
+import net.ximatai.muyun.platform.controller.SupervisionRegionController;
 import net.ximatai.muyun.platform.controller.UserInfoController;
 import net.ximatai.muyun.test.testcontainers.PostgresTestResource;
 import org.junit.jupiter.api.BeforeAll;
@@ -50,6 +52,12 @@ public class TestDataAuth {
     @Inject
     RoleController roleController;
 
+    @Inject
+    RegionController regionController;
+
+    @Inject
+    SupervisionRegionController supervisionRegionController;
+
     String userID;
     String role1, role2;
     String module1, module2;
@@ -262,6 +270,36 @@ void testIsDataAuthorized4() {
         assertFalse(authService.isDataAuthorized(userID, "module1", "delete", d2));
     }
 
+    @Test
+    void testIsDataAuthorizedRegion() {
+        String regionID = regionController.create(Map.of(
+            "v_name", "test",
+            "v_code", "test"
+        ));
+
+        String d1 = db.insertItem("public", "module1", Map.of(
+            "v_name", "test1",
+            "id_at_auth_user__perms", userID,
+            "id_at_org_department__perms", "1",
+            "id_at_app_region", regionID
+        ));
+
+        authService.invalidateAll();
+
+        accredit(role1, view1, "supervision_region");
+
+        assertFalse(authService.isDataAuthorized(userID, "module1", "view", d1));
+
+        supervisionRegionController.create(Map.of(
+            "id_at_org_organization", "1",
+            "id_at_app_region", regionID
+        ));
+
+        authService.invalidateAll();
+
+        assertTrue(authService.isDataAuthorized(userID, "module1", "view", d1));
+    }
+
     private void accredit(String role, String action, String dataAuth) {
         String grant = authorizationController.grant(role, action);
         authorizationController.setDataAuth(grant, Map.of(

muyun-platform/src/main/java/net/ximatai/muyun/platform/controller/RoleActionController.java

@@ -32,8 +32,9 @@ protected void afterInit() {
                 new Dict("department", "本部门"),
                 new Dict("department_and_subordinates", "本部门及下级"),
                 new Dict("self", "本人"),
+                new Dict("supervision_region", "监管区划"),
                 new Dict("custom", "自定义")
-            ), false);
+            ), true);
     }
 
     @Override

muyun-platform/src/main/java/net/ximatai/muyun/platform/controller/SupervisionRegionController.java

@@ -1,12 +1,14 @@
 package net.ximatai.muyun.platform.controller;
 
+import io.quarkus.runtime.Startup;
 import jakarta.enterprise.context.ApplicationScoped;
 import net.ximatai.muyun.ability.IChildAbility;
 import net.ximatai.muyun.base.BaseBusinessTable;
 import net.ximatai.muyun.database.builder.Column;
 import net.ximatai.muyun.database.builder.TableWrapper;
 import net.ximatai.muyun.platform.ScaffoldForPlatform;
 
+@Startup
 @ApplicationScoped
 public class SupervisionRegionController extends ScaffoldForPlatform implements IChildAbility {