CRM-数据权限：完善数据团队操作-添加、编辑、移除团队成员，退出团队

yudao-module-crm/yudao-module-crm-api/src/main/java/cn/iocoder/yudao/module/crm/enums/ErrorCodeConstants.java

@@ -38,7 +38,6 @@ public interface ErrorCodeConstants {
     ErrorCode CRM_PERMISSION_NOT_EXISTS = new ErrorCode(1_020_007_000, "数据权限不存在");
     ErrorCode CRM_PERMISSION_DENIED = new ErrorCode(1_020_007_001, "{}操作失败，原因：没有权限");
     ErrorCode CRM_PERMISSION_MODEL_NOT_EXISTS = new ErrorCode(1_020_007_002, "{}不存在");
-    ErrorCode CRM_PERMISSION_MODEL_TRANSFER_FAIL_OWNER_USER_NOT_EXISTS = new ErrorCode(1_020_007_003, "{}操作失败，原因：负责人不存在");
-    ErrorCode CRM_PERMISSION_MODEL_TRANSFER_FAIL_OWNER_USER_EXISTS = new ErrorCode(1_020_007_004, "{}操作失败，原因：转移对象已经是该负责人");
+    ErrorCode CRM_PERMISSION_MODEL_TRANSFER_FAIL_OWNER_USER_EXISTS = new ErrorCode(1_020_007_003, "{}操作失败，原因：转移对象已经是该负责人");
 
 }

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/business/CrmBusinessController.java

@@ -95,5 +95,4 @@ public class CrmBusinessController {
         return success(true);
     }
 
-
 }

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/permission/CrmPermissionController.java

@@ -0,0 +1,146 @@
+package cn.iocoder.yudao.module.crm.controller.admin.permission;
+
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.ObjUtil;
+import cn.iocoder.yudao.framework.common.pojo.CommonResult;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionCreateReqVO;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionRespVO;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionUpdateReqVO;
+import cn.iocoder.yudao.module.crm.convert.permission.CrmPermissionConvert;
+import cn.iocoder.yudao.module.crm.dal.dataobject.permission.CrmPermissionDO;
+import cn.iocoder.yudao.module.crm.framework.core.service.CrmPermissionValidateService;
+import cn.iocoder.yudao.module.crm.service.permission.CrmPermissionService;
+import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
+import cn.iocoder.yudao.module.system.api.user.dto.AdminUserRespDTO;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.Parameters;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+import javax.validation.Valid;
+import java.util.Collections;
+import java.util.List;
+
+import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
+import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
+import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertSet;
+import static cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils.getLoginUserId;
+import static cn.iocoder.yudao.module.crm.enums.ErrorCodeConstants.CRM_PERMISSION_DENIED;
+import static cn.iocoder.yudao.module.crm.enums.ErrorCodeConstants.CRM_PERMISSION_MODEL_NOT_EXISTS;
+import static cn.iocoder.yudao.module.crm.framework.enums.CrmBizTypeEnum.getNameByType;
+import static cn.iocoder.yudao.module.crm.framework.enums.CrmPermissionLevelEnum.isOwner;
+
+@Tag(name = "管理后台 - CRM 数据权限（数据团队成员操作）")
+@RestController
+@RequestMapping("/crm/permission")
+@Validated
+public class CrmPermissionController {
+
+    @Resource
+    private CrmPermissionService crmPermissionService;
+
+    @Resource
+    private AdminUserApi adminUserApi;
+    @Resource
+    private List<CrmPermissionValidateService> permissionValidateServices;
+
+    private void validatePermission(Integer bizType, Long bizId) {
+        // 1. TODO 校验是否为超级管理员
+        // 2. 防御一手，如果是超级管理员不校验权限还是得校验一下数据是否存在
+        permissionValidateServices.forEach(item -> {
+            if (!item.validateBizIdExists(bizType, bizId)) {
+                throw exception(CRM_PERMISSION_MODEL_NOT_EXISTS, getNameByType(bizType));
+            }
+        });
+        // 3. 校验数据权限 （如果存在则表示 bizId 也存在）
+        CrmPermissionDO permission = crmPermissionService.getPermissionByBizTypeAndBizIdAndUserId(
+                bizType, bizId, getLoginUserId());
+        if (isOwner(permission.getPermissionLevel())) { // 只有负责人才可以操作团队成员
+            return;
+        }
+        throw exception(CRM_PERMISSION_DENIED, getNameByType(bizType));
+    }
+
+    @PutMapping("/add")
+    @Operation(summary = "添加团队成员")
+    @PreAuthorize("@ss.hasPermission('crm:permission:create')")
+    public CommonResult<Boolean> addPermission(@Valid @RequestBody CrmPermissionCreateReqVO reqVO) {
+        // 1. 前置校验
+        validatePermission(reqVO.getBizType(), reqVO.getBizId());
+
+        // 2. 加入成员
+        crmPermissionService.createPermission(CrmPermissionConvert.INSTANCE.convert(reqVO));
+        return success(true);
+    }
+
+
+    @PutMapping("/update")
+    @Operation(summary = "编辑团队成员")
+    @PreAuthorize("@ss.hasPermission('crm:permission:update')")
+    public CommonResult<Boolean> updatePermission(@Valid @RequestBody CrmPermissionUpdateReqVO updateReqVO) {
+        // 1. 前置校验
+        validatePermission(updateReqVO.getBizType(), updateReqVO.getBizId());
+
+        // 2. 编辑团队成员
+        crmPermissionService.updatePermission(CrmPermissionConvert.INSTANCE.convert(updateReqVO));
+        return success(true);
+    }
+
+    @GetMapping("/delete")
+    @Operation(summary = "移除团队成员")
+    @Parameter(name = "id", description = "团队成员编号", required = true)
+    @PreAuthorize("@ss.hasPermission('crm:permission:delete')")
+    public CommonResult<Boolean> deletePermission(@RequestParam("bizType") Integer bizType,
+                                                  @RequestParam("bizId") Long bizId,
+                                                  @RequestParam("id") Long id) {
+        // 1. 前置校验
+        validatePermission(bizType, bizId);
+
+        // 2. 移除团队成员
+        crmPermissionService.deletePermission(id);
+        return success(true);
+    }
+
+    @GetMapping("/quit")
+    @Operation(summary = "退出团队")
+    @Parameters({
+            @Parameter(name = "bizType", description = "CRM 类型", required = true, example = "2"),
+            @Parameter(name = "bizId", description = "CRM 类型数据编号", required = true, example = "1024")
+    })
+    @PreAuthorize("@ss.hasPermission('crm:permission:delete')")
+    public CommonResult<Boolean> quitPermission(@RequestParam("bizType") Integer bizType,
+                                                @RequestParam("bizId") Long bizId) {
+        CrmPermissionDO permission = crmPermissionService.getPermissionByBizTypeAndBizIdAndUserId(
+                bizType, bizId, getLoginUserId());
+        if (permission == null) { // 没有就不是团队成员
+            return success(false);
+        }
+        crmPermissionService.deletePermission(permission.getId());
+        return success(true);
+    }
+
+    @GetMapping("/list")
+    @Operation(summary = "获取团队成员")
+    @Parameters({
+            @Parameter(name = "bizType", description = "CRM 类型", required = true, example = "2"),
+            @Parameter(name = "bizId", description = "CRM 类型数据编号", required = true, example = "1024")
+    })
+    @PreAuthorize("@ss.hasPermission('crm:permission:query')")
+    public CommonResult<List<CrmPermissionRespVO>> getPermissionList(@RequestParam("bizType") Integer bizType,
+                                                                     @RequestParam("bizId") Long bizId) {
+        List<CrmPermissionDO> permission = crmPermissionService.getPermissionByBizTypeAndBizId(bizType, bizId);
+        if (CollUtil.isEmpty(permission)) {
+            return success(Collections.emptyList());
+        }
+        permission.removeIf(item -> ObjUtil.equal(item.getUserId(), CrmPermissionDO.POOL_USER_ID)); // 排除
+
+        // 拼接数据
+        List<AdminUserRespDTO> userList = adminUserApi.getUserList(convertSet(permission, CrmPermissionDO::getUserId));
+        return success(CrmPermissionConvert.INSTANCE.convert(permission, userList));
+    }
+
+}

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/permission/vo/CrmPermissionBaseVO.java

@@ -0,0 +1,38 @@
+package cn.iocoder.yudao.module.crm.controller.admin.permission.vo;
+
+import cn.iocoder.yudao.framework.common.validation.InEnum;
+import cn.iocoder.yudao.module.crm.framework.enums.CrmBizTypeEnum;
+import cn.iocoder.yudao.module.crm.framework.enums.CrmPermissionLevelEnum;
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import javax.validation.constraints.NotNull;
+
+/**
+ * 数据权限（团队成员） Base VO，提供给添加、修改、详细的子 VO 使用
+ * 如果子 VO 存在差异的字段，请不要添加到这里，影响 Swagger 文档生成
+ *
+ * @author HUIHUI
+ */
+@Data
+public class CrmPermissionBaseVO {
+
+    @Schema(description = "用户编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "123456")
+    @NotNull(message = "用户编号不能为空")
+    private Long userId;
+
+    @Schema(description = "Crm 类型", requiredMode = Schema.RequiredMode.REQUIRED, example = "2")
+    @InEnum(CrmBizTypeEnum.class)
+    @NotNull(message = "Crm 类型不能为空")
+    private Integer bizType;
+
+    @Schema(description = "Crm 类型数据编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "1024")
+    @NotNull(message = "Crm 类型数据编号不能为空")
+    private Long bizId;
+
+    @Schema(description = "权限级别", requiredMode = Schema.RequiredMode.REQUIRED, example = "2")
+    @InEnum(CrmPermissionLevelEnum.class)
+    @NotNull(message = "权限级别不能为空")
+    private Integer permissionLevel;
+
+}

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/permission/vo/CrmPermissionCreateReqVO.java

@@ -0,0 +1,14 @@
+package cn.iocoder.yudao.module.crm.controller.admin.permission.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.ToString;
+
+@Schema(description = "管理后台 - CRM 数据权限创建 Request VO")
+@Data
+@EqualsAndHashCode(callSuper = true)
+@ToString(callSuper = true)
+public class CrmPermissionCreateReqVO extends CrmPermissionBaseVO {
+
+}

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/permission/vo/CrmPermissionRespVO.java

@@ -0,0 +1,27 @@
+package cn.iocoder.yudao.module.crm.controller.admin.permission.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+import java.util.Set;
+
+@Schema(description = "管理后台 - CRM 数据权限（团队成员） Response VO")
+@Data
+public class CrmPermissionRespVO extends CrmPermissionBaseVO {
+
+    @Schema(description = "数据权限编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "13563")
+    private Long id;
+
+    @Schema(description = "团队级别", requiredMode = Schema.RequiredMode.REQUIRED, example = "负责人")
+    private String permissionLevelName;
+
+    @Schema(description = "部门编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "1")
+    private Long deptId;
+
+    @Schema(description = "用户昵称", requiredMode = Schema.RequiredMode.REQUIRED, example = "芋艿")
+    private String nickname;
+
+    @Schema(description = "岗位编号数组", requiredMode = Schema.RequiredMode.REQUIRED, example = "[1,2,3]")
+    private Set<Long> postIds;
+
+}

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/permission/vo/CrmPermissionUpdateReqVO.java

@@ -0,0 +1,17 @@
+package cn.iocoder.yudao.module.crm.controller.admin.permission.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.ToString;
+
+@Schema(description = "管理后台 - CRM 数据权限更新 Request VO")
+@Data
+@EqualsAndHashCode(callSuper = true)
+@ToString(callSuper = true)
+public class CrmPermissionUpdateReqVO extends CrmPermissionBaseVO {
+
+    @Schema(description = "数据权限编号", requiredMode = Schema.RequiredMode.REQUIRED, example = "13563")
+    private Long id;
+
+}

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/convert/permission/CrmPermissionConvert.java

@@ -1,11 +1,22 @@
 package cn.iocoder.yudao.module.crm.convert.permission;
 
+import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
+import cn.iocoder.yudao.framework.common.util.collection.MapUtils;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionCreateReqVO;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionRespVO;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionUpdateReqVO;
 import cn.iocoder.yudao.module.crm.dal.dataobject.permission.CrmPermissionDO;
 import cn.iocoder.yudao.module.crm.service.permission.bo.CrmPermissionCreateReqBO;
 import cn.iocoder.yudao.module.crm.service.permission.bo.CrmPermissionUpdateReqBO;
+import cn.iocoder.yudao.module.system.api.user.dto.AdminUserRespDTO;
 import org.mapstruct.Mapper;
 import org.mapstruct.factory.Mappers;
 
+import java.util.List;
+import java.util.Map;
+
+import static cn.iocoder.yudao.module.crm.framework.enums.CrmPermissionLevelEnum.getNameByLevel;
+
 /**
  * Crm 数据权限 Convert
  *
@@ -20,4 +31,21 @@ public interface CrmPermissionConvert {
 
     CrmPermissionDO convert(CrmPermissionUpdateReqBO updateBO);
 
+    CrmPermissionCreateReqBO convert(CrmPermissionCreateReqVO reqVO);
+
+    CrmPermissionUpdateReqBO convert(CrmPermissionUpdateReqVO updateReqVO);
+
+    List<CrmPermissionRespVO> convert(List<CrmPermissionDO> permission);
+
+    default List<CrmPermissionRespVO> convert(List<CrmPermissionDO> permission, List<AdminUserRespDTO> userList) {
+        Map<Long, AdminUserRespDTO> userMap = CollectionUtils.convertMap(userList, AdminUserRespDTO::getId);
+        return CollectionUtils.convertList(convert(permission), item -> {
+            MapUtils.findAndThen(userMap, item.getId(), user -> {
+                item.setNickname(user.getNickname()).setDeptId(user.getDeptId()).setPostIds(user.getPostIds())
+                        .setPermissionLevelName(getNameByLevel(item.getPermissionLevel()));
+            });
+            return item;
+        });
+    }
+
 }

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/permission/CrmPermissionMapper.java

@@ -46,19 +46,6 @@ public interface CrmPermissionMapper extends BaseMapperX<CrmPermissionDO> {
                 .eq(CrmPermissionDO::getBizId, bizId));
     }
 
-    /**
-     * 获取数据权限列表通过 数据类型 x 用户编号。如果
-     *
-     * @param bizType 数据类型，关联 {@link CrmBizTypeEnum}
-     * @param userId
-     * @return Crm 数据权限列表
-     */
-    default List<CrmPermissionDO> selectByBizTypeAndUserId(Integer bizType, Long userId) {
-        return selectList(new LambdaQueryWrapperX<CrmPermissionDO>()
-                .eq(CrmPermissionDO::getBizType, bizType)
-                .eq(CrmPermissionDO::getUserId, userId));
-    }
-
     default PageResult<CrmPermissionDO> selectPage(CrmPermissionPageReqBO pageReqBO) {
         return selectPage(pageReqBO, new LambdaQueryWrapperX<CrmPermissionDO>()
                 .eq(CrmPermissionDO::getBizType, pageReqBO.getBizType())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/framework/core/service/CrmPermissionValidateService.java

@@ -0,0 +1,20 @@
+package cn.iocoder.yudao.module.crm.framework.core.service;
+
+/**
+ * 校验数据是否存在 service 接口
+ * TODO 需要使用团队成员相关操作的业务接口都需要继承此接口
+ *
+ * @author HUIHUI
+ */
+public interface CrmPermissionValidateService {
+
+    /**
+     * 校验数据是否存在
+     *
+     * @param bizType CRM 类型
+     * @param bizId   数据编号
+     * @return 是/否
+     */
+    boolean validateBizIdExists(Integer bizType, Long bizId);
+
+}

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/framework/enums/CrmPermissionLevelEnum.java

@@ -47,4 +47,13 @@ public enum CrmPermissionLevelEnum implements IntArrayValuable {
         return ObjUtil.equal(WRITE.level, level);
     }
 
+    public static String getNameByLevel(Integer level) {
+        for (CrmPermissionLevelEnum levelEnum : CrmPermissionLevelEnum.values()) {
+            if (ObjUtil.equal(levelEnum.level, level)) {
+                return levelEnum.name;
+            }
+        }
+        return "";
+    }
+
 }

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/service/permission/CrmPermissionServiceImpl.java

@@ -13,12 +13,12 @@ import cn.iocoder.yudao.module.crm.service.permission.bo.CrmPermissionPageReqBO;
 import cn.iocoder.yudao.module.crm.service.permission.bo.CrmPermissionUpdateReqBO;
 import cn.iocoder.yudao.module.crm.service.permission.bo.CrmTransferPermissionReqBO;
 import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
-import cn.iocoder.yudao.module.system.api.user.dto.AdminUserRespDTO;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 
 import javax.annotation.Resource;
+import java.util.Collections;
 import java.util.List;
 
 import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
@@ -43,6 +43,10 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
     @Override
     @Transactional(rollbackFor = Exception.class)
     public Long createPermission(CrmPermissionCreateReqBO createBO) {
+        // 1. 校验用户是否存在
+        adminUserApi.validateUserList(Collections.singletonList(createBO.getUserId()));
+
+        // 2. 创建
         CrmPermissionDO permission = CrmPermissionConvert.INSTANCE.convert(createBO);
         crmPermissionMapper.insert(permission);
         return permission.getId();
@@ -51,7 +55,11 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void updatePermission(CrmPermissionUpdateReqBO updateBO) {
+        // 1. 校验用户是否存在
+        adminUserApi.validateUserList(Collections.singletonList(updateBO.getUserId()));
+        // 2. 校验存在
         validateCrmPermissionExists(updateBO.getId());
+
         // 更新操作
         CrmPermissionDO updateDO = CrmPermissionConvert.INSTANCE.convert(updateBO);
         crmPermissionMapper.updateById(updateDO);
@@ -60,7 +68,9 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void deletePermission(Long id) {
+        // 校验存在
         validateCrmPermissionExists(id);
+
         // 删除
         crmPermissionMapper.deleteById(id);
     }
@@ -75,11 +85,6 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
         return crmPermissionMapper.selectByBizTypeAndBizId(bizType, bizId);
     }
 
-    @Override
-    public List<CrmPermissionDO> getPermissionByBizTypeAndUserId(Integer bizType, Long userId) {
-        return crmPermissionMapper.selectByBizTypeAndUserId(bizType, userId);
-    }
-
     private void validateCrmPermissionExists(Long id) {
         if (crmPermissionMapper.selectById(id) == null) {
             throw exception(CRM_PERMISSION_NOT_EXISTS);
@@ -103,11 +108,7 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
             throw exception(CRM_PERMISSION_MODEL_TRANSFER_FAIL_OWNER_USER_EXISTS, crmName);
         }
         // 2.1 校验新负责人是否存在
-        AdminUserRespDTO user = adminUserApi.getUser(transferReqBO.getNewOwnerUserId());
-        if (user == null) {
-            throw exception(CRM_PERMISSION_MODEL_TRANSFER_FAIL_OWNER_USER_NOT_EXISTS, crmName);
-        }
-
+        adminUserApi.validateUserList(Collections.singletonList(transferReqBO.getNewOwnerUserId()));
         // 3. 权限转移
         List<CrmPermissionDO> permissions = crmPermissionMapper.selectByBizTypeAndBizId(
                 transferReqBO.getBizType(), transferReqBO.getBizId()); // 获取所有团队成员