CRM: 根据 review 完善数据权限

yudao-module-crm/yudao-module-crm-api/src/main/java/cn/iocoder/yudao/module/crm/enums/ErrorCodeConstants.java

@@ -74,6 +74,7 @@ public interface ErrorCodeConstants {
     ErrorCode CRM_PERMISSION_DELETE_DENIED = new ErrorCode(1_020_007_006, "删除数据权限失败，原因：没有权限");
     ErrorCode CRM_PERMISSION_DELETE_SELF_PERMISSION_FAIL_EXIST_OWNER = new ErrorCode(1_020_007_007, "删除数据权限失败，原因：不能删除负责人");
     ErrorCode CRM_PERMISSION_CREATE_FAIL = new ErrorCode(1_020_007_008, "创建数据权限失败，原因：所加用户已有权限");
+    ErrorCode CRM_PERMISSION_CREATE_FAIL_EXISTS = new ErrorCode(1_020_007_009, "同时添加数据权限失败，原因：用户【{}】已有模块【{}】数据【{}】的【{}】权限");
 
     // ========== 产品 1_020_008_000 ==========
     ErrorCode PRODUCT_NOT_EXISTS = new ErrorCode(1_020_008_000, "产品不存在");

yudao-module-crm/yudao-module-crm-api/src/main/java/cn/iocoder/yudao/module/crm/enums/permission/CrmPermissionLevelEnum.java

@@ -1,5 +1,6 @@
 package cn.iocoder.yudao.module.crm.enums.permission;
 
+import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.ObjUtil;
 import cn.iocoder.yudao.framework.common.core.IntArrayValuable;
 import lombok.AllArgsConstructor;
@@ -50,4 +51,10 @@ public enum CrmPermissionLevelEnum implements IntArrayValuable {
         return ObjUtil.equal(WRITE.level, level);
     }
 
+    public static String getNameByLevel(Integer level) {
+        CrmPermissionLevelEnum typeEnum = CollUtil.findOne(CollUtil.newArrayList(CrmPermissionLevelEnum.values()),
+                item -> ObjUtil.equal(item.level, level));
+        return typeEnum == null ? null : typeEnum.getName();
+    }
+
 }

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/permission/CrmPermissionController.java

@@ -1,6 +1,7 @@
 package cn.iocoder.yudao.module.crm.controller.admin.permission;
 
 import cn.hutool.core.collection.CollUtil;
+import cn.hutool.extra.spring.SpringUtil;
 import cn.iocoder.yudao.framework.common.pojo.CommonResult;
 import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
 import cn.iocoder.yudao.framework.common.util.collection.MapUtils;
@@ -56,63 +57,20 @@ public class CrmPermissionController {
     @Resource
     private CrmPermissionService permissionService;
     @Resource
-    private CrmContactService contactService;
-    @Resource
-    private CrmBusinessService businessService;
-    @Resource
-    private CrmContractService contractService;
-    @Resource
     private AdminUserApi adminUserApi;
     @Resource
     private DeptApi deptApi;
     @Resource
     private PostApi postApi;
 
-    // TODO @puhui999：是不是还是叫 create 好点哈。
     @PostMapping("/create")
     @Operation(summary = "创建数据权限")
-    @Transactional(rollbackFor = Exception.class)
     @PreAuthorize("@ss.hasPermission('crm:permission:create')")
-    @CrmPermission(bizTypeValue = "#reqVO.bizType", bizId = "#reqVO.bizId", level = CrmPermissionLevelEnum.OWNER)
-    public CommonResult<Boolean> savePermission(@Valid @RequestBody CrmPermissionSaveReqVO reqVO) {
-        permissionService.createPermission(BeanUtils.toBean(reqVO, CrmPermissionCreateReqBO.class));
-        // 处理【同时添加至】的权限
-        if (CollUtil.isNotEmpty(reqVO.getToBizTypes())) {
-            createBizTypePermissions(reqVO);
-        }
+    public CommonResult<Boolean> create(@Valid @RequestBody CrmPermissionSaveReqVO reqVO) {
+        permissionService.createPermission(reqVO, getLoginUserId());
         return success(true);
     }
 
-    private void createBizTypePermissions(CrmPermissionSaveReqVO reqVO) {
-        List<CrmPermissionCreateReqBO> createPermissions = new ArrayList<>();
-        // TODO @puhui999：需要考虑，被添加人，是不是应该有对应的权限了；
-        if (reqVO.getToBizTypes().contains(CrmBizTypeEnum.CRM_CONTACT.getType())) {
-            List<CrmContactDO> contactList = contactService.getContactListByCustomerIdOwnerUserId(reqVO.getBizId(), getLoginUserId());
-            contactList.forEach(item -> {
-                createPermissions.add(new CrmPermissionCreateReqBO().setBizType(CrmBizTypeEnum.CRM_CONTACT.getType())
-                        .setBizId(item.getId()).setUserId(reqVO.getUserId()).setLevel(reqVO.getLevel()));
-            });
-        }
-        if (reqVO.getToBizTypes().contains(CrmBizTypeEnum.CRM_BUSINESS.getType())) {
-            List<CrmBusinessDO> businessList = businessService.getBusinessListByCustomerIdOwnerUserId(reqVO.getBizId(), getLoginUserId());
-            businessList.forEach(item -> {
-                createPermissions.add(new CrmPermissionCreateReqBO().setBizType(CrmBizTypeEnum.CRM_BUSINESS.getType())
-                        .setBizId(item.getId()).setUserId(reqVO.getUserId()).setLevel(reqVO.getLevel()));
-            });
-        }
-        if (reqVO.getToBizTypes().contains(CrmBizTypeEnum.CRM_CONTRACT.getType())) {
-            List<CrmContractDO> contractList = contractService.getContractListByCustomerIdOwnerUserId(reqVO.getBizId(), getLoginUserId());
-            contractList.forEach(item -> {
-                createPermissions.add(new CrmPermissionCreateReqBO().setBizType(CrmBizTypeEnum.CRM_CONTRACT.getType())
-                        .setBizId(item.getId()).setUserId(reqVO.getUserId()).setLevel(reqVO.getLevel()));
-            });
-        }
-        if (CollUtil.isEmpty(createPermissions)) {
-            return;
-        }
-        permissionService.createPermissionBatch(createPermissions);
-    }
-
     @PutMapping("/update")
     @Operation(summary = "编辑数据权限")
     @PreAuthorize("@ss.hasPermission('crm:permission:update')")

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/permission/CrmPermissionMapper.java

@@ -53,9 +53,11 @@ public interface CrmPermissionMapper extends BaseMapperX<CrmPermissionDO> {
                 CrmPermissionDO::getUserId, userId);
     }
 
-    default CrmPermissionDO selectByBizIdAndUserId(Long bizId, Long userId) {
-        return selectOne(CrmPermissionDO::getBizId, bizId,
-                CrmPermissionDO::getUserId, userId);
+    default CrmPermissionDO selectByBizAndUserId(Integer bizType, Long bizId, Long userId) {
+        return selectOne(new LambdaQueryWrapperX<CrmPermissionDO>()
+                .eq(CrmPermissionDO::getBizType, bizType)
+                .eq(CrmPermissionDO::getBizId, bizId)
+                .eq(CrmPermissionDO::getUserId, userId));
     }
 
     default int deletePermission(Integer bizType, Long bizId) {

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/service/permission/CrmPermissionService.java

@@ -1,6 +1,7 @@
 package cn.iocoder.yudao.module.crm.service.permission;
 
 
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionSaveReqVO;
 import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionUpdateReqVO;
 import cn.iocoder.yudao.module.crm.dal.dataobject.permission.CrmPermissionDO;
 import cn.iocoder.yudao.module.crm.enums.common.CrmBizTypeEnum;
@@ -19,6 +20,14 @@ import java.util.List;
  */
 public interface CrmPermissionService {
 
+    /**
+     * 创建数据权限
+     *
+     * @param reqVO  创建信息
+     * @param userId 用户编号
+     */
+    void createPermission(CrmPermissionSaveReqVO reqVO, Long userId);
+
     /**
      * 创建数据权限
      *
@@ -111,10 +120,10 @@ public interface CrmPermissionService {
     /**
      * 校验是否有指定数据的操作权限
      *
-     * @param bizType   数据类型，关联 {@link CrmBizTypeEnum}
-     * @param bizId     数据编号，关联 {@link CrmBizTypeEnum} 对应模块 DO#getId()
-     * @param userId    用户编号
-     * @param level 权限级别
+     * @param bizType 数据类型，关联 {@link CrmBizTypeEnum}
+     * @param bizId   数据编号，关联 {@link CrmBizTypeEnum} 对应模块 DO#getId()
+     * @param userId  用户编号
+     * @param level   权限级别
      * @return 是否有权限
      */
     boolean hasPermission(Integer bizType, Long bizId, Long userId, CrmPermissionLevelEnum level);

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/service/permission/CrmPermissionServiceImpl.java

@@ -4,28 +4,34 @@ import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.ObjUtil;
 import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
+import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionSaveReqVO;
 import cn.iocoder.yudao.module.crm.controller.admin.permission.vo.CrmPermissionUpdateReqVO;
+import cn.iocoder.yudao.module.crm.dal.dataobject.business.CrmBusinessDO;
+import cn.iocoder.yudao.module.crm.dal.dataobject.contact.CrmContactDO;
+import cn.iocoder.yudao.module.crm.dal.dataobject.contract.CrmContractDO;
 import cn.iocoder.yudao.module.crm.dal.dataobject.permission.CrmPermissionDO;
 import cn.iocoder.yudao.module.crm.dal.mysql.permission.CrmPermissionMapper;
 import cn.iocoder.yudao.module.crm.enums.common.CrmBizTypeEnum;
 import cn.iocoder.yudao.module.crm.enums.permission.CrmPermissionLevelEnum;
+import cn.iocoder.yudao.module.crm.framework.permission.core.annotations.CrmPermission;
+import cn.iocoder.yudao.module.crm.service.business.CrmBusinessService;
+import cn.iocoder.yudao.module.crm.service.contact.CrmContactService;
+import cn.iocoder.yudao.module.crm.service.contract.CrmContractService;
 import cn.iocoder.yudao.module.crm.service.permission.bo.CrmPermissionCreateReqBO;
 import cn.iocoder.yudao.module.crm.service.permission.bo.CrmPermissionTransferReqBO;
 import cn.iocoder.yudao.module.crm.util.CrmPermissionUtils;
 import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
+import cn.iocoder.yudao.module.system.api.user.dto.AdminUserRespDTO;
 import jakarta.annotation.Resource;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 
-import java.util.Collection;
-import java.util.Collections;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 
 import static cn.iocoder.yudao.framework.common.exception.util.ServiceExceptionUtil.exception;
-import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.anyMatch;
-import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.convertSet;
+import static cn.iocoder.yudao.framework.common.util.collection.CollectionUtils.*;
 import static cn.iocoder.yudao.module.crm.enums.ErrorCodeConstants.*;
 import static cn.iocoder.yudao.module.crm.enums.permission.CrmPermissionLevelEnum.isOwner;
 
@@ -40,13 +46,124 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
 
     @Resource
     private CrmPermissionMapper permissionMapper;
-
+    @Resource
+    @Lazy // 解决依赖循环
+    private CrmContactService contactService;
+    @Resource
+    @Lazy // 解决依赖循环
+    private CrmBusinessService businessService;
+    @Resource
+    @Lazy // 解决依赖循环
+    private CrmContractService contractService;
     @Resource
     private AdminUserApi adminUserApi;
 
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    @CrmPermission(bizTypeValue = "#reqVO.bizType", bizId = "#reqVO.bizId", level = CrmPermissionLevelEnum.OWNER)
+    public void createPermission(CrmPermissionSaveReqVO reqVO, Long userId) {
+        // 创建数据权限
+        createPermission0(BeanUtils.toBean(reqVO, CrmPermissionCreateReqBO.class));
+
+        // 处理【同时添加至】的权限
+        if (CollUtil.isEmpty(reqVO.getToBizTypes())) {
+            return;
+        }
+        List<CrmPermissionCreateReqBO> createPermissions = new ArrayList<>();
+        createContactPermissions(reqVO, userId, createPermissions);
+        createBusinessPermissions(reqVO, userId, createPermissions);
+        createContractPermissions(reqVO, userId, createPermissions);
+        if (CollUtil.isEmpty(createPermissions)) {
+            return;
+        }
+        createPermissionBatch(createPermissions);
+    }
+
+    /**
+     * 处理同时添加至联系人
+     *
+     * @param reqVO             请求
+     * @param userId            操作人
+     * @param createPermissions 待添加权限列表
+     */
+    private void createContactPermissions(CrmPermissionSaveReqVO reqVO, Long userId, List<CrmPermissionCreateReqBO> createPermissions) {
+        // 1. 校验是否被同时添加
+        Integer type = CrmBizTypeEnum.CRM_CONTACT.getType();
+        if (!reqVO.getToBizTypes().contains(type)) {
+            return;
+        }
+
+        // 2.1 添加数据权限
+        List<CrmContactDO> contactList = contactService.getContactListByCustomerIdOwnerUserId(reqVO.getBizId(), userId);
+        contactList.forEach(item -> {
+            createBizTypePermissions(reqVO, type, item.getId(), item.getName(), createPermissions);
+        });
+    }
+
+    /**
+     * 处理同时添加至商机
+     *
+     * @param reqVO             请求
+     * @param userId            操作人
+     * @param createPermissions 待添加权限列表
+     */
+    private void createBusinessPermissions(CrmPermissionSaveReqVO reqVO, Long userId, List<CrmPermissionCreateReqBO> createPermissions) {
+        // 1. 校验是否被同时添加
+        Integer type = CrmBizTypeEnum.CRM_BUSINESS.getType();
+        if (!reqVO.getToBizTypes().contains(type)) {
+            return;
+        }
+
+        // 2.1 添加数据权限
+        List<CrmBusinessDO> businessList = businessService.getBusinessListByCustomerIdOwnerUserId(reqVO.getBizId(), userId);
+        businessList.forEach(item -> {
+            createBizTypePermissions(reqVO, type, item.getId(), item.getName(), createPermissions);
+        });
+    }
+
+    /**
+     * 处理同时添加至合同
+     *
+     * @param reqVO             请求
+     * @param userId            操作人
+     * @param createPermissions 待添加权限列表
+     */
+    private void createContractPermissions(CrmPermissionSaveReqVO reqVO, Long userId, List<CrmPermissionCreateReqBO> createPermissions) {
+        // 1. 校验是否被同时添加
+        Integer type = CrmBizTypeEnum.CRM_CONTRACT.getType();
+        if (!reqVO.getToBizTypes().contains(type)) {
+            return;
+        }
+
+        // 2.1 添加数据权限
+        List<CrmContractDO> contractList = contractService.getContractListByCustomerIdOwnerUserId(reqVO.getBizId(), userId);
+        contractList.forEach(item -> {
+            createBizTypePermissions(reqVO, type, item.getId(), item.getName(), createPermissions);
+        });
+    }
+
+    private void createBizTypePermissions(CrmPermissionSaveReqVO reqVO, Integer type, Long bizId, String name,
+                                          List<CrmPermissionCreateReqBO> createPermissions) {
+        AdminUserRespDTO user = adminUserApi.getUser(reqVO.getUserId());
+        // 1. 需要考虑，被添加人，是不是应该有对应的权限了；
+        CrmPermissionDO permission = hasAnyPermission(type, bizId, reqVO.getUserId());
+        if (ObjUtil.isNotNull(permission)) {
+            throw exception(CRM_PERMISSION_CREATE_FAIL_EXISTS, user.getNickname(), CrmBizTypeEnum.getNameByType(type),
+                    name, CrmPermissionLevelEnum.getNameByLevel(permission.getLevel()));
+        }
+        // 2. 添加数据权限
+        createPermissions.add(new CrmPermissionCreateReqBO().setBizType(type)
+                .setBizId(bizId).setUserId(reqVO.getUserId()).setLevel(reqVO.getLevel()));
+    }
+
     @Override
     @Transactional(rollbackFor = Exception.class)
     public Long createPermission(CrmPermissionCreateReqBO createReqBO) {
+        return createPermission0(createReqBO);
+    }
+
+    private Long createPermission0(CrmPermissionCreateReqBO createReqBO) {
         validatePermissionNotExists(Collections.singletonList(createReqBO));
         // 1. 校验用户是否存在
         adminUserApi.validateUserList(Collections.singletonList(createReqBO.getUserId()));
@@ -170,7 +287,7 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
             throw exception(CRM_PERMISSION_DELETE_FAIL);
         }
         // 校验操作人是否为负责人
-        CrmPermissionDO permission = permissionMapper.selectByBizIdAndUserId(permissions.get(0).getBizId(), userId);
+        CrmPermissionDO permission = permissionMapper.selectByBizAndUserId(permissions.get(0).getBizType(), permissions.get(0).getBizId(), userId);
         if (permission == null) {
             throw exception(CRM_PERMISSION_DELETE_DENIED);
         }
@@ -220,4 +337,9 @@ public class CrmPermissionServiceImpl implements CrmPermissionService {
                 ObjUtil.equal(permission.getUserId(), userId) && ObjUtil.equal(permission.getLevel(), level.getLevel()));
     }
 
+    public CrmPermissionDO hasAnyPermission(Integer bizType, Long bizId, Long userId) {
+        List<CrmPermissionDO> permissionList = permissionMapper.selectByBizTypeAndBizId(bizType, bizId);
+        return findFirst(permissionList, permission -> ObjUtil.equal(permission.getUserId(), userId));
+    }
+
 }