Merge branch 'master' into ljl1216

@@ -15,6 +15,7 @@ import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.EdgeId;
+import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
@@ -195,9 +196,14 @@ public class YtAdminController extends BaseController {
 
   private void updateOrSaveTenant(TenantReqDTO tenantReqDTO) throws ThingsboardException {
     try {
-      boolean isCreate = tenantReqDTO.getId() == null;
-      // 增加TB的租户创建
-      Tenant tbTenant = new Tenant();
+      boolean isCreate = tenantReqDTO.getTenantId() == null;
+      Tenant tbTenant;
+      if(isCreate){
+        // 增加TB的租户创建
+        tbTenant = new Tenant();
+      }else{
+        tbTenant = new Tenant(new TenantId(UUID.fromString(tenantReqDTO.getTenantId())));
+      }
       tbTenant.setTitle(tenantReqDTO.getName());
       tbTenant = tenantService.saveTenant(tbTenant);
       if (isCreate) {

@@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng;
 
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -28,6 +29,7 @@ public class YtRoleController extends BaseController {
   private final RoleService roleService;
 
   @GetMapping(params = {PAGE_SIZE, PAGE})
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')")
   public YtPageData<RoleDTO> pageRole(
       @RequestParam(PAGE_SIZE) int pageSize,
       @RequestParam(PAGE) int page,
@@ -50,7 +52,7 @@ public class YtRoleController extends BaseController {
     if (orderType != null) {
       queryMap.put(ORDER_TYPE, orderType.name());
     }
-    return roleService.page(getCurrentUser().isPtSysadmin(), getCurrentUser().isPtAdmin(), getCurrentUser().getCurrentTenantId(),queryMap);
+    return roleService.page(getCurrentUser().getCurrentTenantId(),queryMap);
   }
 
   @DeleteMapping

@@ -33,10 +33,12 @@ import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
 import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils;
+import org.thingsboard.server.common.data.yunteng.dto.UserDetailRoleDTO;
 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
 import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL;
 import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum;
 import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum;
+import org.thingsboard.server.common.data.yunteng.enums.RoleEnum;
 import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -47,10 +49,8 @@ import org.thingsboard.server.dao.yunteng.service.YtUserService;
 import ua_parser.Client;
 
 import java.time.LocalDateTime;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
-import java.util.UUID;
+import java.util.*;
+import java.util.stream.Collectors;
 
 import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE;
 import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER;
@@ -94,6 +94,10 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
       if (!FastIotConstants.EMAIL_PATTERN.matcher(username).matches()) {
         username += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
         ytDetailDTO = ytUserDetailsByUserName(ytUserName, password).get();
+        // 如果是平台用户单独处理
+        if (isPlatFormUser(ytDetailDTO)) {
+          return validateByUsernameAndPassword(ytDetailDTO, authentication, userPrincipal);
+        }
       }
       return authenticateByUsernameAndPassword(
           ytDetailDTO, authentication, userPrincipal, username, password);
@@ -109,6 +113,26 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
     }
   }
 
+  private Authentication validateByUsernameAndPassword(
+      UserDetailsDTO ytDetailDTO, Authentication authentication, UserPrincipal userPrincipal) {
+    Object principal = authentication.getPrincipal();
+    if (!(principal instanceof UserPrincipal)) {
+      throw new BadCredentialsException("Authentication Failed. Bad user principal.");
+    }
+    User user = new User();
+    user.setUserDetailsDTO(ytDetailDTO);
+    user.setAuthority(Authority.PLATFORM_USER);
+    user.setTenantId(new TenantId(EntityId.NULL_UUID));
+    user.setId(new UserId(UUID.fromString(ytDetailDTO.getId())));
+    String email = ytDetailDTO.getUsername();
+    email += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
+    user.setEmail(email);
+    UserCredentials userCredentials = new UserCredentials();
+    SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
+    return new UsernamePasswordAuthenticationToken(
+        securityUser, null, securityUser.getAuthorities());
+  }
+
   private Authentication authenticateByUsernameAndPassword(
       UserDetailsDTO ytDetailDTO,
       Authentication authentication,
@@ -116,7 +140,6 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
       String username,
       String password) {
 
-    // TODO 先验证sys_user账号密码是否正确，正确后，在账号后面加上后缀验证TB用户是否正确
     Object principal = authentication.getPrincipal();
     if (!(principal instanceof UserPrincipal)) {
       throw new BadCredentialsException("Authentication Failed. Bad user principal.");
@@ -358,4 +381,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
     }
     return true;
   }
+
+  /**
+   * 判断是否是平台用户
+   *
+   * @param ytDetailDTO 用户详情
+   * @return true是平台用户 false不是平台用户
+   */
+  private boolean isPlatFormUser(UserDetailsDTO ytDetailDTO) {
+    Set<String> roles =
+        ytDetailDTO.getRoles().stream()
+            .map(UserDetailRoleDTO::getRoleType)
+            .map(RoleEnum::name)
+            .collect(Collectors.toSet());
+    return roles.stream().anyMatch(role -> role.equals(RoleEnum.PLATFORM_ADMIN.name()));
+  }
 }

@@ -20,6 +20,7 @@ public enum Authority {
     SYS_ADMIN(0),
     TENANT_ADMIN(1),
     CUSTOMER_USER(2),
+    PLATFORM_USER(3),
     REFRESH_TOKEN(10);
 
     private int code;

@@ -46,8 +46,7 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple
   private final UserRoleMapper userRoleMapper;
 
   @Override
-  public YtPageData<RoleDTO> page(
-      boolean isSysadmin, boolean isPlatformAdmin, String tenantId, Map<String, Object> queryMap) {
+  public YtPageData<RoleDTO> page(String tenantId, Map<String, Object> queryMap) {
     IPage<Role> roleIPage =
         baseMapper.selectPage(
             getPage(queryMap, "create_time", false),
@@ -55,12 +54,8 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple
                 .lambda()
                 .eq(queryMap.get("status") != null, Role::isEnabled, queryMap.get("status"))
                 .eq(queryMap.get("roleType") != null, Role::getRoleType, queryMap.get("roleType"))
-                .ne(queryMap.get("roleType") == null, Role::getRoleType, RoleEnum.TENANT_ADMIN)
-                .ne(
-                    queryMap.get("roleType") == null && isPlatformAdmin,
-                    Role::getRoleType,
-                    RoleEnum.SYS_ADMIN)
-                .eq(!isSysadmin, Role::getTenantId, tenantId)
+                .ne(queryMap.get("roleType") == null, Role::getRoleType, RoleEnum.TENANT_ADMIN.name())
+                .eq(Role::getTenantId, tenantId)
                 .like(
                     queryMap.get("roleName") != null,
                     Role::getName,

@@ -10,7 +10,7 @@ import java.util.Map;
 import java.util.Set;
 
 public interface RoleService {
-  YtPageData<RoleDTO> page(boolean isSysadmin, boolean isPlatformAdmin, String tenantId, Map<String, Object> queryMap);
+  YtPageData<RoleDTO> page(String tenantId, Map<String, Object> queryMap);
 
   boolean deleteRole(String[] roleIds,String tenantId);