简柏林 / thingskit · Commits

Commit c2334588b0daf19fec623be33f5e55c6ce8819df

Authored by 云中非
2 parents 2909b4ae c048dab4

Merge branch 'master' into ljl1216

Inline Side-by-side
Showing 6 changed files with 60 additions and 18 deletions
@@ -15,6 +15,7 @@ import org.thingsboard.server.common.data.User; @@ -15,6 +15,7 @@ import org.thingsboard.server.common.data.User;
15 import org.thingsboard.server.common.data.audit.ActionType; 15 import org.thingsboard.server.common.data.audit.ActionType;
16 import org.thingsboard.server.common.data.exception.ThingsboardException; 16 import org.thingsboard.server.common.data.exception.ThingsboardException;
17 import org.thingsboard.server.common.data.id.EdgeId; 17 import org.thingsboard.server.common.data.id.EdgeId;
  18 +import org.thingsboard.server.common.data.id.TenantId;
18 import org.thingsboard.server.common.data.id.UserId; 19 import org.thingsboard.server.common.data.id.UserId;
19 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent; 20 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
20 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup; 21 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
@@ -195,9 +196,14 @@ public class YtAdminController extends BaseController { @@ -195,9 +196,14 @@ public class YtAdminController extends BaseController {
195 196
196 private void updateOrSaveTenant(TenantReqDTO tenantReqDTO) throws ThingsboardException { 197 private void updateOrSaveTenant(TenantReqDTO tenantReqDTO) throws ThingsboardException {
197 try { 198 try {
198 - boolean isCreate = tenantReqDTO.getId() == null;  
199 - // 增加TB的租户创建  
200 - Tenant tbTenant = new Tenant(); 199 + boolean isCreate = tenantReqDTO.getTenantId() == null;
  200 + Tenant tbTenant;
  201 + if(isCreate){
  202 + // 增加TB的租户创建
  203 + tbTenant = new Tenant();
  204 + }else{
  205 + tbTenant = new Tenant(new TenantId(UUID.fromString(tenantReqDTO.getTenantId())));
  206 + }
201 tbTenant.setTitle(tenantReqDTO.getName()); 207 tbTenant.setTitle(tenantReqDTO.getName());
202 tbTenant = tenantService.saveTenant(tbTenant); 208 tbTenant = tenantService.saveTenant(tbTenant);
203 if (isCreate) { 209 if (isCreate) {
@@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng; @@ -2,6 +2,7 @@ package org.thingsboard.server.controller.yunteng;
2 2
3 3
4 import lombok.RequiredArgsConstructor; 4 import lombok.RequiredArgsConstructor;
  5 +import org.springframework.security.access.prepost.PreAuthorize;
5 import org.springframework.util.Assert; 6 import org.springframework.util.Assert;
6 import org.springframework.web.bind.annotation.*; 7 import org.springframework.web.bind.annotation.*;
7 import org.thingsboard.server.common.data.exception.ThingsboardException; 8 import org.thingsboard.server.common.data.exception.ThingsboardException;
@@ -28,6 +29,7 @@ public class YtRoleController extends BaseController { @@ -28,6 +29,7 @@ public class YtRoleController extends BaseController {
28 private final RoleService roleService; 29 private final RoleService roleService;
29 30
30 @GetMapping(params = {PAGE_SIZE, PAGE}) 31 @GetMapping(params = {PAGE_SIZE, PAGE})
  32 + @PreAuthorize("hasAnyAuthority('SYS_ADMIN','TENANT_ADMIN')")
31 public YtPageData<RoleDTO> pageRole( 33 public YtPageData<RoleDTO> pageRole(
32 @RequestParam(PAGE_SIZE) int pageSize, 34 @RequestParam(PAGE_SIZE) int pageSize,
33 @RequestParam(PAGE) int page, 35 @RequestParam(PAGE) int page,
@@ -50,7 +52,7 @@ public class YtRoleController extends BaseController { @@ -50,7 +52,7 @@ public class YtRoleController extends BaseController {
50 if (orderType != null) { 52 if (orderType != null) {
51 queryMap.put(ORDER_TYPE, orderType.name()); 53 queryMap.put(ORDER_TYPE, orderType.name());
52 } 54 }
53 - return roleService.page(getCurrentUser().isPtSysadmin(), getCurrentUser().isPtAdmin(), getCurrentUser().getCurrentTenantId(),queryMap); 55 + return roleService.page(getCurrentUser().getCurrentTenantId(),queryMap);
54 } 56 }
55 57
56 @DeleteMapping 58 @DeleteMapping
@@ -33,10 +33,12 @@ import org.thingsboard.server.common.data.security.Authority; @@ -33,10 +33,12 @@ import org.thingsboard.server.common.data.security.Authority;
33 import org.thingsboard.server.common.data.security.UserCredentials; 33 import org.thingsboard.server.common.data.security.UserCredentials;
34 import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants; 34 import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
35 import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils; 35 import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils;
  36 +import org.thingsboard.server.common.data.yunteng.dto.UserDetailRoleDTO;
36 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO; 37 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
37 import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL; 38 import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL;
38 import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum; 39 import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum;
39 import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum; 40 import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum;
  41 +import org.thingsboard.server.common.data.yunteng.enums.RoleEnum;
40 import org.thingsboard.server.dao.audit.AuditLogService; 42 import org.thingsboard.server.dao.audit.AuditLogService;
41 import org.thingsboard.server.dao.customer.CustomerService; 43 import org.thingsboard.server.dao.customer.CustomerService;
42 import org.thingsboard.server.service.security.model.SecurityUser; 44 import org.thingsboard.server.service.security.model.SecurityUser;
@@ -47,10 +49,8 @@ import org.thingsboard.server.dao.yunteng.service.YtUserService; @@ -47,10 +49,8 @@ import org.thingsboard.server.dao.yunteng.service.YtUserService;
47 import ua_parser.Client; 49 import ua_parser.Client;
48 50
49 import java.time.LocalDateTime; 51 import java.time.LocalDateTime;
50 -import java.util.List;  
51 -import java.util.Objects;  
52 -import java.util.Optional;  
53 -import java.util.UUID; 52 +import java.util.*;
  53 +import java.util.stream.Collectors;
54 54
55 import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE; 55 import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE;
56 import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER; 56 import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER;
@@ -94,6 +94,10 @@ public class RestAuthenticationProvider implements AuthenticationProvider { @@ -94,6 +94,10 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
94 if (!FastIotConstants.EMAIL_PATTERN.matcher(username).matches()) { 94 if (!FastIotConstants.EMAIL_PATTERN.matcher(username).matches()) {
95 username += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB; 95 username += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
96 ytDetailDTO = ytUserDetailsByUserName(ytUserName, password).get(); 96 ytDetailDTO = ytUserDetailsByUserName(ytUserName, password).get();
  97 + // 如果是平台用户单独处理
  98 + if (isPlatFormUser(ytDetailDTO)) {
  99 + return validateByUsernameAndPassword(ytDetailDTO, authentication, userPrincipal);
  100 + }
97 } 101 }
98 return authenticateByUsernameAndPassword( 102 return authenticateByUsernameAndPassword(
99 ytDetailDTO, authentication, userPrincipal, username, password); 103 ytDetailDTO, authentication, userPrincipal, username, password);
@@ -109,6 +113,26 @@ public class RestAuthenticationProvider implements AuthenticationProvider { @@ -109,6 +113,26 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
109 } 113 }
110 } 114 }
111 115
  116 + private Authentication validateByUsernameAndPassword(
  117 + UserDetailsDTO ytDetailDTO, Authentication authentication, UserPrincipal userPrincipal) {
  118 + Object principal = authentication.getPrincipal();
  119 + if (!(principal instanceof UserPrincipal)) {
  120 + throw new BadCredentialsException("Authentication Failed. Bad user principal.");
  121 + }
  122 + User user = new User();
  123 + user.setUserDetailsDTO(ytDetailDTO);
  124 + user.setAuthority(Authority.PLATFORM_USER);
  125 + user.setTenantId(new TenantId(EntityId.NULL_UUID));
  126 + user.setId(new UserId(UUID.fromString(ytDetailDTO.getId())));
  127 + String email = ytDetailDTO.getUsername();
  128 + email += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
  129 + user.setEmail(email);
  130 + UserCredentials userCredentials = new UserCredentials();
  131 + SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
  132 + return new UsernamePasswordAuthenticationToken(
  133 + securityUser, null, securityUser.getAuthorities());
  134 + }
  135 +
112 private Authentication authenticateByUsernameAndPassword( 136 private Authentication authenticateByUsernameAndPassword(
113 UserDetailsDTO ytDetailDTO, 137 UserDetailsDTO ytDetailDTO,
114 Authentication authentication, 138 Authentication authentication,
@@ -116,7 +140,6 @@ public class RestAuthenticationProvider implements AuthenticationProvider { @@ -116,7 +140,6 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
116 String username, 140 String username,
117 String password) { 141 String password) {
118 142
119 - // TODO 先验证sys_user账号密码是否正确,正确后,在账号后面加上后缀验证TB用户是否正确  
120 Object principal = authentication.getPrincipal(); 143 Object principal = authentication.getPrincipal();
121 if (!(principal instanceof UserPrincipal)) { 144 if (!(principal instanceof UserPrincipal)) {
122 throw new BadCredentialsException("Authentication Failed. Bad user principal."); 145 throw new BadCredentialsException("Authentication Failed. Bad user principal.");
@@ -358,4 +381,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider { @@ -358,4 +381,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
358 } 381 }
359 return true; 382 return true;
360 } 383 }
  384 +
  385 + /**
  386 + * 判断是否是平台用户
  387 + *
  388 + * @param ytDetailDTO 用户详情
  389 + * @return true是平台用户 false不是平台用户
  390 + */
  391 + private boolean isPlatFormUser(UserDetailsDTO ytDetailDTO) {
  392 + Set<String> roles =
  393 + ytDetailDTO.getRoles().stream()
  394 + .map(UserDetailRoleDTO::getRoleType)
  395 + .map(RoleEnum::name)
  396 + .collect(Collectors.toSet());
  397 + return roles.stream().anyMatch(role -> role.equals(RoleEnum.PLATFORM_ADMIN.name()));
  398 + }
361 } 399 }
@@ -20,6 +20,7 @@ public enum Authority { @@ -20,6 +20,7 @@ public enum Authority {
20 SYS_ADMIN(0), 20 SYS_ADMIN(0),
21 TENANT_ADMIN(1), 21 TENANT_ADMIN(1),
22 CUSTOMER_USER(2), 22 CUSTOMER_USER(2),
  23 + PLATFORM_USER(3),
23 REFRESH_TOKEN(10); 24 REFRESH_TOKEN(10);
24 25
25 private int code; 26 private int code;
@@ -46,8 +46,7 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple @@ -46,8 +46,7 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple
46 private final UserRoleMapper userRoleMapper; 46 private final UserRoleMapper userRoleMapper;
47 47
48 @Override 48 @Override
49 - public YtPageData<RoleDTO> page(  
50 - boolean isSysadmin, boolean isPlatformAdmin, String tenantId, Map<String, Object> queryMap) { 49 + public YtPageData<RoleDTO> page(String tenantId, Map<String, Object> queryMap) {
51 IPage<Role> roleIPage = 50 IPage<Role> roleIPage =
52 baseMapper.selectPage( 51 baseMapper.selectPage(
53 getPage(queryMap, "create_time", false), 52 getPage(queryMap, "create_time", false),
@@ -55,12 +54,8 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple @@ -55,12 +54,8 @@ public class RoleServiceImpl extends AbstractBaseService<RoleMapper, Role> imple
55 .lambda() 54 .lambda()
56 .eq(queryMap.get("status") != null, Role::isEnabled, queryMap.get("status")) 55 .eq(queryMap.get("status") != null, Role::isEnabled, queryMap.get("status"))
57 .eq(queryMap.get("roleType") != null, Role::getRoleType, queryMap.get("roleType")) 56 .eq(queryMap.get("roleType") != null, Role::getRoleType, queryMap.get("roleType"))
58 - .ne(queryMap.get("roleType") == null, Role::getRoleType, RoleEnum.TENANT_ADMIN)  
59 - .ne(  
60 - queryMap.get("roleType") == null && isPlatformAdmin,  
61 - Role::getRoleType,  
62 - RoleEnum.SYS_ADMIN)  
63 - .eq(!isSysadmin, Role::getTenantId, tenantId) 57 + .ne(queryMap.get("roleType") == null, Role::getRoleType, RoleEnum.TENANT_ADMIN.name())
  58 + .eq(Role::getTenantId, tenantId)
64 .like( 59 .like(
65 queryMap.get("roleName") != null, 60 queryMap.get("roleName") != null,
66 Role::getName, 61 Role::getName,
@@ -10,7 +10,7 @@ import java.util.Map; @@ -10,7 +10,7 @@ import java.util.Map;
10 import java.util.Set; 10 import java.util.Set;
11 11
12 public interface RoleService { 12 public interface RoleService {
13 - YtPageData<RoleDTO> page(boolean isSysadmin, boolean isPlatformAdmin, String tenantId, Map<String, Object> queryMap); 13 + YtPageData<RoleDTO> page(String tenantId, Map<String, Object> queryMap);
14 14
15 boolean deleteRole(String[] roleIds,String tenantId); 15 boolean deleteRole(String[] roleIds,String tenantId);
16 16