fix: 租户管理员子账号的权限及组织查询

@@ -149,6 +149,9 @@ public class TkUserController extends AbstractUserAccount {
       @RequestParam(PAGE) int page,
       @RequestParam(value = ORDER_FILED, required = false) String orderBy,
       @RequestParam(value = ORDER_TYPE, required = false) OrderTypeEnum orderType,
+      @RequestParam(value = "organizationId", required = false) String organizationId,
+      @RequestParam(value = "username", required = false) String username,
+      @RequestParam(value = "realName", required = false) String realName,
       @RequestParam(TENANT_ID) String tenantId)
       throws ThingsboardException {
     HashMap<String, Object> queryMap = new HashMap<>();
@@ -158,15 +161,25 @@ public class TkUserController extends AbstractUserAccount {
       queryMap.put(ORDER_TYPE, orderType.name());
     }
     queryMap.put(ORDER_FILED, orderBy);
-    if (getCurrentUser().isPtTenantAdmin()) {
-      queryMap.put("level", FastIotConstants.MagicNumber.FOUR);
-    }else{
+    if(StringUtils.isNotEmpty(username)){
+      queryMap.put("username",username);
+    }
+    if(StringUtils.isNotEmpty(realName)){
+      queryMap.put("realName",realName);
+    }
+    if (getCurrentUser().isPtAdmin() || getCurrentUser().isSystemAdmin()) {
       queryMap.put("level", FastIotConstants.MagicNumber.TWO);
+    }else{
+      queryMap.put("level", FastIotConstants.MagicNumber.FOUR);
+      queryMap.put("currentUserId",getCurrentUser().getCurrentUserId());
+      if(StringUtils.isNotEmpty(organizationId)){
+        queryMap.put("organizationId", organizationId);
+      }
     }
     if (StringUtils.isEmpty(tenantId)) {
       throw new TkDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
     }
-    return userService.tenantPage(queryMap, tenantId);
+    return userService.tenantPage(queryMap, tenantId,getCurrentUser().isPtCommonTenant());
   }
 
   @PutMapping

@@ -14,8 +14,8 @@ import org.thingsboard.server.common.data.yunteng.dto.BaseDTO;
 import org.thingsboard.server.common.data.yunteng.dto.OrganizationDTO;
 import org.thingsboard.server.common.data.yunteng.enums.OrganizationEnum;
 import org.thingsboard.server.dao.yunteng.entities.TkUserOrganizationMappingEntity;
+import org.thingsboard.server.dao.yunteng.mapper.OrganizationMapper;
 import org.thingsboard.server.dao.yunteng.mapper.UserOrganizationMappingMapper;
-import org.thingsboard.server.dao.yunteng.service.TkOrganizationService;
 import org.thingsboard.server.dao.yunteng.service.UserOrganizationMappingService;
 
 import java.util.ArrayList;
@@ -35,12 +35,12 @@ import java.util.stream.Collectors;
 public class SysUserOrganizationMappingServiceImpl implements UserOrganizationMappingService {
 
   private final UserOrganizationMappingMapper userOrganizationMappingMapper;
-  private final TkOrganizationService organizationService;
+  private final OrganizationMapper organizationMapper;
 
   @Override
   public List<String> getUserIdByOrganizationIds(String tenantId,OrganizationEnum sort , String... ids) {
     List<String> collect =
-            organizationService.findOrganizationTreeList(tenantId, sort, List.of(ids)).stream()
+            organizationMapper.findOrganizationTreeList(tenantId, sort !=null?sort.toString():null, List.of(ids)).stream()
             .map(OrganizationDTO::getId)
             .collect(Collectors.toList());
     if (null == collect || collect.size() == 0) {
@@ -48,18 +48,29 @@ public class SysUserOrganizationMappingServiceImpl implements UserOrganizationMa
     } else {
       Set<String> clearList = new HashSet<>();
       clearList.addAll(collect);
-      return userOrganizationMappingMapper
-          .selectList(
-              new LambdaQueryWrapper<TkUserOrganizationMappingEntity>()
-                  .in(TkUserOrganizationMappingEntity::getOrganizationId, clearList))
-          .stream()
-          .map(TkUserOrganizationMappingEntity::getUserId)
-          .distinct()
-          .collect(Collectors.toList());
+      return getUserIdsByOrganizationIds(clearList,null);
     }
   }
 
   @Override
+  public List<String> getUserIdsByOrganizationIds(Set<String> organizationIds,String filterOrganizationId) {
+    if(null != organizationIds && !organizationIds.isEmpty() && !StringUtils.isEmpty(filterOrganizationId)){
+      organizationIds.remove(filterOrganizationId);
+    }
+    if(null == organizationIds || organizationIds.isEmpty()){
+      return new ArrayList<>();
+    }
+    return userOrganizationMappingMapper
+            .selectList(
+                    new LambdaQueryWrapper<TkUserOrganizationMappingEntity>()
+                            .in(TkUserOrganizationMappingEntity::getOrganizationId, organizationIds))
+            .stream()
+            .map(TkUserOrganizationMappingEntity::getUserId)
+            .distinct()
+            .collect(Collectors.toList());
+  }
+
+  @Override
   @Transactional
   public void addOrUpdateUserOrganizationMapping(
       String userId, List<String> organizationIds, boolean isUpdate) {
@@ -106,8 +117,8 @@ public class SysUserOrganizationMappingServiceImpl implements UserOrganizationMa
     List<String> organizationIds = null;
     if (StringUtils.isNotEmpty(organizationId)) {
       List<OrganizationDTO> organizationList =
-              organizationService.findOrganizationTreeList(
-              tenantId,null, new HashSet<>(List.of(organizationId)));
+              organizationMapper.findOrganizationTreeList(
+              tenantId,OrganizationEnum.DOWN.toString(), new HashSet<>(List.of(organizationId)));
       if (organizationList.size() == FastIotConstants.MagicNumber.ZERO) {
         throw new TkDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
       }

@@ -367,7 +367,31 @@ public class SysUserServiceImpl extends AbstractBaseService<UserMapper, SysUserE
   }
 
   @Override
-  public TkPageData<UserDTO> tenantPage(Map<String, Object> queryMap, String tenantId) {
+  public TkPageData<UserDTO> tenantPage(Map<String, Object> queryMap, String tenantId,boolean isCommonTenantAdmin) {
+    String organizationId = null !=queryMap.get("organizationId")?queryMap.get("organizationId").toString():null;
+    String currentUserId = null !=queryMap.get("currentUserId")?queryMap.get("currentUserId").toString():null;
+    Integer level = Integer.valueOf(queryMap.get("level").toString());
+    List<String> userIds = null;
+    boolean isTenantAdminOrCommon = MagicNumber.FOUR == level && null != currentUserId;
+    boolean continueQueryPageData = false;
+    if(isTenantAdminOrCommon && !isCommonTenantAdmin && StringUtils.isEmpty(organizationId)){
+      //如果是租户管理员查询分页,没有传组织ID就直接进行后续分页查询
+      continueQueryPageData = true;
+    }
+    if(isTenantAdminOrCommon && !isCommonTenantAdmin && StringUtils.isNotEmpty(organizationId)){
+      userIds = tenantAdminOperator(tenantId,organizationId);
+    }
+    if( isTenantAdminOrCommon && isCommonTenantAdmin){
+      userIds = commonTenantAdminOperator(tenantId,currentUserId,organizationId);
+    }
+    if(null != userIds && !userIds.isEmpty()){
+      queryMap.put("userIds",userIds);
+    }
+    if(isTenantAdminOrCommon && !continueQueryPageData){
+      if(null == userIds || userIds.isEmpty()){
+        return new TkPageData<>(new ArrayList<UserDTO>(),0);
+      }
+    }
     IPage<SysUserEntity> userIPage = getPage(queryMap, "create_time", false);
     IPage<UserDTO> userPage = baseMapper.getTenantAdminPage(userIPage, tenantId,queryMap);
     if (null != userPage) {
@@ -383,6 +407,67 @@ public class SysUserServiceImpl extends AbstractBaseService<UserMapper, SysUserE
     return getPageData(userPage, UserDTO.class);
   }
 
+  private List<String> tenantAdminOperator(String tenantId,String organizationId){
+    List<String> userIds = null;
+    List<String> organizationIds = organizationService.organizationAllIds(tenantId,organizationId);
+    if(null != organizationIds && !organizationIds.isEmpty()){
+      userIds = userOrganizationMappingService.getUserIdByOrganizationIds(tenantId,OrganizationEnum.DOWN,
+              organizationIds.toArray(new String[organizationIds.size()]));
+    }
+    //过滤当前组织的上级组织的账号
+    userIds = filterParentUserId(tenantId,organizationId,userIds);
+    return userIds;
+  }
+
+  private List<String> commonTenantAdminOperator(String tenantId,String currentUserId,String organizationId){
+    List<String> userIds;
+    //找到当前用户的组织
+    List<String> organizationIds = userOrganizationMappingService.getOrganizationIdsByUserId(currentUserId);
+    //找到当前组织关联的所有账号
+    userIds = queryCurrentUser(tenantId,organizationId,organizationIds);
+    //找到当前用户组织的上级组织的账号
+    if(null !=organizationIds && !organizationIds.isEmpty()){
+      Set<String> filterUserIds = new HashSet<>();
+      for (String orgId :organizationIds){
+        List<String> parentUserIds = filterParentUserId(tenantId,orgId,userIds);
+        if(null != parentUserIds && !parentUserIds.isEmpty()){
+          filterUserIds.addAll(parentUserIds);
+        }
+      }
+      if(!filterUserIds.isEmpty()){
+        filterUserIds.remove(currentUserId);
+        userIds = new ArrayList<>();
+        userIds.addAll(filterUserIds);
+      }
+    }
+    return userIds;
+  }
+  private List<String> queryCurrentUser(String tenantId,String organizationId,List<String> organizationIds){
+    if(!StringUtils.isEmpty(organizationId)){
+      if(organizationIds.contains(organizationId)){
+        //查询当前组织下的所有下级组织
+        organizationIds = organizationService.organizationAllIds(tenantId,organizationId);
+      }else{
+        return null;
+      }
+    }
+    if(null != organizationIds && !organizationIds.isEmpty()){
+      return userOrganizationMappingService.getUserIdByOrganizationIds(tenantId,OrganizationEnum.DOWN,
+              organizationIds.toArray(new String[organizationIds.size()]));
+    }
+    return null;
+  }
+
+  private List<String> filterParentUserId(String tenantId,String organizationId,List<String> sourceUserIds){
+    Set<String> organizationIds = organizationService.findOrganizationTreeList(tenantId, OrganizationEnum.UP, List.of(organizationId)).stream()
+            .map(OrganizationDTO::getId)
+            .collect(Collectors.toSet());
+
+    List<String> userIds = userOrganizationMappingService.getUserIdsByOrganizationIds(organizationIds,organizationId);
+    return sourceUserIds.stream()
+            .filter(element -> !userIds.contains(element))
+            .collect(Collectors.toList());
+  }
   private void fillUserStatus(UserDTO userDTO) {
     userDTO.setUserStatusEnum(UserStatusEnum.NORMAL);
     if (!userDTO.isEnabled()) {

@@ -20,6 +20,7 @@ import org.thingsboard.server.dao.yunteng.entities.*;
 import org.thingsboard.server.dao.yunteng.mapper.*;
 import org.thingsboard.server.dao.yunteng.service.AbstractBaseService;
 import org.thingsboard.server.dao.yunteng.service.TkOrganizationService;
+import org.thingsboard.server.dao.yunteng.service.UserOrganizationMappingService;
 
 import java.util.*;
 import java.util.stream.Collectors;
@@ -38,6 +39,7 @@ public class TkOrganizationServiceImpl extends AbstractBaseService<OrganizationM
   private final String cacheName = FastIotConstants.CacheConfigKey.ORGANIZATION;
   private final CacheUtils cacheUtils;
 
+  private final UserOrganizationMappingService userOrganizationMappingService;
   @Override
   @Transactional
   public OrganizationDTO saveOrganization(
@@ -211,7 +213,7 @@ public class TkOrganizationServiceImpl extends AbstractBaseService<OrganizationM
     //如果源上级组织与目标组织有变更,则需要更新用户组织映射表信息
     if(!Objects.equals(sourceParentOrganizationId,parentId)){
       //删除当前组织关联的源用户映射
-      deleteUserOrganizationMappingByOrganizationId(organizationId);
+      deleteUserOrganizationMappingByOrganizationId(tenantId,organizationId);
       //查询目标组织的用户列表,新增当前组织关联的目标用户映射
       addUserOrganizationMapping(parentId,organizationId);
     }
@@ -219,9 +221,17 @@ public class TkOrganizationServiceImpl extends AbstractBaseService<OrganizationM
     return organizationDTO;
   }
 
-  private void deleteUserOrganizationMappingByOrganizationId(String organizationId){
-    userOrganizationMappingMapper.delete(new LambdaQueryWrapper<TkUserOrganizationMappingEntity>()
-            .eq(TkUserOrganizationMappingEntity::getOrganizationId,organizationId));
+  private void deleteUserOrganizationMappingByOrganizationId(String tenantId,String organizationId){
+    Set<String> organizationIds = findOrganizationTreeList(tenantId, OrganizationEnum.UP, List.of(organizationId)).stream()
+            .map(OrganizationDTO::getId)
+            .collect(Collectors.toSet());
+    //查询上级组织的账号
+    List<String> userIds = userOrganizationMappingService.getUserIdsByOrganizationIds(organizationIds,organizationId);
+    for (String userId : userIds){
+      userOrganizationMappingMapper.delete(new LambdaQueryWrapper<TkUserOrganizationMappingEntity>()
+              .eq(TkUserOrganizationMappingEntity::getOrganizationId,organizationId)
+              .eq(TkUserOrganizationMappingEntity::getUserId,userId));
+    }
   }
 
   private void addUserOrganizationMapping(String targetParentId,String organizationId){

@@ -34,7 +34,7 @@ public interface TkUserService {
   TkPageData<UserDTO> page(
       Map<String, Object> queryMap, boolean isPtSysadmin, boolean isTenantAdmin);
 
-  TkPageData<UserDTO> tenantPage(Map<String, Object> queryMap, String tenantId);
+  TkPageData<UserDTO> tenantPage(Map<String, Object> queryMap, String tenantId,boolean isCommonTenantAdmin);
 
   UserDTO updateUser(UserDTO userDTO, boolean isPtSysadmin, String tenantId);
 

@@ -14,6 +14,8 @@ public interface UserOrganizationMappingService {
 
     List<String> getUserIdByOrganizationIds(String tenantId, OrganizationEnum sort , String... ids);
 
+    List<String> getUserIdsByOrganizationIds(Set<String> organizationIds,String filterOrganizationId);
+
     /**
      * 添加或更新用户组织关系
      *

@@ -29,7 +29,7 @@
         UNION ALL
         SELECT ig.id, ig.parent_id, ig.name, ig.sort,ig.creator,ig.create_time,ig.updater,ig.update_time,ig.remark,ig.tenant_id
         FROM tk_organization ig
-        <if test="sort =='UP'">
+        <if test="sort == 'UP'">
             JOIN organization ON ig.id = organization.parent_id
         </if>
         <if test="sort == 'DOWN'">

@@ -128,9 +128,23 @@
         FROM sys_user su
         LEFT JOIN sys_tenant st ON su.tenant_id = st.tenant_id
         WHERE su.tenant_id = #{tenantId}
+        <if test="queryMap.username !=null and queryMap.username!=''">
+            AND su.username LIKE CONCAT('%',#{queryMap.username}::TEXT,'%')
+
+        </if>
+        <if test="queryMap.realName !=null and queryMap.realName!=''">
+            AND su.real_name LIKE CONCAT('%',#{queryMap.realName}::TEXT,'%')
+
+        </if>
         <if test="queryMap.level !=null">
             AND su.level= #{queryMap.level}
         </if>
+        <if test="queryMap.userIds !=null">
+            AND su.id IN
+            <foreach collection="queryMap.userIds" item="userId" open="(" separator="," close=")">
+                #{userId}
+            </foreach>
+        </if>
     </select>
     <select id="getAllIdsByTenantId" resultType="java.lang.String">
         SELECT id FROM sys_user WHERE tenant_id IN