添加组织对普通成员默认权限

dysong-com · Aug 22, 2018 · 38d423d · 38d423d
1 parent e8a2764
commit 38d423d
Show file tree

Hide file tree

Showing 12 changed files with 180 additions and 57 deletions.
diff --git a/bin/davinci.sql b/bin/davinci.sql
@@ -135,6 +135,7 @@ CREATE TABLE `organization` (
   `member_num` int(20) DEFAULT '0',
   `team_num` int(20) DEFAULT '0',
   `allow_create_project` tinyint(1) DEFAULT '1',
+  `member_permission` smallint(1) NOT NULL DEFAULT '0',
   `create_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
   `create_by` bigint(20) NOT NULL DEFAULT '0',
   `update_time` timestamp NULL DEFAULT NULL,

diff --git a/server/src/main/java/edp/davinci/common/service/CommonService.java b/server/src/main/java/edp/davinci/common/service/CommonService.java
@@ -127,10 +127,17 @@ public boolean allowRead(Project project, User user) {
             return true;
         }
 
-        //当前project所属organization的owner
         RelUserOrganization orgRel = relUserOrganizationMapper.getRel(user.getId(), organization.getId());
-        if (null != orgRel && orgRel.getRole() == UserOrgRoleEnum.OWNER.getRole()) {
-            return true;
+        if (null != orgRel) {
+            //当前project所属organization的owner
+            if (orgRel.getRole() == UserOrgRoleEnum.OWNER.getRole()) {
+                return true;
+            }
+
+            //organization对普通成员开启权限
+            if (organization.getMemberPermission() > UserPermissionEnum.HIDDEN.getPermission()) {
+                return true;
+            }
         }
 
         Short maxTeamRole = relUserTeamMapper.getUserMaxRoleWithProjectId(project.getId(), user.getId());
@@ -143,10 +150,17 @@ public boolean allowRead(Project project, User user) {
             if (!project.getVisibility()) {
                 return false;
             }
-            //当前project对应team的member且project下内容的权限
-            short maxVizPermission = getMaxPermission(project.getId(), user.getId());
-            if (maxVizPermission > UserPermissionEnum.HIDDEN.getPermission()) {
-                return true;
+            Integer teamNumOfOrgByUser = relUserTeamMapper.getTeamNumOfOrgByUser(organization.getId(), user.getId());
+            if (teamNumOfOrgByUser > 0) {
+                //当前project对应team的member且project下内容的权限
+                short maxVizPermission = getMaxPermission(project.getId(), user.getId());
+                if (maxVizPermission > UserPermissionEnum.HIDDEN.getPermission()) {
+                    return true;
+                }
+            } else {
+                if (organization.getMemberPermission() > UserPermissionEnum.HIDDEN.getPermission()) {
+                    return true;
+                }
             }
         }
 
@@ -183,10 +197,19 @@ public boolean allowWrite(Project project, User user) {
 
         //当前project所属organization的owner
         RelUserOrganization orgRel = relUserOrganizationMapper.getRel(user.getId(), organization.getId());
-        if (null != orgRel && orgRel.getRole() == UserOrgRoleEnum.OWNER.getRole()) {
-            return true;
+        if (null != orgRel) {
+            //当前project所属organization的owner
+            if (orgRel.getRole() == UserOrgRoleEnum.OWNER.getRole()) {
+                return true;
+            }
+
+            //organization对普通成员开启权限
+            if (organization.getMemberPermission() > UserPermissionEnum.READ.getPermission()) {
+                return true;
+            }
         }
 
+
         Short maxTeamRole = relUserTeamMapper.getUserMaxRoleWithProjectId(project.getId(), user.getId());
 
         if (maxTeamRole == UserTeamRoleEnum.MAINTAINER.getRole()) {
@@ -197,11 +220,19 @@ public boolean allowWrite(Project project, User user) {
             if (!project.getVisibility()) {
                 return false;
             }
-            //当前project对应team的member且project下内容的权限
-            short maxVizPermission = getMaxPermission(project.getId(), user.getId());
-            if (maxVizPermission > UserPermissionEnum.READ.getPermission()) {
-                return true;
+            Integer teamNumOfOrgByUser = relUserTeamMapper.getTeamNumOfOrgByUser(organization.getId(), user.getId());
+            if (teamNumOfOrgByUser > 0) {
+                //当前project对应team的member且project下内容的权限
+                short maxVizPermission = getMaxPermission(project.getId(), user.getId());
+                if (maxVizPermission > UserPermissionEnum.READ.getPermission()) {
+                    return true;
+                }
+            } else {
+                if (organization.getMemberPermission() > UserPermissionEnum.READ.getPermission()) {
+                    return true;
+                }
             }
+
         }
 
         return false;
@@ -237,10 +268,19 @@ public boolean allowDelete(Project project, User user) {
 
         //当前project所属organization的owner
         RelUserOrganization orgRel = relUserOrganizationMapper.getRel(user.getId(), organization.getId());
-        if (null != orgRel && orgRel.getRole() == UserOrgRoleEnum.OWNER.getRole()) {
-            return true;
+        if (null != orgRel) {
+            //当前project所属organization的owner
+            if (orgRel.getRole() == UserOrgRoleEnum.OWNER.getRole()) {
+                return true;
+            }
+
+            //organization对普通成员开启权限
+            if (organization.getMemberPermission() > UserPermissionEnum.WRITE.getPermission()) {
+                return true;
+            }
         }
 
+
         short maxTeamRole = relUserTeamMapper.getUserMaxRoleWithProjectId(project.getId(), user.getId());
 
         if (maxTeamRole == UserTeamRoleEnum.MAINTAINER.getRole()) {
@@ -251,10 +291,17 @@ public boolean allowDelete(Project project, User user) {
             if (!project.getVisibility()) {
                 return false;
             }
-            //当前project对应team的member且project下内容的权限
-            short maxVizPermission = getMaxPermission(project.getId(), user.getId());
-            if (maxVizPermission > UserPermissionEnum.WRITE.getPermission()) {
-                return true;
+            Integer teamNumOfOrgByUser = relUserTeamMapper.getTeamNumOfOrgByUser(organization.getId(), user.getId());
+            if (teamNumOfOrgByUser > 0) {
+                //当前project对应team的member且project下内容的权限
+                short maxVizPermission = getMaxPermission(project.getId(), user.getId());
+                if (maxVizPermission > UserPermissionEnum.WRITE.getPermission()) {
+                    return true;
+                }
+            } else {
+                if (organization.getMemberPermission() > UserPermissionEnum.WRITE.getPermission()) {
+                    return true;
+                }
             }
         }
 

diff --git a/server/src/main/java/edp/davinci/dao/OrganizationMapper.java b/server/src/main/java/edp/davinci/dao/OrganizationMapper.java
@@ -72,9 +72,7 @@ public interface OrganizationMapper {
             "avatar = #{avatar},",
             "user_id = #{userId},",
             "allow_create_project = #{allowCreateProject},",
-//            "allow_delete_or_transfer_project = #{allowDeleteOrTransferProject},",
-//            "allow_change_visibility = #{allowChangeVisibility},",
-//            "member_permission = #{memberPermission},",
+            "member_permission = #{memberPermission},",
             "update_time = #{updateTime},",
             "update_by = #{updateBy}",
             "where id = #{id}"

diff --git a/server/src/main/java/edp/davinci/dao/ProjectMapper.java b/server/src/main/java/edp/davinci/dao/ProjectMapper.java
@@ -49,7 +49,13 @@ public interface ProjectMapper {
             "FROM project p ",
             "left join user u on u.id = p.user_id",
             "left join star s on (s.target_id = p.id and s.target = '" + Constants.STAR_TARGET_PROJECT + "' and s.user_id = #{userId})",
-            "   WHERE p.id IN (",
+            "left join (",
+            "   SELECT org.id, org.member_permission ",
+            "   FROM rel_user_organization ruo ",
+            "   LEFT JOIN organization org on ruo.org_id = org.id ",
+            "   WHERE ruo.user_id = #{userId} ",
+            ") o on o.id = p.org_id",
+            "WHERE p.id IN (",
             //用户创建
             "   SELECT id  FROM project WHERE user_id = #{userId}",
             "   UNION",
@@ -60,7 +66,10 @@ public interface ProjectMapper {
             "       LEFT JOIN team t ON t.id = rtp.team_id",
             "       LEFT JOIN rel_user_team rut ON rut.team_id = t.id",
             "   WHERE rut.user_id = #{userId} AND (rut.role = 1 or p.visibility = 1)",
-            ") order by p.id asc ",
+            ") ",
+            //organization对成员可见
+            "or o.member_permission > 0",
+            "order by p.id asc",
     })
     List<ProjectWithCreateBy> getProejctsByUser(@Param("userId") Long userId);
 
@@ -73,22 +82,31 @@ public interface ProjectMapper {
             "    u.username as 'createBy.username',",
             "    u.avatar as 'createBy.avatar'",
             "from (SELECT * FROM project WHERE org_id = #{orgId}) p",
-            "LEFT JOIN `user` u on u.id = p.user_id",
-            "LEFT JOIN star s on (s.target_id = p.id and s.target = '" + Constants.STAR_TARGET_PROJECT + "' and s.user_id = #{userId})",
+            "   LEFT JOIN `user` u on u.id = p.user_id",
+            "   LEFT JOIN star s on (s.target_id = p.id and s.target = '" + Constants.STAR_TARGET_PROJECT + "' and s.user_id = #{userId})",
+            "   LEFT JOIN (",
+            "      SELECT org.id, org.member_permission ",
+            "      FROM rel_user_organization ruo ",
+            "      LEFT JOIN organization org on ruo.org_id = org.id ",
+            "      where ruo.user_id = #{userId} and org.id = #{orgId}",
+            "   ) o on o.id = p.org_id",
             "where ",
             //用户创建
             "    p.user_id = #{userId} ",
             //公开的
             "    or p.visibility = 1",
-            //用户所在组可访问且用户是该组 maintainner的
+            //用户所在组可访问
             "    or p.id in (",
             "        SELECT p.id",
             "        FROM project p",
             "        LEFT JOIN rel_team_project rtp on rtp.project_id = p.id",
             "        LEFT JOIN team t ON t.id = rtp.team_id",
             "        LEFT JOIN rel_user_team rut ON rut.team_id = t.id",
             "        WHERE p.org_id = #{orgId} and rut.user_id = #{userId} AND rut.role = 1",
-            "    ) order by p.id",
+            "    )",
+            //organization对成员可见
+            "   or o.member_permission > 0",
+            "order by p.id",
     })
     List<ProjectWithCreateBy> getProjectsByOrgWithUser(@Param("orgId") Long orgId, @Param("userId") Long userId);
 

diff --git a/server/src/main/java/edp/davinci/dao/RelUserTeamMapper.java b/server/src/main/java/edp/davinci/dao/RelUserTeamMapper.java
@@ -26,6 +26,7 @@
 import org.apache.ibatis.annotations.Select;
 import org.apache.ibatis.annotations.Update;
 import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.PathVariable;
 
 import java.util.List;
 import java.util.Set;
@@ -78,7 +79,7 @@ public interface RelUserTeamMapper {
 
     /**
      * 查询用户和project所在team结构中的最大权限
-     * <p>
+     *
      * project和用户所在team交集的 完整team结构
      *
      * @param projectId
@@ -115,4 +116,19 @@ public interface RelUserTeamMapper {
             "where rtp.project_id = #{projectId} and rut.user_id = #{userId}"
     })
     short getUserMaxRoleWithProjectId(@Param("projectId") Long projectId, @Param("userId") Long userId);
+
+
+    /**
+     * 查询用户在organization下参与的team数
+     * @param orgId
+     * @param userId
+     * @return
+     */
+    @Select({
+            "SELECT COUNT(rut.id) FROM rel_user_team rut ",
+            "LEFT JOIN team t on t.id = rut.team_id",
+            "LEFT JOIN organization o on t.org_id = o.id",
+            "WHERE org_id = #{orgId} and rut.user_id = #{userId}",
+    })
+    Integer getTeamNumOfOrgByUser(@Param("orgId") Long orgId, @Param("userId") Long userId);
 }
diff --git a/server/src/main/java/edp/davinci/dto/organizationDto/OrganizationInfo.java b/server/src/main/java/edp/davinci/dto/organizationDto/OrganizationInfo.java
@@ -30,4 +30,6 @@ public class OrganizationInfo extends OrganizationBaseInfo {
     private Integer teamNum;
 
     private Boolean allowCreateProject;
+
+    private Short memberPermission;
 }
diff --git a/server/src/main/java/edp/davinci/dto/organizationDto/OrganizationPut.java b/server/src/main/java/edp/davinci/dto/organizationDto/OrganizationPut.java
@@ -40,4 +40,6 @@ public class OrganizationPut {
     private String avatar;
 
     private Boolean allowCreateProject;
+
+    private Short memberPermission;
 }
diff --git a/server/src/main/java/edp/davinci/dto/projectDto/ProjectPermission.java b/server/src/main/java/edp/davinci/dto/projectDto/ProjectPermission.java
@@ -36,4 +36,16 @@ public class ProjectPermission {
     private Boolean sharePermission = false;
 
     private Boolean downloadPermission = false;
+
+
+    public ProjectPermission() {
+    }
+
+    public ProjectPermission(Short permission) {
+        this.sourcePermission = permission;
+        this.viewPermission = permission;
+        this.widgetPermission = permission;
+        this.vizPermission = permission;
+        this.schedulePermission = permission;
+    }
 }
diff --git a/server/src/main/java/edp/davinci/model/Organization.java b/server/src/main/java/edp/davinci/model/Organization.java
@@ -42,6 +42,9 @@ public class Organization {
 
     private Boolean allowCreateProject = true;
 
+    //成员默认对project权限（隐藏/只读/修改/删除）
+    private Short memberPermission = (short) 0;
+
     private Date createTime = new Date();
 
     private Long createBy;

diff --git a/server/src/main/java/edp/davinci/service/impl/ProjectServiceImpl.java b/server/src/main/java/edp/davinci/service/impl/ProjectServiceImpl.java
@@ -84,6 +84,9 @@ public class ProjectServiceImpl implements ProjectService {
     @Autowired
     private StarMapper starMapper;
 
+    @Autowired
+    public RelUserTeamMapper relUserTeamMapper;
+
     @Override
     public boolean isExist(String name, Long id, Long orgId) {
         Long projectId = projectMapper.getByNameWithOrgId(name, orgId);
@@ -119,10 +122,16 @@ public ResultMap getProjectInfo(Long id, User user, HttpServletRequest request)
         ProjectInfo projectInfo = new ProjectInfo();
         BeanUtils.copyProperties(project, projectInfo);
 
-        List<UserMaxProjectPermission> permissions = relTeamProjectMapper.getUserMaxPermission(user.getId());
-        for (UserMaxProjectPermission userMaxProjectPermission : permissions) {
-            if (userMaxProjectPermission.getProjectId().equals(project.getId())) {
-                BeanUtils.copyProperties(userMaxProjectPermission, projectInfo.getPermission());
+        Integer teamNumOfOrgByUser = relUserTeamMapper.getTeamNumOfOrgByUser(project.getOrgId(), user.getId());
+        if (teamNumOfOrgByUser > 0) {
+            Organization organization = organizationMapper.getById(project.getOrgId());
+            projectInfo.setPermission(new ProjectPermission(organization.getMemberPermission()));
+        } else {
+            List<UserMaxProjectPermission> permissions = relTeamProjectMapper.getUserMaxPermission(user.getId());
+            for (UserMaxProjectPermission userMaxProjectPermission : permissions) {
+                if (userMaxProjectPermission.getProjectId().equals(project.getId())) {
+                    BeanUtils.copyProperties(userMaxProjectPermission, projectInfo.getPermission());
+                }
             }
         }
 
@@ -147,9 +156,16 @@ public ResultMap getProjects(User user, HttpServletRequest request) {
             for (ProjectWithCreateBy project : projects) {
                 ProjectInfo projectInfo = new ProjectInfo();
                 BeanUtils.copyProperties(project, projectInfo);
-                for (UserMaxProjectPermission maxProjectPermission : permissions) {
-                    if (maxProjectPermission.getProjectId().equals(project.getId())) {
-                        BeanUtils.copyProperties(maxProjectPermission, projectInfo.getPermission());
+
+                Integer teamNumOfOrgByUser = relUserTeamMapper.getTeamNumOfOrgByUser(project.getOrgId(), user.getId());
+                if (teamNumOfOrgByUser > 0) {
+                    Organization organization = organizationMapper.getById(project.getOrgId());
+                    projectInfo.setPermission(new ProjectPermission(organization.getMemberPermission()));
+                } else {
+                    for (UserMaxProjectPermission maxProjectPermission : permissions) {
+                        if (maxProjectPermission.getProjectId().equals(project.getId())) {
+                            BeanUtils.copyProperties(maxProjectPermission, projectInfo.getPermission());
+                        }
                     }
                 }
                 projectInfoList.add(projectInfo);

diff --git a/server/src/main/resources/mybatis/mapper/OrganizationMapper.xml b/server/src/main/resources/mybatis/mapper/OrganizationMapper.xml
@@ -31,6 +31,7 @@
             member_num,
             team_num,
             allow_create_project,
+            member_permission,
             create_time,
             create_by,
             <if test='description != null and description != "" '>
@@ -48,6 +49,7 @@
             #{memberNum, jdbcType=INTEGER},
             #{teamNum, jdbcType=INTEGER},
             #{allowCreateProject, jdbcType=TINYINT},
+            #{memberPermission, jdbcType=SMALLINT},
             #{createTime, jdbcType=TIMESTAMP},
             #{createBy, jdbcType=BIGINT},
             <if test='description != null and description != "" '>