feat(core): 新增项目及相关功能的数据访问层和权限控制切面

- 添加多个Mapper接口及XML文件支持项目、成员、里程碑、任务、风险、资源、文件附件等模块的数据操作和查询功能，支持复杂查询与统计 - 新增Sa-Token权限配置，集成统一认证管理 - 引入权限常量类，定义系统角色、项目角色及权限编码标准 - 新增项目权限校验切面，实现基于注解的项目权限和角色校验逻辑 - 更新配置文件和依赖，集成MyBatis Plus、MinIO、Spring AI及文档解析相关库 - 调整MyBatis配置的类型别名包路径，统一领域实体引用路径
2026-03-27 16:01:00 +08:00
parent a5e62e6885
commit 15b0013cd0
38 changed files with 2424 additions and 2 deletions
--- a/src/main/java/cn/yinlihupo/service/system/impl/ProjectPermissionServiceImpl.java
+++ b/src/main/java/cn/yinlihupo/service/system/impl/ProjectPermissionServiceImpl.java
@@ -0,0 +1,278 @@
+package cn.yinlihupo.service.system.impl;
+
+import cn.yinlihupo.common.constant.PermissionConstants;
+import cn.yinlihupo.domain.entity.Project;
+import cn.yinlihupo.domain.entity.ProjectMember;
+import cn.yinlihupo.mapper.ProjectMapper;
+import cn.yinlihupo.mapper.ProjectMemberMapper;
+import cn.yinlihupo.mapper.SysUserMapper;
+import cn.yinlihupo.service.system.ProjectPermissionService;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * 项目权限服务实现类
+ */
+@Service
+@RequiredArgsConstructor
+public class ProjectPermissionServiceImpl implements ProjectPermissionService {
+
+    private final SysUserMapper sysUserMapper;
+    private final ProjectMemberMapper projectMemberMapper;
+    private final ProjectMapper projectMapper;
+
+    @Override
+    public boolean isAdmin(Long userId) {
+        if (userId == null) {
+            return false;
+        }
+        List<String> roleCodes = sysUserMapper.selectRoleCodesByUserId(userId);
+        return roleCodes.contains(PermissionConstants.ROLE_ADMIN);
+    }
+
+    @Override
+    public String getUserProjectRole(Long userId, Long projectId) {
+        if (userId == null || projectId == null) {
+            return null;
+        }
+
+        // 先检查是否为项目经理（project.manager_id）
+        Project project = projectMapper.selectById(projectId);
+        if (project != null && userId.equals(project.getManagerId())) {
+            return PermissionConstants.PROJECT_ROLE_MANAGER;
+        }
+
+        // 查询项目成员表
+        LambdaQueryWrapper<ProjectMember> wrapper = new LambdaQueryWrapper<>();
+        wrapper.eq(ProjectMember::getProjectId, projectId)
+                .eq(ProjectMember::getUserId, userId)
+                .eq(ProjectMember::getStatus, 1)
+                .eq(ProjectMember::getDeleted, 0);
+        ProjectMember member = projectMemberMapper.selectOne(wrapper);
+
+        return member != null ? member.getRoleCode() : null;
+    }
+
+    @Override
+    public boolean isProjectMember(Long userId, Long projectId) {
+        return getUserProjectRole(userId, projectId) != null;
+    }
+
+    @Override
+    public boolean isProjectManager(Long userId, Long projectId) {
+        String role = getUserProjectRole(userId, projectId);
+        return PermissionConstants.PROJECT_ROLE_MANAGER.equals(role);
+    }
+
+    @Override
+    public boolean isProjectManagerOrLeader(Long userId, Long projectId) {
+        String role = getUserProjectRole(userId, projectId);
+        return PermissionConstants.PROJECT_ROLE_MANAGER.equals(role)
+                || PermissionConstants.PROJECT_ROLE_LEADER.equals(role);
+    }
+
+    @Override
+    public Set<String> getUserProjectPermissions(Long userId, Long projectId) {
+        Set<String> permissions = new HashSet<>();
+
+        if (userId == null || projectId == null) {
+            return permissions;
+        }
+
+        // 系统管理员拥有所有权限
+        if (isAdmin(userId)) {
+            permissions.add(PermissionConstants.PERM_PROJECT_VIEW);
+            permissions.add(PermissionConstants.PERM_PROJECT_MANAGE);
+            permissions.add(PermissionConstants.PERM_RISK_VIEW);
+            permissions.add(PermissionConstants.PERM_RISK_MANAGE);
+            permissions.add(PermissionConstants.PERM_RESOURCE_VIEW);
+            permissions.add(PermissionConstants.PERM_RESOURCE_MANAGE);
+            permissions.add(PermissionConstants.PERM_MILESTONE_VIEW);
+            permissions.add(PermissionConstants.PERM_MILESTONE_PUSH);
+            permissions.add(PermissionConstants.PERM_TASK_VIEW);
+            permissions.add(PermissionConstants.PERM_TASK_ASSIGN);
+            permissions.add(PermissionConstants.PERM_TASK_PROCESS);
+            permissions.add(PermissionConstants.PERM_REPORT_VIEW);
+            permissions.add(PermissionConstants.PERM_REPORT_CREATE);
+            permissions.add(PermissionConstants.PERM_KB_VIEW);
+            permissions.add(PermissionConstants.PERM_KB_CREATE);
+            return permissions;
+        }
+
+        String projectRole = getUserProjectRole(userId, projectId);
+        if (projectRole == null) {
+            return permissions;
+        }
+
+        // 根据项目角色分配权限
+        switch (projectRole) {
+            case PermissionConstants.PROJECT_ROLE_MANAGER:
+                // 项目经理拥有项目全部管理权限
+                permissions.add(PermissionConstants.PERM_PROJECT_VIEW);
+                permissions.add(PermissionConstants.PERM_PROJECT_MANAGE);
+                permissions.add(PermissionConstants.PERM_RISK_VIEW);
+                permissions.add(PermissionConstants.PERM_RISK_MANAGE);
+                permissions.add(PermissionConstants.PERM_RESOURCE_VIEW);
+                permissions.add(PermissionConstants.PERM_RESOURCE_MANAGE);
+                permissions.add(PermissionConstants.PERM_MILESTONE_VIEW);
+                permissions.add(PermissionConstants.PERM_MILESTONE_PUSH);
+                permissions.add(PermissionConstants.PERM_TASK_VIEW);
+                permissions.add(PermissionConstants.PERM_TASK_ASSIGN);
+                permissions.add(PermissionConstants.PERM_TASK_PROCESS);
+                permissions.add(PermissionConstants.PERM_REPORT_VIEW);
+                permissions.add(PermissionConstants.PERM_REPORT_CREATE);
+                permissions.add(PermissionConstants.PERM_KB_VIEW);
+                permissions.add(PermissionConstants.PERM_KB_CREATE);
+                break;
+
+            case PermissionConstants.PROJECT_ROLE_LEADER:
+                // 负责人拥有大部分管理权限，但不能删除项目
+                permissions.add(PermissionConstants.PERM_PROJECT_VIEW);
+                permissions.add(PermissionConstants.PERM_RISK_VIEW);
+                permissions.add(PermissionConstants.PERM_RISK_MANAGE);
+                permissions.add(PermissionConstants.PERM_RESOURCE_VIEW);
+                permissions.add(PermissionConstants.PERM_RESOURCE_MANAGE);
+                permissions.add(PermissionConstants.PERM_MILESTONE_VIEW);
+                permissions.add(PermissionConstants.PERM_MILESTONE_PUSH);
+                permissions.add(PermissionConstants.PERM_TASK_VIEW);
+                permissions.add(PermissionConstants.PERM_TASK_ASSIGN);
+                permissions.add(PermissionConstants.PERM_TASK_PROCESS);
+                permissions.add(PermissionConstants.PERM_REPORT_VIEW);
+                permissions.add(PermissionConstants.PERM_REPORT_CREATE);
+                permissions.add(PermissionConstants.PERM_KB_VIEW);
+                permissions.add(PermissionConstants.PERM_KB_CREATE);
+                break;
+
+            case PermissionConstants.PROJECT_ROLE_MEMBER:
+                // 成员拥有基本操作权限
+                permissions.add(PermissionConstants.PERM_PROJECT_VIEW);
+                permissions.add(PermissionConstants.PERM_RISK_VIEW);
+                permissions.add(PermissionConstants.PERM_RESOURCE_VIEW);
+                permissions.add(PermissionConstants.PERM_MILESTONE_VIEW);
+                permissions.add(PermissionConstants.PERM_TASK_VIEW);
+                permissions.add(PermissionConstants.PERM_TASK_PROCESS);
+                permissions.add(PermissionConstants.PERM_REPORT_VIEW);
+                permissions.add(PermissionConstants.PERM_REPORT_CREATE);
+                permissions.add(PermissionConstants.PERM_KB_VIEW);
+                permissions.add(PermissionConstants.PERM_KB_CREATE);
+                break;
+
+            case PermissionConstants.PROJECT_ROLE_OBSERVER:
+                // 观察者只有查看权限
+                permissions.add(PermissionConstants.PERM_PROJECT_VIEW);
+                permissions.add(PermissionConstants.PERM_RISK_VIEW);
+                permissions.add(PermissionConstants.PERM_RESOURCE_VIEW);
+                permissions.add(PermissionConstants.PERM_MILESTONE_VIEW);
+                permissions.add(PermissionConstants.PERM_TASK_VIEW);
+                permissions.add(PermissionConstants.PERM_REPORT_VIEW);
+                permissions.add(PermissionConstants.PERM_KB_VIEW);
+                break;
+        }
+
+        return permissions;
+    }
+
+    @Override
+    public boolean hasPermission(Long userId, Long projectId, String permission) {
+        if (permission == null) {
+            return false;
+        }
+        return getUserProjectPermissions(userId, projectId).contains(permission);
+    }
+
+    @Override
+    public boolean hasAnyPermission(Long userId, Long projectId, String... permissions) {
+        if (permissions == null || permissions.length == 0) {
+            return false;
+        }
+        Set<String> userPermissions = getUserProjectPermissions(userId, projectId);
+        for (String permission : permissions) {
+            if (userPermissions.contains(permission)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    // ==================== 便捷权限校验方法实现 ====================
+
+    @Override
+    public boolean canViewProject(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_PROJECT_VIEW);
+    }
+
+    @Override
+    public boolean canManageProject(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_PROJECT_MANAGE);
+    }
+
+    @Override
+    public boolean canViewRisk(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_RISK_VIEW);
+    }
+
+    @Override
+    public boolean canManageRisk(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_RISK_MANAGE);
+    }
+
+    @Override
+    public boolean canViewResource(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_RESOURCE_VIEW);
+    }
+
+    @Override
+    public boolean canManageResource(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_RESOURCE_MANAGE);
+    }
+
+    @Override
+    public boolean canViewMilestone(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_MILESTONE_VIEW);
+    }
+
+    @Override
+    public boolean canPushMilestone(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_MILESTONE_PUSH);
+    }
+
+    @Override
+    public boolean canViewTask(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_TASK_VIEW);
+    }
+
+    @Override
+    public boolean canAssignTask(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_TASK_ASSIGN);
+    }
+
+    @Override
+    public boolean canProcessTask(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_TASK_PROCESS);
+    }
+
+    @Override
+    public boolean canViewReport(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_REPORT_VIEW);
+    }
+
+    @Override
+    public boolean canCreateReport(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_REPORT_CREATE);
+    }
+
+    @Override
+    public boolean canViewKnowledgeBase(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_KB_VIEW);
+    }
+
+    @Override
+    public boolean canCreateKnowledgeBase(Long userId, Long projectId) {
+        return hasPermission(userId, projectId, PermissionConstants.PERM_KB_CREATE);
+    }
+}