完成权限控制

2025-01-03 16:17:52 +08:00
parent 743e2db17d
commit bca3933790
4 changed files with 62 additions and 4 deletions
--- a/flowable-core/src/main/java/com/lanyuanxiaoyao/flowable/core/manager/FlowableManager.java
+++ b/flowable-core/src/main/java/com/lanyuanxiaoyao/flowable/core/manager/FlowableManager.java
@@ -27,6 +27,7 @@ import lombok.extern.slf4j.Slf4j;
 */
@Slf4j
 public abstract class FlowableManager {
+  private static final String DEFAULT_APPROVE_COMMENT = "审批通过";
  private final FlowableConfiguration configuration;
  private final FlowableRepository repository;

@@ -83,13 +84,21 @@ public abstract class FlowableManager {
  }

  public void approve(String instanceId) {
-    approve(instanceId, "审批通过");
+    approve(instanceId, DEFAULT_APPROVE_COMMENT);
  }

  public void approve(String instanceId, String comment) {
    manualAction(instanceId, FlowableAction.APPROVE, comment);
  }

+  public void approve(String instanceId, Map<String, Object> metadata) {
+    manualAction(instanceId, FlowableAction.APPROVE, DEFAULT_APPROVE_COMMENT, metadata);
+  }
+
+  public void approve(String instanceId, String comment, Map<String, Object> metadata) {
+    manualAction(instanceId, FlowableAction.APPROVE, comment, metadata);
+  }
+
  public void reject(String instanceId) {
    reject(instanceId, "审批不通过");
  }
@@ -128,6 +137,15 @@ public abstract class FlowableManager {
      throw new IllegalArgumentException("ID为" + instance.getInstanceId() + "的流程已结束，无法操作");
    }

+    String accessorClass = node.getAccessor();
+    if (StringHelper.isBlank(accessorClass)) {
+      throw new IllegalArgumentException("权限检查器为空");
+    }
+    FlowableAccessor accessor = createBean(accessorClass);
+    if (!accessor.access(instance.getMetadata())) {
+      throw new IllegalArgumentException("权限校验不通过");
+    }
+
    String handlerClass = node.getHandler();
    if (StringHelper.isBlank(handlerClass)) {
      throw new IllegalArgumentException("节点执行器为空");
--- a/flowable-core/src/main/java/com/lanyuanxiaoyao/flowable/core/model/FlowableAccessor.java
+++ b/flowable-core/src/main/java/com/lanyuanxiaoyao/flowable/core/model/FlowableAccessor.java
@@ -1,7 +1,5 @@
 package com.lanyuanxiaoyao.flowable.core.model;

-import java.util.Map;
-
 /**
 * 权限校验
 *
@@ -9,5 +7,12 @@ import java.util.Map;
 * @version 20241231
 */
 public interface FlowableAccessor {
-  boolean access(Map<String, Object> metadata);
+  boolean access(FlowableMetadata metadata);
+
+  class DefaultFlowableAccessor implements FlowableAccessor {
+    @Override
+    public boolean access(FlowableMetadata metadata) {
+      return true;
+    }
+  }
 }
--- a/flowable-example/src/main/java/com/lanyuanxiaoyao/flowable/test/TestFlowableManager.java
+++ b/flowable-example/src/main/java/com/lanyuanxiaoyao/flowable/test/TestFlowableManager.java
@@ -6,6 +6,7 @@ import com.lanyuanxiaoyao.flowable.core.model.FlowableAction;
 import com.lanyuanxiaoyao.flowable.core.model.FlowableHandler;
 import com.lanyuanxiaoyao.flowable.core.model.FlowableInstance;
 import com.lanyuanxiaoyao.flowable.core.model.FlowableNode;
+import com.lanyuanxiaoyao.flowable.test.accessor.RoleCheckAccessor;
 import com.lanyuanxiaoyao.flowable.test.handler.TwoApproveHandler;
 import java.util.Map;
 import java.util.UUID;
@@ -179,4 +180,23 @@ public abstract class TestFlowableManager {
    Assertions.assertEquals("88a4ef5b-9cca-4e89-8232-24b6e9e94f4a", manager.getInstance(instanceId).getCurrentNodeId());
    Assertions.assertEquals("lanyuanxiaoyao", manager.getInstance(instanceId).getMetadata().get("name"));
  }
+
+  @Test
+  public void testAccessor() {
+    FlowableManager manager = flowableManager();
+    FlowableNode node = FlowableNode.builder()
+        .nodeId("a3f3f055-aa0e-49ed-9bc5-d0c04f11017e")
+        .name("a3f3f055-aa0e-49ed-9bc5-d0c04f11017e")
+        .description("a3f3f055-aa0e-49ed-9bc5-d0c04f11017e")
+        .type(FlowableNode.Type.MANUAL)
+        .accessor(RoleCheckAccessor.class.getName())
+        .build();
+    manager.create(node);
+    String instanceId = manager.start(node.getNodeId());
+    Assertions.assertEquals(FlowableInstance.Status.RUNNING, manager.getInstance(instanceId).getStatus());
+    Assertions.assertThrows(IllegalArgumentException.class, () -> manager.approve(instanceId));
+
+    manager.approve(instanceId, MapHelper.of("role", "admin"));
+    Assertions.assertEquals(FlowableInstance.Status.COMPLETED, manager.getInstance(instanceId).getStatus());
+  }
 }
--- a/flowable-example/src/main/java/com/lanyuanxiaoyao/flowable/test/accessor/RoleCheckAccessor.java
+++ b/flowable-example/src/main/java/com/lanyuanxiaoyao/flowable/test/accessor/RoleCheckAccessor.java
@@ -0,0 +1,15 @@
+package com.lanyuanxiaoyao.flowable.test.accessor;
+
+import com.lanyuanxiaoyao.flowable.core.model.FlowableAccessor;
+import com.lanyuanxiaoyao.flowable.core.model.FlowableMetadata;
+
+/**
+ * @author lanyuanxiaoyao
+ * @version 20250103
+ */
+public class RoleCheckAccessor implements FlowableAccessor {
+  @Override
+  public boolean access(FlowableMetadata metadata) {
+    return metadata.containsKey("role");
+  }
+}