钉钉相关

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/dingding/DingThirdAuthController.java

@@ -1,10 +1,15 @@
 package cn.iocoder.yudao.module.system.controller.admin.dingding;
 
+import cn.iocoder.yudao.framework.common.pojo.CommonResult;
+import cn.iocoder.yudao.module.system.controller.admin.dingding.vo.AuthLoginRequest;
 import cn.iocoder.yudao.module.system.service.dingding.DingAuthServiceInfo;
 import cn.iocoder.yudao.module.system.service.dingding.DingThirdTokenService;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
+import com.dingtalk.api.response.OapiV2UserGetResponse;
+import com.dingtalk.api.response.OapiV2UserGetuserinfoResponse;
 import com.fasterxml.jackson.databind.JsonNode;
+import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Controller;
@@ -13,8 +18,11 @@ import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
 import java.util.Collection;
 import java.util.Date;
+import java.util.List;
 import java.util.Map;
 
+import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
+
 /**
  * <p>DingLoginController 此类用于：钉钉企业内部应用免登（H5微应用）</p>
  * <p>@remark：钉钉企业内部微应用DEMO, 实现了身份验证（免登）功能</p>
@@ -46,4 +54,103 @@ public class DingThirdAuthController {
         return resultMap;
     }
 
+    @Operation(summary = "第三方企业应用授权")
+    @PostMapping("/cropLogin")
+    @ResponseBody
+    public CommonResult<String> cropLogin(@RequestBody AuthLoginRequest authLoginRequest) {
+
+        log.info("钉钉用户登录第三方企业应用code:{},corpId:{}", authLoginRequest.getCode(), authLoginRequest.getCorpId());
+        //调用接口获取第三方企业应用的access_token，详情请参考获取第三方应用授权企业的accessToken。
+        String corpAccessToken = dingAuthTokenService.getCorpAccessToken(authLoginRequest.getCorpId());
+//        GetUserTokenResponse userTokenResponse = dingAuthTokenService.getUserAccessToken(authLoginRequest.getCode());
+        log.info("用户登录信息corpAccessToken" + corpAccessToken);
+        //获取用户userid。
+        OapiV2UserGetuserinfoResponse userUnfo = dingAuthTokenService.getUserUnfo(authLoginRequest.getCode(), corpAccessToken);
+        log.info("用户登录信息" + JSONObject.toJSONString(userUnfo));
+        //调用接口获取用户的userid，详情请参考通过免登码获取用户信息。
+        OapiV2UserGetResponse authUser = dingAuthTokenService.getAuthUser(corpAccessToken, userUnfo.getResult().getUserid());
+
+        log.info("用户登录详细信息" + JSONObject.toJSONString(authUser.getResult()));
+
+//        GetUserResponse addressBookUserInfo = dingAuthTokenService.getAddressBookUserInfo(corpAccessToken, "me");
+//        log.info("用户通讯录信息" + JSONObject.toJSONString(addressBookUserInfo));
+        //获取用户详情。
+//        SysUser sysUser = dingAuthServiceInfo.getUserByUserNameAndCorpId(userUnfo.getResult().getUserid(), authLoginRequest.getCorpId());
+//        if (StringUtils.isNull(sysUser)) {
+        // todo 初始化用户
+//        dingAuthServiceInfo.initUser(authUser.getResult(), authLoginRequest.getCorpId());
+//        }
+        String token = "";
+//        token = loginService.authDingThirdLogin(authUser.getResult().getUserid(), authLoginRequest.getCorpId());
+        return success(token);
+    }
+
+    @Operation(summary = "用户向企业管理员提交授权申请")
+    @PostMapping("/cropAuth/apply")
+    @ResponseBody
+    public CommonResult<String> cropAuthApply() {
+//        LoginUser loginUser = SecurityUtils.getLoginUser();
+//        String roles = "tentant_admin,hr";
+//        boolean hasAnyRoles = permissionService.hasAnyRoles(roles);
+//        if (hasAnyRoles) {
+//            AjaxResult.error("您已具备该企业权限，无需再次申请");
+//        }
+//        authApplyService.applyAuth(loginUser.getUser());
+        return success("申请成功，请等待管理员审核");
+    }
+
+//    @Operation(summary = "用户向企业管理员提交授权申请列表")
+//    @GetMapping("/cropAuth/apply/page")
+//    @ResponseBody
+//    public TableDataInfo cropAuthApplyPage() {
+//        startPage();
+//        LoginUser loginUser = SecurityUtils.getLoginUser();
+//        List<AuthApply> list = authApplyService.applyAuthList(0, loginUser.getUser().getCorpId());
+//        return getDataTable(list);
+//    }
+
+    @Operation(summary = "管理员审批用户授权申请")
+    @PostMapping("/cropAuth/complete")
+    @ResponseBody
+    public CommonResult<String> cropAuthComplete(Long id, Boolean flag) {
+//        LoginUser loginUser = SecurityUtils.getLoginUser();
+//        authApplyService.applyComplete(id, flag, loginUser.getUserId());
+        return success("成功");
+    }
+
+    @Operation(summary = "管理员给用户开通企业权限")
+    @PostMapping("/cropAuth/liberal")
+    @ResponseBody
+    public CommonResult<String> cropAuthLiberal(String[] empIds) {
+//        LoginUser loginUser = SecurityUtils.getLoginUser();
+//        SysRole role = sysRoleService.selectRoleByKey("hr");
+//        Long[] roleIds = new Long[1];
+//        roleIds[0] = role.getRoleId();
+//        for (String empId : empIds) {
+//            SysUser sysUser = userMapper.selectByEmployNoAndCorpId(empId, loginUser.getCorpid());
+//            if (sysUser == null) {
+//                //查询不到用户证明 该员工还未登录，先由管理员赋予hr角色
+//                sysUser = new SysUser();
+//                sysUser.setEmployNo(empId);
+//                sysUser.setCorpId(loginUser.getCorpid());
+//                sysUser.setCreateBy(loginUser.getUser().getUserId().toString());
+//                sysUser.setCreateTime(new Date());
+//                userMapper.insertUser(sysUser);
+//
+//                SysUserRole userRole = new SysUserRole();
+//                userRole.setUserId(sysUser.getUserId());
+//                userRole.setRoleId(role.getRoleId());
+//                sysUserService.insertUserAuth(sysUser.getUserId(), roleIds);
+//            } else {
+//                //有用户信息 设置他的角色为hr
+//                SysUserRole userRole = new SysUserRole();
+//                userRole.setUserId(sysUser.getUserId());
+//                userRole.setRoleId(role.getRoleId());
+//                sysUserService.insertUserAuth(sysUser.getUserId(), roleIds);
+//            }
+//        }
+//        return AjaxResult.success();
+        return success("成功");
+    }
+
 }

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/dingding/DingAuthenticationProvider.java

@@ -0,0 +1,58 @@
+package cn.iocoder.yudao.module.system.service.dingding;
+
+import cn.iocoder.yudao.module.system.controller.admin.dingding.vo.DingToken;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.stereotype.Component;
+
+import java.util.Objects;
+
+
+@Component
+@Slf4j
+@RequiredArgsConstructor
+public class DingAuthenticationProvider implements AuthenticationProvider {
+
+//    @Autowired
+//    private ISysUserService userService;
+//
+//    @Autowired
+//    private SysPermissionService permissionService;
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        DingToken token = (DingToken) authentication;
+        String userId = (String) token.getPrincipal();
+        String corpId = (String) token.getCredentials();
+
+//        SysUser sysUser = userService.getUserByUserNameAndCorpId(userId,corpId);
+//        if (Objects.isNull(sysUser)) {
+//            throw new InternalAuthenticationServiceException("根据userId：" + userId + "，无法获取对应的用户信息！");
+//        }
+//        LoginUser user = (LoginUser) createLoginUser(sysUser);
+//        user.setAuthType("AuthDingtalk");
+//        user.setPrincipal(userId);
+//        user.setCredentials(corpId);
+//        user.setCorpid(corpId);
+//        token.setDetails(user);
+        DingToken authenticationResult = new DingToken("user.getAuthorities()", userId, corpId);
+        authenticationResult.setDetails(token.getDetails());
+        return authenticationResult;
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return DingToken.class.isAssignableFrom(authentication);
+    }
+
+
+//    public UserDetails createLoginUser(SysUser user) {
+//        return new LoginUser(user.getUserId(), user.getDeptId(), user, permissionService.getMenuPermission(user));
+//    }
+}