Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzdisk
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzdisk
提交
a07fc567
提交
a07fc567
编写于
4年前
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
ibiz4j 发布系统代码
上级
f5e275fe
master
无相关合并请求
变更
5
隐藏空白字符变更
内嵌
并排
正在显示
5 个修改的文件
包含
183 行增加
和
78 行删除
+183
-78
ISDFileService.java
...ain/java/cn/ibizlab/core/disk/service/ISDFileService.java
+5
-5
SDFileServiceImpl.java
.../cn/ibizlab/core/disk/service/impl/SDFileServiceImpl.java
+19
-19
systemResource.json
...sk-core/src/main/resources/permission/systemResource.json
+1
-1
SDFileResource.java
...api/src/main/java/cn/ibizlab/api/rest/SDFileResource.java
+39
-39
AuthPermissionEvaluator.java
...ava/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+119
-14
未找到文件。
ibzdisk-core/src/main/java/cn/ibizlab/core/disk/service/ISDFileService.java
浏览文件 @
a07fc567
...
...
@@ -25,15 +25,15 @@ import com.baomidou.mybatisplus.extension.service.IService;
*/
public
interface
ISDFileService
extends
IService
<
SDFile
>{
boolean
update
(
SDFile
et
)
;
void
updateBatch
(
List
<
SDFile
>
list
)
;
boolean
create
(
SDFile
et
)
;
void
createBatch
(
List
<
SDFile
>
list
)
;
boolean
checkKey
(
SDFile
et
)
;
SDFile
getDraft
(
SDFile
et
)
;
SDFile
get
(
String
key
)
;
boolean
update
(
SDFile
et
)
;
void
updateBatch
(
List
<
SDFile
>
list
)
;
boolean
remove
(
String
key
)
;
void
removeBatch
(
Collection
<
String
>
idList
)
;
SDFile
get
(
String
key
)
;
SDFile
getDraft
(
SDFile
et
)
;
boolean
checkKey
(
SDFile
et
)
;
boolean
save
(
SDFile
et
)
;
void
saveBatch
(
List
<
SDFile
>
list
)
;
Page
<
SDFile
>
searchDefault
(
SDFileSearchContext
context
)
;
...
...
This diff is collapsed.
Click to expand it.
ibzdisk-core/src/main/java/cn/ibizlab/core/disk/service/impl/SDFileServiceImpl.java
浏览文件 @
a07fc567
...
...
@@ -49,39 +49,42 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
@Override
@Transactional
public
boolean
upd
ate
(
SDFile
et
)
{
if
(!
update
(
et
,(
Wrapper
)
et
.
getUpdateWrapper
(
true
).
eq
(
"fileid"
,
et
.
getId
()
)))
public
boolean
cre
ate
(
SDFile
et
)
{
if
(!
this
.
retBool
(
this
.
baseMapper
.
insert
(
et
)))
return
false
;
CachedBeanCopier
.
copy
(
get
(
et
.
getId
()),
et
);
return
true
;
}
@Override
public
void
upd
ateBatch
(
List
<
SDFile
>
list
)
{
updateBatchById
(
list
,
batchSize
);
public
void
cre
ateBatch
(
List
<
SDFile
>
list
)
{
this
.
saveBatch
(
list
,
batchSize
);
}
@Override
@Transactional
public
boolean
cre
ate
(
SDFile
et
)
{
if
(!
this
.
retBool
(
this
.
baseMapper
.
insert
(
et
)))
public
boolean
upd
ate
(
SDFile
et
)
{
if
(!
update
(
et
,(
Wrapper
)
et
.
getUpdateWrapper
(
true
).
eq
(
"fileid"
,
et
.
getId
()
)))
return
false
;
CachedBeanCopier
.
copy
(
get
(
et
.
getId
()),
et
);
return
true
;
}
@Override
public
void
cre
ateBatch
(
List
<
SDFile
>
list
)
{
this
.
saveBatch
(
list
,
batchSize
);
public
void
upd
ateBatch
(
List
<
SDFile
>
list
)
{
updateBatchById
(
list
,
batchSize
);
}
@Override
public
boolean
checkKey
(
SDFile
et
)
{
return
(!
ObjectUtils
.
isEmpty
(
et
.
getId
()))&&(!
Objects
.
isNull
(
this
.
getById
(
et
.
getId
())));
@Transactional
public
boolean
remove
(
String
key
)
{
boolean
result
=
removeById
(
key
);
return
result
;
}
@Override
public
SDFile
getDraft
(
SDFile
e
t
)
{
re
turn
et
;
public
void
removeBatch
(
Collection
<
String
>
idLis
t
)
{
re
moveByIds
(
idList
)
;
}
@Override
...
...
@@ -98,17 +101,14 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
}
@Override
@Transactional
public
boolean
remove
(
String
key
)
{
boolean
result
=
removeById
(
key
);
return
result
;
public
SDFile
getDraft
(
SDFile
et
)
{
return
et
;
}
@Override
public
void
removeBatch
(
Collection
<
String
>
idLis
t
)
{
re
moveByIds
(
idList
);
public
boolean
checkKey
(
SDFile
e
t
)
{
re
turn
(!
ObjectUtils
.
isEmpty
(
et
.
getId
()))&&(!
Objects
.
isNull
(
this
.
getById
(
et
.
getId
()))
);
}
@Override
@Transactional
public
boolean
save
(
SDFile
et
)
{
...
...
This diff is collapsed.
Click to expand it.
ibzdisk-core/src/main/resources/permission/systemResource.json
浏览文件 @
a07fc567
...
...
@@ -8,7 +8,7 @@
"delogicname"
:
"文件"
,
"sysmoudle"
:{
"id"
:
"DISK"
,
"name"
:
"disk"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT"
}],
"deaction"
:[{
"id"
:
"
Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove
"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
}],
"deaction"
:[{
"id"
:
"
Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey
"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
}],
"datascope"
:[{
"id"
:
"all"
,
"name"
:
"全部数据"
},
{
"id"
:
"createman"
,
"name"
:
"创建人"
}]
}
],
...
...
This diff is collapsed.
Click to expand it.
ibzdisk-provider/ibzdisk-provider-api/src/main/java/cn/ibizlab/api/rest/SDFileResource.java
浏览文件 @
a07fc567
...
...
@@ -47,6 +47,25 @@ public class SDFileResource {
@Lazy
public
SDFileMapping
sdfileMapping
;
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Create')"
)
@ApiOperation
(
value
=
"新建文件"
,
tags
=
{
"文件"
},
notes
=
"新建文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles"
)
@Transactional
public
ResponseEntity
<
SDFileDTO
>
create
(
@RequestBody
SDFileDTO
sdfiledto
)
{
SDFile
domain
=
sdfileMapping
.
toDomain
(
sdfiledto
);
sdfileService
.
create
(
domain
);
SDFileDTO
dto
=
sdfileMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledtos),'ibzdisk-SDFile-Create')"
)
@ApiOperation
(
value
=
"批量新建文件"
,
tags
=
{
"文件"
},
notes
=
"批量新建文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
SDFileDTO
>
sdfiledtos
)
{
sdfileService
.
createBatch
(
sdfileMapping
.
toDomain
(
sdfiledtos
));
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@VersionCheck
(
entity
=
"sdfile"
,
versionfield
=
"updatedate"
)
@PreAuthorize
(
"hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Update')"
)
@ApiOperation
(
value
=
"更新文件"
,
tags
=
{
"文件"
},
notes
=
"更新文件"
)
...
...
@@ -68,37 +87,22 @@ public class SDFileResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasPermission(this.sdfile
Mapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Creat
e')"
)
@ApiOperation
(
value
=
"
新建文件"
,
tags
=
{
"文件"
},
notes
=
"新建
文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles
"
)
@PreAuthorize
(
"hasPermission(this.sdfile
Service.get(#sdfile_id),'ibzdisk-SDFile-Remov
e')"
)
@ApiOperation
(
value
=
"
删除文件"
,
tags
=
{
"文件"
},
notes
=
"删除
文件"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/{sdfile_id}
"
)
@Transactional
public
ResponseEntity
<
SDFileDTO
>
create
(
@RequestBody
SDFileDTO
sdfiledto
)
{
SDFile
domain
=
sdfileMapping
.
toDomain
(
sdfiledto
);
sdfileService
.
create
(
domain
);
SDFileDTO
dto
=
sdfileMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
public
ResponseEntity
<
Boolean
>
remove
(
@PathVariable
(
"sdfile_id"
)
String
sdfile_id
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
remove
(
sdfile_id
));
}
@PreAuthorize
(
"hasPermission(this.sdfile
Mapping.toDomain(#sdfiledtos),'ibzdisk-SDFile-Creat
e')"
)
@ApiOperation
(
value
=
"批量
新建文件"
,
tags
=
{
"文件"
},
notes
=
"批量新建
文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
SDFileDTO
>
sdfiledto
s
)
{
sdfileService
.
createBatch
(
sdfileMapping
.
toDomain
(
sdfiledtos
)
);
@PreAuthorize
(
"hasPermission(this.sdfile
Service.getSdfileByIds(#ids),'ibzdisk-SDFile-Remov
e')"
)
@ApiOperation
(
value
=
"批量
删除文件"
,
tags
=
{
"文件"
},
notes
=
"批量删除
文件"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
id
s
)
{
sdfileService
.
removeBatch
(
ids
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@ApiOperation
(
value
=
"检查文件"
,
tags
=
{
"文件"
},
notes
=
"检查文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
SDFileDTO
sdfiledto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
checkKey
(
sdfileMapping
.
toDomain
(
sdfiledto
)));
}
@ApiOperation
(
value
=
"获取文件草稿"
,
tags
=
{
"文件"
},
notes
=
"获取文件草稿"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/getdraft"
)
public
ResponseEntity
<
SDFileDTO
>
getDraft
()
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileMapping
.
toDto
(
sdfileService
.
getDraft
(
new
SDFile
())));
}
@PostAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(returnObject.body),'ibzdisk-SDFile-Get')"
)
@ApiOperation
(
value
=
"获取文件"
,
tags
=
{
"文件"
},
notes
=
"获取文件"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/{sdfile_id}"
)
...
...
@@ -108,20 +112,16 @@ public class SDFileResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Remove')"
)
@ApiOperation
(
value
=
"删除文件"
,
tags
=
{
"文件"
},
notes
=
"删除文件"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/{sdfile_id}"
)
@Transactional
public
ResponseEntity
<
Boolean
>
remove
(
@PathVariable
(
"sdfile_id"
)
String
sdfile_id
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
remove
(
sdfile_id
));
@ApiOperation
(
value
=
"获取文件草稿"
,
tags
=
{
"文件"
},
notes
=
"获取文件草稿"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/getdraft"
)
public
ResponseEntity
<
SDFileDTO
>
getDraft
()
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileMapping
.
toDto
(
sdfileService
.
getDraft
(
new
SDFile
())));
}
@PreAuthorize
(
"hasPermission(this.sdfileService.getSdfileByIds(#ids),'ibzdisk-SDFile-Remove')"
)
@ApiOperation
(
value
=
"批量删除文件"
,
tags
=
{
"文件"
},
notes
=
"批量删除文件"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
sdfileService
.
removeBatch
(
ids
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
@ApiOperation
(
value
=
"检查文件"
,
tags
=
{
"文件"
},
notes
=
"检查文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
SDFileDTO
sdfiledto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
checkKey
(
sdfileMapping
.
toDomain
(
sdfiledto
)));
}
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Save')"
)
...
...
@@ -139,7 +139,7 @@ public class SDFileResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')"
)
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')
and hasPermission(#context,'ibzdisk-SDFile-Get')
"
)
@ApiOperation
(
value
=
"获取DEFAULT"
,
tags
=
{
"文件"
}
,
notes
=
"获取DEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/fetchdefault"
)
public
ResponseEntity
<
List
<
SDFileDTO
>>
fetchDefault
(
SDFileSearchContext
context
)
{
...
...
@@ -152,7 +152,7 @@ public class SDFileResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')"
)
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')
and hasPermission(#context,'ibzdisk-SDFile-Get')
"
)
@ApiOperation
(
value
=
"查询DEFAULT"
,
tags
=
{
"文件"
}
,
notes
=
"查询DEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/searchdefault"
)
public
ResponseEntity
<
Page
<
SDFileDTO
>>
searchDefault
(
@RequestBody
SDFileSearchContext
context
)
{
...
...
This diff is collapsed.
Click to expand it.
ibzdisk-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @
a07fc567
package
cn
.
ibizlab
.
util
.
security
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
lombok.SneakyThrows
;
import
cn.ibizlab.util.annotation.DEField
;
import
cn.ibizlab.util.domain.EntityBase
;
import
cn.ibizlab.util.enums.DEPredefinedFieldType
;
import
cn.ibizlab.util.filter.QueryWrapperContext
;
import
cn.ibizlab.util.helper.DEFieldCacheMap
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.security.access.PermissionEvaluator
;
...
...
@@ -11,7 +14,10 @@ import org.springframework.security.core.GrantedAuthority;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.ObjectUtils
;
import
java.io.Serializable
;
import
java.lang.reflect.ParameterizedType
;
import
java.lang.reflect.Type
;
import
java.util.*
;
import
java.util.function.Consumer
;
/**
* spring security 权限管理类
...
...
@@ -23,44 +29,144 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value
(
"${ibiz.enablePermissionValid:false}"
)
boolean
enablePermissionValid
;
//是否开启权限校验
/**
*
实体行为
鉴权
* @param authentication
* @param entity
* @param action
*
服务接口
鉴权
* @param authentication
用户
* @param entity
实体
* @param action
操作
* @return
*/
@Override
@SneakyThrows
public
boolean
hasPermission
(
Authentication
authentication
,
Object
entity
,
Object
action
)
{
//未开启权限校验、超级管理员则不进行权限检查
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!
enablePermissionValid
)
if
(!
enablePermissionValid
)
return
true
;
Object
principal
=
authentication
.
getPrincipal
();
if
(
ObjectUtils
.
isEmpty
(
principal
))
return
false
;
AuthenticationUser
authenticationUser
=
(
AuthenticationUser
)
authentication
.
getPrincipal
();
if
(
authenticationUser
.
getSuperuser
()==
1
)
return
true
;
String
strAction
=
String
.
valueOf
(
action
);
Set
<
String
>
userAuthorities
=
getAuthorities
(
authentication
,
strAction
);
if
(
userAuthorities
.
size
()==
0
)
return
false
;
//拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
strAction
,
userAuthorities
)){
return
true
;
}
if
(
entity
instanceof
ArrayList
){
List
<
EntityBase
>
entities
=
(
List
<
EntityBase
>)
entity
;
for
(
EntityBase
entityBase:
entities
){
boolean
result
=
actionValid
(
entityBase
,
strAction
,
userAuthorities
);
boolean
result
=
actionValid
(
entityBase
,
strAction
,
userAuthorities
,
authenticationUser
);
if
(!
result
){
return
false
;
}
}
}
else
if
(
entity
instanceof
QueryWrapperContext
){
QueryWrapperContext
queryWrapperContext
=
(
QueryWrapperContext
)
entity
;
setPermissionCondToSearchContext
(
getEntity
(
queryWrapperContext
),
queryWrapperContext
,
userAuthorities
,
authenticationUser
);
}
else
{
EntityBase
entityBase
=
(
EntityBase
)
entity
;
return
actionValid
(
entityBase
,
strAction
,
userAuthorities
);
return
actionValid
(
entityBase
,
strAction
,
userAuthorities
,
authenticationUser
);
}
return
true
;
}
/**
* 获取实体信息
* @param qc
* @return
*/
@SneakyThrows
private
EntityBase
getEntity
(
QueryWrapperContext
qc
){
EntityBase
entity
=
null
;
Type
type
=
qc
.
getClass
().
getGenericSuperclass
();
if
(
type
instanceof
ParameterizedType
){
ParameterizedType
parameterizedType
=
(
ParameterizedType
)
qc
.
getClass
().
getGenericSuperclass
();
Type
[]
typeArr
=
parameterizedType
.
getActualTypeArguments
();
if
(
typeArr
.
length
>
0
){
Class
<
EntityBase
>
entityClass
=
(
Class
)
typeArr
[
0
];
return
entityClass
.
newInstance
();
}
}
return
entity
;
}
/**
* 在searchContext中拼接权限条件
* @param entity 实体
* @param qc 查询上下文
* @param userAuthorities 用户权限
* @param authenticationUser 当前用户
*/
@SneakyThrows
private
void
setPermissionCondToSearchContext
(
EntityBase
entity
,
QueryWrapperContext
qc
,
Set
<
String
>
userAuthorities
,
AuthenticationUser
authenticationUser
){
if
(
entity
==
null
)
return
;
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
Set
<
String
>
userOrg
=
new
HashSet
<>();
Set
<
String
>
userOrgDept
=
new
HashSet
<>();
Set
<
String
>
userCreateMan
=
new
HashSet
<>();
for
(
String
authority:
userAuthorities
){
if
(
authority
.
endsWith
(
"curorg"
)){
//本单位
userOrg
.
add
(
authenticationUser
.
getOrgid
());
}
else
if
(
authority
.
endsWith
(
"porg"
)){
//上级单位
userOrg
.
addAll
(
orgParent
);
}
else
if
(
authority
.
endsWith
(
"sorg"
)){
//下级单位
userOrg
.
addAll
(
orgChild
);
}
else
if
(
authority
.
endsWith
(
"curorgdept"
)){
//本部门
userOrgDept
.
add
(
authenticationUser
.
getMdeptid
());
}
else
if
(
authority
.
endsWith
(
"porgdept"
)){
//上级部门
userOrgDept
.
addAll
(
orgDeptParent
);
}
else
if
(
authority
.
endsWith
(
"sorgdept"
)){
//下级部门
userOrgDept
.
addAll
(
orgDeptChild
);
}
else
if
(
authority
.
endsWith
(
"createman"
)){
userCreateMan
.
add
(
authority
);
}
}
if
(
userOrg
.
size
()==
0
&&
userOrgDept
.
size
()==
0
&&
userCreateMan
.
size
()==
0
){
qc
.
getSelectCond
().
apply
(
"1<>1"
);
}
else
{
Consumer
<
QueryWrapper
>
consumer
=
qw
->
{
if
(
userOrg
.
size
()>
0
){
Consumer
<
QueryWrapper
>
org
=
orgQw
->
{
orgQw
.
in
(
orgField
,
userOrg
);
};
qw
.
or
(
org
);
}
if
(
userOrgDept
.
size
()>
0
){
Consumer
<
QueryWrapper
>
dept
=
deptQw
->
{
deptQw
.
in
(
orgDeptField
,
userOrgDept
);
};
qw
.
or
(
dept
);
}
if
(
userCreateMan
.
size
()>
0
){
Consumer
<
QueryWrapper
>
createMan
=
createManQw
->
{
createManQw
.
eq
(
createManField
,
authenticationUser
.
getUserid
());
};
qw
.
or
(
createMan
);
}
};
qc
.
getSelectCond
().
and
(
consumer
);
}
}
@Override
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
id
,
String
action
,
Object
params
)
{
...
...
@@ -106,13 +212,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param userAuthorities
* @return
*/
private
boolean
actionValid
(
EntityBase
entity
,
String
action
,
Set
<
String
>
userAuthorities
){
private
boolean
actionValid
(
EntityBase
entity
,
String
action
,
Set
<
String
>
userAuthorities
,
AuthenticationUser
authenticationUser
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
AuthenticationUser
authenticationUser
=
AuthenticationUser
.
getAuthenticationUser
();
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
...
...
This diff is collapsed.
Click to expand it.
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录