提交 a07fc567 编写于 作者: ibizdev's avatar ibizdev

ibiz4j 发布系统代码

上级 f5e275fe
无相关合并请求
......@@ -25,15 +25,15 @@ import com.baomidou.mybatisplus.extension.service.IService;
*/
public interface ISDFileService extends IService<SDFile>{
boolean update(SDFile et) ;
void updateBatch(List<SDFile> list) ;
boolean create(SDFile et) ;
void createBatch(List<SDFile> list) ;
boolean checkKey(SDFile et) ;
SDFile getDraft(SDFile et) ;
SDFile get(String key) ;
boolean update(SDFile et) ;
void updateBatch(List<SDFile> list) ;
boolean remove(String key) ;
void removeBatch(Collection<String> idList) ;
SDFile get(String key) ;
SDFile getDraft(SDFile et) ;
boolean checkKey(SDFile et) ;
boolean save(SDFile et) ;
void saveBatch(List<SDFile> list) ;
Page<SDFile> searchDefault(SDFileSearchContext context) ;
......
......@@ -49,39 +49,42 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
@Override
@Transactional
public boolean update(SDFile et) {
if(!update(et,(Wrapper) et.getUpdateWrapper(true).eq("fileid",et.getId())))
public boolean create(SDFile et) {
if(!this.retBool(this.baseMapper.insert(et)))
return false;
CachedBeanCopier.copy(get(et.getId()),et);
return true;
}
@Override
public void updateBatch(List<SDFile> list) {
updateBatchById(list,batchSize);
public void createBatch(List<SDFile> list) {
this.saveBatch(list,batchSize);
}
@Override
@Transactional
public boolean create(SDFile et) {
if(!this.retBool(this.baseMapper.insert(et)))
public boolean update(SDFile et) {
if(!update(et,(Wrapper) et.getUpdateWrapper(true).eq("fileid",et.getId())))
return false;
CachedBeanCopier.copy(get(et.getId()),et);
return true;
}
@Override
public void createBatch(List<SDFile> list) {
this.saveBatch(list,batchSize);
public void updateBatch(List<SDFile> list) {
updateBatchById(list,batchSize);
}
@Override
public boolean checkKey(SDFile et) {
return (!ObjectUtils.isEmpty(et.getId()))&&(!Objects.isNull(this.getById(et.getId())));
@Transactional
public boolean remove(String key) {
boolean result=removeById(key);
return result ;
}
@Override
public SDFile getDraft(SDFile et) {
return et;
public void removeBatch(Collection<String> idList) {
removeByIds(idList);
}
@Override
......@@ -98,17 +101,14 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
}
@Override
@Transactional
public boolean remove(String key) {
boolean result=removeById(key);
return result ;
public SDFile getDraft(SDFile et) {
return et;
}
@Override
public void removeBatch(Collection<String> idList) {
removeByIds(idList);
public boolean checkKey(SDFile et) {
return (!ObjectUtils.isEmpty(et.getId()))&&(!Objects.isNull(this.getById(et.getId())));
}
@Override
@Transactional
public boolean save(SDFile et) {
......
......@@ -8,7 +8,7 @@
"delogicname":"文件",
"sysmoudle":{"id":"DISK","name":"disk"},
"dedataset":[{"id":"Default" , "name":"DEFAULT"}],
"deaction":[{"id":"Update" , "name":"Update" , "type":"BUILTIN" },{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" }],
"deaction":[{"id":"Create" , "name":"Create" , "type":"BUILTIN" },{"id":"Update" , "name":"Update" , "type":"BUILTIN" },{"id":"Remove" , "name":"Remove" , "type":"BUILTIN" },{"id":"Get" , "name":"Get" , "type":"BUILTIN" },{"id":"GetDraft" , "name":"GetDraft" , "type":"BUILTIN" },{"id":"CheckKey" , "name":"CheckKey" , "type":"BUILTIN" },{"id":"Save" , "name":"Save" , "type":"BUILTIN" }],
"datascope":[{"id":"all","name":"全部数据"}, {"id":"createman","name":"创建人"}]
}
],
......
......@@ -47,6 +47,25 @@ public class SDFileResource {
@Lazy
public SDFileMapping sdfileMapping;
@PreAuthorize("hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Create')")
@ApiOperation(value = "新建文件", tags = {"文件" }, notes = "新建文件")
@RequestMapping(method = RequestMethod.POST, value = "/sdfiles")
@Transactional
public ResponseEntity<SDFileDTO> create(@RequestBody SDFileDTO sdfiledto) {
SDFile domain = sdfileMapping.toDomain(sdfiledto);
sdfileService.create(domain);
SDFileDTO dto = sdfileMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission(this.sdfileMapping.toDomain(#sdfiledtos),'ibzdisk-SDFile-Create')")
@ApiOperation(value = "批量新建文件", tags = {"文件" }, notes = "批量新建文件")
@RequestMapping(method = RequestMethod.POST, value = "/sdfiles/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SDFileDTO> sdfiledtos) {
sdfileService.createBatch(sdfileMapping.toDomain(sdfiledtos));
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@VersionCheck(entity = "sdfile" , versionfield = "updatedate")
@PreAuthorize("hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Update')")
@ApiOperation(value = "更新文件", tags = {"文件" }, notes = "更新文件")
......@@ -68,37 +87,22 @@ public class SDFileResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Create')")
@ApiOperation(value = "新建文件", tags = {"文件" }, notes = "新建文件")
@RequestMapping(method = RequestMethod.POST, value = "/sdfiles")
@PreAuthorize("hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Remove')")
@ApiOperation(value = "删除文件", tags = {"文件" }, notes = "删除文件")
@RequestMapping(method = RequestMethod.DELETE, value = "/sdfiles/{sdfile_id}")
@Transactional
public ResponseEntity<SDFileDTO> create(@RequestBody SDFileDTO sdfiledto) {
SDFile domain = sdfileMapping.toDomain(sdfiledto);
sdfileService.create(domain);
SDFileDTO dto = sdfileMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
public ResponseEntity<Boolean> remove(@PathVariable("sdfile_id") String sdfile_id) {
return ResponseEntity.status(HttpStatus.OK).body(sdfileService.remove(sdfile_id));
}
@PreAuthorize("hasPermission(this.sdfileMapping.toDomain(#sdfiledtos),'ibzdisk-SDFile-Create')")
@ApiOperation(value = "批量新建文件", tags = {"文件" }, notes = "批量新建文件")
@RequestMapping(method = RequestMethod.POST, value = "/sdfiles/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SDFileDTO> sdfiledtos) {
sdfileService.createBatch(sdfileMapping.toDomain(sdfiledtos));
@PreAuthorize("hasPermission(this.sdfileService.getSdfileByIds(#ids),'ibzdisk-SDFile-Remove')")
@ApiOperation(value = "批量删除文件", tags = {"文件" }, notes = "批量删除文件")
@RequestMapping(method = RequestMethod.DELETE, value = "/sdfiles/batch")
public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
sdfileService.removeBatch(ids);
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@ApiOperation(value = "检查文件", tags = {"文件" }, notes = "检查文件")
@RequestMapping(method = RequestMethod.POST, value = "/sdfiles/checkkey")
public ResponseEntity<Boolean> checkKey(@RequestBody SDFileDTO sdfiledto) {
return ResponseEntity.status(HttpStatus.OK).body(sdfileService.checkKey(sdfileMapping.toDomain(sdfiledto)));
}
@ApiOperation(value = "获取文件草稿", tags = {"文件" }, notes = "获取文件草稿")
@RequestMapping(method = RequestMethod.GET, value = "/sdfiles/getdraft")
public ResponseEntity<SDFileDTO> getDraft() {
return ResponseEntity.status(HttpStatus.OK).body(sdfileMapping.toDto(sdfileService.getDraft(new SDFile())));
}
@PostAuthorize("hasPermission(this.sdfileMapping.toDomain(returnObject.body),'ibzdisk-SDFile-Get')")
@ApiOperation(value = "获取文件", tags = {"文件" }, notes = "获取文件")
@RequestMapping(method = RequestMethod.GET, value = "/sdfiles/{sdfile_id}")
......@@ -108,20 +112,16 @@ public class SDFileResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Remove')")
@ApiOperation(value = "删除文件", tags = {"文件" }, notes = "删除文件")
@RequestMapping(method = RequestMethod.DELETE, value = "/sdfiles/{sdfile_id}")
@Transactional
public ResponseEntity<Boolean> remove(@PathVariable("sdfile_id") String sdfile_id) {
return ResponseEntity.status(HttpStatus.OK).body(sdfileService.remove(sdfile_id));
@ApiOperation(value = "获取文件草稿", tags = {"文件" }, notes = "获取文件草稿")
@RequestMapping(method = RequestMethod.GET, value = "/sdfiles/getdraft")
public ResponseEntity<SDFileDTO> getDraft() {
return ResponseEntity.status(HttpStatus.OK).body(sdfileMapping.toDto(sdfileService.getDraft(new SDFile())));
}
@PreAuthorize("hasPermission(this.sdfileService.getSdfileByIds(#ids),'ibzdisk-SDFile-Remove')")
@ApiOperation(value = "批量删除文件", tags = {"文件" }, notes = "批量删除文件")
@RequestMapping(method = RequestMethod.DELETE, value = "/sdfiles/batch")
public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
sdfileService.removeBatch(ids);
return ResponseEntity.status(HttpStatus.OK).body(true);
@ApiOperation(value = "检查文件", tags = {"文件" }, notes = "检查文件")
@RequestMapping(method = RequestMethod.POST, value = "/sdfiles/checkkey")
public ResponseEntity<Boolean> checkKey(@RequestBody SDFileDTO sdfiledto) {
return ResponseEntity.status(HttpStatus.OK).body(sdfileService.checkKey(sdfileMapping.toDomain(sdfiledto)));
}
@PreAuthorize("hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Save')")
......@@ -139,7 +139,7 @@ public class SDFileResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')")
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all') and hasPermission(#context,'ibzdisk-SDFile-Get')")
@ApiOperation(value = "获取DEFAULT", tags = {"文件" } ,notes = "获取DEFAULT")
@RequestMapping(method= RequestMethod.GET , value="/sdfiles/fetchdefault")
public ResponseEntity<List<SDFileDTO>> fetchDefault(SDFileSearchContext context) {
......@@ -152,7 +152,7 @@ public class SDFileResource {
.body(list);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')")
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all') and hasPermission(#context,'ibzdisk-SDFile-Get')")
@ApiOperation(value = "查询DEFAULT", tags = {"文件" } ,notes = "查询DEFAULT")
@RequestMapping(method= RequestMethod.POST , value="/sdfiles/searchdefault")
public ResponseEntity<Page<SDFileDTO>> searchDefault(@RequestBody SDFileSearchContext context) {
......
package cn.ibizlab.util.security;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import lombok.SneakyThrows;
import cn.ibizlab.util.annotation.DEField;
import cn.ibizlab.util.domain.EntityBase;
import cn.ibizlab.util.enums.DEPredefinedFieldType;
import cn.ibizlab.util.filter.QueryWrapperContext;
import cn.ibizlab.util.helper.DEFieldCacheMap;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.PermissionEvaluator;
......@@ -11,7 +14,10 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import java.io.Serializable;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.util.*;
import java.util.function.Consumer;
/**
* spring security 权限管理类
......@@ -23,44 +29,144 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value("${ibiz.enablePermissionValid:false}")
boolean enablePermissionValid; //是否开启权限校验
/**
* 实体行为鉴权
* @param authentication
* @param entity
* @param action
* 服务接口鉴权
* @param authentication 用户
* @param entity 实体
* @param action 操作
* @return
*/
@Override
@SneakyThrows
public boolean hasPermission(Authentication authentication, Object entity, Object action) {
//未开启权限校验、超级管理员则不进行权限检查
if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1 || !enablePermissionValid)
if(!enablePermissionValid)
return true;
Object principal = authentication.getPrincipal();
if(ObjectUtils.isEmpty(principal))
return false;
AuthenticationUser authenticationUser= (AuthenticationUser) authentication.getPrincipal();
if(authenticationUser.getSuperuser()==1)
return true;
String strAction=String.valueOf(action);
Set<String> userAuthorities = getAuthorities(authentication,strAction);
if(userAuthorities.size()==0)
return false;
//拥有全部数据访问权限时,则跳过权限检查
if(isAllData(strAction,userAuthorities)){
return true;
}
if(entity instanceof ArrayList){
List<EntityBase> entities= (List<EntityBase>) entity;
for(EntityBase entityBase: entities){
boolean result=actionValid(entityBase, strAction ,userAuthorities);
boolean result=actionValid(entityBase, strAction ,userAuthorities,authenticationUser);
if(!result){
return false;
}
}
}
else if (entity instanceof QueryWrapperContext){
QueryWrapperContext queryWrapperContext= (QueryWrapperContext) entity;
setPermissionCondToSearchContext(getEntity(queryWrapperContext),queryWrapperContext,userAuthorities,authenticationUser);
}
else{
EntityBase entityBase= (EntityBase) entity;
return actionValid(entityBase , strAction ,userAuthorities);
return actionValid(entityBase , strAction ,userAuthorities,authenticationUser);
}
return true;
}
/**
* 获取实体信息
* @param qc
* @return
*/
@SneakyThrows
private EntityBase getEntity(QueryWrapperContext qc){
EntityBase entity=null;
Type type =qc.getClass().getGenericSuperclass();
if(type instanceof ParameterizedType){
ParameterizedType parameterizedType= (ParameterizedType) qc.getClass().getGenericSuperclass();
Type [] typeArr= parameterizedType.getActualTypeArguments();
if(typeArr.length>0){
Class<EntityBase> entityClass = (Class) typeArr[0];
return entityClass.newInstance();
}
}
return entity;
}
/**
* 在searchContext中拼接权限条件
* @param entity 实体
* @param qc 查询上下文
* @param userAuthorities 用户权限
* @param authenticationUser 当前用户
*/
@SneakyThrows
private void setPermissionCondToSearchContext(EntityBase entity, QueryWrapperContext qc , Set<String> userAuthorities ,AuthenticationUser authenticationUser){
if(entity==null)
return ;
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
String createManField=permissionField.get("createmanfield");
Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
Set<String> orgParent = userInfo.get("parentorg");
Set<String> orgChild = userInfo.get("suborg");
Set<String> orgDeptParent = userInfo.get("parentdept");
Set<String> orgDeptChild = userInfo.get("subdept");
Set<String> userOrg = new HashSet<>();
Set<String> userOrgDept = new HashSet<>();
Set<String> userCreateMan = new HashSet<>();
for(String authority:userAuthorities){
if(authority.endsWith("curorg")){ //本单位
userOrg.add(authenticationUser.getOrgid());
}
else if(authority.endsWith("porg")){//上级单位
userOrg.addAll(orgParent);
}
else if(authority.endsWith("sorg")){//下级单位
userOrg.addAll(orgChild);
}
else if(authority.endsWith("curorgdept")){//本部门
userOrgDept.add(authenticationUser.getMdeptid());
}
else if(authority.endsWith("porgdept")){//上级部门
userOrgDept.addAll(orgDeptParent);
}
else if(authority.endsWith("sorgdept")){//下级部门
userOrgDept.addAll(orgDeptChild);
}
else if (authority.endsWith("createman")){
userCreateMan.add(authority);
}
}
if(userOrg.size()==0 && userOrgDept.size()==0 && userCreateMan.size()==0){
qc.getSelectCond().apply("1<>1");
}
else{
Consumer<QueryWrapper> consumer = qw -> {
if(userOrg.size()>0){
Consumer<QueryWrapper> org = orgQw -> {
orgQw.in(orgField,userOrg);
};
qw.or(org);
}
if(userOrgDept.size()>0){
Consumer<QueryWrapper> dept = deptQw -> {
deptQw.in(orgDeptField,userOrgDept);
};
qw.or(dept);
}
if(userCreateMan.size()>0){
Consumer<QueryWrapper> createMan = createManQw -> {
createManQw.eq(createManField,authenticationUser.getUserid());
};
qw.or(createMan);
}
};
qc.getSelectCond().and(consumer);
}
}
@Override
public boolean hasPermission(Authentication authentication, Serializable id, String action, Object params) {
......@@ -106,13 +212,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param userAuthorities
* @return
*/
private boolean actionValid(EntityBase entity, String action , Set<String> userAuthorities){
private boolean actionValid(EntityBase entity, String action , Set<String> userAuthorities ,AuthenticationUser authenticationUser){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
String createManField=permissionField.get("createmanfield");
AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
Set<String> orgParent = userInfo.get("parentorg");
Set<String> orgChild = userInfo.get("suborg");
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册