Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzdisk
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzdisk
提交
a07fc567
提交
a07fc567
编写于
6月 30, 2020
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
ibiz4j 发布系统代码
上级
f5e275fe
变更
5
显示空白字符变更
内嵌
并排
正在显示
5 个修改的文件
包含
183 行增加
和
78 行删除
+183
-78
ISDFileService.java
...ain/java/cn/ibizlab/core/disk/service/ISDFileService.java
+5
-5
SDFileServiceImpl.java
.../cn/ibizlab/core/disk/service/impl/SDFileServiceImpl.java
+19
-19
systemResource.json
...sk-core/src/main/resources/permission/systemResource.json
+1
-1
SDFileResource.java
...api/src/main/java/cn/ibizlab/api/rest/SDFileResource.java
+39
-39
AuthPermissionEvaluator.java
...ava/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+119
-14
未找到文件。
ibzdisk-core/src/main/java/cn/ibizlab/core/disk/service/ISDFileService.java
浏览文件 @
a07fc567
...
@@ -25,15 +25,15 @@ import com.baomidou.mybatisplus.extension.service.IService;
...
@@ -25,15 +25,15 @@ import com.baomidou.mybatisplus.extension.service.IService;
*/
*/
public
interface
ISDFileService
extends
IService
<
SDFile
>{
public
interface
ISDFileService
extends
IService
<
SDFile
>{
boolean
update
(
SDFile
et
)
;
void
updateBatch
(
List
<
SDFile
>
list
)
;
boolean
create
(
SDFile
et
)
;
boolean
create
(
SDFile
et
)
;
void
createBatch
(
List
<
SDFile
>
list
)
;
void
createBatch
(
List
<
SDFile
>
list
)
;
boolean
checkKey
(
SDFile
et
)
;
boolean
update
(
SDFile
et
)
;
SDFile
getDraft
(
SDFile
et
)
;
void
updateBatch
(
List
<
SDFile
>
list
)
;
SDFile
get
(
String
key
)
;
boolean
remove
(
String
key
)
;
boolean
remove
(
String
key
)
;
void
removeBatch
(
Collection
<
String
>
idList
)
;
void
removeBatch
(
Collection
<
String
>
idList
)
;
SDFile
get
(
String
key
)
;
SDFile
getDraft
(
SDFile
et
)
;
boolean
checkKey
(
SDFile
et
)
;
boolean
save
(
SDFile
et
)
;
boolean
save
(
SDFile
et
)
;
void
saveBatch
(
List
<
SDFile
>
list
)
;
void
saveBatch
(
List
<
SDFile
>
list
)
;
Page
<
SDFile
>
searchDefault
(
SDFileSearchContext
context
)
;
Page
<
SDFile
>
searchDefault
(
SDFileSearchContext
context
)
;
...
...
ibzdisk-core/src/main/java/cn/ibizlab/core/disk/service/impl/SDFileServiceImpl.java
浏览文件 @
a07fc567
...
@@ -49,39 +49,42 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
...
@@ -49,39 +49,42 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
@Override
@Override
@Transactional
@Transactional
public
boolean
upd
ate
(
SDFile
et
)
{
public
boolean
cre
ate
(
SDFile
et
)
{
if
(!
update
(
et
,(
Wrapper
)
et
.
getUpdateWrapper
(
true
).
eq
(
"fileid"
,
et
.
getId
()
)))
if
(!
this
.
retBool
(
this
.
baseMapper
.
insert
(
et
)))
return
false
;
return
false
;
CachedBeanCopier
.
copy
(
get
(
et
.
getId
()),
et
);
CachedBeanCopier
.
copy
(
get
(
et
.
getId
()),
et
);
return
true
;
return
true
;
}
}
@Override
@Override
public
void
upd
ateBatch
(
List
<
SDFile
>
list
)
{
public
void
cre
ateBatch
(
List
<
SDFile
>
list
)
{
updateBatchById
(
list
,
batchSize
);
this
.
saveBatch
(
list
,
batchSize
);
}
}
@Override
@Override
@Transactional
@Transactional
public
boolean
cre
ate
(
SDFile
et
)
{
public
boolean
upd
ate
(
SDFile
et
)
{
if
(!
this
.
retBool
(
this
.
baseMapper
.
insert
(
et
)))
if
(!
update
(
et
,(
Wrapper
)
et
.
getUpdateWrapper
(
true
).
eq
(
"fileid"
,
et
.
getId
()
)))
return
false
;
return
false
;
CachedBeanCopier
.
copy
(
get
(
et
.
getId
()),
et
);
CachedBeanCopier
.
copy
(
get
(
et
.
getId
()),
et
);
return
true
;
return
true
;
}
}
@Override
@Override
public
void
cre
ateBatch
(
List
<
SDFile
>
list
)
{
public
void
upd
ateBatch
(
List
<
SDFile
>
list
)
{
this
.
saveBatch
(
list
,
batchSize
);
updateBatchById
(
list
,
batchSize
);
}
}
@Override
@Override
public
boolean
checkKey
(
SDFile
et
)
{
@Transactional
return
(!
ObjectUtils
.
isEmpty
(
et
.
getId
()))&&(!
Objects
.
isNull
(
this
.
getById
(
et
.
getId
())));
public
boolean
remove
(
String
key
)
{
boolean
result
=
removeById
(
key
);
return
result
;
}
}
@Override
@Override
public
SDFile
getDraft
(
SDFile
e
t
)
{
public
void
removeBatch
(
Collection
<
String
>
idLis
t
)
{
re
turn
et
;
re
moveByIds
(
idList
)
;
}
}
@Override
@Override
...
@@ -98,17 +101,14 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
...
@@ -98,17 +101,14 @@ public class SDFileServiceImpl extends ServiceImpl<SDFileMapper, SDFile> impleme
}
}
@Override
@Override
@Transactional
public
SDFile
getDraft
(
SDFile
et
)
{
public
boolean
remove
(
String
key
)
{
return
et
;
boolean
result
=
removeById
(
key
);
return
result
;
}
}
@Override
@Override
public
void
removeBatch
(
Collection
<
String
>
idLis
t
)
{
public
boolean
checkKey
(
SDFile
e
t
)
{
re
moveByIds
(
idList
);
re
turn
(!
ObjectUtils
.
isEmpty
(
et
.
getId
()))&&(!
Objects
.
isNull
(
this
.
getById
(
et
.
getId
()))
);
}
}
@Override
@Override
@Transactional
@Transactional
public
boolean
save
(
SDFile
et
)
{
public
boolean
save
(
SDFile
et
)
{
...
...
ibzdisk-core/src/main/resources/permission/systemResource.json
浏览文件 @
a07fc567
...
@@ -8,7 +8,7 @@
...
@@ -8,7 +8,7 @@
"delogicname"
:
"文件"
,
"delogicname"
:
"文件"
,
"sysmoudle"
:{
"id"
:
"DISK"
,
"name"
:
"disk"
},
"sysmoudle"
:{
"id"
:
"DISK"
,
"name"
:
"disk"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT"
}],
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT"
}],
"deaction"
:[{
"id"
:
"
Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove
"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
}],
"deaction"
:[{
"id"
:
"
Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey
"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
}],
"datascope"
:[{
"id"
:
"all"
,
"name"
:
"全部数据"
},
{
"id"
:
"createman"
,
"name"
:
"创建人"
}]
"datascope"
:[{
"id"
:
"all"
,
"name"
:
"全部数据"
},
{
"id"
:
"createman"
,
"name"
:
"创建人"
}]
}
}
],
],
...
...
ibzdisk-provider/ibzdisk-provider-api/src/main/java/cn/ibizlab/api/rest/SDFileResource.java
浏览文件 @
a07fc567
...
@@ -47,6 +47,25 @@ public class SDFileResource {
...
@@ -47,6 +47,25 @@ public class SDFileResource {
@Lazy
@Lazy
public
SDFileMapping
sdfileMapping
;
public
SDFileMapping
sdfileMapping
;
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Create')"
)
@ApiOperation
(
value
=
"新建文件"
,
tags
=
{
"文件"
},
notes
=
"新建文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles"
)
@Transactional
public
ResponseEntity
<
SDFileDTO
>
create
(
@RequestBody
SDFileDTO
sdfiledto
)
{
SDFile
domain
=
sdfileMapping
.
toDomain
(
sdfiledto
);
sdfileService
.
create
(
domain
);
SDFileDTO
dto
=
sdfileMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledtos),'ibzdisk-SDFile-Create')"
)
@ApiOperation
(
value
=
"批量新建文件"
,
tags
=
{
"文件"
},
notes
=
"批量新建文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
SDFileDTO
>
sdfiledtos
)
{
sdfileService
.
createBatch
(
sdfileMapping
.
toDomain
(
sdfiledtos
));
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@VersionCheck
(
entity
=
"sdfile"
,
versionfield
=
"updatedate"
)
@VersionCheck
(
entity
=
"sdfile"
,
versionfield
=
"updatedate"
)
@PreAuthorize
(
"hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Update')"
)
@PreAuthorize
(
"hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Update')"
)
@ApiOperation
(
value
=
"更新文件"
,
tags
=
{
"文件"
},
notes
=
"更新文件"
)
@ApiOperation
(
value
=
"更新文件"
,
tags
=
{
"文件"
},
notes
=
"更新文件"
)
...
@@ -68,37 +87,22 @@ public class SDFileResource {
...
@@ -68,37 +87,22 @@ public class SDFileResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
}
@PreAuthorize
(
"hasPermission(this.sdfile
Mapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Creat
e')"
)
@PreAuthorize
(
"hasPermission(this.sdfile
Service.get(#sdfile_id),'ibzdisk-SDFile-Remov
e')"
)
@ApiOperation
(
value
=
"
新建文件"
,
tags
=
{
"文件"
},
notes
=
"新建
文件"
)
@ApiOperation
(
value
=
"
删除文件"
,
tags
=
{
"文件"
},
notes
=
"删除
文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles
"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/{sdfile_id}
"
)
@Transactional
@Transactional
public
ResponseEntity
<
SDFileDTO
>
create
(
@RequestBody
SDFileDTO
sdfiledto
)
{
public
ResponseEntity
<
Boolean
>
remove
(
@PathVariable
(
"sdfile_id"
)
String
sdfile_id
)
{
SDFile
domain
=
sdfileMapping
.
toDomain
(
sdfiledto
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
remove
(
sdfile_id
));
sdfileService
.
create
(
domain
);
SDFileDTO
dto
=
sdfileMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
}
@PreAuthorize
(
"hasPermission(this.sdfile
Mapping.toDomain(#sdfiledtos),'ibzdisk-SDFile-Creat
e')"
)
@PreAuthorize
(
"hasPermission(this.sdfile
Service.getSdfileByIds(#ids),'ibzdisk-SDFile-Remov
e')"
)
@ApiOperation
(
value
=
"批量
新建文件"
,
tags
=
{
"文件"
},
notes
=
"批量新建
文件"
)
@ApiOperation
(
value
=
"批量
删除文件"
,
tags
=
{
"文件"
},
notes
=
"批量删除
文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/batch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
SDFileDTO
>
sdfiledto
s
)
{
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
id
s
)
{
sdfileService
.
createBatch
(
sdfileMapping
.
toDomain
(
sdfiledtos
)
);
sdfileService
.
removeBatch
(
ids
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
}
@ApiOperation
(
value
=
"检查文件"
,
tags
=
{
"文件"
},
notes
=
"检查文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
SDFileDTO
sdfiledto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
checkKey
(
sdfileMapping
.
toDomain
(
sdfiledto
)));
}
@ApiOperation
(
value
=
"获取文件草稿"
,
tags
=
{
"文件"
},
notes
=
"获取文件草稿"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/getdraft"
)
public
ResponseEntity
<
SDFileDTO
>
getDraft
()
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileMapping
.
toDto
(
sdfileService
.
getDraft
(
new
SDFile
())));
}
@PostAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(returnObject.body),'ibzdisk-SDFile-Get')"
)
@PostAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(returnObject.body),'ibzdisk-SDFile-Get')"
)
@ApiOperation
(
value
=
"获取文件"
,
tags
=
{
"文件"
},
notes
=
"获取文件"
)
@ApiOperation
(
value
=
"获取文件"
,
tags
=
{
"文件"
},
notes
=
"获取文件"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/{sdfile_id}"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/{sdfile_id}"
)
...
@@ -108,20 +112,16 @@ public class SDFileResource {
...
@@ -108,20 +112,16 @@ public class SDFileResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
}
@PreAuthorize
(
"hasPermission(this.sdfileService.get(#sdfile_id),'ibzdisk-SDFile-Remove')"
)
@ApiOperation
(
value
=
"获取文件草稿"
,
tags
=
{
"文件"
},
notes
=
"获取文件草稿"
)
@ApiOperation
(
value
=
"删除文件"
,
tags
=
{
"文件"
},
notes
=
"删除文件"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/getdraft"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/{sdfile_id}"
)
public
ResponseEntity
<
SDFileDTO
>
getDraft
()
{
@Transactional
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileMapping
.
toDto
(
sdfileService
.
getDraft
(
new
SDFile
())));
public
ResponseEntity
<
Boolean
>
remove
(
@PathVariable
(
"sdfile_id"
)
String
sdfile_id
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
remove
(
sdfile_id
));
}
}
@PreAuthorize
(
"hasPermission(this.sdfileService.getSdfileByIds(#ids),'ibzdisk-SDFile-Remove')"
)
@ApiOperation
(
value
=
"检查文件"
,
tags
=
{
"文件"
},
notes
=
"检查文件"
)
@ApiOperation
(
value
=
"批量删除文件"
,
tags
=
{
"文件"
},
notes
=
"批量删除文件"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/checkkey"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sdfiles/batch"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
SDFileDTO
sdfiledto
)
{
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
sdfileService
.
checkKey
(
sdfileMapping
.
toDomain
(
sdfiledto
)));
sdfileService
.
removeBatch
(
ids
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
}
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Save')"
)
@PreAuthorize
(
"hasPermission(this.sdfileMapping.toDomain(#sdfiledto),'ibzdisk-SDFile-Save')"
)
...
@@ -139,7 +139,7 @@ public class SDFileResource {
...
@@ -139,7 +139,7 @@ public class SDFileResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')"
)
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')
and hasPermission(#context,'ibzdisk-SDFile-Get')
"
)
@ApiOperation
(
value
=
"获取DEFAULT"
,
tags
=
{
"文件"
}
,
notes
=
"获取DEFAULT"
)
@ApiOperation
(
value
=
"获取DEFAULT"
,
tags
=
{
"文件"
}
,
notes
=
"获取DEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/fetchdefault"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sdfiles/fetchdefault"
)
public
ResponseEntity
<
List
<
SDFileDTO
>>
fetchDefault
(
SDFileSearchContext
context
)
{
public
ResponseEntity
<
List
<
SDFileDTO
>>
fetchDefault
(
SDFileSearchContext
context
)
{
...
@@ -152,7 +152,7 @@ public class SDFileResource {
...
@@ -152,7 +152,7 @@ public class SDFileResource {
.
body
(
list
);
.
body
(
list
);
}
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')"
)
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzdisk-SDFile-searchDefault-all')
and hasPermission(#context,'ibzdisk-SDFile-Get')
"
)
@ApiOperation
(
value
=
"查询DEFAULT"
,
tags
=
{
"文件"
}
,
notes
=
"查询DEFAULT"
)
@ApiOperation
(
value
=
"查询DEFAULT"
,
tags
=
{
"文件"
}
,
notes
=
"查询DEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/searchdefault"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sdfiles/searchdefault"
)
public
ResponseEntity
<
Page
<
SDFileDTO
>>
searchDefault
(
@RequestBody
SDFileSearchContext
context
)
{
public
ResponseEntity
<
Page
<
SDFileDTO
>>
searchDefault
(
@RequestBody
SDFileSearchContext
context
)
{
...
...
ibzdisk-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @
a07fc567
package
cn
.
ibizlab
.
util
.
security
;
package
cn
.
ibizlab
.
util
.
security
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
lombok.SneakyThrows
;
import
cn.ibizlab.util.annotation.DEField
;
import
cn.ibizlab.util.annotation.DEField
;
import
cn.ibizlab.util.domain.EntityBase
;
import
cn.ibizlab.util.domain.EntityBase
;
import
cn.ibizlab.util.enums.DEPredefinedFieldType
;
import
cn.ibizlab.util.enums.DEPredefinedFieldType
;
import
cn.ibizlab.util.filter.QueryWrapperContext
;
import
cn.ibizlab.util.helper.DEFieldCacheMap
;
import
cn.ibizlab.util.helper.DEFieldCacheMap
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.security.access.PermissionEvaluator
;
import
org.springframework.security.access.PermissionEvaluator
;
...
@@ -11,7 +14,10 @@ import org.springframework.security.core.GrantedAuthority;
...
@@ -11,7 +14,10 @@ import org.springframework.security.core.GrantedAuthority;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.ObjectUtils
;
import
org.springframework.util.ObjectUtils
;
import
java.io.Serializable
;
import
java.io.Serializable
;
import
java.lang.reflect.ParameterizedType
;
import
java.lang.reflect.Type
;
import
java.util.*
;
import
java.util.*
;
import
java.util.function.Consumer
;
/**
/**
* spring security 权限管理类
* spring security 权限管理类
...
@@ -23,44 +29,144 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -23,44 +29,144 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value
(
"${ibiz.enablePermissionValid:false}"
)
@Value
(
"${ibiz.enablePermissionValid:false}"
)
boolean
enablePermissionValid
;
//是否开启权限校验
boolean
enablePermissionValid
;
//是否开启权限校验
/**
/**
*
实体行为
鉴权
*
服务接口
鉴权
* @param authentication
* @param authentication
用户
* @param entity
* @param entity
实体
* @param action
* @param action
操作
* @return
* @return
*/
*/
@Override
@Override
@SneakyThrows
public
boolean
hasPermission
(
Authentication
authentication
,
Object
entity
,
Object
action
)
{
public
boolean
hasPermission
(
Authentication
authentication
,
Object
entity
,
Object
action
)
{
if
(!
enablePermissionValid
)
//未开启权限校验、超级管理员则不进行权限检查
return
true
;
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!
enablePermissionValid
)
Object
principal
=
authentication
.
getPrincipal
();
if
(
ObjectUtils
.
isEmpty
(
principal
))
return
false
;
AuthenticationUser
authenticationUser
=
(
AuthenticationUser
)
authentication
.
getPrincipal
();
if
(
authenticationUser
.
getSuperuser
()==
1
)
return
true
;
return
true
;
String
strAction
=
String
.
valueOf
(
action
);
String
strAction
=
String
.
valueOf
(
action
);
Set
<
String
>
userAuthorities
=
getAuthorities
(
authentication
,
strAction
);
Set
<
String
>
userAuthorities
=
getAuthorities
(
authentication
,
strAction
);
if
(
userAuthorities
.
size
()==
0
)
if
(
userAuthorities
.
size
()==
0
)
return
false
;
return
false
;
//拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
strAction
,
userAuthorities
)){
if
(
isAllData
(
strAction
,
userAuthorities
)){
return
true
;
return
true
;
}
}
if
(
entity
instanceof
ArrayList
){
if
(
entity
instanceof
ArrayList
){
List
<
EntityBase
>
entities
=
(
List
<
EntityBase
>)
entity
;
List
<
EntityBase
>
entities
=
(
List
<
EntityBase
>)
entity
;
for
(
EntityBase
entityBase:
entities
){
for
(
EntityBase
entityBase:
entities
){
boolean
result
=
actionValid
(
entityBase
,
strAction
,
userAuthorities
);
boolean
result
=
actionValid
(
entityBase
,
strAction
,
userAuthorities
,
authenticationUser
);
if
(!
result
){
if
(!
result
){
return
false
;
return
false
;
}
}
}
}
}
}
else
if
(
entity
instanceof
QueryWrapperContext
){
QueryWrapperContext
queryWrapperContext
=
(
QueryWrapperContext
)
entity
;
setPermissionCondToSearchContext
(
getEntity
(
queryWrapperContext
),
queryWrapperContext
,
userAuthorities
,
authenticationUser
);
}
else
{
else
{
EntityBase
entityBase
=
(
EntityBase
)
entity
;
EntityBase
entityBase
=
(
EntityBase
)
entity
;
return
actionValid
(
entityBase
,
strAction
,
userAuthorities
);
return
actionValid
(
entityBase
,
strAction
,
userAuthorities
,
authenticationUser
);
}
}
return
true
;
return
true
;
}
}
/**
* 获取实体信息
* @param qc
* @return
*/
@SneakyThrows
private
EntityBase
getEntity
(
QueryWrapperContext
qc
){
EntityBase
entity
=
null
;
Type
type
=
qc
.
getClass
().
getGenericSuperclass
();
if
(
type
instanceof
ParameterizedType
){
ParameterizedType
parameterizedType
=
(
ParameterizedType
)
qc
.
getClass
().
getGenericSuperclass
();
Type
[]
typeArr
=
parameterizedType
.
getActualTypeArguments
();
if
(
typeArr
.
length
>
0
){
Class
<
EntityBase
>
entityClass
=
(
Class
)
typeArr
[
0
];
return
entityClass
.
newInstance
();
}
}
return
entity
;
}
/**
* 在searchContext中拼接权限条件
* @param entity 实体
* @param qc 查询上下文
* @param userAuthorities 用户权限
* @param authenticationUser 当前用户
*/
@SneakyThrows
private
void
setPermissionCondToSearchContext
(
EntityBase
entity
,
QueryWrapperContext
qc
,
Set
<
String
>
userAuthorities
,
AuthenticationUser
authenticationUser
){
if
(
entity
==
null
)
return
;
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
Set
<
String
>
userOrg
=
new
HashSet
<>();
Set
<
String
>
userOrgDept
=
new
HashSet
<>();
Set
<
String
>
userCreateMan
=
new
HashSet
<>();
for
(
String
authority:
userAuthorities
){
if
(
authority
.
endsWith
(
"curorg"
)){
//本单位
userOrg
.
add
(
authenticationUser
.
getOrgid
());
}
else
if
(
authority
.
endsWith
(
"porg"
)){
//上级单位
userOrg
.
addAll
(
orgParent
);
}
else
if
(
authority
.
endsWith
(
"sorg"
)){
//下级单位
userOrg
.
addAll
(
orgChild
);
}
else
if
(
authority
.
endsWith
(
"curorgdept"
)){
//本部门
userOrgDept
.
add
(
authenticationUser
.
getMdeptid
());
}
else
if
(
authority
.
endsWith
(
"porgdept"
)){
//上级部门
userOrgDept
.
addAll
(
orgDeptParent
);
}
else
if
(
authority
.
endsWith
(
"sorgdept"
)){
//下级部门
userOrgDept
.
addAll
(
orgDeptChild
);
}
else
if
(
authority
.
endsWith
(
"createman"
)){
userCreateMan
.
add
(
authority
);
}
}
if
(
userOrg
.
size
()==
0
&&
userOrgDept
.
size
()==
0
&&
userCreateMan
.
size
()==
0
){
qc
.
getSelectCond
().
apply
(
"1<>1"
);
}
else
{
Consumer
<
QueryWrapper
>
consumer
=
qw
->
{
if
(
userOrg
.
size
()>
0
){
Consumer
<
QueryWrapper
>
org
=
orgQw
->
{
orgQw
.
in
(
orgField
,
userOrg
);
};
qw
.
or
(
org
);
}
if
(
userOrgDept
.
size
()>
0
){
Consumer
<
QueryWrapper
>
dept
=
deptQw
->
{
deptQw
.
in
(
orgDeptField
,
userOrgDept
);
};
qw
.
or
(
dept
);
}
if
(
userCreateMan
.
size
()>
0
){
Consumer
<
QueryWrapper
>
createMan
=
createManQw
->
{
createManQw
.
eq
(
createManField
,
authenticationUser
.
getUserid
());
};
qw
.
or
(
createMan
);
}
};
qc
.
getSelectCond
().
and
(
consumer
);
}
}
@Override
@Override
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
id
,
String
action
,
Object
params
)
{
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
id
,
String
action
,
Object
params
)
{
...
@@ -106,13 +212,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -106,13 +212,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param userAuthorities
* @param userAuthorities
* @return
* @return
*/
*/
private
boolean
actionValid
(
EntityBase
entity
,
String
action
,
Set
<
String
>
userAuthorities
){
private
boolean
actionValid
(
EntityBase
entity
,
String
action
,
Set
<
String
>
userAuthorities
,
AuthenticationUser
authenticationUser
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
AuthenticationUser
authenticationUser
=
AuthenticationUser
.
getAuthenticationUser
();
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
...
...
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录