提交 74b5ee4c 编写于 作者: ibizdev's avatar ibizdev

lab_qyk 发布系统代码

上级 fe75d00d
......@@ -17,13 +17,13 @@
</i-col>
<i-col v-show="detailsModel.pdeptname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='pdeptname' :itemRules="this.rules.pdeptname" class='' :caption="$t('entities.ibzdepartment.main_form.details.pdeptname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.pdeptname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-department-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'pdeptid','label':'pdeptname'}" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-department-select>
<app-department-select :data="data" :context="JSON.parse(JSON.stringify(context))" url="/ibzorganizations/${orgid}/ibzdepartments/picker" filter="srforgid" :fillMap="{'id':'pdeptid','label':'pdeptname'}" :multiple="false" style="" @select-change="onFormItemValueChange"></app-department-select>
</app-form-item>
</i-col>
<i-col v-show="detailsModel.orgname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='orgname' :itemRules="this.rules.orgname" class='' :caption="$t('entities.ibzdepartment.main_form.details.orgname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.orgname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'orgid','label':'orgname'}" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'orgid','label':'orgname'}" url="/ibzorganizations/${orgid}/suborg/picker" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
</app-form-item>
</i-col>
......
......@@ -20,13 +20,13 @@
</i-col>
<i-col v-show="detailsModel.orgname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='orgname' :itemRules="this.rules.orgname" class='' :caption="$t('entities.ibzdepartment.newform_form.details.orgname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.orgname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'orgid','label':'orgname'}" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'orgid','label':'orgname'}" url="/ibzorganizations/${orgid}/suborg/picker" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
</app-form-item>
</i-col>
<i-col v-show="detailsModel.pdeptname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='pdeptname' :itemRules="this.rules.pdeptname" class='' :caption="$t('entities.ibzdepartment.newform_form.details.pdeptname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.pdeptname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-department-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'pdeptid','label':'pdeptname'}" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-department-select>
<app-department-select :data="data" :context="JSON.parse(JSON.stringify(context))" url="/ibzorganizations/${orgid}/ibzdepartments/picker" filter="srforgid" :fillMap="{'id':'pdeptid','label':'pdeptname'}" :multiple="false" style="" @select-change="onFormItemValueChange"></app-department-select>
</app-form-item>
</i-col>
......
......@@ -29,13 +29,13 @@
<row>
<i-col v-show="detailsModel.orgname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='orgname' :itemRules="this.rules.orgname" class='' :caption="$t('entities.ibzemployee.main_form.details.orgname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.orgname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{id:'orgid','label':'orgname','code':'orgcode'}" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'orgid','label':'orgname'}" url="/ibzorganizations/${orgid}/suborg/picker" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
</app-form-item>
</i-col>
<i-col v-show="detailsModel.mdeptname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='mdeptname' :itemRules="this.rules.mdeptname" class='' :caption="$t('entities.ibzemployee.main_form.details.mdeptname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.mdeptname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-department-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{id:'mdeptid','label':'mdeptname','code':'mdeptcode','bcode':'bcode'}" filter="orgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-department-select>
<app-department-select :data="data" :context="JSON.parse(JSON.stringify(context))" url="/ibzorganizations/${orgid}/ibzdepartments/picker" filter="srforgid" :fillMap="{'id':'mdeptid','label':'mdeptname'}" :multiple="false" style="" @select-change="onFormItemValueChange"></app-department-select>
</app-form-item>
</i-col>
......
......@@ -20,7 +20,7 @@
</i-col>
<i-col v-show="detailsModel.porgname.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='porgname' :itemRules="this.rules.porgname" class='' :caption="$t('entities.ibzorganization.newform_form.details.porgname')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.porgname.error" :isEmptyCaption="false" labelPos="LEFT">
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'porgid','label':'porgname'}" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
<app-org-select :data="data" :context="JSON.parse(JSON.stringify(context))" :fillMap="{'id':'porgid','label':'porgname'}" url="/ibzorganizations/alls/suborg/picker" filter="srforgid" :multiple="false" style="" @select-change="onFormItemValueChange"></app-org-select>
</app-form-item>
</i-col>
......
......@@ -126,7 +126,7 @@
<!--输出实体[IBZDEPT]数据结构 -->
<changeSet author="a_A_5d9d78509" id="tab-ibzdept-628-4">
<changeSet author="a_A_5d9d78509" id="tab-ibzdept-634-4">
<createTable tableName="IBZDEPT">
<column name="DEPTID" remarks="" type="VARCHAR(100)">
<constraints primaryKey="true" primaryKeyName="PK_IBZDEPT_DEPTID"/>
......@@ -179,10 +179,10 @@
<addForeignKeyConstraint baseColumnNames="USERID" baseTableName="IBZDEPTMEMBER" constraintName="DER1N_IBZDEPTMEMBER_IBZEMP_USE" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="USERID" referencedTableName="IBZEMP" validate="true"/>
</changeSet>
<!--输出实体[IBZDEPT]外键关系 -->
<changeSet author="a_A_5d9d78509" id="fk-ibzdept-628-10">
<changeSet author="a_A_5d9d78509" id="fk-ibzdept-634-10">
<addForeignKeyConstraint baseColumnNames="PDEPTID" baseTableName="IBZDEPT" constraintName="DER1N_IBZDEPT_IBZDEPT_PDEPTID" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="DEPTID" referencedTableName="IBZDEPT" validate="true"/>
</changeSet>
<changeSet author="a_A_5d9d78509" id="fk-ibzdept-628-11">
<changeSet author="a_A_5d9d78509" id="fk-ibzdept-634-11">
<addForeignKeyConstraint baseColumnNames="ORGID" baseTableName="IBZDEPT" constraintName="DER1N_IBZDEPT_IBZORG_ORGID" deferrable="false" initiallyDeferred="false" onDelete="RESTRICT" onUpdate="RESTRICT" referencedColumnNames="ORGID" referencedTableName="IBZORG" validate="true"/>
</changeSet>
......
......@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import org.springframework.util.StringUtils;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PostAuthorize;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
......@@ -47,7 +48,7 @@ public class IBZDepartmentResource {
public IBZDepartmentDTO permissionDTO=new IBZDepartmentDTO();
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
//@PreAuthorize("hasPermission(this.ibzdepartmentMapping.toDomain(#ibzdepartmentdtos),'ibzou-IBZDepartment-Create')")
@ApiOperation(value = "Create", tags = {"IBZDepartment" }, notes = "Create")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments")
@Transactional
......@@ -58,7 +59,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
@ApiOperation(value = "createBatch", tags = {"IBZDepartment" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
......@@ -66,7 +67,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzdepartment_id,'Get',{'Sql',this.ibzdepartmentMapping,this.permissionDTO})")
@PostAuthorize("hasPermission(this.ibzdepartmentMapping.toDomain(returnObject.body),'ibzou-IBZDepartment-Get')")
@ApiOperation(value = "Get", tags = {"IBZDepartment" }, notes = "Get")
@RequestMapping(method = RequestMethod.GET, value = "/ibzdepartments/{ibzdepartment_id}")
public ResponseEntity<IBZDepartmentDTO> get(@PathVariable("ibzdepartment_id") String ibzdepartment_id) {
......@@ -75,14 +76,14 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
@ApiOperation(value = "Save", tags = {"IBZDepartment" }, notes = "Save")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/save")
public ResponseEntity<Boolean> save(@RequestBody IBZDepartmentDTO ibzdepartmentdto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentService.save(ibzdepartmentMapping.toDomain(ibzdepartmentdto)));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
@ApiOperation(value = "SaveBatch", tags = {"IBZDepartment" }, notes = "SaveBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/savebatch")
public ResponseEntity<Boolean> saveBatch(@RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
......@@ -90,21 +91,19 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDepartment-CheckKey-all')")
@ApiOperation(value = "CheckKey", tags = {"IBZDepartment" }, notes = "CheckKey")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/checkkey")
public ResponseEntity<Boolean> checkKey(@RequestBody IBZDepartmentDTO ibzdepartmentdto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentService.checkKey(ibzdepartmentMapping.toDomain(ibzdepartmentdto)));
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDepartment-GetDraft-all')")
@ApiOperation(value = "GetDraft", tags = {"IBZDepartment" }, notes = "GetDraft")
@RequestMapping(method = RequestMethod.GET, value = "/ibzdepartments/getdraft")
public ResponseEntity<IBZDepartmentDTO> getDraft() {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentMapping.toDto(ibzdepartmentService.getDraft(new IBZDepartment())));
}
@PreAuthorize("hasPermission(#ibzdepartment_id,'Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(this.ibzdepartmentService.get(#ibzdepartment_id),'ibzou-IBZDepartment-Remove')")
@ApiOperation(value = "Remove", tags = {"IBZDepartment" }, notes = "Remove")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdepartments/{ibzdepartment_id}")
@Transactional
......@@ -112,7 +111,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentService.remove(ibzdepartment_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatch", tags = {"IBZDepartment" }, notes = "RemoveBatch")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdepartments/batch")
public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
......@@ -120,7 +119,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzdepartment_id,'Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
//@PreAuthorize("hasPermission(this.ibzdepartmentService.get(#ibzdepartment_id),'ibzou-IBZDepartment-Update')")
@ApiOperation(value = "Update", tags = {"IBZDepartment" }, notes = "Update")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzdepartments/{ibzdepartment_id}")
@Transactional
......@@ -132,7 +131,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
@ApiOperation(value = "UpdateBatch", tags = {"IBZDepartment" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzdepartments/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
......@@ -182,7 +181,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK)
.body(new PageImpl(ibzdepartmentMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
}
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
//@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
@ApiOperation(value = "CreateByIBZOrganization", tags = {"IBZDepartment" }, notes = "CreateByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments")
@Transactional
......@@ -194,7 +193,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
@ApiOperation(value = "createBatchByIBZOrganization", tags = {"IBZDepartment" }, notes = "createBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/batch")
public ResponseEntity<Boolean> createBatchByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
......@@ -206,7 +205,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzdepartment_id,'Get',{'Sql',this.ibzdepartmentMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzdepartment_id,'Get',{'Sql',this.ibzdepartmentMapping,this.permissionDTO})")
@ApiOperation(value = "GetByIBZOrganization", tags = {"IBZDepartment" }, notes = "GetByIBZOrganization")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}")
public ResponseEntity<IBZDepartmentDTO> getByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id) {
......@@ -215,7 +214,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
@ApiOperation(value = "SaveByIBZOrganization", tags = {"IBZDepartment" }, notes = "SaveByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/save")
public ResponseEntity<Boolean> saveByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody IBZDepartmentDTO ibzdepartmentdto) {
......@@ -224,7 +223,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
@ApiOperation(value = "SaveBatchByIBZOrganization", tags = {"IBZDepartment" }, notes = "SaveBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
......@@ -236,14 +235,12 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDepartment-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZOrganization", tags = {"IBZDepartment" }, notes = "CheckKeyByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody IBZDepartmentDTO ibzdepartmentdto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentService.checkKey(ibzdepartmentMapping.toDomain(ibzdepartmentdto)));
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDepartment-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZOrganization", tags = {"IBZDepartment" }, notes = "GetDraftByIBZOrganization")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/getdraft")
public ResponseEntity<IBZDepartmentDTO> getDraftByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id) {
......@@ -252,7 +249,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentMapping.toDto(ibzdepartmentService.getDraft(domain)));
}
@PreAuthorize("hasPermission(#ibzdepartment_id,'Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzdepartment_id,'Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO})")
@ApiOperation(value = "RemoveByIBZOrganization", tags = {"IBZDepartment" }, notes = "RemoveByIBZOrganization")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}")
@Transactional
......@@ -260,7 +257,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdepartmentService.remove(ibzdepartment_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdepartmentMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZOrganization", tags = {"IBZDepartment" }, notes = "RemoveBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/batch")
public ResponseEntity<Boolean> removeBatchByIBZOrganization(@RequestBody List<String> ids) {
......@@ -268,7 +265,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzdepartment_id,'Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
//@PreAuthorize("hasPermission(#ibzdepartment_id,'Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdto})")
@ApiOperation(value = "UpdateByIBZOrganization", tags = {"IBZDepartment" }, notes = "UpdateByIBZOrganization")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}")
@Transactional
......@@ -281,7 +278,7 @@ public class IBZDepartmentResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdepartmentMapping,#ibzdepartmentdtos})")
@ApiOperation(value = "UpdateBatchByIBZOrganization", tags = {"IBZDepartment" }, notes = "UpdateBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/batch")
public ResponseEntity<Boolean> updateBatchByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody List<IBZDepartmentDTO> ibzdepartmentdtos) {
......
......@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import org.springframework.util.StringUtils;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PostAuthorize;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
......@@ -59,7 +60,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "UpdateBatch", tags = {"IBZDeptMember" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzdeptmembers/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -78,7 +79,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "createBatch", tags = {"IBZDeptMember" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdeptmembers/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -93,7 +94,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.save(ibzdeptmemberMapping.toDomain(ibzdeptmemberdto)));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "SaveBatch", tags = {"IBZDeptMember" }, notes = "SaveBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdeptmembers/savebatch")
public ResponseEntity<Boolean> saveBatch(@RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -101,7 +102,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-GetDraft-all')")
@ApiOperation(value = "GetDraft", tags = {"IBZDeptMember" }, notes = "GetDraft")
@RequestMapping(method = RequestMethod.GET, value = "/ibzdeptmembers/getdraft")
public ResponseEntity<IBZDeptMemberDTO> getDraft() {
......@@ -125,7 +125,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.remove(ibzdeptmember_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatch", tags = {"IBZDeptMember" }, notes = "RemoveBatch")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdeptmembers/batch")
public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
......@@ -133,7 +133,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-CheckKey-all')")
@ApiOperation(value = "CheckKey", tags = {"IBZDeptMember" }, notes = "CheckKey")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdeptmembers/checkkey")
public ResponseEntity<Boolean> checkKey(@RequestBody IBZDeptMemberDTO ibzdeptmemberdto) {
......@@ -174,7 +173,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "UpdateBatchByIBZEmployee", tags = {"IBZDeptMember" }, notes = "UpdateBatchByIBZEmployee")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> updateBatchByIBZEmployee(@PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -198,7 +197,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "createBatchByIBZEmployee", tags = {"IBZDeptMember" }, notes = "createBatchByIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> createBatchByIBZEmployee(@PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -219,7 +218,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "SaveBatchByIBZEmployee", tags = {"IBZDeptMember" }, notes = "SaveBatchByIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/{ibzemployee_id}/ibzdeptmembers/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZEmployee(@PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -231,7 +230,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZEmployee", tags = {"IBZDeptMember" }, notes = "GetDraftByIBZEmployee")
@RequestMapping(method = RequestMethod.GET, value = "/ibzemployees/{ibzemployee_id}/ibzdeptmembers/getdraft")
public ResponseEntity<IBZDeptMemberDTO> getDraftByIBZEmployee(@PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -257,7 +255,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.remove(ibzdeptmember_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZEmployee", tags = {"IBZDeptMember" }, notes = "RemoveBatchByIBZEmployee")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> removeBatchByIBZEmployee(@RequestBody List<String> ids) {
......@@ -265,7 +263,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZEmployee", tags = {"IBZDeptMember" }, notes = "CheckKeyByIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/{ibzemployee_id}/ibzdeptmembers/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZEmployee(@PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody IBZDeptMemberDTO ibzdeptmemberdto) {
......@@ -308,7 +305,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "UpdateBatchByIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "UpdateBatchByIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> updateBatchByIBZDepartmentIBZEmployee(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -332,7 +329,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "createBatchByIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "createBatchByIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> createBatchByIBZDepartmentIBZEmployee(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -353,7 +350,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "SaveBatchByIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "SaveBatchByIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZDepartmentIBZEmployee(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -365,7 +362,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "GetDraftByIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.GET, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/getdraft")
public ResponseEntity<IBZDeptMemberDTO> getDraftByIBZDepartmentIBZEmployee(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -391,7 +387,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.remove(ibzdeptmember_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "RemoveBatchByIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> removeBatchByIBZDepartmentIBZEmployee(@RequestBody List<String> ids) {
......@@ -399,7 +395,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "CheckKeyByIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZDepartmentIBZEmployee(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody IBZDeptMemberDTO ibzdeptmemberdto) {
......@@ -442,7 +437,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "UpdateBatchByIBZOrganizationIBZEmployee", tags = {"IBZDeptMember" }, notes = "UpdateBatchByIBZOrganizationIBZEmployee")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> updateBatchByIBZOrganizationIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -466,7 +461,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "createBatchByIBZOrganizationIBZEmployee", tags = {"IBZDeptMember" }, notes = "createBatchByIBZOrganizationIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> createBatchByIBZOrganizationIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -487,7 +482,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "SaveBatchByIBZOrganizationIBZEmployee", tags = {"IBZDeptMember" }, notes = "SaveBatchByIBZOrganizationIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZOrganizationIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -499,7 +494,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZOrganizationIBZEmployee", tags = {"IBZDeptMember" }, notes = "GetDraftByIBZOrganizationIBZEmployee")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/getdraft")
public ResponseEntity<IBZDeptMemberDTO> getDraftByIBZOrganizationIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -525,7 +519,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.remove(ibzdeptmember_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZOrganizationIBZEmployee", tags = {"IBZDeptMember" }, notes = "RemoveBatchByIBZOrganizationIBZEmployee")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> removeBatchByIBZOrganizationIBZEmployee(@RequestBody List<String> ids) {
......@@ -533,7 +527,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZOrganizationIBZEmployee", tags = {"IBZDeptMember" }, notes = "CheckKeyByIBZOrganizationIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZOrganizationIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody IBZDeptMemberDTO ibzdeptmemberdto) {
......@@ -576,7 +569,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "UpdateBatchByIBZOrganizationIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "UpdateBatchByIBZOrganizationIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> updateBatchByIBZOrganizationIBZDepartmentIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -600,7 +593,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "createBatchByIBZOrganizationIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "createBatchByIBZOrganizationIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> createBatchByIBZOrganizationIBZDepartmentIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -621,7 +614,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzdeptmemberMapping,#ibzdeptmemberdtos})")
@ApiOperation(value = "SaveBatchByIBZOrganizationIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "SaveBatchByIBZOrganizationIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZOrganizationIBZDepartmentIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody List<IBZDeptMemberDTO> ibzdeptmemberdtos) {
......@@ -633,7 +626,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZOrganizationIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "GetDraftByIBZOrganizationIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/getdraft")
public ResponseEntity<IBZDeptMemberDTO> getDraftByIBZOrganizationIBZDepartmentIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -659,7 +651,7 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzdeptmemberService.remove(ibzdeptmember_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzdeptmemberMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZOrganizationIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "RemoveBatchByIBZOrganizationIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/batch")
public ResponseEntity<Boolean> removeBatchByIBZOrganizationIBZDepartmentIBZEmployee(@RequestBody List<String> ids) {
......@@ -667,7 +659,6 @@ public class IBZDeptMemberResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZDeptMember-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZOrganizationIBZDepartmentIBZEmployee", tags = {"IBZDeptMember" }, notes = "CheckKeyByIBZOrganizationIBZDepartmentIBZEmployee")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}/ibzdeptmembers/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZOrganizationIBZDepartmentIBZEmployee(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id, @RequestBody IBZDeptMemberDTO ibzdeptmemberdto) {
......
......@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import org.springframework.util.StringUtils;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PostAuthorize;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
......@@ -47,7 +48,7 @@ public class IBZEmployeeResource {
public IBZEmployeeDTO permissionDTO=new IBZEmployeeDTO();
@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(this.ibzemployeeService.get(#ibzemployee_id),'ibzou-IBZEmployee-Remove')")
@ApiOperation(value = "Remove", tags = {"IBZEmployee" }, notes = "Remove")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -55,7 +56,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.remove(ibzemployee_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatch", tags = {"IBZEmployee" }, notes = "RemoveBatch")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzemployees/batch")
public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
......@@ -75,7 +76,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeedto);
}
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission(this.ibzemployeeMapping.toDomain(#ibzemployeedtos),'ibzou-IBZEmployee-Create')")
@ApiOperation(value = "Create", tags = {"IBZEmployee" }, notes = "Create")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees")
@Transactional
......@@ -86,7 +87,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "createBatch", tags = {"IBZEmployee" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -94,14 +95,13 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-CheckKey-all')")
@ApiOperation(value = "CheckKey", tags = {"IBZEmployee" }, notes = "CheckKey")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/checkkey")
public ResponseEntity<Boolean> checkKey(@RequestBody IBZEmployeeDTO ibzemployeedto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.checkKey(ibzemployeeMapping.toDomain(ibzemployeedto)));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission(this.ibzemployeeService.get(#ibzemployee_id),'ibzou-IBZEmployee-Update')")
@ApiOperation(value = "Update", tags = {"IBZEmployee" }, notes = "Update")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -113,7 +113,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "UpdateBatch", tags = {"IBZEmployee" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzemployees/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -121,14 +121,14 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "Save", tags = {"IBZEmployee" }, notes = "Save")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/save")
public ResponseEntity<Boolean> save(@RequestBody IBZEmployeeDTO ibzemployeedto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.save(ibzemployeeMapping.toDomain(ibzemployeedto)));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "SaveBatch", tags = {"IBZEmployee" }, notes = "SaveBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzemployees/savebatch")
public ResponseEntity<Boolean> saveBatch(@RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -136,7 +136,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@PostAuthorize("hasPermission(this.ibzemployeeMapping.toDomain(returnObject.body),'ibzou-IBZEmployee-Get')")
@ApiOperation(value = "Get", tags = {"IBZEmployee" }, notes = "Get")
@RequestMapping(method = RequestMethod.GET, value = "/ibzemployees/{ibzemployee_id}")
public ResponseEntity<IBZEmployeeDTO> get(@PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -145,7 +145,6 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-GetDraft-all')")
@ApiOperation(value = "GetDraft", tags = {"IBZEmployee" }, notes = "GetDraft")
@RequestMapping(method = RequestMethod.GET, value = "/ibzemployees/getdraft")
public ResponseEntity<IBZEmployeeDTO> getDraft() {
......@@ -173,7 +172,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK)
.body(new PageImpl(ibzemployeeMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@ApiOperation(value = "RemoveByIBZDepartment", tags = {"IBZEmployee" }, notes = "RemoveByIBZDepartment")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -181,7 +180,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.remove(ibzemployee_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZDepartment", tags = {"IBZEmployee" }, notes = "RemoveBatchByIBZDepartment")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/batch")
public ResponseEntity<Boolean> removeBatchByIBZDepartment(@RequestBody List<String> ids) {
......@@ -201,7 +200,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeedto);
}
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "CreateByIBZDepartment", tags = {"IBZEmployee" }, notes = "CreateByIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees")
@Transactional
......@@ -213,7 +212,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "createBatchByIBZDepartment", tags = {"IBZEmployee" }, notes = "createBatchByIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/batch")
public ResponseEntity<Boolean> createBatchByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -225,14 +224,13 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZDepartment", tags = {"IBZEmployee" }, notes = "CheckKeyByIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody IBZEmployeeDTO ibzemployeedto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.checkKey(ibzemployeeMapping.toDomain(ibzemployeedto)));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "UpdateByIBZDepartment", tags = {"IBZEmployee" }, notes = "UpdateByIBZDepartment")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -245,7 +243,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "UpdateBatchByIBZDepartment", tags = {"IBZEmployee" }, notes = "UpdateBatchByIBZDepartment")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/batch")
public ResponseEntity<Boolean> updateBatchByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -257,7 +255,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "SaveByIBZDepartment", tags = {"IBZEmployee" }, notes = "SaveByIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/save")
public ResponseEntity<Boolean> saveByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody IBZEmployeeDTO ibzemployeedto) {
......@@ -266,7 +264,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "SaveBatchByIBZDepartment", tags = {"IBZEmployee" }, notes = "SaveBatchByIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -278,7 +276,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@ApiOperation(value = "GetByIBZDepartment", tags = {"IBZEmployee" }, notes = "GetByIBZDepartment")
@RequestMapping(method = RequestMethod.GET, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}")
public ResponseEntity<IBZEmployeeDTO> getByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -287,7 +285,6 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZDepartment", tags = {"IBZEmployee" }, notes = "GetDraftByIBZDepartment")
@RequestMapping(method = RequestMethod.GET, value = "/ibzdepartments/{ibzdepartment_id}/ibzemployees/getdraft")
public ResponseEntity<IBZEmployeeDTO> getDraftByIBZDepartment(@PathVariable("ibzdepartment_id") String ibzdepartment_id) {
......@@ -319,7 +316,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK)
.body(new PageImpl(ibzemployeeMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@ApiOperation(value = "RemoveByIBZOrganization", tags = {"IBZEmployee" }, notes = "RemoveByIBZOrganization")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -327,7 +324,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.remove(ibzemployee_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZOrganization", tags = {"IBZEmployee" }, notes = "RemoveBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/batch")
public ResponseEntity<Boolean> removeBatchByIBZOrganization(@RequestBody List<String> ids) {
......@@ -347,7 +344,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeedto);
}
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "CreateByIBZOrganization", tags = {"IBZEmployee" }, notes = "CreateByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees")
@Transactional
......@@ -359,7 +356,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "createBatchByIBZOrganization", tags = {"IBZEmployee" }, notes = "createBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/batch")
public ResponseEntity<Boolean> createBatchByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -371,14 +368,13 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZOrganization", tags = {"IBZEmployee" }, notes = "CheckKeyByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody IBZEmployeeDTO ibzemployeedto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.checkKey(ibzemployeeMapping.toDomain(ibzemployeedto)));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "UpdateByIBZOrganization", tags = {"IBZEmployee" }, notes = "UpdateByIBZOrganization")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -391,7 +387,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "UpdateBatchByIBZOrganization", tags = {"IBZEmployee" }, notes = "UpdateBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/batch")
public ResponseEntity<Boolean> updateBatchByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -403,7 +399,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "SaveByIBZOrganization", tags = {"IBZEmployee" }, notes = "SaveByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/save")
public ResponseEntity<Boolean> saveByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody IBZEmployeeDTO ibzemployeedto) {
......@@ -412,7 +408,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "SaveBatchByIBZOrganization", tags = {"IBZEmployee" }, notes = "SaveBatchByIBZOrganization")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -424,7 +420,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@ApiOperation(value = "GetByIBZOrganization", tags = {"IBZEmployee" }, notes = "GetByIBZOrganization")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/{ibzemployee_id}")
public ResponseEntity<IBZEmployeeDTO> getByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -433,7 +429,6 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZOrganization", tags = {"IBZEmployee" }, notes = "GetDraftByIBZOrganization")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzemployees/getdraft")
public ResponseEntity<IBZEmployeeDTO> getDraftByIBZOrganization(@PathVariable("ibzorganization_id") String ibzorganization_id) {
......@@ -465,7 +460,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK)
.body(new PageImpl(ibzemployeeMapping.toDto(domains.getContent()), context.getPageable(), domains.getTotalElements()));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@ApiOperation(value = "RemoveByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "RemoveByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -473,7 +468,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.remove(ibzemployee_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzemployeeMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatchByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "RemoveBatchByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/batch")
public ResponseEntity<Boolean> removeBatchByIBZOrganizationIBZDepartment(@RequestBody List<String> ids) {
......@@ -493,7 +488,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeedto);
}
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "CreateByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "CreateByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees")
@Transactional
......@@ -505,7 +500,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "createBatchByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "createBatchByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/batch")
public ResponseEntity<Boolean> createBatchByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -517,14 +512,13 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-CheckKey-all')")
@ApiOperation(value = "CheckKeyByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "CheckKeyByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/checkkey")
public ResponseEntity<Boolean> checkKeyByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody IBZEmployeeDTO ibzemployeedto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.checkKey(ibzemployeeMapping.toDomain(ibzemployeedto)));
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "UpdateByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "UpdateByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}")
@Transactional
......@@ -537,7 +531,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "UpdateBatchByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "UpdateBatchByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/batch")
public ResponseEntity<Boolean> updateBatchByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -549,7 +543,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedto})")
@ApiOperation(value = "SaveByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "SaveByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/save")
public ResponseEntity<Boolean> saveByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody IBZEmployeeDTO ibzemployeedto) {
......@@ -558,7 +552,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzemployeeService.save(domain));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzemployeeMapping,#ibzemployeedtos})")
@ApiOperation(value = "SaveBatchByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "SaveBatchByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/savebatch")
public ResponseEntity<Boolean> saveBatchByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @RequestBody List<IBZEmployeeDTO> ibzemployeedtos) {
......@@ -570,7 +564,7 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(#ibzemployee_id,'Get',{'Sql',this.ibzemployeeMapping,this.permissionDTO})")
@ApiOperation(value = "GetByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "GetByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/{ibzemployee_id}")
public ResponseEntity<IBZEmployeeDTO> getByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id, @PathVariable("ibzemployee_id") String ibzemployee_id) {
......@@ -579,7 +573,6 @@ public class IBZEmployeeResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZEmployee-GetDraft-all')")
@ApiOperation(value = "GetDraftByIBZOrganizationIBZDepartment", tags = {"IBZEmployee" }, notes = "GetDraftByIBZOrganizationIBZDepartment")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}/ibzdepartments/{ibzdepartment_id}/ibzemployees/getdraft")
public ResponseEntity<IBZEmployeeDTO> getDraftByIBZOrganizationIBZDepartment(@PathVariable("ibzorganization_id") String ibzorganization_id, @PathVariable("ibzdepartment_id") String ibzdepartment_id) {
......
......@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import org.springframework.util.StringUtils;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.access.prepost.PostAuthorize;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
......@@ -47,14 +48,13 @@ public class IBZOrganizationResource {
public IBZOrganizationDTO permissionDTO=new IBZOrganizationDTO();
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZOrganization-CheckKey-all')")
@ApiOperation(value = "CheckKey", tags = {"IBZOrganization" }, notes = "CheckKey")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/checkkey")
public ResponseEntity<Boolean> checkKey(@RequestBody IBZOrganizationDTO ibzorganizationdto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzorganizationService.checkKey(ibzorganizationMapping.toDomain(ibzorganizationdto)));
}
@PreAuthorize("hasPermission(#ibzorganization_id,'Update',{'Sql',this.ibzorganizationMapping,#ibzorganizationdto})")
//@PreAuthorize("hasPermission(this.ibzorganizationService.get(#ibzorganization_id),'ibzou-IBZOrganization-Update')")
@ApiOperation(value = "Update", tags = {"IBZOrganization" }, notes = "Update")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/{ibzorganization_id}")
@Transactional
......@@ -66,7 +66,7 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Update',{'Sql',this.ibzorganizationMapping,#ibzorganizationdtos})")
//@PreAuthorize("hasPermission('Update',{'Sql',this.ibzorganizationMapping,#ibzorganizationdtos})")
@ApiOperation(value = "UpdateBatch", tags = {"IBZOrganization" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/ibzorganizations/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<IBZOrganizationDTO> ibzorganizationdtos) {
......@@ -74,7 +74,7 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission('','Create',{'Sql',this.ibzorganizationMapping,#ibzorganizationdto})")
//@PreAuthorize("hasPermission(this.ibzorganizationMapping.toDomain(#ibzorganizationdtos),'ibzou-IBZOrganization-Create')")
@ApiOperation(value = "Create", tags = {"IBZOrganization" }, notes = "Create")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations")
@Transactional
......@@ -85,7 +85,7 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('Create',{'Sql',this.ibzorganizationMapping,#ibzorganizationdtos})")
//@PreAuthorize("hasPermission('Create',{'Sql',this.ibzorganizationMapping,#ibzorganizationdtos})")
@ApiOperation(value = "createBatch", tags = {"IBZOrganization" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<IBZOrganizationDTO> ibzorganizationdtos) {
......@@ -93,14 +93,14 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzorganizationMapping,#ibzorganizationdto})")
//@PreAuthorize("hasPermission('','Save',{'Sql',this.ibzorganizationMapping,#ibzorganizationdto})")
@ApiOperation(value = "Save", tags = {"IBZOrganization" }, notes = "Save")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/save")
public ResponseEntity<Boolean> save(@RequestBody IBZOrganizationDTO ibzorganizationdto) {
return ResponseEntity.status(HttpStatus.OK).body(ibzorganizationService.save(ibzorganizationMapping.toDomain(ibzorganizationdto)));
}
@PreAuthorize("hasPermission('Save',{'Sql',this.ibzorganizationMapping,#ibzorganizationdtos})")
//@PreAuthorize("hasPermission('Save',{'Sql',this.ibzorganizationMapping,#ibzorganizationdtos})")
@ApiOperation(value = "SaveBatch", tags = {"IBZOrganization" }, notes = "SaveBatch")
@RequestMapping(method = RequestMethod.POST, value = "/ibzorganizations/savebatch")
public ResponseEntity<Boolean> saveBatch(@RequestBody List<IBZOrganizationDTO> ibzorganizationdtos) {
......@@ -108,7 +108,7 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzorganization_id,'Remove',{'Sql',this.ibzorganizationMapping,this.permissionDTO})")
//@PreAuthorize("hasPermission(this.ibzorganizationService.get(#ibzorganization_id),'ibzou-IBZOrganization-Remove')")
@ApiOperation(value = "Remove", tags = {"IBZOrganization" }, notes = "Remove")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/{ibzorganization_id}")
@Transactional
......@@ -116,7 +116,7 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(ibzorganizationService.remove(ibzorganization_id));
}
@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzorganizationMapping,this.permissionDTO,#ids})")
//@PreAuthorize("hasPermission('Remove',{'Sql',this.ibzorganizationMapping,this.permissionDTO,#ids})")
@ApiOperation(value = "RemoveBatch", tags = {"IBZOrganization" }, notes = "RemoveBatch")
@RequestMapping(method = RequestMethod.DELETE, value = "/ibzorganizations/batch")
public ResponseEntity<Boolean> removeBatch(@RequestBody List<String> ids) {
......@@ -124,7 +124,7 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(true);
}
@PreAuthorize("hasPermission(#ibzorganization_id,'Get',{'Sql',this.ibzorganizationMapping,this.permissionDTO})")
@PostAuthorize("hasPermission(this.ibzorganizationMapping.toDomain(returnObject.body),'ibzou-IBZOrganization-Get')")
@ApiOperation(value = "Get", tags = {"IBZOrganization" }, notes = "Get")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/{ibzorganization_id}")
public ResponseEntity<IBZOrganizationDTO> get(@PathVariable("ibzorganization_id") String ibzorganization_id) {
......@@ -133,7 +133,6 @@ public class IBZOrganizationResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzou-IBZOrganization-GetDraft-all')")
@ApiOperation(value = "GetDraft", tags = {"IBZOrganization" }, notes = "GetDraft")
@RequestMapping(method = RequestMethod.GET, value = "/ibzorganizations/getdraft")
public ResponseEntity<IBZOrganizationDTO> getDraft() {
......
package cn.ibizlab.util.security;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.mongodb.QueryBuilder;
import cn.ibizlab.util.annotation.DEField;
import cn.ibizlab.util.domain.DTOBase;
import cn.ibizlab.util.domain.EntityBase;
import cn.ibizlab.util.domain.MappingBase;
import cn.ibizlab.util.enums.DEPredefinedFieldType;
import cn.ibizlab.util.helper.DEFieldCacheMap;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.data.mongodb.core.query.BasicQuery;
import org.springframework.data.mongodb.core.query.Query;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import javax.annotation.Resource;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.util.*;
......@@ -34,273 +23,71 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value("${ibiz.enablePermissionValid:false}")
boolean enablePermissionValid; //是否开启权限校验
/**
*实体主键标识
*/
private String keyFieldTag="keyfield";
@Resource
@Lazy
private MongoTemplate mongoTemplate;
/**
* 批处理权限检查[createBatch:updateBatch:removeBatch]
* 实体行为鉴权
* @param authentication
* @param DEAction
* @param params
* @param entity
* @param action
* @return
*/
@Override
public boolean hasPermission(Authentication authentication, Object DEAction, Object params) {
public boolean hasPermission(Authentication authentication, Object entity, Object action) {
//未开启权限校验、超级管理员则不进行权限检查
if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1 || !enablePermissionValid)
return true;
List paramList = (ArrayList) params;
String deStorageMode= (String) paramList.get(0);
String action=String.valueOf(DEAction);
List<String> ids=null;
EntityBase entity;
List<EntityBase> entityList = null;
MappingBase mappingBase= (MappingBase) paramList.get(1);
//参数准备
if(action.equalsIgnoreCase("remove")){
entity= (EntityBase) mappingBase.toDomain(paramList.get(2));
ids= (List<String>) paramList.get(3);
}
else{
List<DTOBase> dtoList = (List<DTOBase>) paramList.get(2);
if(dtoList.size()==0)
return false;
entityList =mappingBase.toDomain(dtoList);
entity = (EntityBase) mappingBase.toDomain(dtoList.get(0));
}
if (entity==null)
return false;
Set<String> entityDataRange = getAuthorities(authentication,entity.getClass().getSimpleName(),action);
String strAction=String.valueOf(action);
Set<String> entityDataRange = getAuthorities(authentication,strAction);
if(entityDataRange.size()==0)
return false;
//拥有全部数据访问权限时,则跳过权限检查
if(isAllData(action,entityDataRange)){
if(isAllData(strAction,entityDataRange)){
return true;
}
if(action.equalsIgnoreCase("create")){
return createBatchActionPermissionValid(entityList,entityDataRange);
if(entity instanceof ArrayList){
List<EntityBase> entities= (List<EntityBase>) entity;
for(EntityBase entityBase: entities){
boolean result=actionValid(entityBase,entityDataRange);
if(!result){
return false;
}
else if(action.equalsIgnoreCase("save")){
return saveBatchActionPermissionValid(deStorageMode, entityList, entityDataRange);
}
else{
if(!action.equalsIgnoreCase("remove")){
ids=getIds(entity,entityList);
}
if(ids.size()==0)
return false;
return otherBatchActionPermissionValidRouter(deStorageMode, entity ,ids, entityDataRange);
else{
EntityBase entityBase= (EntityBase) entity;
return actionValid(entityBase,entityDataRange);
}
return true;
}
/**
* 实体行为权限检查 :用于检查当前用户是否拥有实体的新建、编辑、删除权限
*
* @param authentication
* @param id 当前操作数据的主键
* @param action 当前操作行为:如:[READ、UPDATE、DELETE]
* @param params 相关参数
* @return true/false true则允许当前行为,false拒绝行为
*/
@Override
public boolean hasPermission(Authentication authentication, Serializable id, String action, Object params) {
//未开启权限校验、超级管理员则不进行权限检查
if(AuthenticationUser.getAuthenticationUser().getSuperuser()==1 || !enablePermissionValid)
return true;
List paramList = (ArrayList) params;
String deStorageMode= (String) paramList.get(0);
MappingBase mappingBase= (MappingBase) paramList.get(1);
DTOBase dtoBase = (DTOBase) paramList.get(2);
EntityBase entity = (EntityBase) mappingBase.toDomain(dtoBase);
if (StringUtils.isEmpty(entity))
return false;
Set<String> entityDataRange = getAuthorities(authentication,entity.getClass().getSimpleName(),action);
if(entityDataRange.size()==0)
return false;
//拥有全部数据访问权限时,则跳过权限检查
if(isAllData(action,entityDataRange)){
return true;
}
if(action.equalsIgnoreCase("save")){
Map<String,String> permissionField=getPermissionField(entity);
String keyFieldName=permissionField.get(keyFieldTag);
Object srfKey=entity.get(keyFieldName);
if(ObjectUtils.isEmpty(srfKey))
action="create";
else
action="update";
}
if(action.equalsIgnoreCase("create")){
return createActionPermissionValid(entity,entityDataRange);
}
else{
return otherActionPermissionValidRouter(deStorageMode, entity, id, entityDataRange);
}
}
/**
* 获取用户权限资源
* @param authentication
* @param entityName
* @param action
* @return
*/
private Set<String> getAuthorities(Authentication authentication,String entityName,String action){
private Set<String> getAuthorities(Authentication authentication , String action){
Collection authorities=authentication.getAuthorities();
Set<String> entityDataRange = new HashSet();
Iterator var2 = authorities.iterator();
while(var2.hasNext()) {
GrantedAuthority authority = (GrantedAuthority)var2.next();
if(authority.getAuthority().contains(String.format("%s-%s-",entityName,action)))
if(authority.getAuthority().contains(action))
entityDataRange.add(authority.getAuthority());
}
return entityDataRange;
}
/**
* 批save校验
* @param deStorageMode
* @param entityList
* @param entityDataRange
* @return
*/
private boolean saveBatchActionPermissionValid(String deStorageMode, List<EntityBase> entityList, Set<String> entityDataRange) {
if(entityList==null || entityList.size()==0)
return false;
EntityBase tempEntity=entityList.get(0);
Map<String,String> permissionField=getPermissionField(tempEntity);
String keyFieldName=permissionField.get(keyFieldTag);
List createList=new ArrayList();
List<String> updateList =new ArrayList();
for(EntityBase entity : entityList){
Object id = entity.get(keyFieldName);
if(ObjectUtils.isEmpty(id))
createList.add(entity);
else
updateList.add(String.valueOf(id));
}
if(updateList.size()>0){
boolean isUpdate = otherBatchActionPermissionValidRouter(deStorageMode, tempEntity ,updateList, entityDataRange);
if(!isUpdate)
return false;
}
if(createList.size()>0){
boolean isCreate=createBatchActionPermissionValid(entityList,entityDataRange);
if(!isCreate)
return false;
}
return true;
}
/**
* 批处理新建权限校验
* @param entityList
* @param entityDataRange
* @return
*/
private boolean createBatchActionPermissionValid(List<EntityBase> entityList,Set<String> entityDataRange){
for(EntityBase entity : entityList){
boolean isCreate = createActionPermissionValid(entity ,entityDataRange);
if(!isCreate){
return false;
}
}
return true;
}
/**
* 批处理行为权限校验[get:update:delete]
* @param deStorageMode
* @param entity
* @param ids
* @param entityDataRange
* @return
*/
private boolean otherBatchActionPermissionValidRouter(String deStorageMode , EntityBase entity , List<String> ids , Set<String> entityDataRange){
if(deStorageMode.equalsIgnoreCase("sql")){
return sqlBatchPermissionValid(entity ,ids, entityDataRange);
}
else if(deStorageMode.equalsIgnoreCase("nosql")){
return noSqlBatchPermissionValid(entity, ids , entityDataRange);
}
else if(deStorageMode.equalsIgnoreCase("serviceapi")){
return true;
}
else {
throw new RuntimeException(String.format("未能识别实体对应存储模式[%s]",deStorageMode));
}
}
/**
* SQL批处理权限校验
* @param entity
* @param ids
* @param entityDataRange
* @return
*/
private boolean sqlBatchPermissionValid(EntityBase entity , List<String> ids, Set<String> entityDataRange){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String keyFieldName=permissionField.get(keyFieldTag);
ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entity.getClass().getSimpleName(),"ServiceImpl"));//获取实体service对象
//通过权限表达式来获取sql
String permissionSQL= String.format(" (%s) AND ( %s in (%s) ) ",getPermissionSQL(entity,entityDataRange),keyFieldName,getEntityKeyCond(ids)); //拼接权限条件-编辑
//执行sql进行权限检查
QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
List list=service.list(permissionWrapper);
if(list.size() == ids.size()){
return true;
}else{
return false;
}
}
/**
* NoSQL批处理权限校验
* @param entity
* @param ids
* @param entityDataRange
* @return
*/
private boolean noSqlBatchPermissionValid(EntityBase entity, List<String> ids, Set<String> entityDataRange) {
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String keyFieldName=permissionField.get(keyFieldTag);
//根据权限表达式填充权限条件
QueryBuilder permissionCond=getNoSqlPermissionCond(entity,entityDataRange);
//权限条件拼接主键
permissionCond.and(keyFieldName).in(ids);
//执行权限检查
Query query = new BasicQuery(permissionCond.get().toString());
List list=mongoTemplate.find(query,entity.getClass());
if(list.size()==ids.size()){
return true;
}
else{
return false;
}
}
/**
* 是否为全部数据
* @param action
......@@ -317,14 +104,13 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
/**
* 新建行为校验
* 实体行为权限校验
* @param entity
* @param entityDataRange
* @return
*/
private boolean createActionPermissionValid(EntityBase entity, Set<String> entityDataRange){
private boolean actionValid(EntityBase entity, Set<String> entityDataRange){
boolean isCreate=true;
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
......@@ -374,204 +160,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return false;
}
return isCreate;
}
/**
* 根据实体存储模式,进行鉴权
* @param deStorageMode
* @param entity
* @param id
* @param entityDataRange
* @return
*/
private boolean otherActionPermissionValidRouter(String deStorageMode, EntityBase entity , Object id , Set<String> entityDataRange){
if(deStorageMode.equalsIgnoreCase("sql")){
return sqlPermissionValid(entity , id, entityDataRange);
}
else if(deStorageMode.equalsIgnoreCase("nosql")){
return noSqlPermissionValid(entity , id, entityDataRange);
}
else if(deStorageMode.equalsIgnoreCase("serviceapi")){
return true;
}
else {
throw new RuntimeException(String.format("未能识别[%s]实体对应存储模式[%s]",entity.getClass().getSimpleName(),deStorageMode));
}
}
/**
* sql存储模式实体行为鉴权
* @param entity
* @param id
* @param entityDataRange
* @return
*/
private boolean sqlPermissionValid(EntityBase entity , Object id, Set<String> entityDataRange){
ServiceImpl service= SpringContextHolder.getBean(String.format("%s%s",entity.getClass().getSimpleName(),"ServiceImpl"));//获取实体service对象
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
//通过权限表达式来获取sql
String permissionSQL= String.format(" (%s) AND (%s='%s')",getPermissionSQL(entity,entityDataRange),permissionField.get(keyFieldTag),id); //拼接权限条件-编辑
//执行sql进行权限检查
QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
List list=service.list(permissionWrapper);
if(list.size()>0){
return true;
}else{
return false;
}
}
/**
* NoSQL实体行为鉴权
* @param entity
* @param id
* @param entityDataRange
* @return
*/
private boolean noSqlPermissionValid(EntityBase entity, Object id, Set<String> entityDataRange) {
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String keyField=permissionField.get(keyFieldTag);
//根据权限表达式填充权限条件
QueryBuilder permissionCond=getNoSqlPermissionCond(entity,entityDataRange);
//权限条件拼接主键
permissionCond.and(keyField).is(id);
//执行权限检查
Query query = new BasicQuery(permissionCond.get().toString());
List list=mongoTemplate.find(query,entity.getClass());
if(list.size()>0){
return true;
}
else{
return false;
}
}
/**
* 为NoSQL存储模式的表格查询填充权限条件
* @param entity
* @param entityDataRange
* @return
*/
private QueryBuilder getNoSqlPermissionCond( EntityBase entity ,Set<String> entityDataRange){
QueryBuilder permissionSQL=new QueryBuilder();
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
String createManField=permissionField.get("createmanfield");
AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
Set<String> orgParent = userInfo.get("parentorg");
Set<String> orgChild = userInfo.get("suborg");
Set<String> orgDeptParent = userInfo.get("parentdept");
Set<String> orgDeptChild = userInfo.get("subdept");
for(String permissionCond:entityDataRange){
if(permissionCond.endsWith("curorg")){ //本单位
permissionSQL.or(new QueryBuilder().and(orgField).is(AuthenticationUser.getAuthenticationUser().getOrgid()).get());
}
else if(permissionCond.endsWith("porg")){//上级单位
permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgParent)).get());
}
else if(permissionCond.endsWith("sorg")){//下级单位
permissionSQL.or(new QueryBuilder().and(orgField).in(formatStringArr(orgChild)).get());
}
else if(permissionCond.endsWith("createman")){//建立人
permissionSQL.or(new QueryBuilder().and(createManField).is(AuthenticationUser.getAuthenticationUser().getUserid()).get());
}
else if(permissionCond.endsWith("curorgdept")){//本部门
permissionSQL.or(new QueryBuilder().and(orgDeptField).is(AuthenticationUser.getAuthenticationUser().getMdeptid()).get());
}
else if(permissionCond.endsWith("porgdept")){//上级部门
permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptParent)).get());
}
else if(permissionCond.endsWith("sorgdept")){//下级部门
permissionSQL.or(new QueryBuilder().and(orgDeptField).in(formatStringArr(orgDeptChild)).get());
}
else if(permissionCond.endsWith("all")){
permissionSQL.or(new QueryBuilder().get());
}
}
return permissionSQL;
}
/**
* SQL获取权限条件
* @param entity
* @param entityDataRange
* @return
*/
private String getPermissionSQL(EntityBase entity, Set<String> entityDataRange){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String nPermissionSQL = "1<>1";
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
String createManField=permissionField.get("createmanfield");
StringBuffer permissionSQL=new StringBuffer();
AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
Set<String> orgParent = userInfo.get("parentorg");
Set<String> orgChild = userInfo.get("suborg");
Set<String> orgDeptParent = userInfo.get("parentdept");
Set<String> orgDeptChild = userInfo.get("subdept");
for(String permissionCond: entityDataRange){
permissionSQL.append("OR");
if(permissionCond.endsWith("curorg")){ //本单位
permissionSQL.append(String.format("(%s='%s')",orgField,AuthenticationUser.getAuthenticationUser().getOrgid()));
}
else if(permissionCond.endsWith("porg")){//上级单位
permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgParent)));
}
else if(permissionCond.endsWith("sorg")){//下级单位
permissionSQL.append(String.format(" %s in(%s) ", orgField, formatStringArr(orgChild)));
}
else if(permissionCond.endsWith("createman")){//建立人
permissionSQL.append(String.format("(%s='%s')",createManField,AuthenticationUser.getAuthenticationUser().getUserid()));
}
else if(permissionCond.endsWith("curorgdept")){//本部门
permissionSQL.append(String.format("(%s='%s')",orgDeptField,AuthenticationUser.getAuthenticationUser().getMdeptid()));
}
else if(permissionCond.endsWith("porgdept")){//上级部门
permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptParent)));
}
else if(permissionCond.endsWith("sorgdept")){//下级部门
permissionSQL.append(String.format(" %s in (%s) ", orgDeptField, formatStringArr(orgDeptChild)));
}
else if(permissionCond.endsWith("all")){//全部数据
permissionSQL.append("(1=1)");
}
else{
permissionSQL.append(nPermissionSQL);
}
}
if(StringUtils.isEmpty(permissionSQL.toString()))
return "";
String resultCond=parseResult(permissionSQL, "OR");
return resultCond;
}
/**
* 构造 wrapper
* @param whereCond
* @return
*/
private QueryWrapper getPermissionWrapper(String whereCond){
QueryWrapper permissionWrapper=new QueryWrapper();
if(!StringUtils.isEmpty(whereCond)){
permissionWrapper.apply(whereCond);
}
return permissionWrapper;
}
/**
* 获取实体权限字段 orgid/orgsecid
......@@ -624,65 +214,4 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
return deFieldMap;
}
/**
* 转换[a,b]格式字符串到 'a','b'格式
* @return
*/
private String formatStringArr(Set<String> array) {
String[] arr = array.toArray(new String[array.size()]);
return "'" + String.join("','", arr) + "'";
}
/**
* 格式转换
* @param cond
* @param operator
* @return
*/
private String parseResult(StringBuffer cond, String operator) {
String resultCond = cond.toString();
if (resultCond.startsWith(operator))
resultCond = resultCond.replaceFirst(operator, "");
if (resultCond.endsWith(operator))
resultCond = resultCond.substring(0, resultCond.lastIndexOf(operator));
return resultCond;
}
/**
* 转换[a,b]格式字符串到 'a','b'格式
*
* @return
*/
private String getEntityKeyCond(List<String> array) {
String[] arr = array.toArray(new String[array.size()]);
return "'" + String.join("','", arr) + "'";
}
/**
* 获取实体主键集合
* @param entityBase
* @param entityList
* @return
*/
private List<String> getIds(EntityBase entityBase ,List<EntityBase> entityList) {
List<String> entityKeyList=new ArrayList<>();
Map<String,String> permissionField=getPermissionField(entityBase);//获取组织、部门预置属性
String keyFieldName=permissionField.get(keyFieldTag);
if(StringUtils.isEmpty(keyFieldName))
return entityKeyList;
for(EntityBase entity: entityList){
Object objEntityKey = entity.get(keyFieldName);
if(!ObjectUtils.isEmpty(objEntityKey)){
entityKeyList.add(String.valueOf(objEntityKey));
}
}
return entityKeyList;
}
}
\ No newline at end of file
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册