提交 02bb2ad9 编写于 作者: ibizdev's avatar ibizdev

laizhilong 发布系统代码

上级 1f443b52
......@@ -44,7 +44,8 @@ export default {
tabpage1: "权限",
druipart2: "用户",
tabpage2: "用户",
tabpage3: "分页面板",
druipart3: "角色权限关系",
tabpage3: "角色权限关系",
tabpanel1: "",
formpage1: "基本信息",
srfupdatedate: "更新时间",
......@@ -55,9 +56,9 @@ export default {
srfuf: "",
srfdeid: "",
srfsourcekey: "",
sys_roleid: "角色表标识",
sys_rolename: "角色表名称",
memo: "备注",
sys_roleid: "角色表标识",
},
uiactions: {
},
......
......@@ -43,7 +43,8 @@ export default {
tabpage1: '权限',
druipart2: '用户',
tabpage2: '用户',
tabpage3: '分页面板',
druipart3: '角色权限关系',
tabpage3: '角色权限关系',
tabpanel1: '',
formpage1: '基本信息',
srfupdatedate: '更新时间',
......@@ -54,9 +55,9 @@ export default {
srfuf: '',
srfdeid: '',
srfsourcekey: '',
sys_roleid: '角色表标识',
sys_rolename: '角色表名称',
memo: '备注',
sys_roleid: '角色表标识',
},
uiactions: {
},
......
......@@ -104,6 +104,7 @@ export const viewstate: any = {
viewdatachange: false,
refviews: [
'61a949e3c23ebdda724888662ded1478',
'b8a97c1797a1b91fbb37f8c2d14b1fb6',
'fb89f9af95f2caf92ccc1249025c9a1b',
],
},
......@@ -156,6 +157,7 @@ export const viewstate: any = {
viewdatachange: false,
refviews: [
'61a949e3c23ebdda724888662ded1478',
'b8a97c1797a1b91fbb37f8c2d14b1fb6',
'fb89f9af95f2caf92ccc1249025c9a1b',
],
},
......
......@@ -3,27 +3,27 @@
<input style="display:none;" />
<row >
<i-col v-show="detailsModel.group1.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<i-col v-show="detailsModel.group1.visible" :style="{}" :lg="{ span: 12, offset: 0 }">
<app-form-group layoutType="TABLE_24COL" titleStyle="" class='' uiActionGroup="detailsModel.group1.uiActionGroup" @groupuiactionclick="groupUIActionClick($event)" :caption="$t('entities.sys_role.main_form.details.group1')" :isShowCaption="true" uiStyle="DEFAULT" :titleBarCloseMode="0" :isInfoGroupMode="false" >
<row>
<i-col v-show="detailsModel.sys_rolename.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<i-col v-show="detailsModel.sys_roleid.visible" :style="{}" :lg="{ span: 12, offset: 0 }">
<app-form-item name='sys_roleid' :itemRules="this.rules.sys_roleid" class='' :caption="$t('entities.sys_role.main_form.details.sys_roleid')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.sys_roleid.error" :isEmptyCaption="false" labelPos="LEFT">
<app-span name='sys_roleid'
:value="data.sys_roleid" style=""></app-span>
</app-form-item>
</i-col>
<i-col v-show="detailsModel.sys_rolename.visible" :style="{}" :lg="{ span: 12, offset: 0 }">
<app-form-item name='sys_rolename' :itemRules="this.rules.sys_rolename" class='' :caption="$t('entities.sys_role.main_form.details.sys_rolename')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.sys_rolename.error" :isEmptyCaption="false" labelPos="LEFT">
<input-box v-model="data.sys_rolename" @enter="onEnter($event)" unit="" :disabled="detailsModel.sys_rolename.disabled" type='text' style=""></input-box>
</app-form-item>
</i-col>
<i-col v-show="detailsModel.memo.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<i-col v-show="detailsModel.memo.visible" :style="{}" :lg="{ span: 12, offset: 0 }">
<app-form-item name='memo' :itemRules="this.rules.memo" class='' :caption="$t('entities.sys_role.main_form.details.memo')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.memo.error" :isEmptyCaption="false" labelPos="LEFT">
<input-box v-model="data.memo" @enter="onEnter($event)" unit="" :disabled="detailsModel.memo.disabled" type='text' style=""></input-box>
</app-form-item>
</i-col>
<i-col v-show="detailsModel.sys_roleid.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-item name='sys_roleid' :itemRules="this.rules.sys_roleid" class='' :caption="$t('entities.sys_role.main_form.details.sys_roleid')" uiStyle="DEFAULT" :labelWidth="130" :isShowCaption="true" :error="detailsModel.sys_roleid.error" :isEmptyCaption="false" labelPos="LEFT">
<app-span name='sys_roleid'
:value="data.sys_roleid" style=""></app-span>
</app-form-item>
</i-col>
</row>
......@@ -114,6 +114,29 @@
])
}">
<i-col v-show="detailsModel.druipart3.visible" :style="{}" :lg="{ span: 24, offset: 0 }">
<app-form-druipart
:formState="formState"
:isForbidLoad="this.data.srfuf === '0'"
paramItem='sys_role'
:parentdata='{"srfparentdename":"SYS_ROLE","SRFPARENTTYPE":"CUSTOM"}'
:parameters="[
]"
:context="context"
:viewparams="viewparams"
parameterName='sys_role'
parentName="SYS_ROLE"
refviewtype='DEMPICKUPVIEW'
refreshitems=''
:ignorefieldvaluechange="ignorefieldvaluechange"
viewname='sys-permissionmpickup-view'
:data="JSON.stringify(this.data)"
@drdatasaved="drdatasaved($event)"
style=";overflow: auto;">
</app-form-druipart>
</i-col>
</tab-pane>
......@@ -419,9 +442,9 @@ export default class MainBase extends Vue implements ControlInterface {
srfuf: null,
srfdeid: null,
srfsourcekey: null,
sys_roleid: null,
sys_rolename: null,
memo: null,
sys_roleid: null,
sys_role:null,
};
......@@ -512,6 +535,12 @@ export default class MainBase extends Vue implements ControlInterface {
{ required: false, type: 'string', message: ' 值不能为空', trigger: 'change' },
{ required: false, type: 'string', message: ' 值不能为空', trigger: 'blur' },
],
sys_roleid: [
{ type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'change' },
{ type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'blur' },
{ required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'change' },
{ required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'blur' },
],
sys_rolename: [
{ type: 'string', message: '角色表名称 值必须为字符串类型', trigger: 'change' },
{ type: 'string', message: '角色表名称 值必须为字符串类型', trigger: 'blur' },
......@@ -524,12 +553,6 @@ export default class MainBase extends Vue implements ControlInterface {
{ required: false, type: 'string', message: '备注 值不能为空', trigger: 'change' },
{ required: false, type: 'string', message: '备注 值不能为空', trigger: 'blur' },
],
sys_roleid: [
{ type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'change' },
{ type: 'string', message: '角色表标识 值必须为字符串类型', trigger: 'blur' },
{ required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'change' },
{ required: false, type: 'string', message: '角色表标识 值不能为空', trigger: 'blur' },
],
}
/**
......@@ -549,7 +572,9 @@ export default class MainBase extends Vue implements ControlInterface {
,
tabpage2: new FormTabPageModel({ caption: '用户', detailType: 'TABPAGE', name: 'tabpage2', visible: true, isShowCaption: true, form: this })
,
tabpage3: new FormTabPageModel({ caption: '分页面板', detailType: 'TABPAGE', name: 'tabpage3', visible: true, isShowCaption: true, form: this })
druipart3: new FormDRUIPartModel({ caption: '角色权限关系', detailType: 'DRUIPART', name: 'druipart3', visible: true, isShowCaption: true, form: this })
,
tabpage3: new FormTabPageModel({ caption: '角色权限关系', detailType: 'TABPAGE', name: 'tabpage3', visible: true, isShowCaption: true, form: this })
,
tabpanel1: new FormTabPanelModel({ caption: '', detailType: 'TABPANEL', name: 'tabpanel1', visible: true, isShowCaption: false, form: this, tabPages: [{ name: 'tabpage1', index: 0, visible: true }, { name: 'tabpage2', index: 1, visible: true }, { name: 'tabpage3', index: 2, visible: true }] })
,
......@@ -570,12 +595,12 @@ export default class MainBase extends Vue implements ControlInterface {
srfdeid: new FormItemModel({ caption: '', detailType: 'FORMITEM', name: 'srfdeid', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
,
srfsourcekey: new FormItemModel({ caption: '', detailType: 'FORMITEM', name: 'srfsourcekey', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
,
sys_roleid: new FormItemModel({ caption: '角色表标识', detailType: 'FORMITEM', name: 'sys_roleid', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
,
sys_rolename: new FormItemModel({ caption: '角色表名称', detailType: 'FORMITEM', name: 'sys_rolename', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
,
memo: new FormItemModel({ caption: '备注', detailType: 'FORMITEM', name: 'memo', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
,
sys_roleid: new FormItemModel({ caption: '角色表标识', detailType: 'FORMITEM', name: 'sys_roleid', visible: true, isShowCaption: true, form: this, disabled: false, enableCond: 3 })
,
};
......@@ -676,39 +701,39 @@ export default class MainBase extends Vue implements ControlInterface {
}
/**
* 监控表单属性 sys_rolename
* 监控表单属性 sys_roleid
*
* @param {*} newVal
* @param {*} oldVal
* @memberof Main
*/
@Watch('data.sys_rolename')
onSys_rolenameChange(newVal: any, oldVal: any) {
this.formDataChange({ name: 'sys_rolename', newVal: newVal, oldVal: oldVal });
@Watch('data.sys_roleid')
onSys_roleidChange(newVal: any, oldVal: any) {
this.formDataChange({ name: 'sys_roleid', newVal: newVal, oldVal: oldVal });
}
/**
* 监控表单属性 memo
* 监控表单属性 sys_rolename
*
* @param {*} newVal
* @param {*} oldVal
* @memberof Main
*/
@Watch('data.memo')
onMemoChange(newVal: any, oldVal: any) {
this.formDataChange({ name: 'memo', newVal: newVal, oldVal: oldVal });
@Watch('data.sys_rolename')
onSys_rolenameChange(newVal: any, oldVal: any) {
this.formDataChange({ name: 'sys_rolename', newVal: newVal, oldVal: oldVal });
}
/**
* 监控表单属性 sys_roleid
* 监控表单属性 memo
*
* @param {*} newVal
* @param {*} oldVal
* @memberof Main
*/
@Watch('data.sys_roleid')
onSys_roleidChange(newVal: any, oldVal: any) {
this.formDataChange({ name: 'sys_roleid', newVal: newVal, oldVal: oldVal });
@Watch('data.memo')
onMemoChange(newVal: any, oldVal: any) {
this.formDataChange({ name: 'memo', newVal: newVal, oldVal: oldVal });
}
......@@ -765,6 +790,7 @@ export default class MainBase extends Vue implements ControlInterface {
}
......@@ -1289,7 +1315,7 @@ export default class MainBase extends Vue implements ControlInterface {
Object.assign(arg, data);
Object.assign(arg, this.context);
if (ifStateNext) {
this.drcounter = 2;
this.drcounter = 3;
if(this.drcounter !== 0){
this.drsaveopt = opt;
this.formState.next({ type: 'beforesave', data: arg });//先通知关系界面保存
......
......@@ -55,6 +55,11 @@ export default class MainModel {
{
name: 'srfsourcekey',
},
{
name: 'sys_roleid',
prop: 'roleid',
dataType: 'GUID',
},
{
name: 'sys_rolename',
prop: 'rolename',
......@@ -65,11 +70,6 @@ export default class MainModel {
prop: 'memo',
dataType: 'TEXT',
},
{
name: 'sys_roleid',
prop: 'roleid',
dataType: 'GUID',
},
{
name: 'sys_role',
prop: 'roleid',
......
......@@ -150,7 +150,7 @@
<verbose>true</verbose>
<logging>debug</logging>
<contexts>!test</contexts>
<diffExcludeObjects>Index:.*,table:IBZFILE,IBZUSER,IBZDATAAUDIT</diffExcludeObjects>
<diffExcludeObjects>Index:.*,table:ibzfile,ibzuser,ibzdataaudit</diffExcludeObjects>
</configuration>
<phase>process-resources</phase>
<goals>
......
......@@ -136,7 +136,7 @@
</createTable>
</changeSet>
<!--输出实体[SYS_ROLE]数据结构 -->
<changeSet author="a_A_5d9d78509" id="tab-sys_role-63-7">
<changeSet author="a_A_5d9d78509" id="tab-sys_role-68-7">
<createTable tableName="IBZROLE">
<column name="SYS_ROLEID" remarks="" type="VARCHAR(100)">
<constraints primaryKey="true" primaryKeyName="PK_SYS_ROLE_SYS_ROLEID"/>
......
......@@ -50,7 +50,9 @@ public class SYS_PERMISSIONResource {
@Autowired
@Lazy
private SYS_PERMISSIONMapping sys_permissionMapping;
public SYS_PERMISSIONMapping sys_permissionMapping;
public SYS_PERMISSIONDTO permissionDTO=new SYS_PERMISSIONDTO();
......@@ -110,7 +112,6 @@ public class SYS_PERMISSIONResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PERMISSION-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_PERMISSION" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_permissions/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) {
......@@ -131,7 +132,7 @@ public class SYS_PERMISSIONResource {
SYS_PERMISSIONDTO dto = sys_permissionMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PERMISSION-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_PERMISSION" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_permissions/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) {
......@@ -183,12 +184,4 @@ public class SYS_PERMISSIONResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_PERMISSION getEntity(){
return new SYS_PERMISSION();
}
}
......@@ -50,7 +50,9 @@ public class SYS_PSAPPMENUITEMResource {
@Autowired
@Lazy
private SYS_PSAPPMENUITEMMapping sys_psappmenuitemMapping;
public SYS_PSAPPMENUITEMMapping sys_psappmenuitemMapping;
public SYS_PSAPPMENUITEMDTO permissionDTO=new SYS_PSAPPMENUITEMDTO();
......@@ -81,7 +83,7 @@ public class SYS_PSAPPMENUITEMResource {
SYS_PSAPPMENUITEMDTO dto = sys_psappmenuitemMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSAPPMENUITEM-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_PSAPPMENUITEM" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_psappmenuitems/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) {
......@@ -104,7 +106,6 @@ public class SYS_PSAPPMENUITEMResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSAPPMENUITEM-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_PSAPPMENUITEM" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_psappmenuitems/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) {
......@@ -183,12 +184,4 @@ public class SYS_PSAPPMENUITEMResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_PSAPPMENUITEM getEntity(){
return new SYS_PSAPPMENUITEM();
}
}
......@@ -50,7 +50,9 @@ public class SYS_PSDEOPPRIVResource {
@Autowired
@Lazy
private SYS_PSDEOPPRIVMapping sys_psdeopprivMapping;
public SYS_PSDEOPPRIVMapping sys_psdeopprivMapping;
public SYS_PSDEOPPRIVDTO permissionDTO=new SYS_PSDEOPPRIVDTO();
......@@ -101,7 +103,7 @@ public class SYS_PSDEOPPRIVResource {
SYS_PSDEOPPRIVDTO dto = sys_psdeopprivMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSDEOPPRIV-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_PSDEOPPRIV" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_psdeopprivs/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) {
......@@ -136,7 +138,6 @@ public class SYS_PSDEOPPRIVResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSDEOPPRIV-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_PSDEOPPRIV" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_psdeopprivs/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) {
......@@ -183,12 +184,4 @@ public class SYS_PSDEOPPRIVResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_PSDEOPPRIV getEntity(){
return new SYS_PSDEOPPRIV();
}
}
......@@ -50,7 +50,9 @@ public class SYS_ROLEResource {
@Autowired
@Lazy
private SYS_ROLEMapping sys_roleMapping;
public SYS_ROLEMapping sys_roleMapping;
public SYS_ROLEDTO permissionDTO=new SYS_ROLEDTO();
......@@ -83,7 +85,6 @@ public class SYS_ROLEResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_roles/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) {
......@@ -104,7 +105,7 @@ public class SYS_ROLEResource {
SYS_ROLEDTO dto = sys_roleMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_ROLE" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_roles/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) {
......@@ -183,12 +184,4 @@ public class SYS_ROLEResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_ROLE getEntity(){
return new SYS_ROLE();
}
}
......@@ -50,12 +50,14 @@ public class SYS_ROLE_PERMISSIONResource {
@Autowired
@Lazy
private SYS_ROLE_PERMISSIONMapping sys_role_permissionMapping;
public SYS_ROLE_PERMISSIONMapping sys_role_permissionMapping;
public SYS_ROLE_PERMISSIONDTO permissionDTO=new SYS_ROLE_PERMISSIONDTO();
@PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{this.getEntity(),'Sql'})")
@PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{'Sql',this.sys_role_permissionMapping,this.permissionDTO})")
@ApiOperation(value = "Get", tags = {"SYS_ROLE_PERMISSION" }, notes = "Get")
@RequestMapping(method = RequestMethod.GET, value = "/sys_role_permissions/{sys_role_permission_id}")
public ResponseEntity<SYS_ROLE_PERMISSIONDTO> get(@PathVariable("sys_role_permission_id") String sys_role_permission_id) {
......@@ -67,7 +69,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize("hasPermission(#sys_role_permission_id,'Remove',{this.getEntity(),'Sql'})")
@PreAuthorize("hasPermission(#sys_role_permission_id,'Remove',{'Sql',this.sys_role_permissionMapping,this.permissionDTO})")
@ApiOperation(value = "Remove", tags = {"SYS_ROLE_PERMISSION" }, notes = "Remove")
@RequestMapping(method = RequestMethod.DELETE, value = "/sys_role_permissions/{sys_role_permission_id}")
@Transactional
......@@ -94,7 +96,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
@PreAuthorize("hasPermission('','Create',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
@ApiOperation(value = "Create", tags = {"SYS_ROLE_PERMISSION" }, notes = "Create")
@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions")
@Transactional
......@@ -104,7 +106,7 @@ public class SYS_ROLE_PERMISSIONResource {
SYS_ROLE_PERMISSIONDTO dto = sys_role_permissionMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
@ApiOperation(value = "createBatch", tags = {"SYS_ROLE_PERMISSION" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
......@@ -140,7 +142,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
@PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
@ApiOperation(value = "Update", tags = {"SYS_ROLE_PERMISSION" }, notes = "Update")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/{sys_role_permission_id}")
@Transactional
......@@ -152,7 +154,6 @@ public class SYS_ROLE_PERMISSIONResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE_PERMISSION" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
......@@ -497,12 +498,4 @@ public class SYS_ROLE_PERMISSIONResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_ROLE_PERMISSION getEntity(){
return new SYS_ROLE_PERMISSION();
}
}
......@@ -50,7 +50,9 @@ public class SYS_USERResource {
@Autowired
@Lazy
private SYS_USERMapping sys_userMapping;
public SYS_USERMapping sys_userMapping;
public SYS_USERDTO permissionDTO=new SYS_USERDTO();
......@@ -85,7 +87,6 @@ public class SYS_USERResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_USER" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_users/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) {
......@@ -152,7 +153,7 @@ public class SYS_USERResource {
SYS_USERDTO dto = sys_userMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_USER" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_users/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) {
......@@ -183,12 +184,4 @@ public class SYS_USERResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_USER getEntity(){
return new SYS_USER();
}
}
......@@ -50,7 +50,9 @@ public class SYS_USER_ROLEResource {
@Autowired
@Lazy
private SYS_USER_ROLEMapping sys_user_roleMapping;
public SYS_USER_ROLEMapping sys_user_roleMapping;
public SYS_USER_ROLEDTO permissionDTO=new SYS_USER_ROLEDTO();
......@@ -85,7 +87,6 @@ public class SYS_USER_ROLEResource {
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER_ROLE-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_USER_ROLE" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_user_roles/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) {
......@@ -124,7 +125,7 @@ public class SYS_USER_ROLEResource {
SYS_USER_ROLEDTO dto = sys_user_roleMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto);
}
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER_ROLE-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_USER_ROLE" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_user_roles/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) {
......@@ -431,12 +432,4 @@ public class SYS_USER_ROLEResource {
}
/**
* 用户权限校验
* @return
*/
public SYS_USER_ROLE getEntity(){
return new SYS_USER_ROLE();
}
}
......@@ -6,7 +6,9 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.mongodb.QueryBuilder;
import cn.ibizlab.util.annotation.DEField;
import cn.ibizlab.util.domain.DTOBase;
import cn.ibizlab.util.domain.EntityBase;
import cn.ibizlab.util.domain.MappingBase;
import cn.ibizlab.util.enums.DEPredefinedFieldType;
import cn.ibizlab.util.filter.QueryBuildContext;
import cn.ibizlab.util.filter.QueryWrapperContext;
......@@ -72,8 +74,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return true;
List paramList = (ArrayList) params;
EntityBase entity = (EntityBase) paramList.get(0);
String deStorageMode= (String) paramList.get(1);
String deStorageMode= (String) paramList.get(0);
MappingBase mappingBase= (MappingBase) paramList.get(1);
DTOBase dtoBase = (DTOBase) paramList.get(2);
EntityBase entity = (EntityBase) mappingBase.toDomain(dtoBase);
if (StringUtils.isEmpty(entity))
return false;
......@@ -82,10 +86,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
JSONObject permissionList=userPermission.getJSONObject("entities");
String entityName = entity.getClass().getSimpleName();
if(action.equalsIgnoreCase("create")){
return validDEActionHasPermission(permissionList,entityName,action);
}
else{
//拥有全部数据访问权限时,则跳过权限检查
if(isAllData(permissionList,entityName,action)){
return true;
......@@ -94,8 +94,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if(!validDEActionHasPermission(permissionList,entityName,action)){
return false;
}
//检查是否有数据权限
return deActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
if(action.equalsIgnoreCase("create")){
return createActionPermissionValid(permissionList,entity, action);
}
else{
return otherActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
}
}
......@@ -113,7 +116,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if(!permissionList.containsKey(entityName))
return false;
JSONObject entity=permissionList.getJSONObject(entityName);
if(entity.containsKey(action) && entity.getJSONArray(action).contains("ALL"))
if(!entity.containsKey(DEActionType))
return false;
JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
if(dataRange.containsKey(action) && dataRange.getJSONArray(action).contains("all"))
return true;
return false;
......@@ -144,6 +150,81 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return hasPermission;
}
/**
* 新建行为校验
* @param permissionList
* @param entity
* @param action
* @return
*/
private boolean createActionPermissionValid(JSONObject permissionList,EntityBase entity, String action){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String keyField=permissionField.get(keyFieldTag);
if(StringUtils.isEmpty(keyField)){
throw new RuntimeException("权限校验失败,请检查当前实体中是否已经配置主键属性!");
}
//获取权限表达式[全部数据、本单位、本部门等]
JSONObject entityObj=permissionList.getJSONObject(entity.getClass().getSimpleName());//获取实体
JSONObject permissionType= entityObj.getJSONObject(DEActionType);
JSONArray dataRangeList=permissionType.getJSONArray(action);//行为:read;insert...
if(dataRangeList.size()==0)
return false;
boolean isCreate=true;
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
String createManField=permissionField.get("createmanfield");
AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
Set<String> orgParent = userInfo.get("parentorg");
Set<String> orgChild = userInfo.get("suborg");
Set<String> orgDeptParent = userInfo.get("parentdept");
Set<String> orgDeptChild = userInfo.get("subdept");
Object orgFieldValue=entity.get(orgField);
Object orgDeptFieldValue=entity.get(orgDeptField);
Object crateManFieldValue=entity.get(createManField);
Set<String> userOrg = new HashSet<>();
Set<String> userOrgDept = new HashSet<>();
for(int a=0;a<dataRangeList.size();a++){
String permissionCond=dataRangeList.getString(a);//权限配置条件
if(permissionCond.equals("curorg")){ //本单位
userOrg.add(authenticationUser.getOrgid());
}
else if(permissionCond.equals("porg")){//上级单位
userOrg.addAll(orgParent);
}
else if(permissionCond.equals("sorg")){//下级单位
userOrg.addAll(orgChild);
}
else if(permissionCond.equals("curorgdept")){//本部门
userOrgDept.add(authenticationUser.getMdeptid());
}
else if(permissionCond.equals("porgdept")){//上级部门
userOrgDept.addAll(orgDeptParent);
}
else if(permissionCond.equals("sorgdept")){//下级部门
userOrgDept.addAll(orgDeptChild);
}
}
if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){
return false;
}
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){
return false;
}
if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){
return false;
}
return isCreate;
}
/**
* 根据实体存储模式,进行鉴权
......@@ -154,7 +235,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param permissionList
* @return
*/
private boolean deActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){
private boolean otherActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){
if(deStorageMode.equalsIgnoreCase("sql")){
return sqlPermissionValid(entity , action , srfKey, permissionList);
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册