提交 02bb2ad9 编写于 作者: ibizdev's avatar ibizdev

laizhilong 发布系统代码

上级 1f443b52
...@@ -44,7 +44,8 @@ export default { ...@@ -44,7 +44,8 @@ export default {
tabpage1: "权限", tabpage1: "权限",
druipart2: "用户", druipart2: "用户",
tabpage2: "用户", tabpage2: "用户",
tabpage3: "分页面板", druipart3: "角色权限关系",
tabpage3: "角色权限关系",
tabpanel1: "", tabpanel1: "",
formpage1: "基本信息", formpage1: "基本信息",
srfupdatedate: "更新时间", srfupdatedate: "更新时间",
...@@ -55,9 +56,9 @@ export default { ...@@ -55,9 +56,9 @@ export default {
srfuf: "", srfuf: "",
srfdeid: "", srfdeid: "",
srfsourcekey: "", srfsourcekey: "",
sys_roleid: "角色表标识",
sys_rolename: "角色表名称", sys_rolename: "角色表名称",
memo: "备注", memo: "备注",
sys_roleid: "角色表标识",
}, },
uiactions: { uiactions: {
}, },
......
...@@ -43,7 +43,8 @@ export default { ...@@ -43,7 +43,8 @@ export default {
tabpage1: '权限', tabpage1: '权限',
druipart2: '用户', druipart2: '用户',
tabpage2: '用户', tabpage2: '用户',
tabpage3: '分页面板', druipart3: '角色权限关系',
tabpage3: '角色权限关系',
tabpanel1: '', tabpanel1: '',
formpage1: '基本信息', formpage1: '基本信息',
srfupdatedate: '更新时间', srfupdatedate: '更新时间',
...@@ -54,9 +55,9 @@ export default { ...@@ -54,9 +55,9 @@ export default {
srfuf: '', srfuf: '',
srfdeid: '', srfdeid: '',
srfsourcekey: '', srfsourcekey: '',
sys_roleid: '角色表标识',
sys_rolename: '角色表名称', sys_rolename: '角色表名称',
memo: '备注', memo: '备注',
sys_roleid: '角色表标识',
}, },
uiactions: { uiactions: {
}, },
......
...@@ -104,6 +104,7 @@ export const viewstate: any = { ...@@ -104,6 +104,7 @@ export const viewstate: any = {
viewdatachange: false, viewdatachange: false,
refviews: [ refviews: [
'61a949e3c23ebdda724888662ded1478', '61a949e3c23ebdda724888662ded1478',
'b8a97c1797a1b91fbb37f8c2d14b1fb6',
'fb89f9af95f2caf92ccc1249025c9a1b', 'fb89f9af95f2caf92ccc1249025c9a1b',
], ],
}, },
...@@ -156,6 +157,7 @@ export const viewstate: any = { ...@@ -156,6 +157,7 @@ export const viewstate: any = {
viewdatachange: false, viewdatachange: false,
refviews: [ refviews: [
'61a949e3c23ebdda724888662ded1478', '61a949e3c23ebdda724888662ded1478',
'b8a97c1797a1b91fbb37f8c2d14b1fb6',
'fb89f9af95f2caf92ccc1249025c9a1b', 'fb89f9af95f2caf92ccc1249025c9a1b',
], ],
}, },
......
...@@ -55,6 +55,11 @@ export default class MainModel { ...@@ -55,6 +55,11 @@ export default class MainModel {
{ {
name: 'srfsourcekey', name: 'srfsourcekey',
}, },
{
name: 'sys_roleid',
prop: 'roleid',
dataType: 'GUID',
},
{ {
name: 'sys_rolename', name: 'sys_rolename',
prop: 'rolename', prop: 'rolename',
...@@ -65,11 +70,6 @@ export default class MainModel { ...@@ -65,11 +70,6 @@ export default class MainModel {
prop: 'memo', prop: 'memo',
dataType: 'TEXT', dataType: 'TEXT',
}, },
{
name: 'sys_roleid',
prop: 'roleid',
dataType: 'GUID',
},
{ {
name: 'sys_role', name: 'sys_role',
prop: 'roleid', prop: 'roleid',
......
...@@ -150,7 +150,7 @@ ...@@ -150,7 +150,7 @@
<verbose>true</verbose> <verbose>true</verbose>
<logging>debug</logging> <logging>debug</logging>
<contexts>!test</contexts> <contexts>!test</contexts>
<diffExcludeObjects>Index:.*,table:IBZFILE,IBZUSER,IBZDATAAUDIT</diffExcludeObjects> <diffExcludeObjects>Index:.*,table:ibzfile,ibzuser,ibzdataaudit</diffExcludeObjects>
</configuration> </configuration>
<phase>process-resources</phase> <phase>process-resources</phase>
<goals> <goals>
......
...@@ -136,7 +136,7 @@ ...@@ -136,7 +136,7 @@
</createTable> </createTable>
</changeSet> </changeSet>
<!--输出实体[SYS_ROLE]数据结构 --> <!--输出实体[SYS_ROLE]数据结构 -->
<changeSet author="a_A_5d9d78509" id="tab-sys_role-63-7"> <changeSet author="a_A_5d9d78509" id="tab-sys_role-68-7">
<createTable tableName="IBZROLE"> <createTable tableName="IBZROLE">
<column name="SYS_ROLEID" remarks="" type="VARCHAR(100)"> <column name="SYS_ROLEID" remarks="" type="VARCHAR(100)">
<constraints primaryKey="true" primaryKeyName="PK_SYS_ROLE_SYS_ROLEID"/> <constraints primaryKey="true" primaryKeyName="PK_SYS_ROLE_SYS_ROLEID"/>
......
...@@ -50,7 +50,9 @@ public class SYS_PERMISSIONResource { ...@@ -50,7 +50,9 @@ public class SYS_PERMISSIONResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_PERMISSIONMapping sys_permissionMapping; public SYS_PERMISSIONMapping sys_permissionMapping;
public SYS_PERMISSIONDTO permissionDTO=new SYS_PERMISSIONDTO();
...@@ -110,7 +112,6 @@ public class SYS_PERMISSIONResource { ...@@ -110,7 +112,6 @@ public class SYS_PERMISSIONResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PERMISSION-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_PERMISSION" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_PERMISSION" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_permissions/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_permissions/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) {
...@@ -131,7 +132,7 @@ public class SYS_PERMISSIONResource { ...@@ -131,7 +132,7 @@ public class SYS_PERMISSIONResource {
SYS_PERMISSIONDTO dto = sys_permissionMapping.toDto(domain); SYS_PERMISSIONDTO dto = sys_permissionMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PERMISSION-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_PERMISSION" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_PERMISSION" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_permissions/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_permissions/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PERMISSIONDTO> sys_permissiondtos) {
...@@ -183,12 +184,4 @@ public class SYS_PERMISSIONResource { ...@@ -183,12 +184,4 @@ public class SYS_PERMISSIONResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_PERMISSION getEntity(){
return new SYS_PERMISSION();
}
} }
...@@ -50,7 +50,9 @@ public class SYS_PSAPPMENUITEMResource { ...@@ -50,7 +50,9 @@ public class SYS_PSAPPMENUITEMResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_PSAPPMENUITEMMapping sys_psappmenuitemMapping; public SYS_PSAPPMENUITEMMapping sys_psappmenuitemMapping;
public SYS_PSAPPMENUITEMDTO permissionDTO=new SYS_PSAPPMENUITEMDTO();
...@@ -81,7 +83,7 @@ public class SYS_PSAPPMENUITEMResource { ...@@ -81,7 +83,7 @@ public class SYS_PSAPPMENUITEMResource {
SYS_PSAPPMENUITEMDTO dto = sys_psappmenuitemMapping.toDto(domain); SYS_PSAPPMENUITEMDTO dto = sys_psappmenuitemMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSAPPMENUITEM-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_PSAPPMENUITEM" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_PSAPPMENUITEM" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_psappmenuitems/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_psappmenuitems/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) {
...@@ -104,7 +106,6 @@ public class SYS_PSAPPMENUITEMResource { ...@@ -104,7 +106,6 @@ public class SYS_PSAPPMENUITEMResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSAPPMENUITEM-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_PSAPPMENUITEM" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_PSAPPMENUITEM" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_psappmenuitems/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_psappmenuitems/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSAPPMENUITEMDTO> sys_psappmenuitemdtos) {
...@@ -183,12 +184,4 @@ public class SYS_PSAPPMENUITEMResource { ...@@ -183,12 +184,4 @@ public class SYS_PSAPPMENUITEMResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_PSAPPMENUITEM getEntity(){
return new SYS_PSAPPMENUITEM();
}
} }
...@@ -50,7 +50,9 @@ public class SYS_PSDEOPPRIVResource { ...@@ -50,7 +50,9 @@ public class SYS_PSDEOPPRIVResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_PSDEOPPRIVMapping sys_psdeopprivMapping; public SYS_PSDEOPPRIVMapping sys_psdeopprivMapping;
public SYS_PSDEOPPRIVDTO permissionDTO=new SYS_PSDEOPPRIVDTO();
...@@ -101,7 +103,7 @@ public class SYS_PSDEOPPRIVResource { ...@@ -101,7 +103,7 @@ public class SYS_PSDEOPPRIVResource {
SYS_PSDEOPPRIVDTO dto = sys_psdeopprivMapping.toDto(domain); SYS_PSDEOPPRIVDTO dto = sys_psdeopprivMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSDEOPPRIV-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_PSDEOPPRIV" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_PSDEOPPRIV" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_psdeopprivs/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_psdeopprivs/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) {
...@@ -136,7 +138,6 @@ public class SYS_PSDEOPPRIVResource { ...@@ -136,7 +138,6 @@ public class SYS_PSDEOPPRIVResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_PSDEOPPRIV-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_PSDEOPPRIV" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_PSDEOPPRIV" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_psdeopprivs/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_psdeopprivs/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_PSDEOPPRIVDTO> sys_psdeopprivdtos) {
...@@ -183,12 +184,4 @@ public class SYS_PSDEOPPRIVResource { ...@@ -183,12 +184,4 @@ public class SYS_PSDEOPPRIVResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_PSDEOPPRIV getEntity(){
return new SYS_PSDEOPPRIV();
}
} }
...@@ -50,7 +50,9 @@ public class SYS_ROLEResource { ...@@ -50,7 +50,9 @@ public class SYS_ROLEResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_ROLEMapping sys_roleMapping; public SYS_ROLEMapping sys_roleMapping;
public SYS_ROLEDTO permissionDTO=new SYS_ROLEDTO();
...@@ -83,7 +85,6 @@ public class SYS_ROLEResource { ...@@ -83,7 +85,6 @@ public class SYS_ROLEResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_roles/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_roles/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) {
...@@ -104,7 +105,7 @@ public class SYS_ROLEResource { ...@@ -104,7 +105,7 @@ public class SYS_ROLEResource {
SYS_ROLEDTO dto = sys_roleMapping.toDto(domain); SYS_ROLEDTO dto = sys_roleMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_ROLE" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_ROLE" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_roles/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_roles/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLEDTO> sys_roledtos) {
...@@ -183,12 +184,4 @@ public class SYS_ROLEResource { ...@@ -183,12 +184,4 @@ public class SYS_ROLEResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_ROLE getEntity(){
return new SYS_ROLE();
}
} }
...@@ -50,12 +50,14 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -50,12 +50,14 @@ public class SYS_ROLE_PERMISSIONResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_ROLE_PERMISSIONMapping sys_role_permissionMapping; public SYS_ROLE_PERMISSIONMapping sys_role_permissionMapping;
public SYS_ROLE_PERMISSIONDTO permissionDTO=new SYS_ROLE_PERMISSIONDTO();
@PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{this.getEntity(),'Sql'})")
@PreAuthorize("hasPermission(#sys_role_permission_id,'Get',{'Sql',this.sys_role_permissionMapping,this.permissionDTO})")
@ApiOperation(value = "Get", tags = {"SYS_ROLE_PERMISSION" }, notes = "Get") @ApiOperation(value = "Get", tags = {"SYS_ROLE_PERMISSION" }, notes = "Get")
@RequestMapping(method = RequestMethod.GET, value = "/sys_role_permissions/{sys_role_permission_id}") @RequestMapping(method = RequestMethod.GET, value = "/sys_role_permissions/{sys_role_permission_id}")
public ResponseEntity<SYS_ROLE_PERMISSIONDTO> get(@PathVariable("sys_role_permission_id") String sys_role_permission_id) { public ResponseEntity<SYS_ROLE_PERMISSIONDTO> get(@PathVariable("sys_role_permission_id") String sys_role_permission_id) {
...@@ -67,7 +69,7 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -67,7 +69,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize("hasPermission(#sys_role_permission_id,'Remove',{this.getEntity(),'Sql'})") @PreAuthorize("hasPermission(#sys_role_permission_id,'Remove',{'Sql',this.sys_role_permissionMapping,this.permissionDTO})")
@ApiOperation(value = "Remove", tags = {"SYS_ROLE_PERMISSION" }, notes = "Remove") @ApiOperation(value = "Remove", tags = {"SYS_ROLE_PERMISSION" }, notes = "Remove")
@RequestMapping(method = RequestMethod.DELETE, value = "/sys_role_permissions/{sys_role_permission_id}") @RequestMapping(method = RequestMethod.DELETE, value = "/sys_role_permissions/{sys_role_permission_id}")
@Transactional @Transactional
...@@ -94,7 +96,7 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -94,7 +96,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})") @PreAuthorize("hasPermission('','Create',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
@ApiOperation(value = "Create", tags = {"SYS_ROLE_PERMISSION" }, notes = "Create") @ApiOperation(value = "Create", tags = {"SYS_ROLE_PERMISSION" }, notes = "Create")
@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions") @RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions")
@Transactional @Transactional
...@@ -104,7 +106,7 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -104,7 +106,7 @@ public class SYS_ROLE_PERMISSIONResource {
SYS_ROLE_PERMISSIONDTO dto = sys_role_permissionMapping.toDto(domain); SYS_ROLE_PERMISSIONDTO dto = sys_role_permissionMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasPermission('','Create',{this.getEntity(),'Sql'})")
@ApiOperation(value = "createBatch", tags = {"SYS_ROLE_PERMISSION" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_ROLE_PERMISSION" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_role_permissions/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
...@@ -140,7 +142,7 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -140,7 +142,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})") @PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{'Sql',this.sys_role_permissionMapping,#sys_role_permissiondto})")
@ApiOperation(value = "Update", tags = {"SYS_ROLE_PERMISSION" }, notes = "Update") @ApiOperation(value = "Update", tags = {"SYS_ROLE_PERMISSION" }, notes = "Update")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/{sys_role_permission_id}") @RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/{sys_role_permission_id}")
@Transactional @Transactional
...@@ -152,7 +154,6 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -152,7 +154,6 @@ public class SYS_ROLE_PERMISSIONResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasPermission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'})")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE_PERMISSION" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_ROLE_PERMISSION" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_role_permissions/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_ROLE_PERMISSIONDTO> sys_role_permissiondtos) {
...@@ -497,12 +498,4 @@ public class SYS_ROLE_PERMISSIONResource { ...@@ -497,12 +498,4 @@ public class SYS_ROLE_PERMISSIONResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_ROLE_PERMISSION getEntity(){
return new SYS_ROLE_PERMISSION();
}
} }
...@@ -50,7 +50,9 @@ public class SYS_USERResource { ...@@ -50,7 +50,9 @@ public class SYS_USERResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_USERMapping sys_userMapping; public SYS_USERMapping sys_userMapping;
public SYS_USERDTO permissionDTO=new SYS_USERDTO();
...@@ -85,7 +87,6 @@ public class SYS_USERResource { ...@@ -85,7 +87,6 @@ public class SYS_USERResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_USER" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_USER" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_users/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_users/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) {
...@@ -152,7 +153,7 @@ public class SYS_USERResource { ...@@ -152,7 +153,7 @@ public class SYS_USERResource {
SYS_USERDTO dto = sys_userMapping.toDto(domain); SYS_USERDTO dto = sys_userMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_USER" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_USER" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_users/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_users/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USERDTO> sys_userdtos) {
...@@ -183,12 +184,4 @@ public class SYS_USERResource { ...@@ -183,12 +184,4 @@ public class SYS_USERResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_USER getEntity(){
return new SYS_USER();
}
} }
...@@ -50,7 +50,9 @@ public class SYS_USER_ROLEResource { ...@@ -50,7 +50,9 @@ public class SYS_USER_ROLEResource {
@Autowired @Autowired
@Lazy @Lazy
private SYS_USER_ROLEMapping sys_user_roleMapping; public SYS_USER_ROLEMapping sys_user_roleMapping;
public SYS_USER_ROLEDTO permissionDTO=new SYS_USER_ROLEDTO();
...@@ -85,7 +87,6 @@ public class SYS_USER_ROLEResource { ...@@ -85,7 +87,6 @@ public class SYS_USER_ROLEResource {
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER_ROLE-Update-all')")
@ApiOperation(value = "UpdateBatch", tags = {"SYS_USER_ROLE" }, notes = "UpdateBatch") @ApiOperation(value = "UpdateBatch", tags = {"SYS_USER_ROLE" }, notes = "UpdateBatch")
@RequestMapping(method = RequestMethod.PUT, value = "/sys_user_roles/batch") @RequestMapping(method = RequestMethod.PUT, value = "/sys_user_roles/batch")
public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) { public ResponseEntity<Boolean> updateBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) {
...@@ -124,7 +125,7 @@ public class SYS_USER_ROLEResource { ...@@ -124,7 +125,7 @@ public class SYS_USER_ROLEResource {
SYS_USER_ROLEDTO dto = sys_user_roleMapping.toDto(domain); SYS_USER_ROLEDTO dto = sys_user_roleMapping.toDto(domain);
return ResponseEntity.status(HttpStatus.OK).body(dto); return ResponseEntity.status(HttpStatus.OK).body(dto);
} }
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_USER_ROLE-Create-all')")
@ApiOperation(value = "createBatch", tags = {"SYS_USER_ROLE" }, notes = "createBatch") @ApiOperation(value = "createBatch", tags = {"SYS_USER_ROLE" }, notes = "createBatch")
@RequestMapping(method = RequestMethod.POST, value = "/sys_user_roles/batch") @RequestMapping(method = RequestMethod.POST, value = "/sys_user_roles/batch")
public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) { public ResponseEntity<Boolean> createBatch(@RequestBody List<SYS_USER_ROLEDTO> sys_user_roledtos) {
...@@ -431,12 +432,4 @@ public class SYS_USER_ROLEResource { ...@@ -431,12 +432,4 @@ public class SYS_USER_ROLEResource {
} }
/**
* 用户权限校验
* @return
*/
public SYS_USER_ROLE getEntity(){
return new SYS_USER_ROLE();
}
} }
...@@ -6,7 +6,9 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; ...@@ -6,7 +6,9 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import com.mongodb.QueryBuilder; import com.mongodb.QueryBuilder;
import cn.ibizlab.util.annotation.DEField; import cn.ibizlab.util.annotation.DEField;
import cn.ibizlab.util.domain.DTOBase;
import cn.ibizlab.util.domain.EntityBase; import cn.ibizlab.util.domain.EntityBase;
import cn.ibizlab.util.domain.MappingBase;
import cn.ibizlab.util.enums.DEPredefinedFieldType; import cn.ibizlab.util.enums.DEPredefinedFieldType;
import cn.ibizlab.util.filter.QueryBuildContext; import cn.ibizlab.util.filter.QueryBuildContext;
import cn.ibizlab.util.filter.QueryWrapperContext; import cn.ibizlab.util.filter.QueryWrapperContext;
...@@ -72,8 +74,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -72,8 +74,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return true; return true;
List paramList = (ArrayList) params; List paramList = (ArrayList) params;
EntityBase entity = (EntityBase) paramList.get(0); String deStorageMode= (String) paramList.get(0);
String deStorageMode= (String) paramList.get(1); MappingBase mappingBase= (MappingBase) paramList.get(1);
DTOBase dtoBase = (DTOBase) paramList.get(2);
EntityBase entity = (EntityBase) mappingBase.toDomain(dtoBase);
if (StringUtils.isEmpty(entity)) if (StringUtils.isEmpty(entity))
return false; return false;
...@@ -82,10 +86,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -82,10 +86,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
JSONObject permissionList=userPermission.getJSONObject("entities"); JSONObject permissionList=userPermission.getJSONObject("entities");
String entityName = entity.getClass().getSimpleName(); String entityName = entity.getClass().getSimpleName();
if(action.equalsIgnoreCase("create")){
return validDEActionHasPermission(permissionList,entityName,action);
}
else{
//拥有全部数据访问权限时,则跳过权限检查 //拥有全部数据访问权限时,则跳过权限检查
if(isAllData(permissionList,entityName,action)){ if(isAllData(permissionList,entityName,action)){
return true; return true;
...@@ -94,8 +94,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -94,8 +94,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if(!validDEActionHasPermission(permissionList,entityName,action)){ if(!validDEActionHasPermission(permissionList,entityName,action)){
return false; return false;
} }
//检查是否有数据权限 if(action.equalsIgnoreCase("create")){
return deActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList); return createActionPermissionValid(permissionList,entity, action);
}
else{
return otherActionPermissionValidRouter(deStorageMode, entity , action , srfKey, permissionList);
} }
} }
...@@ -113,7 +116,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -113,7 +116,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if(!permissionList.containsKey(entityName)) if(!permissionList.containsKey(entityName))
return false; return false;
JSONObject entity=permissionList.getJSONObject(entityName); JSONObject entity=permissionList.getJSONObject(entityName);
if(entity.containsKey(action) && entity.getJSONArray(action).contains("ALL")) if(!entity.containsKey(DEActionType))
return false;
JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
if(dataRange.containsKey(action) && dataRange.getJSONArray(action).contains("all"))
return true; return true;
return false; return false;
...@@ -144,6 +150,81 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -144,6 +150,81 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return hasPermission; return hasPermission;
} }
/**
* 新建行为校验
* @param permissionList
* @param entity
* @param action
* @return
*/
private boolean createActionPermissionValid(JSONObject permissionList,EntityBase entity, String action){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String keyField=permissionField.get(keyFieldTag);
if(StringUtils.isEmpty(keyField)){
throw new RuntimeException("权限校验失败,请检查当前实体中是否已经配置主键属性!");
}
//获取权限表达式[全部数据、本单位、本部门等]
JSONObject entityObj=permissionList.getJSONObject(entity.getClass().getSimpleName());//获取实体
JSONObject permissionType= entityObj.getJSONObject(DEActionType);
JSONArray dataRangeList=permissionType.getJSONArray(action);//行为:read;insert...
if(dataRangeList.size()==0)
return false;
boolean isCreate=true;
String orgField=permissionField.get("orgfield");
String orgDeptField=permissionField.get("orgsecfield");
String createManField=permissionField.get("createmanfield");
AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
Set<String> orgParent = userInfo.get("parentorg");
Set<String> orgChild = userInfo.get("suborg");
Set<String> orgDeptParent = userInfo.get("parentdept");
Set<String> orgDeptChild = userInfo.get("subdept");
Object orgFieldValue=entity.get(orgField);
Object orgDeptFieldValue=entity.get(orgDeptField);
Object crateManFieldValue=entity.get(createManField);
Set<String> userOrg = new HashSet<>();
Set<String> userOrgDept = new HashSet<>();
for(int a=0;a<dataRangeList.size();a++){
String permissionCond=dataRangeList.getString(a);//权限配置条件
if(permissionCond.equals("curorg")){ //本单位
userOrg.add(authenticationUser.getOrgid());
}
else if(permissionCond.equals("porg")){//上级单位
userOrg.addAll(orgParent);
}
else if(permissionCond.equals("sorg")){//下级单位
userOrg.addAll(orgChild);
}
else if(permissionCond.equals("curorgdept")){//本部门
userOrgDept.add(authenticationUser.getMdeptid());
}
else if(permissionCond.equals("porgdept")){//上级部门
userOrgDept.addAll(orgDeptParent);
}
else if(permissionCond.equals("sorgdept")){//下级部门
userOrgDept.addAll(orgDeptChild);
}
}
if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){
return false;
}
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){
return false;
}
if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){
return false;
}
return isCreate;
}
/** /**
* 根据实体存储模式,进行鉴权 * 根据实体存储模式,进行鉴权
...@@ -154,7 +235,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -154,7 +235,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param permissionList * @param permissionList
* @return * @return
*/ */
private boolean deActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){ private boolean otherActionPermissionValidRouter(String deStorageMode, EntityBase entity , String action , Object srfKey , JSONObject permissionList){
if(deStorageMode.equalsIgnoreCase("sql")){ if(deStorageMode.equalsIgnoreCase("sql")){
return sqlPermissionValid(entity , action , srfKey, permissionList); return sqlPermissionValid(entity , action , srfKey, permissionList);
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册