Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
5274a109
提交
5274a109
编写于
5月 20, 2020
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
laizhilong 发布系统代码
上级
be10eac6
变更
12
隐藏空白字符变更
内嵌
并排
正在显示
12 个修改的文件
包含
94 行增加
和
113 行删除
+94
-113
sys-role-permission_en_US.ts
...e/lanres/sys-role-permission/sys-role-permission_en_US.ts
+2
-0
sys-role-permission_zh_CN.ts
...e/lanres/sys-role-permission/sys-role-permission_zh_CN.ts
+2
-0
default-drbar-model.ts
.../sys-role-permission/default-drbar/default-drbar-model.ts
+6
-0
mpickup-viewpickupviewpanel-pickupviewpanel-model.ts
...anel/mpickup-viewpickupviewpanel-pickupviewpanel-model.ts
+6
-0
pickup-viewpickupviewpanel-pickupviewpanel-model.ts
...panel/pickup-viewpickupviewpanel-pickupviewpanel-model.ts
+6
-0
SYS_ROLE_PERMISSION.java
.../java/cn/ibizlab/core/uaa/domain/SYS_ROLE_PERMISSION.java
+16
-0
h2_table.xml
ibzuaa-core/src/main/resources/liquibase/h2_table.xml
+6
-2
SYS_ROLE_PERMISSIONMapper.xml
...per/uaa/sys_role_permission/SYS_ROLE_PERMISSIONMapper.xml
+11
-2
systemResource.json
...aa-core/src/main/resources/permission/systemResource.json
+1
-1
SYS_ROLE_PERMISSIONDTO.java
.../main/java/cn/ibizlab/api/dto/SYS_ROLE_PERMISSIONDTO.java
+16
-0
SYS_ROLE_PERMISSIONResource.java
...java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java
+6
-6
AuthPermissionEvaluator.java
...ava/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+16
-102
未找到文件。
app_web/src/locale/lanres/sys-role-permission/sys-role-permission_en_US.ts
浏览文件 @
5274a109
...
...
@@ -10,6 +10,8 @@ export default {
createdate
:
'建立时间'
,
updatedate
:
'更新时间'
,
systemid
:
'系统标识'
,
updateman
:
'更新人'
,
createman
:
'建立人'
,
},
views
:
{
mpickupview
:
{
...
...
app_web/src/locale/lanres/sys-role-permission/sys-role-permission_zh_CN.ts
浏览文件 @
5274a109
...
...
@@ -9,6 +9,8 @@ export default {
createdate
:
'建立时间'
,
updatedate
:
'更新时间'
,
systemid
:
'系统标识'
,
updateman
:
'更新人'
,
createman
:
'建立人'
,
},
views
:
{
mpickupview
:
{
...
...
app_web/src/widgets/sys-role-permission/default-drbar/default-drbar-model.ts
浏览文件 @
5274a109
...
...
@@ -42,6 +42,12 @@ export default class DefaultModel {
{
name
:
'systemid'
,
},
{
name
:
'updateman'
,
},
{
name
:
'createman'
,
},
]
}
...
...
app_web/src/widgets/sys-role-permission/mpickup-viewpickupviewpanel-pickupviewpanel/mpickup-viewpickupviewpanel-pickupviewpanel-model.ts
浏览文件 @
5274a109
...
...
@@ -42,6 +42,12 @@ export default class MPickupViewpickupviewpanelModel {
{
name
:
'systemid'
,
},
{
name
:
'updateman'
,
},
{
name
:
'createman'
,
},
]
}
...
...
app_web/src/widgets/sys-role-permission/pickup-viewpickupviewpanel-pickupviewpanel/pickup-viewpickupviewpanel-pickupviewpanel-model.ts
浏览文件 @
5274a109
...
...
@@ -42,6 +42,12 @@ export default class PickupViewpickupviewpanelModel {
{
name
:
'systemid'
,
},
{
name
:
'updateman'
,
},
{
name
:
'createman'
,
},
]
}
...
...
ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/domain/SYS_ROLE_PERMISSION.java
浏览文件 @
5274a109
...
...
@@ -108,6 +108,22 @@ public class SYS_ROLE_PERMISSION extends EntityMP implements Serializable {
@JSONField
(
name
=
"systemid"
)
@JsonProperty
(
"systemid"
)
private
String
systemid
;
/**
* 更新人
*/
@DEField
(
preType
=
DEPredefinedFieldType
.
UPDATEMAN
)
@TableField
(
value
=
"updateman"
)
@JSONField
(
name
=
"updateman"
)
@JsonProperty
(
"updateman"
)
private
String
updateman
;
/**
* 建立人
*/
@DEField
(
preType
=
DEPredefinedFieldType
.
CREATEMAN
)
@TableField
(
value
=
"createman"
,
fill
=
FieldFill
.
INSERT
)
@JSONField
(
name
=
"createman"
)
@JsonProperty
(
"createman"
)
private
String
createman
;
/**
* 资源
...
...
ibzuaa-core/src/main/resources/liquibase/h2_table.xml
浏览文件 @
5274a109
...
...
@@ -36,7 +36,7 @@
</createTable>
</changeSet>
<!--输出实体[SYS_ROLE_PERMISSION]数据结构 -->
<changeSet
author=
"a_A_5d9d78509"
id=
"tab-sys_role_permission-
59
-2"
>
<changeSet
author=
"a_A_5d9d78509"
id=
"tab-sys_role_permission-
64
-2"
>
<createTable
tableName=
"IBZROLE_PERMISSION"
>
<column
name=
"SYS_ROLE_PERMISSIONID"
remarks=
""
type=
"VARCHAR(100)"
>
<constraints
primaryKey=
"true"
primaryKeyName=
"PK_SYS_ROLE_PERMISSION_SYS_ROL"
/>
...
...
@@ -57,6 +57,10 @@
</column>
<column
name=
"SYSTEMID"
remarks=
""
type=
"VARCHAR(100)"
>
</column>
<column
name=
"UPDATEMAN"
remarks=
""
type=
"VARCHAR(60)"
>
</column>
<column
name=
"CREATEMAN"
remarks=
""
type=
"VARCHAR(60)"
>
</column>
</createTable>
</changeSet>
<!--输出实体[SYS_USER]数据结构 -->
...
...
@@ -188,7 +192,7 @@
<!--输出实体[SYS_PSDEOPPRIV]外键关系 -->
<!--输出实体[SYS_ROLE_PERMISSION]外键关系 -->
<changeSet
author=
"a_A_5d9d78509"
id=
"fk-sys_role_permission-
59
-10"
>
<changeSet
author=
"a_A_5d9d78509"
id=
"fk-sys_role_permission-
64
-10"
>
<addForeignKeyConstraint
baseColumnNames=
"SYS_PERMISSIONID"
baseTableName=
"IBZROLE_PERMISSION"
constraintName=
"DER1N_SYS_ROLE_PERMISSION_SYS_"
deferrable=
"false"
initiallyDeferred=
"false"
onDelete=
"RESTRICT"
onUpdate=
"RESTRICT"
referencedColumnNames=
"SYS_PERMISSIONID"
referencedTableName=
"IBZPERMISSION"
validate=
"true"
/>
</changeSet>
<!--输出实体[SYS_USER]外键关系 -->
...
...
ibzuaa-core/src/main/resources/mapper/uaa/sys_role_permission/SYS_ROLE_PERMISSIONMapper.xml
浏览文件 @
5274a109
...
...
@@ -4,6 +4,9 @@
<mapper
namespace=
"cn.ibizlab.core.uaa.mapper.SYS_ROLE_PERMISSIONMapper"
>
<!--该方法用于重写mybatis中selectById方法,以实现查询逻辑属性-->
<select
id=
"selectById"
resultMap=
"SYS_ROLE_PERMISSIONResultMap"
databaseId=
"mysql"
>
<![CDATA[select t1.* from (SELECT t1.`CREATEDATE`, t1.`CREATEMAN`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE`, t1.`UPDATEMAN` FROM `IBZROLE_PERMISSION` t1 ) t1 where sys_role_permissionid=#{id}]]>
</select>
<!--通过mybatis将查询结果注入到entity中,通过配置autoMapping="true"由mybatis自动处理映射关系 -->
<resultMap
id=
"SYS_ROLE_PERMISSIONResultMap"
type=
"cn.ibizlab.core.uaa.domain.SYS_ROLE_PERMISSION"
autoMapping=
"true"
>
...
...
@@ -56,16 +59,22 @@
<!--数据查询[Default]-->
<sql
id=
"Default"
databaseId=
"mysql"
>
<![CDATA[ SELECT t1.`CREATEDATE`, t1.`
SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE
` FROM `IBZROLE_PERMISSION` t1
<![CDATA[ SELECT t1.`CREATEDATE`, t1.`
CREATEMAN`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE`, t1.`UPDATEMAN
` FROM `IBZROLE_PERMISSION` t1
]]>
</sql>
<!--数据查询[Permissionenable1]-->
<sql
id=
"Permissionenable1"
databaseId=
"mysql"
>
<![CDATA[ SELECT t1.`CREATEDATE`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE` FROM `IBZROLE_PERMISSION` t1
LEFT JOIN IBZPERMISSION t11 ON t1.SYS_PERMISSIONID = t11.SYS_PERMISSIONID
<![CDATA[ SELECT t1.`CREATEDATE`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE` FROM `IBZROLE_PERMISSION` t1
INNER JOIN IBZPERMISSION t11 ON t1.SYS_PERMISSIONID = t11.SYS_PERMISSIONID WHERE t11.ENABLE=1
WHERE ( t11.enable=1 )
]]>
</sql>
<!--数据查询[View]-->
<sql
id=
"View"
databaseId=
"mysql"
>
<![CDATA[ SELECT t1.`CREATEDATE`, t1.`CREATEMAN`, t1.`SYSTEMID`, t1.`SYS_PERMISSIONID`, t1.`SYS_PERMISSIONNAME`, t1.`SYS_ROLEID`, t1.`SYS_ROLENAME`, t1.`SYS_ROLE_PERMISSIONID`, t1.`SYS_ROLE_PERMISSIONNAME`, t1.`UPDATEDATE`, t1.`UPDATEMAN` FROM `IBZROLE_PERMISSION` t1
]]>
</sql>
</mapper>
ibzuaa-core/src/main/resources/permission/systemResource.json
浏览文件 @
5274a109
...
...
@@ -8,7 +8,7 @@
"sysmoudle"
:{
"id"
:
"UAA"
,
"name"
:
"uaa"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT"
},{
"id"
:
"Permissionenable1"
,
"name"
:
"permissionenable1"
}],
"deaction"
:[{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
}],
"datascope"
:[{
"id"
:
"all"
,
"name"
:
"全部数据"
}]
"datascope"
:[{
"id"
:
"all"
,
"name"
:
"全部数据"
}
,
{
"id"
:
"createman"
,
"name"
:
"创建人"
}
]
}
,
{
"dename"
:
"SYS_PERMISSION"
,
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/dto/SYS_ROLE_PERMISSIONDTO.java
浏览文件 @
5274a109
...
...
@@ -97,6 +97,22 @@ public class SYS_ROLE_PERMISSIONDTO extends DTOBase implements Serializable {
@JsonProperty
(
"systemid"
)
private
String
systemid
;
/**
* 属性 [UPDATEMAN]
*
*/
@JSONField
(
name
=
"updateman"
)
@JsonProperty
(
"updateman"
)
private
String
updateman
;
/**
* 属性 [CREATEMAN]
*
*/
@JSONField
(
name
=
"createman"
)
@JsonProperty
(
"createman"
)
private
String
createman
;
/**
* 设置 [SYS_ROLE_PERMISSIONNAME]
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SYS_ROLE_PERMISSIONResource.java
浏览文件 @
5274a109
...
...
@@ -55,7 +55,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Get-all'
)"
)
@PreAuthorize
(
"has
Permission(#sys_role_permission_id,'Get',{this.getEntity(),'Sql'}
)"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"SYS_ROLE_PERMISSION"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/sys_role_permissions/{sys_role_permission_id}"
)
public
ResponseEntity
<
SYS_ROLE_PERMISSIONDTO
>
get
(
@PathVariable
(
"sys_role_permission_id"
)
String
sys_role_permission_id
)
{
...
...
@@ -67,7 +67,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Remove-all'
)"
)
@PreAuthorize
(
"has
Permission('Remove',{#sys_role_permission_id,{this.getEntity(),'Sql'}}
)"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"SYS_ROLE_PERMISSION"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/sys_role_permissions/{sys_role_permission_id}"
)
@Transactional
...
...
@@ -94,7 +94,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Create-all'
)"
)
@PreAuthorize
(
"has
Permission('','Create',{this.getEntity(),'Sql'}
)"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"SYS_ROLE_PERMISSION"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sys_role_permissions"
)
@Transactional
...
...
@@ -104,7 +104,7 @@ public class SYS_ROLE_PERMISSIONResource {
SYS_ROLE_PERMISSIONDTO
dto
=
sys_role_permissionMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Create-all'
)"
)
@PreAuthorize
(
"has
Permission('','Create',{this.getEntity(),'Sql'}
)"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"SYS_ROLE_PERMISSION"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/sys_role_permissions/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
SYS_ROLE_PERMISSIONDTO
>
sys_role_permissiondtos
)
{
...
...
@@ -140,7 +140,7 @@ public class SYS_ROLE_PERMISSIONResource {
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Update-all'
)"
)
@PreAuthorize
(
"has
Permission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'}
)"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"SYS_ROLE_PERMISSION"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/sys_role_permissions/{sys_role_permission_id}"
)
@Transactional
...
...
@@ -152,7 +152,7 @@ public class SYS_ROLE_PERMISSIONResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzuaa-SYS_ROLE_PERMISSION-Update-all'
)"
)
@PreAuthorize
(
"has
Permission(#sys_role_permission_id,'Update',{this.getEntity(),'Sql'}
)"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"SYS_ROLE_PERMISSION"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/sys_role_permissions/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
SYS_ROLE_PERMISSIONDTO
>
sys_role_permissiondtos
)
{
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @
5274a109
...
...
@@ -39,10 +39,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* 实体行为操作标识
*/
private
String
DEActionType
=
"DEACTION"
;
/**
* 实体数据集操作标识
*/
private
String
DataSetTag
=
"DATASET"
;
/**
*实体主键标识
*/
...
...
@@ -63,61 +59,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Override
public
boolean
hasPermission
(
Authentication
authentication
,
Object
deAction
,
Object
gridParam
)
{
//未开启权限校验、超级管理员则不进行权限检查
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!
enablePermissionValid
)
return
true
;
String
action
=
""
;
String
deStorageMode
;
if
(
deAction
instanceof
String
)
action
=
(
String
)
deAction
;
if
(
StringUtils
.
isEmpty
(
action
))
return
false
;
//获取当前用户权限列表
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(
userPermission
==
null
)
return
false
;
List
gridParamList
=
(
ArrayList
)
gridParam
;
if
(
action
.
equalsIgnoreCase
(
"remove"
)){
//准备参数
Object
srfKey
=
gridParamList
.
get
(
0
);
EntityBase
entity
=
(
EntityBase
)
gridParamList
.
get
(
1
);
deStorageMode
=
(
String
)
gridParamList
.
get
(
2
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//获取实体行为权限信息
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
//检查是否有操作权限[create.update.delete.read]
if
(!
validDEActionHasPermission
(
permissionList
,
entityName
,
action
)){
return
false
;
}
//检查是否有数据权限
return
deActionPermissionValidRouter
(
deStorageMode
,
entity
,
action
,
srfKey
,
permissionList
);
}
else
{
//准备参数
Object
searchContext
=
gridParamList
.
get
(
0
);
String
dataSetName
=
String
.
valueOf
(
gridParamList
.
get
(
1
));
EntityBase
entity
=
(
EntityBase
)
gridParamList
.
get
(
2
);
deStorageMode
=
(
String
)
gridParamList
.
get
(
3
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//获取数据集权限信息
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
if
(
StringUtils
.
isEmpty
(
entityName
)||
StringUtils
.
isEmpty
(
dataSetName
))
return
false
;
//检查是否有访问数据集的权限
if
(!
validDataSetHasPermission
(
permissionList
,
entityName
,
dataSetName
)){
return
false
;
}
}
return
true
;
}
...
...
@@ -211,33 +152,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
hasPermission
;
}
/**
* 数据集合权限校验
* @param userPermission
* @param entityName
* @param dataSetName
* userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
* @return
*/
private
boolean
validDataSetHasPermission
(
JSONObject
userPermission
,
String
entityName
,
String
dataSetName
){
boolean
hasPermission
=
false
;
if
(
userPermission
==
null
)
return
false
;
if
(!
userPermission
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
userPermission
.
getJSONObject
(
entityName
);
//获取实体
if
(!
entity
.
containsKey
(
DataSetTag
))
return
false
;
JSONObject
dataSetList
=
entity
.
getJSONObject
(
DataSetTag
);
//获取数据集
if
(!
dataSetList
.
containsKey
(
dataSetName
))
return
false
;
JSONArray
dataRange
=
dataSetList
.
getJSONArray
(
dataSetName
);
//获取数据范围
if
(
dataRange
!=
null
&&
dataRange
.
size
()>
0
){
hasPermission
=
true
;
}
return
hasPermission
;
}
/**
* 根据实体存储模式,进行鉴权
...
...
@@ -366,28 +280,28 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
for
(
int
i
=
0
;
i
<
oppriList
.
size
();
i
++){
String
permissionCond
=
oppriList
.
getString
(
i
);
//权限配置条件
if
(
permissionCond
.
equals
(
"
CURORG
"
)){
//本单位
if
(
permissionCond
.
equals
(
"
curorg
"
)){
//本单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()).
get
());
}
else
if
(
permissionCond
.
equals
(
"
PORG
"
)){
//上级单位
else
if
(
permissionCond
.
equals
(
"
porg
"
)){
//上级单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgParent
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"
SORG
"
)){
//下级单位
else
if
(
permissionCond
.
equals
(
"
sorg
"
)){
//下级单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgChild
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"
CREATEMAN
"
)){
//建立人
else
if
(
permissionCond
.
equals
(
"
createman
"
)){
//建立人
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
createManField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()).
get
());
}
else
if
(
permissionCond
.
equals
(
"
CURORGDEPT
"
)){
//本部门
else
if
(
permissionCond
.
equals
(
"
curorgdept
"
)){
//本部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()).
get
());
}
else
if
(
permissionCond
.
equals
(
"
PORGDEPT
"
)){
//上级部门
else
if
(
permissionCond
.
equals
(
"
porgdept
"
)){
//上级部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptParent
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"
SORGDEPT
"
)){
//下级部门
else
if
(
permissionCond
.
equals
(
"
sorgdept
"
)){
//下级部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptChild
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"
ALL
"
)){
else
if
(
permissionCond
.
equals
(
"
all
"
)){
permissionSQL
.
or
(
new
QueryBuilder
().
get
());
}
}
...
...
@@ -417,28 +331,28 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
for
(
int
i
=
0
;
i
<
oppriList
.
size
();
i
++){
permissionSQL
.
append
(
"OR"
);
String
permissionCond
=
oppriList
.
getString
(
i
);
//权限配置条件
if
(
permissionCond
.
equals
(
"
CURORG
"
)){
//本单位
if
(
permissionCond
.
equals
(
"
curorg
"
)){
//本单位
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgField
,
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()));
}
else
if
(
permissionCond
.
equals
(
"
PORG
"
)){
//上级单位
else
if
(
permissionCond
.
equals
(
"
porg
"
)){
//上级单位
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgParent
)));
}
else
if
(
permissionCond
.
equals
(
"
SORG
"
)){
//下级单位
else
if
(
permissionCond
.
equals
(
"
sorg
"
)){
//下级单位
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgChild
)));
}
else
if
(
permissionCond
.
equals
(
"
CREATEMAN
"
)){
//建立人
else
if
(
permissionCond
.
equals
(
"
createman
"
)){
//建立人
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
createManField
,
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()));
}
else
if
(
permissionCond
.
equals
(
"
CURORGDEPT
"
)){
//本部门
else
if
(
permissionCond
.
equals
(
"
curorgdept
"
)){
//本部门
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgDeptField
,
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()));
}
else
if
(
permissionCond
.
equals
(
"
PORGDEPT
"
)){
//上级部门
else
if
(
permissionCond
.
equals
(
"
porgdept
"
)){
//上级部门
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptParent
)));
}
else
if
(
permissionCond
.
equals
(
"
SORGDEPT
"
)){
//下级部门
else
if
(
permissionCond
.
equals
(
"
sorgdept
"
)){
//下级部门
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptChild
)));
}
else
if
(
permissionCond
.
equals
(
"
ALL
"
)){
//全部数据
else
if
(
permissionCond
.
equals
(
"
all
"
)){
//全部数据
permissionSQL
.
append
(
"(1=1)"
);
}
else
{
...
...
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录