Skip to content

I
ibzuaa
提交 55d67a3f 编写于 作者: ibizdev's avatar ibizdev
浏览文件
操作

ibizdev提交

上级 05ea347b
隐藏空白字符变更
内嵌 并排
正在显示 包含 77 行增加47 行删除
app_web/src/locale/lanres/sys-permission/sys-permission_en_US.ts
浏览文件 @ 55d67a3f
......@@ -60,6 +60,7 @@ export default {
},
main_grid: {
columns: {
sys_permissionid: "资源标识",
sys_permissionname: "资源名称",
pssourcetype: "来源",
},
......
app_web/src/locale/lanres/sys-permission/sys-permission_zh_CN.ts
浏览文件 @ 55d67a3f
......@@ -59,6 +59,7 @@ export default {
},
main_grid: {
columns: {
sys_permissionid: '资源标识',
sys_permissionname: '资源名称',
pssourcetype: '来源',
},
......
app_web/src/widgets/sys-permission/main-grid/main-grid-base.vue
浏览文件 @ 55d67a3f
......@@ -16,6 +16,13 @@
<template v-if="!isSingleSelect">
<el-table-column align="center" type='selection' :width="checkboxColWidth"></el-table-column>
</template>
<template v-if="getColumnState('sys_permissionid')">
<el-table-column show-overflow-tooltip :prop="'sys_permissionid'" :label="$t('entities.sys_permission.main_grid.columns.sys_permissionid')" :width="150" :align="'left'" :sortable="'custom'">
<template v-slot="{row,column}">
<span>{{row.sys_permissionid}}</span>
</template>
</el-table-column>
</template>
<template v-if="getColumnState('sys_permissionname')">
<el-table-column show-overflow-tooltip :prop="'sys_permissionname'" :label="$t('entities.sys_permission.main_grid.columns.sys_permissionname')" :width="250" :align="'left'" :sortable="'custom'">
<template v-slot="{row,column}">
......@@ -489,6 +496,13 @@ export default class MainBase extends Vue implements ControlInterface {
* @memberof Main
*/
protected allColumns: any[] = [
{
name: 'sys_permissionid',
label: '资源标识',
langtag: 'entities.sys_permission.main_grid.columns.sys_permissionid',
show: true,
util: 'px'
},
{
name: 'sys_permissionname',
label: '资源名称',
......
app_web/src/widgets/sys-permission/main-grid/main-grid-model.ts
浏览文件 @ 55d67a3f
......@@ -31,6 +31,11 @@ export default class MainModel {
prop: 'pssourcetype',
dataType: 'TEXT',
},
{
name: 'sys_permissionid',
prop: 'permissionid',
dataType: 'GUID',
},
{
name: 'srfmajortext',
prop: 'permissionname',
......
ibzuaa-core/src/main/resources/liquibase/h2_table.xml
浏览文件 @ 55d67a3f
......@@ -120,7 +120,7 @@
</createTable>
</changeSet>
<!--输出实体[SYS_PERMISSION]数据结构 -->
<changeSet author="a_A_5d9d78509" id="tab-sys_permission-138-7">
<changeSet author="a_A_5d9d78509" id="tab-sys_permission-142-7">
<createTable tableName="IBZPERMISSION">
<column name="SYS_PERMISSIONID" remarks="" type="VARCHAR(200)">
<constraints primaryKey="true" primaryKeyName="PK_SYS_PERMISSION_SYS_PERMISSI"/>
......
ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
浏览文件 @ 55d67a3f
......@@ -36,14 +36,13 @@ public class PermissionSyncJob implements ApplicationRunner {
private String systemId;
@Override
public void run(ApplicationArguments args) throws Exception {
public void run(ApplicationArguments args) {
if(enablePermissionValid){
try {
InputStream permission= this.getClass().getResourceAsStream("/deprivs/DEPrivs.json"); //获取当前系统所有实体资源能力
String permissionResult = IOUtils.toString(permission,"UTF-8");
JSONArray jsonNodePermission = JSONArray.parseArray(permissionResult);
Map<String,Object> map=new HashMap<String,Object>();
map.put("menu",new JSONArray());
JSONObject jsonNodePermission = JSONObject.parseObject(permissionResult);
Map<String,Object> map=new HashMap<>();
map.put("permission",jsonNodePermission);
client.pushSystemPermissionData(map,systemId);
}
......
ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @ 55d67a3f
......@@ -31,6 +31,14 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value("${ibiz.enablePermissionValid:false}")
boolean enablePermissionValid; //是否开启权限校验
/**
* 实体行为操作标识
*/
private String DEActionType="DEACTION";
/**
* 实体数据集操作标识
*/
private String DataSetTag="DATASET";
/**
* 表格权限检查 :用于检查当前用户是否拥有表格数据的读取、删除权限
......@@ -68,10 +76,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
String entityName = entity.getClass().getSimpleName();
//获取实体行为权限信息
JSONObject permissionList=userPermission.getJSONObject("deActionPermission");
JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
//检查是否有操作权限[create.update.delete.read]
if(!validHasPermission(permissionList,entityName,action)){
if(!validDEActionHasPermission(permissionList,entityName,action)){
return false;
}
//检查是否有数据权限[单行删除]
......@@ -86,23 +94,23 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
else{ //grid fetch
//准备参数
Object searchContext=gridParamList.get(0);
String dataSet=String.valueOf(gridParamList.get(1));
String dataSetName=String.valueOf(gridParamList.get(1));
EntityBase entity = (EntityBase) gridParamList.get(2);
String entityName = entity.getClass().getSimpleName();
//获取数据集权限信息
JSONObject permissionList=userPermission.getJSONObject("deDataSetPermission");
JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSet)|| StringUtils.isEmpty(action))
if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSetName)|| StringUtils.isEmpty(action))
return false;
//检查是否有操作权限[create.update.delete.read]
if(!validHasPermission(permissionList,entityName,dataSet,action)){
//检查是否有访问数据集的权限
if(!validDataSetHasPermission(permissionList,entityName,dataSetName)){
return false;
}
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String permissionSQL=getPermissionSQLByList(permissionList,entityName,action,dataSet,permissionField);//获取权限SQL
String permissionSQL=getPermissionSQLByList(permissionList,entityName,action,dataSetName,permissionField);//获取权限SQL
if(StringUtils.isEmpty(permissionSQL))
return false;
fillPermissionSQL(searchContext,permissionSQL);//将权限SQL添加到searchContext中,过滤出权限内数据
......@@ -134,11 +142,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return false;
JSONObject userPermission= AuthenticationUser.getAuthenticationUser().getPermisionList();
JSONObject permissionList=userPermission.getJSONObject("deActionPermission");
JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
String entityName = entity.getClass().getSimpleName();
if(action.equals("CREATE")){
return validHasPermission(permissionList,entityName,action);
return validDEActionHasPermission(permissionList,entityName,action);
}
else{
//拥有全部数据访问权限时,则跳过权限检查
......@@ -146,7 +154,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return true;
}
//检查是否有操作权限[create.update.delete.read]
if(!validHasPermission(permissionList,entityName,action)){
if(!validDEActionHasPermission(permissionList,entityName,action)){
return false;
}
//检查是否有数据权限
......@@ -155,7 +163,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
String permissionSQL=getPermissionSQLById(permissionList,entityName,action,srfKey,permissionField);//获取权限SQL
if(StringUtils.isEmpty(permissionSQL))
return false;
QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
return testDataAccess(service,permissionWrapper);//执行权限检查
}
......@@ -193,11 +200,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
private String getPermissionSQLByList(JSONObject gridDataAbility, String entityName, String action, String dataSetName, Map<String,String> permissionField){
JSONObject entity=gridDataAbility.getJSONObject(entityName);//获取实体
JSONObject dataSet=entity.getJSONObject(dataSetName);//获取实体数据集
JSONArray opprivList=dataSet.getJSONArray(action);//行为:read;insert...
if(opprivList.size()==0)
JSONObject permissionType=entity.getJSONObject(DataSetTag);
JSONArray dataRange=permissionType.getJSONArray(dataSetName);//获取实体数据集
if(dataRange.size()==0)
return null;
return getPermissionSQL(opprivList,permissionField); //拼接权限条件-查询
return getPermissionSQL(dataRange,permissionField); //拼接权限条件-查询
}
/**
......@@ -215,53 +222,59 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
/**
* 校验是否有访问实体行为能力
* @param permissionList 权限列表
* @param entityName 实体名称
* @param action 操作行为
* 实体行为权限校验
* @param userPermission
* @param entityName
* @param action
* userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
* @return
*/
private boolean validHasPermission(JSONObject permissionList, String entityName, String action){
private boolean validDEActionHasPermission(JSONObject userPermission,String entityName , String action ){
boolean hasPermission=false;
if(permissionList==null)
if(userPermission==null)
return false;
if(!permissionList.containsKey(entityName))
if(!userPermission.containsKey(entityName))
return false;
JSONObject entity=permissionList.getJSONObject(entityName);
if(entity.containsKey(action)){
JSONObject entity=userPermission.getJSONObject(entityName);//获取实体
if(!entity.containsKey(DEActionType))
return false;
JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
if(dataRange.containsKey(action)){
hasPermission=true;
}
return hasPermission;
return hasPermission;
}
/**
* 校验是否有访问数据集能力
* @param permissionList
* 数据集合权限校验
* @param userPermission
* @param entityName
* @param dataSetName
* @param action
* userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
* @return
*/
private boolean validHasPermission(JSONObject permissionList, String entityName, String dataSetName, String action ){
private boolean validDataSetHasPermission(JSONObject userPermission,String entityName ,String dataSetName){
boolean hasPermission=false;
if(permissionList==null)
if(userPermission==null)
return false;
if(!permissionList.containsKey(entityName))
if(!userPermission.containsKey(entityName))
return false;
JSONObject entity=permissionList.getJSONObject(entityName);
if(!entity.containsKey(dataSetName))
JSONObject entity=userPermission.getJSONObject(entityName);//获取实体
if(!entity.containsKey(DataSetTag))
return false;
JSONObject dataSet=entity.getJSONObject(dataSetName);//获取实体数据集
if(dataSet.containsKey(action)){
JSONObject dataSetList=entity.getJSONObject(DataSetTag);//获取数据集
if(!dataSetList.containsKey(dataSetName))
return false;
JSONArray dataRange=dataSetList.getJSONArray(dataSetName);//获取数据范围
if(dataRange!=null && dataRange.size()>0){
hasPermission=true;
}
return hasPermission;
}
/**
* 获取单条权限数据SQL
* @param formDataAbility
......@@ -274,7 +287,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
private String getPermissionSQLById(JSONObject formDataAbility, String entityName, String action, Object srfKey, Map<String,String> permissionField){
JSONObject entity=formDataAbility.getJSONObject(entityName);//获取实体
JSONArray opprivList=entity.getJSONArray(action);//行为:read;insert...
JSONObject permissionType= entity.getJSONObject(DEActionType);
JSONArray opprivList=permissionType.getJSONArray(action);//行为:read;insert...
if(opprivList.size()==0)
return null;
String permissionSQL=getPermissionSQL(opprivList,permissionField);
......@@ -286,7 +300,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return String.format(" (%s) AND (%s='%s')",permissionSQL,keyField,srfKey); //拼接权限条件-编辑
}
/**
* 表单权限检查
* @param service
......@@ -302,7 +315,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return isPermission;
}
/**
* 获取权限SQL
* @param oppriList
......@@ -430,7 +442,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
* 转换[a,b]格式字符串到 'a','b'格式
*
* @return
*/
private String formatStringArr(JSONArray array) {
......@@ -441,7 +452,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
* 格式转换
*
* @param cond
* @param operator
* @return
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册