ibizdev提交

55d67a3f · ibizdev · 05ea347b · 55d67a3f · 55d67a3f · 55d67a3f
--- a/app_web/src/locale/lanres/sys-permission/sys-permission_en_US.ts
+++ b/app_web/src/locale/lanres/sys-permission/sys-permission_en_US.ts
@@ -60,6 +60,7 @@ export default {
 	},
 	main_grid: {
 		columns: {
+			sys_permissionid: "资源标识",
 			sys_permissionname: "资源名称",
 			pssourcetype: "来源",
 		},

--- a/app_web/src/locale/lanres/sys-permission/sys-permission_zh_CN.ts
+++ b/app_web/src/locale/lanres/sys-permission/sys-permission_zh_CN.ts
@@ -59,6 +59,7 @@ export default {
 	},
 	main_grid: {
 		columns: {
+			sys_permissionid: '资源标识',
 			sys_permissionname: '资源名称',
 			pssourcetype: '来源',
 		},

--- a/app_web/src/widgets/sys-permission/main-grid/main-grid-base.vue
+++ b/app_web/src/widgets/sys-permission/main-grid/main-grid-base.vue
@@ -16,6 +16,13 @@
            <template v-if="!isSingleSelect">
                <el-table-column align="center" type='selection' :width="checkboxColWidth"></el-table-column>
            </template>
+            <template v-if="getColumnState('sys_permissionid')">
+                <el-table-column show-overflow-tooltip :prop="'sys_permissionid'" :label="$t('entities.sys_permission.main_grid.columns.sys_permissionid')" :width="150" :align="'left'" :sortable="'custom'">
+                    <template v-slot="{row,column}">
+                        <span>{{row.sys_permissionid}}</span>
+                    </template>
+                </el-table-column>
+            </template>
            <template v-if="getColumnState('sys_permissionname')">
                <el-table-column show-overflow-tooltip :prop="'sys_permissionname'" :label="$t('entities.sys_permission.main_grid.columns.sys_permissionname')" :width="250" :align="'left'" :sortable="'custom'">
                    <template v-slot="{row,column}">
@@ -489,6 +496,13 @@ export default class MainBase extends Vue implements ControlInterface {
     * @memberof Main
     */
    protected allColumns: any[] = [
+        {
+            name: 'sys_permissionid',
+            label: '资源标识',
+            langtag: 'entities.sys_permission.main_grid.columns.sys_permissionid',
+            show: true,
+            util: 'px'
+        },
        {
            name: 'sys_permissionname',
            label: '资源名称',

--- a/app_web/src/widgets/sys-permission/main-grid/main-grid-model.ts
+++ b/app_web/src/widgets/sys-permission/main-grid/main-grid-model.ts
@@ -31,6 +31,11 @@ export default class MainModel {
          prop: 'pssourcetype',
          dataType: 'TEXT',
        },
+        {
+          name: 'sys_permissionid',
+          prop: 'permissionid',
+          dataType: 'GUID',
+        },
        {
          name: 'srfmajortext',
          prop: 'permissionname',

--- a/ibzuaa-core/src/main/resources/liquibase/h2_table.xml
+++ b/ibzuaa-core/src/main/resources/liquibase/h2_table.xml
@@ -120,7 +120,7 @@
        </createTable>
    </changeSet>
    <!--输出实体[SYS_PERMISSION]数据结构 -->
-    <changeSet author="a_A_5d9d78509" id="tab-sys_permission-138-7">
+    <changeSet author="a_A_5d9d78509" id="tab-sys_permission-142-7">
        <createTable tableName="IBZPERMISSION">
                <column name="SYS_PERMISSIONID" remarks="" type="VARCHAR(200)">
                    <constraints primaryKey="true" primaryKeyName="PK_SYS_PERMISSION_SYS_PERMISSI"/>

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
@@ -36,14 +36,13 @@ public class PermissionSyncJob implements ApplicationRunner {
    private String systemId;
    @Override
-    public void run(ApplicationArguments args) throws Exception {
+    public void run(ApplicationArguments args) {
        if(enablePermissionValid){
            try {
                InputStream permission= this.getClass().getResourceAsStream("/deprivs/DEPrivs.json"); //获取当前系统所有实体资源能力
                String permissionResult = IOUtils.toString(permission,"UTF-8");
-                JSONArray jsonNodePermission = JSONArray.parseArray(permissionResult);
+                JSONObject jsonNodePermission = JSONObject.parseObject(permissionResult);
-                Map<String,Object> map=new HashMap<String,Object>();
+                Map<String,Object> map=new HashMap<>();
-                map.put("menu",new JSONArray());
                map.put("permission",jsonNodePermission);
                client.pushSystemPermissionData(map,systemId);
            }

--- a/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+++ b/ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
@@ -31,6 +31,14 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    @Value("${ibiz.enablePermissionValid:false}")
    boolean enablePermissionValid;  //是否开启权限校验
+    /**
+     * 实体行为操作标识
+     */
+    private String DEActionType="DEACTION";
+    /**
+     * 实体数据集操作标识
+     */
+    private String DataSetTag="DATASET";
    /**
     * 表格权限检查 ：用于检查当前用户是否拥有表格数据的读取、删除权限
@@ -68,10 +76,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            String entityName = entity.getClass().getSimpleName();
            //获取实体行为权限信息
-            JSONObject permissionList=userPermission.getJSONObject("deActionPermission");
+            JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
            //检查是否有操作权限[create.update.delete.read]
-            if(!validHasPermission(permissionList,entityName,action)){
+            if(!validDEActionHasPermission(permissionList,entityName,action)){
                return false;
            }
            //检查是否有数据权限[单行删除]
@@ -86,23 +94,23 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        else{   //grid fetch
            //准备参数
            Object searchContext=gridParamList.get(0);
-            String dataSet=String.valueOf(gridParamList.get(1));
+            String dataSetName=String.valueOf(gridParamList.get(1));
            EntityBase entity = (EntityBase) gridParamList.get(2);
            String entityName = entity.getClass().getSimpleName();
            //获取数据集权限信息
-            JSONObject permissionList=userPermission.getJSONObject("deDataSetPermission");
+            JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
-            if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSet)|| StringUtils.isEmpty(action))
+            if(StringUtils.isEmpty(entityName)|| StringUtils.isEmpty(dataSetName)|| StringUtils.isEmpty(action))
                return false;
-            //检查是否有操作权限[create.update.delete.read]
+            //检查是否有访问数据集的权限
-            if(!validHasPermission(permissionList,entityName,dataSet,action)){
+            if(!validDataSetHasPermission(permissionList,entityName,dataSetName)){
                return false;
            }
            Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
-            String permissionSQL=getPermissionSQLByList(permissionList,entityName,action,dataSet,permissionField);//获取权限SQL
+            String permissionSQL=getPermissionSQLByList(permissionList,entityName,action,dataSetName,permissionField);//获取权限SQL
            if(StringUtils.isEmpty(permissionSQL))
                return false;
            fillPermissionSQL(searchContext,permissionSQL);//将权限SQL添加到searchContext中，过滤出权限内数据
@@ -134,11 +142,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            return false;
        JSONObject userPermission= AuthenticationUser.getAuthenticationUser().getPermisionList();
-        JSONObject permissionList=userPermission.getJSONObject("deActionPermission");
+        JSONObject permissionList=userPermission.getJSONObject("userPermissionList");
        String entityName = entity.getClass().getSimpleName();
        if(action.equals("CREATE")){
-            return validHasPermission(permissionList,entityName,action);
+            return validDEActionHasPermission(permissionList,entityName,action);
        }
        else{
            //拥有全部数据访问权限时，则跳过权限检查
@@ -146,7 +154,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
                return true;
            }
            //检查是否有操作权限[create.update.delete.read]
-            if(!validHasPermission(permissionList,entityName,action)){
+            if(!validDEActionHasPermission(permissionList,entityName,action)){
                return false;
            }
            //检查是否有数据权限
@@ -155,7 +163,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            String permissionSQL=getPermissionSQLById(permissionList,entityName,action,srfKey,permissionField);//获取权限SQL
            if(StringUtils.isEmpty(permissionSQL))
                return false;
            QueryWrapper permissionWrapper=getPermissionWrapper(permissionSQL);//构造权限条件
            return testDataAccess(service,permissionWrapper);//执行权限检查
        }
@@ -193,11 +200,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    private String  getPermissionSQLByList(JSONObject gridDataAbility, String entityName, String action, String dataSetName, Map<String,String> permissionField){
        JSONObject entity=gridDataAbility.getJSONObject(entityName);//获取实体
-        JSONObject dataSet=entity.getJSONObject(dataSetName);//获取实体数据集
+        JSONObject permissionType=entity.getJSONObject(DataSetTag);
-        JSONArray opprivList=dataSet.getJSONArray(action);//行为：read；insert...
+        JSONArray dataRange=permissionType.getJSONArray(dataSetName);//获取实体数据集
-        if(opprivList.size()==0)
+        if(dataRange.size()==0)
            return null;
-        return getPermissionSQL(opprivList,permissionField); //拼接权限条件-查询
+        return getPermissionSQL(dataRange,permissionField); //拼接权限条件-查询
    }
    /**
@@ -215,21 +222,25 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    }
    /**
-     * 校验是否有访问实体行为能力
+     * 实体行为权限校验
-     * @param permissionList 权限列表
+     * @param userPermission
-     * @param entityName    实体名称
+     * @param entityName
-     * @param action        操作行为
+     * @param action
+     * userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
     * @return
     */
-    private boolean validHasPermission(JSONObject permissionList, String entityName, String action){
+    private boolean validDEActionHasPermission(JSONObject userPermission,String entityName , String action ){
        boolean hasPermission=false;
-        if(permissionList==null)
+        if(userPermission==null)
            return false;
-        if(!permissionList.containsKey(entityName))
+        if(!userPermission.containsKey(entityName))
            return false;
-        JSONObject entity=permissionList.getJSONObject(entityName);
+        JSONObject entity=userPermission.getJSONObject(entityName);//获取实体
-        if(entity.containsKey(action)){
+        if(!entity.containsKey(DEActionType))
+            return false;
+        JSONObject dataRange=entity.getJSONObject(DEActionType);//获取实体行为对应的数据范围
+        if(dataRange.containsKey(action)){
            hasPermission=true;
        }
        return hasPermission;
@@ -237,31 +248,33 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    /**
-     * 校验是否有访问数据集能力
+     * 数据集合权限校验
-     * @param permissionList
+     * @param userPermission
     * @param entityName
     * @param dataSetName
-     * @param action
+     * userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
     * @return
     */
-    private boolean validHasPermission(JSONObject permissionList, String entityName, String dataSetName, String action ){
+    private boolean validDataSetHasPermission(JSONObject userPermission,String entityName ,String dataSetName){
        boolean hasPermission=false;
-        if(permissionList==null)
+        if(userPermission==null)
            return false;
-        if(!permissionList.containsKey(entityName))
+        if(!userPermission.containsKey(entityName))
            return false;
-        JSONObject entity=permissionList.getJSONObject(entityName);
+        JSONObject entity=userPermission.getJSONObject(entityName);//获取实体
-        if(!entity.containsKey(dataSetName))
+        if(!entity.containsKey(DataSetTag))
            return false;
-        JSONObject dataSet=entity.getJSONObject(dataSetName);//获取实体数据集
+        JSONObject dataSetList=entity.getJSONObject(DataSetTag);//获取数据集
-        if(dataSet.containsKey(action)){
+        if(!dataSetList.containsKey(dataSetName))
+            return false;
+        JSONArray dataRange=dataSetList.getJSONArray(dataSetName);//获取数据范围
+        if(dataRange!=null && dataRange.size()>0){
            hasPermission=true;
        }
        return hasPermission;
    }
    /**
     * 获取单条权限数据SQL
     * @param formDataAbility
@@ -274,7 +287,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    private String getPermissionSQLById(JSONObject formDataAbility, String entityName, String action, Object srfKey, Map<String,String> permissionField){
        JSONObject entity=formDataAbility.getJSONObject(entityName);//获取实体
-        JSONArray opprivList=entity.getJSONArray(action);//行为：read；insert...
+        JSONObject permissionType= entity.getJSONObject(DEActionType);
+        JSONArray opprivList=permissionType.getJSONArray(action);//行为：read；insert...
        if(opprivList.size()==0)
            return null;
        String permissionSQL=getPermissionSQL(opprivList,permissionField);
@@ -286,7 +300,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        return String.format(" (%s) AND (%s='%s')",permissionSQL,keyField,srfKey); //拼接权限条件-编辑
    }
    /**
     * 表单权限检查
     * @param service
@@ -302,7 +315,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        return isPermission;
    }
    /**
     * 获取权限SQL
     * @param oppriList
@@ -430,7 +442,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    /**
     * 转换[a,b]格式字符串到 'a','b'格式
-     *
     * @return
     */
    private String formatStringArr(JSONArray array) {
@@ -441,7 +452,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    /**
     * 格式转换
-     *
     * @param cond
     * @param operator
     * @return