Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
65de4483
提交
65de4483
编写于
5月 26, 2020
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
zhouweidong@lab.ibiz5.com 发布系统代码
上级
a918086d
变更
12
隐藏空白字符变更
内嵌
并排
正在显示
12 个修改的文件
包含
150 行增加
和
200 行删除
+150
-200
package.json
app_web/package.json
+1
-1
ibiz-group-picker.vue
...eb/src/components/ibiz-group-picker/ibiz-group-picker.vue
+1
-1
ibiz-group-select.vue
...eb/src/components/ibiz-group-select/ibiz-group-select.vue
+11
-1
config.xml
config.xml
+0
-5
Dockerfile
ibzuaa-app/ibzuaa-app-web/src/main/docker/Dockerfile
+1
-1
ibzuaa-app-web.yaml
...aa-app/ibzuaa-app-web/src/main/docker/ibzuaa-app-web.yaml
+1
-15
systemResource.json
...aa-core/src/main/resources/permission/systemResource.json
+2
-1
IBZUAAFallback.java
.../src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
+2
-2
IBZUAAFeignClient.java
...c/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
+4
-5
PermissionSyncJob.java
.../src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
+6
-2
AppController.java
...til/src/main/java/cn/ibizlab/util/rest/AppController.java
+22
-13
AuthPermissionEvaluator.java
...ava/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+99
-153
未找到文件。
app_web/package.json
浏览文件 @
65de4483
...
@@ -25,7 +25,7 @@
...
@@ -25,7 +25,7 @@
"file-saver"
:
"^2.0.2"
,
"file-saver"
:
"^2.0.2"
,
"font-awesome"
:
"^4.7.0"
,
"font-awesome"
:
"^4.7.0"
,
"ibiz-gantt-elastic"
:
"^1.0.12"
,
"ibiz-gantt-elastic"
:
"^1.0.12"
,
"ibiz-vue-lib"
:
"^0.1.
6
"
,
"ibiz-vue-lib"
:
"^0.1.
7
"
,
"interactjs"
:
"^1.9.4"
,
"interactjs"
:
"^1.9.4"
,
"moment"
:
"^2.24.0"
,
"moment"
:
"^2.24.0"
,
"path-to-regexp"
:
"^6.1.0"
,
"path-to-regexp"
:
"^6.1.0"
,
...
...
app_web/src/components/ibiz-group-picker/ibiz-group-picker.vue
浏览文件 @
65de4483
...
@@ -159,7 +159,7 @@ export default class IBizGroupPicker extends Vue {
...
@@ -159,7 +159,7 @@ export default class IBizGroupPicker extends Vue {
* @memberof IBizGroupPicker
* @memberof IBizGroupPicker
*/
*/
public
loadTree
()
{
public
loadTree
()
{
let
orgid
=
this
.
viewParam
.
hasfilter
?
this
.
viewParam
.
filtervalue
:
'450000'
;
let
orgid
=
this
.
viewParam
.
filtervalue
?
this
.
viewParam
.
filtervalue
:
"alls"
;
let
get
=
Http
.
getInstance
().
get
(
`/ibzorganizations/
${
orgid
}
/suborg/ibzdepartments/picker`
,
true
);
let
get
=
Http
.
getInstance
().
get
(
`/ibzorganizations/
${
orgid
}
/suborg/ibzdepartments/picker`
,
true
);
get
.
then
((
response
:
any
)
=>
{
get
.
then
((
response
:
any
)
=>
{
if
(
response
.
status
===
200
)
{
if
(
response
.
status
===
200
)
{
...
...
app_web/src/components/ibiz-group-select/ibiz-group-select.vue
浏览文件 @
65de4483
...
@@ -166,10 +166,20 @@ export default class IBizGroupSelect extends Vue {
...
@@ -166,10 +166,20 @@ export default class IBizGroupSelect extends Vue {
title
:
'分组选择'
title
:
'分组选择'
};
};
const
context
:
any
=
JSON
.
parse
(
JSON
.
stringify
(
this
.
context
));
const
context
:
any
=
JSON
.
parse
(
JSON
.
stringify
(
this
.
context
));
let
filtervalue
:
string
=
""
;
if
(
this
.
filter
){
if
(
this
.
data
[
this
.
filter
]){
filtervalue
=
this
.
data
[
this
.
filter
];
}
else
if
(
context
[
this
.
filter
]){
filtervalue
=
context
[
this
.
filter
];
}
else
{
filtervalue
=
context
.
srforgid
;
}
}
const
param
:
any
=
{};
const
param
:
any
=
{};
Object
.
assign
(
param
,
{
Object
.
assign
(
param
,
{
hasfilter
:
this
.
filter
?
true
:
false
,
hasfilter
:
this
.
filter
?
true
:
false
,
filtervalue
:
this
.
filter
?
this
.
data
[
this
.
filter
]
:
''
,
filtervalue
:
filtervalue
,
multiple
:
this
.
multiple
,
multiple
:
this
.
multiple
,
selects
:
this
.
selects
selects
:
this
.
selects
});
});
...
...
config.xml
浏览文件 @
65de4483
...
@@ -37,11 +37,6 @@
...
@@ -37,11 +37,6 @@
git clone -b master $para2 ibzuaa/
git clone -b master $para2 ibzuaa/
export NODE_OPTIONS=--max-old-space-size=4096
export NODE_OPTIONS=--max-old-space-size=4096
cd ibzuaa/
cd ibzuaa/
mvn clean package -Pweb
cd ibzuaa-app/ibzuaa-app-web
mvn -Pweb docker:build
mvn -Pweb docker:push
docker -H $para1 stack deploy --compose-file=src/main/docker/ibzuaa-app-web.yaml ibzlab-rt --with-registry-auth
</command>
</command>
</hudson.tasks.Shell>
</hudson.tasks.Shell>
</builders>
</builders>
...
...
ibzuaa-app/ibzuaa-app-web/src/main/docker/Dockerfile
浏览文件 @
65de4483
...
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
...
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
sleep ${IBZ_SLEEP} && \
sleep ${IBZ_SLEEP} && \
java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzuaa-app-web.jar
java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzuaa-app-web.jar
EXPOSE
30002
EXPOSE
8080
ADD
ibzuaa-app-web.jar /ibzuaa-app-web.jar
ADD
ibzuaa-app-web.jar /ibzuaa-app-web.jar
ibzuaa-app/ibzuaa-app-web/src/main/docker/ibzuaa-app-web.yaml
浏览文件 @
65de4483
...
@@ -3,23 +3,9 @@ services:
...
@@ -3,23 +3,9 @@ services:
ibzuaa-app-web
:
ibzuaa-app-web
:
image
:
registry.cn-shanghai.aliyuncs.com/ibizsys/ibzuaa-app-web:latest
image
:
registry.cn-shanghai.aliyuncs.com/ibizsys/ibzuaa-app-web:latest
ports
:
ports
:
-
"
30002:30002
"
-
"
8080:8080
"
networks
:
networks
:
-
agent_network
-
agent_network
environment
:
-
SPRING_CLOUD_NACOS_DISCOVERY_IP=172.16.180.237
-
SERVER_PORT=30002
-
SPRING_CLOUD_NACOS_DISCOVERY_SERVER-ADDR=172.16.102.211:8848
-
SPRING_REDIS_HOST=172.16.100.243
-
SPRING_REDIS_PORT=6379
-
SPRING_REDIS_DATABASE=0
-
SPRING_DATASOURCE_USERNAME=a_A_5d9d78509
-
SPRING_DATASOURCE_PASSWORD=@6dEfb3@
-
SPRING_DATASOURCE_URL=jdbc:mysql://172.16.180.232:3306/a_A_5d9d78509?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&useOldAliasMetadataBehavior=true
-
SPRING_DATASOURCE_DRIVER-CLASS-NAME=com.mysql.jdbc.Driver
-
SPRING_DATASOURCE_DEFAULTSCHEMA=a_A_5d9d78509
-
ABC=1
-
DEC=2
deploy
:
deploy
:
mode
:
replicated
mode
:
replicated
replicas
:
1
replicas
:
1
...
...
ibzuaa-core/src/main/resources/permission/systemResource.json
浏览文件 @
65de4483
{
{
"systemid"
:
"ibzuaa"
,
"unires"
:[
"unires"
:[
],
],
"entities"
:[
"entities"
:[
{
{
"dename"
:
"SysAuthLog"
,
"dename"
:
"SysAuthLog"
,
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
浏览文件 @
65de4483
...
@@ -9,8 +9,8 @@ import com.alibaba.fastjson.JSONObject;
...
@@ -9,8 +9,8 @@ import com.alibaba.fastjson.JSONObject;
public
class
IBZUAAFallback
implements
IBZUAAFeignClient
{
public
class
IBZUAAFallback
implements
IBZUAAFeignClient
{
@Override
@Override
public
boolean
pushSystemPermissionData
(
String
systemid
,
JSONObject
systemPermissionData
)
{
public
Boolean
syncSysAuthority
(
JSONObject
system
)
{
return
false
;
return
null
;
}
}
@Override
@Override
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
浏览文件 @
65de4483
...
@@ -10,13 +10,12 @@ import com.alibaba.fastjson.JSONObject;
...
@@ -10,13 +10,12 @@ import com.alibaba.fastjson.JSONObject;
public
interface
IBZUAAFeignClient
public
interface
IBZUAAFeignClient
{
{
/**
/**
* 推送系统权限数据到uaa
* 同步系统资源到uaa
* @param systemid
* @param system 系统资源信息
* @param systemPermissionData
* @return
* @return
*/
*/
@PostMapping
(
"/syspssystems/
{systemid}/permissiondata
"
)
@PostMapping
(
"/syspssystems/
save
"
)
boolean
pushSystemPermissionData
(
@PathVariable
(
"systemid"
)
String
systemid
,
@RequestBody
JSONObject
systemPermissionData
);
Boolean
syncSysAuthority
(
@RequestBody
JSONObject
system
);
/**
/**
* 用户登录
* 用户登录
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
浏览文件 @
65de4483
...
@@ -36,10 +36,14 @@ public class PermissionSyncJob implements ApplicationRunner {
...
@@ -36,10 +36,14 @@ public class PermissionSyncJob implements ApplicationRunner {
Thread
.
sleep
(
10000
);
Thread
.
sleep
(
10000
);
InputStream
permission
=
this
.
getClass
().
getResourceAsStream
(
"/permission/systemResource.json"
);
//获取当前系统所有实体资源能力
InputStream
permission
=
this
.
getClass
().
getResourceAsStream
(
"/permission/systemResource.json"
);
//获取当前系统所有实体资源能力
String
permissionResult
=
IOUtils
.
toString
(
permission
,
"UTF-8"
);
String
permissionResult
=
IOUtils
.
toString
(
permission
,
"UTF-8"
);
if
(
client
.
pushSystemPermissionData
(
systemId
,
JSONObject
.
parseObject
(
permissionResult
))){
JSONObject
system
=
new
JSONObject
();
system
.
put
(
"pssystemid"
,
systemId
);
system
.
put
(
"pssystemname"
,
systemId
);
system
.
put
(
"sysstructure"
,
JSONObject
.
parseObject
(
permissionResult
));
if
(
client
.
syncSysAuthority
(
system
)){
log
.
info
(
"向[UAA]同步系统资源成功"
);
log
.
info
(
"向[UAA]同步系统资源成功"
);
}
else
{
}
else
{
log
.
info
(
String
.
format
(
"向[UAA]同步系统资源失败"
)
);
log
.
error
(
"向[UAA]同步系统资源失败"
);
}
}
}
}
catch
(
Exception
ex
)
{
catch
(
Exception
ex
)
{
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/rest/AppController.java
浏览文件 @
65de4483
package
cn
.
ibizlab
.
util
.
rest
;
package
cn
.
ibizlab
.
util
.
rest
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
com.alibaba.fastjson.JSONObject
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.
util.ObjectUtils
;
import
org.springframework.
security.core.GrantedAuthority
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RestController
;
import
org.springframework.web.bind.annotation.RestController
;
import
org.springframework.beans.factory.annotation.Value
;
import
java.util.Collection
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
java.util.HashSet
;
import
cn.ibizlab.util.security.AuthenticationUse
r
;
import
java.util.Iterato
r
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
java.util.Set
;
@RestController
@RestController
@RequestMapping
(
value
=
""
)
@RequestMapping
(
value
=
""
)
...
@@ -27,14 +30,20 @@ public class AppController {
...
@@ -27,14 +30,20 @@ public class AppController {
public
ResponseEntity
<
JSONObject
>
getAppData
()
{
public
ResponseEntity
<
JSONObject
>
getAppData
()
{
JSONObject
appData
=
new
JSONObject
()
;
JSONObject
appData
=
new
JSONObject
()
;
JSONArray
uniRes
=
new
JSONArray
();
Set
<
String
>
appMenu
=
new
HashSet
();
JSONArray
appMenu
=
new
JSONArray
();
Set
<
String
>
uniRes
=
new
HashSet
();
if
(
enablePermissionValid
){
if
(
enablePermissionValid
){
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
Collection
<
GrantedAuthority
>
authorities
=
AuthenticationUser
.
getAuthenticationUser
().
getAuthorities
();
if
(!
ObjectUtils
.
isEmpty
(
userPermission
)){
Iterator
it
=
authorities
.
iterator
();
uniRes
=
userPermission
.
getJSONArray
(
"unires"
);
while
(
it
.
hasNext
())
{
appMenu
=
userPermission
.
getJSONArray
(
"appmenu"
);
GrantedAuthority
authority
=
(
GrantedAuthority
)
it
.
next
();
}
String
strAuthority
=
authority
.
getAuthority
();
if
(
strAuthority
.
startsWith
(
"UNIRES"
))
uniRes
.
add
(
strAuthority
);
else
if
(
strAuthority
.
startsWith
(
"APPMENU"
))
appMenu
.
add
(
strAuthority
);
}
}
}
appData
.
put
(
"unires"
,
uniRes
);
appData
.
put
(
"unires"
,
uniRes
);
appData
.
put
(
"appmenu"
,
appMenu
);
appData
.
put
(
"appmenu"
,
appMenu
);
...
...
ibzuaa-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @
65de4483
package
cn
.
ibizlab
.
util
.
security
;
package
cn
.
ibizlab
.
util
.
security
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
com.baomidou.mybatisplus.extension.service.impl.ServiceImpl
;
import
com.baomidou.mybatisplus.extension.service.impl.ServiceImpl
;
import
com.mongodb.QueryBuilder
;
import
com.mongodb.QueryBuilder
;
...
@@ -18,6 +16,7 @@ import org.springframework.data.mongodb.core.query.BasicQuery;
...
@@ -18,6 +16,7 @@ import org.springframework.data.mongodb.core.query.BasicQuery;
import
org.springframework.data.mongodb.core.query.Query
;
import
org.springframework.data.mongodb.core.query.Query
;
import
org.springframework.security.access.PermissionEvaluator
;
import
org.springframework.security.access.PermissionEvaluator
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.ObjectUtils
;
import
org.springframework.util.ObjectUtils
;
import
org.springframework.util.StringUtils
;
import
org.springframework.util.StringUtils
;
...
@@ -35,10 +34,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -35,10 +34,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value
(
"${ibiz.enablePermissionValid:false}"
)
@Value
(
"${ibiz.enablePermissionValid:false}"
)
boolean
enablePermissionValid
;
//是否开启权限校验
boolean
enablePermissionValid
;
//是否开启权限校验
/**
* 实体行为操作标识
*/
private
String
DEActionType
=
"DEACTION"
;
/**
/**
*实体主键标识
*实体主键标识
*/
*/
...
@@ -67,9 +62,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -67,9 +62,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
List
<
String
>
ids
=
null
;
List
<
String
>
ids
=
null
;
EntityBase
entity
;
EntityBase
entity
;
List
<
EntityBase
>
entityList
=
null
;
List
<
EntityBase
>
entityList
=
null
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(
userPermission
==
null
)
return
false
;
MappingBase
mappingBase
=
(
MappingBase
)
paramList
.
get
(
1
);
MappingBase
mappingBase
=
(
MappingBase
)
paramList
.
get
(
1
);
//参数准备
//参数准备
if
(
action
.
equalsIgnoreCase
(
"remove"
)){
if
(
action
.
equalsIgnoreCase
(
"remove"
)){
...
@@ -86,26 +78,19 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -86,26 +78,19 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if
(
entity
==
null
)
if
(
entity
==
null
)
return
false
;
return
false
;
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
Set
<
String
>
entityDataRange
=
getAuthorities
(
authentication
,
entity
.
getClass
().
getSimpleName
(),
action
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
if
(
entityDataRange
.
size
()==
0
)
return
false
;
//拥有全部数据访问权限时,则跳过权限检查
//拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
entityName
,
action
,
permissionList
)){
if
(
isAllData
(
action
,
entityDataRange
)){
return
true
;
return
true
;
}
}
//检查是否有操作权限[create.update.delete.read]
if
(!
validDEActionHasPermission
(
entityName
,
action
,
permissionList
)){
return
false
;
}
JSONArray
dataRangeList
=
getDataRange
(
entityName
,
action
,
permissionList
);
if
(
dataRangeList
.
size
()==
0
)
return
false
;
if
(
action
.
equalsIgnoreCase
(
"create"
)){
if
(
action
.
equalsIgnoreCase
(
"create"
)){
return
createBatchActionPermissionValid
(
entityList
,
dataRangeList
);
return
createBatchActionPermissionValid
(
entityList
,
entityDataRange
);
}
}
else
if
(
action
.
equalsIgnoreCase
(
"save"
)){
else
if
(
action
.
equalsIgnoreCase
(
"save"
)){
return
saveBatchActionPermissionValid
(
deStorageMode
,
entityList
,
dataRangeList
);
return
saveBatchActionPermissionValid
(
deStorageMode
,
entityList
,
entityDataRange
);
}
}
else
{
else
{
if
(!
action
.
equalsIgnoreCase
(
"remove"
)){
if
(!
action
.
equalsIgnoreCase
(
"remove"
)){
...
@@ -113,7 +98,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -113,7 +98,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
}
if
(
ids
.
size
()==
0
)
if
(
ids
.
size
()==
0
)
return
false
;
return
false
;
return
otherBatchActionPermissionValidRouter
(
deStorageMode
,
entity
,
ids
,
dataRangeList
);
return
otherBatchActionPermissionValidRouter
(
deStorageMode
,
entity
,
ids
,
entityDataRange
);
}
}
}
}
...
@@ -142,23 +127,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -142,23 +127,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if
(
StringUtils
.
isEmpty
(
entity
))
if
(
StringUtils
.
isEmpty
(
entity
))
return
false
;
return
false
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
Set
<
String
>
entityDataRange
=
getAuthorities
(
authentication
,
entity
.
getClass
().
getSimpleName
(),
action
);
if
(
userPermission
==
null
)
if
(
entityDataRange
.
size
()==
0
)
return
false
;
return
false
;
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//拥有全部数据访问权限时,则跳过权限检查
//拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
entityName
,
action
,
permissionList
)){
if
(
isAllData
(
action
,
entityDataRange
)){
return
true
;
return
true
;
}
}
//检查是否有操作权限[create.update.delete.read]
if
(!
validDEActionHasPermission
(
entityName
,
action
,
permissionList
)){
return
false
;
}
JSONArray
dataRangeList
=
getDataRange
(
entityName
,
action
,
permissionList
);
if
(
dataRangeList
.
size
()==
0
)
return
false
;
if
(
action
.
equalsIgnoreCase
(
"save"
)){
if
(
action
.
equalsIgnoreCase
(
"save"
)){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
...
@@ -170,21 +147,41 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -170,21 +147,41 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
action
=
"update"
;
action
=
"update"
;
}
}
if
(
action
.
equalsIgnoreCase
(
"create"
)){
if
(
action
.
equalsIgnoreCase
(
"create"
)){
return
createActionPermissionValid
(
entity
,
dataRangeList
);
return
createActionPermissionValid
(
entity
,
entityDataRange
);
}
}
else
{
else
{
return
otherActionPermissionValidRouter
(
deStorageMode
,
entity
,
id
,
dataRangeList
);
return
otherActionPermissionValidRouter
(
deStorageMode
,
entity
,
id
,
entityDataRange
);
}
}
}
}
/**
* 获取用户权限资源
* @param authentication
* @param entityName
* @param action
* @return
*/
private
Set
<
String
>
getAuthorities
(
Authentication
authentication
,
String
entityName
,
String
action
){
Collection
authorities
=
authentication
.
getAuthorities
();
Set
<
String
>
entityDataRange
=
new
HashSet
();
Iterator
var2
=
authorities
.
iterator
();
while
(
var2
.
hasNext
())
{
GrantedAuthority
authority
=
(
GrantedAuthority
)
var2
.
next
();
if
(
authority
.
getAuthority
().
contains
(
String
.
format
(
"%s-%s-"
,
entityName
,
action
)))
entityDataRange
.
add
(
authority
.
getAuthority
());
}
return
entityDataRange
;
}
/**
/**
* 批save校验
* 批save校验
* @param deStorageMode
* @param deStorageMode
* @param entityList
* @param entityList
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
saveBatchActionPermissionValid
(
String
deStorageMode
,
List
<
EntityBase
>
entityList
,
JSONArray
dataRangeList
)
{
private
boolean
saveBatchActionPermissionValid
(
String
deStorageMode
,
List
<
EntityBase
>
entityList
,
Set
<
String
>
entityDataRange
)
{
if
(
entityList
==
null
||
entityList
.
size
()==
0
)
if
(
entityList
==
null
||
entityList
.
size
()==
0
)
return
false
;
return
false
;
...
@@ -202,12 +199,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -202,12 +199,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
updateList
.
add
(
String
.
valueOf
(
id
));
updateList
.
add
(
String
.
valueOf
(
id
));
}
}
if
(
updateList
.
size
()>
0
){
if
(
updateList
.
size
()>
0
){
boolean
isUpdate
=
otherBatchActionPermissionValidRouter
(
deStorageMode
,
tempEntity
,
updateList
,
dataRangeList
);
boolean
isUpdate
=
otherBatchActionPermissionValidRouter
(
deStorageMode
,
tempEntity
,
updateList
,
entityDataRange
);
if
(!
isUpdate
)
if
(!
isUpdate
)
return
false
;
return
false
;
}
}
if
(
createList
.
size
()>
0
){
if
(
createList
.
size
()>
0
){
boolean
isCreate
=
createBatchActionPermissionValid
(
entityList
,
dataRangeList
);
boolean
isCreate
=
createBatchActionPermissionValid
(
entityList
,
entityDataRange
);
if
(!
isCreate
)
if
(!
isCreate
)
return
false
;
return
false
;
}
}
...
@@ -217,12 +214,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -217,12 +214,12 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
* 批处理新建权限校验
* 批处理新建权限校验
* @param entityList
* @param entityList
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
createBatchActionPermissionValid
(
List
<
EntityBase
>
entityList
,
JSONArray
dataRangeList
){
private
boolean
createBatchActionPermissionValid
(
List
<
EntityBase
>
entityList
,
Set
<
String
>
entityDataRange
){
for
(
EntityBase
entity
:
entityList
){
for
(
EntityBase
entity
:
entityList
){
boolean
isCreate
=
createActionPermissionValid
(
entity
,
dataRangeList
);
boolean
isCreate
=
createActionPermissionValid
(
entity
,
entityDataRange
);
if
(!
isCreate
){
if
(!
isCreate
){
return
false
;
return
false
;
}
}
...
@@ -235,16 +232,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -235,16 +232,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param deStorageMode
* @param deStorageMode
* @param entity
* @param entity
* @param ids
* @param ids
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
otherBatchActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRangeList
){
private
boolean
otherBatchActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
List
<
String
>
ids
,
Set
<
String
>
entityDataRange
){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
return
sqlBatchPermissionValid
(
entity
,
ids
,
dataRangeList
);
return
sqlBatchPermissionValid
(
entity
,
ids
,
entityDataRange
);
}
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
return
noSqlBatchPermissionValid
(
entity
,
ids
,
dataRangeList
);
return
noSqlBatchPermissionValid
(
entity
,
ids
,
entityDataRange
);
}
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
return
true
;
return
true
;
...
@@ -258,16 +255,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -258,16 +255,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* SQL批处理权限校验
* SQL批处理权限校验
* @param entity
* @param entity
* @param ids
* @param ids
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
sqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRangeList
){
private
boolean
sqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
Set
<
String
>
entityDataRange
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));
//获取实体service对象
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));
//获取实体service对象
//通过权限表达式来获取sql
//通过权限表达式来获取sql
String
permissionSQL
=
String
.
format
(
" (%s) AND ( %s in (%s) ) "
,
getPermissionSQL
(
entity
,
dataRangeList
),
keyFieldName
,
getEntityKeyCond
(
ids
));
//拼接权限条件-编辑
String
permissionSQL
=
String
.
format
(
" (%s) AND ( %s in (%s) ) "
,
getPermissionSQL
(
entity
,
entityDataRange
),
keyFieldName
,
getEntityKeyCond
(
ids
));
//拼接权限条件-编辑
//执行sql进行权限检查
//执行sql进行权限检查
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
List
list
=
service
.
list
(
permissionWrapper
);
List
list
=
service
.
list
(
permissionWrapper
);
...
@@ -282,15 +279,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -282,15 +279,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* NoSQL批处理权限校验
* NoSQL批处理权限校验
* @param entity
* @param entity
* @param ids
* @param ids
* @param
d
ataRange
* @param
entityD
ataRange
* @return
* @return
*/
*/
private
boolean
noSqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
d
ataRange
)
{
private
boolean
noSqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
Set
<
String
>
entityD
ataRange
)
{
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
//根据权限表达式填充权限条件
//根据权限表达式填充权限条件
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
d
ataRange
);
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
entityD
ataRange
);
//权限条件拼接主键
//权限条件拼接主键
permissionCond
.
and
(
keyFieldName
).
in
(
ids
);
permissionCond
.
and
(
keyFieldName
).
in
(
ids
);
//执行权限检查
//执行权限检查
...
@@ -306,59 +303,26 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -306,59 +303,26 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
* 是否为全部数据
* 是否为全部数据
* @param permissionList
* @param entityName
* @param action
* @return
*/
private
boolean
isAllData
(
String
entityName
,
String
action
,
JSONObject
permissionList
)
{
if
(
permissionList
==
null
)
return
false
;
if
(!
permissionList
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
permissionList
.
getJSONObject
(
entityName
);
if
(!
entity
.
containsKey
(
DEActionType
))
return
false
;
JSONObject
dataRange
=
entity
.
getJSONObject
(
DEActionType
);
//获取实体行为对应的数据范围
if
(
dataRange
.
containsKey
(
action
)
&&
dataRange
.
getJSONArray
(
action
).
contains
(
"all"
))
return
true
;
return
false
;
}
/**
* 实体行为权限校验
* @param userPermission
* @param entityName
* @param action
* @param action
*
userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
*
@param entityDataRange
* @return
* @return
*/
*/
private
boolean
validDEActionHasPermission
(
String
entityName
,
String
action
,
JSONObject
userPermission
){
private
boolean
isAllData
(
String
action
,
Set
<
String
>
entityDataRange
)
{
for
(
String
dataRange
:
entityDataRange
){
boolean
hasPermission
=
false
;
if
(
dataRange
.
endsWith
(
String
.
format
(
"%s-all"
,
action
))){
if
(
userPermission
==
null
)
return
true
;
return
false
;
}
if
(!
userPermission
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
userPermission
.
getJSONObject
(
entityName
);
//获取实体
if
(!
entity
.
containsKey
(
DEActionType
))
return
false
;
JSONObject
dataRange
=
entity
.
getJSONObject
(
DEActionType
);
//获取实体行为对应的数据范围
if
(
dataRange
.
containsKey
(
action
)){
hasPermission
=
true
;
}
}
return
hasPermission
;
return
false
;
}
}
/**
/**
* 新建行为校验
* 新建行为校验
* @param entity
* @param entity
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
createActionPermissionValid
(
EntityBase
entity
,
JSONArray
dataRangeList
){
private
boolean
createActionPermissionValid
(
EntityBase
entity
,
Set
<
String
>
entityDataRange
){
boolean
isCreate
=
true
;
boolean
isCreate
=
true
;
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
...
@@ -379,24 +343,23 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -379,24 +343,23 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
Set
<
String
>
userOrg
=
new
HashSet
<>();
Set
<
String
>
userOrg
=
new
HashSet
<>();
Set
<
String
>
userOrgDept
=
new
HashSet
<>();
Set
<
String
>
userOrgDept
=
new
HashSet
<>();
for
(
int
a
=
0
;
a
<
dataRangeList
.
size
();
a
++){
for
(
String
permissionCond:
entityDataRange
){
String
permissionCond
=
dataRangeList
.
getString
(
a
);
//权限配置条件
if
(
permissionCond
.
endsWith
(
"curorg"
)){
//本单位
if
(
permissionCond
.
equals
(
"curorg"
)){
//本单位
userOrg
.
add
(
authenticationUser
.
getOrgid
());
userOrg
.
add
(
authenticationUser
.
getOrgid
());
}
}
else
if
(
permissionCond
.
e
quals
(
"porg"
)){
//上级单位
else
if
(
permissionCond
.
e
ndsWith
(
"porg"
)){
//上级单位
userOrg
.
addAll
(
orgParent
);
userOrg
.
addAll
(
orgParent
);
}
}
else
if
(
permissionCond
.
e
quals
(
"sorg"
)){
//下级单位
else
if
(
permissionCond
.
e
ndsWith
(
"sorg"
)){
//下级单位
userOrg
.
addAll
(
orgChild
);
userOrg
.
addAll
(
orgChild
);
}
}
else
if
(
permissionCond
.
e
quals
(
"curorgdept"
)){
//本部门
else
if
(
permissionCond
.
e
ndsWith
(
"curorgdept"
)){
//本部门
userOrgDept
.
add
(
authenticationUser
.
getMdeptid
());
userOrgDept
.
add
(
authenticationUser
.
getMdeptid
());
}
}
else
if
(
permissionCond
.
e
quals
(
"porgdept"
)){
//上级部门
else
if
(
permissionCond
.
e
ndsWith
(
"porgdept"
)){
//上级部门
userOrgDept
.
addAll
(
orgDeptParent
);
userOrgDept
.
addAll
(
orgDeptParent
);
}
}
else
if
(
permissionCond
.
e
quals
(
"sorgdept"
)){
//下级部门
else
if
(
permissionCond
.
e
ndsWith
(
"sorgdept"
)){
//下级部门
userOrgDept
.
addAll
(
orgDeptChild
);
userOrgDept
.
addAll
(
orgDeptChild
);
}
}
}
}
...
@@ -419,16 +382,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -419,16 +382,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param deStorageMode
* @param deStorageMode
* @param entity
* @param entity
* @param id
* @param id
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
otherActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
){
private
boolean
otherActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
Object
id
,
Set
<
String
>
entityDataRange
){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
return
sqlPermissionValid
(
entity
,
id
,
dataRangeList
);
return
sqlPermissionValid
(
entity
,
id
,
entityDataRange
);
}
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
return
noSqlPermissionValid
(
entity
,
id
,
dataRangeList
);
return
noSqlPermissionValid
(
entity
,
id
,
entityDataRange
);
}
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
return
true
;
return
true
;
...
@@ -442,15 +405,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -442,15 +405,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* sql存储模式实体行为鉴权
* sql存储模式实体行为鉴权
* @param entity
* @param entity
* @param id
* @param id
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
sqlPermissionValid
(
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
){
private
boolean
sqlPermissionValid
(
EntityBase
entity
,
Object
id
,
Set
<
String
>
entityDataRange
){
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));
//获取实体service对象
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));
//获取实体service对象
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
//通过权限表达式来获取sql
//通过权限表达式来获取sql
String
permissionSQL
=
String
.
format
(
" (%s) AND (%s='%s')"
,
getPermissionSQL
(
entity
,
dataRangeList
),
permissionField
.
get
(
keyFieldTag
),
id
);
//拼接权限条件-编辑
String
permissionSQL
=
String
.
format
(
" (%s) AND (%s='%s')"
,
getPermissionSQL
(
entity
,
entityDataRange
),
permissionField
.
get
(
keyFieldTag
),
id
);
//拼接权限条件-编辑
//执行sql进行权限检查
//执行sql进行权限检查
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
List
list
=
service
.
list
(
permissionWrapper
);
List
list
=
service
.
list
(
permissionWrapper
);
...
@@ -466,15 +429,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -466,15 +429,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* NoSQL实体行为鉴权
* NoSQL实体行为鉴权
* @param entity
* @param entity
* @param id
* @param id
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
boolean
noSqlPermissionValid
(
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
)
{
private
boolean
noSqlPermissionValid
(
EntityBase
entity
,
Object
id
,
Set
<
String
>
entityDataRange
)
{
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
//根据权限表达式填充权限条件
//根据权限表达式填充权限条件
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
dataRangeList
);
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
entityDataRange
);
//权限条件拼接主键
//权限条件拼接主键
permissionCond
.
and
(
keyField
).
is
(
id
);
permissionCond
.
and
(
keyField
).
is
(
id
);
//执行权限检查
//执行权限检查
...
@@ -492,10 +455,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -492,10 +455,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
* 为NoSQL存储模式的表格查询填充权限条件
* 为NoSQL存储模式的表格查询填充权限条件
* @param entity
* @param entity
* @param
dataRangeList
* @param
entityDataRange
* @return
* @return
*/
*/
private
QueryBuilder
getNoSqlPermissionCond
(
EntityBase
entity
,
JSONArray
dataRangeList
){
private
QueryBuilder
getNoSqlPermissionCond
(
EntityBase
entity
,
Set
<
String
>
entityDataRange
){
QueryBuilder
permissionSQL
=
new
QueryBuilder
();
QueryBuilder
permissionSQL
=
new
QueryBuilder
();
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
...
@@ -509,30 +472,29 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -509,30 +472,29 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
for
(
int
i
=
0
;
i
<
dataRangeList
.
size
();
i
++){
for
(
String
permissionCond:
entityDataRange
){
String
permissionCond
=
dataRangeList
.
getString
(
i
);
//权限配置条件
if
(
permissionCond
.
endsWith
(
"curorg"
)){
//本单位
if
(
permissionCond
.
equals
(
"curorg"
)){
//本单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"porg"
)){
//上级单位
else
if
(
permissionCond
.
e
ndsWith
(
"porg"
)){
//上级单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgParent
)).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgParent
)).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"sorg"
)){
//下级单位
else
if
(
permissionCond
.
e
ndsWith
(
"sorg"
)){
//下级单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgChild
)).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgChild
)).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"createman"
)){
//建立人
else
if
(
permissionCond
.
e
ndsWith
(
"createman"
)){
//建立人
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
createManField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
createManField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"curorgdept"
)){
//本部门
else
if
(
permissionCond
.
e
ndsWith
(
"curorgdept"
)){
//本部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"porgdept"
)){
//上级部门
else
if
(
permissionCond
.
e
ndsWith
(
"porgdept"
)){
//上级部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptParent
)).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptParent
)).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"sorgdept"
)){
//下级部门
else
if
(
permissionCond
.
e
ndsWith
(
"sorgdept"
)){
//下级部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptChild
)).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptChild
)).
get
());
}
}
else
if
(
permissionCond
.
e
quals
(
"all"
)){
else
if
(
permissionCond
.
e
ndsWith
(
"all"
)){
permissionSQL
.
or
(
new
QueryBuilder
().
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
get
());
}
}
}
}
...
@@ -543,10 +505,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -543,10 +505,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
* SQL获取权限条件
* SQL获取权限条件
* @param entity
* @param entity
* @param
oppriList
* @param
entityDataRange
* @return
* @return
*/
*/
private
String
getPermissionSQL
(
EntityBase
entity
,
JSONArray
oppriList
){
private
String
getPermissionSQL
(
EntityBase
entity
,
Set
<
String
>
entityDataRange
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
nPermissionSQL
=
"1<>1"
;
String
nPermissionSQL
=
"1<>1"
;
...
@@ -561,31 +523,30 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -561,31 +523,30 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
for
(
int
i
=
0
;
i
<
oppriList
.
size
();
i
++
){
for
(
String
permissionCond:
entityDataRange
){
permissionSQL
.
append
(
"OR"
);
permissionSQL
.
append
(
"OR"
);
String
permissionCond
=
oppriList
.
getString
(
i
);
//权限配置条件
if
(
permissionCond
.
endsWith
(
"curorg"
)){
//本单位
if
(
permissionCond
.
equals
(
"curorg"
)){
//本单位
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgField
,
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()));
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgField
,
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()));
}
}
else
if
(
permissionCond
.
e
quals
(
"porg"
)){
//上级单位
else
if
(
permissionCond
.
e
ndsWith
(
"porg"
)){
//上级单位
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgParent
)));
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgParent
)));
}
}
else
if
(
permissionCond
.
e
quals
(
"sorg"
)){
//下级单位
else
if
(
permissionCond
.
e
ndsWith
(
"sorg"
)){
//下级单位
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgChild
)));
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgChild
)));
}
}
else
if
(
permissionCond
.
e
quals
(
"createman"
)){
//建立人
else
if
(
permissionCond
.
e
ndsWith
(
"createman"
)){
//建立人
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
createManField
,
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()));
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
createManField
,
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()));
}
}
else
if
(
permissionCond
.
e
quals
(
"curorgdept"
)){
//本部门
else
if
(
permissionCond
.
e
ndsWith
(
"curorgdept"
)){
//本部门
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgDeptField
,
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()));
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgDeptField
,
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()));
}
}
else
if
(
permissionCond
.
e
quals
(
"porgdept"
)){
//上级部门
else
if
(
permissionCond
.
e
ndsWith
(
"porgdept"
)){
//上级部门
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptParent
)));
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptParent
)));
}
}
else
if
(
permissionCond
.
e
quals
(
"sorgdept"
)){
//下级部门
else
if
(
permissionCond
.
e
ndsWith
(
"sorgdept"
)){
//下级部门
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptChild
)));
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptChild
)));
}
}
else
if
(
permissionCond
.
e
quals
(
"all"
)){
//全部数据
else
if
(
permissionCond
.
e
ndsWith
(
"all"
)){
//全部数据
permissionSQL
.
append
(
"(1=1)"
);
permissionSQL
.
append
(
"(1=1)"
);
}
}
else
{
else
{
...
@@ -701,21 +662,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -701,21 +662,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
"'"
+
String
.
join
(
"','"
,
arr
)
+
"'"
;
return
"'"
+
String
.
join
(
"','"
,
arr
)
+
"'"
;
}
}
/**
* 获取数据范围
* @param entityName
* @param action
* @param permissionList
* @return
*/
private
JSONArray
getDataRange
(
String
entityName
,
String
action
,
JSONObject
permissionList
){
//获取权限表达式[全部数据、本单位、本部门等]
JSONObject
entityObj
=
permissionList
.
getJSONObject
(
entityName
);
//获取实体
JSONObject
permissionType
=
entityObj
.
getJSONObject
(
DEActionType
);
JSONArray
dataRangeList
=
permissionType
.
getJSONArray
(
action
);
//行为:read;insert...
return
dataRangeList
;
}
/**
/**
* 获取实体主键集合
* 获取实体主键集合
* @param entityBase
* @param entityBase
...
...
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录