Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzwf
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzwf
提交
1eb00bed
提交
1eb00bed
编写于
5月 04, 2020
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
ibizdev提交
上级
7747a234
变更
15
显示空白字符变更
内嵌
并排
正在显示
15 个修改的文件
包含
124 行增加
和
110 行删除
+124
-110
config.xml
config.xml
+5
-0
application-web-prod.yml
...ibzwf-app-web/src/main/resources/application-web-prod.yml
+4
-0
application-dev.yml
ibzwf-boot/src/main/resources/application-dev.yml
+2
-1
DEPrivs.json
ibzwf-core/src/main/resources/deprivs/DEPrivs.json
+14
-19
Dockerfile
ibzwf-provider/ibzwf-provider-api/src/main/docker/Dockerfile
+1
-1
ibzwf-provider-api.yaml
...bzwf-provider-api/src/main/docker/ibzwf-provider-api.yaml
+1
-1
WFGroupResource.java
...pi/src/main/java/cn/ibizlab/api/rest/WFGroupResource.java
+8
-8
WFMemberResource.java
...i/src/main/java/cn/ibizlab/api/rest/WFMemberResource.java
+8
-8
WFProcessDefinitionResource.java
...java/cn/ibizlab/api/rest/WFProcessDefinitionResource.java
+8
-8
WFSystemResource.java
...i/src/main/java/cn/ibizlab/api/rest/WFSystemResource.java
+8
-8
WFUserResource.java
...api/src/main/java/cn/ibizlab/api/rest/WFUserResource.java
+8
-8
application-api-dev.yml
...f-provider-api/src/main/resources/application-api-dev.yml
+1
-1
application-api-prod.yml
...-provider-api/src/main/resources/application-api-prod.yml
+1
-1
PermissionSyncJob.java
.../src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
+3
-4
AuthPermissionEvaluator.java
...ava/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+52
-42
未找到文件。
config.xml
浏览文件 @
1eb00bed
...
...
@@ -38,6 +38,11 @@
git clone -b master $para2 ibzwf/
export NODE_OPTIONS=--max-old-space-size=4096
cd ibzwf/
mvn clean package -Papi
cd ibzwf-provider/ibzwf-provider-api
mvn -Papi docker:build
mvn -Papi docker:push
docker -H $para1 stack deploy --compose-file=src/main/docker/ibzwf-provider-api.yaml dev --with-registry-auth
</command>
</hudson.tasks.Shell>
</builders>
...
...
ibzwf-app/ibzwf-app-web/src/main/resources/application-web-prod.yml
浏览文件 @
1eb00bed
...
...
@@ -24,5 +24,9 @@ zuul:
path
:
/wfsystems/**
serviceId
:
ibzwf-api
stripPrefix
:
false
wfcore
:
path
:
/wfcore/**
serviceId
:
ibzwf-api
stripPrefix
:
false
sensitive-headers
:
-
Cookie,Set-Cookie,Authorization
ibzwf-boot/src/main/resources/application-dev.yml
浏览文件 @
1eb00bed
server
:
port
:
8080
\ No newline at end of file
port
:
40003
ibzwf-core/src/main/resources/deprivs/DEPrivs.json
浏览文件 @
1eb00bed
...
...
@@ -2,45 +2,40 @@
{
"predefineddatarange"
:[{
"id"
:
"ALL"
,
"name"
:
"全部数据"
},{
"id"
:
"CURORG"
,
"name"
:
"当前单位"
},{
"id"
:
"PORG"
,
"name"
:
"上级单位"
},{
"id"
:
"SORG"
,
"name"
:
"下级单位"
},{
"id"
:
"CURORGDEPT"
,
"name"
:
"当前部门"
},{
"id"
:
"PORGDEPT"
,
"name"
:
"上级部门"
},{
"id"
:
"SORGDEPT"
,
"name"
:
"下级部门"
}],
"entities"
:[
{
"dename"
:
"WFMember"
,
"delogicname"
:
"成员"
,
"sysmoudle"
:{
"id"
:
"WORKFLOW"
,
"name"
:
"workflow"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"默认数据集
"
}],
"deaction"
:[{
"id"
:
"C
REATE"
,
"name"
:
"新建"
,
"type"
:
"BUILTIN"
},{
"id"
:
"UPDATE"
,
"name"
:
"编辑"
,
"type"
:
"BUILTIN"
},{
"id"
:
"READ"
,
"name"
:
"读取"
,
"type"
:
"BUILTIN"
},{
"id"
:
"DELETE"
,
"name"
:
"删除"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CUSTOM"
,
"name"
:
"自定义行为"
,
"type"
:
"USERCUSTOM"
}]
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT
"
}],
"deaction"
:[{
"id"
:
"C
heckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
}]
}
,
{
,
{
"dename"
:
"WFGroup"
,
"delogicname"
:
"角色/用户组"
,
"sysmoudle"
:{
"id"
:
"WORKFLOW"
,
"name"
:
"workflow"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"默认数据集
"
}],
"deaction"
:[{
"id"
:
"
CREATE"
,
"name"
:
"新建"
,
"type"
:
"BUILTIN"
},{
"id"
:
"UPDATE"
,
"name"
:
"编辑"
,
"type"
:
"BUILTIN"
},{
"id"
:
"READ"
,
"name"
:
"读取"
,
"type"
:
"BUILTIN"
},{
"id"
:
"DELETE"
,
"name"
:
"删除"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CUSTOM"
,
"name"
:
"自定义行为"
,
"type"
:
"USERCUSTOM"
}]
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT
"
}],
"deaction"
:[{
"id"
:
"
Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
}]
}
,
{
,
{
"dename"
:
"WFUser"
,
"delogicname"
:
"用户"
,
"sysmoudle"
:{
"id"
:
"WORKFLOW"
,
"name"
:
"workflow"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"默认数据集
"
}],
"deaction"
:[{
"id"
:
"
CREATE"
,
"name"
:
"新建"
,
"type"
:
"BUILTIN"
},{
"id"
:
"UPDATE"
,
"name"
:
"编辑"
,
"type"
:
"BUILTIN"
},{
"id"
:
"READ"
,
"name"
:
"读取"
,
"type"
:
"BUILTIN"
},{
"id"
:
"DELETE"
,
"name"
:
"删除"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CUSTOM"
,
"name"
:
"自定义行为"
,
"type"
:
"USERCUSTOM"
}]
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT
"
}],
"deaction"
:[{
"id"
:
"
Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
}]
}
,
{
,
{
"dename"
:
"WFProcessDefinition"
,
"delogicname"
:
"流程定义"
,
"sysmoudle"
:{
"id"
:
"WORKFLOW"
,
"name"
:
"workflow"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"默认数据集
"
}],
"deaction"
:[{
"id"
:
"
CREATE"
,
"name"
:
"新建"
,
"type"
:
"BUILTIN"
},{
"id"
:
"UPDATE"
,
"name"
:
"编辑"
,
"type"
:
"BUILTIN"
},{
"id"
:
"READ"
,
"name"
:
"读取"
,
"type"
:
"BUILTIN"
},{
"id"
:
"DELETE"
,
"name"
:
"删除"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CUSTOM"
,
"name"
:
"自定义行为"
,
"type"
:
"USERCUSTOM"
}]
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT
"
}],
"deaction"
:[{
"id"
:
"
Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
}]
}
,
{
,
{
"dename"
:
"WFSystem"
,
"delogicname"
:
"系统"
,
"sysmoudle"
:{
"id"
:
"WORKFLOW"
,
"name"
:
"workflow"
},
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"默认数据集
"
}],
"deaction"
:[{
"id"
:
"
CREATE"
,
"name"
:
"新建"
,
"type"
:
"BUILTIN"
},{
"id"
:
"UPDATE"
,
"name"
:
"编辑"
,
"type"
:
"BUILTIN"
},{
"id"
:
"READ"
,
"name"
:
"读取"
,
"type"
:
"BUILTIN"
},{
"id"
:
"DELETE"
,
"name"
:
"删除"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CUSTOM"
,
"name"
:
"自定义行为"
,
"type"
:
"USERCUSTOM"
}]
"dedataset"
:[{
"id"
:
"Default"
,
"name"
:
"DEFAULT
"
}],
"deaction"
:[{
"id"
:
"
Remove"
,
"name"
:
"Remove"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Update"
,
"name"
:
"Update"
,
"type"
:
"BUILTIN"
},{
"id"
:
"GetDraft"
,
"name"
:
"GetDraft"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Save"
,
"name"
:
"Save"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Create"
,
"name"
:
"Create"
,
"type"
:
"BUILTIN"
},{
"id"
:
"CheckKey"
,
"name"
:
"CheckKey"
,
"type"
:
"BUILTIN"
},{
"id"
:
"Get"
,
"name"
:
"Get"
,
"type"
:
"BUILTIN"
}]
}
]
...
...
ibzwf-provider/ibzwf-provider-api/src/main/docker/Dockerfile
浏览文件 @
1eb00bed
...
...
@@ -9,6 +9,6 @@ CMD echo "The application will start in ${IBZ_SLEEP}s..." && \
sleep ${IBZ_SLEEP} && \
java ${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom -jar /ibzwf-provider-api.jar
EXPOSE
8081
EXPOSE
40003
ADD
ibzwf-provider-api.jar /ibzwf-provider-api.jar
ibzwf-provider/ibzwf-provider-api/src/main/docker/ibzwf-provider-api.yaml
浏览文件 @
1eb00bed
...
...
@@ -3,7 +3,7 @@ services:
ibzwf-provider-api
:
image
:
registry.cn-shanghai.aliyuncs.com/ibizsys/ibzwf-provider-api:latest
ports
:
-
"
8081:8081
"
-
"
40003:40003
"
networks
:
-
agent_network
deploy
:
...
...
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFGroupResource.java
浏览文件 @
1eb00bed
...
...
@@ -71,7 +71,7 @@ public class WFGroupResource {
@PreAuthorize
(
"hasPermission(#wfgroup_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfgroup_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"WFGroup"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfgroups/{wfgroup_id}"
)
@Transactional
...
...
@@ -83,7 +83,7 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(#wfgroup_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfgroup_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"UpdateBatch"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/updatebatch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFGroupDTO
>
wfgroupdtos
)
{
...
...
@@ -112,7 +112,7 @@ public class WFGroupResource {
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"WFGroup"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups"
)
@Transactional
...
...
@@ -123,7 +123,7 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"createBatch"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/createbatch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFGroupDTO
>
wfgroupdtos
)
{
...
...
@@ -134,7 +134,7 @@ public class WFGroupResource {
@PreAuthorize
(
"hasPermission('
DELETE
',{#wfgroup_id,this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Remove
',{#wfgroup_id,this.getEntity()})"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFGroup"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfgroups/{wfgroup_id}"
)
@Transactional
...
...
@@ -152,7 +152,7 @@ public class WFGroupResource {
@PreAuthorize
(
"hasPermission(#wfgroup_id,'
READ
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfgroup_id,'
Get
',this.getEntity())"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"WFGroup"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfgroups/{wfgroup_id}"
)
public
ResponseEntity
<
WFGroupDTO
>
get
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
)
{
...
...
@@ -161,7 +161,7 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"fetchDEFAULT"
,
tags
=
{
"WFGroup"
}
,
notes
=
"fetchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfgroups/fetchdefault"
)
public
ResponseEntity
<
List
<
WFGroupDTO
>>
fetchDefault
(
WFGroupSearchContext
context
)
{
...
...
@@ -174,7 +174,7 @@ public class WFGroupResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"searchDEFAULT"
,
tags
=
{
"WFGroup"
}
,
notes
=
"searchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfgroups/searchdefault"
)
public
ResponseEntity
<
Page
<
WFGroupDTO
>>
searchDefault
(
WFGroupSearchContext
context
)
{
...
...
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFMemberResource.java
浏览文件 @
1eb00bed
...
...
@@ -73,7 +73,7 @@ public class WFMemberResource {
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"WFMember"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfmembers"
)
@Transactional
...
...
@@ -84,7 +84,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"createBatch"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfmembers/createbatch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -95,7 +95,7 @@ public class WFMemberResource {
@PreAuthorize
(
"hasPermission('
DELETE
',{#wfmember_id,this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Remove
',{#wfmember_id,this.getEntity()})"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFMember"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfmembers/{wfmember_id}"
)
@Transactional
...
...
@@ -129,7 +129,7 @@ public class WFMemberResource {
@PreAuthorize
(
"hasPermission(#wfmember_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfmember_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"WFMember"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfmembers/{wfmember_id}"
)
@Transactional
...
...
@@ -141,7 +141,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(#wfmember_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfmember_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"UpdateBatch"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfmembers/updatebatch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -152,7 +152,7 @@ public class WFMemberResource {
@PreAuthorize
(
"hasPermission(#wfmember_id,'
READ
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfmember_id,'
Get
',this.getEntity())"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"WFMember"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfmembers/{wfmember_id}"
)
public
ResponseEntity
<
WFMemberDTO
>
get
(
@PathVariable
(
"wfmember_id"
)
String
wfmember_id
)
{
...
...
@@ -161,7 +161,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"fetchDEFAULT"
,
tags
=
{
"WFMember"
}
,
notes
=
"fetchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfmembers/fetchdefault"
)
public
ResponseEntity
<
List
<
WFMemberDTO
>>
fetchDefault
(
WFMemberSearchContext
context
)
{
...
...
@@ -174,7 +174,7 @@ public class WFMemberResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"searchDEFAULT"
,
tags
=
{
"WFMember"
}
,
notes
=
"searchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfmembers/searchdefault"
)
public
ResponseEntity
<
Page
<
WFMemberDTO
>>
searchDefault
(
WFMemberSearchContext
context
)
{
...
...
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFProcessDefinitionResource.java
浏览文件 @
1eb00bed
...
...
@@ -71,7 +71,7 @@ public class WFProcessDefinitionResource {
@PreAuthorize
(
"hasPermission(#wfprocessdefinition_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfprocessdefinition_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfprocessdefinitions/{wfprocessdefinition_id}"
)
@Transactional
...
...
@@ -83,7 +83,7 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(#wfprocessdefinition_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfprocessdefinition_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"UpdateBatch"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions/updatebatch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFProcessDefinitionDTO
>
wfprocessdefinitiondtos
)
{
...
...
@@ -94,7 +94,7 @@ public class WFProcessDefinitionResource {
@PreAuthorize
(
"hasPermission(#wfprocessdefinition_id,'
READ
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfprocessdefinition_id,'
Get
',this.getEntity())"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfprocessdefinitions/{wfprocessdefinition_id}"
)
public
ResponseEntity
<
WFProcessDefinitionDTO
>
get
(
@PathVariable
(
"wfprocessdefinition_id"
)
String
wfprocessdefinition_id
)
{
...
...
@@ -124,7 +124,7 @@ public class WFProcessDefinitionResource {
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions"
)
@Transactional
...
...
@@ -135,7 +135,7 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"createBatch"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions/createbatch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFProcessDefinitionDTO
>
wfprocessdefinitiondtos
)
{
...
...
@@ -146,7 +146,7 @@ public class WFProcessDefinitionResource {
@PreAuthorize
(
"hasPermission('
DELETE
',{#wfprocessdefinition_id,this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Remove
',{#wfprocessdefinition_id,this.getEntity()})"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfprocessdefinitions/{wfprocessdefinition_id}"
)
@Transactional
...
...
@@ -161,7 +161,7 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"fetchDEFAULT"
,
tags
=
{
"WFProcessDefinition"
}
,
notes
=
"fetchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfprocessdefinitions/fetchdefault"
)
public
ResponseEntity
<
List
<
WFProcessDefinitionDTO
>>
fetchDefault
(
WFProcessDefinitionSearchContext
context
)
{
...
...
@@ -174,7 +174,7 @@ public class WFProcessDefinitionResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"searchDEFAULT"
,
tags
=
{
"WFProcessDefinition"
}
,
notes
=
"searchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfprocessdefinitions/searchdefault"
)
public
ResponseEntity
<
Page
<
WFProcessDefinitionDTO
>>
searchDefault
(
WFProcessDefinitionSearchContext
context
)
{
...
...
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFSystemResource.java
浏览文件 @
1eb00bed
...
...
@@ -55,7 +55,7 @@ public class WFSystemResource {
@PreAuthorize
(
"hasPermission('
DELETE
',{#wfsystem_id,this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Remove
',{#wfsystem_id,this.getEntity()})"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFSystem"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfsystems/{wfsystem_id}"
)
@Transactional
...
...
@@ -73,7 +73,7 @@ public class WFSystemResource {
@PreAuthorize
(
"hasPermission(#wfsystem_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfsystem_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"WFSystem"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfsystems/{wfsystem_id}"
)
@Transactional
...
...
@@ -85,7 +85,7 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(#wfsystem_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfsystem_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"UpdateBatch"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfsystems/updatebatch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFSystemDTO
>
wfsystemdtos
)
{
...
...
@@ -121,7 +121,7 @@ public class WFSystemResource {
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"WFSystem"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfsystems"
)
@Transactional
...
...
@@ -132,7 +132,7 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"createBatch"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfsystems/createbatch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFSystemDTO
>
wfsystemdtos
)
{
...
...
@@ -152,7 +152,7 @@ public class WFSystemResource {
@PreAuthorize
(
"hasPermission(#wfsystem_id,'
READ
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfsystem_id,'
Get
',this.getEntity())"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"WFSystem"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfsystems/{wfsystem_id}"
)
public
ResponseEntity
<
WFSystemDTO
>
get
(
@PathVariable
(
"wfsystem_id"
)
String
wfsystem_id
)
{
...
...
@@ -161,7 +161,7 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"fetchDEFAULT"
,
tags
=
{
"WFSystem"
}
,
notes
=
"fetchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfsystems/fetchdefault"
)
public
ResponseEntity
<
List
<
WFSystemDTO
>>
fetchDefault
(
WFSystemSearchContext
context
)
{
...
...
@@ -174,7 +174,7 @@ public class WFSystemResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"searchDEFAULT"
,
tags
=
{
"WFSystem"
}
,
notes
=
"searchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfsystems/searchdefault"
)
public
ResponseEntity
<
Page
<
WFSystemDTO
>>
searchDefault
(
WFSystemSearchContext
context
)
{
...
...
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFUserResource.java
浏览文件 @
1eb00bed
...
...
@@ -55,7 +55,7 @@ public class WFUserResource {
@PreAuthorize
(
"hasPermission('
DELETE
',{#wfuser_id,this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Remove
',{#wfuser_id,this.getEntity()})"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFUser"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfusers/{wfuser_id}"
)
@Transactional
...
...
@@ -98,7 +98,7 @@ public class WFUserResource {
@PreAuthorize
(
"hasPermission(#wfuser_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfuser_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"WFUser"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfusers/{wfuser_id}"
)
@Transactional
...
...
@@ -110,7 +110,7 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission(#wfuser_id,'U
PDATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfuser_id,'U
pdate
',this.getEntity())"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"UpdateBatch"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/updatebatch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFUserDTO
>
wfuserdtos
)
{
...
...
@@ -121,7 +121,7 @@ public class WFUserResource {
@PreAuthorize
(
"hasPermission(#wfuser_id,'
READ
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission(#wfuser_id,'
Get
',this.getEntity())"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"WFUser"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfusers/{wfuser_id}"
)
public
ResponseEntity
<
WFUserDTO
>
get
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
)
{
...
...
@@ -133,7 +133,7 @@ public class WFUserResource {
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"WFUser"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers"
)
@Transactional
...
...
@@ -144,7 +144,7 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('','C
REATE
',this.getEntity())"
)
@PreAuthorize
(
"hasPermission('','C
reate
',this.getEntity())"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"createBatch"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/createbatch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFUserDTO
>
wfuserdtos
)
{
...
...
@@ -161,7 +161,7 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfuserService
.
checkKey
(
wfuserMapping
.
toDomain
(
wfuserdto
)));
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"fetchDEFAULT"
,
tags
=
{
"WFUser"
}
,
notes
=
"fetchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfusers/fetchdefault"
)
public
ResponseEntity
<
List
<
WFUserDTO
>>
fetchDefault
(
WFUserSearchContext
context
)
{
...
...
@@ -174,7 +174,7 @@ public class WFUserResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasPermission('
READ
',{#context,'Default',this.getEntity()})"
)
@PreAuthorize
(
"hasPermission('
Get
',{#context,'Default',this.getEntity()})"
)
@ApiOperation
(
value
=
"searchDEFAULT"
,
tags
=
{
"WFUser"
}
,
notes
=
"searchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfusers/searchdefault"
)
public
ResponseEntity
<
Page
<
WFUserDTO
>>
searchDefault
(
WFUserSearchContext
context
)
{
...
...
ibzwf-provider/ibzwf-provider-api/src/main/resources/application-api-dev.yml
浏览文件 @
1eb00bed
server
:
port
:
8081
\ No newline at end of file
port
:
40003
\ No newline at end of file
ibzwf-provider/ibzwf-provider-api/src/main/resources/application-api-prod.yml
浏览文件 @
1eb00bed
server
:
port
:
8081
port
:
40003
ibzwf-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
浏览文件 @
1eb00bed
...
...
@@ -36,14 +36,13 @@ public class PermissionSyncJob implements ApplicationRunner {
private
String
systemId
;
@Override
public
void
run
(
ApplicationArguments
args
)
throws
Exception
{
public
void
run
(
ApplicationArguments
args
)
{
if
(
enablePermissionValid
){
try
{
InputStream
permission
=
this
.
getClass
().
getResourceAsStream
(
"/deprivs/DEPrivs.json"
);
//获取当前系统所有实体资源能力
String
permissionResult
=
IOUtils
.
toString
(
permission
,
"UTF-8"
);
JSONArray
jsonNodePermission
=
JSONArray
.
parseArray
(
permissionResult
);
Map
<
String
,
Object
>
map
=
new
HashMap
<
String
,
Object
>();
map
.
put
(
"menu"
,
new
JSONArray
());
JSONObject
jsonNodePermission
=
JSONObject
.
parseObject
(
permissionResult
);
Map
<
String
,
Object
>
map
=
new
HashMap
<>();
map
.
put
(
"permission"
,
jsonNodePermission
);
client
.
pushSystemPermissionData
(
map
,
systemId
);
}
...
...
ibzwf-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @
1eb00bed
...
...
@@ -31,6 +31,14 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value
(
"${ibiz.enablePermissionValid:false}"
)
boolean
enablePermissionValid
;
//是否开启权限校验
/**
* 实体行为操作标识
*/
private
String
DEActionType
=
"DEACTION"
;
/**
* 实体数据集操作标识
*/
private
String
DataSetTag
=
"DATASET"
;
/**
* 表格权限检查 :用于检查当前用户是否拥有表格数据的读取、删除权限
...
...
@@ -68,10 +76,10 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//获取实体行为权限信息
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"
deActionPermission
"
);
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"
userPermissionList
"
);
//检查是否有操作权限[create.update.delete.read]
if
(!
validHasPermission
(
permissionList
,
entityName
,
action
)){
if
(!
valid
DEAction
HasPermission
(
permissionList
,
entityName
,
action
)){
return
false
;
}
//检查是否有数据权限[单行删除]
...
...
@@ -86,23 +94,23 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
else
{
//grid fetch
//准备参数
Object
searchContext
=
gridParamList
.
get
(
0
);
String
dataSet
=
String
.
valueOf
(
gridParamList
.
get
(
1
));
String
dataSet
Name
=
String
.
valueOf
(
gridParamList
.
get
(
1
));
EntityBase
entity
=
(
EntityBase
)
gridParamList
.
get
(
2
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//获取数据集权限信息
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"
deDataSetPermission
"
);
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"
userPermissionList
"
);
if
(
StringUtils
.
isEmpty
(
entityName
)||
StringUtils
.
isEmpty
(
dataSet
)||
StringUtils
.
isEmpty
(
action
))
if
(
StringUtils
.
isEmpty
(
entityName
)||
StringUtils
.
isEmpty
(
dataSet
Name
)||
StringUtils
.
isEmpty
(
action
))
return
false
;
//检查是否有
操作权限[create.update.delete.read]
if
(!
valid
HasPermission
(
permissionList
,
entityName
,
dataSet
,
action
)){
//检查是否有
访问数据集的权限
if
(!
valid
DataSetHasPermission
(
permissionList
,
entityName
,
dataSetName
)){
return
false
;
}
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
permissionSQL
=
getPermissionSQLByList
(
permissionList
,
entityName
,
action
,
dataSet
,
permissionField
);
//获取权限SQL
String
permissionSQL
=
getPermissionSQLByList
(
permissionList
,
entityName
,
action
,
dataSet
Name
,
permissionField
);
//获取权限SQL
if
(
StringUtils
.
isEmpty
(
permissionSQL
))
return
false
;
fillPermissionSQL
(
searchContext
,
permissionSQL
);
//将权限SQL添加到searchContext中,过滤出权限内数据
...
...
@@ -134,11 +142,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
false
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermisionList
();
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"
deActionPermission
"
);
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"
userPermissionList
"
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
if
(
action
.
equals
(
"CREATE"
)){
return
validHasPermission
(
permissionList
,
entityName
,
action
);
return
valid
DEAction
HasPermission
(
permissionList
,
entityName
,
action
);
}
else
{
//拥有全部数据访问权限时,则跳过权限检查
...
...
@@ -146,7 +154,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
true
;
}
//检查是否有操作权限[create.update.delete.read]
if
(!
validHasPermission
(
permissionList
,
entityName
,
action
)){
if
(!
valid
DEAction
HasPermission
(
permissionList
,
entityName
,
action
)){
return
false
;
}
//检查是否有数据权限
...
...
@@ -155,7 +163,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
String
permissionSQL
=
getPermissionSQLById
(
permissionList
,
entityName
,
action
,
srfKey
,
permissionField
);
//获取权限SQL
if
(
StringUtils
.
isEmpty
(
permissionSQL
))
return
false
;
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
return
testDataAccess
(
service
,
permissionWrapper
);
//执行权限检查
}
...
...
@@ -193,11 +200,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
private
String
getPermissionSQLByList
(
JSONObject
gridDataAbility
,
String
entityName
,
String
action
,
String
dataSetName
,
Map
<
String
,
String
>
permissionField
){
JSONObject
entity
=
gridDataAbility
.
getJSONObject
(
entityName
);
//获取实体
JSONObject
dataSet
=
entity
.
getJSONObject
(
dataSetName
);
//获取实体数据集
JSONArray
opprivList
=
dataSet
.
getJSONArray
(
action
);
//行为:read;insert...
if
(
opprivList
.
size
()==
0
)
JSONObject
permissionType
=
entity
.
getJSONObject
(
DataSetTag
);
JSONArray
dataRange
=
permissionType
.
getJSONArray
(
dataSetName
);
//获取实体数据集
if
(
dataRange
.
size
()==
0
)
return
null
;
return
getPermissionSQL
(
opprivList
,
permissionField
);
//拼接权限条件-查询
return
getPermissionSQL
(
dataRange
,
permissionField
);
//拼接权限条件-查询
}
/**
...
...
@@ -215,21 +222,25 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
/**
* 校验是否有访问实体行为能力
* @param permissionList 权限列表
* @param entityName 实体名称
* @param action 操作行为
* 实体行为权限校验
* @param userPermission
* @param entityName
* @param action
* userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
* @return
*/
private
boolean
valid
HasPermission
(
JSONObject
permissionList
,
String
entityName
,
String
action
){
private
boolean
valid
DEActionHasPermission
(
JSONObject
userPermission
,
String
entityName
,
String
action
){
boolean
hasPermission
=
false
;
if
(
permissionList
==
null
)
if
(
userPermission
==
null
)
return
false
;
if
(!
permissionList
.
containsKey
(
entityName
))
if
(!
userPermission
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
permissionList
.
getJSONObject
(
entityName
);
if
(
entity
.
containsKey
(
action
)){
JSONObject
entity
=
userPermission
.
getJSONObject
(
entityName
);
//获取实体
if
(!
entity
.
containsKey
(
DEActionType
))
return
false
;
JSONObject
dataRange
=
entity
.
getJSONObject
(
DEActionType
);
//获取实体行为对应的数据范围
if
(
dataRange
.
containsKey
(
action
)){
hasPermission
=
true
;
}
return
hasPermission
;
...
...
@@ -237,31 +248,33 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
*
校验是否有访问数据集能力
* @param
permissionList
*
数据集合权限校验
* @param
userPermission
* @param entityName
* @param dataSetName
*
@param action
*
userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
* @return
*/
private
boolean
valid
HasPermission
(
JSONObject
permissionList
,
String
entityName
,
String
dataSetName
,
String
action
){
private
boolean
valid
DataSetHasPermission
(
JSONObject
userPermission
,
String
entityName
,
String
dataSetName
){
boolean
hasPermission
=
false
;
if
(
permissionList
==
null
)
if
(
userPermission
==
null
)
return
false
;
if
(!
permissionList
.
containsKey
(
entityName
))
if
(!
userPermission
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
permissionList
.
getJSONObject
(
entityName
);
if
(!
entity
.
containsKey
(
dataSetName
))
JSONObject
entity
=
userPermission
.
getJSONObject
(
entityName
);
//获取实体
if
(!
entity
.
containsKey
(
DataSetTag
))
return
false
;
JSONObject
dataSet
=
entity
.
getJSONObject
(
dataSetName
);
//获取实体数据集
if
(
dataSet
.
containsKey
(
action
)){
JSONObject
dataSetList
=
entity
.
getJSONObject
(
DataSetTag
);
//获取数据集
if
(!
dataSetList
.
containsKey
(
dataSetName
))
return
false
;
JSONArray
dataRange
=
dataSetList
.
getJSONArray
(
dataSetName
);
//获取数据范围
if
(
dataRange
!=
null
&&
dataRange
.
size
()>
0
){
hasPermission
=
true
;
}
return
hasPermission
;
}
/**
* 获取单条权限数据SQL
* @param formDataAbility
...
...
@@ -274,7 +287,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
private
String
getPermissionSQLById
(
JSONObject
formDataAbility
,
String
entityName
,
String
action
,
Object
srfKey
,
Map
<
String
,
String
>
permissionField
){
JSONObject
entity
=
formDataAbility
.
getJSONObject
(
entityName
);
//获取实体
JSONArray
opprivList
=
entity
.
getJSONArray
(
action
);
//行为:read;insert...
JSONObject
permissionType
=
entity
.
getJSONObject
(
DEActionType
);
JSONArray
opprivList
=
permissionType
.
getJSONArray
(
action
);
//行为:read;insert...
if
(
opprivList
.
size
()==
0
)
return
null
;
String
permissionSQL
=
getPermissionSQL
(
opprivList
,
permissionField
);
...
...
@@ -286,7 +300,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
String
.
format
(
" (%s) AND (%s='%s')"
,
permissionSQL
,
keyField
,
srfKey
);
//拼接权限条件-编辑
}
/**
* 表单权限检查
* @param service
...
...
@@ -302,7 +315,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
isPermission
;
}
/**
* 获取权限SQL
* @param oppriList
...
...
@@ -430,7 +442,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
* 转换[a,b]格式字符串到 'a','b'格式
*
* @return
*/
private
String
formatStringArr
(
JSONArray
array
)
{
...
...
@@ -441,7 +452,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
* 格式转换
*
* @param cond
* @param operator
* @return
...
...
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录