Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzwf
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzwf
提交
90cbaeec
提交
90cbaeec
编写于
5月 27, 2020
作者:
ibizdev
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
ibiz4j 部署微服务接口
上级
606c7270
变更
25
显示空白字符变更
内嵌
并排
正在显示
25 个修改的文件
包含
199 行增加
和
730 行删除
+199
-730
application-web-prod.yml
...ibzwf-app-web/src/main/resources/application-web-prod.yml
+4
-0
application-dev.yml
ibzwf-boot/src/main/resources/application-dev.yml
+4
-0
IWFGroupService.java
...ava/cn/ibizlab/core/workflow/service/IWFGroupService.java
+1
-0
IWFMemberService.java
...va/cn/ibizlab/core/workflow/service/IWFMemberService.java
+1
-0
IWFProcessDefinitionService.java
...ab/core/workflow/service/IWFProcessDefinitionService.java
+1
-0
IWFSystemService.java
...va/cn/ibizlab/core/workflow/service/IWFSystemService.java
+1
-0
IWFUserService.java
...java/cn/ibizlab/core/workflow/service/IWFUserService.java
+1
-0
WFGroupServiceImpl.java
...bizlab/core/workflow/service/impl/WFGroupServiceImpl.java
+1
-0
WFMemberServiceImpl.java
...izlab/core/workflow/service/impl/WFMemberServiceImpl.java
+1
-0
WFProcessDefinitionServiceImpl.java
...workflow/service/impl/WFProcessDefinitionServiceImpl.java
+1
-0
WFSystemServiceImpl.java
...izlab/core/workflow/service/impl/WFSystemServiceImpl.java
+1
-0
WFUserServiceImpl.java
...ibizlab/core/workflow/service/impl/WFUserServiceImpl.java
+1
-0
systemResource.json
ibzwf-core/src/main/resources/permission/systemResource.json
+2
-1
WFGroupResource.java
...pi/src/main/java/cn/ibizlab/api/rest/WFGroupResource.java
+11
-13
WFMemberResource.java
...i/src/main/java/cn/ibizlab/api/rest/WFMemberResource.java
+19
-25
WFProcessDefinitionResource.java
...java/cn/ibizlab/api/rest/WFProcessDefinitionResource.java
+11
-13
WFREModelResource.java
.../src/main/java/cn/ibizlab/api/rest/WFREModelResource.java
+7
-20
WFSystemResource.java
...i/src/main/java/cn/ibizlab/api/rest/WFSystemResource.java
+11
-13
WFUserResource.java
...api/src/main/java/cn/ibizlab/api/rest/WFUserResource.java
+11
-13
IBZUAAFallback.java
.../src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
+2
-2
IBZUAAFeignClient.java
...c/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
+4
-5
PermissionSyncJob.java
.../src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
+6
-2
AppController.java
...til/src/main/java/cn/ibizlab/util/rest/AppController.java
+22
-13
AuthPermissionEvaluator.java
...ava/cn/ibizlab/util/security/AuthPermissionEvaluator.java
+71
-610
IBZUSERServiceImpl.java
...main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
+4
-0
未找到文件。
ibzwf-app/ibzwf-app-web/src/main/resources/application-web-prod.yml
浏览文件 @
90cbaeec
...
...
@@ -31,5 +31,9 @@ zuul:
path
:
/v7/login
serviceId
:
ibzuaa-api
stripPrefix
:
false
oucore
:
path
:
/ibzorganizations/**
serviceId
:
ibzou-api
stripPrefix
:
false
sensitive-headers
:
-
Cookie,Set-Cookie,Authorization
ibzwf-boot/src/main/resources/application-dev.yml
浏览文件 @
90cbaeec
...
...
@@ -8,5 +8,9 @@ zuul:
path
:
/v7/login
serviceId
:
ibzuaa-api
stripPrefix
:
false
oucore
:
path
:
/ibzorganizations/**
serviceId
:
ibzou-api
stripPrefix
:
false
sensitive-headers
:
-
Cookie,Set-Cookie,Authorization
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFGroupService.java
浏览文件 @
90cbaeec
...
...
@@ -52,6 +52,7 @@ public interface IWFGroupService extends IService<WFGroup>{
*/
boolean
execute
(
String
sql
,
Map
param
);
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFMemberService.java
浏览文件 @
90cbaeec
...
...
@@ -57,6 +57,7 @@ public interface IWFMemberService extends IService<WFMember>{
*/
boolean
execute
(
String
sql
,
Map
param
);
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFProcessDefinitionService.java
浏览文件 @
90cbaeec
...
...
@@ -52,6 +52,7 @@ public interface IWFProcessDefinitionService extends IService<WFProcessDefinitio
*/
boolean
execute
(
String
sql
,
Map
param
);
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFSystemService.java
浏览文件 @
90cbaeec
...
...
@@ -52,6 +52,7 @@ public interface IWFSystemService extends IService<WFSystem>{
*/
boolean
execute
(
String
sql
,
Map
param
);
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/IWFUserService.java
浏览文件 @
90cbaeec
...
...
@@ -52,6 +52,7 @@ public interface IWFUserService extends IService<WFUser>{
*/
boolean
execute
(
String
sql
,
Map
param
);
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFGroupServiceImpl.java
浏览文件 @
90cbaeec
...
...
@@ -186,6 +186,7 @@ public class WFGroupServiceImpl extends ServiceImpl<WFGroupMapper, WFGroup> impl
return
true
;
}
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFMemberServiceImpl.java
浏览文件 @
90cbaeec
...
...
@@ -267,6 +267,7 @@ public class WFMemberServiceImpl extends ServiceImpl<WFMemberMapper, WFMember> i
return
true
;
}
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFProcessDefinitionServiceImpl.java
浏览文件 @
90cbaeec
...
...
@@ -179,6 +179,7 @@ public class WFProcessDefinitionServiceImpl extends ServiceImpl<WFProcessDefinit
return
true
;
}
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFSystemServiceImpl.java
浏览文件 @
90cbaeec
...
...
@@ -179,6 +179,7 @@ public class WFSystemServiceImpl extends ServiceImpl<WFSystemMapper, WFSystem> i
return
true
;
}
}
ibzwf-core/src/main/java/cn/ibizlab/core/workflow/service/impl/WFUserServiceImpl.java
浏览文件 @
90cbaeec
...
...
@@ -182,6 +182,7 @@ public class WFUserServiceImpl extends ServiceImpl<WFUserMapper, WFUser> impleme
return
true
;
}
}
ibzwf-core/src/main/resources/permission/systemResource.json
浏览文件 @
90cbaeec
{
"systemid"
:
"ibzwf"
,
"unires"
:[
],
"entities"
:[
...
...
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFGroupResource.java
浏览文件 @
90cbaeec
...
...
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import
org.springframework.util.StringUtils
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PostAuthorize
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
io.swagger.annotations.ApiResponse
;
...
...
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFGroupSearchContext;
public
class
WFGroupResource
{
@Autowired
p
rivate
IWFGroupService
wfgroupService
;
p
ublic
IWFGroupService
wfgroupService
;
@Autowired
@Lazy
public
WFGroupMapping
wfgroupMapping
;
public
WFGroupDTO
permissionDTO
=
new
WFGroupDTO
();
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Save-all')"
)
@ApiOperation
(
value
=
"Save"
,
tags
=
{
"WFGroup"
},
notes
=
"Save"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/save"
)
...
...
@@ -54,7 +53,7 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfgroupService
.
save
(
wfgroupMapping
.
toDomain
(
wfgroupdto
)));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfgroupMapping,#wfgroupdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"WFGroup"
},
notes
=
"SaveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(
@RequestBody
List
<
WFGroupDTO
>
wfgroupdtos
)
{
...
...
@@ -68,13 +67,13 @@ public class WFGroupResource {
@Transactional
public
ResponseEntity
<
WFGroupDTO
>
update
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
,
@RequestBody
WFGroupDTO
wfgroupdto
)
{
WFGroup
domain
=
wfgroupMapping
.
toDomain
(
wfgroupdto
);
domain
.
setId
(
wfgroup_id
);
wfgroupService
.
update
(
domain
);
WFGroupDTO
dto
=
wfgroupMapping
.
toDto
(
domain
);
domain
.
setId
(
wfgroup_id
);
wfgroupService
.
update
(
domain
);
WFGroupDTO
dto
=
wfgroupMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfgroupMapping,#wfgroupdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"WFGroup"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfgroups/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFGroupDTO
>
wfgroupdtos
)
{
...
...
@@ -82,14 +81,12 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraft"
,
tags
=
{
"WFGroup"
},
notes
=
"GetDraft"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfgroups/getdraft"
)
public
ResponseEntity
<
WFGroupDTO
>
getDraft
()
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfgroupMapping
.
toDto
(
wfgroupService
.
getDraft
(
new
WFGroup
())));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKey"
,
tags
=
{
"WFGroup"
},
notes
=
"CheckKey"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
WFGroupDTO
wfgroupdto
)
{
...
...
@@ -107,7 +104,7 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfgroupMapping,#wfgroupdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"WFGroup"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFGroupDTO
>
wfgroupdtos
)
{
...
...
@@ -123,7 +120,7 @@ public class WFGroupResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfgroupService
.
remove
(
wfgroup_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfgroupMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFGroup-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"WFGroup"
},
notes
=
"RemoveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfgroups/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -162,3 +159,4 @@ public class WFGroupResource {
.
body
(
new
PageImpl
(
wfgroupMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
}
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFMemberResource.java
浏览文件 @
90cbaeec
...
...
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import
org.springframework.util.StringUtils
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PostAuthorize
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
io.swagger.annotations.ApiResponse
;
...
...
@@ -39,22 +40,18 @@ import cn.ibizlab.core.workflow.filter.WFMemberSearchContext;
public
class
WFMemberResource
{
@Autowired
p
rivate
IWFMemberService
wfmemberService
;
p
ublic
IWFMemberService
wfmemberService
;
@Autowired
@Lazy
public
WFMemberMapping
wfmemberMapping
;
public
WFMemberDTO
permissionDTO
=
new
WFMemberDTO
();
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKey"
,
tags
=
{
"WFMember"
},
notes
=
"CheckKey"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfmembers/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
WFMemberDTO
wfmemberdto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
checkKey
(
wfmemberMapping
.
toDomain
(
wfmemberdto
)));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraft"
,
tags
=
{
"WFMember"
},
notes
=
"GetDraft"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfmembers/getdraft"
)
public
ResponseEntity
<
WFMemberDTO
>
getDraft
()
{
...
...
@@ -72,7 +69,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"WFMember"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -88,7 +85,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
remove
(
wfmember_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfmemberMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"WFMember"
},
notes
=
"RemoveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -103,7 +100,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
save
(
wfmemberMapping
.
toDomain
(
wfmemberdto
)));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"WFMember"
},
notes
=
"SaveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfmembers/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -117,13 +114,13 @@ public class WFMemberResource {
@Transactional
public
ResponseEntity
<
WFMemberDTO
>
update
(
@PathVariable
(
"wfmember_id"
)
String
wfmember_id
,
@RequestBody
WFMemberDTO
wfmemberdto
)
{
WFMember
domain
=
wfmemberMapping
.
toDomain
(
wfmemberdto
);
domain
.
setMemberid
(
wfmember_id
);
wfmemberService
.
update
(
domain
);
WFMemberDTO
dto
=
wfmemberMapping
.
toDto
(
domain
);
domain
.
setMemberid
(
wfmember_id
);
wfmemberService
.
update
(
domain
);
WFMemberDTO
dto
=
wfmemberMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"WFMember"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -161,14 +158,12 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
)
.
body
(
new
PageImpl
(
wfmemberMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKeyByWFGroup"
,
tags
=
{
"WFMember"
},
notes
=
"CheckKeyByWFGroup"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/{wfgroup_id}/wfmembers/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKeyByWFGroup
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
,
@RequestBody
WFMemberDTO
wfmemberdto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
checkKey
(
wfmemberMapping
.
toDomain
(
wfmemberdto
)));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraftByWFGroup"
,
tags
=
{
"WFMember"
},
notes
=
"GetDraftByWFGroup"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfgroups/{wfgroup_id}/wfmembers/getdraft"
)
public
ResponseEntity
<
WFMemberDTO
>
getDraftByWFGroup
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
)
{
...
...
@@ -189,7 +184,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatchByWFGroup"
,
tags
=
{
"WFMember"
},
notes
=
"createBatchByWFGroup"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/{wfgroup_id}/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
createBatchByWFGroup
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
,
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -209,7 +204,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
remove
(
wfmember_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfmemberMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatchByWFGroup"
,
tags
=
{
"WFMember"
},
notes
=
"RemoveBatchByWFGroup"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfgroups/{wfgroup_id}/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatchByWFGroup
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -226,7 +221,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
save
(
domain
));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatchByWFGroup"
,
tags
=
{
"WFMember"
},
notes
=
"SaveBatchByWFGroup"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfgroups/{wfgroup_id}/wfmembers/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatchByWFGroup
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
,
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -251,7 +246,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatchByWFGroup"
,
tags
=
{
"WFMember"
},
notes
=
"UpdateBatchByWFGroup"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfgroups/{wfgroup_id}/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatchByWFGroup
(
@PathVariable
(
"wfgroup_id"
)
String
wfgroup_id
,
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -295,14 +290,12 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
)
.
body
(
new
PageImpl
(
wfmemberMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKeyByWFUser"
,
tags
=
{
"WFMember"
},
notes
=
"CheckKeyByWFUser"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/{wfuser_id}/wfmembers/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKeyByWFUser
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
,
@RequestBody
WFMemberDTO
wfmemberdto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
checkKey
(
wfmemberMapping
.
toDomain
(
wfmemberdto
)));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraftByWFUser"
,
tags
=
{
"WFMember"
},
notes
=
"GetDraftByWFUser"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfusers/{wfuser_id}/wfmembers/getdraft"
)
public
ResponseEntity
<
WFMemberDTO
>
getDraftByWFUser
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
)
{
...
...
@@ -323,7 +316,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatchByWFUser"
,
tags
=
{
"WFMember"
},
notes
=
"createBatchByWFUser"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/{wfuser_id}/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
createBatchByWFUser
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
,
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -343,7 +336,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
remove
(
wfmember_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfmemberMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatchByWFUser"
,
tags
=
{
"WFMember"
},
notes
=
"RemoveBatchByWFUser"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfusers/{wfuser_id}/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatchByWFUser
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -360,7 +353,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfmemberService
.
save
(
domain
));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatchByWFUser"
,
tags
=
{
"WFMember"
},
notes
=
"SaveBatchByWFUser"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/{wfuser_id}/wfmembers/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatchByWFUser
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
,
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -385,7 +378,7 @@ public class WFMemberResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfmemberMapping,#wfmemberdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFMember-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatchByWFUser"
,
tags
=
{
"WFMember"
},
notes
=
"UpdateBatchByWFUser"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfusers/{wfuser_id}/wfmembers/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatchByWFUser
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
,
@RequestBody
List
<
WFMemberDTO
>
wfmemberdtos
)
{
...
...
@@ -430,3 +423,4 @@ public class WFMemberResource {
.
body
(
new
PageImpl
(
wfmemberMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
}
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFProcessDefinitionResource.java
浏览文件 @
90cbaeec
...
...
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import
org.springframework.util.StringUtils
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PostAuthorize
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
io.swagger.annotations.ApiResponse
;
...
...
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFProcessDefinitionSearchContext;
public
class
WFProcessDefinitionResource
{
@Autowired
p
rivate
IWFProcessDefinitionService
wfprocessdefinitionService
;
p
ublic
IWFProcessDefinitionService
wfprocessdefinitionService
;
@Autowired
@Lazy
public
WFProcessDefinitionMapping
wfprocessdefinitionMapping
;
public
WFProcessDefinitionDTO
permissionDTO
=
new
WFProcessDefinitionDTO
();
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Save-all')"
)
@ApiOperation
(
value
=
"Save"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"Save"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions/save"
)
...
...
@@ -54,7 +53,7 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfprocessdefinitionService
.
save
(
wfprocessdefinitionMapping
.
toDomain
(
wfprocessdefinitiondto
)));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfprocessdefinitionMapping,#wfprocessdefinitiondtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"SaveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(
@RequestBody
List
<
WFProcessDefinitionDTO
>
wfprocessdefinitiondtos
)
{
...
...
@@ -68,13 +67,13 @@ public class WFProcessDefinitionResource {
@Transactional
public
ResponseEntity
<
WFProcessDefinitionDTO
>
update
(
@PathVariable
(
"wfprocessdefinition_id"
)
String
wfprocessdefinition_id
,
@RequestBody
WFProcessDefinitionDTO
wfprocessdefinitiondto
)
{
WFProcessDefinition
domain
=
wfprocessdefinitionMapping
.
toDomain
(
wfprocessdefinitiondto
);
domain
.
setDefinitionkey
(
wfprocessdefinition_id
);
wfprocessdefinitionService
.
update
(
domain
);
WFProcessDefinitionDTO
dto
=
wfprocessdefinitionMapping
.
toDto
(
domain
);
domain
.
setDefinitionkey
(
wfprocessdefinition_id
);
wfprocessdefinitionService
.
update
(
domain
);
WFProcessDefinitionDTO
dto
=
wfprocessdefinitionMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfprocessdefinitionMapping,#wfprocessdefinitiondtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfprocessdefinitions/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFProcessDefinitionDTO
>
wfprocessdefinitiondtos
)
{
...
...
@@ -91,14 +90,12 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKey"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"CheckKey"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
WFProcessDefinitionDTO
wfprocessdefinitiondto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfprocessdefinitionService
.
checkKey
(
wfprocessdefinitionMapping
.
toDomain
(
wfprocessdefinitiondto
)));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraft"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"GetDraft"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfprocessdefinitions/getdraft"
)
public
ResponseEntity
<
WFProcessDefinitionDTO
>
getDraft
()
{
...
...
@@ -116,7 +113,7 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfprocessdefinitionMapping,#wfprocessdefinitiondtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfprocessdefinitions/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFProcessDefinitionDTO
>
wfprocessdefinitiondtos
)
{
...
...
@@ -132,7 +129,7 @@ public class WFProcessDefinitionResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfprocessdefinitionService
.
remove
(
wfprocessdefinition_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfprocessdefinitionMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFProcessDefinition-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"WFProcessDefinition"
},
notes
=
"RemoveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfprocessdefinitions/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -162,3 +159,4 @@ public class WFProcessDefinitionResource {
.
body
(
new
PageImpl
(
wfprocessdefinitionMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
}
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFREModelResource.java
浏览文件 @
90cbaeec
...
...
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import
org.springframework.util.StringUtils
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PostAuthorize
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
io.swagger.annotations.ApiResponse
;
...
...
@@ -39,27 +40,23 @@ import cn.ibizlab.core.workflow.filter.WFREModelSearchContext;
public
class
WFREModelResource
{
@Autowired
p
rivate
IWFREModelService
wfremodelService
;
p
ublic
IWFREModelService
wfremodelService
;
@Autowired
@Lazy
public
WFREModelMapping
wfremodelMapping
;
public
WFREModelDTO
permissionDTO
=
new
WFREModelDTO
();
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Update-all')"
)
@ApiOperation
(
value
=
"Update"
,
tags
=
{
"WFREModel"
},
notes
=
"Update"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfremodels/{wfremodel_id}"
)
@Transactional
public
ResponseEntity
<
WFREModelDTO
>
update
(
@PathVariable
(
"wfremodel_id"
)
String
wfremodel_id
,
@RequestBody
WFREModelDTO
wfremodeldto
)
{
WFREModel
domain
=
wfremodelMapping
.
toDomain
(
wfremodeldto
);
domain
.
setId
(
wfremodel_id
);
wfremodelService
.
update
(
domain
);
WFREModelDTO
dto
=
wfremodelMapping
.
toDto
(
domain
);
domain
.
setId
(
wfremodel_id
);
wfremodelService
.
update
(
domain
);
WFREModelDTO
dto
=
wfremodelMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('Update',{'None',this.wfremodelMapping,#wfremodeldtos})"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"WFREModel"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfremodels/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFREModelDTO
>
wfremodeldtos
)
{
...
...
@@ -67,14 +64,12 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Save-all')"
)
@ApiOperation
(
value
=
"Save"
,
tags
=
{
"WFREModel"
},
notes
=
"Save"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfremodels/save"
)
public
ResponseEntity
<
Boolean
>
save
(
@RequestBody
WFREModelDTO
wfremodeldto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfremodelService
.
save
(
wfremodelMapping
.
toDomain
(
wfremodeldto
)));
}
@PreAuthorize
(
"hasPermission('Save',{'None',this.wfremodelMapping,#wfremodeldtos})"
)
@ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"WFREModel"
},
notes
=
"SaveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfremodels/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(
@RequestBody
List
<
WFREModelDTO
>
wfremodeldtos
)
{
...
...
@@ -82,7 +77,6 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Get-all')"
)
@ApiOperation
(
value
=
"Get"
,
tags
=
{
"WFREModel"
},
notes
=
"Get"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfremodels/{wfremodel_id}"
)
public
ResponseEntity
<
WFREModelDTO
>
get
(
@PathVariable
(
"wfremodel_id"
)
String
wfremodel_id
)
{
...
...
@@ -91,7 +85,6 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Create-all')"
)
@ApiOperation
(
value
=
"Create"
,
tags
=
{
"WFREModel"
},
notes
=
"Create"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfremodels"
)
@Transactional
...
...
@@ -102,7 +95,6 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"hasPermission('Create',{'None',this.wfremodelMapping,#wfremodeldtos})"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"WFREModel"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfremodels/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFREModelDTO
>
wfremodeldtos
)
{
...
...
@@ -110,14 +102,12 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKey"
,
tags
=
{
"WFREModel"
},
notes
=
"CheckKey"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfremodels/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
WFREModelDTO
wfremodeldto
)
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfremodelService
.
checkKey
(
wfremodelMapping
.
toDomain
(
wfremodeldto
)));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Remove-all')"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFREModel"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfremodels/{wfremodel_id}"
)
@Transactional
...
...
@@ -125,7 +115,6 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfremodelService
.
remove
(
wfremodel_id
));
}
@PreAuthorize
(
"hasPermission('Remove',{'None',this.wfremodelMapping,this.permissionDTO,#ids})"
)
@ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"WFREModel"
},
notes
=
"RemoveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfremodels/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -133,14 +122,12 @@ public class WFREModelResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraft"
,
tags
=
{
"WFREModel"
},
notes
=
"GetDraft"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfremodels/getdraft"
)
public
ResponseEntity
<
WFREModelDTO
>
getDraft
()
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfremodelMapping
.
toDto
(
wfremodelService
.
getDraft
(
new
WFREModel
())));
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Default-all')"
)
@ApiOperation
(
value
=
"fetchDEFAULT"
,
tags
=
{
"WFREModel"
}
,
notes
=
"fetchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfremodels/fetchdefault"
)
public
ResponseEntity
<
List
<
WFREModelDTO
>>
fetchDefault
(
WFREModelSearchContext
context
)
{
...
...
@@ -153,7 +140,6 @@ public class WFREModelResource {
.
body
(
list
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFREModel-Default-all')"
)
@ApiOperation
(
value
=
"searchDEFAULT"
,
tags
=
{
"WFREModel"
}
,
notes
=
"searchDEFAULT"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfremodels/searchdefault"
)
public
ResponseEntity
<
Page
<
WFREModelDTO
>>
searchDefault
(
@RequestBody
WFREModelSearchContext
context
)
{
...
...
@@ -162,3 +148,4 @@ public class WFREModelResource {
.
body
(
new
PageImpl
(
wfremodelMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
}
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFSystemResource.java
浏览文件 @
90cbaeec
...
...
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import
org.springframework.util.StringUtils
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PostAuthorize
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
io.swagger.annotations.ApiResponse
;
...
...
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFSystemSearchContext;
public
class
WFSystemResource
{
@Autowired
p
rivate
IWFSystemService
wfsystemService
;
p
ublic
IWFSystemService
wfsystemService
;
@Autowired
@Lazy
public
WFSystemMapping
wfsystemMapping
;
public
WFSystemDTO
permissionDTO
=
new
WFSystemDTO
();
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Remove-all')"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFSystem"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfsystems/{wfsystem_id}"
)
...
...
@@ -55,7 +54,7 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfsystemService
.
remove
(
wfsystem_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfsystemMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"WFSystem"
},
notes
=
"RemoveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfsystems/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -69,13 +68,13 @@ public class WFSystemResource {
@Transactional
public
ResponseEntity
<
WFSystemDTO
>
update
(
@PathVariable
(
"wfsystem_id"
)
String
wfsystem_id
,
@RequestBody
WFSystemDTO
wfsystemdto
)
{
WFSystem
domain
=
wfsystemMapping
.
toDomain
(
wfsystemdto
);
domain
.
setPssystemid
(
wfsystem_id
);
wfsystemService
.
update
(
domain
);
WFSystemDTO
dto
=
wfsystemMapping
.
toDto
(
domain
);
domain
.
setPssystemid
(
wfsystem_id
);
wfsystemService
.
update
(
domain
);
WFSystemDTO
dto
=
wfsystemMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfsystemMapping,#wfsystemdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"WFSystem"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfsystems/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFSystemDTO
>
wfsystemdtos
)
{
...
...
@@ -83,7 +82,6 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraft"
,
tags
=
{
"WFSystem"
},
notes
=
"GetDraft"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfsystems/getdraft"
)
public
ResponseEntity
<
WFSystemDTO
>
getDraft
()
{
...
...
@@ -97,7 +95,7 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfsystemService
.
save
(
wfsystemMapping
.
toDomain
(
wfsystemdto
)));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfsystemMapping,#wfsystemdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"WFSystem"
},
notes
=
"SaveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfsystems/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(
@RequestBody
List
<
WFSystemDTO
>
wfsystemdtos
)
{
...
...
@@ -116,7 +114,7 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfsystemMapping,#wfsystemdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"WFSystem"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfsystems/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFSystemDTO
>
wfsystemdtos
)
{
...
...
@@ -124,7 +122,6 @@ public class WFSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFSystem-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKey"
,
tags
=
{
"WFSystem"
},
notes
=
"CheckKey"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfsystems/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
WFSystemDTO
wfsystemdto
)
{
...
...
@@ -162,3 +159,4 @@ public class WFSystemResource {
.
body
(
new
PageImpl
(
wfsystemMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
}
ibzwf-provider/ibzwf-provider-api/src/main/java/cn/ibizlab/api/rest/WFUserResource.java
浏览文件 @
90cbaeec
...
...
@@ -22,6 +22,7 @@ import org.springframework.data.domain.Pageable;
import
org.springframework.util.StringUtils
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.security.access.prepost.PreAuthorize
;
import
org.springframework.security.access.prepost.PostAuthorize
;
import
io.swagger.annotations.Api
;
import
io.swagger.annotations.ApiOperation
;
import
io.swagger.annotations.ApiResponse
;
...
...
@@ -39,14 +40,12 @@ import cn.ibizlab.core.workflow.filter.WFUserSearchContext;
public
class
WFUserResource
{
@Autowired
p
rivate
IWFUserService
wfuserService
;
p
ublic
IWFUserService
wfuserService
;
@Autowired
@Lazy
public
WFUserMapping
wfuserMapping
;
public
WFUserDTO
permissionDTO
=
new
WFUserDTO
();
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Remove-all')"
)
@ApiOperation
(
value
=
"Remove"
,
tags
=
{
"WFUser"
},
notes
=
"Remove"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfusers/{wfuser_id}"
)
...
...
@@ -55,7 +54,7 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfuserService
.
remove
(
wfuser_id
));
}
@PreAuthorize
(
"has
Permission('Remove',{'Sql',this.wfuserMapping,this.permissionDTO,#ids}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Remove-all'
)"
)
@ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"WFUser"
},
notes
=
"RemoveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"/wfusers/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(
@RequestBody
List
<
String
>
ids
)
{
...
...
@@ -63,7 +62,6 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-GetDraft-all')"
)
@ApiOperation
(
value
=
"GetDraft"
,
tags
=
{
"WFUser"
},
notes
=
"GetDraft"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/wfusers/getdraft"
)
public
ResponseEntity
<
WFUserDTO
>
getDraft
()
{
...
...
@@ -77,7 +75,7 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
wfuserService
.
save
(
wfuserMapping
.
toDomain
(
wfuserdto
)));
}
@PreAuthorize
(
"has
Permission('Save',{'Sql',this.wfuserMapping,#wfuserdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Save-all'
)"
)
@ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"WFUser"
},
notes
=
"SaveBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(
@RequestBody
List
<
WFUserDTO
>
wfuserdtos
)
{
...
...
@@ -91,13 +89,13 @@ public class WFUserResource {
@Transactional
public
ResponseEntity
<
WFUserDTO
>
update
(
@PathVariable
(
"wfuser_id"
)
String
wfuser_id
,
@RequestBody
WFUserDTO
wfuserdto
)
{
WFUser
domain
=
wfuserMapping
.
toDomain
(
wfuserdto
);
domain
.
setId
(
wfuser_id
);
wfuserService
.
update
(
domain
);
WFUserDTO
dto
=
wfuserMapping
.
toDto
(
domain
);
domain
.
setId
(
wfuser_id
);
wfuserService
.
update
(
domain
);
WFUserDTO
dto
=
wfuserMapping
.
toDto
(
domain
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Update',{'Sql',this.wfuserMapping,#wfuserdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Update-all'
)"
)
@ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"WFUser"
},
notes
=
"UpdateBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"/wfusers/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(
@RequestBody
List
<
WFUserDTO
>
wfuserdtos
)
{
...
...
@@ -125,7 +123,7 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
@PreAuthorize
(
"has
Permission('Create',{'Sql',this.wfuserMapping,#wfuserdtos}
)"
)
@PreAuthorize
(
"has
AnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-Create-all'
)"
)
@ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"WFUser"
},
notes
=
"createBatch"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(
@RequestBody
List
<
WFUserDTO
>
wfuserdtos
)
{
...
...
@@ -133,7 +131,6 @@ public class WFUserResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzwf-WFUser-CheckKey-all')"
)
@ApiOperation
(
value
=
"CheckKey"
,
tags
=
{
"WFUser"
},
notes
=
"CheckKey"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/wfusers/checkkey"
)
public
ResponseEntity
<
Boolean
>
checkKey
(
@RequestBody
WFUserDTO
wfuserdto
)
{
...
...
@@ -162,3 +159,4 @@ public class WFUserResource {
.
body
(
new
PageImpl
(
wfuserMapping
.
toDto
(
domains
.
getContent
()),
context
.
getPageable
(),
domains
.
getTotalElements
()));
}
}
ibzwf-util/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
浏览文件 @
90cbaeec
...
...
@@ -9,8 +9,8 @@ import com.alibaba.fastjson.JSONObject;
public
class
IBZUAAFallback
implements
IBZUAAFeignClient
{
@Override
public
boolean
pushSystemPermissionData
(
String
systemid
,
JSONObject
systemPermissionData
)
{
return
false
;
public
Boolean
syncSysAuthority
(
JSONObject
system
)
{
return
null
;
}
@Override
...
...
ibzwf-util/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
浏览文件 @
90cbaeec
...
...
@@ -10,13 +10,12 @@ import com.alibaba.fastjson.JSONObject;
public
interface
IBZUAAFeignClient
{
/**
* 推送系统权限数据到uaa
* @param systemid
* @param systemPermissionData
* 同步系统资源到uaa
* @param system 系统资源信息
* @return
*/
@PostMapping
(
"/syspssystems/
{systemid}/permissiondata
"
)
boolean
pushSystemPermissionData
(
@PathVariable
(
"systemid"
)
String
systemid
,
@RequestBody
JSONObject
systemPermissionData
);
@PostMapping
(
"/syspssystems/
save
"
)
Boolean
syncSysAuthority
(
@RequestBody
JSONObject
system
);
/**
* 用户登录
...
...
ibzwf-util/src/main/java/cn/ibizlab/util/job/PermissionSyncJob.java
浏览文件 @
90cbaeec
...
...
@@ -36,10 +36,14 @@ public class PermissionSyncJob implements ApplicationRunner {
Thread
.
sleep
(
10000
);
InputStream
permission
=
this
.
getClass
().
getResourceAsStream
(
"/permission/systemResource.json"
);
//获取当前系统所有实体资源能力
String
permissionResult
=
IOUtils
.
toString
(
permission
,
"UTF-8"
);
if
(
client
.
pushSystemPermissionData
(
systemId
,
JSONObject
.
parseObject
(
permissionResult
))){
JSONObject
system
=
new
JSONObject
();
system
.
put
(
"pssystemid"
,
systemId
);
system
.
put
(
"pssystemname"
,
systemId
);
system
.
put
(
"sysstructure"
,
JSONObject
.
parseObject
(
permissionResult
));
if
(
client
.
syncSysAuthority
(
system
)){
log
.
info
(
"向[UAA]同步系统资源成功"
);
}
else
{
log
.
info
(
String
.
format
(
"向[UAA]同步系统资源失败"
)
);
log
.
error
(
"向[UAA]同步系统资源失败"
);
}
}
catch
(
Exception
ex
)
{
...
...
ibzwf-util/src/main/java/cn/ibizlab/util/rest/AppController.java
浏览文件 @
90cbaeec
package
cn
.
ibizlab
.
util
.
rest
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.
util.ObjectUtils
;
import
org.springframework.
security.core.GrantedAuthority
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RestController
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
cn.ibizlab.util.security.AuthenticationUse
r
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
java.util.Collection
;
import
java.util.HashSet
;
import
java.util.Iterato
r
;
import
java.util.Set
;
@RestController
@RequestMapping
(
value
=
""
)
...
...
@@ -27,13 +30,19 @@ public class AppController {
public
ResponseEntity
<
JSONObject
>
getAppData
()
{
JSONObject
appData
=
new
JSONObject
()
;
JSONArray
uniRes
=
new
JSONArray
();
JSONArray
appMenu
=
new
JSONArray
();
Set
<
String
>
appMenu
=
new
HashSet
();
Set
<
String
>
uniRes
=
new
HashSet
();
if
(
enablePermissionValid
){
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(!
ObjectUtils
.
isEmpty
(
userPermission
)){
uniRes
=
userPermission
.
getJSONArray
(
"unires"
);
appMenu
=
userPermission
.
getJSONArray
(
"appmenu"
);
Collection
<
GrantedAuthority
>
authorities
=
AuthenticationUser
.
getAuthenticationUser
().
getAuthorities
();
Iterator
it
=
authorities
.
iterator
();
while
(
it
.
hasNext
())
{
GrantedAuthority
authority
=
(
GrantedAuthority
)
it
.
next
();
String
strAuthority
=
authority
.
getAuthority
();
if
(
strAuthority
.
startsWith
(
"UNIRES"
))
uniRes
.
add
(
strAuthority
);
else
if
(
strAuthority
.
startsWith
(
"APPMENU"
))
appMenu
.
add
(
strAuthority
);
}
}
appData
.
put
(
"unires"
,
uniRes
);
...
...
ibzwf-util/src/main/java/cn/ibizlab/util/security/AuthPermissionEvaluator.java
浏览文件 @
90cbaeec
package
cn
.
ibizlab
.
util
.
security
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
;
import
com.baomidou.mybatisplus.extension.service.impl.ServiceImpl
;
import
com.mongodb.QueryBuilder
;
import
cn.ibizlab.util.annotation.DEField
;
import
cn.ibizlab.util.domain.DTOBase
;
import
cn.ibizlab.util.domain.EntityBase
;
import
cn.ibizlab.util.domain.MappingBase
;
import
cn.ibizlab.util.enums.DEPredefinedFieldType
;
import
cn.ibizlab.util.helper.DEFieldCacheMap
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.data.mongodb.core.MongoTemplate
;
import
org.springframework.data.mongodb.core.query.BasicQuery
;
import
org.springframework.data.mongodb.core.query.Query
;
import
org.springframework.security.access.PermissionEvaluator
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.stereotype.Component
;
import
org.springframework.util.ObjectUtils
;
import
org.springframework.util.StringUtils
;
import
javax.annotation.Resource
;
import
java.io.Serializable
;
import
java.lang.reflect.Field
;
import
java.util.*
;
/**
...
...
@@ -36,331 +23,91 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value
(
"${ibiz.enablePermissionValid:false}"
)
boolean
enablePermissionValid
;
//是否开启权限校验
/**
* 实体行为操作标识
*/
private
String
DEActionType
=
"DEACTION"
;
/**
*实体主键标识
*/
private
String
keyFieldTag
=
"keyfield"
;
@Resource
@Lazy
private
MongoTemplate
mongoTemplate
;
/**
* 批处理权限检查[createBatch:updateBatch:removeBatch]
* 实体行为鉴权
* @param authentication
* @param
DEAction
* @param
params
* @param
entity
* @param
action
* @return
*/
@Override
public
boolean
hasPermission
(
Authentication
authentication
,
Object
DEAction
,
Object
params
)
{
public
boolean
hasPermission
(
Authentication
authentication
,
Object
entity
,
Object
action
)
{
//未开启权限校验、超级管理员则不进行权限检查
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!
enablePermissionValid
)
return
true
;
List
paramList
=
(
ArrayList
)
params
;
String
deStorageMode
=
(
String
)
paramList
.
get
(
0
);
String
action
=
String
.
valueOf
(
DEAction
);
List
<
String
>
ids
=
null
;
EntityBase
entity
;
List
<
EntityBase
>
entityList
=
null
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(
userPermission
==
null
)
return
false
;
MappingBase
mappingBase
=
(
MappingBase
)
paramList
.
get
(
1
);
//参数准备
if
(
action
.
equalsIgnoreCase
(
"remove"
)){
entity
=
(
EntityBase
)
mappingBase
.
toDomain
(
paramList
.
get
(
2
));
ids
=
(
List
<
String
>)
paramList
.
get
(
3
);
}
else
{
List
<
DTOBase
>
dtoList
=
(
List
<
DTOBase
>)
paramList
.
get
(
2
);
if
(
dtoList
.
size
()==
0
)
return
false
;
entityList
=
mappingBase
.
toDomain
(
dtoList
);
entity
=
(
EntityBase
)
mappingBase
.
toDomain
(
dtoList
.
get
(
0
));
}
if
(
entity
==
null
)
return
false
;
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
entityName
,
action
,
permissionList
)){
return
true
;
}
//检查是否有操作权限[create.update.delete.read]
if
(!
validDEActionHasPermission
(
entityName
,
action
,
permissionList
)){
return
false
;
}
JSONArray
dataRangeList
=
getDataRange
(
entityName
,
action
,
permissionList
);
if
(
dataRangeList
.
size
()==
0
)
return
false
;
if
(
action
.
equalsIgnoreCase
(
"create"
)){
return
createBatchActionPermissionValid
(
entityList
,
dataRangeList
);
}
else
if
(
action
.
equalsIgnoreCase
(
"save"
)){
return
saveBatchActionPermissionValid
(
deStorageMode
,
entityList
,
dataRangeList
);
}
else
{
if
(!
action
.
equalsIgnoreCase
(
"remove"
)){
ids
=
getIds
(
entity
,
entityList
);
}
if
(
ids
.
size
()==
0
)
String
strAction
=
String
.
valueOf
(
action
);
Set
<
String
>
userAuthorities
=
getAuthorities
(
authentication
,
strAction
);
if
(
userAuthorities
.
size
()==
0
)
return
false
;
return
otherBatchActionPermissionValidRouter
(
deStorageMode
,
entity
,
ids
,
dataRangeList
);
}
}
/**
* 实体行为权限检查 :用于检查当前用户是否拥有实体的新建、编辑、删除权限
*
* @param authentication
* @param id 当前操作数据的主键
* @param action 当前操作行为:如:[READ、UPDATE、DELETE]
* @param params 相关参数
* @return true/false true则允许当前行为,false拒绝行为
*/
@Override
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
id
,
String
action
,
Object
params
)
{
//未开启权限校验、超级管理员则不进行权限检查
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!
enablePermissionValid
)
return
true
;
List
paramList
=
(
ArrayList
)
params
;
String
deStorageMode
=
(
String
)
paramList
.
get
(
0
);
MappingBase
mappingBase
=
(
MappingBase
)
paramList
.
get
(
1
);
DTOBase
dtoBase
=
(
DTOBase
)
paramList
.
get
(
2
);
EntityBase
entity
=
(
EntityBase
)
mappingBase
.
toDomain
(
dtoBase
);
if
(
StringUtils
.
isEmpty
(
entity
))
return
false
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(
userPermission
==
null
)
return
false
;
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
entityName
,
action
,
permissionList
)){
if
(
isAllData
(
strAction
,
userAuthorities
)){
return
true
;
}
//检查是否有操作权限[create.update.delete.read]
if
(!
validDEActionHasPermission
(
entityName
,
action
,
permissionList
)){
if
(
entity
instanceof
ArrayList
){
List
<
EntityBase
>
entities
=
(
List
<
EntityBase
>)
entity
;
for
(
EntityBase
entityBase:
entities
){
boolean
result
=
actionValid
(
entityBase
,
strAction
,
userAuthorities
);
if
(!
result
){
return
false
;
}
JSONArray
dataRangeList
=
getDataRange
(
entityName
,
action
,
permissionList
);
if
(
dataRangeList
.
size
()==
0
)
return
false
;
if
(
action
.
equalsIgnoreCase
(
"save"
)){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
Object
srfKey
=
entity
.
get
(
keyFieldName
);
if
(
ObjectUtils
.
isEmpty
(
srfKey
))
action
=
"create"
;
else
action
=
"update"
;
}
if
(
action
.
equalsIgnoreCase
(
"create"
)){
return
createActionPermissionValid
(
entity
,
dataRangeList
);
}
else
{
return
otherActionPermissionValidRouter
(
deStorageMode
,
entity
,
id
,
dataRangeList
);
}
}
/**
* 批save校验
* @param deStorageMode
* @param entityList
* @param dataRangeList
* @return
*/
private
boolean
saveBatchActionPermissionValid
(
String
deStorageMode
,
List
<
EntityBase
>
entityList
,
JSONArray
dataRangeList
)
{
if
(
entityList
==
null
||
entityList
.
size
()==
0
)
return
false
;
EntityBase
tempEntity
=
entityList
.
get
(
0
);
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
tempEntity
);
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
List
createList
=
new
ArrayList
();
List
<
String
>
updateList
=
new
ArrayList
();
for
(
EntityBase
entity
:
entityList
){
Object
id
=
entity
.
get
(
keyFieldName
);
if
(
ObjectUtils
.
isEmpty
(
id
))
createList
.
add
(
entity
);
else
updateList
.
add
(
String
.
valueOf
(
id
));
}
if
(
updateList
.
size
()>
0
){
boolean
isUpdate
=
otherBatchActionPermissionValidRouter
(
deStorageMode
,
tempEntity
,
updateList
,
dataRangeList
);
if
(!
isUpdate
)
return
false
;
}
if
(
createList
.
size
()>
0
){
boolean
isCreate
=
createBatchActionPermissionValid
(
entityList
,
dataRangeList
);
if
(!
isCreate
)
return
false
;
}
return
true
;
}
/**
* 批处理新建权限校验
* @param entityList
* @param dataRangeList
* @return
*/
private
boolean
createBatchActionPermissionValid
(
List
<
EntityBase
>
entityList
,
JSONArray
dataRangeList
){
for
(
EntityBase
entity
:
entityList
){
boolean
isCreate
=
createActionPermissionValid
(
entity
,
dataRangeList
);
if
(!
isCreate
){
return
false
;
}
EntityBase
entityBase
=
(
EntityBase
)
entity
;
return
actionValid
(
entityBase
,
strAction
,
userAuthorities
);
}
return
true
;
}
/**
* 批处理行为权限校验[get:update:delete]
* @param deStorageMode
* @param entity
* @param ids
* @param dataRangeList
* @return
*/
private
boolean
otherBatchActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRangeList
){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
return
sqlBatchPermissionValid
(
entity
,
ids
,
dataRangeList
);
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
return
noSqlBatchPermissionValid
(
entity
,
ids
,
dataRangeList
);
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
return
true
;
}
else
{
throw
new
RuntimeException
(
String
.
format
(
"未能识别实体对应存储模式[%s]"
,
deStorageMode
));
}
}
/**
* SQL批处理权限校验
* @param entity
* @param ids
* @param dataRangeList
* @return
*/
private
boolean
sqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRangeList
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));
//获取实体service对象
//通过权限表达式来获取sql
String
permissionSQL
=
String
.
format
(
" (%s) AND ( %s in (%s) ) "
,
getPermissionSQL
(
entity
,
dataRangeList
),
keyFieldName
,
getEntityKeyCond
(
ids
));
//拼接权限条件-编辑
//执行sql进行权限检查
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
List
list
=
service
.
list
(
permissionWrapper
);
if
(
list
.
size
()
==
ids
.
size
()){
@Override
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
id
,
String
action
,
Object
params
)
{
return
true
;
}
else
{
return
false
;
}
}
/**
* NoSQL批处理权限校验
* @param entity
* @param ids
* @param dataRange
* 获取用户权限资源
* @param authentication
* @param action
* @return
*/
private
boolean
noSqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRange
)
{
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
//根据权限表达式填充权限条件
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
dataRange
);
//权限条件拼接主键
permissionCond
.
and
(
keyFieldName
).
in
(
ids
);
//执行权限检查
Query
query
=
new
BasicQuery
(
permissionCond
.
get
().
toString
());
List
list
=
mongoTemplate
.
find
(
query
,
entity
.
getClass
());
if
(
list
.
size
()==
ids
.
size
()){
return
true
;
}
else
{
return
false
;
private
Set
<
String
>
getAuthorities
(
Authentication
authentication
,
String
action
){
Collection
authorities
=
authentication
.
getAuthorities
();
Set
<
String
>
userAuthorities
=
new
HashSet
();
Iterator
it
=
authorities
.
iterator
();
while
(
it
.
hasNext
())
{
GrantedAuthority
authority
=
(
GrantedAuthority
)
it
.
next
();
if
(
authority
.
getAuthority
().
contains
(
action
))
userAuthorities
.
add
(
authority
.
getAuthority
());
}
return
userAuthorities
;
}
/**
* 是否为全部数据
* @param permissionList
* @param entityName
* @param action
* @param entityDataRange
* @return
*/
private
boolean
isAllData
(
String
entityName
,
String
action
,
JSONObject
permissionList
)
{
if
(
permissionList
==
null
)
return
false
;
if
(!
permissionList
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
permissionList
.
getJSONObject
(
entityName
);
if
(!
entity
.
containsKey
(
DEActionType
))
return
false
;
JSONObject
dataRange
=
entity
.
getJSONObject
(
DEActionType
);
//获取实体行为对应的数据范围
if
(
dataRange
.
containsKey
(
action
)
&&
dataRange
.
getJSONArray
(
action
).
contains
(
"all"
))
private
boolean
isAllData
(
String
action
,
Set
<
String
>
entityDataRange
)
{
for
(
String
dataRange
:
entityDataRange
){
if
(
dataRange
.
endsWith
(
String
.
format
(
"%s-all"
,
action
))){
return
true
;
return
false
;
}
/**
* 实体行为权限校验
* @param userPermission
* @param entityName
* @param action
* userPermission:{"ENTITY":{"DEACTION":{"READ":["CURORG"]},"DATASET":{"Default":["CURORG"]}}}
* @return
*/
private
boolean
validDEActionHasPermission
(
String
entityName
,
String
action
,
JSONObject
userPermission
){
boolean
hasPermission
=
false
;
if
(
userPermission
==
null
)
return
false
;
if
(!
userPermission
.
containsKey
(
entityName
))
return
false
;
JSONObject
entity
=
userPermission
.
getJSONObject
(
entityName
);
//获取实体
if
(!
entity
.
containsKey
(
DEActionType
))
return
false
;
JSONObject
dataRange
=
entity
.
getJSONObject
(
DEActionType
);
//获取实体行为对应的数据范围
if
(
dataRange
.
containsKey
(
action
)){
hasPermission
=
true
;
}
return
hasPermission
;
return
false
;
}
/**
*
新建行为
校验
*
实体行为权限
校验
* @param entity
* @param
dataRangeList
* @param
userAuthorities
* @return
*/
private
boolean
createActionPermissionValid
(
EntityBase
entity
,
JSONArray
dataRangeList
){
private
boolean
actionValid
(
EntityBase
entity
,
String
action
,
Set
<
String
>
userAuthorities
){
boolean
isCreate
=
true
;
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
...
...
@@ -379,237 +126,47 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
Set
<
String
>
userOrg
=
new
HashSet
<>();
Set
<
String
>
userOrgDept
=
new
HashSet
<>();
for
(
int
a
=
0
;
a
<
dataRangeList
.
size
();
a
++){
String
permissionCond
=
dataRangeList
.
getString
(
a
);
//权限配置条件
if
(
permissionCond
.
equals
(
"curorg"
)){
//本单位
for
(
String
authority:
userAuthorities
){
if
(
authority
.
endsWith
(
"curorg"
)){
//本单位
userOrg
.
add
(
authenticationUser
.
getOrgid
());
}
else
if
(
permissionCond
.
equals
(
"porg"
)){
//上级单位
else
if
(
authority
.
endsWith
(
"porg"
)){
//上级单位
userOrg
.
addAll
(
orgParent
);
}
else
if
(
permissionCond
.
equals
(
"sorg"
)){
//下级单位
else
if
(
authority
.
endsWith
(
"sorg"
)){
//下级单位
userOrg
.
addAll
(
orgChild
);
}
else
if
(
permissionCond
.
equals
(
"curorgdept"
)){
//本部门
else
if
(
authority
.
endsWith
(
"curorgdept"
)){
//本部门
userOrgDept
.
add
(
authenticationUser
.
getMdeptid
());
}
else
if
(
permissionCond
.
equals
(
"porgdept"
)){
//上级部门
else
if
(
authority
.
endsWith
(
"porgdept"
)){
//上级部门
userOrgDept
.
addAll
(
orgDeptParent
);
}
else
if
(
permissionCond
.
equals
(
"sorgdept"
)){
//下级部门
else
if
(
authority
.
endsWith
(
"sorgdept"
)){
//下级部门
userOrgDept
.
addAll
(
orgDeptChild
);
}
}
if
(!
ObjectUtils
.
isEmpty
(
orgFieldValue
)
&&
!
userOrg
.
contains
(
orgFieldValue
)){
if
(
action
.
endsWith
(
"Create"
)
||
action
.
endsWith
(
"Save"
)){
if
(!
ObjectUtils
.
isEmpty
(
orgFieldValue
)
&&
!
userOrg
.
contains
(
orgFieldValue
))
return
false
;
}
if
(!
ObjectUtils
.
isEmpty
(
orgDeptFieldValue
)
&&
!
userOrgDept
.
contains
(
orgDeptFieldValue
)){
if
(!
ObjectUtils
.
isEmpty
(
orgDeptFieldValue
)
&&
!
userOrgDept
.
contains
(
orgDeptFieldValue
))
return
false
;
}
if
(!
ObjectUtils
.
isEmpty
(
crateManFieldValue
)
&&
!
crateManFieldValue
.
equals
(
authenticationUser
.
getUserid
())){
if
(!
ObjectUtils
.
isEmpty
(
crateManFieldValue
)
&&
!
authenticationUser
.
getUserid
().
equals
(
crateManFieldValue
))
return
false
;
}
return
isCreate
;
}
/**
* 根据实体存储模式,进行鉴权
* @param deStorageMode
* @param entity
* @param id
* @param dataRangeList
* @return
*/
private
boolean
otherActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
return
sqlPermissionValid
(
entity
,
id
,
dataRangeList
);
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
return
noSqlPermissionValid
(
entity
,
id
,
dataRangeList
);
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
return
true
;
}
else
{
throw
new
RuntimeException
(
String
.
format
(
"未能识别[%s]实体对应存储模式[%s]"
,
entity
.
getClass
().
getSimpleName
(),
deStorageMode
));
}
}
/**
* sql存储模式实体行为鉴权
* @param entity
* @param id
* @param dataRangeList
* @return
*/
private
boolean
sqlPermissionValid
(
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
){
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));
//获取实体service对象
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
//通过权限表达式来获取sql
String
permissionSQL
=
String
.
format
(
" (%s) AND (%s='%s')"
,
getPermissionSQL
(
entity
,
dataRangeList
),
permissionField
.
get
(
keyFieldTag
),
id
);
//拼接权限条件-编辑
//执行sql进行权限检查
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);
//构造权限条件
List
list
=
service
.
list
(
permissionWrapper
);
if
(
list
.
size
()>
0
){
else
{
if
(!
ObjectUtils
.
isEmpty
(
orgFieldValue
)
&&
userOrg
.
contains
(
orgFieldValue
))
return
true
;
}
else
{
return
false
;
}
}
/**
* NoSQL实体行为鉴权
* @param entity
* @param id
* @param dataRangeList
* @return
*/
private
boolean
noSqlPermissionValid
(
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
)
{
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
//根据权限表达式填充权限条件
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
dataRangeList
);
//权限条件拼接主键
permissionCond
.
and
(
keyField
).
is
(
id
);
//执行权限检查
Query
query
=
new
BasicQuery
(
permissionCond
.
get
().
toString
());
List
list
=
mongoTemplate
.
find
(
query
,
entity
.
getClass
());
if
(
list
.
size
()>
0
){
if
(!
ObjectUtils
.
isEmpty
(
orgDeptFieldValue
)
&&
userOrgDept
.
contains
(
orgDeptFieldValue
))
return
true
;
if
(!
ObjectUtils
.
isEmpty
(
crateManFieldValue
)
&&
authenticationUser
.
getUserid
().
equals
(
crateManFieldValue
))
return
true
;
}
else
{
return
false
;
}
}
/**
* 为NoSQL存储模式的表格查询填充权限条件
* @param entity
* @param dataRangeList
* @return
*/
private
QueryBuilder
getNoSqlPermissionCond
(
EntityBase
entity
,
JSONArray
dataRangeList
){
QueryBuilder
permissionSQL
=
new
QueryBuilder
();
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
AuthenticationUser
authenticationUser
=
AuthenticationUser
.
getAuthenticationUser
();
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
for
(
int
i
=
0
;
i
<
dataRangeList
.
size
();
i
++){
String
permissionCond
=
dataRangeList
.
getString
(
i
);
//权限配置条件
if
(
permissionCond
.
equals
(
"curorg"
)){
//本单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()).
get
());
}
else
if
(
permissionCond
.
equals
(
"porg"
)){
//上级单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgParent
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"sorg"
)){
//下级单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
in
(
formatStringArr
(
orgChild
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"createman"
)){
//建立人
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
createManField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()).
get
());
}
else
if
(
permissionCond
.
equals
(
"curorgdept"
)){
//本部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()).
get
());
}
else
if
(
permissionCond
.
equals
(
"porgdept"
)){
//上级部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptParent
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"sorgdept"
)){
//下级部门
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgDeptField
).
in
(
formatStringArr
(
orgDeptChild
)).
get
());
}
else
if
(
permissionCond
.
equals
(
"all"
)){
permissionSQL
.
or
(
new
QueryBuilder
().
get
());
}
}
return
permissionSQL
;
}
/**
* SQL获取权限条件
* @param entity
* @param oppriList
* @return
*/
private
String
getPermissionSQL
(
EntityBase
entity
,
JSONArray
oppriList
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);
//获取组织、部门预置属性
String
nPermissionSQL
=
"1<>1"
;
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
StringBuffer
permissionSQL
=
new
StringBuffer
();
AuthenticationUser
authenticationUser
=
AuthenticationUser
.
getAuthenticationUser
();
Map
<
String
,
Set
<
String
>>
userInfo
=
authenticationUser
.
getOrgInfo
();
Set
<
String
>
orgParent
=
userInfo
.
get
(
"parentorg"
);
Set
<
String
>
orgChild
=
userInfo
.
get
(
"suborg"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
for
(
int
i
=
0
;
i
<
oppriList
.
size
();
i
++){
permissionSQL
.
append
(
"OR"
);
String
permissionCond
=
oppriList
.
getString
(
i
);
//权限配置条件
if
(
permissionCond
.
equals
(
"curorg"
)){
//本单位
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgField
,
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()));
}
else
if
(
permissionCond
.
equals
(
"porg"
)){
//上级单位
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgParent
)));
}
else
if
(
permissionCond
.
equals
(
"sorg"
)){
//下级单位
permissionSQL
.
append
(
String
.
format
(
" %s in(%s) "
,
orgField
,
formatStringArr
(
orgChild
)));
}
else
if
(
permissionCond
.
equals
(
"createman"
)){
//建立人
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
createManField
,
AuthenticationUser
.
getAuthenticationUser
().
getUserid
()));
}
else
if
(
permissionCond
.
equals
(
"curorgdept"
)){
//本部门
permissionSQL
.
append
(
String
.
format
(
"(%s='%s')"
,
orgDeptField
,
AuthenticationUser
.
getAuthenticationUser
().
getMdeptid
()));
}
else
if
(
permissionCond
.
equals
(
"porgdept"
)){
//上级部门
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptParent
)));
}
else
if
(
permissionCond
.
equals
(
"sorgdept"
)){
//下级部门
permissionSQL
.
append
(
String
.
format
(
" %s in (%s) "
,
orgDeptField
,
formatStringArr
(
orgDeptChild
)));
}
else
if
(
permissionCond
.
equals
(
"all"
)){
//全部数据
permissionSQL
.
append
(
"(1=1)"
);
}
else
{
permissionSQL
.
append
(
nPermissionSQL
);
}
}
if
(
StringUtils
.
isEmpty
(
permissionSQL
.
toString
()))
return
""
;
String
resultCond
=
parseResult
(
permissionSQL
,
"OR"
);
return
resultCond
;
}
/**
* 构造 wrapper
* @param whereCond
* @return
*/
private
QueryWrapper
getPermissionWrapper
(
String
whereCond
){
QueryWrapper
permissionWrapper
=
new
QueryWrapper
();
if
(!
StringUtils
.
isEmpty
(
whereCond
)){
permissionWrapper
.
apply
(
whereCond
);
return
false
;
}
return
permissionWrapper
;
}
/**
...
...
@@ -623,120 +180,24 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
String
orgField
=
"orgid"
;
//组织属性
String
orgDeptField
=
"orgsecid"
;
//部门属性
String
createManField
=
"createman"
;
//创建人属性
String
keyField
=
""
;
//主键属性
DEFieldCacheMap
.
getFieldMap
(
entityBase
.
getClass
().
getName
());
Map
<
Field
,
DEField
>
preFields
=
SearchDEField
(
entityBase
.
getClass
().
getName
());
//从缓存中获取当前类预置属性
Map
<
String
,
DEField
>
preFields
=
DEFieldCacheMap
.
getDEFields
(
entityBase
.
getClass
());
//从缓存中获取当前类预置属性
for
(
Map
.
Entry
<
Field
,
DEField
>
entry
:
preFields
.
entrySet
()){
Field
preField
=
entry
.
getKey
();
//获取注解字段
for
(
Map
.
Entry
<
String
,
DEField
>
entry
:
preFields
.
entrySet
()){
String
fieldName
=
entry
.
getKey
();
//获取注解字段
DEField
fieldAnnotation
=
entry
.
getValue
();
//获取注解值
DEPredefinedFieldType
prefieldType
=
fieldAnnotation
.
preType
();
if
(
prefieldType
==
prefieldType
.
ORGID
)
//用户配置系统预置属性-组织机构标识
orgField
=
preField
.
getName
()
;
orgField
=
fieldName
;
if
(
prefieldType
==
prefieldType
.
ORGSECTORID
)
//用户配置系统预置属性-部门标识
orgDeptField
=
preField
.
getName
()
;
if
(
fieldAnnotation
.
isKeyField
()
)
//用户配置系统预置属性-部门标识
keyField
=
preField
.
getName
()
;
orgDeptField
=
fieldName
;
if
(
prefieldType
==
prefieldType
.
CREATEMAN
)
//用户配置系统预置属性-部门标识
createManField
=
fieldName
;
}
permissionFiled
.
put
(
"orgfield"
,
orgField
);
permissionFiled
.
put
(
"orgsecfield"
,
orgDeptField
);
permissionFiled
.
put
(
"createmanfield"
,
createManField
);
permissionFiled
.
put
(
"keyfield"
,
keyField
);
return
permissionFiled
;
}
/**
*获取含有@DEField注解的实体属性
* @param className do对象类名
* @return
*/
private
Map
<
Field
,
DEField
>
SearchDEField
(
String
className
){
List
<
Field
>
fields
=
DEFieldCacheMap
.
getFields
(
className
);
Map
<
Field
,
DEField
>
deFieldMap
=
new
HashMap
<>();
for
(
Field
field:
fields
){
DEField
deField
=
field
.
getAnnotation
(
DEField
.
class
);
if
(!
ObjectUtils
.
isEmpty
(
deField
))
{
deFieldMap
.
put
(
field
,
deField
);
}
}
return
deFieldMap
;
}
/**
* 转换[a,b]格式字符串到 'a','b'格式
* @return
*/
private
String
formatStringArr
(
Set
<
String
>
array
)
{
String
[]
arr
=
array
.
toArray
(
new
String
[
array
.
size
()]);
return
"'"
+
String
.
join
(
"','"
,
arr
)
+
"'"
;
}
/**
* 格式转换
* @param cond
* @param operator
* @return
*/
private
String
parseResult
(
StringBuffer
cond
,
String
operator
)
{
String
resultCond
=
cond
.
toString
();
if
(
resultCond
.
startsWith
(
operator
))
resultCond
=
resultCond
.
replaceFirst
(
operator
,
""
);
if
(
resultCond
.
endsWith
(
operator
))
resultCond
=
resultCond
.
substring
(
0
,
resultCond
.
lastIndexOf
(
operator
));
return
resultCond
;
}
/**
* 转换[a,b]格式字符串到 'a','b'格式
*
* @return
*/
private
String
getEntityKeyCond
(
List
<
String
>
array
)
{
String
[]
arr
=
array
.
toArray
(
new
String
[
array
.
size
()]);
return
"'"
+
String
.
join
(
"','"
,
arr
)
+
"'"
;
}
/**
* 获取数据范围
* @param entityName
* @param action
* @param permissionList
* @return
*/
private
JSONArray
getDataRange
(
String
entityName
,
String
action
,
JSONObject
permissionList
){
//获取权限表达式[全部数据、本单位、本部门等]
JSONObject
entityObj
=
permissionList
.
getJSONObject
(
entityName
);
//获取实体
JSONObject
permissionType
=
entityObj
.
getJSONObject
(
DEActionType
);
JSONArray
dataRangeList
=
permissionType
.
getJSONArray
(
action
);
//行为:read;insert...
return
dataRangeList
;
}
/**
* 获取实体主键集合
* @param entityBase
* @param entityList
* @return
*/
private
List
<
String
>
getIds
(
EntityBase
entityBase
,
List
<
EntityBase
>
entityList
)
{
List
<
String
>
entityKeyList
=
new
ArrayList
<>();
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entityBase
);
//获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
if
(
StringUtils
.
isEmpty
(
keyFieldName
))
return
entityKeyList
;
for
(
EntityBase
entity:
entityList
){
Object
objEntityKey
=
entity
.
get
(
keyFieldName
);
if
(!
ObjectUtils
.
isEmpty
(
objEntityKey
)){
entityKeyList
.
add
(
String
.
valueOf
(
objEntityKey
));
}
}
return
entityKeyList
;
}
}
\ No newline at end of file
ibzwf-util/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
浏览文件 @
90cbaeec
...
...
@@ -14,6 +14,7 @@ import cn.ibizlab.util.domain.IBZUSER;
import
org.springframework.util.DigestUtils
;
import
org.springframework.util.StringUtils
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
;
import
org.springframework.security.core.authority.AuthorityUtils
;
/**
* 实体[IBZUSER] 服务对象接口实现
...
...
@@ -72,6 +73,9 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
public
AuthenticationUser
createUserDetails
(
IBZUSER
user
)
{
AuthenticationUser
userdatail
=
new
AuthenticationUser
();
CachedBeanCopier
.
copy
(
user
,
userdatail
);
if
(
userdatail
.
getSuperuser
()==
1
){
userdatail
.
setAuthorities
(
AuthorityUtils
.
createAuthorityList
(
"ROLE_SUPERADMIN"
));
}
return
userdatail
;
}
}
\ No newline at end of file
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录