补充save鉴权

3c47f7fa · zhouweidong · 8914f35a · 3c47f7fa · 3c47f7fa
--- a/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
+++ b/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
@@ -199,7 +199,11 @@ public class ${itemCodeName}Resource {
    }

                <#elseif deaction.codeName?lower_case == 'save'>
+                    <#if noDEPrefield>
    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
+                    <#else>
+    @PreAuthorize("hasPermission('','Save',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dto})")
+                    </#if>
    @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.${reqMtd}, value = "${fullPath}/${deactionCodeName?lower_case}")
    public ResponseEntity<Boolean> save(${etParams}) {
@@ -534,7 +538,11 @@ public class ${itemCodeName}Resource {
    }

                <#elseif deaction.codeName?lower_case == 'save'>
+                    <#if noDEPrefield>
    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
+                    <#else>
+    @PreAuthorize("hasPermission('','Save',{'${deStorageMode}',this.${itemCodeNameLC}Mapping,#${itemCodeNameLC}dto})")
+                    </#if>
    @ApiOperation(value = "${deaction.getLogicName()}${byParams}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}${byParams}")
 	@RequestMapping(method = RequestMethod.${reqMtd}, value = "${fullPath}/${deactionCodeName?lower_case}")
    public ResponseEntity<Boolean> ${deactionCodeName?uncap_first}${byParams}(${etParams}) {

--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
@@ -107,6 +107,9 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        if(action.equalsIgnoreCase("create")){
            return createBatchActionPermissionValid(entityList,dataRangeList);
        }
+        else if(action.equalsIgnoreCase("save")){
+            return saveBatchActionPermissionValid(deStorageMode, entityList, dataRangeList);
+        }
        else{
            if(!action.equalsIgnoreCase("remove")){
                ids=getIds(entity,entityList);
@@ -117,6 +120,43 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        }
    }

+    /**
+     * 批save校验
+     * @param deStorageMode
+     * @param entityList
+     * @param dataRangeList
+     * @return
+     */
+    private boolean saveBatchActionPermissionValid(String deStorageMode, List<EntityBase> entityList, JSONArray dataRangeList) {
+
+        if(entityList==null || entityList.size()==0)
+               return false;
+        EntityBase tempEntity=entityList.get(0);
+        Map<String,String> permissionField=getPermissionField(tempEntity);
+        String keyFieldName=permissionField.get(keyFieldTag);
+        List createList=new ArrayList();
+        List<String> updateList =new ArrayList();
+
+        for(EntityBase entity : entityList){
+            Object id = entity.get(keyFieldName);
+            if(ObjectUtils.isEmpty(id))
+              createList.add(entity);
+            else
+              updateList.add(String.valueOf(id));
+        }
+        if(updateList.size()>0){
+            boolean isUpdate = otherBatchActionPermissionValidRouter(deStorageMode, tempEntity ,updateList, dataRangeList);
+            if(!isUpdate)
+              return false;
+        }
+        if(createList.size()>0){
+            boolean isCreate=createBatchActionPermissionValid(entityList,dataRangeList);
+            if(!isCreate)
+             return false;
+        }
+        return true;
+    }
+
    /**
     * 实体行为权限检查 ：用于检查当前用户是否拥有实体的新建、编辑、删除权限
     *
@@ -160,6 +200,15 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        if(dataRangeList.size()==0)
            return false;

+        if(action.equalsIgnoreCase("save")){
+            Map<String,String> permissionField=getPermissionField(entity);
+            String keyFieldName=permissionField.get(keyFieldTag);
+            Object srfKey=entity.get(keyFieldName);
+            if(ObjectUtils.isEmpty(srfKey))
+                action="create";
+            else
+                action="update";
+        }
        if(action.equalsIgnoreCase("create")){
            return createActionPermissionValid(entity,dataRangeList);
        }