Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
iBiz4j Spring R7
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
iBiz-R7后台标准模板
iBiz4j Spring R7
提交
c5ed2b29
提交
c5ed2b29
编写于
5月 21, 2020
作者:
zhouweidong
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
批处理权限校验
上级
9bf51114
变更
2
显示空白字符变更
内嵌
并排
正在显示
2 个修改的文件
包含
259 行增加
和
82 行删除
+259
-82
%ITEM%Resource.java.ftl
...YS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
+18
-1
AuthPermissionEvaluator.java.ftl
...S_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
+241
-81
未找到文件。
SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
浏览文件 @
c5ed2b29
...
@@ -170,6 +170,7 @@ public class ${itemCodeName}Resource {
...
@@ -170,6 +170,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"createBatch"
)
@
ApiOperation
(
value
=
"createBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"createBatch"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/batch"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
(${
etParamsList
})
{
public
ResponseEntity
<
Boolean
>
createBatch
(${
etParamsList
})
{
...
@@ -194,6 +195,7 @@ public class ${itemCodeName}Resource {
...
@@ -194,6 +195,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"UpdateBatch"
)
@
ApiOperation
(
value
=
"UpdateBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"UpdateBatch"
)
@
RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"${fullPath}/batch"
)
@
RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"${fullPath}/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
(${
etParamsList
})
{
public
ResponseEntity
<
Boolean
>
updateBatch
(${
etParamsList
})
{
...
@@ -209,6 +211,7 @@ public class ${itemCodeName}Resource {
...
@@ -209,6 +211,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
save
(${
itemCodeNameLC
}
Mapping
.
toDomain
(${
itemCodeNameLC
}
dto
)));
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
save
(${
itemCodeNameLC
}
Mapping
.
toDomain
(${
itemCodeNameLC
}
dto
)));
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"SaveBatch"
)
@
ApiOperation
(
value
=
"SaveBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"SaveBatch"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/savebatch"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
(${
etParamsList
})
{
public
ResponseEntity
<
Boolean
>
saveBatch
(${
etParamsList
})
{
...
@@ -229,6 +232,7 @@ public class ${itemCodeName}Resource {
...
@@ -229,6 +232,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
remove
(${
itemCodeNameLC
+
keyCNLC
}));
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
remove
(${
itemCodeNameLC
+
keyCNLC
}));
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"RemoveBatch"
)
@
ApiOperation
(
value
=
"RemoveBatch"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"RemoveBatch"
)
@
RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"${fullPath}/batch"
)
@
RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"${fullPath}/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
(@
RequestBody
List
<${
srfjavatype
(
de
.
getKeyPSDEField
().
getStdDataType
())}>
ids
)
{
public
ResponseEntity
<
Boolean
>
removeBatch
(@
RequestBody
List
<${
srfjavatype
(
de
.
getKeyPSDEField
().
getStdDataType
())}>
ids
)
{
...
@@ -433,6 +437,7 @@ public class ${itemCodeName}Resource {
...
@@ -433,6 +437,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"createBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"createBatch${byParams}"
)
@
ApiOperation
(
value
=
"createBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"createBatch${byParams}"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/batch"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/batch"
)
public
ResponseEntity
<
Boolean
>
createBatch
${
byParams
}(${
etParamsList
})
{
public
ResponseEntity
<
Boolean
>
createBatch
${
byParams
}(${
etParamsList
})
{
...
@@ -501,6 +506,7 @@ public class ${itemCodeName}Resource {
...
@@ -501,6 +506,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
dto
);
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"UpdateBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"UpdateBatch${byParams}"
)
@
ApiOperation
(
value
=
"UpdateBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"UpdateBatch${byParams}"
)
@
RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"${fullPath}/batch"
)
@
RequestMapping
(
method
=
RequestMethod
.
PUT
,
value
=
"${fullPath}/batch"
)
public
ResponseEntity
<
Boolean
>
updateBatch
${
byParams
}(${
etParamsList
})
{
public
ResponseEntity
<
Boolean
>
updateBatch
${
byParams
}(${
etParamsList
})
{
...
@@ -525,6 +531,7 @@ public class ${itemCodeName}Resource {
...
@@ -525,6 +531,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
remove
(${
itemCodeNameLC
+
keyCNLC
}));
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
remove
(${
itemCodeNameLC
+
keyCNLC
}));
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"RemoveBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"RemoveBatch${byParams}"
)
@
ApiOperation
(
value
=
"RemoveBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"RemoveBatch${byParams}"
)
@
RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"${fullPath}/batch"
)
@
RequestMapping
(
method
=
RequestMethod
.
DELETE
,
value
=
"${fullPath}/batch"
)
public
ResponseEntity
<
Boolean
>
removeBatch
${
byParams
}(@
RequestBody
List
<${
srfjavatype
(
de
.
getKeyPSDEField
().
getStdDataType
())}>
ids
)
{
public
ResponseEntity
<
Boolean
>
removeBatch
${
byParams
}(@
RequestBody
List
<${
srfjavatype
(
de
.
getKeyPSDEField
().
getStdDataType
())}>
ids
)
{
...
@@ -542,6 +549,7 @@ public class ${itemCodeName}Resource {
...
@@ -542,6 +549,7 @@ public class ${itemCodeName}Resource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
save
(
domain
));
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(${
deCodeNameLC
}
Service
.
save
(
domain
));
}
}
<@
outputBatchPermissionAnnotation
deaction
.
codeName
deStorageMode
/>
@
ApiOperation
(
value
=
"SaveBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"SaveBatch${byParams}"
)
@
ApiOperation
(
value
=
"SaveBatch${byParams}"
,
tags
=
{
"${itemCodeName}"
},
notes
=
"SaveBatch${byParams}"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/savebatch"
)
@
RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"${fullPath}/savebatch"
)
public
ResponseEntity
<
Boolean
>
saveBatch
${
byParams
}(${
etParamsList
})
{
public
ResponseEntity
<
Boolean
>
saveBatch
${
byParams
}(${
etParamsList
})
{
...
@@ -662,3 +670,12 @@ public class ${itemCodeName}Resource {
...
@@ -662,3 +670,12 @@ public class ${itemCodeName}Resource {
<#
macro
outputHasAnyAuthorityAnnotation
permissionTag
>
<#
macro
outputHasAnyAuthorityAnnotation
permissionTag
>
//@
PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','${permissionTag}')"
)
//@
PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','${permissionTag}')"
)
</#
macro
>
</#
macro
>
<#
comment
>
输出实体批处理权限注解
[
hasAnyAuthority
]</#
comment
>
<#
macro
outputBatchPermissionAnnotation
deAction
deStorageMode
>
<#
if
deAction
==
'Remove'
>
//@
PreAuthorize
(
"hasPermission('${deAction}',{'${deStorageMode}',this.humanMapping,this.permissionDTO,#ids})"
)
<#
else
>
//@
PreAuthorize
(
"hasPermission('${deAction}',{'${deStorageMode}',this.humanMapping,#humandtos})"
)
</#
if
>
</#
macro
>
SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
浏览文件 @
c5ed2b29
...
@@ -13,8 +13,6 @@ import ${pub.getPKGCodeName()}.util.domain.DTOBase;
...
@@ -13,8 +13,6 @@ import ${pub.getPKGCodeName()}.util.domain.DTOBase;
import
${
pub
.
getPKGCodeName
()}.
util
.
domain
.
EntityBase
;
import
${
pub
.
getPKGCodeName
()}.
util
.
domain
.
EntityBase
;
import
${
pub
.
getPKGCodeName
()}.
util
.
domain
.
MappingBase
;
import
${
pub
.
getPKGCodeName
()}.
util
.
domain
.
MappingBase
;
import
${
pub
.
getPKGCodeName
()}.
util
.
enums
.
DEPredefinedFieldType
;
import
${
pub
.
getPKGCodeName
()}.
util
.
enums
.
DEPredefinedFieldType
;
import
${
pub
.
getPKGCodeName
()}.
util
.
filter
.
QueryBuildContext
;
import
${
pub
.
getPKGCodeName
()}.
util
.
filter
.
QueryWrapperContext
;
import
${
pub
.
getPKGCodeName
()}.
util
.
helper
.
DEFieldCacheMap
;
import
${
pub
.
getPKGCodeName
()}.
util
.
helper
.
DEFieldCacheMap
;
import
org
.
springframework
.
beans
.
factory
.
annotation
.
Value
;
import
org
.
springframework
.
beans
.
factory
.
annotation
.
Value
;
import
org
.
springframework
.
context
.
annotation
.
Lazy
;
import
org
.
springframework
.
context
.
annotation
.
Lazy
;
...
@@ -53,24 +51,83 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -53,24 +51,83 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@
Lazy
@
Lazy
private
MongoTemplate
mongoTemplate
;
private
MongoTemplate
mongoTemplate
;
/**
*
批处理权限检查
[
createBatch
:
updateBatch
:
removeBatch
]
*
@
param
authentication
*
@
param
DEAction
*
@
param
params
*
@
return
*/
@
Override
@
Override
public
boolean
hasPermission
(
Authentication
authentication
,
Object
deAction
,
Object
gridParam
)
{
public
boolean
hasPermission
(
Authentication
authentication
,
Object
DEAction
,
Object
params
)
{
//
未开启权限校验、超级管理员则不进行权限检查
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!enablePermissionValid)
return
true
;
List
paramList
=
(
ArrayList
)
params
;
String
deStorageMode
=
(
String
)
paramList
.
get
(
0
);
String
action
=
String
.
valueOf
(
DEAction
);
List
<
String
>
ids
=
null
;
EntityBase
entity
;
List
<
EntityBase
>
entityList
=
null
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(
userPermission
==
null
)
return
false
;
MappingBase
mappingBase
=
(
MappingBase
)
paramList
.
get
(
1
);
//
参数准备
if
(
action
.
equalsIgnoreCase
(
"remove"
)){
entity
=
(
EntityBase
)
mappingBase
.
toDomain
(
paramList
.
get
(
2
));
ids
=
(
List
<
String
>)
paramList
.
get
(
3
);
}
else
{
List
<
DTOBase
>
dtoList
=
(
List
<
DTOBase
>)
paramList
.
get
(
2
);
if
(
dtoList
.
size
()==
0
)
return
false
;
entityList
=
mappingBase
.
toDomain
(
dtoList
);
entity
=
(
EntityBase
)
mappingBase
.
toDomain
(
dtoList
.
get
(
0
));
}
if
(
entity
==
null
)
return
false
;
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//
拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
entityName
,
action
,
permissionList
)){
return
true
;
return
true
;
}
}
//
检查是否有操作权限
[
create
.
update
.
delete
.
read
]
if
(
!validDEActionHasPermission(entityName,action,permissionList)){
return
false
;
}
JSONArray
dataRangeList
=
getDataRange
(
entityName
,
action
,
permissionList
);
if
(
dataRangeList
.
size
()==
0
)
return
false
;
if
(
action
.
equalsIgnoreCase
(
"create"
)){
return
createBatchActionPermissionValid
(
entityList
,
dataRangeList
);
}
else
{
if
(
!action.equalsIgnoreCase("remove")){
ids
=
getIds
(
entity
,
entityList
);
}
if
(
ids
.
size
()==
0
)
return
false
;
return
otherBatchActionPermissionValidRouter
(
deStorageMode
,
entity
,
ids
,
dataRangeList
);
}
}
/**
/**
*
实体行为权限检查
:用于检查当前用户是否拥有实体的新建、编辑、删除权限
*
实体行为权限检查
:用于检查当前用户是否拥有实体的新建、编辑、删除权限
*
*
*
@
param
authentication
*
@
param
authentication
*
@
param
srfKey
当前操作数据的主键
*
@
param
id
当前操作数据的主键
*
@
param
action
当前操作行为:如:
[
READ
、
UPDATE
、
DELETE
]
*
@
param
action
当前操作行为:如:
[
READ
、
UPDATE
、
DELETE
]
*
@
param
params
相关参数
*
@
param
params
相关参数
*
@
return
true
/
false
true
则允许当前行为,
false
拒绝行为
*
@
return
true
/
false
true
则允许当前行为,
false
拒绝行为
*/
*/
@
Override
@
Override
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
srfKey
,
String
action
,
Object
params
)
{
public
boolean
hasPermission
(
Authentication
authentication
,
Serializable
id
,
String
action
,
Object
params
)
{
//
未开启权限校验、超级管理员则不进行权限检查
//
未开启权限校验、超级管理员则不进行权限检查
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!enablePermissionValid)
if
(
AuthenticationUser
.
getAuthenticationUser
().
getSuperuser
()==
1
||
!enablePermissionValid)
...
@@ -86,22 +143,118 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -86,22 +143,118 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
false
;
return
false
;
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
JSONObject
userPermission
=
AuthenticationUser
.
getAuthenticationUser
().
getPermissionList
();
if
(
userPermission
==
null
)
return
false
;
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
JSONObject
permissionList
=
userPermission
.
getJSONObject
(
"entities"
);
String
entityName
=
entity
.
getClass
().
getSimpleName
();
String
entityName
=
entity
.
getClass
().
getSimpleName
();
//
拥有全部数据访问权限时,则跳过权限检查
//
拥有全部数据访问权限时,则跳过权限检查
if
(
isAllData
(
permissionList
,
entityName
,
action
)){
if
(
isAllData
(
entityName
,
action
,
permissionList
)){
return
true
;
return
true
;
}
}
//
检查是否有操作权限
[
create
.
update
.
delete
.
read
]
//
检查是否有操作权限
[
create
.
update
.
delete
.
read
]
if
(
!validDEActionHasPermission(
permissionList,entityName,action
)){
if
(
!validDEActionHasPermission(
entityName,action,permissionList
)){
return
false
;
return
false
;
}
}
JSONArray
dataRangeList
=
getDataRange
(
entityName
,
action
,
permissionList
);
if
(
dataRangeList
.
size
()==
0
)
return
false
;
if
(
action
.
equalsIgnoreCase
(
"create"
)){
if
(
action
.
equalsIgnoreCase
(
"create"
)){
return
createActionPermissionValid
(
permissionList
,
entity
,
action
);
return
createActionPermissionValid
(
entity
,
dataRangeList
);
}
}
else
{
else
{
return
otherActionPermissionValidRouter
(
deStorageMode
,
entity
,
action
,
srfKey
,
permissionList
);
return
otherActionPermissionValidRouter
(
deStorageMode
,
entity
,
id
,
dataRangeList
);
}
}
/**
*
批处理新建权限校验
*
@
param
entityList
*
@
param
dataRangeList
*
@
return
*/
private
boolean
createBatchActionPermissionValid
(
List
<
EntityBase
>
entityList
,
JSONArray
dataRangeList
){
for
(
EntityBase
entity
:
entityList
){
boolean
isCreate
=
createActionPermissionValid
(
entity
,
dataRangeList
);
if
(
!isCreate){
return
false
;
}
}
return
true
;
}
/**
*
批处理行为权限校验
[
get
:
update
:
delete
]
*
@
param
deStorageMode
*
@
param
entity
*
@
param
ids
*
@
param
dataRangeList
*
@
return
*/
private
boolean
otherBatchActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRangeList
){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
return
sqlBatchPermissionValid
(
entity
,
ids
,
dataRangeList
);
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
return
noSqlBatchPermissionValid
(
entity
,
ids
,
dataRangeList
);
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
return
true
;
}
else
{
throw
new
RuntimeException
(
String
.
format
(
"未能识别实体对应存储模式[%s]"
,
deStorageMode
));
}
}
/**
*
SQL
批处理权限校验
*
@
param
entity
*
@
param
ids
*
@
param
dataRangeList
*
@
return
*/
private
boolean
sqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRangeList
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));//
获取实体
service
对象
//
通过权限表达式来获取
sql
String
permissionSQL
=
String
.
format
(
" (%s) AND ( %s in (%s) ) "
,
getPermissionSQL
(
entity
,
dataRangeList
),
keyFieldName
,
getEntityKeyCond
(
ids
));
//
拼接权限条件
-
编辑
//
执行
sql
进行权限检查
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);//
构造权限条件
List
list
=
service
.
list
(
permissionWrapper
);
if
(
list
.
size
()
==
ids
.
size
()){
return
true
;
}
else
{
return
false
;
}
}
/**
*
NoSQL
批处理权限校验
*
@
param
entity
*
@
param
ids
*
@
param
dataRange
*
@
return
*/
private
boolean
noSqlBatchPermissionValid
(
EntityBase
entity
,
List
<
String
>
ids
,
JSONArray
dataRange
)
{
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
//
根据权限表达式填充权限条件
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
dataRange
);
//
权限条件拼接主键
permissionCond
.
and
(
keyFieldName
).
in
(
ids
);
//
执行权限检查
Query
query
=
new
BasicQuery
(
permissionCond
.
get
().
toString
());
List
list
=
mongoTemplate
.
find
(
query
,
entity
.
getClass
());
if
(
list
.
size
()==
ids
.
size
()){
return
true
;
}
else
{
return
false
;
}
}
}
}
...
@@ -112,7 +265,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -112,7 +265,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
*
@
param
action
*
@
param
action
*
@
return
*
@
return
*/
*/
private
boolean
isAllData
(
JSONObject
permissionList
,
String
entityName
,
String
action
)
{
private
boolean
isAllData
(
String
entityName
,
String
action
,
JSONObject
permissionList
)
{
if
(
permissionList
==
null
)
if
(
permissionList
==
null
)
return
false
;
return
false
;
...
@@ -136,7 +289,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -136,7 +289,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
*
userPermission
:{
"ENTITY"
:{
"DEACTION"
:{
"READ"
:[
"CURORG"
]},
"DATASET"
:{
"Default"
:[
"CURORG"
]}}}
*
userPermission
:{
"ENTITY"
:{
"DEACTION"
:{
"READ"
:[
"CURORG"
]},
"DATASET"
:{
"Default"
:[
"CURORG"
]}}}
*
@
return
*
@
return
*/
*/
private
boolean
validDEActionHasPermission
(
JSONObject
userPermission
,
String
entityName
,
String
action
){
private
boolean
validDEActionHasPermission
(
String
entityName
,
String
action
,
JSONObject
userPermission
){
boolean
hasPermission
=
false
;
boolean
hasPermission
=
false
;
if
(
userPermission
==
null
)
if
(
userPermission
==
null
)
...
@@ -155,28 +308,14 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -155,28 +308,14 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
*
新建行为校验
*
新建行为校验
*
@
param
permissionList
*
@
param
entity
*
@
param
entity
*
@
param
action
*
@
param
dataRangeList
*
@
return
*
@
return
*/
*/
private
boolean
createActionPermissionValid
(
JSONObject
permissionList
,
EntityBase
entity
,
String
action
){
private
boolean
createActionPermissionValid
(
EntityBase
entity
,
JSONArray
dataRangeList
){
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
if
(
StringUtils
.
isEmpty
(
keyField
)){
throw
new
RuntimeException
(
"权限校验失败,请检查当前实体中是否已经配置主键属性!"
);
}
//
获取权限表达式
[
全部数据、本单位、本部门等
]
JSONObject
entityObj
=
permissionList
.
getJSONObject
(
entity
.
getClass
().
getSimpleName
());//
获取实体
JSONObject
permissionType
=
entityObj
.
getJSONObject
(
DEActionType
);
JSONArray
dataRangeList
=
permissionType
.
getJSONArray
(
action
);//
行为:
read
;
insert
...
if
(
dataRangeList
.
size
()==
0
)
return
false
;
boolean
isCreate
=
true
;
boolean
isCreate
=
true
;
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
String
createManField
=
permissionField
.
get
(
"createmanfield"
);
...
@@ -233,18 +372,17 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -233,18 +372,17 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
*
根据实体存储模式,进行鉴权
*
根据实体存储模式,进行鉴权
*
@
param
deStorageMode
*
@
param
deStorageMode
*
@
param
entity
*
@
param
entity
*
@
param
action
*
@
param
id
*
@
param
srfKey
*
@
param
dataRangeList
*
@
param
permissionList
*
@
return
*
@
return
*/
*/
private
boolean
otherActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
String
action
,
Object
srfKey
,
JSONObject
permission
List
){
private
boolean
otherActionPermissionValidRouter
(
String
deStorageMode
,
EntityBase
entity
,
Object
id
,
JSONArray
dataRange
List
){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
if
(
deStorageMode
.
equalsIgnoreCase
(
"sql"
)){
return
sqlPermissionValid
(
entity
,
action
,
srfKey
,
permission
List
);
return
sqlPermissionValid
(
entity
,
id
,
dataRange
List
);
}
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"nosql"
)){
return
noSqlPermissionValid
(
entity
,
action
,
srfKey
,
permission
List
);
return
noSqlPermissionValid
(
entity
,
id
,
dataRange
List
);
}
}
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
else
if
(
deStorageMode
.
equalsIgnoreCase
(
"serviceapi"
)){
return
true
;
return
true
;
...
@@ -257,32 +395,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -257,32 +395,16 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
*
sql
存储模式实体行为鉴权
*
sql
存储模式实体行为鉴权
*
@
param
entity
*
@
param
entity
*
@
param
action
*
@
param
id
*
@
param
srfKey
*
@
param
dataRangeList
*
@
param
permissionList
*
@
return
*
@
return
*/
*/
private
boolean
sqlPermissionValid
(
EntityBase
entity
,
String
action
,
Object
srfKey
,
JSONObject
permissionList
){
private
boolean
sqlPermissionValid
(
EntityBase
entity
,
Object
id
,
JSONArray
dataRangeList
){
String
entityName
=
entity
.
getClass
().
getSimpleName
();
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entityName
,
"ServiceImpl"
));//
获取实体
service
对象
ServiceImpl
service
=
SpringContextHolder
.
getBean
(
String
.
format
(
"%s%s"
,
entity
.
getClass
().
getSimpleName
(),
"ServiceImpl"
));//
获取实体
service
对象
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
if
(
StringUtils
.
isEmpty
(
keyField
)){
throw
new
RuntimeException
(
"权限校验失败,请检查当前实体中是否已经配置主键属性!"
);
}
//
获取权限表达式
[
全部数据、本单位、本部门等
]
JSONObject
entityObj
=
permissionList
.
getJSONObject
(
entity
.
getClass
().
getSimpleName
());//
获取实体
JSONObject
permissionType
=
entityObj
.
getJSONObject
(
DEActionType
);
JSONArray
opprivList
=
permissionType
.
getJSONArray
(
action
);//
行为:
read
;
insert
...
if
(
opprivList
.
size
()==
0
)
return
false
;
//
通过权限表达式来获取
sql
//
通过权限表达式来获取
sql
String
tempPermissionSQL
=
getPermissionSQL
(
entity
,
opprivList
);
String
permissionSQL
=
String
.
format
(
" (%s) AND (%s='%s')"
,
getPermissionSQL
(
entity
,
dataRangeList
),
permissionField
.
get
(
keyFieldTag
),
id
);
//
拼接权限条件
-
编辑
String
permissionSQL
=
String
.
format
(
" (%s) AND (%s='%s')"
,
tempPermissionSQL
,
keyField
,
srfKey
);
//
拼接权限条件
-
编辑
//
执行
sql
进行权限检查
//
执行
sql
进行权限检查
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);//
构造权限条件
QueryWrapper
permissionWrapper
=
getPermissionWrapper
(
permissionSQL
);//
构造权限条件
List
list
=
service
.
list
(
permissionWrapper
);
List
list
=
service
.
list
(
permissionWrapper
);
...
@@ -297,32 +419,18 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -297,32 +419,18 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
*
NoSQL
实体行为鉴权
*
NoSQL
实体行为鉴权
*
@
param
entity
*
@
param
entity
*
@
param
action
*
@
param
id
*
@
param
srfKey
*
@
param
dataRangeList
*
@
param
permissionList
*
@
return
*
@
return
*/
*/
private
boolean
noSqlPermissionValid
(
EntityBase
entity
,
String
action
,
Object
srfKey
,
JSONObject
permission
List
)
{
private
boolean
noSqlPermissionValid
(
EntityBase
entity
,
Object
id
,
JSONArray
dataRange
List
)
{
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
String
keyField
=
permissionField
.
get
(
keyFieldTag
);
if
(
StringUtils
.
isEmpty
(
keyField
)){
throw
new
RuntimeException
(
"权限校验失败,请检查当前实体中是否已经配置主键属性!"
);
}
//
获取权限表达式
[
全部数据、本单位、本部门等
]
JSONObject
entityObj
=
permissionList
.
getJSONObject
(
entity
.
getClass
().
getSimpleName
());//
获取实体
JSONObject
permissionType
=
entityObj
.
getJSONObject
(
DEActionType
);
JSONArray
dataRange
=
permissionType
.
getJSONArray
(
action
);//
行为:
read
;
insert
...
if
(
dataRange
.
size
()==
0
)
return
false
;
//
根据权限表达式填充权限条件
//
根据权限表达式填充权限条件
QueryBuilder
permissionCond
=
new
QueryBuilder
();
QueryBuilder
permissionCond
=
getNoSqlPermissionCond
(
entity
,
dataRangeList
);
fillNoSqlPermissionCond
(
dataRange
,
entity
,
permissionCond
);
//
权限条件拼接主键
//
权限条件拼接主键
permissionCond
.
and
(
keyField
).
is
(
srfKey
);
permissionCond
.
and
(
keyField
).
is
(
id
);
//
执行权限检查
//
执行权限检查
Query
query
=
new
BasicQuery
(
permissionCond
.
get
().
toString
());
Query
query
=
new
BasicQuery
(
permissionCond
.
get
().
toString
());
List
list
=
mongoTemplate
.
find
(
query
,
entity
.
getClass
());
List
list
=
mongoTemplate
.
find
(
query
,
entity
.
getClass
());
...
@@ -337,12 +445,13 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -337,12 +445,13 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
/**
/**
*
为
NoSQL
存储模式的表格查询填充权限条件
*
为
NoSQL
存储模式的表格查询填充权限条件
*
@
param
oppriList
*
@
param
entity
*
@
param
entity
*
@
param
permissionSQL
*
@
param
dataRangeList
*
@
return
*/
*/
private
void
fillNoSqlPermissionCond
(
JSONArray
oppriList
,
EntityBase
entity
,
QueryBuilder
permissionSQL
){
private
QueryBuilder
getNoSqlPermissionCond
(
EntityBase
entity
,
JSONArray
dataRangeList
){
QueryBuilder
permissionSQL
=
new
QueryBuilder
();
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entity
);//
获取组织、部门预置属性
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgField
=
permissionField
.
get
(
"orgfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
String
orgDeptField
=
permissionField
.
get
(
"orgsecfield"
);
...
@@ -354,8 +463,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -354,8 +463,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptParent
=
userInfo
.
get
(
"parentdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
Set
<
String
>
orgDeptChild
=
userInfo
.
get
(
"subdept"
);
for
(
int
i
=
0
;
i
<
oppri
List
.
size
();
i
++){
for
(
int
i
=
0
;
i
<
dataRange
List
.
size
();
i
++){
String
permissionCond
=
oppri
List
.
getString
(
i
);//
权限配置条件
String
permissionCond
=
dataRange
List
.
getString
(
i
);//
权限配置条件
if
(
permissionCond
.
equals
(
"curorg"
)){
//
本单位
if
(
permissionCond
.
equals
(
"curorg"
)){
//
本单位
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()).
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
and
(
orgField
).
is
(
AuthenticationUser
.
getAuthenticationUser
().
getOrgid
()).
get
());
}
}
...
@@ -381,6 +490,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -381,6 +490,8 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
permissionSQL
.
or
(
new
QueryBuilder
().
get
());
permissionSQL
.
or
(
new
QueryBuilder
().
get
());
}
}
}
}
return
permissionSQL
;
}
}
/**
/**
...
@@ -533,4 +644,53 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
...
@@ -533,4 +644,53 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
return
resultCond
;
return
resultCond
;
}
}
/**
*
转换
[
a
,
b
]
格式字符串到
'a'
,
'b'
格式
*
*
@
return
*/
private
String
getEntityKeyCond
(
List
<
String
>
array
)
{
String
[]
arr
=
array
.
toArray
(
new
String
[
array
.
size
()]);
return
"'"
+
String
.
join
(
"','"
,
arr
)
+
"'"
;
}
/**
*
获取数据范围
*
@
param
entityName
*
@
param
action
*
@
param
permissionList
*
@
return
*/
private
JSONArray
getDataRange
(
String
entityName
,
String
action
,
JSONObject
permissionList
){
//
获取权限表达式
[
全部数据、本单位、本部门等
]
JSONObject
entityObj
=
permissionList
.
getJSONObject
(
entityName
);//
获取实体
JSONObject
permissionType
=
entityObj
.
getJSONObject
(
DEActionType
);
JSONArray
dataRangeList
=
permissionType
.
getJSONArray
(
action
);//
行为:
read
;
insert
...
return
dataRangeList
;
}
/**
*
获取实体主键集合
*
@
param
entityBase
*
@
param
entityList
*
@
return
*/
private
List
<
String
>
getIds
(
EntityBase
entityBase
,
List
<
EntityBase
>
entityList
)
{
List
<
String
>
entityKeyList
=
new
ArrayList
<>();
Map
<
String
,
String
>
permissionField
=
getPermissionField
(
entityBase
);//
获取组织、部门预置属性
String
keyFieldName
=
permissionField
.
get
(
keyFieldTag
);
if
(
StringUtils
.
isEmpty
(
keyFieldName
))
return
entityKeyList
;
for
(
EntityBase
entity
:
entityList
){
Object
objEntityKey
=
entity
.
get
(
keyFieldName
);
if
(
!ObjectUtils.isEmpty(objEntityKey)){
entityKeyList
.
add
(
String
.
valueOf
(
objEntityKey
));
}
}
return
entityKeyList
;
}
}
}
\ No newline at end of file
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录