补充数据查询上下级权限

c837e426 · zhouweidong · 43b4aa37 · c837e426
--- a/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
+++ b/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
@@ -261,8 +261,7 @@ public class ${itemCodeName}Resource {
                </#if>
            <#elseif apiMethod.getActionType()=='FETCH'>
                <#assign deds = apiMethod.getPSDEDataSet()>
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-search${deds.codeName}-all') and hasPermission(#context,'${sys.codeName}-${de.codeName}-Get')")
-                <#--<@SecurityAnnotation deds/>-->
+                <@DataQuerySecurityAnnotation deds/>
 	@ApiOperation(value = "获取${deds.getLogicName()}", tags = {"${deLogicName}" } ,notes = "获取${deds.getLogicName()}")
    @RequestMapping(method= RequestMethod.${reqMtd} , value="${fullPath}/fetch<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<List<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> fetch<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>(${deCodeName}SearchContext context) {
@@ -285,8 +284,7 @@ public class ${itemCodeName}Resource {
        </#if>
 	}

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-search${deds.codeName}-all') and hasPermission(#context,'${sys.codeName}-${de.codeName}-Get')")
-                <#--<@SecurityAnnotation deds/>-->
+               <@DataQuerySecurityAnnotation deds/>
 	@ApiOperation(value = "查询${deds.getLogicName()}", tags = {"${deLogicName}" } ,notes = "查询${deds.getLogicName()}")
    @RequestMapping(method= RequestMethod.POST , value="${fullPath}/search<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<Page<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> search<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>(@RequestBody ${deCodeName}SearchContext context) {
@@ -568,8 +566,7 @@ public class ${itemCodeName}Resource {
               </#if>
            <#elseif apiMethod.getActionType()=='FETCH'>
                <#assign deds = apiMethod.getPSDEDataSet()>
-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-search${deds.codeName}-all') and hasPermission(#context,'${sys.codeName}-${de.codeName}-Get')")
-                <#--<@SecurityAnnotation deds/>-->
+                <@DataQuerySecurityAnnotation deds/>
 	@ApiOperation(value = "${byTagParams}获取${deds.getLogicName()}", tags = {"${deLogicName}" } ,notes = "${byTagParams}获取${deds.getLogicName()}")
    @RequestMapping(method= RequestMethod.${reqMtd} , value="${fullPath}/fetch<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<List<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> fetch${itemCodeName}<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>${byParams}(<#if parentParams!="">${parentParams},</#if>${deCodeName}SearchContext context) {
@@ -592,8 +589,7 @@ public class ${itemCodeName}Resource {
        </#if>
 	}

-    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-search${deds.codeName}-all') and hasPermission(#context,'${sys.codeName}-${de.codeName}-Get')")
-            <#--<@SecurityAnnotation deds/>-->
+            <@DataQuerySecurityAnnotation deds/>
 	@ApiOperation(value = "${byTagParams}查询${deds.getLogicName()}", tags = {"${deLogicName}" } ,notes = "${byTagParams}查询${deds.getLogicName()}")
    @RequestMapping(method= RequestMethod.POST , value="${fullPath}/search<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()?lower_case}<#else>${deds.getCodeName()?lower_case}</#if>")
 	public ResponseEntity<Page<<#if deds.isEnableGroup()>HashMap<#else>${itemCodeName}DTO</#if>>> search${itemCodeName}<#if (deds.getName()=='DEFAULT')>${deds.getCodeName()}<#else>${deds.getCodeName()}</#if>${byParams}(<#if parentParams!="">${parentParams}, @RequestBody </#if>${deCodeName}SearchContext context) {
@@ -619,6 +615,17 @@ public class ${itemCodeName}Resource {
 </#if>
 </#if>

+<#comment>数据查询Security权限校验</#comment>
+<#macro DataQuerySecurityAnnotation dataset>
+    <#if de.getStorageMode()==1 || de.getStorageMode()==2>
+        <#if hasDEPrefield==false>
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-search${dataset.codeName}-all')")
+        <#else>
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-search${dataset.codeName}-all') and hasPermission(#context,'${sys.codeName}-${de.codeName}-Get')")
+        </#if>
+    </#if>
+</#macro>
+
 <#comment>单条数据Security权限校验</#comment>
 <#macro SecurityAnnotation deaction>
    <#if de.getStorageMode()==1 || de.getStorageMode()==2>