提交 e065c04f 编写于 作者: zhouweidong's avatar zhouweidong

简化权限校验

上级 32bb59ee
<#ibiztemplate>
TARGET=PSDATAENTITY
</#ibiztemplate>
<#assign deCodeNameCamel = srfcaseformat(de.codeName,'l_u2lC')>
<#comment>实体是否配置预置属性</#comment>
<#assign hasDEPrefield=false>
<#if de.getPSDEFieldByPDT('ORGID',true)?? || de.getPSDEFieldByPDT('ORGSECTORID',true)?? || de.getPSDEFieldByPDT('CREATEMAN',true)?? >
<#assign hasDEPrefield=true>
</#if>
<#if de.getStorageMode()==1 || de.getStorageMode()==2 ||de.getStorageMode()==4||de.getStorageMode()==0>
package ${pub.getPKGCodeName()}.core.${item.getPSSystemModule().getCodeName()?lower_case}.service;
......@@ -47,6 +53,11 @@ public interface I${item.codeName}Service extends IService<${item.codeName}>{
*/
boolean execute(String sql, Map param);
<#if hasDEPrefield>
List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) ;
List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) ;
</#if>
}
<#comment>NoSQL存储-MongoDB</#comment>
<#elseif de.getStorageMode()==2>
......@@ -58,6 +69,10 @@ public interface I${item.codeName}Service{
<@addIDESerivceBody />
<#if hasDEPrefield>
List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) ;
List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) ;
</#if>
}
<#elseif de.getStorageMode()==4>
......
<#ibiztemplate>
TARGET=PSDATAENTITY
</#ibiztemplate>
<#assign deCodeNameCamel = srfcaseformat(de.codeName,'l_u2lC')>
<#comment>实体是否配置预置属性</#comment>
<#assign hasDEPrefield=false>
<#if de.getPSDEFieldByPDT('ORGID',true)?? || de.getPSDEFieldByPDT('ORGSECTORID',true)?? || de.getPSDEFieldByPDT('CREATEMAN',true)?? >
<#assign hasDEPrefield=true>
</#if>
<#if de.getStorageMode()==1 || de.getStorageMode()==2 ||de.getStorageMode()==4||de.getStorageMode()==0>
<#comment>判断是否有1N的主关系,用于填充外键值文本、附加数据</#comment>
<#assign hasMinorPSDERs=0>
......@@ -602,6 +608,28 @@ ${deaction.getRender().code}
return true;
}
<#if hasDEPrefield>
@Override
public List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) {
return this.listByIds(ids);
}
@Override
public List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) {
List ids =new ArrayList();
for(${de.codeName} entity : entities){
Serializable id=entity.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}();
if(!ObjectUtils.isEmpty(id)){
ids.add(id);
}
}
if(ids.size()>0)
return this.listByIds(ids);
else
return entities;
}
</#if>
}
<#comment>NOSQL存储</#comment>
......@@ -612,7 +640,7 @@ import org.springframework.data.mongodb.core.MongoTemplate;
import org.springframework.data.mongodb.core.query.BasicQuery;
import org.springframework.data.mongodb.core.query.Query;
import javax.annotation.Resource;
import com.mongodb.QueryBuilder;
/**
* 实体[${item.getLogicName()}] 服务对象接口实现
*/
......@@ -1038,6 +1066,35 @@ ${deaction.getRender().code}
</#list>
</#if>
<#if hasDEPrefield>
@Override
public List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) {
QueryBuilder permissionCond=new QueryBuilder();
permissionCond.and("${keyfield?lower_case}").in(ids);
Query query = new BasicQuery(permissionCond.get().toString());
return mongoTemplate.find(query,${de.codeName}.class);
}
@Override
public List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) {
List ids =new ArrayList();
for(${de.codeName} entity : entities){
Serializable id=entity.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}();
if(!ObjectUtils.isEmpty(id)){
ids.add(id);
}
}
if(ids.size()>0){
QueryBuilder permissionCond=new QueryBuilder();
permissionCond.and("${keyfield?lower_case}").in(ids);
Query query = new BasicQuery(permissionCond.get().toString());
return mongoTemplate.find(query,${de.codeName}.class);
}
else
return entities;
}
</#if>
}
......
......@@ -9,6 +9,7 @@ TARGET=PSDESERVICEAPI
<#assign itemCodeName = item.getCodeName()>
<#assign itemCodeNameLC = itemCodeName?lower_case>
<#assign deCodeName = de.getCodeName()>
<#assign deCodeNameCamel = srfcaseformat(deCodeName,'l_u2lC')>
<#assign deCodeNameLC = deCodeName?lower_case>
<#assign dePKCodeNameLC = srfcaseformat(de.getKeyPSDEField().getCodeName(),'l_u2lC')>
<#assign dePKCodeName = (dePKCodeNameLC)?cap_first>
......@@ -16,11 +17,9 @@ TARGET=PSDESERVICEAPI
<#assign itemSysApiCodeName = item.getPSSysServiceAPI().getCodeName()>
<#assign itemSysApiCodeNameLC = item.getPSSysServiceAPI().getCodeName()?lower_case>
<#assign keyCNLC = "_id">
<#assign deStorageMode="None">
<#if de.getStorageMode()==1><#assign deStorageMode="Sql"><#elseif de.getStorageMode()==2><#assign deStorageMode="NoSQL"><#elseif de.getStorageMode()==4><#assign deStorageMode="ServiceApi"></#if>
<#assign noDEPrefield=true>
<#assign hasDEPrefield=false>
<#if de.getPSDEFieldByPDT('ORGID',true)?? || de.getPSDEFieldByPDT('ORGSECTORID',true)?? || de.getPSDEFieldByPDT('CREATEMAN',true)?? >
<#assign noDEPrefield=false>
<#assign hasDEPrefield=true>
</#if>
package ${pubPkgCodeName}.${itemSysApiCodeNameLC}.rest;
......@@ -608,28 +607,10 @@ public class ${itemCodeName}Resource {
}
</#if>
</#if>
<#--<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>-->
<#--<#macro outputHasAnyAuthorityAnnotation permissionTag>-->
<#--@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${permissionTag}')")-->
<#--</#macro>-->
<#--<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>-->
<#--<#macro outputHasPermissionAnnotation param1 param2>-->
<#--@PreAuthorize("hasPermission(${param1},'${param2}')")-->
<#--</#macro>-->
<#--<#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>-->
<#--<#macro outputBatchPermissionAnnotation deAction >-->
<#--<#if deAction=='Remove'>-->
<#--//-->
<#--<#else>-->
<#--//@PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos),'${sys.codeName}-${de.codeName}-${deAction.codeName}')")-->
<#--</#if>-->
<#--</#macro>-->
<#macro SecurityAnnotation deaction>
<#if noDEPrefield>
<#if de.getStorageMode()==1 || de.getStorageMode()==2>
<#if hasDEPrefield==false>
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
<#else>
<#if deaction.codeName?lower_case=='create' || deaction.codeName?lower_case=='save'>
......@@ -642,14 +623,23 @@ public class ${itemCodeName}Resource {
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
</#if>
</#if>
</#if>
</#macro>
<#macro SecurityBatchAnnotation deaction>
<#if de.getStorageMode()==1 || de.getStorageMode()==2>
<#if hasDEPrefield==false>
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
<#else>
<#if deaction.codeName?lower_case=='remove'>
//
//@PreAuthorize("hasPermission(this.${deCodeNameLC}Service.get${deCodeNameCamel}ByIds(#ids),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
<#elseif deaction.codeName?lower_case=='update'>
//@PreAuthorize("hasPermission(this.${deCodeNameLC}Service.get${deCodeNameCamel}ByEntities(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos)),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
<#else>
//@PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
</#if>
</#if>
</#if>
</#macro>
......
......@@ -14,7 +14,6 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.util.*;
/**
......@@ -26,10 +25,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
@Value("${r'${ibiz.enablePermissionValid:false}'}")
boolean enablePermissionValid; //是否开启权限校验
/**
*实体主键标识
*/
private String keyFieldTag="keyfield";
/**
* 实体行为鉴权
* @param authentication
......@@ -84,10 +79,9 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
private Set<String> getAuthorities(Authentication authentication , String action){
Collection authorities=authentication.getAuthorities();
Set<String> userAuthorities = new HashSet();
Iterator var2 = authorities.iterator();
while(var2.hasNext()) {
GrantedAuthority authority = (GrantedAuthority)var2.next();
Iterator it = authorities.iterator();
while(it.hasNext()) {
GrantedAuthority authority = (GrantedAuthority)it.next();
if(authority.getAuthority().contains(action))
userAuthorities.add(authority.getAuthority());
}
......@@ -156,16 +150,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
}
if(action.endsWith("Save")){
String keyFieldName=permissionField.get(keyFieldTag);
Object srfKey=entity.get(keyFieldName);
if(ObjectUtils.isEmpty(srfKey))
action="Create";
else
action="Update";
}
if(action.endsWith("Create")){
if(action.endsWith("Create") || action.endsWith("Save")){
if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
return false;
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
......@@ -198,44 +183,24 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
String orgField="orgid"; //组织属性
String orgDeptField="orgsecid"; //部门属性
String createManField="createman"; //创建人属性
String keyField="";//主键属性
DEFieldCacheMap.getFieldMap(entityBase.getClass().getName());
Map <Field, DEField> preFields= SearchDEField(entityBase.getClass().getName()); //从缓存中获取当前类预置属性
Map <String, DEField> preFields= DEFieldCacheMap.getDEFields(entityBase.getClass()); //从缓存中获取当前类预置属性
for (Map.Entry<Field,DEField> entry : preFields.entrySet()){
Field preField=entry.getKey();//获取注解字段
for (Map.Entry<String,DEField> entry : preFields.entrySet()){
String fieldName=entry.getKey();//获取注解字段
DEField fieldAnnotation=entry.getValue();//获取注解值
DEPredefinedFieldType prefieldType=fieldAnnotation.preType();
if(prefieldType==prefieldType.ORGID)//用户配置系统预置属性-组织机构标识
orgField=preField.getName();
orgField=fieldName;
if(prefieldType==prefieldType.ORGSECTORID)//用户配置系统预置属性-部门标识
orgDeptField=preField.getName();
if(fieldAnnotation.isKeyField())//用户配置系统预置属性-部门标识
keyField=preField.getName();
orgDeptField=fieldName;
if(prefieldType==prefieldType.CREATEMAN)//用户配置系统预置属性-部门标识
createManField=fieldName;
}
permissionFiled.put("orgfield",orgField);
permissionFiled.put("orgsecfield",orgDeptField);
permissionFiled.put("createmanfield",createManField);
permissionFiled.put("keyfield",keyField);
return permissionFiled;
}
/**
*获取含有@DEField注解的实体属性
* @param className do对象类名
* @return
*/
private Map <Field, DEField> SearchDEField(String className){
List<Field> fields = DEFieldCacheMap.getFields(className);
Map <Field, DEField> deFieldMap =new HashMap<>();
for(Field field:fields){
DEField deField=field.getAnnotation(DEField.class);
if(!ObjectUtils.isEmpty(deField)) {
deFieldMap.put(field,deField);
}
}
return deFieldMap;
}
}
\ No newline at end of file
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册