简化权限校验

e065c04f · zhouweidong · 32bb59ee · e065c04f · e065c04f · e065c04f
--- a/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/service/I%DE%Service.java.ftl
+++ b/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/service/I%DE%Service.java.ftl
 <#ibiztemplate>
 TARGET=PSDATAENTITY
 </#ibiztemplate>
+<#assign deCodeNameCamel = srfcaseformat(de.codeName,'l_u2lC')>
+<#comment>实体是否配置预置属性</#comment>
+<#assign hasDEPrefield=false>
+<#if de.getPSDEFieldByPDT('ORGID',true)?? || de.getPSDEFieldByPDT('ORGSECTORID',true)??  || de.getPSDEFieldByPDT('CREATEMAN',true)?? >
+    <#assign hasDEPrefield=true>
+</#if>
 <#if de.getStorageMode()==1 || de.getStorageMode()==2 ||de.getStorageMode()==4||de.getStorageMode()==0>
 package ${pub.getPKGCodeName()}.core.${item.getPSSystemModule().getCodeName()?lower_case}.service;
@@ -47,6 +53,11 @@ public interface I${item.codeName}Service extends IService<${item.codeName}>{
     */
    boolean execute(String sql, Map param);
+    <#if hasDEPrefield>
+    List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) ;
+    List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) ;
+    </#if>
 }
 <#comment>NoSQL存储-MongoDB</#comment>
 <#elseif de.getStorageMode()==2>
@@ -58,6 +69,10 @@ public interface I${item.codeName}Service{
    <@addIDESerivceBody />
+    <#if hasDEPrefield>
+    List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) ;
+    List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) ;
+    </#if>
 }
 <#elseif de.getStorageMode()==4>

--- a/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/service/impl/%DE%ServiceImpl.java.ftl
+++ b/SLN/%PUBPRJ%-core/src/main/java/%SYS_PKGPATH%/core/%MOD_PKGPATH%/service/impl/%DE%ServiceImpl.java.ftl
 <#ibiztemplate>
 TARGET=PSDATAENTITY
 </#ibiztemplate>
+<#assign deCodeNameCamel = srfcaseformat(de.codeName,'l_u2lC')>
+<#comment>实体是否配置预置属性</#comment>
+<#assign hasDEPrefield=false>
+<#if de.getPSDEFieldByPDT('ORGID',true)?? || de.getPSDEFieldByPDT('ORGSECTORID',true)??  || de.getPSDEFieldByPDT('CREATEMAN',true)?? >
+    <#assign hasDEPrefield=true>
+</#if>
 <#if de.getStorageMode()==1 || de.getStorageMode()==2 ||de.getStorageMode()==4||de.getStorageMode()==0>
 <#comment>判断是否有1：N的主关系，用于填充外键值文本、附加数据</#comment>
 <#assign hasMinorPSDERs=0>
@@ -602,6 +608,28 @@ ${deaction.getRender().code}
        return true;
    }
+    <#if hasDEPrefield>
+    @Override
+    public List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) {
+         return this.listByIds(ids);
+    }
+    @Override
+    public List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) {
+        List ids =new ArrayList();
+        for(${de.codeName} entity : entities){
+            Serializable id=entity.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}();
+            if(!ObjectUtils.isEmpty(id)){
+                ids.add(id);
+            }
+        }
+        if(ids.size()>0)
+           return this.listByIds(ids);
+        else
+           return entities;
+    }
+    </#if>
 }
 <#comment>NOSQL存储</#comment>
@@ -612,7 +640,7 @@ import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.data.mongodb.core.query.BasicQuery;
 import org.springframework.data.mongodb.core.query.Query;
 import javax.annotation.Resource;
+import com.mongodb.QueryBuilder;
 /**
 * 实体[${item.getLogicName()}] 服务对象接口实现
 */
@@ -1037,7 +1065,36 @@ ${deaction.getRender().code}
        </#list>
    </#if>
+    <#if hasDEPrefield>
+    @Override
+    public List<${de.codeName}> get${deCodeNameCamel}ByIds(List<String> ids) {
+        QueryBuilder permissionCond=new QueryBuilder();
+        permissionCond.and("${keyfield?lower_case}").in(ids);
+        Query query = new BasicQuery(permissionCond.get().toString());
+        return mongoTemplate.find(query,${de.codeName}.class);
+    }
+    @Override
+    public List<${de.codeName}> get${deCodeNameCamel}ByEntities(List<${de.codeName}> entities) {
+        List ids =new ArrayList();
+        for(${de.codeName} entity : entities){
+            Serializable id=entity.get${srfcaseformat(keyfield.codeName,'l_u2lC')?cap_first}();
+            if(!ObjectUtils.isEmpty(id)){
+                ids.add(id);
+            }
+        }
+        if(ids.size()>0){
+            QueryBuilder permissionCond=new QueryBuilder();
+            permissionCond.and("${keyfield?lower_case}").in(ids);
+            Query query = new BasicQuery(permissionCond.get().toString());
+            return mongoTemplate.find(query,${de.codeName}.class);
+        }
+        else
+            return entities;
+    }
+    </#if>
 }

--- a/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
+++ b/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
@@ -9,6 +9,7 @@ TARGET=PSDESERVICEAPI
 <#assign itemCodeName = item.getCodeName()>
 <#assign itemCodeNameLC = itemCodeName?lower_case>
 <#assign deCodeName = de.getCodeName()>
+<#assign deCodeNameCamel = srfcaseformat(deCodeName,'l_u2lC')>
 <#assign deCodeNameLC = deCodeName?lower_case>
 <#assign dePKCodeNameLC = srfcaseformat(de.getKeyPSDEField().getCodeName(),'l_u2lC')>
 <#assign dePKCodeName = (dePKCodeNameLC)?cap_first>
@@ -16,11 +17,9 @@ TARGET=PSDESERVICEAPI
 <#assign itemSysApiCodeName = item.getPSSysServiceAPI().getCodeName()>
 <#assign itemSysApiCodeNameLC = item.getPSSysServiceAPI().getCodeName()?lower_case>
 <#assign keyCNLC = "_id">
-<#assign deStorageMode="None">
+<#assign hasDEPrefield=false>
-<#if de.getStorageMode()==1><#assign deStorageMode="Sql"><#elseif de.getStorageMode()==2><#assign deStorageMode="NoSQL"><#elseif de.getStorageMode()==4><#assign deStorageMode="ServiceApi"></#if>
-<#assign noDEPrefield=true>
 <#if de.getPSDEFieldByPDT('ORGID',true)?? || de.getPSDEFieldByPDT('ORGSECTORID',true)??  || de.getPSDEFieldByPDT('CREATEMAN',true)?? >
-<#assign noDEPrefield=false>
+<#assign hasDEPrefield=true>
 </#if>
 package ${pubPkgCodeName}.${itemSysApiCodeNameLC}.rest;
@@ -608,47 +607,38 @@ public class ${itemCodeName}Resource {
 }
 </#if>
 </#if>
-<#--<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>-->
-<#--<#macro outputHasAnyAuthorityAnnotation permissionTag>-->
-    <#--@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${permissionTag}')")-->
-<#--</#macro>-->
-<#--<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>-->
-<#--<#macro outputHasPermissionAnnotation param1 param2>-->
-    <#--@PreAuthorize("hasPermission(${param1},'${param2}')")-->
-<#--</#macro>-->
-<#--<#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>-->
-<#--<#macro outputBatchPermissionAnnotation deAction >-->
-    <#--<#if deAction=='Remove'>-->
-    <#--//-->
-    <#--<#else>-->
-    <#--//@PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos),'${sys.codeName}-${de.codeName}-${deAction.codeName}')")-->
-    <#--</#if>-->
-<#--</#macro>-->
 <#macro SecurityAnnotation deaction>
-    <#if noDEPrefield>
+    <#if de.getStorageMode()==1 || de.getStorageMode()==2>
+        <#if hasDEPrefield==false>
    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
-    <#else>
+        <#else>
-        <#if deaction.codeName?lower_case=='create' || deaction.codeName?lower_case=='save'>
+            <#if deaction.codeName?lower_case=='create' || deaction.codeName?lower_case=='save'>
    @PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dto),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
-        <#elseif deaction.codeName?lower_case=='update' || deaction.codeName?lower_case=='remove'>
+            <#elseif deaction.codeName?lower_case=='update' || deaction.codeName?lower_case=='remove'>
    @PreAuthorize("hasPermission(this.${deCodeNameLC}Service.get(#${itemCodeNameLC + keyCNLC}),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
-        <#elseif deaction.codeName?lower_case=='get'>
+            <#elseif deaction.codeName?lower_case=='get'>
    @PostAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(returnObject.body),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
-        <#else>
+            <#else>
    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
+            </#if>
        </#if>
    </#if>
 </#macro>
 <#macro SecurityBatchAnnotation deaction>
-    <#if deaction.codeName?lower_case=='remove'>
+    <#if de.getStorageMode()==1 || de.getStorageMode()==2>
-    //
+        <#if hasDEPrefield==false>
-    <#else>
+    @PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','${sys.codeName}-${de.codeName}-${deaction.codeName}-all')")
+        <#else>
+            <#if deaction.codeName?lower_case=='remove'>
+    //@PreAuthorize("hasPermission(this.${deCodeNameLC}Service.get${deCodeNameCamel}ByIds(#ids),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
+            <#elseif deaction.codeName?lower_case=='update'>
+    //@PreAuthorize("hasPermission(this.${deCodeNameLC}Service.get${deCodeNameCamel}ByEntities(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos)),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
+            <#else>
    //@PreAuthorize("hasPermission(this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos),'${sys.codeName}-${de.codeName}-${deaction.codeName}')")
+            </#if>
+        </#if>
    </#if>
 </#macro>

--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
@@ -14,7 +14,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 import java.io.Serializable;
-import java.lang.reflect.Field;
 import java.util.*;
 /**
@@ -26,10 +25,6 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    @Value("${r'${ibiz.enablePermissionValid:false}'}")
    boolean enablePermissionValid;  //是否开启权限校验
-    /**
-     *实体主键标识
-     */
-    private String keyFieldTag="keyfield";
    /**
     * 实体行为鉴权
     * @param authentication
@@ -58,7 +53,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            for(EntityBase entityBase: entities){
                boolean result=actionValid(entityBase, strAction ,userAuthorities);
                if(!result){
-                   return false;
+                    return false;
                }
            }
        }
@@ -84,10 +79,9 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
    private Set<String> getAuthorities(Authentication authentication , String action){
        Collection authorities=authentication.getAuthorities();
        Set<String> userAuthorities = new HashSet();
-        Iterator var2 = authorities.iterator();
+        Iterator it = authorities.iterator();
+        while(it.hasNext()) {
-        while(var2.hasNext()) {
+            GrantedAuthority authority = (GrantedAuthority)it.next();
-            GrantedAuthority authority = (GrantedAuthority)var2.next();
            if(authority.getAuthority().contains(action))
                userAuthorities.add(authority.getAuthority());
        }
@@ -156,35 +150,26 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            }
        }
-        if(action.endsWith("Save")){
+        if(action.endsWith("Create") || action.endsWith("Save")){
-            String keyFieldName=permissionField.get(keyFieldTag);
+            if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
-            Object srfKey=entity.get(keyFieldName);
+                return false;
-            if(ObjectUtils.isEmpty(srfKey))
+            if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
-                action="Create";
+                return false;
-            else
+            if(!ObjectUtils.isEmpty(crateManFieldValue) && !authenticationUser.getUserid().equals(crateManFieldValue))
-                action="Update";
+                return false;
+            return true;
        }
+        else{
+            if(!ObjectUtils.isEmpty(orgFieldValue) && userOrg.contains(orgFieldValue))
+                return true;
+            if(!ObjectUtils.isEmpty(orgDeptFieldValue) && userOrgDept.contains(orgDeptFieldValue))
+                return true;
+            if(!ObjectUtils.isEmpty(crateManFieldValue) && authenticationUser.getUserid().equals(crateManFieldValue))
+                return true;
-       if(action.endsWith("Create")){
+            return false;
-           if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
+        }
-               return false;
-           if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
-               return false;
-           if(!ObjectUtils.isEmpty(crateManFieldValue) && !authenticationUser.getUserid().equals(crateManFieldValue))
-               return false;
-               return true;
-       }
-       else{
-           if(!ObjectUtils.isEmpty(orgFieldValue) && userOrg.contains(orgFieldValue))
-               return true;
-           if(!ObjectUtils.isEmpty(orgDeptFieldValue) && userOrgDept.contains(orgDeptFieldValue))
-               return true;
-           if(!ObjectUtils.isEmpty(crateManFieldValue) && authenticationUser.getUserid().equals(crateManFieldValue))
-               return true;
-               return false;
-       }
    }
    /**
@@ -198,44 +183,24 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        String orgField="orgid";  //组织属性
        String orgDeptField="orgsecid"; //部门属性
        String createManField="createman"; //创建人属性
-        String keyField="";//主键属性
        DEFieldCacheMap.getFieldMap(entityBase.getClass().getName());
-        Map <Field, DEField> preFields= SearchDEField(entityBase.getClass().getName()); //从缓存中获取当前类预置属性
+        Map <String, DEField> preFields= DEFieldCacheMap.getDEFields(entityBase.getClass()); //从缓存中获取当前类预置属性
-        for (Map.Entry<Field,DEField> entry : preFields.entrySet()){
+        for (Map.Entry<String,DEField> entry : preFields.entrySet()){
-            Field preField=entry.getKey();//获取注解字段
+            String fieldName=entry.getKey();//获取注解字段
            DEField fieldAnnotation=entry.getValue();//获取注解值
            DEPredefinedFieldType prefieldType=fieldAnnotation.preType();
            if(prefieldType==prefieldType.ORGID)//用户配置系统预置属性-组织机构标识
-                orgField=preField.getName();
+                orgField=fieldName;
            if(prefieldType==prefieldType.ORGSECTORID)//用户配置系统预置属性-部门标识
-                orgDeptField=preField.getName();
+                orgDeptField=fieldName;
-            if(fieldAnnotation.isKeyField())//用户配置系统预置属性-部门标识
+            if(prefieldType==prefieldType.CREATEMAN)//用户配置系统预置属性-部门标识
-                keyField=preField.getName();
+                createManField=fieldName;
        }
        permissionFiled.put("orgfield",orgField);
        permissionFiled.put("orgsecfield",orgDeptField);
        permissionFiled.put("createmanfield",createManField);
-        permissionFiled.put("keyfield",keyField);
        return permissionFiled;
    }
-    /**
-     *获取含有@DEField注解的实体属性
-     * @param className do对象类名
-     * @return
-     */
-    private Map <Field, DEField> SearchDEField(String className){
-        List<Field> fields =  DEFieldCacheMap.getFields(className);
-        Map <Field, DEField> deFieldMap =new HashMap<>();
-        for(Field field:fields){
-            DEField deField=field.getAnnotation(DEField.class);
-            if(!ObjectUtils.isEmpty(deField)) {
-                deFieldMap.put(field,deField);
-            }
-        }
-        return deFieldMap;
-    }
 }
\ No newline at end of file