简化权限校验

fe1290d6 · zhouweidong · 9e2009a8 · fe1290d6 · fe1290d6
--- a/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
+++ b/SLN/%PUBPRJ%-provider/%PUBPRJ%-provider-%SYSAPI_PKGPATH%/src/main/java/%SYS_PKGPATH%/%SYSAPI_PKGPATH%/rest/%ITEM%Resource.java.ftl
@@ -77,14 +77,12 @@ import ${pubPkgCodeName}.core.${deapideModuleCNLC}.service.I${deapideCN}Service;
 public class ${itemCodeName}Resource {

    @Autowired
-    private I${deCodeName}Service ${deCodeNameLC}Service;
+    public I${deCodeName}Service ${deCodeNameLC}Service;

    @Autowired
    @Lazy
    public ${itemCodeName}Mapping ${itemCodeNameLC}Mapping;

-    public ${deCodeName}DTO permissionDTO=new ${deCodeName}DTO();
-
 <#--  嵌套服务对象  -->
 <#if item.getPSDEServiceAPIRSs()??>
  <#list item.getPSDEServiceAPIRSs() as apider>
@@ -146,7 +144,7 @@ public class ${itemCodeName}Resource {
                    <#if noDEPrefield>
    <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
                    <#else>
-    <@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
+    <@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dto)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
                    </#if>
    @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" },  notes = "${deaction.getLogicName()}")
 	@RequestMapping(method = RequestMethod.POST, value = "${fullPath}")
@@ -657,7 +655,7 @@ public class ${itemCodeName}Resource {

 <#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>
 <#macro outputHasPermissionAnnotation param1 param2>
-    //@PreAuthorize("hasPermission(${param1},'${param2}')")
+    @PreAuthorize("hasPermission(${param1},'${param2}')")
 </#macro>

 <#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>

--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
@@ -53,7 +53,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        if(entity instanceof  ArrayList){
            List<EntityBase> entities= (List<EntityBase>) entity;
            for(EntityBase entityBase: entities){
-                boolean result=actionValid(entityBase,entityDataRange);
+                boolean result=actionValid(entityBase,strAction,entityDataRange);
                if(!result){
                   return false;
                }
@@ -61,7 +61,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        }
        else{
            EntityBase entityBase= (EntityBase) entity;
-            return actionValid(entityBase,entityDataRange);
+            return actionValid(entityBase,strAction,entityDataRange);
        }
        return true;
    }
@@ -112,7 +112,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
     * @param entityDataRange
     * @return
     */
-    private boolean actionValid(EntityBase entity, Set<String> entityDataRange){
+    private boolean actionValid(EntityBase entity, String action, Set<String> entityDataRange){

        Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
        String orgField=permissionField.get("orgfield");
@@ -153,17 +153,26 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            }
        }

-        if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){
-            return false;
-        }
-        if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){
-            return false;
-        }
-        if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){
-            return false;
+        if(action.endsWith("Create")){
+            if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
+                return false;
+            if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
+                return false;
+            if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid()))
+                return false;
+
+                return true;
        }
+        else{
+            if(!ObjectUtils.isEmpty(orgFieldValue) && userOrg.contains(orgFieldValue))
+                return true;
+            if(!ObjectUtils.isEmpty(orgDeptFieldValue) && userOrgDept.contains(orgDeptFieldValue))
+                return true;
+            if(!ObjectUtils.isEmpty(crateManFieldValue) && crateManFieldValue.equals(authenticationUser.getUserid()))
+                return true;

-        return true;
+                return false;
+        }
    }

    /**