提交 fe1290d6 编写于 作者: zhouweidong's avatar zhouweidong

简化权限校验

上级 9e2009a8
...@@ -77,14 +77,12 @@ import ${pubPkgCodeName}.core.${deapideModuleCNLC}.service.I${deapideCN}Service; ...@@ -77,14 +77,12 @@ import ${pubPkgCodeName}.core.${deapideModuleCNLC}.service.I${deapideCN}Service;
public class ${itemCodeName}Resource { public class ${itemCodeName}Resource {
@Autowired @Autowired
private I${deCodeName}Service ${deCodeNameLC}Service; public I${deCodeName}Service ${deCodeNameLC}Service;
@Autowired @Autowired
@Lazy @Lazy
public ${itemCodeName}Mapping ${itemCodeNameLC}Mapping; public ${itemCodeName}Mapping ${itemCodeNameLC}Mapping;
public ${deCodeName}DTO permissionDTO=new ${deCodeName}DTO();
<#-- 嵌套服务对象 --> <#-- 嵌套服务对象 -->
<#if item.getPSDEServiceAPIRSs()??> <#if item.getPSDEServiceAPIRSs()??>
<#list item.getPSDEServiceAPIRSs() as apider> <#list item.getPSDEServiceAPIRSs() as apider>
...@@ -146,7 +144,7 @@ public class ${itemCodeName}Resource { ...@@ -146,7 +144,7 @@ public class ${itemCodeName}Resource {
<#if noDEPrefield> <#if noDEPrefield>
<@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/> <@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
<#else> <#else>
<@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' /> <@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dto)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
</#if> </#if>
@ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" }, notes = "${deaction.getLogicName()}") @ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" }, notes = "${deaction.getLogicName()}")
@RequestMapping(method = RequestMethod.POST, value = "${fullPath}") @RequestMapping(method = RequestMethod.POST, value = "${fullPath}")
...@@ -657,7 +655,7 @@ public class ${itemCodeName}Resource { ...@@ -657,7 +655,7 @@ public class ${itemCodeName}Resource {
<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment> <#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>
<#macro outputHasPermissionAnnotation param1 param2> <#macro outputHasPermissionAnnotation param1 param2>
//@PreAuthorize("hasPermission(${param1},'${param2}')") @PreAuthorize("hasPermission(${param1},'${param2}')")
</#macro> </#macro>
<#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment> <#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>
......
...@@ -53,7 +53,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -53,7 +53,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if(entity instanceof ArrayList){ if(entity instanceof ArrayList){
List<EntityBase> entities= (List<EntityBase>) entity; List<EntityBase> entities= (List<EntityBase>) entity;
for(EntityBase entityBase: entities){ for(EntityBase entityBase: entities){
boolean result=actionValid(entityBase,entityDataRange); boolean result=actionValid(entityBase,strAction,entityDataRange);
if(!result){ if(!result){
return false; return false;
} }
...@@ -61,7 +61,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -61,7 +61,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
} }
else{ else{
EntityBase entityBase= (EntityBase) entity; EntityBase entityBase= (EntityBase) entity;
return actionValid(entityBase,entityDataRange); return actionValid(entityBase,strAction,entityDataRange);
} }
return true; return true;
} }
...@@ -112,7 +112,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -112,7 +112,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param entityDataRange * @param entityDataRange
* @return * @return
*/ */
private boolean actionValid(EntityBase entity, Set<String> entityDataRange){ private boolean actionValid(EntityBase entity, String action, Set<String> entityDataRange){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性 Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String orgField=permissionField.get("orgfield"); String orgField=permissionField.get("orgfield");
...@@ -153,17 +153,26 @@ public class AuthPermissionEvaluator implements PermissionEvaluator { ...@@ -153,17 +153,26 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
} }
} }
if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){ if(action.endsWith("Create")){
return false; if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
} return false;
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){ if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
return false; return false;
} if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid()))
if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){ return false;
return false;
return true;
} }
else{
if(!ObjectUtils.isEmpty(orgFieldValue) && userOrg.contains(orgFieldValue))
return true;
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && userOrgDept.contains(orgDeptFieldValue))
return true;
if(!ObjectUtils.isEmpty(crateManFieldValue) && crateManFieldValue.equals(authenticationUser.getUserid()))
return true;
return true; return false;
}
} }
/** /**
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册