提交 fe1290d6 编写于 作者: zhouweidong's avatar zhouweidong

简化权限校验

上级 9e2009a8
......@@ -77,14 +77,12 @@ import ${pubPkgCodeName}.core.${deapideModuleCNLC}.service.I${deapideCN}Service;
public class ${itemCodeName}Resource {
@Autowired
private I${deCodeName}Service ${deCodeNameLC}Service;
public I${deCodeName}Service ${deCodeNameLC}Service;
@Autowired
@Lazy
public ${itemCodeName}Mapping ${itemCodeNameLC}Mapping;
public ${deCodeName}DTO permissionDTO=new ${deCodeName}DTO();
<#-- 嵌套服务对象 -->
<#if item.getPSDEServiceAPIRSs()??>
<#list item.getPSDEServiceAPIRSs() as apider>
......@@ -146,7 +144,7 @@ public class ${itemCodeName}Resource {
<#if noDEPrefield>
<@outputHasAnyAuthorityAnnotation '${sys.codeName}-${de.codeName}-${deaction.codeName}-all'/>
<#else>
<@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dtos)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
<@outputHasPermissionAnnotation 'this.${itemCodeNameLC}Mapping.toDomain(#${itemCodeNameLC}dto)' '${sys.codeName}-${de.codeName}-${deaction.codeName}' />
</#if>
@ApiOperation(value = "${deaction.getLogicName()}", tags = {"${itemCodeName}" }, notes = "${deaction.getLogicName()}")
@RequestMapping(method = RequestMethod.POST, value = "${fullPath}")
......@@ -657,7 +655,7 @@ public class ${itemCodeName}Resource {
<#comment>输出实体资源鉴权注解[hasAnyAuthority]</#comment>
<#macro outputHasPermissionAnnotation param1 param2>
//@PreAuthorize("hasPermission(${param1},'${param2}')")
@PreAuthorize("hasPermission(${param1},'${param2}')")
</#macro>
<#comment>输出实体批处理权限注解[hasAnyAuthority]</#comment>
......
......@@ -53,7 +53,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
if(entity instanceof ArrayList){
List<EntityBase> entities= (List<EntityBase>) entity;
for(EntityBase entityBase: entities){
boolean result=actionValid(entityBase,entityDataRange);
boolean result=actionValid(entityBase,strAction,entityDataRange);
if(!result){
return false;
}
......@@ -61,7 +61,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
else{
EntityBase entityBase= (EntityBase) entity;
return actionValid(entityBase,entityDataRange);
return actionValid(entityBase,strAction,entityDataRange);
}
return true;
}
......@@ -112,7 +112,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
* @param entityDataRange
* @return
*/
private boolean actionValid(EntityBase entity, Set<String> entityDataRange){
private boolean actionValid(EntityBase entity, String action, Set<String> entityDataRange){
Map<String,String> permissionField=getPermissionField(entity);//获取组织、部门预置属性
String orgField=permissionField.get("orgfield");
......@@ -153,18 +153,27 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
}
}
if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue)){
if(action.endsWith("Create")){
if(!ObjectUtils.isEmpty(orgFieldValue) && !userOrg.contains(orgFieldValue))
return false;
}
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue)){
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && !userOrgDept.contains(orgDeptFieldValue))
return false;
}
if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid())){
if(!ObjectUtils.isEmpty(crateManFieldValue) && !crateManFieldValue.equals(authenticationUser.getUserid()))
return false;
}
return true;
}
else{
if(!ObjectUtils.isEmpty(orgFieldValue) && userOrg.contains(orgFieldValue))
return true;
if(!ObjectUtils.isEmpty(orgDeptFieldValue) && userOrgDept.contains(orgDeptFieldValue))
return true;
if(!ObjectUtils.isEmpty(crateManFieldValue) && crateManFieldValue.equals(authenticationUser.getUserid()))
return true;
return false;
}
}
/**
* 获取实体权限字段 orgid/orgsecid
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册