diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java index 99b943422..64201312e 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java @@ -17,6 +17,7 @@ import org.springframework.http.ResponseEntity; import java.lang.reflect.InvocationTargetException; import java.util.Collection; +import java.util.List; import java.util.Map; import java.util.Set; @@ -87,7 +88,7 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler { @SuppressWarnings("all") protected boolean doQueryAccess(FieldFilterDataAccessConfig access, AuthorizingContext context) { - if (context.getDefinition().getPhased() == Phased.before) { + if (context.getDefinition().getDataAccessDefinition().getPhased() == Phased.before) { QueryParamEntity entity = context.getParamContext().getParams() .values().stream() .filter(QueryParamEntity.class::isInstance) @@ -97,7 +98,8 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler { logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity"); return true; } - entity.excludes(access.getFields().toArray(new String[access.getFields().size()])); + Set denyFields = access.getFields(); + entity.excludes(denyFields.toArray(new String[denyFields.size()])); } else { Object result = InvokeResultUtils.convertRealResult(context.getParamContext().getInvokeResult()); if (result instanceof Collection) { diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java index 4131da265..351d80a03 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java @@ -84,7 +84,7 @@ public class FieldScopeDataAccessHandler implements DataAccessHandler { @SuppressWarnings("all") protected boolean doQueryAccess(FieldScopeDataAccessConfig access, AuthorizingContext context) { - if (context.getDefinition().getPhased() == Phased.before) { + if (context.getDefinition().getDataAccessDefinition().getPhased() == Phased.before) { QueryParamEntity entity = context.getParamContext().getParams() .values().stream() .filter(QueryParamEntity.class::isInstance) diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/InvokeResultUtils.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/InvokeResultUtils.java index b79bd9ead..2256a47aa 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/InvokeResultUtils.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/InvokeResultUtils.java @@ -1,15 +1,19 @@ package org.hswebframework.web.authorization.basic.handler.access; +import org.hswebframework.web.commons.entity.PagerResult; import org.hswebframework.web.controller.message.ResponseMessage; import org.springframework.http.ResponseEntity; public class InvokeResultUtils { public static Object convertRealResult(Object result) { - if (result instanceof ResponseMessage) { - return ((ResponseMessage) result).getResult(); - } if (result instanceof ResponseEntity) { - return ((ResponseEntity) result).getBody(); + result = ((ResponseEntity) result).getBody(); + } + if (result instanceof ResponseMessage) { + result = ((ResponseMessage) result).getResult(); + } + if (result instanceof PagerResult) { + result = ((PagerResult) result).getData(); } return result; } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java index abe15f47d..4f70701cf 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java @@ -99,7 +99,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { protected boolean doQueryAccess(OwnCreatedDataAccessConfig access, AuthorizingContext context) { String userId = context.getAuthentication().getUser().getId(); - if (context.getDefinition().getPhased() == Phased.before) { + if (context.getDefinition().getDataAccessDefinition().getPhased() == Phased.before) { Entity entity = context.getParamContext().getParams() .values().stream() .filter(Entity.class::isInstance) @@ -144,8 +144,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler { } else if (result instanceof Collection) { Collection collection = ((Collection) result); //删掉不能访问的对象 - collection.removeAll(collection.stream().filter((Object o) -> !matchCreatorId(o, userId)) - .collect(Collectors.toList())); + collection.removeAll(collection.stream().filter((Object o) -> !matchCreatorId(o, userId)).collect(Collectors.toList())); } else { try { return userId.equals(PropertyUtils.getProperty(result, "creatorId"));