mirror of
https://github.com/hs-web/hsweb-framework.git
synced 2026-05-12 16:16:50 +08:00
优化数据权限控制
This commit is contained in:
zhouhao
@@ -4,7 +4,6 @@ import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.hswebframework.web.authorization.simple.AbstractDataAccessConfig;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
@@ -19,6 +18,8 @@ public class ScopeByUserDataAccessConfig extends AbstractDataAccessConfig {
|
||||
|
||||
private String scopeType;
|
||||
|
||||
private String scopeTypeName;
|
||||
|
||||
private Set<String> scope;
|
||||
|
||||
private boolean children;
|
||||
|
||||
@@ -105,7 +105,7 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
if (targetId == null) {
|
||||
return true;
|
||||
}
|
||||
return scopeInfo.scope.contains(controllerCache.targetIdGetter.apply(entity));
|
||||
return scopeInfo.allScope.contains(controllerCache.targetIdGetter.apply(entity));
|
||||
}
|
||||
} else {
|
||||
log.warn("Controller没有实现任何通用CURD功能,无法进行数据权限控制!");
|
||||
@@ -116,7 +116,7 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
|
||||
private ScopeInfo getScope(ScopeByUserDataAccessConfig config, PersonnelAuthentication authentication) {
|
||||
String termType = null;
|
||||
Set<String> scope = null;
|
||||
Set<String> scope = null, allScope = null;
|
||||
ScopeInfo scopeInfo = new ScopeInfo();
|
||||
if (authentication == null) {
|
||||
return scopeInfo;
|
||||
@@ -127,29 +127,37 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
case DataAccessType.ORG_SCOPE:
|
||||
termType = "user-in-org";
|
||||
scope = authentication.getRootOrgId();
|
||||
allScope = config.isChildren() ? authentication.getAllOrgId() : scope;
|
||||
break;
|
||||
case DataAccessType.DEPARTMENT_SCOPE:
|
||||
termType = "user-in-department";
|
||||
scope = authentication.getRootDepartmentId();
|
||||
allScope = config.isChildren() ? authentication.getAllDepartmentId() : scope;
|
||||
break;
|
||||
case DataAccessType.POSITION_SCOPE:
|
||||
termType = "user-in-position";
|
||||
scope = authentication.getRootPositionId();
|
||||
allScope = config.isChildren() ? authentication.getAllPositionId() : scope;
|
||||
break;
|
||||
case DataAccessType.DISTRICT_SCOPE:
|
||||
termType = "user-in-dist";
|
||||
scope = authentication.getRootDistrictId();
|
||||
allScope = config.isChildren() ? authentication.getAllDistrictId() : scope;
|
||||
break;
|
||||
case "CUSTOM_SCOPE_ORG":
|
||||
termType = "user-in-org";
|
||||
scope = config.getScope();
|
||||
allScope = scope;
|
||||
break;
|
||||
case "CUSTOM_SCOPE_DEPT":
|
||||
termType = "user-in-department";
|
||||
scope = config.getScope();
|
||||
allScope = scope;
|
||||
break;
|
||||
case "CUSTOM_SCOPE_DIST":
|
||||
termType = "user-in-dist";
|
||||
scope = config.getScope();
|
||||
allScope = scope;
|
||||
break;
|
||||
default:
|
||||
log.warn("不支持的数据权限范围:{}", config.getScopeType());
|
||||
@@ -157,7 +165,8 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
if (termType == null) {
|
||||
return scopeInfo;
|
||||
}
|
||||
scopeInfo.scope = scope;
|
||||
scopeInfo.scope = new ArrayList<>(scope);
|
||||
scopeInfo.allScope = new ArrayList<>(allScope);
|
||||
scopeInfo.termType = termType;
|
||||
if (config.isChildren()) {
|
||||
scopeInfo.termType = termType + termType.concat("-child");
|
||||
@@ -169,7 +178,8 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
class ScopeInfo {
|
||||
String termType;
|
||||
|
||||
Set<String> scope;
|
||||
List<String> scope;
|
||||
List<String> allScope;
|
||||
|
||||
Consumer<Query<?, QueryParamEntity>> notUserConsumer;
|
||||
|
||||
@@ -244,27 +254,27 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
if (RecordCreationEntity.class.isAssignableFrom(entityClass)) {
|
||||
controllerCache.targetIdGetter = createGetter(RecordCreationEntity.class, RecordCreationEntity::getCreatorId);
|
||||
controllerCache.queryConsumer = (query, scopeInfo) -> {
|
||||
query.and(getControlProperty(entityClass, RecordCreationEntity::getCreatorIdProperty), scopeInfo.termType, scopeInfo.scope);
|
||||
query.in(getControlProperty(entityClass, RecordCreationEntity::getCreatorIdProperty), scopeInfo.termType, scopeInfo.scope);
|
||||
};
|
||||
} else if (OrgAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("ORG")) {
|
||||
controllerCache.targetIdGetter = createGetter(OrgAttachEntity.class, OrgAttachEntity::getOrgId);
|
||||
controllerCache.queryConsumer = (query, scopeInfo) -> {
|
||||
query.and(getControlProperty(entityClass, OrgAttachEntity::getOrgIdProperty), children ? "org-child-in" : "org-in", scopeInfo.scope);
|
||||
query.and(getControlProperty(entityClass, OrgAttachEntity::getOrgIdProperty), children ? "org-child-in" : "in", scopeInfo.scope);
|
||||
};
|
||||
} else if (DepartmentAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("DEPT")) {
|
||||
controllerCache.targetIdGetter = createGetter(DepartmentAttachEntity.class, DepartmentAttachEntity::getDepartmentId);
|
||||
controllerCache.queryConsumer = (query, scopeInfo) -> {
|
||||
query.and(getControlProperty(entityClass, DepartmentAttachEntity::getDepartmentIdProperty), children ? "dept-child-in" : "dept-in", scopeInfo.scope);
|
||||
query.and(getControlProperty(entityClass, DepartmentAttachEntity::getDepartmentIdProperty), children ? "dept-child-in" : "in", scopeInfo.scope);
|
||||
};
|
||||
} else if (PositionAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("POS")) {
|
||||
controllerCache.targetIdGetter = createGetter(PositionAttachEntity.class, PositionAttachEntity::getPositionId);
|
||||
controllerCache.queryConsumer = (query, scopeInfo) -> {
|
||||
query.and(getControlProperty(entityClass, PositionAttachEntity::getPositionIdProperty), children ? "pos-child-in" : "pos-in", scopeInfo.scope);
|
||||
query.and(getControlProperty(entityClass, PositionAttachEntity::getPositionIdProperty), children ? "pos-child-in" : "in", scopeInfo.scope);
|
||||
};
|
||||
} else if (DistrictAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("DIST")) {
|
||||
controllerCache.targetIdGetter = createGetter(DistrictAttachEntity.class, DistrictAttachEntity::getDistrictId);
|
||||
controllerCache.queryConsumer = (query, scopeInfo) -> {
|
||||
query.and(getControlProperty(entityClass, DistrictAttachEntity::getDistrictIdProperty), children ? "dist-child-in" : "dist-in", scopeInfo.scope);
|
||||
query.and(getControlProperty(entityClass, DistrictAttachEntity::getDistrictIdProperty), children ? "dist-child-in" : "in", scopeInfo.scope);
|
||||
};
|
||||
} else {
|
||||
String userIdField = getUserField(entityClass);
|
||||
@@ -305,11 +315,11 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
result = ((ResponseMessage) result).getResult();
|
||||
}
|
||||
String value = controllerCache.targetIdGetter.apply(result);
|
||||
log.debug("执行数据权限控制,scope:{},target:{}", scopeInfo.scope, value);
|
||||
log.debug("执行数据权限控制[{}],scope:{},target:{}", config.getScopeTypeName(), scopeInfo.scope, value);
|
||||
if (value == null) {
|
||||
return true;
|
||||
}
|
||||
return scopeInfo.scope.contains(value);
|
||||
return scopeInfo.allScope.contains(value);
|
||||
}
|
||||
|
||||
Entity entity = context.getParamContext()
|
||||
@@ -324,7 +334,7 @@ public class ScopeByUserHandler implements DataAccessHandler {
|
||||
if (entity instanceof QueryParamEntity) {
|
||||
QueryParamEntity param = ((QueryParamEntity) entity);
|
||||
param.toNestQuery(query -> {
|
||||
log.debug("执行查询数据权限控制,scope:{}", scopeInfo.scope);
|
||||
log.debug("执行查询数据权限控制[{}],scope:{}", config.getScopeTypeName(), scopeInfo.scope);
|
||||
controllerCache.queryConsumer.accept(query, scopeInfo);
|
||||
});
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user