From 7b445cdf083c1d8cc8ef686ffda53f1e9cdee3f6 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Fri, 21 Dec 2018 18:58:42 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=95=B0=E6=8D=AE=E6=9D=83?= =?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../simple/ScopeByUserDataAccessConfig.java | 3 +- .../simple/handler/ScopeByUserHandler.java | 34 ++++++++++++------- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/ScopeByUserDataAccessConfig.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/ScopeByUserDataAccessConfig.java index 64dca75ab..c410f3ed1 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/ScopeByUserDataAccessConfig.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/ScopeByUserDataAccessConfig.java @@ -4,7 +4,6 @@ import lombok.Getter; import lombok.Setter; import org.hswebframework.web.authorization.simple.AbstractDataAccessConfig; -import java.util.List; import java.util.Set; /** @@ -19,6 +18,8 @@ public class ScopeByUserDataAccessConfig extends AbstractDataAccessConfig { private String scopeType; + private String scopeTypeName; + private Set scope; private boolean children; diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/ScopeByUserHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/ScopeByUserHandler.java index eadf353b3..1be995dad 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/ScopeByUserHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/ScopeByUserHandler.java @@ -105,7 +105,7 @@ public class ScopeByUserHandler implements DataAccessHandler { if (targetId == null) { return true; } - return scopeInfo.scope.contains(controllerCache.targetIdGetter.apply(entity)); + return scopeInfo.allScope.contains(controllerCache.targetIdGetter.apply(entity)); } } else { log.warn("Controller没有实现任何通用CURD功能,无法进行数据权限控制!"); @@ -116,7 +116,7 @@ public class ScopeByUserHandler implements DataAccessHandler { private ScopeInfo getScope(ScopeByUserDataAccessConfig config, PersonnelAuthentication authentication) { String termType = null; - Set scope = null; + Set scope = null, allScope = null; ScopeInfo scopeInfo = new ScopeInfo(); if (authentication == null) { return scopeInfo; @@ -127,29 +127,37 @@ public class ScopeByUserHandler implements DataAccessHandler { case DataAccessType.ORG_SCOPE: termType = "user-in-org"; scope = authentication.getRootOrgId(); + allScope = config.isChildren() ? authentication.getAllOrgId() : scope; break; case DataAccessType.DEPARTMENT_SCOPE: termType = "user-in-department"; scope = authentication.getRootDepartmentId(); + allScope = config.isChildren() ? authentication.getAllDepartmentId() : scope; break; case DataAccessType.POSITION_SCOPE: termType = "user-in-position"; + scope = authentication.getRootPositionId(); + allScope = config.isChildren() ? authentication.getAllPositionId() : scope; break; case DataAccessType.DISTRICT_SCOPE: termType = "user-in-dist"; scope = authentication.getRootDistrictId(); + allScope = config.isChildren() ? authentication.getAllDistrictId() : scope; break; case "CUSTOM_SCOPE_ORG": termType = "user-in-org"; scope = config.getScope(); + allScope = scope; break; case "CUSTOM_SCOPE_DEPT": termType = "user-in-department"; scope = config.getScope(); + allScope = scope; break; case "CUSTOM_SCOPE_DIST": termType = "user-in-dist"; scope = config.getScope(); + allScope = scope; break; default: log.warn("不支持的数据权限范围:{}", config.getScopeType()); @@ -157,7 +165,8 @@ public class ScopeByUserHandler implements DataAccessHandler { if (termType == null) { return scopeInfo; } - scopeInfo.scope = scope; + scopeInfo.scope = new ArrayList<>(scope); + scopeInfo.allScope = new ArrayList<>(allScope); scopeInfo.termType = termType; if (config.isChildren()) { scopeInfo.termType = termType + termType.concat("-child"); @@ -169,7 +178,8 @@ public class ScopeByUserHandler implements DataAccessHandler { class ScopeInfo { String termType; - Set scope; + List scope; + List allScope; Consumer> notUserConsumer; @@ -244,27 +254,27 @@ public class ScopeByUserHandler implements DataAccessHandler { if (RecordCreationEntity.class.isAssignableFrom(entityClass)) { controllerCache.targetIdGetter = createGetter(RecordCreationEntity.class, RecordCreationEntity::getCreatorId); controllerCache.queryConsumer = (query, scopeInfo) -> { - query.and(getControlProperty(entityClass, RecordCreationEntity::getCreatorIdProperty), scopeInfo.termType, scopeInfo.scope); + query.in(getControlProperty(entityClass, RecordCreationEntity::getCreatorIdProperty), scopeInfo.termType, scopeInfo.scope); }; } else if (OrgAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("ORG")) { controllerCache.targetIdGetter = createGetter(OrgAttachEntity.class, OrgAttachEntity::getOrgId); controllerCache.queryConsumer = (query, scopeInfo) -> { - query.and(getControlProperty(entityClass, OrgAttachEntity::getOrgIdProperty), children ? "org-child-in" : "org-in", scopeInfo.scope); + query.and(getControlProperty(entityClass, OrgAttachEntity::getOrgIdProperty), children ? "org-child-in" : "in", scopeInfo.scope); }; } else if (DepartmentAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("DEPT")) { controllerCache.targetIdGetter = createGetter(DepartmentAttachEntity.class, DepartmentAttachEntity::getDepartmentId); controllerCache.queryConsumer = (query, scopeInfo) -> { - query.and(getControlProperty(entityClass, DepartmentAttachEntity::getDepartmentIdProperty), children ? "dept-child-in" : "dept-in", scopeInfo.scope); + query.and(getControlProperty(entityClass, DepartmentAttachEntity::getDepartmentIdProperty), children ? "dept-child-in" : "in", scopeInfo.scope); }; } else if (PositionAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("POS")) { controllerCache.targetIdGetter = createGetter(PositionAttachEntity.class, PositionAttachEntity::getPositionId); controllerCache.queryConsumer = (query, scopeInfo) -> { - query.and(getControlProperty(entityClass, PositionAttachEntity::getPositionIdProperty), children ? "pos-child-in" : "pos-in", scopeInfo.scope); + query.and(getControlProperty(entityClass, PositionAttachEntity::getPositionIdProperty), children ? "pos-child-in" : "in", scopeInfo.scope); }; } else if (DistrictAttachEntity.class.isAssignableFrom(entityClass) && config.getScopeType().contains("DIST")) { controllerCache.targetIdGetter = createGetter(DistrictAttachEntity.class, DistrictAttachEntity::getDistrictId); controllerCache.queryConsumer = (query, scopeInfo) -> { - query.and(getControlProperty(entityClass, DistrictAttachEntity::getDistrictIdProperty), children ? "dist-child-in" : "dist-in", scopeInfo.scope); + query.and(getControlProperty(entityClass, DistrictAttachEntity::getDistrictIdProperty), children ? "dist-child-in" : "in", scopeInfo.scope); }; } else { String userIdField = getUserField(entityClass); @@ -305,11 +315,11 @@ public class ScopeByUserHandler implements DataAccessHandler { result = ((ResponseMessage) result).getResult(); } String value = controllerCache.targetIdGetter.apply(result); - log.debug("执行数据权限控制,scope:{},target:{}", scopeInfo.scope, value); + log.debug("执行数据权限控制[{}],scope:{},target:{}", config.getScopeTypeName(), scopeInfo.scope, value); if (value == null) { return true; } - return scopeInfo.scope.contains(value); + return scopeInfo.allScope.contains(value); } Entity entity = context.getParamContext() @@ -324,7 +334,7 @@ public class ScopeByUserHandler implements DataAccessHandler { if (entity instanceof QueryParamEntity) { QueryParamEntity param = ((QueryParamEntity) entity); param.toNestQuery(query -> { - log.debug("执行查询数据权限控制,scope:{}", scopeInfo.scope); + log.debug("执行查询数据权限控制[{}],scope:{}", config.getScopeTypeName(), scopeInfo.scope); controllerCache.queryConsumer.accept(query, scopeInfo); }); }