优化组织架构权限控制

2026-06-02 02:43:59 +08:00 · 2017-08-17 18:26:13 +08:00
parent 19b4547517
commit 7c60686cd4
8 changed files with 176 additions and 9 deletions
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/OrganizationalAuthorizationAutoConfiguration.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/OrganizationalAuthorizationAutoConfiguration.java
@@ -23,6 +23,13 @@ public class OrganizationalAuthorizationAutoConfiguration implements BeanPostPro
        return new AreaScopeDataAccessHandler();
    }

+
+    @Bean
+    @ConditionalOnMissingBean(CustomScopeHandler.class)
+    public CustomScopeHandler customScopeHandler() {
+        return new CustomScopeHandler();
+    }
+
    @Bean
    @ConditionalOnMissingBean(DepartmentScopeDataAccessHandler.class)
    public DepartmentScopeDataAccessHandler departmentScopeDataAccessHandler() {
@@ -53,6 +60,12 @@ public class OrganizationalAuthorizationAutoConfiguration implements BeanPostPro
        return new ScopeDataAccessConfigConvert();
    }

+    @Bean
+    @ConditionalOnMissingBean(CustomScopeDataAccessConfigConvert.class)
+    public CustomScopeDataAccessConfigConvert customScopeDataAccessConfigConvert() {
+        return new CustomScopeDataAccessConfigConvert();
+    }
+
    @Override
    public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException {
        return bean;
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java
@@ -40,6 +40,6 @@ public interface DataAccessType extends Serializable {
    /**
     * 自定义范围
     */
-    String SCOPE_TYPE_CUSTOM    = "CUSTOM";
+    String SCOPE_TYPE_CUSTOM    = "CUSTOM_SCOPE";

 }
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScope.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScope.java
@@ -0,0 +1,42 @@
+package org.hswebframework.web.organizational.authorization.simple;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * 自定义范围
+ *
+ * @author zhouhao
+ */
+public class CustomScope implements Serializable {
+
+    private String type;
+
+    private Set<String> ids;
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public Set<String> getIds() {
+        return ids;
+    }
+
+    public void setIds(Set<String> ids) {
+        this.ids = ids;
+    }
+
+    @Override
+    public int hashCode() {
+        return (type + "" + ids).hashCode();
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        return obj instanceof CustomScope && hashCode() == obj.hashCode();
+    }
+}
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScopeDataAccessConfigConvert.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScopeDataAccessConfigConvert.java
@@ -0,0 +1,35 @@
+package org.hswebframework.web.organizational.authorization.simple;
+
+import com.alibaba.fastjson.JSON;
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.simple.builder.DataAccessConfigConvert;
+import org.hswebframework.web.organizational.authorization.access.DataAccessType;
+
+import java.util.Arrays;
+import java.util.List;
+
+import static org.hswebframework.web.organizational.authorization.access.DataAccessType.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class CustomScopeDataAccessConfigConvert implements DataAccessConfigConvert {
+    private static final List<String> supportTypes = Arrays.asList(
+            DataAccessType.SCOPE_TYPE_CUSTOM
+    );
+
+    @Override
+    public boolean isSupport(String type, String action, String config) {
+        return supportTypes.contains(type);
+    }
+
+    @Override
+    public DataAccessConfig convert(String type, String action, String config) {
+        SimpleCustomScopeDataAccessConfig accessConfig = JSON.parseObject(config, SimpleCustomScopeDataAccessConfig.class);
+        accessConfig.setAction(action);
+
+        return accessConfig;
+    }
+}
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleCustomScopeDataAccessConfig.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleCustomScopeDataAccessConfig.java
@@ -0,0 +1,28 @@
+package org.hswebframework.web.organizational.authorization.simple;
+
+import org.hswebframework.web.authorization.simple.AbstractDataAccessConfig;
+import org.hswebframework.web.organizational.authorization.access.DataAccessType;
+
+import java.util.Set;
+
+/**
+ * 自定义范围配置
+ *
+ * @author zhouhao
+ */
+public class SimpleCustomScopeDataAccessConfig extends AbstractDataAccessConfig {
+    private Set<CustomScope> scope;
+
+    @Override
+    public String getType() {
+        return DataAccessType.SCOPE_TYPE_CUSTOM;
+    }
+
+    public Set<CustomScope> getScope() {
+        return scope;
+    }
+
+    public void setScope(Set<CustomScope> scope) {
+        this.scope = scope;
+    }
+}
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java
@@ -28,6 +28,13 @@ public class SimpleScopeDataAccessConfig extends AbstractDataAccessConfig implem
        this.scope = scope;
    }

+    public SimpleScopeDataAccessConfig(String type, String scopeType, String action, Set<Object> scope) {
+        this.scopeType = scopeType;
+        this.scope = scope;
+        this.type = type;
+        setAction(action);
+    }
+
    @Override
    public String getScopeType() {
        return scopeType;
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java
@@ -80,7 +80,7 @@ public abstract class AbstractScopeDataAccessHandler<E> implements DataAccessHan
        if (scopes.size() == 0) return true;
        else if (scopes.size() == 1) scope = scopes.iterator().next();
        else logger.warn("existing many scope :{} , try use config.", scopes);
-        scopes = access.getScope().stream().map(String::valueOf).collect(Collectors.toSet());
+        scopes = getTryOperationScope(access).stream().map(String::valueOf).collect(Collectors.toSet());
        if (scope == null && scopes.size() == 1) {
            scope = scopes.iterator().next();
        }
@@ -109,14 +109,10 @@ public abstract class AbstractScopeDataAccessHandler<E> implements DataAccessHan
            //判断是否满足条件(泛型为 getEntityClass)
            Class entityType = ClassUtils.getGenericType(controller.getClass(), 0);
            if (ClassUtils.instanceOf(entityType, getEntityClass())) {
-                QueryService<E, Object> queryService =
-                        ((QueryController<E, Object, Entity>) controller).getService();
+                @SuppressWarnings("unchecked")
+                QueryService<E, Object> queryService = ((QueryController<E, Object, Entity>) controller).getService();
                E oldData = queryService.selectByPk(id);
-                if (oldData != null && ids.contains(getOperationScope(oldData))) {
-                    return false;
-                } else {
-                    return true;
-                }
+                return !(oldData != null && !ids.contains(getOperationScope(oldData)));
            } else {
                errorMsg = "GenericType[0] not instance of " + getEntityClass();
            }
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java
@@ -0,0 +1,46 @@
+package org.hswebframework.web.organizational.authorization.simple.handler;
+
+import org.hswebframework.web.authorization.access.DataAccessConfig;
+import org.hswebframework.web.authorization.access.DataAccessHandler;
+import org.hswebframework.web.authorization.access.ScopeDataAccessConfig;
+import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
+import org.hswebframework.web.organizational.authorization.access.DataAccessType;
+import org.hswebframework.web.organizational.authorization.simple.CustomScope;
+import org.hswebframework.web.organizational.authorization.simple.SimpleCustomScopeDataAccessConfig;
+import org.hswebframework.web.organizational.authorization.simple.SimpleScopeDataAccessConfig;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class CustomScopeHandler implements DataAccessHandler {
+
+    private List<DataAccessHandler> handlers = Arrays.asList(
+            new AreaScopeDataAccessHandler(),
+            new DepartmentScopeDataAccessHandler(),
+            new OrgScopeDataAccessHandler(),
+            new PersonScopeDataAccessHandler(),
+            new PositionScopeDataAccessHandler()
+    );
+
+    @Override
+    public boolean isSupport(DataAccessConfig access) {
+        return access instanceof SimpleCustomScopeDataAccessConfig;
+    }
+
+    @Override
+    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
+        return ((SimpleCustomScopeDataAccessConfig) access).getScope()
+                .stream()
+                .map(scope -> new SimpleScopeDataAccessConfig(scope.getType(), DataAccessType.SCOPE_TYPE_CUSTOM, access.getAction(), new HashSet<>(scope.getIds())))
+                .allMatch(accessConfig -> handlers.stream()
+                        .filter(handler -> handler.isSupport(accessConfig))
+                        .allMatch(handler -> handler.handle(accessConfig, context)));
+    }
+}