diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/OrganizationalAuthorizationAutoConfiguration.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/OrganizationalAuthorizationAutoConfiguration.java index fd2f5ed7e..24baa1408 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/OrganizationalAuthorizationAutoConfiguration.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/OrganizationalAuthorizationAutoConfiguration.java @@ -23,6 +23,13 @@ public class OrganizationalAuthorizationAutoConfiguration implements BeanPostPro return new AreaScopeDataAccessHandler(); } + + @Bean + @ConditionalOnMissingBean(CustomScopeHandler.class) + public CustomScopeHandler customScopeHandler() { + return new CustomScopeHandler(); + } + @Bean @ConditionalOnMissingBean(DepartmentScopeDataAccessHandler.class) public DepartmentScopeDataAccessHandler departmentScopeDataAccessHandler() { @@ -53,6 +60,12 @@ public class OrganizationalAuthorizationAutoConfiguration implements BeanPostPro return new ScopeDataAccessConfigConvert(); } + @Bean + @ConditionalOnMissingBean(CustomScopeDataAccessConfigConvert.class) + public CustomScopeDataAccessConfigConvert customScopeDataAccessConfigConvert() { + return new CustomScopeDataAccessConfigConvert(); + } + @Override public Object postProcessBeforeInitialization(Object bean, String beanName) throws BeansException { return bean; diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java index d01bc0109..f69dba245 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/access/DataAccessType.java @@ -40,6 +40,6 @@ public interface DataAccessType extends Serializable { /** * 自定义范围 */ - String SCOPE_TYPE_CUSTOM = "CUSTOM"; + String SCOPE_TYPE_CUSTOM = "CUSTOM_SCOPE"; } diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScope.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScope.java new file mode 100644 index 000000000..e1de8ace4 --- /dev/null +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScope.java @@ -0,0 +1,42 @@ +package org.hswebframework.web.organizational.authorization.simple; + +import java.io.Serializable; +import java.util.Set; + +/** + * 自定义范围 + * + * @author zhouhao + */ +public class CustomScope implements Serializable { + + private String type; + + private Set ids; + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + public Set getIds() { + return ids; + } + + public void setIds(Set ids) { + this.ids = ids; + } + + @Override + public int hashCode() { + return (type + "" + ids).hashCode(); + } + + @Override + public boolean equals(Object obj) { + return obj instanceof CustomScope && hashCode() == obj.hashCode(); + } +} diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScopeDataAccessConfigConvert.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScopeDataAccessConfigConvert.java new file mode 100644 index 000000000..c178cf6dd --- /dev/null +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/CustomScopeDataAccessConfigConvert.java @@ -0,0 +1,35 @@ +package org.hswebframework.web.organizational.authorization.simple; + +import com.alibaba.fastjson.JSON; +import org.hswebframework.web.authorization.access.DataAccessConfig; +import org.hswebframework.web.authorization.simple.builder.DataAccessConfigConvert; +import org.hswebframework.web.organizational.authorization.access.DataAccessType; + +import java.util.Arrays; +import java.util.List; + +import static org.hswebframework.web.organizational.authorization.access.DataAccessType.*; + +/** + * TODO 完成注释 + * + * @author zhouhao + */ +public class CustomScopeDataAccessConfigConvert implements DataAccessConfigConvert { + private static final List supportTypes = Arrays.asList( + DataAccessType.SCOPE_TYPE_CUSTOM + ); + + @Override + public boolean isSupport(String type, String action, String config) { + return supportTypes.contains(type); + } + + @Override + public DataAccessConfig convert(String type, String action, String config) { + SimpleCustomScopeDataAccessConfig accessConfig = JSON.parseObject(config, SimpleCustomScopeDataAccessConfig.class); + accessConfig.setAction(action); + + return accessConfig; + } +} diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleCustomScopeDataAccessConfig.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleCustomScopeDataAccessConfig.java new file mode 100644 index 000000000..067162139 --- /dev/null +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleCustomScopeDataAccessConfig.java @@ -0,0 +1,28 @@ +package org.hswebframework.web.organizational.authorization.simple; + +import org.hswebframework.web.authorization.simple.AbstractDataAccessConfig; +import org.hswebframework.web.organizational.authorization.access.DataAccessType; + +import java.util.Set; + +/** + * 自定义范围配置 + * + * @author zhouhao + */ +public class SimpleCustomScopeDataAccessConfig extends AbstractDataAccessConfig { + private Set scope; + + @Override + public String getType() { + return DataAccessType.SCOPE_TYPE_CUSTOM; + } + + public Set getScope() { + return scope; + } + + public void setScope(Set scope) { + this.scope = scope; + } +} diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java index 3929be4c4..89bb79f23 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/SimpleScopeDataAccessConfig.java @@ -28,6 +28,13 @@ public class SimpleScopeDataAccessConfig extends AbstractDataAccessConfig implem this.scope = scope; } + public SimpleScopeDataAccessConfig(String type, String scopeType, String action, Set scope) { + this.scopeType = scopeType; + this.scope = scope; + this.type = type; + setAction(action); + } + @Override public String getScopeType() { return scopeType; diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java index 9b0f5844c..377d1f19e 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java @@ -80,7 +80,7 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan if (scopes.size() == 0) return true; else if (scopes.size() == 1) scope = scopes.iterator().next(); else logger.warn("existing many scope :{} , try use config.", scopes); - scopes = access.getScope().stream().map(String::valueOf).collect(Collectors.toSet()); + scopes = getTryOperationScope(access).stream().map(String::valueOf).collect(Collectors.toSet()); if (scope == null && scopes.size() == 1) { scope = scopes.iterator().next(); } @@ -109,14 +109,10 @@ public abstract class AbstractScopeDataAccessHandler implements DataAccessHan //判断是否满足条件(泛型为 getEntityClass) Class entityType = ClassUtils.getGenericType(controller.getClass(), 0); if (ClassUtils.instanceOf(entityType, getEntityClass())) { - QueryService queryService = - ((QueryController) controller).getService(); + @SuppressWarnings("unchecked") + QueryService queryService = ((QueryController) controller).getService(); E oldData = queryService.selectByPk(id); - if (oldData != null && ids.contains(getOperationScope(oldData))) { - return false; - } else { - return true; - } + return !(oldData != null && !ids.contains(getOperationScope(oldData))); } else { errorMsg = "GenericType[0] not instance of " + getEntityClass(); } diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java new file mode 100644 index 000000000..15be3c4f3 --- /dev/null +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java @@ -0,0 +1,46 @@ +package org.hswebframework.web.organizational.authorization.simple.handler; + +import org.hswebframework.web.authorization.access.DataAccessConfig; +import org.hswebframework.web.authorization.access.DataAccessHandler; +import org.hswebframework.web.authorization.access.ScopeDataAccessConfig; +import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.organizational.authorization.access.DataAccessType; +import org.hswebframework.web.organizational.authorization.simple.CustomScope; +import org.hswebframework.web.organizational.authorization.simple.SimpleCustomScopeDataAccessConfig; +import org.hswebframework.web.organizational.authorization.simple.SimpleScopeDataAccessConfig; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +/** + * TODO 完成注释 + * + * @author zhouhao + */ +public class CustomScopeHandler implements DataAccessHandler { + + private List handlers = Arrays.asList( + new AreaScopeDataAccessHandler(), + new DepartmentScopeDataAccessHandler(), + new OrgScopeDataAccessHandler(), + new PersonScopeDataAccessHandler(), + new PositionScopeDataAccessHandler() + ); + + @Override + public boolean isSupport(DataAccessConfig access) { + return access instanceof SimpleCustomScopeDataAccessConfig; + } + + @Override + public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) { + return ((SimpleCustomScopeDataAccessConfig) access).getScope() + .stream() + .map(scope -> new SimpleScopeDataAccessConfig(scope.getType(), DataAccessType.SCOPE_TYPE_CUSTOM, access.getAction(), new HashSet<>(scope.getIds()))) + .allMatch(accessConfig -> handlers.stream() + .filter(handler -> handler.isSupport(accessConfig)) + .allMatch(handler -> handler.handle(accessConfig, context))); + } +}