From f4a5ac6412c17a76044b71e6bcdc5cf5ce5e0d15 Mon Sep 17 00:00:00 2001
From: zhou-hao <i@hsweb.me>
Date: Sun, 7 Jan 2018 21:15:03 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=95=B0=E6=8D=AE=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E9=AA=8C=E8=AF=81=E4=BA=8B=E4=BB=B6=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../basic/handler/DefaultAuthorizingHandler.java     | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
index 61126537f..a4ed3d194 100644
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
@@ -58,7 +58,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
             return;
         }
         //进行rdac权限控制
-        handleRdac(context.getAuthentication(), context.getDefinition());
+        handleRBAC(context.getAuthentication(), context.getDefinition());
         //表达式权限控制
         handleExpression(context.getAuthentication(), context.getDefinition(), context.getParamContext());
 
@@ -78,9 +78,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
         return false;
     }
     public void handleDataAccess(AuthorizingContext context) {
-        if(handleEvent(context,HandleType.DATA)){
-            return;
-        }
+
         if (dataAccessController == null) {
             logger.warn("dataAccessController is null,skip result access control!");
             return;
@@ -88,6 +86,10 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
         if(context.getDefinition().getDataAccessDefinition()==null){
             return;
         }
+        if(handleEvent(context,HandleType.DATA)){
+            return;
+        }
+
         List<Permission> permission = context.getAuthentication().getPermissions()
                 .stream()
                 .filter(per -> context.getDefinition().getPermissions().contains(per.getId()))
@@ -140,7 +142,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
         }
     }
 
-    protected void handleRdac(Authentication authentication, AuthorizeDefinition definition) {
+    protected void handleRBAC(Authentication authentication, AuthorizeDefinition definition) {
         boolean access = true;
         //多个设置时的判断逻辑
         Logical logical = definition.getLogical() == Logical.DEFAULT ? Logical.OR : definition.getLogical();