作者:钟剑华 历史版本:1 最后编辑:龚清 更新时间:2024-09-20 15:13
适用版本:3.4.5+;
数据权限的开发示例
1.需要配合配置用户权限设置或者角色权限设置使用;用户管理-员工/角色管理-编辑-权限设置
2.示例中用户权限优先级大于角色权限
3.示例中获取权限数据,并设置到queryFilter,最后由系统生成对应的查询语句
4.设置需要传入数据表存储用户id或者组织id的字段名
package com.lc.ibps.form.provider;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.api.base.query.QueryFilter;
import com.lc.ibps.api.base.query.QueryOP;
import com.lc.ibps.api.org.constant.PartyRightsType;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.JacksonUtil;
import com.lc.ibps.cloud.entity.APIPageList;
import com.lc.ibps.cloud.entity.APIRequest;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.provider.GenericProvider;
import com.lc.ibps.form.form.persistence.entity.FormDefPo;
import com.lc.ibps.form.form.repository.FormDefRepository;
import com.lc.ibps.form.util.PartyRightsUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import jodd.util.StringUtil;
@Api(tags = "权限脚本例子", value = "权限脚本例子")
@Validated
@RequestMapping(value = "/rights/demo")
@RestController
public class RightsDemoProvider extends GenericProvider {
@Resource
private FormDefRepository formDefRepository;
@ApiOperation(value = "表单管理列表(分页条件查询)数据", notes = "表单管理列表(分页条件查询)数据")
@RequestMapping(value = "/query", method = RequestMethod.POST)
public APIResult<APIPageList<FormDefPo>> query(@ApiParam(name = "request", value = "传入查询请求json字符串",
required = true) @RequestBody(required = true) APIRequest request) {
APIResult<APIPageList<FormDefPo>> result = new APIResult<>();
try {
QueryFilter queryFilter = getQueryFilter(request);
// 获取用户的权限信息,并设置到queryFilter里面
handleRights(queryFilter, "formDef.create_by_", null);
formDefRepository.setSkipInternal();
List<FormDefPo> formDefPos = formDefRepository.query(queryFilter);
formDefRepository.removeSkipInternal();
APIPageList<FormDefPo> data = getAPIPageList(formDefPos);
result.setData(data);
} catch (Exception e) {
setExceptionResult(result, StateEnum.ERROR_FORM.getCode(), StateEnum.ERROR_FORM.getText(), e);
}
return result;
}
/**
* 添加权限过滤
*
* @param queryFilter
* @param userIdfield 用户id数据库字段名
* @param orgIdfield 组织id数据库字段名
*/
public void handleRights(QueryFilter queryFilter, String userIdfield, String orgIdfield) {
Map<String, Object> rightsMap = PartyRightsUtil.getRightsMap();
Object userRightsObj = rightsMap.get("userRightses");
Object roleRightsObj = rightsMap.get("roleRightses");
List<String> userIds = new ArrayList<>();
// 用户权限优先级大于组织权限
if (BeanUtils.isNotEmpty(userRightsObj)) {
List<?> rightses = (List<?>)userRightsObj;
calc(queryFilter, userIdfield, orgIdfield, userIds, rightses);
} else if (BeanUtils.isNotEmpty(roleRightsObj)) {
List<?> rightses = (List<?>)roleRightsObj;
calc(queryFilter, userIdfield, orgIdfield, userIds, rightses);
}
}
/**
* 计算并设置queryFilter
*
* @param queryFilter
* @param userIdfield
* @param orgIdfield
* @param userIds
* @param rightses
*/
@SuppressWarnings("unchecked")
private void calc(QueryFilter queryFilter, String userIdfield, String orgIdfield, List<String> userIds, List<?> rightses) {
// 遍历权限数据
for (Object obj : rightses) {
Map<String, Object> partyUserRightsPo = JacksonUtil.toMap(JacksonUtil.toJsonString(obj));
if (PartyRightsType.ALL.getValue().equals(partyUserRightsPo.get("dimension"))) {
// 所有权限可以不管
} else if (PartyRightsType.NONE.getValue().equals(partyUserRightsPo.get("dimension"))) {
queryFilter.addFilterWithRealValue("1", 1, 1, QueryOP.NOT_EQUAL); // 无权限
} else {
userIds.addAll((List<String>)partyUserRightsPo.get("ids"));
if (BeanUtils.isEmpty(userIds)) {
queryFilter.addFilterWithRealValue("1", 1, 1, QueryOP.NOT_EQUAL); //没有值,当没有权限处理
continue;
}
userIds = new ArrayList<>(new HashSet<String>(userIds));
if ("user".equalsIgnoreCase((String)partyUserRightsPo.get("objectNature")) && StringUtil.isNotBlank(userIdfield)) {
queryFilter.addFilterWithRealValue(userIdfield, userIds, userIds, QueryOP.IN);
} else if ("org".equalsIgnoreCase((String)partyUserRightsPo.get("objectNature")) && StringUtil.isNotBlank(orgIdfield)) {
queryFilter.addFilterWithRealValue(orgIdfield, userIds, userIds, QueryOP.IN);
}
}
}
}
}