Kaynağa Gözat

删除权限

shiqian 4 yıl önce
ebeveyn
işleme
06bd9c2da0

+ 11 - 0
boman-web-core/src/main/java/com/boman/web/core/domain/RowResult.java

@@ -7,6 +7,9 @@ package com.boman.web.core.domain;
  **/
 public class RowResult {
 
+    public static final Integer FAIL = -1;
+    public static final Integer OK = 0;
+
     private Integer code;
     private String message;
     private Object data;
@@ -22,6 +25,14 @@ public class RowResult {
         return create(0, message);
     }
 
+    public static RowResult ok() {
+        return create(0, "成功");
+    }
+
+    public static RowResult fail() {
+        return create(-1, "失败");
+    }
+
     public static RowResult ok(String message, Object data) {
         return create(0, message, data);
     }

+ 28 - 44
boman-web-core/src/main/java/com/boman/web/core/service/TableServiceCmdService.java

@@ -182,37 +182,29 @@ public class TableServiceCmdService {
         String pkName = IdUtils.getPkName(genTable.getColumns());
 
         Long[] idArr = CollectionUtils.listToArray(dto.getIdList());
-        requireNonNull(idArr);
+        requireNonNull(idArr, "删除时,所传idList为空");
 
+        RowResult rowResult;
         List<RowResult> result = Lists.newArrayListWithCapacity(idArr.length);
         for (Long id : idArr) {
-        // 校验权限
-            checkAuthObjectDelete(genTable, id);
-            RowResult rowResult = deleteService.deleteById(dto.getTable(), pkName, id);
+            // 校验权限
+            if (BooleanUtils.isTrue(checkAuthObjectDelete(genTable, id, pkName))) {
+                rowResult = deleteService.deleteById(dto.getTable(), pkName, id);
+                if (rowResult.isOk()) {
+                    LOGGER.info("删除成功, tableName: {}, id: {}, 操作人: {}", tableContext.getTableName(), id, getLoginUser().getUsername());
+                    continue;
+                }
+                LOGGER.info("删除失败, tableName: {}, id: {}, 操作人: {}", tableContext.getTableName(), id, getLoginUser().getUsername());
+            } else {
+                rowResult = RowResult.create(RowResult.FAIL, "无操作权限");
+            }
+
             result.add(rowResult);
-            LOGGER.info(rowResult.getMessage() + ", id: {}", id);
         }
 
-        // RowResult rowResult = deleteService.objectDelete(idArr, dto.getTable(), requireNonNull(pkName, "主键名称为空"));
-
         return AjaxResult.success(result);
     }
 
-    private void checkAuthObjectDelete(GenTable genTable, Long id) {
-        String tableName = genTable.getTableName();
-        String functionName = genTable.getFunctionName();
-        LoginUser loginUser = getLoginUser();
-        if (SysUser.isAdmin(loginUser.getUserid())) {
-            return;
-        }
-
-        containsFunction(genTable.getMenuRole(), GenTable.D, "模块:[" + functionName + "], 没有删除功能");
-        checkPermsAuth(tableName, GenTable.D);
-        checkRoleDataAuth(tableName, IdUtils.getPkName(genTable.getColumns()), id);
-    }
-
-
-
     /**
      * 功能描述: 通用删除接口 (真的删除)
      *
@@ -231,10 +223,22 @@ public class TableServiceCmdService {
         List<RowResult> result = Lists.newArrayListWithCapacity(idArr.length);
         JSONObject jsonObject = new JSONObject();
         jsonObject.put(dto.getLogicDelName(), dto.getLogicDelValue());
+
+        RowResult rowResult;
         for (Long id : idArr) {
-            RowResult rowResult = deleteService.objectLogicDelete(new Long[]{id}, dto.getTable(), pkName, jsonObject);
+            // 校验权限
+            if (BooleanUtils.isTrue(checkAuthObjectDelete(genTable, id, pkName))) {
+                rowResult = deleteService.objectLogicDelete(new Long[]{id}, dto.getTable(), pkName, jsonObject);
+                if (rowResult.isOk()) {
+                    LOGGER.info("逻辑删除成功, tableName: {}, id: {}, 操作人: {}", tableContext.getTableName(), id, getLoginUser().getUsername());
+                    continue;
+                }
+                LOGGER.info("逻辑删除失败, tableName: {}, id: {}, 操作人: {}", tableContext.getTableName(), id, getLoginUser().getUsername());
+            } else {
+                rowResult = RowResult.create(RowResult.FAIL, "无操作权限");
+            }
+
             result.add(rowResult);
-            LOGGER.info(rowResult.getMessage() + ", id: {}", id);
         }
 
         return AjaxResult.success(result);
@@ -290,26 +294,6 @@ public class TableServiceCmdService {
         return AjaxResult.success(rows);
     }
 
-    private void checkQueryListAuth(GenTable genTable, JSONObject condition) {
-        containsFunction(genTable.getMenuRole(), GenTable.Q, "此模块:[" + genTable.getTableName() + "], 没有查询功能");
-
-        LoginUser loginUser = AuthUtils.getLoginUser();
-        if (SysUser.isAdmin(loginUser.getUserid())) {
-            return;
-        }
-
-        List<Long> roleIdList = map(loginUser.getSysUser().getRoles(), SysRole::getId);
-        List<SysRoleData> roleDataList = remoteRoleDataService.listByRoleIdList(roleIdList);
-        if (isEmpty(roleDataList)) {
-            return;
-        }
-        // 此张表所对应的roleData
-        SysRoleData roleData = filterOne(roleDataList, sysRoleData -> genTable.getTableName().equals(sysRoleData.getTableName()));
-        AuthUtils.packAuthCondition(roleData.getDataScope(), condition, loginUser);
-    }
-
-
-
     private void handler(List<JSONObject> result, List<GenTableColumn> columns) {
         // 处理时间
         handlerDate(result, columns);

+ 3 - 2
boman-web-core/src/main/java/com/boman/web/core/service/delete/BaseDeleteServiceImpl.java

@@ -1,6 +1,7 @@
 package com.boman.web.core.service.delete;
 
 import com.alibaba.fastjson.JSONObject;
+import com.boman.common.core.utils.obj.ObjectUtils;
 import com.boman.web.core.domain.RowResult;
 import com.boman.web.core.mapper.StandardlyMapper;
 import org.slf4j.Logger;
@@ -45,7 +46,7 @@ public class BaseDeleteServiceImpl implements IBaseDeleteService {
     @Override
     public RowResult deleteById(String tableName, String pkName, Long id) {
         int delete = mapper.deleteById(tableName, pkName, id);
-        return RowResult.ok("共删除了 " + delete + " 条记录");
+        return delete > 0 ? RowResult.ok() : RowResult.fail();
     }
 
     /**
@@ -60,7 +61,7 @@ public class BaseDeleteServiceImpl implements IBaseDeleteService {
     @Override
     public RowResult objectLogicDelete(Long[] idArr, String tableName, String pkName, JSONObject model) {
         int delete = mapper.updateById(tableName, model, pkName, idArr);
-        return RowResult.ok("共删除了 " + delete + " 条记录");
+        return delete > 0 ? RowResult.ok() : RowResult.fail();
     }
 
 

+ 99 - 6
boman-web-core/src/main/java/com/boman/web/core/utils/AuthUtils.java

@@ -16,7 +16,6 @@ import com.boman.system.api.domain.SysRole;
 import com.boman.system.api.domain.SysUser;
 import com.boman.system.api.model.LoginUser;
 import com.boman.web.core.domain.FormDataDto;
-import com.boman.web.core.service.TableServiceCmdService;
 import com.boman.web.core.service.common.ICommonService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -34,19 +33,70 @@ public class AuthUtils {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(AuthUtils.class);
 
+    public static boolean checkAuthObjectDelete(GenTable genTable, Long id, String pkName) {
+        String tableName = genTable.getTableName();
+        String functionName = genTable.getFunctionName();
+        LoginUser loginUser = getLoginUser();
+        if (SysUser.isAdmin(loginUser.getUserid())) {
+            return true;
+        }
+
+        if (!containsFunctionBool(genTable.getMenuRole(), GenTable.D, functionName)) {
+            return false;
+        }
+
+        if (!checkPermsAuthBool(tableName, GenTable.D)) {
+            return false;
+        }
+
+        return checkRoleDataAuthBool(tableName, pkName, id);
+    }
+
+    public static void checkQueryListAuth(GenTable genTable, JSONObject condition) {
+        containsFunction(genTable.getMenuRole(), GenTable.Q, "此模块:[" + genTable.getTableName() + "], 没有查询功能");
+
+        LoginUser loginUser = getLoginUser();
+        if (SysUser.isAdmin(loginUser.getUserid())) {
+            return;
+        }
+
+        List<Long> roleIdList = map(loginUser.getSysUser().getRoles(), SysRole::getId);
+        RemoteRoleDataService remoteRoleDataService = SpringUtils.getBean(RemoteRoleDataService.class);
+        List<SysRoleData> roleDataList = remoteRoleDataService.listByRoleIdList(roleIdList);
+        if (isEmpty(roleDataList)) {
+            return;
+        }
+        // 此张表所对应的roleData
+        SysRoleData roleData = filterOne(roleDataList, sysRoleData -> genTable.getTableName().equals(sysRoleData.getTableName()));
+        packAuthCondition(roleData.getDataScope(), condition, loginUser);
+    }
 
     /**
      * 功能描述: 某一张表是否有AMD....功能
      *
      * @param menuRole  AMDQSUE
-     * @param function  AMDQSUE中的其中一个
+     * @param funcType  AMDQSUE中的其中一个
      * @param errMsg    错误提示语
      */
-    public static void containsFunction(String menuRole, String function, String errMsg) {
-        if (!menuRole.contains(function)) {
+    public static void containsFunction(String menuRole, String funcType, String errMsg) {
+        if (!menuRole.contains(funcType)) {
             throw new UnSuchFunctionException(errMsg);
         }
     }
+    /**
+     * 功能描述: 某一张表是否有AMD....功能
+     *
+     * @param menuRole  AMDQSUE
+     * @param funcType  AMDQSUE中的其中一个
+     */
+    public static boolean containsFunctionBool(String menuRole, String funcType, String functionName) {
+        if (!menuRole.contains(funcType)) {
+            LOGGER.error("非法操作,操作人: {},模块: {}, 此模块无 {} 功能", getLoginUser().getUsername(), functionName, funcType(funcType));
+            return false;
+        }
+
+        return true;
+    }
 
     /**
      * 功能描述: 拿到当前登陆人
@@ -99,11 +149,28 @@ public class AuthUtils {
         List<String> permsList = getLoginUserPermsList();
         String perms = packPermsKey(tableName, funcType);
         if (!permsList.contains(perms)) {
-            LOGGER.error("姓名: {},非法操作,tableName:{}, 操作类型:{}", getLoginUser().getUsername(), tableName, funcType);
+            LOGGER.error("非法操作,操作人: {},tableName: {}, 操作类型: {}", getLoginUser().getUsername(), tableName, funcType);
             throw new UnSuchFunctionException("不好意思,您无权限操作");
         }
     }
 
+    /**
+     * 功能描述: loginUser对应的Perms,权限认定
+     *
+     * @param tableName tableName
+     * @param funcType    AMDQSUEI {@link GenTable}
+     */
+    public static boolean checkPermsAuthBool(String tableName, String funcType) {
+        List<String> permsList = getLoginUserPermsList();
+        String perms = packPermsKey(tableName, funcType);
+        if (!permsList.contains(perms)) {
+            LOGGER.error("非法操作,操作人: {},tableName: {}, 操作类型: 此人未配置 {} 权限", getLoginUser().getUsername(), tableName, funcType(GenTable.D));
+           return false;
+        }
+
+        return true;
+    }
+
     /**
      * 功能描述: loginUser对应的roleData,权限认定
      *
@@ -122,11 +189,37 @@ public class AuthUtils {
         String dataScope = roleDataList.get(0).getDataScope();
         // 不可以修改
         if (!countByCreteBy(dataScope, pkName, id, tableName)) {
-            LOGGER.error("姓名: {},非法操作,tableName:{}", getLoginUser().getUsername(), tableName);
+            LOGGER.error("非法操作,操作人: {},tableName: {}, id: {}", getLoginUser().getUsername(), tableName, id);
             throw new UnSuchFunctionException("不好意思,您无权限操作");
         }
     }
 
+    /**
+     * 功能描述: loginUser对应的roleData,权限认定
+     *
+     * @param tableName tableName
+     * @param pkName    pkName
+     * @param id        id
+     */
+    public static boolean checkRoleDataAuthBool(String tableName, String pkName, Long id) {
+        List<Long> roleIdList = getLoginUserRoleIdList();
+        RemoteRoleDataService remoteRoleDataService = SpringUtils.getBean(RemoteRoleDataService.class);
+        List<SysRoleData> roleDataList = remoteRoleDataService.listByRoleIdListTableName(joinList(roleIdList), tableName);
+        if (isEmpty(roleDataList)) {
+            //没有配,证明有此表的全部权限
+            return true;
+        }
+
+        String dataScope = roleDataList.get(0).getDataScope();
+        // 可以修改
+        if (countByCreteBy(dataScope, pkName, id, tableName)) {
+            return true;
+        }
+
+        LOGGER.error("非法操作,操作人: {},tableName: {}, id: {}", getLoginUser().getUsername(), tableName, id);
+        return false;
+    }
+
     /**
      * 功能描述: 根据crete_by到数据库 count, 如果 >0 可以修改
      *