权限2

boman-api/boman-domain/src/main/java/com.boman.domain/GenTable.java

@@ -10,13 +10,23 @@ import java.util.List;
 public class GenTable extends BaseEntity
 {
     private static final long serialVersionUID = 1L;
-
-    /** 查询 */
-    public static final String Q = "Q";
+    /** {@link com.boman.web.core.utils.AuthUtils#funcType(java.lang.String)}*/
     /** add */
     public static final String A = "A";
     /** modify */
     public static final String M = "M";
+    /** delete */
+    public static final String D = "D";
+    /** query */
+    public static final String Q = "Q";
+    /** submit */
+    public static final String S = "S";
+    /** unsubmit */
+    public static final String U = "U";
+    /** export */
+    public static final String E = "E";
+    /** import */
+    public static final String I = "I";
 
     /** 编号 */
     private Long Id;

boman-api/boman-domain/src/main/java/com.boman.domain/SysRoleData.java

@@ -18,7 +18,7 @@ public class SysRoleData extends BaseEntity
     public static final String ALL_DATA = "1";
     public static final String DIY_DATA = "2";
     public static final String SELF_DEPT_DATA = "3";
-    public static final String ALL_DEPT_DATA = "4";
+    public static final String SUB_DEPT_DATA = "4";
     public static final String MYSELF_DATA = "5";
 
     /** 角色权限id */

boman-api/boman-domain/src/main/java/com.boman.domain/constant/ViewConst.java → boman-api/boman-domain/src/main/java/com.boman.domain/constant/ViewTypeConst.java

@@ -4,7 +4,7 @@ package com.boman.domain.constant;
  * @author shiqian
  * @date 2021年04月20日 16:20
  **/
-public class ViewConst {
+public class ViewTypeConst {
 
     public static final String VIEW_TYPE = "viewType";
 

boman-web-core/src/main/java/com/boman/web/core/domain/TableContext.java

@@ -10,7 +10,6 @@ import com.boman.domain.SysRoleData;
 import com.boman.domain.exception.UnSuchFunctionException;
 import com.boman.system.api.RemoteMenuService;
 import com.boman.system.api.RemoteRoleDataService;
-import com.boman.system.api.domain.SysMenu;
 import com.boman.system.api.domain.SysUser;
 import com.boman.system.api.model.LoginUser;
 import com.boman.web.core.service.TableServiceCmdService;
@@ -52,6 +51,7 @@ public class TableContext {
     private GenTable table;
     private ActionType actionType;
     private String tableName;
+    private String functionName;
     private JSONObject fixedData;
     private JSONObject commitData;
     private List<GenTableColumn> columns;
@@ -62,6 +62,7 @@ public class TableContext {
         context.setActionType(ltZero(dto.getObjId()) ? ActionType.INSERT : ActionType.UPDATE);
 
         context.setId(dto.getObjId());
+        context.setFunctionName(table.getFunctionName());
         String tableName = requireNonNull(dto.getTable(), "tableName is empty");
         context.setTableName(tableName);
 
@@ -79,7 +80,7 @@ public class TableContext {
         context.setPkName(pkName);
 
         // 检查权限
-        checkObjectSaveAuth(context);
+        checkAuthObjectSave(context);
 
         JSONObject commitData = new JSONObject();
         packCommitData(context, columns, fixedData, commitData);
@@ -89,42 +90,24 @@ public class TableContext {
 
     }
 
-    private void checkObjectSaveAuth(TableContext context) {
+    private void checkAuthObjectSave(TableContext context) {
         GenTable genTable = context.getTable();
         String tableName = genTable.getTableName();
-        boolean isInsert = ActionType.INSERT.equals(context.getActionType());
-        String fun = isInsert ? "新增功能" : "修改功能";
-        containsFunction(genTable.getMenuRole(), GenTable.A, "此模块:[" + tableName + "], 没有" + fun);
+        String functionName = genTable.getFunctionName();
+
         // 当前登陆人对应的menu，看看是否包含保存功能
         LoginUser loginUser = getLoginUser();
-        List<SysMenu> menus = remoteMenuService.listMenusByUserId(loginUser.getUserid());
         if (SysUser.isAdmin(loginUser.getUserid())) {
             return;
         }
 
-        List<String> permsList = map(menus, SysMenu::getPerms);
-        if (isInsert) {
-            String perms = packPermsKey(tableName, GenTable.A);
-            if (!permsList.contains(perms)) {
-                throw new UnSuchFunctionException("不好意思，您无权限操作");
-            }
+        if (ActionType.INSERT.equals(context.getActionType())) {
+            containsFunction(genTable.getMenuRole(), GenTable.A, "模块:[" + functionName + "], 没有新增功能");
+            checkPermsAuth(tableName, GenTable.A);
         } else {
-            String perms = packPermsKey(tableName, GenTable.M);
-            if (!permsList.contains(perms)) {
-                throw new UnSuchFunctionException("不好意思，您无权限操作");
-            }
-
-            List<Long> roleIdList = getLoginUserRoleIdList();
-            List<SysRoleData> roleDataList = remoteRoleDataService.listByRoleIdListTableName(joinList(roleIdList), tableName);
-            if (isEmpty(roleDataList)) {
-                //没有配，证明有此表的全部权限
-                return;
-            }
-            String dataScope = roleDataList.get(0).getDataScope();
-            // 不可以修改
-            if (!countByCreteBy(dataScope, loginUser, context)) {
-                throw new UnSuchFunctionException("不好意思，您无权限操作");
-            }
+            containsFunction(genTable.getMenuRole(), GenTable.M, "模块:[" + functionName + "], 没有修改功能");
+            checkPermsAuth(tableName, GenTable.M);
+            checkRoleDataAuth(tableName, context.getPkName(), context.getId());
         }
     }
 
@@ -162,27 +145,6 @@ public class TableContext {
         }
     }
 
-    /**
-     * 功能描述: 根据crete_by到数据库 count, 如果 >0 可以修改
-     *
-     * @param dataScope dataScope
-     * @param loginUser loginUser
-     * @param context   context.getPkName()   context.getId()
-     * @return boolean
-     */
-    public boolean countByCreteBy(String dataScope, LoginUser loginUser, TableContext context) {
-        JSONObject condition = new JSONObject();
-        condition.put(context.getPkName(), context.getId());
-        // 封装crete_by
-        cmdService.packAuthCondition(dataScope, condition, loginUser);
-        FormDataDto dto = new FormDataDto();
-        dto.setTable(context.getTableName());
-        dto.setFixedData(condition);
-        int count = commonService.count(dto);
-        return count > 0;
-    }
-
-
     /**                 get and set                               **/
 
     public Long getId() {
@@ -248,4 +210,12 @@ public class TableContext {
     public void setActionType(ActionType actionType) {
         this.actionType = actionType;
     }
+
+    public String getFunctionName() {
+        return functionName;
+    }
+
+    public void setFunctionName(String functionName) {
+        this.functionName = functionName;
+    }
 }

boman-web-core/src/main/java/com/boman/web/core/service/TableServiceCmdService.java

@@ -18,6 +18,7 @@ import com.boman.domain.GenTableColumn;
 import com.boman.domain.SysDictData;
 import com.boman.domain.SysRoleData;
 import com.boman.domain.constant.*;
+import com.boman.domain.exception.UnSuchFunctionException;
 import com.boman.gen.api.RemoteGenTableColumnService;
 import com.boman.gen.api.RemoteGenTableService;
 import com.boman.system.api.RemoteDeptService;
@@ -25,6 +26,7 @@ import com.boman.system.api.RemoteDictDataService;
 import com.boman.system.api.RemoteRoleDataService;
 import com.boman.system.api.RemoteUserService;
 import com.boman.system.api.domain.SysFile;
+import com.boman.system.api.domain.SysMenu;
 import com.boman.system.api.domain.SysRole;
 import com.boman.system.api.domain.SysUser;
 import com.boman.system.api.model.LoginUser;
@@ -56,7 +58,7 @@ import java.util.function.Predicate;
 
 import static com.boman.common.core.utils.obj.ObjectUtils.*;
 import static com.boman.domain.constant.FormDataConstant.*;
-import static com.boman.web.core.utils.AuthUtils.containsFunction;
+import static com.boman.web.core.utils.AuthUtils.*;
 import static com.boman.web.core.utils.ColumnUtils.*;
 
 /**
@@ -175,14 +177,17 @@ public class TableServiceCmdService {
      */
     public AjaxResult objectDelete(FormDataDto dto) {
         requireNonNull(dto.getTable(), "tableName = [" + dto.getTable() + "] 此表不存在");
-        Long[] idArr = CollectionUtils.listToArray(dto.getIdList());
-        requireNonNull(idArr);
-        // 拿到pkName
+
         GenTable genTable = getTableFromRedisByTableName(RedisKey.TABLE_INFO, dto.getTable());
         String pkName = IdUtils.getPkName(genTable.getColumns());
 
+        Long[] idArr = CollectionUtils.listToArray(dto.getIdList());
+        requireNonNull(idArr);
+
         List<RowResult> result = Lists.newArrayListWithCapacity(idArr.length);
         for (Long id : idArr) {
+        // 校验权限
+            checkAuthObjectDelete(genTable, id);
             RowResult rowResult = deleteService.deleteById(dto.getTable(), pkName, id);
             result.add(rowResult);
             LOGGER.info(rowResult.getMessage() + ", id: {}", id);
@@ -193,6 +198,20 @@ public class TableServiceCmdService {
         return AjaxResult.success(result);
     }
 
+    private void checkAuthObjectDelete(GenTable genTable, Long id) {
+        String tableName = genTable.getTableName();
+        String functionName = genTable.getFunctionName();
+        LoginUser loginUser = getLoginUser();
+        if (SysUser.isAdmin(loginUser.getUserid())) {
+            return;
+        }
+
+        containsFunction(genTable.getMenuRole(), GenTable.D, "模块:[" + functionName + "], 没有删除功能");
+        checkPermsAuth(tableName, GenTable.D);
+        checkRoleDataAuth(tableName, IdUtils.getPkName(genTable.getColumns()), id);
+    }
+
+
 
     /**
      * 功能描述: 通用删除接口 (真的删除)
@@ -286,7 +305,7 @@ public class TableServiceCmdService {
         }
         // 此张表所对应的roleData
         SysRoleData roleData = filterOne(roleDataList, sysRoleData -> genTable.getTableName().equals(sysRoleData.getTableName()));
-        packAuthCondition(roleData.getDataScope(), condition, loginUser);
+        AuthUtils.packAuthCondition(roleData.getDataScope(), condition, loginUser);
     }
 
 
@@ -506,7 +525,7 @@ public class TableServiceCmdService {
         // genTable.getMenuRole() 暂时数据库没有数据，
         jsonObject.put(FormDataConstant.BUTTON_LIST, Strings.nullToEmpty(genTable.getMenuRole()));
 
-        jsonObject.put(ViewConst.VIEW_TYPE, Strings.nullToEmpty(genTable.getTplCategory()));
+        jsonObject.put(ViewTypeConst.VIEW_TYPE, Strings.nullToEmpty(genTable.getTplCategory()));
         jsonObject.put(RULES, packRequireColumn(columns));
         return AjaxResult.success(jsonObject);
     }
@@ -822,26 +841,7 @@ public class TableServiceCmdService {
         return sysDictData;
     }
 
-    public void packAuthCondition (String dataScope, JSONObject condition, LoginUser loginUser) {
-        requireNonNull(dataScope, "dataScope is empty");
-
-        switch (dataScope){
-            case SysRoleData.ALL_DATA:
-                break;
-            case SysRoleData.DIY_DATA:
-                break;
-            case SysRoleData.SELF_DEPT_DATA:
-                // 本部门人员
-                condition.put(FormDataConstant.CREATE_BY, loginUser.getDeptUserIds());
-                break;
-            case SysRoleData.ALL_DEPT_DATA:
-                // 本部门以及子部门
-                condition.put(FormDataConstant.CREATE_BY, loginUser.getSubDeptUserIds());
-                break;
-            default:
-                break;
-        }
-    }
+
 
 }
 

boman-web-core/src/main/java/com/boman/web/core/utils/AuthUtils.java

@@ -1,18 +1,30 @@
 package com.boman.web.core.utils;
 
+import com.alibaba.fastjson.JSONObject;
 import com.boman.common.core.constant.CacheConstants;
 import com.boman.common.core.utils.SecurityUtils;
 import com.boman.common.core.utils.SpringUtils;
 import com.boman.common.redis.service.RedisService;
+import com.boman.domain.GenTable;
+import com.boman.domain.SysRoleData;
+import com.boman.domain.constant.FormDataConstant;
 import com.boman.domain.exception.UnSuchFunctionException;
+import com.boman.system.api.RemoteMenuService;
+import com.boman.system.api.RemoteRoleDataService;
+import com.boman.system.api.domain.SysMenu;
 import com.boman.system.api.domain.SysRole;
+import com.boman.system.api.domain.SysUser;
 import com.boman.system.api.model.LoginUser;
+import com.boman.web.core.domain.FormDataDto;
+import com.boman.web.core.service.TableServiceCmdService;
+import com.boman.web.core.service.common.ICommonService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.util.List;
 
-import static com.boman.common.core.utils.obj.ObjectUtils.map;
+import static com.boman.common.core.utils.obj.ObjectUtils.*;
+import static com.boman.web.core.utils.ColumnUtils.joinList;
 
 /**
  * @author shiqian
@@ -66,4 +78,126 @@ public class AuthUtils {
     }
 
 
+    /**
+     * 功能描述: 当前登陆人对应的角色idList
+     *
+     * @return java.lang.Long
+     */
+    public static List<String> getLoginUserPermsList() {
+        RemoteMenuService remoteMenuService = SpringUtils.getBean(RemoteMenuService.class);
+        List<SysMenu> menus = remoteMenuService.listMenusByUserId(getLoginUser().getUserid());
+        return map(menus, SysMenu::getPerms);
+    }
+
+    /**
+     * 功能描述: loginUser对应的Perms，权限认定
+     *
+     * @param tableName tableName
+     * @param funcType    AMDQSUEI {@link GenTable}
+     */
+    public static void checkPermsAuth(String tableName, String funcType) {
+        List<String> permsList = getLoginUserPermsList();
+        String perms = packPermsKey(tableName, funcType);
+        if (!permsList.contains(perms)) {
+            LOGGER.error("姓名: {}，非法操作，tableName：{}， 操作类型：{}", getLoginUser().getUsername(), tableName, funcType);
+            throw new UnSuchFunctionException("不好意思，您无权限操作");
+        }
+    }
+
+    /**
+     * 功能描述: loginUser对应的roleData，权限认定
+     *
+     * @param tableName tableName
+     * @param pkName    pkName
+     * @param id        id
+     */
+    public static void checkRoleDataAuth(String tableName, String pkName, Long id) {
+        List<Long> roleIdList = getLoginUserRoleIdList();
+        RemoteRoleDataService remoteRoleDataService = SpringUtils.getBean(RemoteRoleDataService.class);
+        List<SysRoleData> roleDataList = remoteRoleDataService.listByRoleIdListTableName(joinList(roleIdList), tableName);
+        if (isEmpty(roleDataList)) {
+            //没有配，证明有此表的全部权限
+            return;
+        }
+        String dataScope = roleDataList.get(0).getDataScope();
+        // 不可以修改
+        if (!countByCreteBy(dataScope, pkName, id, tableName)) {
+            LOGGER.error("姓名: {}，非法操作，tableName：{}", getLoginUser().getUsername(), tableName);
+            throw new UnSuchFunctionException("不好意思，您无权限操作");
+        }
+    }
+
+    /**
+     * 功能描述: 根据crete_by到数据库 count, 如果 >0 可以修改
+     *
+     * @param dataScope dataScope
+     * @param pkName    pkName
+     * @param id        id
+     * @param tableName tableName
+     * @return boolean
+     */
+    public static boolean countByCreteBy(String dataScope, String pkName, Long id, String tableName) {
+        ICommonService commonService = SpringUtils.getBean(ICommonService.class);
+        JSONObject condition = new JSONObject();
+        condition.put(pkName, id);
+        // 封装crete_by
+        packAuthCondition(dataScope, condition, getLoginUser());
+        FormDataDto dto = new FormDataDto();
+        dto.setTable(tableName);
+        dto.setFixedData(condition);
+        int count = commonService.count(dto);
+        // count > 0 证明此人可以看到这条记录，自然可以修改
+        return count > 0;
+    }
+
+    /**
+     * 功能描述: 封装create_by in () 到 condition中
+     *
+     * @param dataScope obj_test:A obj_test:M.....
+     * @param condition condition
+     * @param loginUser 当前登陆人所存的deptUserIds和subDeptUserIds
+     */
+    public static void packAuthCondition(String dataScope, JSONObject condition, LoginUser loginUser) {
+        requireNonNull(dataScope, "dataScope is empty");
+
+        switch (dataScope) {
+            case SysRoleData.ALL_DATA:
+                break;
+            case SysRoleData.DIY_DATA:
+                break;
+            case SysRoleData.SELF_DEPT_DATA:
+                // 本部门人员
+                condition.put(FormDataConstant.CREATE_BY, loginUser.getDeptUserIds());
+                break;
+            case SysRoleData.SUB_DEPT_DATA:
+                // 本部门以及子部门
+                condition.put(FormDataConstant.CREATE_BY, loginUser.getSubDeptUserIds());
+                break;
+            default:
+                break;
+        }
+    }
+
+    public static String funcType(String funcType) {
+        switch (funcType) {
+            case GenTable.A:
+                return "新增";
+            case GenTable.M:
+                return "修改";
+            case GenTable.D:
+                return "删除";
+            case GenTable.Q:
+                return "查询";
+            case GenTable.S:
+                return "提交";
+            case GenTable.U:
+                return "反提交";
+            case GenTable.E:
+                return "导出";
+            default:
+                return "导入";
+        }
+    }
+
+
 }