forked from p85126437/datagear
完善数据源授权管理功能
This commit is contained in:
datagear
parent
1c56708be2
commit
1e155dc7ef
|
|
@ -20,23 +20,6 @@ public class Schema extends AbstractStringIdEntity
|
|||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/*------------------------------------------------------*/
|
||||
/*
|
||||
* 从业务角度看,对数据源的授权不应是对其记录本身,而是它包含表中的数据。
|
||||
* 所以,这里扩展了Authorization.PERMISSION_READ_START权限,授予下面这些权限,都是对数据源记录本身的读权限。
|
||||
*/
|
||||
|
||||
/** 数据源内的表数据权限:读取 */
|
||||
public static final int PERMISSION_TABLE_DATA_READ = Authorization.PERMISSION_READ_START;
|
||||
|
||||
/** 数据源内的表数据权限:编辑 */
|
||||
public static final int PERMISSION_TABLE_DATA_EDIT = Authorization.PERMISSION_READ_START + 4;
|
||||
|
||||
/** 数据源内的表数据权限:删除 */
|
||||
public static final int PERMISSION_TABLE_DATA_DELETE = Authorization.PERMISSION_READ_START + 8;
|
||||
|
||||
/*------------------------------------------------------*/
|
||||
|
||||
/** 标题 */
|
||||
private String title;
|
||||
|
||||
|
|
@ -191,6 +174,71 @@ public class Schema extends AbstractStringIdEntity
|
|||
this.password = null;
|
||||
}
|
||||
|
||||
public boolean canReadTableData()
|
||||
{
|
||||
return Authorization.canRead(this.dataPermission);
|
||||
}
|
||||
|
||||
public boolean canEditTableData()
|
||||
{
|
||||
return Authorization.canEdit(this.dataPermission);
|
||||
}
|
||||
|
||||
public boolean canDeleteTableData()
|
||||
{
|
||||
return Authorization.canDelete(this.dataPermission);
|
||||
}
|
||||
|
||||
public boolean canRead()
|
||||
{
|
||||
return Authorization.canRead(this.dataPermission);
|
||||
}
|
||||
|
||||
public boolean canEdit(User currentUser)
|
||||
{
|
||||
if (currentUser.isAdmin())
|
||||
return true;
|
||||
|
||||
if (!Authorization.canEdit(this.dataPermission))
|
||||
return false;
|
||||
|
||||
if (!this.hasCreateUser())
|
||||
return false;
|
||||
|
||||
return currentUser.getId().equals(this.createUser.getId());
|
||||
}
|
||||
|
||||
public boolean canDelete(User currentUser)
|
||||
{
|
||||
if (currentUser.isAdmin())
|
||||
return true;
|
||||
|
||||
if (!Authorization.canRead(this.dataPermission))
|
||||
return false;
|
||||
|
||||
if (!this.hasCreateUser())
|
||||
return false;
|
||||
|
||||
return currentUser.getId().equals(this.createUser.getId());
|
||||
}
|
||||
|
||||
public boolean canAuthorize(User currentUser)
|
||||
{
|
||||
if (currentUser.isAdmin())
|
||||
return true;
|
||||
|
||||
if (currentUser.isAnonymous())
|
||||
return false;
|
||||
|
||||
if (!Authorization.canDelete(this.dataPermission))
|
||||
return false;
|
||||
|
||||
if (!this.hasCreateUser())
|
||||
return false;
|
||||
|
||||
return currentUser.getId().equals(this.createUser.getId());
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -557,6 +557,6 @@ authorization.principalType.ROLE=\u6307\u5B9A\u7528\u6237\u7EC4
|
|||
authorization.principalType.USER=\u6307\u5B9A\u7528\u6237
|
||||
authorization.principalType.ANONYMOUS=\u5168\u90E8\u533F\u540D\u7528\u6237
|
||||
authorization.principalType.ALL=\u5168\u90E8\u7528\u6237
|
||||
authorization.permission.DATA_SOURCE.PERMISSION_TABLE_DATA_READ.desc=\u4EC5\u53EF\u6D4F\u89C8\u6570\u636E
|
||||
authorization.permission.DATA_SOURCE.PERMISSION_TABLE_DATA_EDIT.desc=\u53EF\u7F16\u8F91\u3001\u6D4F\u89C8\u6570\u636E
|
||||
authorization.permission.DATA_SOURCE.PERMISSION_TABLE_DATA_DELETE.desc=\u53EF\u5220\u9664\u3001\u7F16\u8F91\u3001\u6D4F\u89C8\u6570\u636E
|
||||
authorization.permission.DATA_SOURCE.READ.desc=\u4EC5\u53EF\u6D4F\u89C8\u6570\u636E
|
||||
authorization.permission.DATA_SOURCE.EDIT.desc=\u53EF\u7F16\u8F91\u3001\u6D4F\u89C8\u6570\u636E
|
||||
authorization.permission.DATA_SOURCE.DELETE.desc=\u53EF\u5220\u9664\u3001\u7F16\u8F91\u3001\u6D4F\u89C8\u6570\u636E
|
||||
|
|
@ -13,7 +13,7 @@ readonly 是否只读操作,允许为null
|
|||
<#assign resourceType=((authorization.resourceType)!Authorization.RESOURCE_TYPE_DATA_SOURCE)>
|
||||
<#assign resourceTypePattern=Authorization.RESOURCE_TYPE_DATA_SOURCE + Authorization.PATTERN_RESOURCE_TYPE_SUFFIX>
|
||||
<#assign principalType=((authorization.principalType)!Authorization.PRINCIPAL_TYPE_USER)>
|
||||
<#assign permission=((authorization.permission)!Schema.PERMISSION_TABLE_DATA_READ)>
|
||||
<#assign permission=((authorization.permission)!Authorization.PERMISSION_READ_START)>
|
||||
<#assign enabled=(((authorization.enabled)!true)?string('true', 'false'))>
|
||||
<#assign isResourceTypePattern=(resourceType != Authorization.RESOURCE_TYPE_DATA_SOURCE)>
|
||||
<html>
|
||||
|
|
@ -134,12 +134,12 @@ readonly 是否只读操作,允许为null
|
|||
</div>
|
||||
<div class="form-item-value">
|
||||
<div class="permission-radios">
|
||||
<label for="${pageId}-permission_0" title="<@spring.message code='authorization.permission.DATA_SOURCE.PERMISSION_TABLE_DATA_READ.desc' />"><@spring.message code='authorization.permission.READ' /></label>
|
||||
<input type="radio" id="${pageId}-permission_0" name="permission" value="${Schema.PERMISSION_TABLE_DATA_READ}" />
|
||||
<label for="${pageId}-permission_1" title="<@spring.message code='authorization.permission.DATA_SOURCE.PERMISSION_TABLE_DATA_EDIT.desc' />"><@spring.message code='authorization.permission.EDIT' /></label>
|
||||
<input type="radio" id="${pageId}-permission_1" name="permission" value="${Schema.PERMISSION_TABLE_DATA_EDIT}" />
|
||||
<label for="${pageId}-permission_2" title="<@spring.message code='authorization.permission.DATA_SOURCE.PERMISSION_TABLE_DATA_DELETE.desc' />"><@spring.message code='authorization.permission.DELETE' /></label>
|
||||
<input type="radio" id="${pageId}-permission_2" name="permission" value="${Schema.PERMISSION_TABLE_DATA_DELETE}" />
|
||||
<label for="${pageId}-permission_0" title="<@spring.message code='authorization.permission.DATA_SOURCE.READ.desc' />"><@spring.message code='authorization.permission.READ' /></label>
|
||||
<input type="radio" id="${pageId}-permission_0" name="permission" value="${Authorization.PERMISSION_READ_START}" />
|
||||
<label for="${pageId}-permission_1" title="<@spring.message code='authorization.permission.DATA_SOURCE.EDIT.desc' />"><@spring.message code='authorization.permission.EDIT' /></label>
|
||||
<input type="radio" id="${pageId}-permission_1" name="permission" value="${Authorization.PERMISSION_EDIT_START}" />
|
||||
<label for="${pageId}-permission_2" title="<@spring.message code='authorization.permission.DATA_SOURCE.DELETE.desc' />"><@spring.message code='authorization.permission.DELETE' /></label>
|
||||
<input type="radio" id="${pageId}-permission_2" name="permission" value="${Authorization.PERMISSION_DELETE_START}" />
|
||||
<label for="${pageId}-permission_3"><@spring.message code='authorization.permission.NONE' /></label>
|
||||
<input type="radio" id="${pageId}-permission_3" name="permission" value="${Authorization.PERMISSION_NONE_START}" />
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ String authorizationSourceType 固定授权源类型,允许为null
|
|||
<#include "../include/page_obj_searchform_js.ftl">
|
||||
<#include "../include/page_obj_grid.ftl">
|
||||
<#include "../include/page_obj_data_permission.ftl">
|
||||
<#include "../include/page_obj_data_permission_ds_table.ftl">
|
||||
<script type="text/javascript">
|
||||
(function(po)
|
||||
{
|
||||
|
|
@ -157,7 +156,7 @@ String authorizationSourceType 固定授权源类型,允许为null
|
|||
var columnPermission = $.buildDataTablesColumnSimpleOption("<@spring.message code='authorization.permission' />", "permission");
|
||||
columnPermission.render = function(data, type, row, meta)
|
||||
{
|
||||
return po.toTableDataPermissionLabel(data);
|
||||
return po.toPermissionLabel(data);
|
||||
};
|
||||
|
||||
var tableColumns = [
|
||||
|
|
|
|||
|
|
@ -2,55 +2,70 @@
|
|||
数据源表权限JS片段。
|
||||
|
||||
依赖:
|
||||
page_js_obj.jsp
|
||||
page_js_obj.ftl
|
||||
page_obj_data_permission.ftl
|
||||
-->
|
||||
<#assign __podpSchema=statics['org.datagear.management.domain.Schema']>
|
||||
<script type="text/javascript">
|
||||
(function(po)
|
||||
{
|
||||
po.canReadTableData = function(schemaOrPermission)
|
||||
{
|
||||
if(schemaOrPermission == null)
|
||||
return false;
|
||||
|
||||
if(schemaOrPermission.dataPermission != undefined)
|
||||
schemaOrPermission = schemaOrPermission.dataPermission;
|
||||
|
||||
return ${__podpSchema.PERMISSION_TABLE_DATA_READ} <= schemaOrPermission;
|
||||
return po.canRead(schemaOrPermission);
|
||||
};
|
||||
|
||||
po.canEditTableData = function(schemaOrPermission)
|
||||
{
|
||||
if(schemaOrPermission == null)
|
||||
return false;
|
||||
|
||||
if(schemaOrPermission.dataPermission != undefined)
|
||||
schemaOrPermission = schemaOrPermission.dataPermission;
|
||||
|
||||
return ${__podpSchema.PERMISSION_TABLE_DATA_EDIT} <= schemaOrPermission;
|
||||
return po.canEdit(schemaOrPermission);
|
||||
};
|
||||
|
||||
po.canDeleteTableData = function(schemaOrPermission)
|
||||
{
|
||||
if(schemaOrPermission == null)
|
||||
return false;
|
||||
|
||||
if(schemaOrPermission.dataPermission != undefined)
|
||||
schemaOrPermission = schemaOrPermission.dataPermission;
|
||||
|
||||
return ${__podpSchema.PERMISSION_TABLE_DATA_DELETE} <= schemaOrPermission;
|
||||
return po.canDelete(schemaOrPermission);
|
||||
};
|
||||
|
||||
po.toTableDataPermissionLabel = function(schemaOrPermission)
|
||||
po.canEditSchema = function(schema, user)
|
||||
{
|
||||
if(po.canDeleteTableData(schemaOrPermission))
|
||||
return "<@spring.message code='authorization.permission.DELETE' />";
|
||||
else if(po.canEditTableData(schemaOrPermission))
|
||||
return "<@spring.message code='authorization.permission.EDIT' />";
|
||||
else if(po.canReadTableData(schemaOrPermission))
|
||||
return "<@spring.message code='authorization.permission.READ' />";
|
||||
else
|
||||
return "<@spring.message code='authorization.permission.NONE' />";
|
||||
if(user.admin)
|
||||
return true;
|
||||
|
||||
if(!po.canEdit(schema))
|
||||
return false;
|
||||
|
||||
if(!schema.createUser)
|
||||
return false;
|
||||
|
||||
return schema.createUser.id = user.id;
|
||||
};
|
||||
|
||||
po.canDeleteSchema = function(schema, user)
|
||||
{
|
||||
if(user.admin)
|
||||
return true;
|
||||
|
||||
if(!po.canEdit(schema))
|
||||
return false;
|
||||
|
||||
if(!schema.createUser)
|
||||
return false;
|
||||
|
||||
return schema.createUser.id = user.id;
|
||||
};
|
||||
|
||||
po.canAuthorizeSchema = function(schema, user)
|
||||
{
|
||||
if(user.admin)
|
||||
return true;
|
||||
|
||||
if(user.anonymous)
|
||||
return false;
|
||||
|
||||
if(!po.canDelete(schema))
|
||||
return false;
|
||||
|
||||
if(!schema.createUser)
|
||||
return false;
|
||||
|
||||
return schema.createUser.id == user.id;
|
||||
};
|
||||
})
|
||||
(${pageId});
|
||||
|
|
|
|||
|
|
@ -7,12 +7,11 @@
|
|||
<#include "include/page_js_obj.ftl" >
|
||||
<#include "include/page_obj_tabs.ftl" >
|
||||
<#include "include/page_obj_data_permission.ftl" >
|
||||
<#include "include/page_obj_data_permission_ds_table.ftl" >
|
||||
<script type="text/javascript">
|
||||
(function(po)
|
||||
{
|
||||
po.userId = "${currentUser.id?js_string}";
|
||||
po.isAnonymous = ${currentUser.anonymous?c};
|
||||
po.isAdmin = ${currentUser.admin?c};
|
||||
po.currentUser = <@writeJson var=currentUser />;
|
||||
|
||||
//将在document.ready中初始化
|
||||
po.mainTabs = null;
|
||||
|
|
@ -147,7 +146,7 @@
|
|||
|
||||
if(schema.createUser)
|
||||
{
|
||||
if(po.userId == schema.createUser.id)
|
||||
if(po.currentUser.id == schema.createUser.id)
|
||||
{
|
||||
if(tempSchema)
|
||||
schema.text += " <span class='ui-icon ui-icon-notice' title='<@spring.message code='main.tempSchema' />'></span>";
|
||||
|
|
@ -469,12 +468,12 @@
|
|||
var jstree = po.element(".schema-panel-content").jstree(true);
|
||||
var selNodes = jstree.get_selected(true);
|
||||
|
||||
var disableCRUD = false;
|
||||
var disableSchemaOperation = false;
|
||||
|
||||
//未选中数据库,则禁用CRUD按钮
|
||||
if(!selNodes.length)
|
||||
{
|
||||
disableCRUD = true;
|
||||
disableSchemaOperation = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -482,13 +481,13 @@
|
|||
{
|
||||
if(!po.isSchemaNode(selNodes[i]))
|
||||
{
|
||||
disableCRUD = true;
|
||||
disableSchemaOperation = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(disableCRUD)
|
||||
if(disableSchemaOperation)
|
||||
{
|
||||
menuItemEnables["schema-operation-edit"] = false;
|
||||
menuItemEnables["schema-operation-delete"] = false;
|
||||
|
|
@ -502,24 +501,15 @@
|
|||
{
|
||||
for(var i=0; i<selNodes.length; i++)
|
||||
{
|
||||
if(!po.isSchemaNode(selNodes[i]))
|
||||
{
|
||||
menuItemEnables["schema-operation-edit"] = false;
|
||||
menuItemEnables["schema-operation-delete"] = false;
|
||||
break;
|
||||
}
|
||||
|
||||
var schema = selNodes[i].original;
|
||||
|
||||
if(!po.canEdit(schema))
|
||||
if(!po.canEditSchema(schema, po.currentUser))
|
||||
menuItemEnables["schema-operation-edit"] = false;
|
||||
|
||||
if(!po.canDelete(schema))
|
||||
if(!po.canDeleteSchema(schema, po.currentUser))
|
||||
menuItemEnables["schema-operation-delete"] = false;
|
||||
|
||||
if(!po.canDelete(schema))
|
||||
menuItemEnables["schema-operation-authorize"] = false;
|
||||
else if(!po.isAdmin && (po.isAnonymous || po.userId != schema.createUser.id))
|
||||
if(!po.canAuthorizeSchema(schema, po.currentUser))
|
||||
menuItemEnables["schema-operation-authorize"] = false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue