p42579631
/
datagear
forked from p85126437/datagear
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

简化数据权限设计:移除废弃代码、重构部分逻辑

This commit is contained in:
datagear 2021-08-12 16:33:19 +08:00
parent 4076fd9ccb
commit ea5c29bf83
48 changed files with 323 additions and 1018 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
datagear-management/src/main/java/org/datagear/management/domain/AnalysisProject.java
View File

@ -100,7 +100,7 @@ public class AnalysisProject extends AbstractStringIdEntity
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

86
datagear-management/src/main/java/org/datagear/management/domain/Authorization.java
View File

@ -14,18 +14,9 @@ package org.datagear.management.domain;
*
*/
public class Authorization extends AbstractStringIdEntity
implements CreateUserEntity<String>, DataPermissionEntity<String>
{
private static final long serialVersionUID = 1L;
/** 授权资源类型 */
public static final String AUTHORIZATION_RESOURCE_TYPE = "AUTHORIZATION";
/**
* 模式匹配资源类型的后缀例如"DATA_SOURCE_PATTERN"表示数据源资源模式匹配授权
*/
public static final String PATTERN_RESOURCE_TYPE_SUFFIX = "_PATTERN";
/** 授权主体类型:全部用户 */
public static final String PRINCIPAL_TYPE_ALL = "ALL";
@ -46,8 +37,7 @@ public class Authorization extends AbstractStringIdEntity
/*------------------------------------------------------*/
/*
* 注意权限值范围必须在[0, 99]之间因为commonDataPermissionSqls.xml会对权限值取模100
* 这里的权限值都留有间隔便于各模块扩展自定义权限值
* 注意权限值范围必须在[-99, 99]之间这里的权限值都留有间隔便于各模块扩展自定义权限值
*/
/** 权限起始值:无 */
@ -62,6 +52,9 @@ public class Authorization extends AbstractStringIdEntity
/** 权限起始值:删除 */
public static final int PERMISSION_DELETE_START = 60;
/** 最小权限值 */
public static final int PERMISSION_MIN = -99;
/** 最大权限值 */
public static final int PERMISSION_MAX = 99;
@ -85,36 +78,26 @@ public class Authorization extends AbstractStringIdEntity
/** 是否启用 */
private boolean enabled = true;
/** 授权创建用户 */
private User createUser;
/** 授权资源名称 */
private String resourceName;
/** 授权主体名称 */
private String principalName;
/** 权限标签 */
private String permissionLabel;
/** 此记录的数据权限 */
private int dataPermission = PERMISSION_NOT_LOADED;
public Authorization()
{
super();
}
public Authorization(String resource, String resourceType, String principal, String principalType, int permission,
User createUser)
public Authorization(String id, String resource, String resourceType, String principal, String principalType,
int permission)
{
super();
super(id);
this.resource = resource;
this.resourceType = resourceType;
this.principal = principal;
this.principalType = principalType;
this.permission = permission;
this.createUser = createUser;
}
public String getResource()
@ -177,28 +160,6 @@ public class Authorization extends AbstractStringIdEntity
this.enabled = enabled;
}
@Override
public User getCreateUser()
{
return createUser;
}
@Override
public void setCreateUser(User createUser)
{
this.createUser = createUser;
}
public String getResourceName()
{
return resourceName;
}
public void setResourceName(String resourceName)
{
this.resourceName = resourceName;
}
public String getPrincipalName()
{
return principalName;
@ -219,18 +180,6 @@ public class Authorization extends AbstractStringIdEntity
this.permissionLabel = permissionLabel;
}
@Override
public int getDataPermission()
{
return dataPermission;
}
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
}
@Override
public String toString()
{
@ -239,16 +188,6 @@ public class Authorization extends AbstractStringIdEntity
+ permission + ", enabled=" + enabled + "]";
}
/**
* 是否是模式匹配资源类型
*
* @return
*/
public boolean isResourceTypePattern()
{
return this.resourceType != null && this.resourceType.endsWith(PATTERN_RESOURCE_TYPE_SUFFIX);
}
/**
* 是否无权限
*
@ -357,4 +296,15 @@ public class Authorization extends AbstractStringIdEntity
return currentUser.getId().equals(createUserEntity.getCreateUser().getId());
}
/**
* 整理权限数值确保其不大于{@linkplain #PERMISSION_MAX}之间
*
* @param permission
* @return
*/
public static int trimPermission(int permission)
{
return permission % 100;
}
}

2
datagear-management/src/main/java/org/datagear/management/domain/CsvFileDataSetEntity.java
View File

@ -200,7 +200,7 @@ public class CsvFileDataSetEntity extends AbstractCsvFileDataSet implements Dire
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/CsvValueDataSetEntity.java
View File

@ -94,7 +94,7 @@ public class CsvValueDataSetEntity extends CsvValueDataSet implements DataSetEnt
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

6
datagear-management/src/main/java/org/datagear/management/domain/DataIdPermission.java
View File

@ -15,7 +15,7 @@ import java.io.Serializable;
* @author datagear@163.com
*
*/
public class DataIdPermission implements Serializable
public class DataIdPermission implements DataPermissionAware, Serializable
{
private static final long serialVersionUID = 1L;
@ -45,13 +45,15 @@ public class DataIdPermission implements Serializable
this.dataId = dataId;
}
@Override
public int getDataPermission()
{
return dataPermission;
}
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
}

43
datagear-management/src/main/java/org/datagear/management/domain/DataPermissionAware.java Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright 2018 datagear.tech
*
* Licensed under the LGPLv3 license:
* http://www.gnu.org/licenses/lgpl-3.0.html
*/
package org.datagear.management.domain;
/**
* 数据权限相关模型
*
* @author datagear@163.com
*
*/
public interface DataPermissionAware
{
/**
* 获取数据权限值
* <p>
* 参考{@code Authorization.PERMISSION_*}{@linkplain #PERMISSION_NOT_LOADED}
* </p>
*
* @return
*/
int getDataPermission();
/**
* 设置数据权限值
* <p>
* 参考{@code Authorization.PERMISSION_*}{@linkplain #PERMISSION_NOT_LOADED}
* </p>
* <p>
* 底层SQL查询会对数据库中存储的权限值进行数学运算
* 可能导致查询的权限值大于{@linkplain Authorization#PERMISSION_MAX}且个位和十位数为实际权限值
* 为了提高系统的数据库兼容性所以尽量不使用数据库特性比如{@code MOD}函数
* 因此对于这个方法实现类应该对参数值进行{@code permission%100}取余处理可使用{@linkplain Authorization#trimPermission(int)}以确保权限值正确
* </p>
*
* @param permission
*/
void setDataPermission(int permission);
}

22
datagear-management/src/main/java/org/datagear/management/domain/DataPermissionEntity.java
View File

@ -16,28 +16,8 @@ import org.datagear.management.service.DataPermissionEntityService;
*
* @param <ID>
*/
public interface DataPermissionEntity<ID> extends Entity<ID>
public interface DataPermissionEntity<ID> extends DataPermissionAware, Entity<ID>
{
/** 参考{@linkplain DataPermissionEntityService#PERMISSION_NOT_LOADED} */
int PERMISSION_NOT_LOADED = DataPermissionEntityService.PERMISSION_NOT_LOADED;
/**
* 获取数据权限值
* <p>
* 参考{@code Authorization.PERMISSION_*}{@linkplain #PERMISSION_NOT_LOADED}
* </p>
*
* @return
*/
int getDataPermission();
/**
* 设置数据权限值
* <p>
* 参考{@code Authorization.PERMISSION_*}{@linkplain #PERMISSION_NOT_LOADED}
* </p>
*
* @param permission
*/
void setDataPermission(int permission);
}

2
datagear-management/src/main/java/org/datagear/management/domain/DataSetResDirectory.java
View File

@ -104,7 +104,7 @@ public class DataSetResDirectory extends AbstractStringIdEntity
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/ExcelDataSetEntity.java
View File

@ -199,7 +199,7 @@ public class ExcelDataSetEntity extends AbstractExcelDataSet implements Director
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/HtmlChartWidgetEntity.java
View File

@ -107,7 +107,7 @@ public class HtmlChartWidgetEntity extends HtmlChartWidget
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/HtmlTplDashboardWidgetEntity.java
View File

@ -103,7 +103,7 @@ public class HtmlTplDashboardWidgetEntity extends HtmlTplDashboardWidget
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/HttpDataSetEntity.java
View File

@ -102,7 +102,7 @@ public class HttpDataSetEntity extends HttpDataSet implements DataSetEntity
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/JsonFileDataSetEntity.java
View File

@ -201,7 +201,7 @@ public class JsonFileDataSetEntity extends AbstractJsonFileDataSet implements Di
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/JsonValueDataSetEntity.java
View File

@ -94,7 +94,7 @@ public class JsonValueDataSetEntity extends JsonValueDataSet implements DataSetE
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/Schema.java
View File

@ -184,7 +184,7 @@ public class Schema extends AbstractStringIdEntity
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
/**

2
datagear-management/src/main/java/org/datagear/management/domain/SqlDataSetEntity.java
View File

@ -145,7 +145,7 @@ public class SqlDataSetEntity extends SqlDataSet implements DataSetEntity
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/domain/SummaryDataSetEntity.java
View File

@ -99,7 +99,7 @@ public class SummaryDataSetEntity extends AbstractDataSet implements DataSetEnti
@Override
public void setDataPermission(int dataPermission)
{
this.dataPermission = dataPermission;
this.dataPermission = Authorization.trimPermission(dataPermission);
}
@Override

48
datagear-management/src/main/java/org/datagear/management/service/AuthorizationService.java
View File

@ -7,11 +7,8 @@
package org.datagear.management.service;
import java.util.List;
import org.datagear.management.domain.Authorization;
import org.datagear.management.domain.User;
import org.datagear.persistence.Query;
/**
* {@linkplain Authorization}业务服务接口
@ -19,8 +16,28 @@ import org.datagear.persistence.Query;
* @author datagear@163.com
*
*/
public interface AuthorizationService extends DataPermissionEntityService<String, Authorization>
public interface AuthorizationService extends EntityService<String, Authorization>
{
/**
* 是否允许授权操作
*
* @param user
* @param resourceType
* @param resource
* @return
*/
boolean isAllowAuthorization(User user, String resourceType, String resource);
/**
* 删除
*
* @param resourceType
* @param resource
* @param ids
* @return
*/
int deleteByIds(String resourceType, String resource, String... ids);
/**
* 删除资源授权
*
@ -29,27 +46,4 @@ public interface AuthorizationService extends DataPermissionEntityService<String
* @return
*/
int deleteByResource(String resourceType, String... resources);
/**
* 对于支持模式匹配授权的资源获取指定模式匹配源的权限
* <p>
* 返回{@code null}表示无对应的授权
* </p>
*
* @param user
* @param resourceType
* @param patternSource
* @return
*/
Integer getPermissionForPatternSource(User user, String resourceType, String patternSource);
/**
* 查询指定资源的{@linkplain Authorization}
*
* @param user
* @param assignedResource
* @param query
* @return
*/
List<Authorization> queryForAssignedResource(User user, String assignedResource, Query query);
}

3
datagear-management/src/main/java/org/datagear/management/service/DataPermissionEntityService.java
View File

@ -32,9 +32,6 @@ public interface DataPermissionEntityService<ID, T extends DataPermissionEntity<
/** 数据权限参数资源类型参考commonDataPermissionSqls.xml */
String DATA_PERMISSION_PARAM_RESOURCE_TYPE = "DP_RESOURCE_TYPE";
/** 数据权限参数资源是否支持模式匹配参考commonDataPermissionSqls.xml */
String DATA_PERMISSION_PARAM_RESOURCE_SUPPORT_PATTERN = "DP_RESOURCE_SUPPORT_PATTERN";
/** 数据权限参数资源是否有创建用户参考commonDataPermissionSqls.xml */
String DATA_PERMISSION_PARAM_RESOURCE_HAS_CREATOR = "DP_RESOURCE_HAS_CREATOR";

4
datagear-management/src/main/java/org/datagear/management/service/impl/AbstractMybatisDataPermissionEntityService.java
View File

@ -267,15 +267,13 @@ public abstract class AbstractMybatisDataPermissionEntityService<ID, T extends D
* @param params
* @param user
* @param resourceType
* @param resourceSupportPattern
* @param resourceHasCreator
*/
protected void addDataPermissionParameters(Map<String, Object> params, User user, String resourceType,
boolean resourceSupportPattern, boolean resourceHasCreator)
boolean resourceHasCreator)
{
params.put(DATA_PERMISSION_PARAM_CURRENT_USER, user);
params.put(DATA_PERMISSION_PARAM_RESOURCE_TYPE, resourceType);
params.put(DATA_PERMISSION_PARAM_RESOURCE_SUPPORT_PATTERN, resourceSupportPattern);
params.put(DATA_PERMISSION_PARAM_RESOURCE_HAS_CREATOR, resourceHasCreator);
params.put(DATA_PERMISSION_PARAM_MIN_READ_PERMISSION, Authorization.PERMISSION_READ_START);
params.put(DATA_PERMISSION_PARAM_MAX_PERMISSION, Authorization.PERMISSION_MAX);

13
datagear-management/src/main/java/org/datagear/management/service/impl/AbstractMybatisService.java
View File

@ -54,15 +54,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
/** 分页查询SQL尾部片段 */
public static final String PAGING_QUERY_FOOT_SQL = "_pagingQueryFoot";
/** {@linkplain MbSqlDialect#funcNameReplace()}的MyBatis参数名 */
public static final String FUNC_NAME_REPLACE = "_FUNC_REPLACE";
/** {@linkplain MbSqlDialect#funcNameModInt()}的MyBatis参数名 */
public static final String FUNC_NAME_MODINT = "_FUNC_MODINT";
/** {@linkplain MbSqlDialect#funcNameLength()}的MyBatis参数名 */
public static final String FUNC_NAME_LENGTH = "_FUNC_LENGTH";
/** {@linkplain MbSqlDialect#funcNameMax()}的MyBatis参数名 */
public static final String FUNC_NAME_MAX = "_FUNC_MAX";
@ -452,10 +443,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
protected void addDialectParamsBase(Map<String, Object> param)
{
param.put(this.identifierQuoteKey, this.dialect.getIdentifierQuote());
param.put(FUNC_NAME_REPLACE, this.dialect.funcNameReplace());
param.put(FUNC_NAME_MODINT, this.dialect.funcNameModInt());
param.put(FUNC_NAME_LENGTH, this.dialect.funcNameLength());
param.put(FUNC_NAME_MAX, this.dialect.funcNameMax());
}

2
datagear-management/src/main/java/org/datagear/management/service/impl/AnalysisProjectServiceImpl.java
View File

@ -82,7 +82,7 @@ public class AnalysisProjectServiceImpl extends AbstractMybatisDataPermissionEnt
@Override
protected void addDataPermissionParameters(Map<String, Object> params, User user)
{
addDataPermissionParameters(params, user, getResourceType(), false, true);
addDataPermissionParameters(params, user, getResourceType(), true);
}
@Override

21
datagear-management/src/main/java/org/datagear/management/service/impl/AuthorizationQueryContext.java
View File

@ -11,6 +11,7 @@ import java.io.Serializable;
import org.datagear.management.domain.Authorization;
import org.datagear.management.service.ServiceContext;
import org.datagear.util.StringUtil;
/**
* {@linkplain Authorization}查询上下文
@ -36,6 +37,9 @@ public class AuthorizationQueryContext implements Serializable
/** 指定查询资源类型 */
private String resourceType = null;
/** 指定查询资源 */
private String resource = null;
public AuthorizationQueryContext()
{
super();
@ -78,7 +82,7 @@ public class AuthorizationQueryContext implements Serializable
public boolean hasResourceType()
{
return (this.resourceType != null && !this.resourceType.isEmpty());
return !StringUtil.isEmpty(this.resourceType);
}
public String getResourceType()
@ -91,6 +95,21 @@ public class AuthorizationQueryContext implements Serializable
this.resourceType = resourceType;
}
public boolean hasResource()
{
return !StringUtil.isEmpty(this.resource);
}
public String getResource()
{
return resource;
}
public void setResource(String resource)
{
this.resource = resource;
}
/**
* {@linkplain AuthorizationQueryContext}存入{@linkplain ServiceContext}
*

175
datagear-management/src/main/java/org/datagear/management/service/impl/AuthorizationServiceImpl.java
View File

@ -10,23 +10,16 @@ package org.datagear.management.service.impl;
import java.util.List;
import java.util.Map;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.SqlSource;
import org.apache.ibatis.session.Configuration;
import org.apache.ibatis.session.SqlSessionFactory;
import org.datagear.management.domain.Authorization;
import org.datagear.management.domain.DataIdPermission;
import org.datagear.management.domain.DataPermissionEntity;
import org.datagear.management.domain.User;
import org.datagear.management.service.AuthorizationService;
import org.datagear.management.service.DataPermissionEntityService;
import org.datagear.management.service.PermissionDeniedException;
import org.datagear.management.util.dialect.MbSqlDialect;
import org.datagear.persistence.PagingData;
import org.datagear.persistence.PagingQuery;
import org.datagear.persistence.Query;
import org.datagear.util.IDUtil;
import org.mybatis.spring.SqlSessionTemplate;
/**
@ -35,7 +28,7 @@ import org.mybatis.spring.SqlSessionTemplate;
* @author datagear@163.com
*
*/
public class AuthorizationServiceImpl extends AbstractMybatisDataPermissionEntityService<String, Authorization>
public class AuthorizationServiceImpl extends AbstractMybatisEntityService<String, Authorization>
implements AuthorizationService
{
protected static final String SQL_NAMESPACE = Authorization.class.getName();
@ -72,29 +65,45 @@ public class AuthorizationServiceImpl extends AbstractMybatisDataPermissionEntit
}
@Override
public String getResourceType()
public boolean isAllowAuthorization(User user, String resourceType, String resourceId)
{
return Authorization.AUTHORIZATION_RESOURCE_TYPE;
if (isEmpty(resourceId) || isEmpty(resourceType))
throw new IllegalArgumentException();
DataPermissionEntityService<?, ?> resourceService = null;
if (this.resourceServices != null)
{
for (DataPermissionEntityService<?, ?> rs : this.resourceServices)
{
if (resourceType.equals(rs.getResourceType()))
{
resourceService = rs;
break;
}
}
}
if (resourceService == null)
return false;
DataPermissionEntity<?> resourceEntity = resourceService.getByStringId(user, resourceId);
if (resourceEntity == null)
return false;
return Authorization.canAuthorize(resourceEntity, user);
}
@Override
public boolean add(User user, Authorization entity) throws PermissionDeniedException
public int deleteByIds(String resourceType, String resource, String... ids)
{
checkCanSaveAuthorization(user, entity);
return super.add(user, entity);
}
Map<String, Object> params = buildParamMap();
params.put("resourceType", resourceType);
params.put("resource", resource);
params.put("ids", ids);
@Override
public boolean update(User user, Authorization entity) throws PermissionDeniedException
{
checkCanSaveAuthorization(user, entity);
return super.update(user, entity);
}
@Override
public Authorization getByStringId(User user, String id) throws PermissionDeniedException
{
return super.getById(user, id);
return updateMybatis("deleteByIdsForResource", params);
}
@Override
@ -107,42 +116,6 @@ public class AuthorizationServiceImpl extends AbstractMybatisDataPermissionEntit
return updateMybatis("deleteByResource", params);
}
@Override
public Integer getPermissionForPatternSource(User user, String resourceType, String patternSource)
{
if (user.isAdmin())
return Authorization.PERMISSION_MAX;
MbSqlDialect dialect = getDialect();
int unsetPermission = -9;
Map<String, Object> params = buildParamMap();
addDataPermissionParameters(params, user, resourceType, true, false);
params.put(DATA_PERMISSION_PARAM_UNSET_PERMISSION, unsetPermission);
params.put("placeholderId", dialect.toStringLiteral(IDUtil.uuid()));
params.put("patternSource", dialect.toStringLiteral(patternSource));
List<DataIdPermission> dataIdPermissions = selectListMybatis("getDataIdPermissionForPatternSource", params);
DataIdPermission dataIdPermission = (dataIdPermissions == null || dataIdPermissions.isEmpty() ? null
: dataIdPermissions.get(0));
return (dataIdPermission == null || dataIdPermission.getDataPermission() == unsetPermission ? null
: dataIdPermission.getDataPermission());
}
@Override
public List<Authorization> queryForAssignedResource(User user, String assignedResource, Query query)
{
Map<String, Object> params = buildParamMap();
addDataPermissionParameters(params, user);
params.put("assignedResource", assignedResource);
return query(query, params);
}
@Override
protected Authorization getById(String id, Map<String, Object> params, boolean postProcessSelect)
{
@ -168,95 +141,15 @@ public class AuthorizationServiceImpl extends AbstractMybatisDataPermissionEntit
return super.pagingQuery(statement, pagingQuery, params);
}
/**
* 检查用户是否可以保存授权
*
* @param user
* @param authorization
*/
protected void checkCanSaveAuthorization(User user, Authorization authorization)
{
if (user.isAdmin())
return;
// 只有管理员才可以模式匹配授权
if (authorization.isResourceTypePattern())
throw new PermissionDeniedException();
// 检查用户是否有对应资源的授权权限
String resourceId = authorization.getResource();
String resourceType = authorization.getResourceType();
if (isEmpty(resourceId) || isEmpty(resourceType))
throw new IllegalArgumentException();
DataPermissionEntityService<?, ?> resourceService = null;
if (this.resourceServices != null)
{
for (DataPermissionEntityService<?, ?> rs : this.resourceServices)
{
if (resourceType.equals(rs.getResourceType()))
{
resourceService = rs;
break;
}
}
}
if (resourceService == null)
throw new PermissionDeniedException();
DataPermissionEntity<?> resourceEntity = resourceService.getByStringId(user, resourceId);
if (resourceEntity == null)
throw new PermissionDeniedException();
if (!Authorization.canAuthorize(resourceEntity, user))
throw new PermissionDeniedException();
}
protected AuthorizationQueryContext setAuthorizationQueryContext(Map<String, Object> params)
{
AuthorizationQueryContext context = AuthorizationQueryContext.get();
params.put("queryContext", context);
// 针对特定资源的查询
if (context.hasResourceType())
{
params.put("resourceType", context.getResourceType());
try
{
String sqlId = Authorization.class.getName() + ".resourceNameQueryView." + context.getResourceType();
Configuration configuration = getSqlSession().getConfiguration();
MappedStatement mappedStatement = configuration.getMappedStatement(sqlId);
if (mappedStatement != null)
{
SqlSource sqlSource = mappedStatement.getSqlSource();
BoundSql boundSql = sqlSource.getBoundSql(new Object());
String resourceQueryView = boundSql.getSql();
params.put("resourceNameQueryView", resourceQueryView);
}
}
catch (Throwable t)
{
}
}
return context;
}
@Override
protected void addDataPermissionParameters(Map<String, Object> params, User user)
{
addDataPermissionParameters(params, user, getResourceType(), false, true);
}
@Override
protected String getSqlNamespace()
{

2
datagear-management/src/main/java/org/datagear/management/service/impl/DataSetEntityServiceImpl.java
View File

@ -544,7 +544,7 @@ public class DataSetEntityServiceImpl extends AbstractMybatisDataPermissionEntit
{
params.put(AnalysisProjectAwareEntity.DATA_PERMISSION_PARAM_RESOURCE_TYPE_ANALYSIS_PROJECT,
AnalysisProject.AUTHORIZATION_RESOURCE_TYPE);
addDataPermissionParameters(params, user, getResourceType(), false, true);
addDataPermissionParameters(params, user, getResourceType(), true);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/service/impl/DataSetResDirectoryServiceImpl.java
View File

@ -82,7 +82,7 @@ public class DataSetResDirectoryServiceImpl extends
@Override
protected void addDataPermissionParameters(Map<String, Object> params, User user)
{
addDataPermissionParameters(params, user, getResourceType(), false, true);
addDataPermissionParameters(params, user, getResourceType(), true);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/service/impl/HtmlChartWidgetEntityServiceImpl.java
View File

@ -244,7 +244,7 @@ public class HtmlChartWidgetEntityServiceImpl
{
params.put(AnalysisProjectAwareEntity.DATA_PERMISSION_PARAM_RESOURCE_TYPE_ANALYSIS_PROJECT,
AnalysisProject.AUTHORIZATION_RESOURCE_TYPE);
addDataPermissionParameters(params, user, getResourceType(), false, true);
addDataPermissionParameters(params, user, getResourceType(), true);
}
@Override

2
datagear-management/src/main/java/org/datagear/management/service/impl/HtmlTplDashboardWidgetEntityServiceImpl.java
View File

@ -171,7 +171,7 @@ public class HtmlTplDashboardWidgetEntityServiceImpl
{
params.put(AnalysisProjectAwareEntity.DATA_PERMISSION_PARAM_RESOURCE_TYPE_ANALYSIS_PROJECT,
AnalysisProject.AUTHORIZATION_RESOURCE_TYPE);
addDataPermissionParameters(params, user, getResourceType(), false, true);
addDataPermissionParameters(params, user, getResourceType(), true);
}
@Override

8
datagear-management/src/main/java/org/datagear/management/service/impl/SchemaServiceImpl.java
View File

@ -162,18 +162,14 @@ public class SchemaServiceImpl extends AbstractMybatisDataPermissionEntityServic
*/
protected void checkSaveUrlPermission(User user, String url) throws SaveSchemaUrlPermissionDeniedException
{
Integer permission = this.authorizationService.getPermissionForPatternSource(user, getResourceType(), url);
if (permission == null || Schema.canDeleteTableData(permission))
return;
// TODO 新增新建数据源URL控制功能管理员可设置这里判断
throw new SaveSchemaUrlPermissionDeniedException();
}
@Override
protected void addDataPermissionParameters(Map<String, Object> params, User user)
{
addDataPermissionParameters(params, user, getResourceType(), true, true);
addDataPermissionParameters(params, user, getResourceType(), true);
}
@Override

40
datagear-management/src/main/java/org/datagear/management/util/dialect/MbSqlDialect.java
View File

@ -24,12 +24,6 @@ import org.datagear.management.service.impl.AbstractMybatisService;
*/
public abstract class MbSqlDialect
{
public static final String FUNC_NAME_REPLACE = "DATAGEAR_REPLACE";
public static final String FUNC_NAME_MODINT = "DATAGEAR_FUNC_MODINT";
public static final String FUNC_NAME_LENGTH = "DATAGEAR_FUNC_LENGTH";
public static final String FUNC_NAME_MAX = "MAX";
/** 标识符引用符 */
@ -106,36 +100,6 @@ public abstract class MbSqlDialect
*/
public abstract String pagingSqlFoot(int index, int fetchSize);
/**
* 获取替换字符串子串的函数名
*
* @return
*/
public String funcNameReplace()
{
return FUNC_NAME_REPLACE;
}
/**
* 获取求余函数名
*
* @return
*/
public String funcNameModInt()
{
return FUNC_NAME_MODINT;
}
/**
* 获取求字符串长度的函数名
*
* @return
*/
public String funcNameLength()
{
return FUNC_NAME_LENGTH;
}
/**
* 获取MAX函数名
*
@ -184,7 +148,7 @@ public abstract class MbSqlDialect
{
return getClass().getSimpleName() + " [identifierQuote=" + getIdentifierQuote() + ", supportsPaging="
+ supportsPaging() + ", pagingSqlHead=" + pagingSqlHead(0, 10) + ", pagingSqlFoot="
+ pagingSqlFoot(0, 10) + ", funcNameReplace=" + funcNameReplace() + ", funcNameModInt="
+ funcNameModInt() + ", funcNameLength=" + funcNameLength() + ", funcNameMax=" + funcNameMax() + "]";
+ pagingSqlFoot(0, 10) + ", funcNameMax=" + funcNameMax()
+ "]";
}
}

18
datagear-management/src/main/java/org/datagear/management/util/dialect/SqlserverMbSqlDialect.java
View File

@ -44,22 +44,4 @@ public class SqlserverMbSqlDialect extends MbSqlDialect
{
return null;
}
@Override
public String funcNameReplace()
{
return DEFAULT_FUNC_PREFIX + super.funcNameReplace();
}
@Override
public String funcNameModInt()
{
return DEFAULT_FUNC_PREFIX + super.funcNameModInt();
}
@Override
public String funcNameLength()
{
return DEFAULT_FUNC_PREFIX + super.funcNameLength();
}
}

10
datagear-management/src/main/resources/org/datagear/management/ddl/datagear.sql
View File

@ -826,3 +826,13 @@ ALTER TABLE DATAGEAR_HCW_DS DROP COLUMN DS_PARAM_VALUES;
--version[2.8.0], DO NOT EDIT THIS LINE!
-----------------------------------------
--2021-08-12
--
DROP FUNCTION DATAGEAR_FUNC_MODINT;
DROP FUNCTION DATAGEAR_FUNC_LENGTH;
DROP FUNCTION DATAGEAR_REPLACE;
ALTER TABLE DATAGEAR_AUTHORIZATION DROP COLUMN AUTH_CREATE_USER_ID;

22
datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.resourceNameQueryView.xml
View File

@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<!--
此文件用于定义授权资源名称查询视图SQL语句的ID为资源类型具体参考AuthorizationServiceImpl.setAuthorizationQueryContext()
授权资源名称查询视图结果集列:
RESOURCE_ID 必填资源ID类型String
RESOURCE_NAME 必填资源名称类型String
-->
<mapper namespace="org.datagear.management.domain.Authorization.resourceNameQueryView">
<select id="DATA_SOURCE">
SELECT
A.SCHEMA_ID AS RESOURCE_ID,
A.SCHEMA_TITLE AS RESOURCE_NAME
FROM
DATAGEAR_SCHEMA A
</select>
</mapper>

144
datagear-management/src/main/resources/org/datagear/management/mapper/AuthorizationMapper.xml
View File

@ -7,12 +7,12 @@
INSERT INTO DATAGEAR_AUTHORIZATION
(
AUTH_ID, AUTH_RESOURCE, AUTH_RESOURCE_TYPE, AUTH_PRINCIPAL, AUTH_PRINCIPAL_TYPE,
AUTH_PERMISSION, AUTH_ENABLED, AUTH_CREATE_USER_ID
AUTH_PERMISSION, AUTH_ENABLED
)
VALUES
(
#{entity.id}, #{entity.resource}, #{entity.resourceType}, #{entity.principal}, #{entity.principalType},
#{entity.permission}, #{entity.enabled, jdbcType=VARCHAR},#{entity.createUser.id}
#{entity.permission}, #{entity.enabled, jdbcType=VARCHAR}
)
</insert>
@ -34,6 +34,17 @@
AUTH_ID = #{id}
</delete>
<delete id="deleteByIdsForResource">
DELETE FROM DATAGEAR_AUTHORIZATION
WHERE
AUTH_RESOURCE_TYPE = #{resourceType}
AND AUTH_RESOURCE = #{resource}
AND
(
<foreach item="id" collection="ids" separator=" OR ">AUTH_ID = #{id}</foreach>
)
</delete>
<delete id="deleteByResource">
DELETE FROM DATAGEAR_AUTHORIZATION
WHERE
@ -53,43 +64,11 @@
T.${_iq_}id${_iq_} = #{id}
</select>
<select id="getDataIdPermissions" resultType="org.datagear.management.domain.DataIdPermission">
SELECT
T.DATA_ID as ${_iq_}dataId${_iq_},
T.DATA_PERMISSION as ${_iq_}dataPermission${_iq_}
FROM
(
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
<include refid="queryViewDataPermissionId" />
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
) T
WHERE
<foreach item="item" collection="ids" separator=" OR ">T.DATA_ID = #{item}</foreach>
</select>
<select id="getDataIdPermissionForPatternSource" resultType="org.datagear.management.domain.DataIdPermission">
SELECT
T.DATA_ID as ${_iq_}dataId${_iq_},
T.DATA_PERMISSION as ${_iq_}dataPermission${_iq_}
FROM
(
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
SELECT
${placeholderId} AS DP_AUTH_DATA_ID,
${patternSource} AS DP_AUTH_DATA_PATTERN_SRC,
PLACEHOLDER_TABLE.PLACEHOLDER_COL
FROM
/*Derby没有类似from dual的语法为了兼容其它数据库这里采用了此种方法*/
(SELECT COUNT(*) AS PLACEHOLDER_COL FROM DATAGEAR_VERSION) PLACEHOLDER_TABLE
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
) T
</select>
<select id="query" resultType="org.datagear.management.domain.Authorization">
SELECT
T.*
FROM
(<include refid="queryViewDataPermission" />) T
(<include refid="queryView" />) T
WHERE
<include refid="queryCondition" />
<include refid="common.queryOrder" />
@ -99,7 +78,7 @@
SELECT
COUNT(*)
FROM
(<include refid="queryViewDataPermission" />) T
(<include refid="queryView" />) T
WHERE
<include refid="queryCondition" />
</select>
@ -109,43 +88,13 @@
SELECT
T.*
FROM
(<include refid="queryViewDataPermission" />) T
(<include refid="queryView" />) T
WHERE
<include refid="queryCondition" />
<include refid="common.queryOrder" />
<include refid="common.pagingQueryFoot" />
</select>
<sql id="queryViewDataPermission">
<choose><when test="DP_CURRENT_USER == null">
<include refid="queryView" />
</when><otherwise>
SELECT
T0.*,
T1.DATA_PERMISSION as ${_iq_}dataPermission${_iq_}
FROM
(<include refid="queryView" />) T0
INNER JOIN
(
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
<include refid="queryViewDataPermissionId" />
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
) T1
ON
T0.${_iq_}id${_iq_} = T1.DATA_ID
WHERE
T1.DATA_PERMISSION >= ${DP_MIN_READ_PERMISSION}
</otherwise></choose>
</sql>
<sql id="queryViewDataPermissionId">
SELECT
A.AUTH_ID AS DP_AUTH_DATA_ID,
A.AUTH_CREATE_USER_ID AS DP_AUTH_DATA_CREATOR_ID
FROM
DATAGEAR_AUTHORIZATION A
</sql>
<sql id="queryView">
SELECT
A.AUTH_ID AS ${_iq_}id${_iq_},
@ -156,35 +105,12 @@
A.AUTH_PERMISSION AS ${_iq_}permission${_iq_},
A.AUTH_ENABLED AS ${_iq_}enabled${_iq_},
A.AUTH_CREATE_TIME AS ${_iq_}ceateTime${_iq_},
A.AUTH_CREATE_USER_ID AS ${_iq_}createUser.id${_iq_},
A.USER_NAME AS ${_iq_}createUser.name${_iq_},
A.USER_REAL_NAME AS ${_iq_}createUser.realName${_iq_},
A.USER_IS_ADMIN AS ${_iq_}createUser.admin${_iq_},
A.USER_CREATE_TIME AS ${_iq_}createUser.createTime${_iq_},
<choose><when test="resourceNameQueryView != null">
(
CASE A.AUTH_RESOURCE_TYPE
WHEN '${resourceType}' THEN B.RESOURCE_NAME
WHEN '${resourceType}_PATTERN' THEN A.AUTH_RESOURCE
ELSE A.AUTH_RESOURCE
END
)
</when><otherwise>
A.AUTH_RESOURCE
</otherwise></choose>
AS ${_iq_}resourceName${_iq_},
(
CASE A.AUTH_PRINCIPAL_TYPE
WHEN 'ALL' THEN '${queryContext.principalAllLabel}'
WHEN 'ANONYMOUS' THEN '${queryContext.principalAnonymousLabel}'
WHEN 'ROLE' THEN C.ROLE_NAME
WHEN 'USER' THEN
(
CASE
WHEN D.USER_REAL_NAME IS NOT NULL THEN D.USER_REAL_NAME
ELSE D.USER_NAME
END
)
WHEN 'USER' THEN D.USER_NAME
ELSE A.AUTH_PRINCIPAL
END
) AS ${_iq_}principalName${_iq_},
@ -202,13 +128,7 @@
</otherwise></choose>
AS ${_iq_}permissionLabel${_iq_}
FROM
(<include refid="queryViewWithCreateUser" />) A
<if test="resourceNameQueryView != null">
LEFT JOIN
(${resourceNameQueryView}) B
ON
A.AUTH_RESOURCE_TYPE = '${resourceType}' AND A.AUTH_RESOURCE = B.RESOURCE_ID
</if>
DATAGEAR_AUTHORIZATION A
LEFT JOIN
DATAGEAR_ROLE C
ON
@ -217,31 +137,19 @@
DATAGEAR_USER D
ON
A.AUTH_PRINCIPAL_TYPE = 'USER' AND A.AUTH_PRINCIPAL = D.USER_ID
<if test="resourceType != null">
WHERE
A.AUTH_RESOURCE_TYPE = '${resourceType}' OR AUTH_RESOURCE_TYPE = '${resourceType}_PATTERN'
1 = 1
<if test="queryContext.resourceType != null">
AND A.AUTH_RESOURCE_TYPE = '${queryContext.resourceType}'
</if>
<if test="queryContext.resource != null">
AND A.AUTH_RESOURCE = '${queryContext.resource}'
</if>
</sql>
<sql id="queryViewWithCreateUser">
SELECT
A.*,
B.USER_NAME,
B.USER_REAL_NAME,
B.USER_IS_ADMIN,
B.USER_CREATE_TIME
FROM
DATAGEAR_AUTHORIZATION A
INNER JOIN
DATAGEAR_USER B
ON
A.AUTH_CREATE_USER_ID = B.USER_ID
</sql>
<sql id="queryCondition">
1 = 1
<choose><when test="assignedResource != null">
AND ${_iq_}resource${_iq_} = #{assignedResource} AND ${_iq_}resourceType${_iq_} NOT LIKE '%_PATTERN'
<choose><when test="queryContext.resource != null">
<if test="queryKeyword != null">
AND ${_iq_}principalName${_iq_} LIKE #{queryKeyword}
</if>
@ -249,7 +157,7 @@
<if test="queryKeyword != null">
AND
(
${_iq_}resourceName${_iq_} LIKE #{queryKeyword} OR ${_iq_}principalName${_iq_} LIKE #{queryKeyword}
${_iq_}resource${_iq_} LIKE #{queryKeyword} OR ${_iq_}principalName${_iq_} LIKE #{queryKeyword}
)
</if>
</otherwise></choose>

1
datagear-management/src/main/resources/org/datagear/management/mapper/SchemaMapper.xml
View File

@ -107,7 +107,6 @@
<sql id="queryViewDataPermissionId">
SELECT
A.SCHEMA_ID AS DP_AUTH_DATA_ID,
A.SCHEMA_URL AS DP_AUTH_DATA_PATTERN_SRC,
A.SCHEMA_CREATE_USER_ID AS DP_AUTH_DATA_CREATOR_ID
FROM
DATAGEAR_SCHEMA A

66
datagear-management/src/main/resources/org/datagear/management/mapper/commonDataPermissionSqls.xml
View File

@ -4,24 +4,26 @@
<mapper namespace="commonDataPermission">
<!--
指定用户对特定资源类型数据的查询视图
指定用户对特定资源类型数据的查询视图带权限值且需要程序进行100取模处理
使用示例:
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
SELECT ID AS DP_AUTH_DATA_ID, NAME AS DP_AUTH_DATA_PATTERN_SRC, CREATOR_ID AS DP_AUTH_DATA_CREATOR_ID FROM TABLE_0
SELECT ID AS DP_AUTH_DATA_ID, CREATOR_ID AS DP_AUTH_DATA_CREATOR_ID FROM TABLE_0
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
或者
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
SELECT ID AS DP_AUTH_DATA_ID FROM TABLE_0
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
查询参数:
DP_CURRENT_USER 必填当前查询用户类型org.datagear.management.domain.User
DP_RESOURCE_TYPE 必填授权资源类型类型String
DP_RESOURCE_SUPPORT_PATTERN 选填是否支持模式匹配默认为false类型Boolean
DP_RESOURCE_HAS_CREATOR 选填资源表是否有创建用户默认为false类型Boolean
DP_MAX_PERMISSION 必填最大权限值类型int
DP_UNSET_PERMISSION 选填未设置任何权限时的默认权限值默认为0类型int
IDQV字段
DP_AUTH_DATA_ID 必填数据ID类型字符串
DP_AUTH_DATA_PATTERN_SRC 选填DP_RESOURCE_SUPPORT_PATTERN为true时必填用于授权模式匹配的字段类型字符串类型
DP_AUTH_DATA_CREATOR_ID 选填DP_RESOURCE_HAS_CREATOR为true时必填资源的创建用户ID类型字符串类型
结果集:
@ -38,7 +40,7 @@
</when><otherwise>
SELECT
IDPQV.DATA_ID,
${_FUNC_MODINT}(${_FUNC_MAX}(DISTINCT IDPQV.AUTH_PRIORITY_PERMISSION), 100) AS DATA_PERMISSION
${_FUNC_MAX}(DISTINCT IDPQV.AUTH_PRIORITY_PERMISSION) AS DATA_PERMISSION
FROM
(
SELECT
@ -48,14 +50,12 @@
<if test="DP_RESOURCE_HAS_CREATOR == true">
/*创建用户最高权限*/
WHEN IDQV.DP_AUTH_DATA_CREATOR_ID IS NOT NULL AND IDQV.DP_AUTH_DATA_CREATOR_ID = '${DP_CURRENT_USER.id}'
THEN (9999900 + ${DP_MAX_PERMISSION})
THEN (90000 + ${DP_MAX_PERMISSION})
</if>
WHEN PQV.AUTH_RESOURCE_TYPE IS NULL THEN <choose><when test="DP_UNSET_PERMISSION != null">${DP_UNSET_PERMISSION}</when><otherwise>0</otherwise></choose>
/*次高级权限值加权,具体资源授权始终高于模式匹配授权,字符数多的模式匹配授权高于字符数少的模式匹配授权*/
WHEN PQV.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}_PATTERN'
THEN (${_FUNC_MODINT}(${_FUNC_LENGTH}(PQV.AUTH_RESOURCE)*100, 800000) + PQV.AUTH_PRIORITY_PERMISSION)
WHEN PQV.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}'
THEN (900000 + PQV.AUTH_PRIORITY_PERMISSION)
WHEN PQV.AUTH_RESOURCE_TYPE IS NULL
THEN <choose><when test="DP_UNSET_PERMISSION != null">${DP_UNSET_PERMISSION}</when><otherwise>0</otherwise></choose>
ELSE
PQV.AUTH_PRIORITY_PERMISSION
END
) AS AUTH_PRIORITY_PERMISSION
FROM
@ -74,9 +74,6 @@
) PQV
ON
(PQV.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}' AND PQV.AUTH_RESOURCE = IDQV.DP_AUTH_DATA_ID)
<if test='DP_RESOURCE_SUPPORT_PATTERN != null and DP_RESOURCE_SUPPORT_PATTERN == true'>
OR (PQV.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}_PATTERN' AND IDQV.DP_AUTH_DATA_PATTERN_SRC LIKE ${_FUNC_REPLACE}(PQV.AUTH_RESOURCE, '*', '%'))
</if>
) IDPQV
GROUP BY
IDPQV.DATA_ID
@ -84,7 +81,7 @@
</sql>
<!--
指定用户对特定资源类型的权限查询视图
指定用户对特定资源类型的权限值(加权)查询视图
查询参数:
与上述dataIdPermissionQueryViewHead一致
@ -94,41 +91,20 @@
AUTH.AUTH_RESOURCE,
AUTH.AUTH_RESOURCE_TYPE,
(
/*最高级权限值加权,管理员授权始终高于普通用户授权*/
CASE USR.USER_IS_ADMIN
WHEN 'true' THEN
CASE AUTH.AUTH_PRINCIPAL_TYPE
WHEN 'ALL' THEN (5000000 + AUTH.AUTH_PERMISSION)
WHEN 'ANONYMOUS' THEN (6000000 + AUTH.AUTH_PERMISSION)
WHEN 'ROLE' THEN (7000000 + AUTH.AUTH_PERMISSION)
WHEN 'USER' THEN (8000000 + AUTH.AUTH_PERMISSION)
ELSE 0
END
ELSE
CASE AUTH.AUTH_PRINCIPAL_TYPE
WHEN 'ALL' THEN (1000000 + AUTH.AUTH_PERMISSION)
WHEN 'ANONYMOUS' THEN (2000000 + AUTH.AUTH_PERMISSION)
WHEN 'ROLE' THEN (3000000 + AUTH.AUTH_PERMISSION)
WHEN 'USER' THEN (4000000 + AUTH.AUTH_PERMISSION)
ELSE 0
END
/*权限值优先级加权,范围越小优先级越高*/
CASE AUTH.AUTH_PRINCIPAL_TYPE
WHEN 'ALL' THEN (10000 + AUTH.AUTH_PERMISSION)
WHEN 'ANONYMOUS' THEN (20000 + AUTH.AUTH_PERMISSION)
WHEN 'ROLE' THEN (30000 + AUTH.AUTH_PERMISSION)
WHEN 'USER' THEN (40000 + AUTH.AUTH_PERMISSION)
ELSE 0
END
) AS AUTH_PRIORITY_PERMISSION
FROM
DATAGEAR_AUTHORIZATION AUTH
INNER JOIN
DATAGEAR_USER USR
ON
AUTH.AUTH_CREATE_USER_ID = USR.USER_ID
WHERE
AUTH.AUTH_ENABLED = 'true'
AND
(
AUTH.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}'
<if test='DP_RESOURCE_SUPPORT_PATTERN != null and DP_RESOURCE_SUPPORT_PATTERN == true'>
OR AUTH.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}_PATTERN'
</if>
)
AND AUTH.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}'
AND
(
AUTH.AUTH_PRINCIPAL_TYPE = 'ALL'

141
datagear-web/src/main/java/org/datagear/web/controller/AuthorizationController.java
View File

@ -15,11 +15,11 @@ import javax.servlet.http.HttpServletResponse;
import org.datagear.management.domain.Authorization;
import org.datagear.management.domain.User;
import org.datagear.management.service.AuthorizationService;
import org.datagear.management.service.PermissionDeniedException;
import org.datagear.management.service.impl.AuthorizationQueryContext;
import org.datagear.management.service.impl.EnumValueLabel;
import org.datagear.persistence.PagingQuery;
import org.datagear.util.IDUtil;
import org.datagear.util.StringUtil;
import org.datagear.web.controller.AuthorizationResourceMetas.PermissionMeta;
import org.datagear.web.controller.AuthorizationResourceMetas.ResourceMeta;
import org.datagear.web.util.OperationMessage;
@ -43,11 +43,6 @@ import org.springframework.web.bind.annotation.ResponseBody;
@RequestMapping("/authorization")
public class AuthorizationController extends AbstractController
{
/**
* 指定授权资源参数设置后所有CRUD操作都只针对这一个资源
*/
public static final String PARAM_ASSIGNED_RESOURCE = "assignedResource";
@Autowired
private AuthorizationService authorizationService;
@ -66,14 +61,22 @@ public class AuthorizationController extends AbstractController
this.authorizationService = authorizationService;
}
@RequestMapping("/{resourceType}/add")
@RequestMapping("/{resourceType}/{resource}/add")
public String add(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
@PathVariable("resourceType") String resourceType)
@PathVariable("resourceType") String resourceType, @PathVariable("resource") String resource)
{
User user = WebUtils.getUser(request, response);
checkIsAllowAuthorization(user, resourceType, resource);
Authorization authorization = new Authorization();
inflateResourceInfo(authorization, resourceType, resource);
ResourceMeta resourceMeta = setResourceMetaAttribute(model, resourceType);
setAssignedResourceAttributeIf(request, model, resourceMeta);
model.addAttribute("resourceType", resourceType);
model.addAttribute("resource", resource);
model.addAttribute("authorization", authorization);
model.addAttribute("user", user);
model.addAttribute(KEY_TITLE_MESSAGE_KEY, resourceMeta.getAuthAddAuthorizationLabel());
model.addAttribute(KEY_FORM_ACTION, "saveAdd");
@ -81,37 +84,44 @@ public class AuthorizationController extends AbstractController
return "/authorization/authorization_form";
}
@RequestMapping(value = "/{resourceType}/saveAdd", produces = CONTENT_TYPE_JSON)
@RequestMapping(value = "/{resourceType}/{resource}/saveAdd", produces = CONTENT_TYPE_JSON)
@ResponseBody
public ResponseEntity<OperationMessage> saveAdd(HttpServletRequest request, HttpServletResponse response,
org.springframework.ui.Model model, @PathVariable("resourceType") String resourceType,
@PathVariable("resource") String resource,
Authorization authorization)
{
User user = WebUtils.getUser(request, response);
checkIsAllowAuthorization(user, resourceType, resource);
inflateResourceInfo(authorization, resourceType, resource);
checkInput(authorization);
setResourceMetaAttribute(model, resourceType);
User user = WebUtils.getUser(request, response);
authorization.setId(IDUtil.randomIdOnTime20());
authorization.setCreateUser(user);
this.authorizationService.add(user, authorization);
this.authorizationService.add(authorization);
return buildOperationMessageSaveSuccessResponseEntity(request);
}
@RequestMapping("/{resourceType}/edit")
@RequestMapping("/{resourceType}/{resource}/edit")
public String edit(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
@PathVariable("resourceType") String resourceType, @RequestParam("id") String id)
@PathVariable("resourceType") String resourceType, @PathVariable("resource") String resource,
@RequestParam("id") String id)
{
User user = WebUtils.getUser(request, response);
checkIsAllowAuthorization(user, resourceType, resource);
ResourceMeta resourceMeta = setResourceMetaAttribute(model, resourceType);
setAuthorizationQueryContext(request, resourceMeta);
setAuthorizationQueryContext(request, resourceMeta, resource);
Authorization authorization = this.authorizationService.getByIdForEdit(user, id);
Authorization authorization = this.authorizationService.getById(id);
setAssignedResourceAttributeIf(request, model, resourceMeta);
model.addAttribute("resourceType", resourceType);
model.addAttribute("resource", resource);
model.addAttribute("authorization", authorization);
model.addAttribute("user", user);
model.addAttribute(KEY_TITLE_MESSAGE_KEY, resourceMeta.getAuthEditAuthorizationLabel());
@ -120,40 +130,49 @@ public class AuthorizationController extends AbstractController
return "/authorization/authorization_form";
}
@RequestMapping(value = "/{resourceType}/saveEdit", produces = CONTENT_TYPE_JSON)
@RequestMapping(value = "/{resourceType}/{resource}/saveEdit", produces = CONTENT_TYPE_JSON)
@ResponseBody
public ResponseEntity<OperationMessage> saveEdit(HttpServletRequest request, HttpServletResponse response,
org.springframework.ui.Model model, @PathVariable("resourceType") String resourceType,
@PathVariable("resource") String resource,
Authorization authorization)
{
User user = WebUtils.getUser(request, response);
checkIsAllowAuthorization(user, resourceType, resource);
inflateResourceInfo(authorization, resourceType, resource);
if (isEmpty(authorization.getId()))
throw new IllegalInputException();
checkInput(authorization);
setResourceMetaAttribute(model, resourceType);
User user = WebUtils.getUser(request, response);
this.authorizationService.update(user, authorization);
this.authorizationService.update(authorization);
return buildOperationMessageSaveSuccessResponseEntity(request);
}
@RequestMapping("/{resourceType}/view")
@RequestMapping("/{resourceType}/{resource}/view")
public String view(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
@PathVariable("resourceType") String resourceType, @RequestParam("id") String id)
@PathVariable("resourceType") String resourceType, @PathVariable("resource") String resource,
@RequestParam("id") String id)
{
User user = WebUtils.getUser(request, response);
ResourceMeta resourceMeta = setResourceMetaAttribute(model, resourceType);
setAuthorizationQueryContext(request, resourceMeta);
checkIsAllowAuthorization(user, resourceType, resource);
Authorization authorization = this.authorizationService.getById(user, id);
ResourceMeta resourceMeta = setResourceMetaAttribute(model, resourceType);
setAuthorizationQueryContext(request, resourceMeta, resource);
Authorization authorization = this.authorizationService.getById(id);
if (authorization == null)
throw new RecordNotFoundException();
setAssignedResourceAttributeIf(request, model, resourceMeta);
model.addAttribute("resourceType", resourceType);
model.addAttribute("resource", resource);
model.addAttribute("authorization", authorization);
model.addAttribute(KEY_TITLE_MESSAGE_KEY, resourceMeta.getAuthViewAuthorizationLabel());
model.addAttribute(KEY_READONLY, true);
@ -161,62 +180,68 @@ public class AuthorizationController extends AbstractController
return "/authorization/authorization_form";
}
@RequestMapping(value = "/{resourceType}/delete", produces = CONTENT_TYPE_JSON)
@RequestMapping(value = "/{resourceType}/{resource}/delete", produces = CONTENT_TYPE_JSON)
@ResponseBody
public ResponseEntity<OperationMessage> delete(HttpServletRequest request, HttpServletResponse response,
org.springframework.ui.Model model, @PathVariable("resourceType") String resourceType,
@RequestBody String[] ids)
@PathVariable("resource") String resource, @RequestBody String[] ids)
{
User user = WebUtils.getUser(request, response);
checkIsAllowAuthorization(user, resourceType, resource);
setResourceMetaAttribute(model, resourceType);
this.authorizationService.deleteByIds(WebUtils.getUser(request, response), ids);
this.authorizationService.deleteByIds(resourceType, resource, ids);
return buildOperationMessageDeleteSuccessResponseEntity(request);
}
@RequestMapping(value = "/{resourceType}/query")
@RequestMapping(value = "/{resourceType}/{resource}/query")
public String query(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
@PathVariable("resourceType") String resourceType)
@PathVariable("resourceType") String resourceType, @PathVariable("resource") String resource)
{
User user = WebUtils.getUser(request, response);
checkIsAllowAuthorization(user, resourceType, resource);
ResourceMeta resourceMeta = setResourceMetaAttribute(model, resourceType);
setAssignedResourceAttributeIf(request, model, resourceMeta);
model.addAttribute("resourceType", resourceType);
model.addAttribute("resource", resource);
model.addAttribute(KEY_TITLE_MESSAGE_KEY, resourceMeta.getAuthManageAuthorizationLabel());
return "/authorization/authorization_grid";
}
@RequestMapping(value = "/{resourceType}/queryData", produces = CONTENT_TYPE_JSON)
@RequestMapping(value = "/{resourceType}/{resource}/queryData", produces = CONTENT_TYPE_JSON)
@ResponseBody
public List<Authorization> queryData(HttpServletRequest request, HttpServletResponse response,
org.springframework.ui.Model model, @PathVariable("resourceType") String resourceType,
@PathVariable("resource") String resource,
@RequestBody(required = false) PagingQuery pagingQueryParam) throws Exception
{
User user = WebUtils.getUser(request, response);
final PagingQuery pagingQuery = inflatePagingQuery(request, pagingQueryParam);
checkIsAllowAuthorization(user, resourceType, resource);
ResourceMeta resourceMeta = setResourceMetaAttribute(model, resourceType);
setAuthorizationQueryContext(request, resourceMeta);
String assignedResource = getAssignedResource(request);
setAuthorizationQueryContext(request, resourceMeta, resource);
List<Authorization> authorizations = null;
if (!isEmpty(assignedResource))
authorizations = this.authorizationService.queryForAssignedResource(user, assignedResource, pagingQuery);
else
authorizations = this.authorizationService.query(user, pagingQuery);
return authorizations;
return this.authorizationService.query(pagingQuery);
}
protected void setAssignedResourceAttributeIf(HttpServletRequest request, org.springframework.ui.Model model,
ResourceMeta resourceMeta)
protected void checkIsAllowAuthorization(User user, String resourceType, String resource)
throws PermissionDeniedException
{
String ap = getAssignedResource(request);
if (!this.authorizationService.isAllowAuthorization(user, resourceType, resource))
throw new PermissionDeniedException();
}
if (resourceMeta.mustAssignResource() && StringUtil.isEmpty(ap))
throw new IllegalInputException();
if (!StringUtil.isEmpty(ap))
model.addAttribute("assignedResource", ap);
protected void inflateResourceInfo(Authorization auth, String resourceType, String resource)
{
auth.setResourceType(resourceType);
auth.setResource(resource);
}
protected ResourceMeta setResourceMetaAttribute(org.springframework.ui.Model model, String resourceType)
@ -231,17 +256,13 @@ public class AuthorizationController extends AbstractController
return resourceMeta;
}
protected String getAssignedResource(HttpServletRequest request)
{
return request.getParameter(PARAM_ASSIGNED_RESOURCE);
}
protected void setAuthorizationQueryContext(HttpServletRequest request, ResourceMeta resourceMeta)
protected void setAuthorizationQueryContext(HttpServletRequest request, ResourceMeta resourceMeta, String resource)
{
AuthorizationQueryContext context = new AuthorizationQueryContext();
context.setPrincipalAllLabel(getMessage(request, "authorization.principalType.ALL"));
context.setPrincipalAnonymousLabel(getMessage(request, "authorization.principalType.ANONYMOUS"));
context.setResourceType(resourceMeta.getResourceType());
context.setResource(resource);
PermissionMeta[] permissionMetas = resourceMeta.getPermissionMetas();
@SuppressWarnings("unchecked")

174
datagear-web/src/main/java/org/datagear/web/controller/AuthorizationResourceMetas.java
View File

@ -48,8 +48,6 @@ public class AuthorizationResourceMetas
PermissionMeta read = PermissionMeta.valueOfRead();
ResourceMeta resourceMeta = new ResourceMeta(resourceType, labelKeyPrefix, PermissionMeta.valuesOf(read));
resourceMeta.updateResouceTypeLabel();
resourceMeta.setSupportSelectResource(false);
resourceMeta.setSupportPatternResource(false);
resourceMeta.setEnableSetEnable(false);
resourceMeta.setAuthManageAuthorizationLabel("authorization.default.share.manageAuthorization");
@ -95,14 +93,6 @@ public class AuthorizationResourceMetas
ResourceMeta resourceMeta = new ResourceMeta(Schema.AUTHORIZATION_RESOURCE_TYPE, "schema",
PermissionMeta.valuesOf(read, edit, delete, none));
resourceMeta.updateResouceTypeLabel();
resourceMeta.setSupportSelectResource(true);
resourceMeta.setSelectResourceURL("/schema/select");
resourceMeta.setSelectResourceIdField(Schema.ID_PROP_NAME);
resourceMeta.setSelectResourceNameField(Schema.PROPERTY_TITLE);
resourceMeta.updateAuthModeSelectResourceLabel();
resourceMeta.setSupportPatternResource(true);
resourceMeta.updateAuthModePatternResourceLabel();
resourceMeta.updateAuthModePatternResourceLabelDesc();
register(resourceMeta);
}
@ -135,33 +125,6 @@ public class AuthorizationResourceMetas
/** 资源类型标签I18N关键字 */
private String resouceTypeLabel = "authorization.default.resouceTypeLabel";
/** 是否支持选择资源授权 */
private boolean supportSelectResource = false;
/** supportSelectResource=true时必须选择资源URL */
private String selectResourceURL = "";
/** supportSelectResource=true时必须选择资源的ID字段名 */
private String selectResourceIdField = "";
/** supportSelectResource=true时必须选择资源的名称字段名 */
private String selectResourceNameField = "";
/** 是否支持模式匹配授权 */
private boolean supportPatternResource = false;
/** 可选,授权模式-选择资源选项卡标签名I18N关键字 */
private String authModeSelectResourceLabel = "authorization.default.authModeSelectResourceLabel";
/** 可选,授权模式-选择资源选项卡标签描述I18N关键字 */
private String authModeSelectResourceLabelDesc = "authorization.default.authModeSelectResourceLabelDesc";
/** 可选,授权模式-模式输入选项卡标签I18N关键字 */
private String authModePatternResourceLabel = "authorization.default.authModePatternResourceLabel";
/** 可选,授权模式-模式输入选项卡标签描述I18N关键字 */
private String authModePatternResourceLabelDesc = "authorization.default.authModePatternResourceLabelDesc";
/** 是否开启设置启用/禁用功能 */
private boolean enableSetEnable = true;
@ -185,8 +148,6 @@ public class AuthorizationResourceMetas
private String authEnabledLabel = "authorization.enabled";
private String authCreateUserLabel = "authorization.createUser";
public ResourceMeta()
{
super();
@ -240,96 +201,6 @@ public class AuthorizationResourceMetas
this.resouceTypeLabel = resouceTypeLabel;
}
public boolean isSupportSelectResource()
{
return supportSelectResource;
}
public void setSupportSelectResource(boolean supportSelectResource)
{
this.supportSelectResource = supportSelectResource;
}
public String getSelectResourceURL()
{
return selectResourceURL;
}
public void setSelectResourceURL(String selectResourceURL)
{
this.selectResourceURL = selectResourceURL;
}
public String getSelectResourceIdField()
{
return selectResourceIdField;
}
public void setSelectResourceIdField(String selectResourceIdField)
{
this.selectResourceIdField = selectResourceIdField;
}
public String getSelectResourceNameField()
{
return selectResourceNameField;
}
public void setSelectResourceNameField(String selectResourceNameField)
{
this.selectResourceNameField = selectResourceNameField;
}
public String getAuthModeSelectResourceLabel()
{
return authModeSelectResourceLabel;
}
public void setAuthModeSelectResourceLabel(String authModeSelectResourceLabel)
{
this.authModeSelectResourceLabel = authModeSelectResourceLabel;
}
public String getAuthModeSelectResourceLabelDesc()
{
return authModeSelectResourceLabelDesc;
}
public void setAuthModeSelectResourceLabelDesc(String authModeSelectResourceLabelDesc)
{
this.authModeSelectResourceLabelDesc = authModeSelectResourceLabelDesc;
}
public boolean isSupportPatternResource()
{
return supportPatternResource;
}
public void setSupportPatternResource(boolean supportPatternResource)
{
this.supportPatternResource = supportPatternResource;
}
public String getAuthModePatternResourceLabel()
{
return authModePatternResourceLabel;
}
public void setAuthModePatternResourceLabel(String authModePatternResourceLabel)
{
this.authModePatternResourceLabel = authModePatternResourceLabel;
}
public String getAuthModePatternResourceLabelDesc()
{
return authModePatternResourceLabelDesc;
}
public void setAuthModePatternResourceLabelDesc(String authModePatternResourceLabelDesc)
{
this.authModePatternResourceLabelDesc = authModePatternResourceLabelDesc;
}
public boolean isEnableSetEnable()
{
return enableSetEnable;
@ -440,16 +311,6 @@ public class AuthorizationResourceMetas
this.authEnabledLabel = authEnabledLabel;
}
public String getAuthCreateUserLabel()
{
return authCreateUserLabel;
}
public void setAuthCreateUserLabel(String authCreateUserLabel)
{
this.authCreateUserLabel = authCreateUserLabel;
}
/**
* 是否只有一个权限
*
@ -465,16 +326,6 @@ public class AuthorizationResourceMetas
return this.permissionMetas[0];
}
/**
* 查询编辑操作是否必须首先设置资源
*
* @return
*/
public boolean mustAssignResource()
{
return (!this.supportSelectResource && !supportPatternResource);
}
public String buildLabelKey(String subKey)
{
return buildLabelKey(this.labelKeyPrefix, subKey);
@ -485,26 +336,6 @@ public class AuthorizationResourceMetas
this.resouceTypeLabel = buildLabelKey("resouceTypeLabel");
}
public void updateAuthModeSelectResourceLabel()
{
this.authModeSelectResourceLabel = buildLabelKey("authModeSelectResourceLabel");
}
public void updateAuthModeSelectResourceLabelDesc()
{
this.authModeSelectResourceLabelDesc = buildLabelKey("authModeSelectResourceLabelDesc");
}
public void updateAuthModePatternResourceLabel()
{
this.authModePatternResourceLabel = buildLabelKey("authModePatternResourceLabel");
}
public void updateAuthModePatternResourceLabelDesc()
{
this.authModePatternResourceLabelDesc = buildLabelKey("authModePatternResourceLabelDesc");
}
public void updateAuthManageAuthorizationLabel()
{
this.authManageAuthorizationLabel = buildLabelKey("authManageAuthorizationLabel");
@ -555,11 +386,6 @@ public class AuthorizationResourceMetas
this.authEnabledLabel = buildLabelKey("authEnabledLabel");
}
public void updateAuthCreateUserLabel()
{
this.authCreateUserLabel = buildLabelKey("authCreateUserLabel");
}
public static String buildLabelKey(String labelKeyPrefix, String subKey)
{
return labelKeyPrefix + ".auth." + subKey;

10
datagear-web/src/main/resources/org/datagear/web/i18n/message.properties
View File

@ -253,7 +253,7 @@ main.manageDriverEntity=数据源驱动程序
main.manageUser=用户
main.addUser=添加用户
main.manageRole=角色
main.manageSchemaAuth=数据源授权
main.manageSchemaControl=数据源管控
main.manageChartPlugin=图表插件
main.uploadChartPlugin=上传图表插件
main.manageDataSetResDirectory=数据集资源目录
@ -351,9 +351,6 @@ schema.url.port=端口
schema.url.name=数据源名称
schema.loadUrlBuilderScriptError=加载数据源URL构建器代码出错
schema.auth.resouceTypeLabel=数据源
schema.auth.authModeSelectResourceLabel=指定数据源
schema.auth.authModePatternResourceLabel=数据源URL通配
schema.auth.authModePatternResourceLabelDesc=可在[数据源]输入框中填写数据源URL通配符针对所有匹配的数据源授权例如*、*192.168.1.1*
schema.auth.permission.read.desc=仅可浏览数据执行SELECT SQL语句
schema.auth.permission.edit.desc=可浏览、编辑数据执行SELECT、UPDATE SQL语句
schema.auth.permission.delete.desc=可浏览、编辑、删除数据执行所有SQL语句
@ -623,12 +620,7 @@ authorization.principalType.USER=指定用户
authorization.principalType.ANONYMOUS=全部匿名用户
authorization.principalType.ALL=全部用户
authorization.enabled=是否启用
authorization.createUser=设置用户
authorization.default.resouceTypeLabel=资源
authorization.default.authModeSelectResourceLabel=指定资源
authorization.default.authModeSelectResourceLabelDesc=
authorization.default.authModePatternResourceLabel=资源通配
authorization.default.authModePatternResourceLabelDesc=
authorization.default.permission.desc=
authorization.default.share.addAuthorization=添加分享
authorization.default.share.editAuthorization=编辑分享

10
datagear-web/src/main/resources/org/datagear/web/i18n/message_en.properties
View File

@ -253,7 +253,7 @@ main.manageDriverEntity=Data source driver
main.manageUser=User
main.addUser=Add user
main.manageRole=Role
main.manageSchemaAuth=Data source authorization
main.manageSchemaControl=Data source control
main.manageChartPlugin=Chart plugin
main.uploadChartPlugin=Upload chart plugin
main.manageDataSetResDirectory=Data set directory
@ -351,9 +351,6 @@ schema.url.port=Port
schema.url.name=Database name
schema.loadUrlBuilderScriptError=Load data source URL builder code error
schema.auth.resouceTypeLabel=Data source
schema.auth.authModeSelectResourceLabel=Specified data source
schema.auth.authModePatternResourceLabel=Data source URL wildcard
schema.auth.authModePatternResourceLabelDesc=The data source URL wildcard can be filled in the data source input to authorize for all matching data sources, e.g : *, *192.168.1.1*
schema.auth.permission.read.desc=Can only browse data, execute SELECT SQL
schema.auth.permission.edit.desc=Can browse/edit data, execute SELECT/UPDATE SQL
schema.auth.permission.delete.desc=Can browse/edit/delete data, execute any SQL
@ -623,12 +620,7 @@ authorization.principalType.USER=User
authorization.principalType.ANONYMOUS=Anonymous
authorization.principalType.ALL=All
authorization.enabled=Enabled
authorization.createUser=Creator
authorization.default.resouceTypeLabel=Resource
authorization.default.authModeSelectResourceLabel=Select resource
authorization.default.authModeSelectResourceLabelDesc=
authorization.default.authModePatternResourceLabel=Resource wildcard
authorization.default.authModePatternResourceLabelDesc=
authorization.default.permission.desc=
authorization.default.share.addAuthorization=Add share
authorization.default.share.editAuthorization=Edit share

3
datagear-web/src/main/resources/org/datagear/web/templates/analysisProject/analysisProject_grid.ftl
View File

@ -126,8 +126,7 @@ selectOperation 是否选择操作允许为null
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${AnalysisProject.AUTHORIZATION_RESOURCE_TYPE}/query?"
+"${statics['org.datagear.web.controller.AuthorizationController'].PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent(row.id), options);
po.open(contextPath+"/authorization/${AnalysisProject.AUTHORIZATION_RESOURCE_TYPE}/" + row.id +"/query", options);
});
});

191
datagear-web/src/main/resources/org/datagear/web/templates/authorization/authorization_form.ftl
View File

@ -18,18 +18,10 @@ readonly 是否只读操作允许为null
<#assign readonly=(readonly!false)>
<#assign isAdd=(formAction == 'saveAdd')>
<#assign Authorization=statics['org.datagear.management.domain.Authorization']>
<#assign resourceTypePattern=resourceMeta.resourceType + Authorization.PATTERN_RESOURCE_TYPE_SUFFIX>
<#assign resourceType=((authorization.resourceType)!resourceMeta.resourceType)>
<#assign principalType=((authorization.principalType)!Authorization.PRINCIPAL_TYPE_USER)>
<#assign permission=((authorization.permission)!resourceMeta.permissionMetas[0].permission)>
<#assign enabled=(((authorization.enabled)!true)?string('true', 'false'))>
<#assign isResourceTypePattern=(resourceType == resourceTypePattern)>
<#if assignedResource??>
<#assign resource=assignedResource>
<#else>
<#assign resource=((authorization.resource)!'')>
</#if>
<html>
<head>
@ -39,69 +31,13 @@ readonly 是否只读操作允许为null
<body>
<#include "../include/page_js_obj.ftl" >
<div id="${pageId}" class="page-form page-form-authorization">
<form id="${pageId}-form" action="${contextPath}/authorization/${resourceMeta.resourceType}/${formAction}" method="POST">
<form id="${pageId}-form" action="${contextPath}/authorization/${resourceMeta.resourceType}/${resource}/${formAction}" method="POST">
<div class="form-head"></div>
<div class="form-content">
<input type="hidden" name="id" value="${(authorization.id)!''}" />
<input type="hidden" name="resource" value="${resource}" />
<input type="hidden" name="principal" value="${(authorization.principal)!''}" />
<#if assignedResource??>
<input type="hidden" name="resourceType" value="${resourceType}" />
<#else>
<#if (resourceMeta.supportSelectResource && resourceMeta.supportPatternResource)>
<div class="form-item form-item-resourceType">
<div class="form-item-label">
<label><@spring.message code='${resourceMeta.authResourceTypeLabel}' /></label>
</div>
<div class="form-item-value">
<div class="resourceType-radios">
<label for="${pageId}-resourceType_0" title="<@spring.message code='${resourceMeta.authModeSelectResourceLabelDesc}' />">
<@spring.message code='${resourceMeta.authModeSelectResourceLabel}' />
</label>
<input type="radio" id="${pageId}-resourceType_0" name="resourceType" value="${resourceMeta.resourceType}" />
<label for="${pageId}-resourceType_1" title="<@spring.message code='${resourceMeta.authModePatternResourceLabelDesc}' />">
<@spring.message code='${resourceMeta.authModePatternResourceLabel}' />
</label>
<input type="radio" id="${pageId}-resourceType_1" name="resourceType" value="${resourceTypePattern}" />
</div>
</div>
</div>
<#elseif resourceMeta.supportPatternResource>
<input type="hidden" name="resourceType" value="${resourceTypePattern}" />
<#else>
<input type="hidden" name="resourceType" value="${resourceType}" />
</#if>
<#if resourceMeta.supportSelectResource>
<div class="form-item form-item-resource-name-entity">
<div class="form-item-label">
<label><@spring.message code='${resourceMeta.resouceTypeLabel}' /></label>
</div>
<div class="form-item-value">
<input type="text" name="resourceNameForEntity" value="${isResourceTypePattern?string('', (authorization.resourceName)!'')}" class="ui-widget ui-widget-content" readonly="readonly" />
<#if !readonly>
<button type="button" class="resource-select-button"><@spring.message code='select' /></button>
</#if>
</div>
</div>
</#if>
<#if resourceMeta.supportPatternResource>
<div class="form-item form-item-resource-name-pattern">
<div class="form-item-label">
<label><@spring.message code='${resourceMeta.resouceTypeLabel}' /></label>
</div>
<div class="form-item-value">
<input type="text" name="resourceNameForPattern" value="${(!isResourceTypePattern)?string('', (authorization.resourceName)!'')}" class="ui-widget ui-widget-content" />
<#if !readonly>
<#--占位按钮,避免切换时界面尺寸变化-->
<button type="button" style="visibility: hidden; padding-left: 0; padding-right: 0; width: 1px; margin-left: -3px; margin-right: 0;">&nbsp;</button>
</#if>
</div>
</div>
</#if>
</#if>
<input type="hidden" name="resourceType" value="${resourceMeta.resourceType}" />
<div class="form-item">
<div class="form-item-label">
@ -224,27 +160,6 @@ readonly 是否只读操作允许为null
<#if !readonly>
<#if resourceMeta.supportSelectResource>
po.element(".resource-select-button").click(function()
{
var options =
{
pageParam :
{
select : function(res)
{
po.element("input[name='resource']").val(res.${resourceMeta.selectResourceIdField});
po.element("input[name='resourceNameForEntity']").val(res.${resourceMeta.selectResourceNameField});
}
}
};
$.setGridPageHeightOption(options);
po.open("${contextPath}${resourceMeta.selectResourceURL}", options);
});
</#if>
po.element(".principal-user-select-button").click(function()
{
var options =
@ -310,13 +225,6 @@ readonly 是否只读操作允许为null
},
submitHandler : function(form)
{
<#if assignedResource??>
<#else>
var resourceType = po.element("input[name='resourceType']:checked").val();
if(resourceType == '${resourceTypePattern}')
po.element("input[name='resource']").val(po.element("input[name='resourceNameForPattern']").val());
</#if>
$(form).ajaxSubmit(
{
success : function()
@ -332,70 +240,6 @@ readonly 是否只读操作允许为null
});
</#if>
<#if assignedResource??>
<#else>
<#if (resourceMeta.supportSelectResource && resourceMeta.supportPatternResource)>
po.element("input[name='resourceType']").on("change", function()
{
var val = $(this).val();
var $formItemForPattern = po.element(".form-item-resource-name-pattern");
var $formItemForEntity = po.element(".form-item-resource-name-entity");
var $resourceNameForPattern = po.element("input[name='resourceNameForPattern']");
var $resourceNameForEntity = po.element("input[name='resourceNameForEntity']");
if(val == '${resourceMeta.resourceType}')
{
$formItemForPattern.hide();
$formItemForEntity.show();
<#if !readonly>
$resourceNameForPattern.rules("remove");
$resourceNameForEntity.rules("add",
{
"required" : true,
messages : {"required" : "<@spring.message code='validation.required' />"}
});
</#if>
}
else
{
$formItemForPattern.show();
$formItemForEntity.hide();
<#if !readonly>
$resourceNameForPattern.rules("add",
{
"required" : true,
messages : {"required" : "<@spring.message code='validation.required' />"}
});
$resourceNameForEntity.rules("remove");
</#if>
}
});
</#if>
<#if resourceMeta.supportSelectResource>
<#if !readonly>
po.element("input[name='resourceNameForEntity']").rules("add",
{
"required" : true,
messages : {"required" : "<@spring.message code='validation.required' />"}
});
</#if>
</#if>
<#if resourceMeta.supportPatternResource>
<#if !readonly>
po.element("input[name='resourceNameForPattern']").rules("add",
{
"required" : true,
messages : {"required" : "<@spring.message code='validation.required' />"}
});
</#if>
</#if>
</#if>
po.element("input[name='principalType']").on("change", function()
{
var $this = $(this);
@ -424,19 +268,14 @@ readonly 是否只读操作允许为null
</#if>
});
<#if assignedResource??>
<#else>
<#if (resourceMeta.supportSelectResource && resourceMeta.supportPatternResource)>
po.element("input[name='resourceType'][value='${resourceType}']").attr("checked", "checked").change();
po.element("input[name='resourceType']").checkboxradio({icon:false});
po.element(".resourceType-radios").controlgroup();
</#if>
</#if>
po.element("input[name='principalType'][value='${principalType}']").attr("checked", "checked").change();
po.element("input[name='principalType']").checkboxradio({icon:false});
po.element(".principalType-radios").controlgroup();
po.element("input[name='permission'][value='${permission}']").attr("checked", "checked");
po.element("input[name='permission']").checkboxradio({icon:false});
po.element(".permission-radios").controlgroup();
<#if !(resourceMeta.singlePermission)>
po.element("input[name='permission'][value='${permission}']").attr("checked", "checked");
po.element("input[name='permission']").checkboxradio({icon:false});
@ -448,24 +287,6 @@ readonly 是否只读操作允许为null
po.element("input[name='enabled']").checkboxradio({icon:false});
po.element(".enabled-radios").controlgroup();
</#if>
<#if assignedResource??>
<#else>
<#if (resourceMeta.supportSelectResource && resourceMeta.supportPatternResource)>
po.element("input[name='resourceType'][value='${resourceType}']").attr("checked", "checked").change();
</#if>
</#if>
<#--编辑时禁设资源类型,因为管理员也可能编辑普通用户设置的授权,而它们不允许是通配符-->
<#if formAction == 'saveEdit'>
<#if assignedResource??>
<#else>
<#if (resourceMeta.supportSelectResource && resourceMeta.supportPatternResource)>
po.element("input[name='resourceType'][value!='${resourceType}']").attr("disabled", "disabled");
po.element("input[name='resourceType']").checkboxradio("refresh");
</#if>
</#if>
</#if>
})
(${pageId});
</script>

26
datagear-web/src/main/resources/org/datagear/web/templates/authorization/authorization_grid.ftl
View File

@ -13,7 +13,6 @@ String titleMessageKey 标题标签I18N关键字不允许null
ResourceMeta resourceMeta 资源元信息不允许null
-->
<#assign AuthorizationController=statics['org.datagear.web.controller.AuthorizationController']>
<#assign isAssignedResource=(assignedResource??)>
<html>
<head>
<#include "../include/html_head.ftl">
@ -58,21 +57,14 @@ ResourceMeta resourceMeta 资源元信息不允许null
po.url = function(action)
{
return "${contextPath}/authorization/${resourceMeta.resourceType}/" + action;
return "${contextPath}/authorization/${resourceMeta.resourceType}/"
+ encodeURIComponent("${resource?js_string?no_esc}") + "/" + action;
};
po.element("input[name=addButton]").click(function()
{
var data =
{
<#if assignedResource??>
"${AuthorizationController.PARAM_ASSIGNED_RESOURCE}" : "${assignedResource}"
</#if>
};
po.open(po.url("add"),
{
data : data,
pageParam :
{
afterSave : function()
@ -89,9 +81,6 @@ ResourceMeta resourceMeta 资源元信息不允许null
{
var data =
{
<#if assignedResource??>
"${AuthorizationController.PARAM_ASSIGNED_RESOURCE}" : "${assignedResource?js_string?no_esc}",
</#if>
"id" : row.id
};
@ -115,9 +104,6 @@ ResourceMeta resourceMeta 资源元信息不允许null
{
var data =
{
<#if assignedResource??>
"${AuthorizationController.PARAM_ASSIGNED_RESOURCE}" : "${assignedResource?js_string?no_esc}",
</#if>
"id" : row.id
};
@ -150,17 +136,13 @@ ResourceMeta resourceMeta 资源元信息不允许null
var tableColumns = [
$.buildDataTablesColumnSimpleOption("<@spring.message code='id' />", "id", true),
$.buildDataTablesColumnSimpleOption($.buildDataTablesColumnTitleSearchable("<@spring.message code='${resourceMeta.authResourceLabel}' />"), "resourceName", ${isAssignedResource?string('true', 'false')}),
$.buildDataTablesColumnSimpleOption($.buildDataTablesColumnTitleSearchable("<@spring.message code='${resourceMeta.authPrincipalLabel}' />"), "principalName"),
$.buildDataTablesColumnSimpleOption("<@spring.message code='${resourceMeta.authPermissionLabel}' />", "permissionLabel", ${(resourceMeta.singlePermission)?string('true', 'false')}),
columnEnabled,
$.buildDataTablesColumnSimpleOption("<@spring.message code='${resourceMeta.authCreateUserLabel}' />", "createUser.nameLabel")
columnEnabled
];
var url = po.url("queryData");
<#if assignedResource??>
url = po.url("queryData?${AuthorizationController.PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent("${assignedResource?js_string?no_esc}"));
</#if>
var tableSettings = po.buildDataTableSettingsAjax(tableColumns, url);
po.initDataTable(tableSettings);
po.bindResizeDataTable();

3
datagear-web/src/main/resources/org/datagear/web/templates/chart/chart_grid.ftl
View File

@ -180,8 +180,7 @@ boolean readonly 是否只读操作默认为false
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${HtmlChartWidgetEntity.AUTHORIZATION_RESOURCE_TYPE}/query?"
+"${statics['org.datagear.web.controller.AuthorizationController'].PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent(row.id), options);
po.open(contextPath+"/authorization/${HtmlChartWidgetEntity.AUTHORIZATION_RESOURCE_TYPE}/" + row.id +"/query", options);
});
});

3
datagear-web/src/main/resources/org/datagear/web/templates/dashboard/dashboard_grid.ftl
View File

@ -241,8 +241,7 @@ selectOperation 是否选择操作允许为null
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${HtmlTplDashboardWidgetEntity.AUTHORIZATION_RESOURCE_TYPE}/query?"
+"${statics['org.datagear.web.controller.AuthorizationController'].PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent(row.id), options);
po.open(contextPath+"/authorization/${HtmlTplDashboardWidgetEntity.AUTHORIZATION_RESOURCE_TYPE}/" + row.id +"/query", options);
});
});

3
datagear-web/src/main/resources/org/datagear/web/templates/dataSet/dataSet_grid.ftl
View File

@ -185,8 +185,7 @@ boolean readonly 是否只读操作默认为false
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${DataSetEntity.AUTHORIZATION_RESOURCE_TYPE}/query?"
+"${statics['org.datagear.web.controller.AuthorizationController'].PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent(row.id), options);
po.open(contextPath+"/authorization/${DataSetEntity.AUTHORIZATION_RESOURCE_TYPE}/" + row.id +"/query", options);
});
});

3
datagear-web/src/main/resources/org/datagear/web/templates/dataSetResDirectory/dataSetResDirectory_grid.ftl
View File

@ -123,8 +123,7 @@ selectOperation 是否选择操作允许为null
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${DataSetResDirectory.AUTHORIZATION_RESOURCE_TYPE}/query?"
+"${statics['org.datagear.web.controller.AuthorizationController'].PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent(row.id), options);
po.open(contextPath+"/authorization/${DataSetResDirectory.AUTHORIZATION_RESOURCE_TYPE}/" + row.id +"/query", options);
});
});

8
datagear-web/src/main/resources/org/datagear/web/templates/main.ftl
View File

@ -901,11 +901,11 @@ ${detectNewVersionScript?no_esc}
$.setGridPageHeightOption(options);
po.open(contextPath+"/role/pagingQuery", options);
}
else if($item.hasClass("system-set-authorization"))
else if($item.hasClass("system-set-schemaControl"))
{
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${statics['org.datagear.management.domain.Schema'].AUTHORIZATION_RESOURCE_TYPE}/query", options);
po.open(contextPath+"/schemaControl/query", options);
}
else if($item.hasClass("system-set-chartPlugin"))
{
@ -1214,7 +1214,7 @@ ${detectNewVersionScript?no_esc}
var options = {};
$.setGridPageHeightOption(options);
po.open(contextPath+"/authorization/${statics['org.datagear.management.domain.Schema'].AUTHORIZATION_RESOURCE_TYPE}/query?${statics['org.datagear.web.controller.AuthorizationController'].PARAM_ASSIGNED_RESOURCE}="+encodeURIComponent(schemaId), options);
po.open(contextPath+"/authorization/${statics['org.datagear.management.domain.Schema'].AUTHORIZATION_RESOURCE_TYPE}/"+encodeURIComponent(schemaId)+"/query", options);
}
else if($item.hasClass("schema-operation-reload"))
{
@ -1436,7 +1436,7 @@ ${detectNewVersionScript?no_esc}
<#if currentUser.admin>
<li class="system-set-driverEntity"><a href="javascript:void(0);"><@spring.message code='main.manageDriverEntity' /></a></li>
<li class="system-set-schemaUrlBuilder"><a href="javascript:void(0);"><@spring.message code='schemaUrlBuilder.schemaUrlBuilder' /></a></li>
<li class="system-set-authorization"><a href="javascript:void(0);"><@spring.message code='main.manageSchemaAuth' /></a></li>
<li class="system-set-schemaControl"><a href="javascript:void(0);"><@spring.message code='main.manageSchemaControl' /></a></li>
<li class="ui-widget-header"></li>
<li class="system-set-dataSetResDirectory"><a href="javascript:void(0);"><@spring.message code='main.manageDataSetResDirectory' /></a></li>
<li class="system-set-chartPlugin"><a href="javascript:void(0);"><@spring.message code='main.manageChartPlugin' /></a></li>