forked from p81075629/datagear
完善数据权限逻辑
This commit is contained in:
datagear
parent
4b06fb995b
commit
add88dd55f
|
|
@ -43,5 +43,10 @@
|
|||
<artifactId>spring-tx</artifactId>
|
||||
<version>${spring.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.google.guava</groupId>
|
||||
<artifactId>guava</artifactId>
|
||||
<version>19.0</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
|
|||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/** 授权资源类型:数据源实体 */
|
||||
public static final String RESOURCE_TYPE_DATA_SOURCE_ID = "DATA_SOURCE_ID";
|
||||
/** 授权资源类型:数据源 */
|
||||
public static final String RESOURCE_TYPE_DATA_SOURCE = "DATA_SOURCE";
|
||||
|
||||
/** 授权资源类型:数据源通配符 */
|
||||
public static final String RESOURCE_TYPE_DATA_SOURCE_PATTERN = "DATA_SOURCE_PATTERN";
|
||||
/** 授权资源类型:授权 */
|
||||
public static final String RESOURCE_TYPE_AUTHORIZATION = "DATA_SOURCE";
|
||||
|
||||
/** 授权主体类型:全部用户 */
|
||||
public static final String PRINCIPAL_TYPE_ALl = "ALL";
|
||||
|
|
@ -40,14 +40,25 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
|
|||
/** 授权主体:全部用户 */
|
||||
public static final String PRINCIPAL_ALL = "all";
|
||||
|
||||
/*------------------------------------------------------*/
|
||||
/*
|
||||
* 注意:权限值范围必须在[0, 100)之间,因为commonDataPermissionSqls.xml会对权限值取模100。
|
||||
* 这里的权限值都留有间隔,便于各模块扩展自定义权限值。
|
||||
*/
|
||||
|
||||
/** 权限:无 */
|
||||
public static final int PERMISSION_NONE = 0;
|
||||
|
||||
/** 权限:读 */
|
||||
public static final int PERMISSION_READ = 1;
|
||||
/** 权限:读取 */
|
||||
public static final int PERMISSION_READ = 20;
|
||||
|
||||
/** 权限:写 */
|
||||
public static final int PERMISSION_WRITE = 2;
|
||||
/** 权限:编辑 */
|
||||
public static final int PERMISSION_EDIT = 40;
|
||||
|
||||
/** 权限:删除 */
|
||||
public static final int PERMISSION_DELETE = 60;
|
||||
|
||||
/*------------------------------------------------------*/
|
||||
|
||||
/** 授权资源 */
|
||||
private String resource;
|
||||
|
|
@ -192,4 +203,37 @@ public class Authorization extends AbstractStringIdEntity implements CreateUserE
|
|||
+ resourceType + ", principal=" + principal + ", principalType=" + principalType + ", permission="
|
||||
+ permission + ", enabled=" + enabled + "]";
|
||||
}
|
||||
|
||||
/**
|
||||
* 是否为可读取权限。
|
||||
*
|
||||
* @param permission
|
||||
* @return
|
||||
*/
|
||||
public static boolean canRead(int permission)
|
||||
{
|
||||
return (PERMISSION_READ <= permission);
|
||||
}
|
||||
|
||||
/**
|
||||
* 是否为可编辑权限。
|
||||
*
|
||||
* @param permission
|
||||
* @return
|
||||
*/
|
||||
public static boolean canEdit(int permission)
|
||||
{
|
||||
return (PERMISSION_EDIT <= permission);
|
||||
}
|
||||
|
||||
/**
|
||||
* 是否为可删除权限。
|
||||
*
|
||||
* @param permission
|
||||
* @return
|
||||
*/
|
||||
public static boolean canDelete(int permission)
|
||||
{
|
||||
return (PERMISSION_DELETE <= permission);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,54 @@
|
|||
/*
|
||||
* Copyright (c) 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.management.domain;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* 数据ID权限。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class DataIdPermission implements Serializable
|
||||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private String dataId;
|
||||
|
||||
private int permission;
|
||||
|
||||
public DataIdPermission()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
public DataIdPermission(String dataId, int permission)
|
||||
{
|
||||
super();
|
||||
this.dataId = dataId;
|
||||
this.permission = permission;
|
||||
}
|
||||
|
||||
public String getDataId()
|
||||
{
|
||||
return dataId;
|
||||
}
|
||||
|
||||
public void setDataId(String dataId)
|
||||
{
|
||||
this.dataId = dataId;
|
||||
}
|
||||
|
||||
public int getPermission()
|
||||
{
|
||||
return permission;
|
||||
}
|
||||
|
||||
public void setPermission(int permission)
|
||||
{
|
||||
this.permission = permission;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,40 @@
|
|||
/*
|
||||
* Copyright (c) 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.management.domain;
|
||||
|
||||
import org.datagear.model.support.Entity;
|
||||
|
||||
/**
|
||||
* 数据权限实体。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
* @param <ID>
|
||||
*/
|
||||
public interface DataPermissionEntity<ID> extends Entity<ID>
|
||||
{
|
||||
/** 权限未加载 */
|
||||
int PERMISSION_NOT_LOADED = -9;
|
||||
|
||||
/**
|
||||
* 获取数据权限值。
|
||||
* <p>
|
||||
* 参考{@code Authorization.PERMISSION_*}、{@linkplain #PERMISSION_NOT_LOADED}。
|
||||
* </p>
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
int getDataPermission();
|
||||
|
||||
/**
|
||||
* 设置数据权限值。
|
||||
* <p>
|
||||
* 参考{@code Authorization.PERMISSION_*}、{@linkplain #PERMISSION_NOT_LOADED}。
|
||||
* </p>
|
||||
*
|
||||
* @param permission
|
||||
*/
|
||||
void setDataPermission(int permission);
|
||||
}
|
||||
|
|
@ -15,10 +15,20 @@ import org.datagear.model.support.AbstractStringIdEntity;
|
|||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class Schema extends AbstractStringIdEntity implements CreateUserEntity<String>, Cloneable
|
||||
public class Schema extends AbstractStringIdEntity
|
||||
implements CreateUserEntity<String>, DataPermissionEntity<String>, Cloneable
|
||||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/** 数据源内的表数据权限:读取 */
|
||||
public static final int PERMISSION_TABLE_DATA_READ = Authorization.PERMISSION_READ + 1;
|
||||
|
||||
/** 数据源内的表数据权限:编辑 */
|
||||
public static final int PERMISSION_TABLE_DATA_EDIT = Authorization.PERMISSION_READ + 2;
|
||||
|
||||
/** 数据源内的表数据权限:删除 */
|
||||
public static final int PERMISSION_TABLE_DATA_DELETE = Authorization.PERMISSION_READ + 3;
|
||||
|
||||
/** 标题 */
|
||||
private String title;
|
||||
|
||||
|
|
@ -43,6 +53,9 @@ public class Schema extends AbstractStringIdEntity implements CreateUserEntity<S
|
|||
/** 数据库驱动程序路径名 */
|
||||
private DriverEntity driverEntity;
|
||||
|
||||
/** 权限 */
|
||||
private int dataPermission = PERMISSION_NOT_LOADED;
|
||||
|
||||
public Schema()
|
||||
{
|
||||
super();
|
||||
|
|
@ -159,6 +172,18 @@ public class Schema extends AbstractStringIdEntity implements CreateUserEntity<S
|
|||
this.driverEntity = driverEntity;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getDataPermission()
|
||||
{
|
||||
return dataPermission;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setDataPermission(int dataPermission)
|
||||
{
|
||||
this.dataPermission = dataPermission;
|
||||
}
|
||||
|
||||
/**
|
||||
* 清除密码属性值。
|
||||
* <p>
|
||||
|
|
@ -171,18 +196,6 @@ public class Schema extends AbstractStringIdEntity implements CreateUserEntity<S
|
|||
this.password = null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Schema clone() throws CloneNotSupportedException
|
||||
{
|
||||
Schema schema = new Schema(getId(), title, url, user, password);
|
||||
schema.setCreateUser(createUser);
|
||||
schema.setCreateTime(createTime);
|
||||
schema.setShared(shared);
|
||||
schema.setDriverEntity(driverEntity);
|
||||
|
||||
return schema;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ import org.datagear.management.domain.Authorization;
|
|||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public interface AuthorizationService extends EntityService<String, Authorization>
|
||||
public interface AuthorizationService extends DataPermissionEntityService<String, Authorization>
|
||||
{
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,126 @@
|
|||
/*
|
||||
* Copyright (c) 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.management.service;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.datagear.management.domain.Authorization;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.model.support.Entity;
|
||||
import org.datagear.persistence.PagingData;
|
||||
import org.datagear.persistence.PagingQuery;
|
||||
import org.datagear.persistence.Query;
|
||||
|
||||
/**
|
||||
* 数据权限{@linkplain EntityService}。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
* @param <ID>
|
||||
* @param <T>
|
||||
*/
|
||||
public interface DataPermissionEntityService<ID, T extends Entity<ID>> extends EntityService<ID, T>
|
||||
{
|
||||
/** 数据权限参数:当前用户,参考commonDataPermissionSqls.xml */
|
||||
String DATA_PERMISSION_PARAM_CURRENT_USER = "DP_CURRENT_USER";
|
||||
|
||||
/** 数据权限参数:资源类型,参考commonDataPermissionSqls.xml */
|
||||
String DATA_PERMISSION_PARAM_RESOURCE_TYPE = "DP_RESOURCE_TYPE";
|
||||
|
||||
/** 数据权限参数:资源是否支持模式匹配,参考commonDataPermissionSqls.xml */
|
||||
String DATA_PERMISSION_PARAM_RESOURCE_SUPPORT_PATTERN = "DP_RESOURCE_SUPPORT_PATTERN";
|
||||
|
||||
/** 数据权限参数:资源是否有创建用户,参考commonDataPermissionSqls.xml */
|
||||
String DATA_PERMISSION_PARAM_RESOURCE_HAS_CREATOR = "DP_RESOURCE_HAS_CREATOR";
|
||||
|
||||
/** 数据权限参数:最大权限值 */
|
||||
String DATA_PERMISSION_PARAM_MAX_PERMISSION = "DP_MAX_PERMISSION";
|
||||
|
||||
/**
|
||||
* 获取数据权限。
|
||||
* <p>
|
||||
* 返回结果参考{@linkplain Authorization}类的{@code PERMISSION_*}。
|
||||
* </p>
|
||||
*
|
||||
* @param user
|
||||
* @param id
|
||||
* @return
|
||||
*/
|
||||
int getPermission(User user, ID id);
|
||||
|
||||
/**
|
||||
* 获取数据权限。
|
||||
* <p>
|
||||
* 返回结果参考{@linkplain Authorization}类的{@code PERMISSION_*}。
|
||||
* </p>
|
||||
*
|
||||
* @param user
|
||||
* @param ids
|
||||
* @return
|
||||
*/
|
||||
int[] getPermissions(User user, ID[] ids);
|
||||
|
||||
/**
|
||||
* 授权更新。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param entity
|
||||
* @return
|
||||
* @throws PermissionDeniedException
|
||||
*/
|
||||
boolean update(User user, T entity) throws PermissionDeniedException;
|
||||
|
||||
/**
|
||||
* 授权删除。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param id
|
||||
* @throws PermissionDeniedException
|
||||
*/
|
||||
boolean deleteById(User user, ID id) throws PermissionDeniedException;
|
||||
|
||||
/**
|
||||
* 授权删除。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param ids
|
||||
* @throws PermissionDeniedException
|
||||
*/
|
||||
boolean[] deleteByIds(User user, ID[] ids) throws PermissionDeniedException;
|
||||
|
||||
/**
|
||||
* 授权根据ID获取。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param id
|
||||
* @return
|
||||
* @throws PermissionDeniedException
|
||||
*/
|
||||
T getById(User user, ID id) throws PermissionDeniedException;
|
||||
|
||||
/**
|
||||
* 授权查询。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param query
|
||||
* @return
|
||||
*/
|
||||
List<T> query(User user, Query query);
|
||||
|
||||
/**
|
||||
* 授权分页查询。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param pagingQuery
|
||||
* @return
|
||||
*/
|
||||
PagingData<T> pagingQuery(User user, PagingQuery pagingQuery);
|
||||
}
|
||||
|
|
@ -6,7 +6,6 @@ package org.datagear.management.service;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.model.support.Entity;
|
||||
import org.datagear.persistence.PagingData;
|
||||
import org.datagear.persistence.PagingQuery;
|
||||
|
|
@ -36,19 +35,6 @@ public interface EntityService<ID, T extends Entity<ID>>
|
|||
*/
|
||||
boolean update(T entity);
|
||||
|
||||
/**
|
||||
* 授权更新。
|
||||
* <p>
|
||||
* 返回{@code false}表明记录已不存在或者操作用户无权限。
|
||||
* </p>
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param schema
|
||||
* @return
|
||||
*/
|
||||
boolean update(User user, T entity);
|
||||
|
||||
/**
|
||||
* 删除。
|
||||
*
|
||||
|
|
@ -63,30 +49,6 @@ public interface EntityService<ID, T extends Entity<ID>>
|
|||
*/
|
||||
boolean[] deleteByIds(ID[] ids);
|
||||
|
||||
/**
|
||||
* 授权删除。
|
||||
* <p>
|
||||
* 返回{@code false}表明记录已不存在或者操作用户无权限。
|
||||
* </p>
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param id
|
||||
*/
|
||||
boolean deleteById(User user, ID id);
|
||||
|
||||
/**
|
||||
* 授权删除。
|
||||
* <p>
|
||||
* 返回{@code false}表明记录已不存在或者操作用户无权限。
|
||||
* </p>
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param ids
|
||||
*/
|
||||
boolean[] deleteByIds(User user, ID[] ids);
|
||||
|
||||
/**
|
||||
* 根据ID获取。
|
||||
*
|
||||
|
|
@ -95,19 +57,6 @@ public interface EntityService<ID, T extends Entity<ID>>
|
|||
*/
|
||||
T getById(ID id);
|
||||
|
||||
/**
|
||||
* 授权根据ID获取。
|
||||
* <p>
|
||||
* 返回{@code null}表明记录已不存在或者操作用户无权限。
|
||||
* </p>
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param id
|
||||
* @return
|
||||
*/
|
||||
T getById(User user, ID id);
|
||||
|
||||
/**
|
||||
* 查询。
|
||||
*
|
||||
|
|
@ -116,16 +65,6 @@ public interface EntityService<ID, T extends Entity<ID>>
|
|||
*/
|
||||
List<T> query(Query query);
|
||||
|
||||
/**
|
||||
* 授权查询。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param query
|
||||
* @return
|
||||
*/
|
||||
List<T> query(User user, Query query);
|
||||
|
||||
/**
|
||||
* 分页查询。
|
||||
*
|
||||
|
|
@ -134,14 +73,4 @@ public interface EntityService<ID, T extends Entity<ID>>
|
|||
* @return
|
||||
*/
|
||||
PagingData<T> pagingQuery(PagingQuery pagingQuery);
|
||||
|
||||
/**
|
||||
* 授权分页查询。
|
||||
*
|
||||
* @param user
|
||||
* 操作用户
|
||||
* @param pagingQuery
|
||||
* @return
|
||||
*/
|
||||
PagingData<T> pagingQuery(User user, PagingQuery pagingQuery);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
package org.datagear.management.service;
|
||||
|
||||
import org.datagear.management.domain.GlobalSetting;
|
||||
import org.datagear.management.domain.User;
|
||||
|
||||
/**
|
||||
* {@linkplain GlobalSetting}业务服务接口。
|
||||
|
|
@ -22,15 +21,6 @@ public interface GlobalSettingService
|
|||
*/
|
||||
void save(GlobalSetting globalSetting);
|
||||
|
||||
/**
|
||||
* 授权保存。
|
||||
*
|
||||
* @param user
|
||||
* @param globalSetting
|
||||
* @return
|
||||
*/
|
||||
boolean save(User user, GlobalSetting globalSetting);
|
||||
|
||||
/**
|
||||
* 获取。
|
||||
*
|
||||
|
|
|
|||
|
|
@ -0,0 +1,36 @@
|
|||
/*
|
||||
* Copyright (c) 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.management.service;
|
||||
|
||||
/**
|
||||
* 无权执行异常。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class PermissionDeniedException extends RuntimeException
|
||||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
public PermissionDeniedException()
|
||||
{
|
||||
super("Permission denied");
|
||||
}
|
||||
|
||||
public PermissionDeniedException(String message, Throwable cause)
|
||||
{
|
||||
super(message, cause);
|
||||
}
|
||||
|
||||
public PermissionDeniedException(String message)
|
||||
{
|
||||
super(message);
|
||||
}
|
||||
|
||||
public PermissionDeniedException(Throwable cause)
|
||||
{
|
||||
super(cause);
|
||||
}
|
||||
}
|
||||
|
|
@ -12,7 +12,7 @@ import org.datagear.management.domain.Schema;
|
|||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public interface SchemaService extends EntityService<String, Schema>
|
||||
public interface SchemaService extends DataPermissionEntityService<String, Schema>
|
||||
{
|
||||
/**
|
||||
* 更新创建用户ID。
|
||||
|
|
|
|||
|
|
@ -0,0 +1,219 @@
|
|||
/*
|
||||
* Copyright 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.management.service.impl;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.ibatis.session.SqlSessionFactory;
|
||||
import org.datagear.management.domain.Authorization;
|
||||
import org.datagear.management.domain.DataIdPermission;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.management.service.DataPermissionEntityService;
|
||||
import org.datagear.management.service.PermissionDeniedException;
|
||||
import org.datagear.model.support.Entity;
|
||||
import org.datagear.persistence.PagingData;
|
||||
import org.datagear.persistence.PagingQuery;
|
||||
import org.datagear.persistence.Query;
|
||||
import org.mybatis.spring.SqlSessionTemplate;
|
||||
|
||||
/**
|
||||
* 抽象基于Mybatis的{@linkplain DataPermissionEntityService}实现类。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public abstract class AbstractMybatisDataPermissionEntityService<ID, T extends Entity<ID>>
|
||||
extends AbstractMybatisEntityService<ID, T> implements DataPermissionEntityService<ID, T>
|
||||
{
|
||||
public AbstractMybatisDataPermissionEntityService()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
public AbstractMybatisDataPermissionEntityService(SqlSessionFactory sqlSessionFactory)
|
||||
{
|
||||
super(sqlSessionFactory);
|
||||
}
|
||||
|
||||
public AbstractMybatisDataPermissionEntityService(SqlSessionTemplate sqlSessionTemplate)
|
||||
{
|
||||
super(sqlSessionTemplate);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getPermission(User user, ID id)
|
||||
{
|
||||
List<ID> ids = new ArrayList<ID>(1);
|
||||
ids.add(id);
|
||||
|
||||
List<Integer> permissions = getPermissions(user, ids, Authorization.PERMISSION_NONE);
|
||||
|
||||
return permissions.get(0);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int[] getPermissions(User user, ID[] ids)
|
||||
{
|
||||
List<ID> idList = Arrays.asList(ids);
|
||||
|
||||
List<Integer> permissions = getPermissions(user, idList, Authorization.PERMISSION_NONE);
|
||||
|
||||
int[] re = new int[permissions.size()];
|
||||
|
||||
for (int i = 0; i < re.length; i++)
|
||||
re[i] = permissions.get(i);
|
||||
|
||||
return re;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean update(User user, T entity)
|
||||
{
|
||||
int permission = getPermission(user, entity.getId());
|
||||
|
||||
if (!Authorization.canEdit(permission))
|
||||
throw new PermissionDeniedException();
|
||||
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addDataPermissionParameters(params, user);
|
||||
|
||||
return update(entity, params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteById(User user, ID id)
|
||||
{
|
||||
int permission = getPermission(user, id);
|
||||
|
||||
if (!Authorization.canDelete(permission))
|
||||
throw new PermissionDeniedException();
|
||||
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addDataPermissionParameters(params, user);
|
||||
|
||||
return deleteById(id, params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean[] deleteByIds(User user, ID[] ids)
|
||||
{
|
||||
int[] permissions = getPermissions(user, ids);
|
||||
|
||||
for (int i = 0; i < permissions.length; i++)
|
||||
{
|
||||
if (!Authorization.canDelete(permissions[i]))
|
||||
throw new PermissionDeniedException();
|
||||
}
|
||||
|
||||
boolean[] re = new boolean[ids.length];
|
||||
|
||||
for (int i = 0; i < ids.length; i++)
|
||||
re[i] = deleteById(user, ids[i]);
|
||||
|
||||
return re;
|
||||
}
|
||||
|
||||
@Override
|
||||
public T getById(User user, ID id)
|
||||
{
|
||||
int permission = getPermission(user, id);
|
||||
|
||||
if (!Authorization.canRead(permission))
|
||||
throw new PermissionDeniedException();
|
||||
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addDataPermissionParameters(params, user);
|
||||
|
||||
return getById(id, params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<T> query(User user, Query query)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addDataPermissionParameters(params, user);
|
||||
|
||||
return query(query, params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public PagingData<T> pagingQuery(User user, PagingQuery pagingQuery)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addDataPermissionParameters(params, user);
|
||||
|
||||
return pagingQuery(pagingQuery, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取权限列表。
|
||||
*
|
||||
* @param user
|
||||
* @param ids
|
||||
* @param permissionForAbsence
|
||||
* @return
|
||||
*/
|
||||
protected List<Integer> getPermissions(User user, List<ID> ids, int permissionForAbsence)
|
||||
{
|
||||
Map<String, Object> params = buildParamMapWithIdentifierQuoteParameter();
|
||||
addDataPermissionParameters(params, user);
|
||||
params.put("ids", ids);
|
||||
|
||||
List<DataIdPermission> dataPermissions = selectListMybatis("getDataIdPermissions", params);
|
||||
|
||||
List<Integer> re = new ArrayList<Integer>(ids.size());
|
||||
|
||||
for (int i = 0, len = ids.size(); i < len; i++)
|
||||
{
|
||||
Integer permission = null;
|
||||
String myId = ids.get(i).toString();
|
||||
|
||||
for (DataIdPermission p : dataPermissions)
|
||||
{
|
||||
if (myId.equals(p.getDataId()))
|
||||
{
|
||||
permission = p.getPermission();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (permission == null)
|
||||
permission = permissionForAbsence;
|
||||
|
||||
re.add(permission);
|
||||
}
|
||||
|
||||
return re;
|
||||
}
|
||||
|
||||
/**
|
||||
* 添加数据权限SQL参数。
|
||||
*
|
||||
* @param params
|
||||
* @param user
|
||||
*/
|
||||
protected abstract void addDataPermissionParameters(Map<String, Object> params, User user);
|
||||
|
||||
/**
|
||||
* 添加数据权限SQL参数。
|
||||
*
|
||||
* @param params
|
||||
* @param user
|
||||
* @param resourceType
|
||||
* @param resourceSupportPattern
|
||||
* @param resourceHasCreator
|
||||
*/
|
||||
protected void addDataPermissionParameters(Map<String, Object> params, User user, String resourceType,
|
||||
boolean resourceSupportPattern, boolean resourceHasCreator)
|
||||
{
|
||||
params.put(DATA_PERMISSION_PARAM_CURRENT_USER, user);
|
||||
params.put(DATA_PERMISSION_PARAM_RESOURCE_SUPPORT_PATTERN, resourceSupportPattern);
|
||||
params.put(DATA_PERMISSION_PARAM_RESOURCE_HAS_CREATOR, resourceHasCreator);
|
||||
params.put(DATA_PERMISSION_PARAM_MAX_PERMISSION, Authorization.PERMISSION_DELETE);
|
||||
}
|
||||
}
|
||||
|
|
@ -8,7 +8,6 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
|
||||
import org.apache.ibatis.session.SqlSessionFactory;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.management.service.EntityService;
|
||||
import org.datagear.model.support.Entity;
|
||||
import org.datagear.persistence.PagingData;
|
||||
|
|
@ -17,7 +16,7 @@ import org.datagear.persistence.Query;
|
|||
import org.mybatis.spring.SqlSessionTemplate;
|
||||
|
||||
/**
|
||||
* 抽象基于Mybatis的服务类。
|
||||
* 抽象基于Mybatis的{@linkplain EntityService}实现类。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
|
|
@ -52,12 +51,6 @@ public abstract class AbstractMybatisEntityService<ID, T extends Entity<ID>> ext
|
|||
return super.update(entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean update(User user, T entity)
|
||||
{
|
||||
return super.update(user, entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteById(ID id)
|
||||
{
|
||||
|
|
@ -75,26 +68,6 @@ public abstract class AbstractMybatisEntityService<ID, T extends Entity<ID>> ext
|
|||
return re;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteById(User user, ID id)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return deleteById(id, params);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean[] deleteByIds(User user, ID[] ids)
|
||||
{
|
||||
boolean[] re = new boolean[ids.length];
|
||||
|
||||
for (int i = 0; i < ids.length; i++)
|
||||
re[i] = deleteById(user, ids[i]);
|
||||
|
||||
return re;
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除。
|
||||
*
|
||||
|
|
@ -116,15 +89,6 @@ public abstract class AbstractMybatisEntityService<ID, T extends Entity<ID>> ext
|
|||
return getById(id, buildParamMap());
|
||||
}
|
||||
|
||||
@Override
|
||||
public T getById(User user, ID id)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return getById(id, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取。
|
||||
*
|
||||
|
|
@ -148,21 +112,9 @@ public abstract class AbstractMybatisEntityService<ID, T extends Entity<ID>> ext
|
|||
return super.query(query);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<T> query(User user, Query query)
|
||||
{
|
||||
return super.query(user, query);
|
||||
}
|
||||
|
||||
@Override
|
||||
public PagingData<T> pagingQuery(PagingQuery pagingQuery)
|
||||
{
|
||||
return super.pagingQuery(pagingQuery);
|
||||
}
|
||||
|
||||
@Override
|
||||
public PagingData<T> pagingQuery(User user, PagingQuery pagingQuery)
|
||||
{
|
||||
return super.pagingQuery(user, pagingQuery);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -34,8 +34,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
{
|
||||
public static final String DEFAULT_IDENTIFIER_QUOTE_KEY = "_iq_";
|
||||
|
||||
public static final String DEFAULT_OPERATOR_KEY = "OPERATOR";
|
||||
|
||||
/** 查询参数:关键字 */
|
||||
public static final String QUERY_PARAM_NOT_LIKE = "queryNotLike";
|
||||
|
||||
|
|
@ -65,8 +63,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
|
||||
private String identifierQuoteKey = DEFAULT_IDENTIFIER_QUOTE_KEY;
|
||||
|
||||
private String operatorKey = DEFAULT_OPERATOR_KEY;
|
||||
|
||||
private String identifierQuote = "";
|
||||
|
||||
public AbstractMybatisService()
|
||||
|
|
@ -113,16 +109,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
this.identifierQuoteKey = identifierQuoteKey;
|
||||
}
|
||||
|
||||
public String getOperatorKey()
|
||||
{
|
||||
return operatorKey;
|
||||
}
|
||||
|
||||
public void setOperatorKey(String operatorKey)
|
||||
{
|
||||
this.operatorKey = operatorKey;
|
||||
}
|
||||
|
||||
/**
|
||||
* 添加。
|
||||
*
|
||||
|
|
@ -162,21 +148,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
return update(entity, buildParamMap());
|
||||
}
|
||||
|
||||
/**
|
||||
* 更新。
|
||||
*
|
||||
* @param user
|
||||
* @param entity
|
||||
* @return
|
||||
*/
|
||||
protected boolean update(User user, T entity)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return update(entity, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 更新。
|
||||
*
|
||||
|
|
@ -205,21 +176,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
return delete(obj, buildParamMap());
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除。
|
||||
*
|
||||
* @param user
|
||||
* @param obj
|
||||
* @return
|
||||
*/
|
||||
protected boolean delete(User user, T obj)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return delete(obj, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 删除。
|
||||
*
|
||||
|
|
@ -240,14 +196,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
return get(param, buildParamMap());
|
||||
}
|
||||
|
||||
protected T get(User user, T param)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return get(param, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取。
|
||||
*
|
||||
|
|
@ -276,21 +224,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
return query(query, buildParamMap());
|
||||
}
|
||||
|
||||
/**
|
||||
* 查询。
|
||||
*
|
||||
* @param user
|
||||
* @param query
|
||||
* @return
|
||||
*/
|
||||
protected List<T> query(User user, Query query)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return query(query, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 查询。
|
||||
*
|
||||
|
|
@ -333,21 +266,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
return pagingQuery(pagingQuery, buildParamMap());
|
||||
}
|
||||
|
||||
/**
|
||||
* 分页查询。
|
||||
*
|
||||
* @param user
|
||||
* @param pagingQuery
|
||||
* @return
|
||||
*/
|
||||
protected PagingData<T> pagingQuery(User user, PagingQuery pagingQuery)
|
||||
{
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addOperatorParameter(params, user);
|
||||
|
||||
return pagingQuery(pagingQuery, params);
|
||||
}
|
||||
|
||||
/**
|
||||
* 分页查询。
|
||||
*
|
||||
|
|
@ -645,17 +563,6 @@ public abstract class AbstractMybatisService<T> extends SqlSessionDaoSupport
|
|||
params.put(this.identifierQuoteKey, this.identifierQuote);
|
||||
}
|
||||
|
||||
/**
|
||||
* 添加操作用户参数。
|
||||
*
|
||||
* @param params
|
||||
* @param user
|
||||
*/
|
||||
protected void addOperatorParameter(Map<String, Object> params, User user)
|
||||
{
|
||||
params.put(this.operatorKey, user);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取数据库标识引用符。
|
||||
* <p>
|
||||
|
|
|
|||
|
|
@ -4,8 +4,11 @@
|
|||
|
||||
package org.datagear.management.service.impl;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.ibatis.session.SqlSessionFactory;
|
||||
import org.datagear.management.domain.Authorization;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.management.service.AuthorizationService;
|
||||
import org.mybatis.spring.SqlSessionTemplate;
|
||||
|
||||
|
|
@ -15,7 +18,7 @@ import org.mybatis.spring.SqlSessionTemplate;
|
|||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class AuthorizationServiceImpl extends AbstractMybatisEntityService<String, Authorization>
|
||||
public class AuthorizationServiceImpl extends AbstractMybatisDataPermissionEntityService<String, Authorization>
|
||||
implements AuthorizationService
|
||||
{
|
||||
protected static final String SQL_NAMESPACE = Authorization.class.getName();
|
||||
|
|
@ -35,6 +38,12 @@ public class AuthorizationServiceImpl extends AbstractMybatisEntityService<Strin
|
|||
super(sqlSessionTemplate);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void addDataPermissionParameters(Map<String, Object> params, User user)
|
||||
{
|
||||
addDataPermissionParameters(params, user, Authorization.RESOURCE_TYPE_AUTHORIZATION, false, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getSqlNamespace()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ package org.datagear.management.service.impl;
|
|||
import org.apache.ibatis.session.SqlSessionFactory;
|
||||
import org.datagear.management.domain.GlobalSetting;
|
||||
import org.datagear.management.domain.SmtpSetting;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.management.service.GlobalSettingService;
|
||||
import org.mybatis.spring.SqlSessionTemplate;
|
||||
|
||||
|
|
@ -57,20 +56,6 @@ public class GlobalSettingServiceImpl extends AbstractMybatisService<GlobalSetti
|
|||
super.add(globalSetting);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean save(User user, GlobalSetting globalSetting)
|
||||
{
|
||||
encryptSmtpSettingPasswordIf(globalSetting);
|
||||
|
||||
if (!user.isAdmin())
|
||||
return false;
|
||||
|
||||
if (!super.update(globalSetting))
|
||||
super.add(globalSetting);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public GlobalSetting get()
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,54 +0,0 @@
|
|||
/*
|
||||
* Copyright 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.management.service.impl;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
import org.datagear.management.domain.Schema;
|
||||
import org.datagear.management.service.SchemaService;
|
||||
|
||||
/**
|
||||
* {@linkplain Schema}缓存。
|
||||
* <p>
|
||||
* {@linkplain SchemaService#getById(String)}再会在建立数据库连接时频繁访问,这里使用缓存可以提升性能。
|
||||
* </p>
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public interface SchemaCache
|
||||
{
|
||||
/**
|
||||
* 从缓存中读取{@linkplain Schema}。
|
||||
* <p>
|
||||
* 如果缓存中没有,此方法返回{@code null}。
|
||||
* </p>
|
||||
*
|
||||
* @param schemaId
|
||||
* @return
|
||||
*/
|
||||
Schema getSchema(String schemaId);
|
||||
|
||||
/**
|
||||
* 移除缓存中指定ID的{@linkplain Schema}。
|
||||
*
|
||||
* @param schemaId
|
||||
*/
|
||||
void removeSchema(String schemaId);
|
||||
|
||||
/**
|
||||
* 将指定{@linkplain Schema}放入缓存中。
|
||||
*
|
||||
* @param schema
|
||||
*/
|
||||
void putSchema(Schema schema);
|
||||
|
||||
/**
|
||||
* 获取缓存中的所有{@linkplain Schema#getId()}。
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
Set<String> getAllSchemaIds();
|
||||
}
|
||||
|
|
@ -4,14 +4,13 @@
|
|||
|
||||
package org.datagear.management.service.impl;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.ibatis.session.SqlSessionFactory;
|
||||
import org.datagear.connection.DriverEntity;
|
||||
import org.datagear.connection.DriverEntityManager;
|
||||
import org.datagear.management.domain.Authorization;
|
||||
import org.datagear.management.domain.Schema;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.management.service.SchemaService;
|
||||
|
|
@ -26,14 +25,13 @@ import org.mybatis.spring.SqlSessionTemplate;
|
|||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class SchemaServiceImpl extends AbstractMybatisEntityService<String, Schema> implements SchemaService
|
||||
public class SchemaServiceImpl extends AbstractMybatisDataPermissionEntityService<String, Schema>
|
||||
implements SchemaService
|
||||
{
|
||||
protected static final String SQL_NAMESPACE = Schema.class.getName();
|
||||
|
||||
private DriverEntityManager driverEntityManager;
|
||||
|
||||
private SchemaCache schemaCache;
|
||||
|
||||
public SchemaServiceImpl()
|
||||
{
|
||||
super();
|
||||
|
|
@ -61,116 +59,6 @@ public class SchemaServiceImpl extends AbstractMybatisEntityService<String, Sche
|
|||
this.driverEntityManager = driverEntityManager;
|
||||
}
|
||||
|
||||
public SchemaCache getSchemaCache()
|
||||
{
|
||||
return schemaCache;
|
||||
}
|
||||
|
||||
public void setSchemaCache(SchemaCache schemaCache)
|
||||
{
|
||||
this.schemaCache = schemaCache;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean update(Schema entity)
|
||||
{
|
||||
return super.update(entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean update(User user, Schema entity)
|
||||
{
|
||||
if (this.schemaCache != null)
|
||||
this.schemaCache.removeSchema(entity.getId());
|
||||
|
||||
return super.update(user, entity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteById(String id)
|
||||
{
|
||||
if (this.schemaCache != null)
|
||||
this.schemaCache.removeSchema(id);
|
||||
|
||||
return super.deleteById(id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean deleteById(User user, String id)
|
||||
{
|
||||
if (this.schemaCache != null)
|
||||
this.schemaCache.removeSchema(id);
|
||||
|
||||
return super.deleteById(user, id);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Schema getById(String id)
|
||||
{
|
||||
Schema schema = (this.schemaCache == null ? null : this.schemaCache.getSchema(id));
|
||||
|
||||
if (schema == null)
|
||||
{
|
||||
schema = super.getById(id);
|
||||
|
||||
if (schema != null && this.schemaCache != null)
|
||||
this.schemaCache.putSchema(schema);
|
||||
}
|
||||
|
||||
return cloneIf(schema);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Schema getById(User user, String id)
|
||||
{
|
||||
Schema schema = (this.schemaCache == null ? null : this.schemaCache.getSchema(id));
|
||||
|
||||
if (schema != null)
|
||||
{
|
||||
if (!schema.isShared() && !user.getId().equals(schema.getCreateUser().getId()))
|
||||
schema = null;
|
||||
}
|
||||
else
|
||||
{
|
||||
schema = super.getById(user, id);
|
||||
|
||||
if (schema != null && this.schemaCache != null)
|
||||
this.schemaCache.putSchema(schema);
|
||||
}
|
||||
|
||||
return cloneIf(schema);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Schema> query(Query query)
|
||||
{
|
||||
return cloneIf(super.query(query));
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Schema> query(User user, Query query)
|
||||
{
|
||||
return cloneIf(super.query(user, query));
|
||||
}
|
||||
|
||||
@Override
|
||||
public PagingData<Schema> pagingQuery(PagingQuery pagingQuery)
|
||||
{
|
||||
PagingData<Schema> pagingData = super.pagingQuery(pagingQuery);
|
||||
pagingData.setItems(cloneIf(pagingData.getItems()));
|
||||
|
||||
return pagingData;
|
||||
}
|
||||
|
||||
@Override
|
||||
public PagingData<Schema> pagingQuery(User user, PagingQuery pagingQuery)
|
||||
{
|
||||
PagingData<Schema> pagingData = super.pagingQuery(user, pagingQuery);
|
||||
pagingData.setItems(cloneIf(pagingData.getItems()));
|
||||
|
||||
return pagingData;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Schema getById(String id, Map<String, Object> params)
|
||||
{
|
||||
|
|
@ -208,8 +96,6 @@ public class SchemaServiceImpl extends AbstractMybatisEntityService<String, Sche
|
|||
@Override
|
||||
public int updateCreateUserId(String oldUserId, String newUserId)
|
||||
{
|
||||
deleteCachedSchemaByCreateUserId(oldUserId);
|
||||
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addIdentifierQuoteParameter(params);
|
||||
params.put("oldUserId", oldUserId);
|
||||
|
|
@ -221,8 +107,6 @@ public class SchemaServiceImpl extends AbstractMybatisEntityService<String, Sche
|
|||
@Override
|
||||
public int deleteByUserId(String... userIds)
|
||||
{
|
||||
deleteCachedSchemaByCreateUserId(userIds);
|
||||
|
||||
Map<String, Object> params = buildParamMap();
|
||||
addIdentifierQuoteParameter(params);
|
||||
params.put("userIds", userIds);
|
||||
|
|
@ -230,30 +114,6 @@ public class SchemaServiceImpl extends AbstractMybatisEntityService<String, Sche
|
|||
return updateMybatis("deleteByUserId", params);
|
||||
}
|
||||
|
||||
protected void deleteCachedSchemaByCreateUserId(String... userIds)
|
||||
{
|
||||
if (this.schemaCache == null)
|
||||
return;
|
||||
|
||||
Set<String> cachedIds = this.schemaCache.getAllSchemaIds();
|
||||
|
||||
for (String cachedId : cachedIds)
|
||||
{
|
||||
Schema schema = this.schemaCache.getSchema(cachedId);
|
||||
|
||||
if (schema != null && schema.getCreateUser() != null)
|
||||
{
|
||||
String createUserId = schema.getCreateUser().getId();
|
||||
|
||||
for (String userId : userIds)
|
||||
{
|
||||
if (createUserId.equals(userId))
|
||||
this.schemaCache.removeSchema(cachedId);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void checkInput(Schema entity)
|
||||
{
|
||||
|
|
@ -278,52 +138,10 @@ public class SchemaServiceImpl extends AbstractMybatisEntityService<String, Sche
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 如果设置了缓存则拷贝{@linkplain Schema}。
|
||||
* <p>
|
||||
* {@code get...()}方法返回对象修改属性值后不能影响缓存值,所以要进行拷贝。
|
||||
* </p>
|
||||
*
|
||||
* @param schema
|
||||
* @return
|
||||
*/
|
||||
protected Schema cloneIf(Schema schema)
|
||||
@Override
|
||||
protected void addDataPermissionParameters(Map<String, Object> params, User user)
|
||||
{
|
||||
if (schema == null || this.schemaCache == null)
|
||||
return schema;
|
||||
else
|
||||
{
|
||||
try
|
||||
{
|
||||
return schema.clone();
|
||||
}
|
||||
catch (CloneNotSupportedException e)
|
||||
{
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected List<Schema> cloneIf(List<Schema> schemas)
|
||||
{
|
||||
if (schemas == null || this.schemaCache == null)
|
||||
return schemas;
|
||||
else
|
||||
{
|
||||
List<Schema> clones = new ArrayList<Schema>(schemas.size());
|
||||
|
||||
try
|
||||
{
|
||||
for (Schema schema : schemas)
|
||||
clones.add(schema.clone());
|
||||
|
||||
return clones;
|
||||
}
|
||||
catch (CloneNotSupportedException e)
|
||||
{
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
}
|
||||
addDataPermissionParameters(params, user, Authorization.RESOURCE_TYPE_DATA_SOURCE, true, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -26,18 +26,12 @@
|
|||
AUTH_ENABLED = #{entity.enabled}
|
||||
WHERE
|
||||
AUTH_ID = #{entity.id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND AUTH_CREATE_USER_ID = #{OPERATOR.id}
|
||||
</if>
|
||||
</update>
|
||||
|
||||
<delete id="deleteById">
|
||||
DELETE FROM DATAGEAR_AUTHORIZATION
|
||||
WHERE
|
||||
AUTH_ID = #{id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND AUTH_CREATE_USER_ID = #{OPERATOR.id}
|
||||
</if>
|
||||
</delete>
|
||||
|
||||
<select id="getById" resultType="org.datagear.management.domain.Authorization">
|
||||
|
|
|
|||
|
|
@ -21,18 +21,12 @@
|
|||
ROLE_ENABLED = #{entity.enabled}
|
||||
WHERE
|
||||
ROLE_ID = #{entity.id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND 1=2
|
||||
</if>
|
||||
</update>
|
||||
|
||||
<delete id="deleteById">
|
||||
DELETE FROM DATAGEAR_ROLE
|
||||
WHERE
|
||||
ROLE_ID = #{id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND 1=2
|
||||
</if>
|
||||
</delete>
|
||||
|
||||
<select id="getById" resultType="org.datagear.management.domain.Role">
|
||||
|
|
|
|||
|
|
@ -20,18 +20,12 @@
|
|||
RU_USER_ID = #{entity.user.id}
|
||||
WHERE
|
||||
RU_ID = #{entity.id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND 1=2
|
||||
</if>
|
||||
</update>
|
||||
|
||||
<delete id="deleteById">
|
||||
DELETE FROM DATAGEAR_ROLE_USER
|
||||
WHERE
|
||||
RU_ID = #{id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND 1=2
|
||||
</if>
|
||||
</delete>
|
||||
|
||||
<select id="getById" resultType="org.datagear.management.domain.RoleUser">
|
||||
|
|
|
|||
|
|
@ -26,9 +26,6 @@
|
|||
DRIVER_ENTITY_ID = #{entity.driverEntity.id, jdbcType=VARCHAR}
|
||||
WHERE
|
||||
SCHEMA_ID = #{entity.id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND SCHEMA_CREATE_USER_ID = #{OPERATOR.id}
|
||||
</if>
|
||||
</update>
|
||||
|
||||
<update id="updateCreateUserId">
|
||||
|
|
@ -42,9 +39,6 @@
|
|||
DELETE FROM DATAGEAR_SCHEMA
|
||||
WHERE
|
||||
SCHEMA_ID = #{id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND SCHEMA_CREATE_USER_ID = #{OPERATOR.id}
|
||||
</if>
|
||||
</delete>
|
||||
|
||||
<delete id="deleteByUserId">
|
||||
|
|
@ -60,22 +54,57 @@
|
|||
SELECT
|
||||
T.*
|
||||
FROM
|
||||
(<include refid="queryView" />) T
|
||||
(<include refid="queryViewDataPermission" />) T
|
||||
WHERE
|
||||
<include refid="queryCondition" />
|
||||
AND T.${_iq_}id${_iq_} = #{id}
|
||||
T.${_iq_}id${_iq_} = #{id}
|
||||
</select>
|
||||
|
||||
<select id="getDataIdPermissions" resultType="org.datagear.management.domain.DataIdPermission">
|
||||
SELECT
|
||||
T.DATA_ID as ${_iq_}dataId${_iq_},
|
||||
T.DATA_PERMISSION as ${_iq_}permission${_iq_}
|
||||
FROM
|
||||
(
|
||||
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
|
||||
<include refid="queryView" />
|
||||
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
|
||||
) T
|
||||
WHERE
|
||||
<foreach item="item" collection="ids" separator=" OR ">T.DATA_ID = #{item}</foreach>
|
||||
</select>
|
||||
|
||||
<select id="query" resultType="org.datagear.management.domain.Schema">
|
||||
SELECT
|
||||
T.*
|
||||
FROM
|
||||
(<include refid="queryView" />) T
|
||||
(<include refid="queryViewDataPermission" />) T
|
||||
WHERE
|
||||
<include refid="queryCondition" />
|
||||
<include refid="common.queryOrder" />
|
||||
</select>
|
||||
|
||||
<sql id="queryViewDataPermission">
|
||||
<choose><when test="DP_CURRENT_USER == null">
|
||||
<include refid="queryView" />
|
||||
</when><otherwise>
|
||||
SELECT
|
||||
T0.*,
|
||||
T1.DATA_PERMISSION as ${_iq_}dataPermission${_iq_}
|
||||
FROM
|
||||
(<include refid="queryView" />) T0
|
||||
INNER JOIN
|
||||
(
|
||||
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
|
||||
<include refid="queryView" />
|
||||
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
|
||||
) T1
|
||||
ON
|
||||
T0.${_iq_}id${_iq_} = T1.DATA_ID
|
||||
WHERE
|
||||
T1.DATA_PERMISSION > 0
|
||||
</otherwise></choose>
|
||||
</sql>
|
||||
|
||||
<sql id="queryView">
|
||||
SELECT
|
||||
A.SCHEMA_ID AS ${_iq_}id${_iq_},
|
||||
|
|
@ -91,7 +120,11 @@
|
|||
B.USER_REAL_NAME AS ${_iq_}createUser.realName${_iq_},
|
||||
(CASE WHEN B.USER_IS_ADMIN IS NULL THEN '0' ELSE B.USER_IS_ADMIN END) AS ${_iq_}createUser.admin${_iq_},
|
||||
(CASE WHEN B.USER_ID IS NULL THEN '1' ELSE '0' END) AS ${_iq_}createUser.anonymous${_iq_},
|
||||
B.USER_CREATE_TIME AS ${_iq_}createUser.createTime${_iq_}
|
||||
B.USER_CREATE_TIME AS ${_iq_}createUser.createTime${_iq_},
|
||||
|
||||
A.SCHEMA_ID AS DP_AUTH_DATA_ID,
|
||||
A.SCHEMA_URL AS DP_AUTH_DATA_PATTERN_SRC,
|
||||
A.SCHEMA_CREATE_USER_ID AS DP_AUTH_DATA_CREATOR_ID
|
||||
FROM
|
||||
DATAGEAR_SCHEMA A
|
||||
LEFT JOIN
|
||||
|
|
@ -110,9 +143,6 @@
|
|||
OR ${_iq_}createUser.realName${_iq_} LIKE #{queryKeyword}
|
||||
)
|
||||
</if>
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND (T.${_iq_}createUser.id${_iq_} = #{OPERATOR.id} OR T.${_iq_}shared${_iq_} = 'true')
|
||||
</if>
|
||||
<include refid="common.queryCondition" />
|
||||
</sql>
|
||||
</mapper>
|
||||
|
|
@ -25,9 +25,6 @@
|
|||
USER_IS_ADMIN = #{entity.admin}
|
||||
WHERE
|
||||
USER_ID = #{entity.id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND USER_ID = #{OPERATOR.id}
|
||||
</if>
|
||||
</update>
|
||||
|
||||
<update id="updatePasswordById">
|
||||
|
|
@ -41,9 +38,6 @@
|
|||
DELETE FROM DATAGEAR_USER
|
||||
WHERE
|
||||
USER_ID = #{id}
|
||||
<if test="OPERATOR != null and OPERATOR.admin != true">
|
||||
AND USER_ID = #{OPERATOR.id}
|
||||
</if>
|
||||
</delete>
|
||||
|
||||
<select id="getById" resultType="org.datagear.management.domain.User">
|
||||
|
|
|
|||
|
|
@ -6,11 +6,17 @@
|
|||
<!--
|
||||
指定用户对特定资源类型数据的查询视图
|
||||
|
||||
使用示例:
|
||||
<include refid="commonDataPermission.dataIdPermissionQueryViewHead" />
|
||||
SELECT ID AS DP_AUTH_DATA_ID, NAME AS DP_AUTH_DATA_PATTERN_SRC, CREATOR_ID AS DP_AUTH_DATA_CREATOR_ID FROM TABLE_0
|
||||
<include refid="commonDataPermission.dataIdPermissionQueryViewFoot" />
|
||||
|
||||
查询参数:
|
||||
DP_CURRENT_USER 必填,当前查询用户,类型:org.datagear.management.domain.User
|
||||
DP_RESOURCE_TYPE 必填,授权资源类型,类型:String
|
||||
DP_RESOURCE_SUPPORT_PATTERN 可选,是否支持模式匹配,默认为false,类型:Boolean
|
||||
DP_RESOURCE_HAS_CREATOR 可选,资源表是否有创建用户,默认为false,类型:Boolean
|
||||
DP_MAX_PERMISSION 必填,最大权限值,类型:int
|
||||
|
||||
IDQV字段:
|
||||
DP_AUTH_DATA_ID 必填,数据ID,类型:字符串
|
||||
|
|
@ -25,13 +31,13 @@
|
|||
<choose><when test="DP_CURRENT_USER.admin == true">
|
||||
SELECT
|
||||
IDQV.DP_AUTH_DATA_ID AS DATA_ID,
|
||||
2 AS DATA_PERMISSION
|
||||
${DP_MAX_PERMISSION} AS DATA_PERMISSION
|
||||
FROM
|
||||
(
|
||||
</when><otherwise>
|
||||
SELECT
|
||||
IDPQV.DATA_ID,
|
||||
MOD(MAX(DISTINCT IDPQV.AUTH_PRIORITY_PERMISSION), 10) AS DATA_PERMISSION
|
||||
MOD(MAX(DISTINCT IDPQV.AUTH_PRIORITY_PERMISSION), 100) AS DATA_PERMISSION
|
||||
FROM
|
||||
(
|
||||
SELECT
|
||||
|
|
@ -42,16 +48,16 @@
|
|||
<choose><when test="DP_RESOURCE_HAS_CREATOR == true">
|
||||
(
|
||||
CASE
|
||||
WHEN DP_AUTH_DATA_CREATOR_ID = '${DP_CURRENT_USER.id}' THEN 2
|
||||
WHEN DP_AUTH_DATA_CREATOR_ID IS NOT NULL AND DP_AUTH_DATA_CREATOR_ID = '${DP_CURRENT_USER.id}' THEN ${DP_MAX_PERMISSION}
|
||||
ELSE 0
|
||||
END
|
||||
)
|
||||
</when><otherwise>
|
||||
0
|
||||
</otherwise></choose>
|
||||
/*优先级加权至权限值,便于通过单个MAX取得优先级最高的那个权限值*/
|
||||
WHEN '${DP_RESOURCE_TYPE}_PATTERN' THEN (10 + PQV.AUTH_PRIORITY_PERMISSION)
|
||||
WHEN '${DP_RESOURCE_TYPE}' THEN (20 + PQV.AUTH_PRIORITY_PERMISSION)
|
||||
/*模式匹配优先级低于具体资源优先级*/
|
||||
WHEN '${DP_RESOURCE_TYPE}_PATTERN' THEN (100 + PQV.AUTH_PRIORITY_PERMISSION)
|
||||
WHEN '${DP_RESOURCE_TYPE}' THEN (200 + PQV.AUTH_PRIORITY_PERMISSION)
|
||||
END
|
||||
) AS AUTH_PRIORITY_PERMISSION
|
||||
FROM
|
||||
|
|
@ -70,7 +76,7 @@
|
|||
) PQV
|
||||
ON
|
||||
(PQV.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}' AND PQV.AUTH_RESOURCE = IDQV.DP_AUTH_DATA_ID)
|
||||
<if test='DP_RESOURCE_SUPPORT_PATTERN != null && DP_RESOURCE_SUPPORT_PATTERN == true'>
|
||||
<if test='DP_RESOURCE_SUPPORT_PATTERN != null and DP_RESOURCE_SUPPORT_PATTERN == true'>
|
||||
OR (PQV.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}_PATTERN' AND IDQV.DP_AUTH_DATA_PATTERN_SRC LIKE PQV.AUTH_RESOURCE)
|
||||
</if>
|
||||
) IDPQV
|
||||
|
|
@ -95,18 +101,18 @@
|
|||
/*管理员授权始终高于普通用户*/
|
||||
WHEN 'true' THEN
|
||||
CASE DG_AUTH.AUTH_PRINCIPAL_TYPE
|
||||
WHEN 'ALL' THEN (500 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ANONYMOUS' THEN (600 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ROLE' THEN (700 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'USER' THEN (800 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ALL' THEN (5000 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ANONYMOUS' THEN (6000 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ROLE' THEN (7000 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'USER' THEN (8000 + DG_AUTH.AUTH_PERMISSION)
|
||||
ELSE 0
|
||||
END
|
||||
ELSE
|
||||
CASE DG_AUTH.AUTH_PRINCIPAL_TYPE
|
||||
WHEN 'ALL' THEN (100 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ANONYMOUS' THEN (200 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ROLE' THEN (300 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'USER' THEN (400 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ALL' THEN (1000 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ANONYMOUS' THEN (2000 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'ROLE' THEN (3000 + DG_AUTH.AUTH_PERMISSION)
|
||||
WHEN 'USER' THEN (4000 + DG_AUTH.AUTH_PERMISSION)
|
||||
ELSE 0
|
||||
END
|
||||
END
|
||||
|
|
@ -115,7 +121,7 @@
|
|||
(
|
||||
SELECT
|
||||
A.*,
|
||||
U.CREATOR_IS_ADMIN
|
||||
U.USER_IS_ADMIN AS CREATOR_IS_ADMIN
|
||||
FROM
|
||||
DATAGEAR_AUTHORIZATION A,
|
||||
DATAGEAR_USER U
|
||||
|
|
@ -127,7 +133,7 @@
|
|||
AND
|
||||
(
|
||||
DG_AUTH.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}'
|
||||
<if test='DP_RESOURCE_SUPPORT_PATTERN != null && DP_RESOURCE_SUPPORT_PATTERN == true'>
|
||||
<if test='DP_RESOURCE_SUPPORT_PATTERN != null and DP_RESOURCE_SUPPORT_PATTERN == true'>
|
||||
OR DG_AUTH.AUTH_RESOURCE_TYPE = '${DP_RESOURCE_TYPE}_PATTERN'
|
||||
</if>
|
||||
)
|
||||
|
|
|
|||
|
|
@ -146,11 +146,6 @@
|
|||
<version>1.8.6</version>
|
||||
<scope>runtime</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>com.google.guava</groupId>
|
||||
<artifactId>guava</artifactId>
|
||||
<version>19.0</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.freemarker</groupId>
|
||||
<artifactId>freemarker</artifactId>
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.datagear.connection.UnsupportedGetConnectionException;
|
|||
import org.datagear.dbinfo.DatabaseInfoResolverException;
|
||||
import org.datagear.dbinfo.TableNotExistsException;
|
||||
import org.datagear.dbmodel.DatabaseModelResolverException;
|
||||
import org.datagear.management.service.PermissionDeniedException;
|
||||
import org.datagear.persistence.PersistenceException;
|
||||
import org.datagear.persistence.UnsupportedDialectException;
|
||||
import org.datagear.persistence.support.SqlExpressionErrorException;
|
||||
|
|
@ -127,17 +128,6 @@ public class ControllerAdvice extends AbstractController
|
|||
return getErrorView(request, response);
|
||||
}
|
||||
|
||||
@ExceptionHandler(RecordNotFoundOrPermissionDeniedException.class)
|
||||
@ResponseStatus(HttpStatus.BAD_REQUEST)
|
||||
public String handleControllerRecordNotFoundOrNoPermissionException(HttpServletRequest request,
|
||||
HttpServletResponse response, RecordNotFoundOrPermissionDeniedException exception)
|
||||
{
|
||||
setOperationMessageForThrowable(request, buildMessageCode(RecordNotFoundOrPermissionDeniedException.class),
|
||||
exception, false);
|
||||
|
||||
return getErrorView(request, response);
|
||||
}
|
||||
|
||||
@ExceptionHandler(SchemaNotFoundException.class)
|
||||
@ResponseStatus(HttpStatus.NOT_FOUND)
|
||||
public String handleControllerSchemaNotFoundException(HttpServletRequest request, HttpServletResponse response,
|
||||
|
|
@ -334,6 +324,16 @@ public class ControllerAdvice extends AbstractController
|
|||
return getErrorView(request, response);
|
||||
}
|
||||
|
||||
@ExceptionHandler(PermissionDeniedException.class)
|
||||
@ResponseStatus(HttpStatus.BAD_REQUEST)
|
||||
public String handleServicePermissionDeniedException(HttpServletRequest request, HttpServletResponse response,
|
||||
PermissionDeniedException exception)
|
||||
{
|
||||
setOperationMessageForThrowable(request, buildMessageCode(PermissionDeniedException.class), exception, false);
|
||||
|
||||
return getErrorView(request, response);
|
||||
}
|
||||
|
||||
@ExceptionHandler(Throwable.class)
|
||||
@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
|
||||
public String handleThrowable(HttpServletRequest request, HttpServletResponse response, Throwable t)
|
||||
|
|
|
|||
|
|
@ -11,12 +11,10 @@ import javax.servlet.http.HttpServletResponse;
|
|||
import org.datagear.management.domain.GlobalSetting;
|
||||
import org.datagear.management.domain.SmtpSetting;
|
||||
import org.datagear.management.domain.SmtpSetting.ConnectionType;
|
||||
import org.datagear.management.domain.User;
|
||||
import org.datagear.management.service.GlobalSettingService;
|
||||
import org.datagear.web.OperationMessage;
|
||||
import org.datagear.web.convert.ClassDataConverter;
|
||||
import org.datagear.web.util.MailUtils;
|
||||
import org.datagear.web.util.WebUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.http.HttpStatus;
|
||||
|
|
@ -91,12 +89,7 @@ public class GlobalSettingController extends AbstractController
|
|||
public ResponseEntity<OperationMessage> save(HttpServletRequest request, HttpServletResponse response,
|
||||
GlobalSetting globalSetting)
|
||||
{
|
||||
User user = WebUtils.getUser(request, response);
|
||||
|
||||
boolean save = this.globalSettingService.save(user, globalSetting);
|
||||
|
||||
if (!save)
|
||||
throw new RecordNotFoundOrPermissionDeniedException();
|
||||
this.globalSettingService.save(globalSetting);
|
||||
|
||||
return buildOperationMessageSaveSuccessResponseEntity(request);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,36 +0,0 @@
|
|||
/*
|
||||
* Copyright 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.web.controller;
|
||||
|
||||
/**
|
||||
* 记录未找到或者没有操作权限异常。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class RecordNotFoundOrPermissionDeniedException extends ControllerException
|
||||
{
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
public RecordNotFoundOrPermissionDeniedException()
|
||||
{
|
||||
super();
|
||||
}
|
||||
|
||||
public RecordNotFoundOrPermissionDeniedException(String message)
|
||||
{
|
||||
super(message);
|
||||
}
|
||||
|
||||
public RecordNotFoundOrPermissionDeniedException(Throwable cause)
|
||||
{
|
||||
super(cause);
|
||||
}
|
||||
|
||||
public RecordNotFoundOrPermissionDeniedException(String message, Throwable cause)
|
||||
{
|
||||
super(message, cause);
|
||||
}
|
||||
}
|
||||
|
|
@ -18,7 +18,6 @@ import org.datagear.persistence.PagingQuery;
|
|||
import org.datagear.util.IDUtil;
|
||||
import org.datagear.web.OperationMessage;
|
||||
import org.datagear.web.convert.ClassDataConverter;
|
||||
import org.datagear.web.util.WebUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.MessageSource;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
|
|
@ -123,7 +122,7 @@ public class RoleController extends AbstractController
|
|||
if (isBlank(role.getName()))
|
||||
throw new IllegalInputException();
|
||||
|
||||
this.roleService.update(WebUtils.getUser(request, response), role);
|
||||
this.roleService.update(role);
|
||||
|
||||
return buildOperationMessageSaveSuccessResponseEntity(request);
|
||||
}
|
||||
|
|
@ -149,7 +148,7 @@ public class RoleController extends AbstractController
|
|||
public ResponseEntity<OperationMessage> delete(HttpServletRequest request, HttpServletResponse response,
|
||||
@RequestParam("id") String[] ids)
|
||||
{
|
||||
this.roleService.deleteByIds(WebUtils.getUser(request, response), ids);
|
||||
this.roleService.deleteByIds(ids);
|
||||
|
||||
return buildOperationMessageDeleteSuccessResponseEntity(request);
|
||||
}
|
||||
|
|
@ -177,7 +176,7 @@ public class RoleController extends AbstractController
|
|||
{
|
||||
PagingQuery pagingQuery = getPagingQuery(request, null);
|
||||
|
||||
List<Role> roles = this.roleService.query(WebUtils.getUser(request, response), pagingQuery);
|
||||
List<Role> roles = this.roleService.query(pagingQuery);
|
||||
|
||||
return roles;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -131,8 +131,8 @@ public class SchemaController extends AbstractSchemaModelConnController
|
|||
|
||||
Schema schema = getSchemaService().getById(user, id);
|
||||
|
||||
if (schema == null || schema.getCreateUser() == null || !user.getId().equals(schema.getCreateUser().getId()))
|
||||
throw new RecordNotFoundOrPermissionDeniedException();
|
||||
if (schema == null)
|
||||
throw new RecordNotFoundException();
|
||||
|
||||
model.addAttribute("schema", schema);
|
||||
model.addAttribute(KEY_TITLE_MESSAGE_KEY, "schema.editSchema");
|
||||
|
|
@ -207,19 +207,6 @@ public class SchemaController extends AbstractSchemaModelConnController
|
|||
{
|
||||
User user = WebUtils.getUser(request, response);
|
||||
|
||||
// 管理员用户使用数据库数据功能时,也仅显示自己和公开的数据库
|
||||
if (user.isAdmin())
|
||||
{
|
||||
User tmpUser = new User(user.getId());
|
||||
tmpUser.setName(user.getName());
|
||||
tmpUser.setPassword(user.getPassword());
|
||||
tmpUser.setAdmin(false);
|
||||
tmpUser.setAnonymous(false);
|
||||
tmpUser.setCreateTime(user.getCreateTime());
|
||||
|
||||
user = tmpUser;
|
||||
}
|
||||
|
||||
Query query = new Query();
|
||||
query.setKeyword(keyword);
|
||||
query.setOrders(Order.valueOf("title", Order.ASC));
|
||||
|
|
|
|||
|
|
@ -118,12 +118,7 @@ public class UserController extends AbstractController
|
|||
public String edit(HttpServletRequest request, HttpServletResponse response, org.springframework.ui.Model model,
|
||||
@RequestParam("id") String id)
|
||||
{
|
||||
User operator = WebUtils.getUser(request, response);
|
||||
|
||||
User user = this.userService.getById(operator, id);
|
||||
|
||||
if (user == null || (!operator.isAdmin() && !operator.getId().equals(user.getId())))
|
||||
throw new RecordNotFoundOrPermissionDeniedException();
|
||||
User user = this.userService.getById(id);
|
||||
|
||||
model.addAttribute("user", user);
|
||||
model.addAttribute(KEY_TITLE_MESSAGE_KEY, "user.editUser");
|
||||
|
|
@ -152,7 +147,7 @@ public class UserController extends AbstractController
|
|||
// 禁用新建管理员账号功能
|
||||
user.setAdmin(User.isAdminUser(user));
|
||||
|
||||
this.userService.update(WebUtils.getUser(request, response), user);
|
||||
this.userService.update(user);
|
||||
|
||||
return buildOperationMessageSaveSuccessResponseEntity(request);
|
||||
}
|
||||
|
|
@ -178,19 +173,7 @@ public class UserController extends AbstractController
|
|||
public ResponseEntity<OperationMessage> delete(HttpServletRequest request, HttpServletResponse response,
|
||||
@RequestParam("id") String[] ids)
|
||||
{
|
||||
for (String id : ids)
|
||||
{
|
||||
if (User.isAdminUser(id))
|
||||
{
|
||||
return buildOperationMessageFailResponseEntity(request, HttpStatus.BAD_REQUEST,
|
||||
buildMessageCode("deleteAdminUserDenied"));
|
||||
}
|
||||
}
|
||||
|
||||
for (String id : ids)
|
||||
{
|
||||
this.userService.deleteById(WebUtils.getUser(request, response), id);
|
||||
}
|
||||
this.userService.deleteByIds(ids);
|
||||
|
||||
this.schemaService.deleteByUserId(ids);
|
||||
|
||||
|
|
@ -225,7 +208,7 @@ public class UserController extends AbstractController
|
|||
{
|
||||
PagingQuery pagingQuery = getPagingQuery(request, null);
|
||||
|
||||
List<User> users = this.userService.query(WebUtils.getUser(request, response), pagingQuery);
|
||||
List<User> users = this.userService.query(pagingQuery);
|
||||
|
||||
return users;
|
||||
}
|
||||
|
|
@ -236,10 +219,10 @@ public class UserController extends AbstractController
|
|||
{
|
||||
User operator = WebUtils.getUser(request, response);
|
||||
|
||||
User user = this.userService.getById(operator, operator.getId());
|
||||
User user = this.userService.getById(operator.getId());
|
||||
|
||||
if (user == null)
|
||||
throw new RecordNotFoundOrPermissionDeniedException();
|
||||
throw new RecordNotFoundException();
|
||||
|
||||
model.addAttribute("user", user);
|
||||
model.addAttribute(KEY_TITLE_MESSAGE_KEY, "user.personalSet");
|
||||
|
|
|
|||
|
|
@ -1,71 +0,0 @@
|
|||
/*
|
||||
* Copyright 2018 datagear.tech. All Rights Reserved.
|
||||
*/
|
||||
|
||||
package org.datagear.web.util;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ConcurrentMap;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.datagear.management.domain.Schema;
|
||||
import org.datagear.management.service.impl.SchemaCache;
|
||||
|
||||
import com.google.common.cache.Cache;
|
||||
import com.google.common.cache.CacheBuilder;
|
||||
|
||||
/**
|
||||
* {@linkplain SchemaCache}实现类。
|
||||
*
|
||||
* @author datagear@163.com
|
||||
*
|
||||
*/
|
||||
public class SchemaCacheImpl implements SchemaCache
|
||||
{
|
||||
/** 缓存值的最大数 */
|
||||
private int maximumSize = 100;
|
||||
|
||||
/** 缓存过期分钟数 */
|
||||
private int expireAfterAccessMinutes = 60 * 72;
|
||||
|
||||
private Cache<String, Schema> cache = null;
|
||||
|
||||
public SchemaCacheImpl()
|
||||
{
|
||||
super();
|
||||
|
||||
this.cache = CacheBuilder.newBuilder().maximumSize(this.maximumSize)
|
||||
.expireAfterAccess(this.expireAfterAccessMinutes * 60, TimeUnit.SECONDS).build();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void putSchema(Schema schema)
|
||||
{
|
||||
this.cache.put(schema.getId(), schema);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Schema getSchema(String schemaId)
|
||||
{
|
||||
return this.cache.getIfPresent(schemaId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeSchema(String schemaId)
|
||||
{
|
||||
this.cache.invalidate(schemaId);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getAllSchemaIds()
|
||||
{
|
||||
Set<String> set = new HashSet<String>();
|
||||
|
||||
ConcurrentMap<String, Schema> map = this.cache.asMap();
|
||||
|
||||
set.addAll(map.keySet());
|
||||
|
||||
return set;
|
||||
}
|
||||
}
|
||||
|
|
@ -247,9 +247,6 @@
|
|||
<bean id="schemaService" class="org.datagear.management.service.impl.SchemaServiceImpl">
|
||||
<property name="sqlSessionFactory" ref="sqlSessionFactory" />
|
||||
<property name="driverEntityManager" ref='driverEntityManager' />
|
||||
<property name="schemaCache">
|
||||
<bean class="org.datagear.web.util.SchemaCacheImpl" />
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="passwordEncoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder" />
|
||||
|
|
|
|||
|
|
@ -33,12 +33,9 @@
|
|||
<intercept-url pattern="/driverEntity/deleteDriverFile" access="ROLE_ADMIN" />
|
||||
|
||||
<!-- 用户管理 -->
|
||||
<intercept-url pattern="/user/add" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/user/saveAdd" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/user/edit" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/user/saveEdit" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/user/delete" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/user/query" access="ROLE_ADMIN" />
|
||||
<intercept-url pattern="/user/personalSet" access="ROLE_USER" />
|
||||
<intercept-url pattern="/user/savePersonalSet" access="ROLE_USER" />
|
||||
<intercept-url pattern="/user/*" access="ROLE_ADMIN" />
|
||||
|
||||
<!-- 角色管理 -->
|
||||
<intercept-url pattern="/role/select" access="ROLE_USER" />
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue