package com.ibeetl.admin.core.util.beetl;
|
|
import java.util.HashMap;
|
import java.util.List;
|
import java.util.Map;
|
|
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.LogFactory;
|
import org.beetl.core.Context;
|
import org.beetl.core.Function;
|
import org.beetl.sql.core.engine.SQLParameter;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.stereotype.Component;
|
|
import com.ibeetl.admin.core.entity.CoreRoleFunction;
|
import com.ibeetl.admin.core.entity.CoreUser;
|
import com.ibeetl.admin.core.rbac.DataAccess;
|
import com.ibeetl.admin.core.rbac.DataAccessFactory;
|
import com.ibeetl.admin.core.rbac.DataAccessResullt;
|
import com.ibeetl.admin.core.service.CorePlatformService;
|
import com.ibeetl.admin.core.util.FunctionLocal;
|
|
/**
|
* 数据权限拼sql,配合DataAccessFactory
|
* @author lijiazhi
|
*
|
*/
|
@Component
|
public class DataAccessFunction implements Function {
|
|
Log log = LogFactory.getLog(DataAccessFunction.class);
|
|
@Autowired
|
CorePlatformService platFormService;
|
@Autowired
|
DataAccessFactory dataAccessFactory;
|
|
private static Map defaultTargets = new HashMap();
|
static{
|
//数据库默认的跟组织和用户相关字段
|
defaultTargets.put("org", "org_id");
|
defaultTargets.put("user", "user_id");
|
}
|
private static final String SQL_MY_DATA = "user_id=? ";
|
private static final String SQL_MY_ORG_DATA = "org_id=? ";
|
|
|
|
public Object call(Object[] paras, Context ctx){
|
//项目初期,总是返回1==1,避免数据权限带来的麻烦
|
CoreUser user = platFormService.getCurrentUser();
|
//{"org":"org_id","user","user_id"}
|
Map targets = this.defaultTargets;
|
//用户调用conroller 结果"user.view"
|
String functionCode = FunctionLocal.get();
|
|
if(paras.length==1){
|
Object o = paras[0];
|
if(o instanceof String){
|
functionCode = (String)o;
|
}else if(o instanceof Map){
|
targets = (Map)paras[1];
|
}
|
}else if(paras.length==2){
|
functionCode = (String)paras[0];
|
targets = (Map)paras[1];
|
}
|
|
|
|
if(platFormService.isSupperAdmin(user)){
|
return " 1=1 /* admin */ ";
|
}
|
Long currentOrgId = platFormService.getCurrentOrgId();
|
|
List<CoreRoleFunction> roleFuns = platFormService.getRoleFunction(user.getId(),currentOrgId,functionCode);
|
if(roleFuns.isEmpty()){
|
//如果没有配置数据权限,是1=1,因此为角色指定功能的时候,需要设定数据权限,否则查询到所有数据
|
return "1=1 /* empty data access */ ";
|
}
|
|
|
|
List<Object> list = (List<Object>)ctx.getGlobal("_paras");
|
StringBuilder sb = new StringBuilder("( ");
|
//数据权限范围划定
|
boolean hasAppend = false;
|
for(int i=0;i<roleFuns.size();i++){
|
CoreRoleFunction fun = roleFuns.get(i);
|
Integer accessType = fun.getDataAccessType();
|
if(accessType==null){
|
continue;
|
}
|
if(hasAppend){
|
sb.append(" or ");
|
}
|
hasAppend = true;
|
DataAccess data = dataAccessFactory.getDataAccess(accessType);
|
DataAccessResullt ret = data.getOrg(user.getId(), currentOrgId);
|
|
switch(ret.getStatus()){
|
case NoneOrg:{
|
sb.append(targets.get("org")+" in (-1) ");
|
break;
|
}
|
case AllOrg:{
|
//sql 不包含组织机构过滤信息
|
sb.append(" 1=1 /* AllOrg */ ");
|
break;
|
}
|
case OnlyUser:{
|
List<Long> ids = ret.getUserIds();
|
sb.append(targets.get("user"));
|
if(ids.size()==0){
|
sb.append("=-1/*指定用户,但没有候选用户*/");
|
continue;
|
}
|
|
if(ids.size()==1){
|
sb.append(" =? ");
|
list.add(new SQLParameter(ids.get(0)));
|
continue;
|
}
|
sb.append(" in (");
|
for(int z=0;z<ids.size();z++){
|
sb.append(" ? ");
|
list.add(new SQLParameter(ids.get(z)));
|
if(z!=ids.size()-1){
|
sb.append(",");
|
}
|
}
|
sb.append(") ");
|
break;
|
|
}
|
case OnlyOrg:{
|
List<Long> ids = ret.getOrgIds();
|
sb.append(targets.get("org"));
|
if(ids.size()==0){
|
sb.append("=-1/*指定机构,但没有候选机构*/");
|
continue;
|
}
|
|
if(ids.size()==1){
|
sb.append(" =? ");
|
list.add(new SQLParameter(ids.get(0)));
|
continue;
|
}
|
sb.append(" in (");
|
for(int z=0;z<ids.size();z++){
|
sb.append("?");
|
list.add(new SQLParameter(ids.get(z)));
|
if(z!=ids.size()-1){
|
sb.append(",");
|
}
|
}
|
sb.append(") ");
|
break;
|
}
|
default:{
|
log.warn("错误的"+ret.getStatus().toString());
|
throw new UnsupportedOperationException(ret.getStatus().toString());
|
}
|
}
|
|
|
}
|
sb.append(" ) ");
|
|
return sb.toString();
|
}
|
|
|
|
|
}
|
