Example 1 with ActionHelper
use of app.hongs.action.ActionHelper in project HongsCORE by ihongs.
the class IsFork method verify.
@Override
public Object verify(Object value) throws Wrongs, HongsException {
if (value == null || "".equals(value)) {
// 允许为空
return null;
}
String vl = Synt.declare(params.get("verify-type"), "");
if ("any".equals(vl)) {
return value;
} else if ("number".equals(vl)) {
IsNumber rl;
rl = new IsNumber();
rl.setHelper(helper);
rl.setParams(params);
rl.setValues(values);
rl.setCleans(cleans);
return rl.verify(value);
} else if ("string".equals(vl)) {
IsString rl;
rl = new IsString();
rl.setHelper(helper);
rl.setParams(params);
rl.setValues(values);
rl.setCleans(cleans);
return rl.verify(value);
}
String at = Synt.declare(params.get("data-at"), "");
String vk = Synt.declare(params.get("data-vk"), "");
String cl = Synt.declare(params.get("conf"), "");
String fl = Synt.declare(params.get("form"), "");
String ck = Synt.declare(params.get("__conf__"), "");
String fk = Synt.declare(params.get("__name__"), "");
String ap = null;
String aq = null;
if ("".equals(vk)) {
vk = Cnst.ID_KEY;
}
if ("".equals(cl)) {
cl = ck;
}
if ("".equals(fl)) {
fl = fk.replaceFirst("_id$", "");
}
if ("".equals(at)) {
at = cl + "/" + fl + "/search";
} else {
// 尝试解析附加参数
int ps;
ps = at.indexOf('?');
if (ps > 0) {
aq = at.substring(1 + ps).trim();
at = at.substring(0, ps).trim();
}
ps = at.indexOf('!');
if (ps > 0) {
ap = at.substring(1 + ps).trim();
at = at.substring(0, ps).trim();
}
}
ActionHelper ah = ActionHelper.newInstance();
ah.setContextData(Synt.mapOf(Cnst.ORIGIN_ATTR, Core.ACTION_NAME.get()));
// 请求数据
Map rd = new HashMap();
Set rb = Synt.setOf(vk);
Set id = Synt.asSet(value);
rb.add(vk);
rd.put(Cnst.RN_KEY, 0);
rd.put(Cnst.RB_KEY, rb);
rd.put(Cnst.ID_KEY, id);
ah.setRequestData(rd);
// 虚拟路径
if (ap != null && ap.length() != 0) {
ah.setAttribute(Cnst.ACTION_ATTR, ap + Cnst.ACT_EXT);
}
// 附加参数
if (aq != null && aq.length() != 0) {
if (aq.startsWith("{") && aq.endsWith("}")) {
rd.putAll((Map) Data.toObject(aq));
} else {
rd.putAll(ActionHelper.parseQuery(aq));
}
}
// 获取结果
new ActionRunner(ah, at).doInvoke();
Map sd = ah.getResponseData();
List<Map> ls = (List) sd.get("list");
// 对比结果
Set vs = Synt.asSet(value);
Set us = new HashSet();
if (null != ls) {
for (Map um : ls) {
us.add(um.get(vk));
}
}
if (vs.size() != us.size() || !vs.containsAll(us)) {
throw new Wrong("fore.form.is.not.exists", fl);
}
return value;
}
Also used :
ActionRunner(app.hongs.action.ActionRunner)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
ActionHelper(app.hongs.action.ActionHelper)
List(java.util.List)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 2 with ActionHelper
use of app.hongs.action.ActionHelper in project HongsCORE by ihongs.
the class RoleSet method getInstance.
public static RoleSet getInstance() throws HongsException {
ActionHelper ah = Core.getInstance(ActionHelper.class);
String id = (String) ah.getSessibute(Cnst.UID_SES);
if (id == null) {
// 未登录
return null;
}
return getInstance(id);
}
Also used :
ActionHelper(app.hongs.action.ActionHelper)
Example 3 with ActionHelper
use of app.hongs.action.ActionHelper in project HongsCORE by ihongs.
the class Dept method filter.
@Override
protected void filter(FetchCase caze, Map req) throws HongsException {
/**
* 默认情况下不包含上级部门
* 此时顶级需取用户所在部门
*/
if (!caze.getOption("INCLUDE_PARENTS", false) && "getList".equals(caze.getOption("MODEL_START"))) {
Object id = req.get("id");
Object pid = req.get("pid");
if (id == null && "0".equals(pid)) {
ActionHelper helper = Core.getInstance(ActionHelper.class);
String uid = (String) helper.getSessibute(Cnst.UID_SES);
if (!Cnst.ADM_UID.equals(uid)) {
Set set = AuthKit.getUserDepts(uid);
if (!set.contains(Cnst.ADM_GID)) {
req.put("id", set);
req.remove("pid");
}
}
}
}
/**
* 如果有指定user_id
* 则关联a_master_user_dept来约束范围
*/
Object userId = req.get("user_id");
if (null != userId && !"".equals(userId)) {
caze.gotJoin("users").from("a_master_user_dept").by(FetchCase.INNER).on("`users`.`dept_id` = `dept`.`id`").filter("`users`.`user_id` IN (?)", userId);
}
super.filter(caze, req);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
ActionHelper(app.hongs.action.ActionHelper)
Example 4 with ActionHelper
use of app.hongs.action.ActionHelper in project HongsCORE by ihongs.
the class User method permit.
protected void permit(String id, Map data) throws HongsException {
if (data != null) {
// 权限限制, 仅能赋予当前登录用户所有的权限
if (data.containsKey("roles")) {
data.put("rtime", System.currentTimeMillis() / 1000);
List list = Synt.asList(data.get("roles"));
AuthKit.cleanUserRoles(list, id);
if (list.isEmpty()) {
throw new HongsException.Notice("ex.master.user.role.error").setLocalizedContext("master");
}
data.put("roles", list);
}
// 部门限制, 仅能指定当前登录用户下属的部门
if (data.containsKey("depts")) {
data.put("rtime", System.currentTimeMillis() / 1000);
List list = Synt.asList(data.get("depts"));
AuthKit.cleanUserDepts(list, id);
if (list.isEmpty()) {
throw new HongsException.Notice("ex.master.user.dept.error").setLocalizedContext("master");
}
data.put("depts", list);
}
// 加密密码
data.remove("passcode");
if (data.containsKey("password")) {
String password = Synt.declare(data.get("password"), "");
String passcode = Core.newIdentity();
passcode = AuthKit.getCrypt(password + passcode);
password = AuthKit.getCrypt(password + passcode);
data.put("password", password);
data.put("passcode", passcode);
}
}
if (id != null) {
// 超级管理员可操作任何用户
ActionHelper helper = Core.getInstance(ActionHelper.class);
String uid = (String) helper.getSessibute(Cnst.UID_SES);
if (Cnst.ADM_UID.equals(uid)) {
return;
}
// 可以操作自己
if (uid.equals(id)) {
return;
}
// 超级管理组可操作任何用户
// 除了顶级部门和超级管理员
Set cur = AuthKit.getUserDepts(uid);
Set tar = AuthKit.getUserDepts(id);
if (cur.contains(Cnst.ADM_GID) && !tar.contains(Cnst.ADM_GID) && !Cnst.ADM_UID.equals(id)) {
return;
}
// 仅可以操作下级部门的用户
Dept dept = new Dept();
for (Object gid : cur) {
Set cld = new HashSet(dept.getChildIds((String) gid, true));
cld.retainAll(tar);
if (!cld.isEmpty()) {
return;
}
}
throw new HongsException.Notice("ex.master.user.unit.error").setLocalizedContext("master");
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HongsException(app.hongs.HongsException)
ActionHelper(app.hongs.action.ActionHelper)
List(java.util.List)
HashSet(java.util.HashSet)
Example 5 with ActionHelper
use of app.hongs.action.ActionHelper in project HongsCORE by ihongs.
the class Form method filter.
@Override
protected void filter(FetchCase caze, Map rd) throws HongsException {
super.filter(caze, rd);
// 超级管理员不做限制
ActionHelper helper = Core.getInstance(ActionHelper.class);
String uid = (String) helper.getSessibute(Cnst.UID_SES);
if (Cnst.ADM_UID.equals(uid)) {
return;
}
String mm = caze.getOption("MODEL_START", "");
if ("getList".equals(mm) || "getInfo".equals(mm)) {
mm = "/search";
} else if ("update".equals(mm) || "delete".equals(mm)) {
mm = "/" + mm;
} else {
// 非常规动作不限制
return;
}
// 从权限串中取表单ID
NaviMap nm = NaviMap.getInstance(prefix);
String pm = prefix + "/";
Set<String> ra = nm.getRoleSet();
Set<String> rs = new HashSet();
for (String rn : ra) {
if (rn.startsWith(pm) && rn.endsWith(mm)) {
rs.add(rn.substring(pm.length(), rn.length() - mm.length()));
}
}
// 限制为有权限的表单
caze.filter("`" + table.name + "`.`id` IN (?)", rs);
}
Also used :
ActionHelper(app.hongs.action.ActionHelper)
NaviMap(app.hongs.action.NaviMap)
HashSet(java.util.HashSet)
Aggregations
ActionHelper (app.hongs.action.ActionHelper)21
HashSet (java.util.HashSet)10
Map (java.util.Map)7
Set (java.util.Set)7
HongsException (app.hongs.HongsException)5
HashMap (java.util.HashMap)5
Core (app.hongs.Core)4
HongsError (app.hongs.HongsError)4
ActionRunner (app.hongs.action.ActionRunner)4
List (java.util.List)4
NaviMap (app.hongs.action.NaviMap)3
Cmdlet (app.hongs.cmdlet.anno.Cmdlet)3
HongsExpedient (app.hongs.HongsExpedient)2
Table (app.hongs.db.Table)2
LuceneRecord (app.hongs.dh.lucene.LuceneRecord)2
SimpleDateFormat (java.text.SimpleDateFormat)2
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
CoreConfig (app.hongs.CoreConfig)1
FormSet (app.hongs.action.FormSet)1
