Example 11 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class Dept method permit.
protected void permit(String id, Map data) throws HongsException {
String pid = null;
if (data != null) {
// 上级部门
pid = (String) data.get("pid");
if (pid == null || pid.equals("")) {
data.remove("pid");
pid = null;
}
// 权限限制, 仅能赋予当前登录用户所有的权限
if (data.containsKey("roles")) {
data.put("rtime", System.currentTimeMillis() / 1000);
List list = Synt.asList(data.get("roles"));
AuthKit.cleanDeptRoles(list, id);
// if ( list.isEmpty() ) {
// throw new HongsException(400)
// .setLocalizedContent("master.user.dept.error")
// .setLocalizedContext("master");
// }
data.put("roles", list);
}
} else {
List list;
Table tablx = db.getTable("dept_user");
// 删除限制, 如果部门下有部门则中止当前操作
list = table.fetchCase().filter("pid = ? AND state > ?", id, 0).limit(1).getAll();
if (!list.isEmpty()) {
throw new HongsException(400).setLocalizedContent("master.dept.have.depts").setLocalizedContext("master");
}
// 删除限制, 如果部门下有用户则中止当前操作
list = tablx.fetchCase().filter("dept_id = ?", id).limit(1).getAll();
if (!list.isEmpty()) {
throw new HongsException(400).setLocalizedContent("master.dept.have.users").setLocalizedContext("master");
}
}
if (id == null && pid == null) {
throw new NullPointerException("id and pid cannot be all null");
}
if (id != null || pid != null) {
// 超级管理员可操作任何部门
ActionHelper helper = Core.getInstance(ActionHelper.class);
String uid = (String) helper.getSessibute(Cnst.UID_SES);
if (Cnst.ADM_UID.equals(uid)) {
return;
}
// 超级管理组可操作任何部门
// 但禁止操作顶级部门
Set cur = AuthKit.getUserDepts(uid);
if (cur.contains(Cnst.ADM_GID) && !Cnst.ADM_GID.equals(id)) {
return;
}
// 仅可以操作下级部门
for (Object gid : cur) {
Set cld = new HashSet(this.getChildIds((String) gid, true));
if (null != pid && (gid.equals(pid) || cld.contains(pid))) {
return;
}
if (null != id && cld.contains(id)) {
return;
}
}
throw new HongsException(400).setLocalizedContent("master.dept.unit.error").setLocalizedContext("master");
}
}
Also used :
Table(io.github.ihongs.db.Table)
Set(java.util.Set)
HashSet(java.util.HashSet)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
List(java.util.List)
HashSet(java.util.HashSet)
Example 12 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class Dept method filter.
@Override
protected void filter(FetchCase caze, Map req) throws HongsException {
/**
* 非超级管理员或在超级管理组
* 限制查询为当前管辖范围以内
*/
if (Synt.declare(req.get("bind-scope"), false)) {
ActionHelper helper = Core.getInstance(ActionHelper.class);
String mid = (String) helper.getSessibute(Cnst.UID_SES);
String pid = Synt.declare(req.get("pid"), "");
if (!Cnst.ADM_UID.equals(mid)) {
Set set = AuthKit.getUserDepts(mid);
if (!set.contains(Cnst.ADM_GID)) {
if ("0".equals(pid)) {
set = AuthKit.getLessDepts(set);
req.remove("pid");
req.put("id", set);
} else {
set = AuthKit.getMoreDepts(set);
if (// 有则不必限制
!set.contains(pid))
req.put("id", set);
}
} else
caze.setOption("SCOPE", 2);
} else
caze.setOption("SCOPE", 1);
}
/**
* 如果有指定 user_id
* 则关联 a_master_dept_user 来约束范围
* 当其为横杠时表示取那些没有关联的部门
*/
Object uid = req.get("user_id");
if (null != uid && !"".equals(uid)) {
if ("-".equals(uid)) {
caze.gotJoin("users").from("a_master_dept_user").by(FetchCase.INNER).on("`users`.`dept_id` = `dept`.`id`").filter("`users`.`user_id` IS NULL");
} else {
caze.gotJoin("users").from("a_master_dept_user").by(FetchCase.INNER).on("`users`.`dept_id` = `dept`.`id`").filter("`users`.`user_id` IN (?)", uid);
}
}
super.filter(caze, req);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
ActionHelper(io.github.ihongs.action.ActionHelper)
Example 13 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class User method filter.
@Override
protected void filter(FetchCase caze, Map req) throws HongsException {
/**
* 非超级管理员或在超级管理组
* 限制查询为当前管辖范围以内
*/
if (Synt.declare(req.get("bind-scope"), false)) {
ActionHelper helper = Core.getInstance(ActionHelper.class);
String mid = (String) helper.getSessibute(Cnst.UID_SES);
String pid = Synt.declare(req.get("dept_id"), "");
if (!Cnst.ADM_UID.equals(mid)) {
Set set = AuthKit.getUserDepts(mid);
if (!set.contains(Cnst.ADM_GID)) {
set = AuthKit.getMoreDepts(set);
if (!set.contains(pid)) {
// 去重复
caze.by(FetchCase.DISTINCT);
caze.gotJoin("depts").from("a_master_dept_user").by(FetchCase.INNER).on("`depts`.`user_id` = `user`.`id`").filter("`depts`.`dept_id` IN (?)", set);
}
} else
caze.setOption("SCOPE", 2);
} else
caze.setOption("SCOPE", 1);
}
/**
* 如果有指定 dept_id
* 则关联 a_master_dept_user 来约束范围
* 当其为横杠时表示取那些没有关联的用户
*/
Object pid = req.get("dept_id");
if (null != pid && !"".equals(pid)) {
if ("-".equals(pid)) {
caze.gotJoin("depts").from("a_master_dept_user").by(FetchCase.INNER).on("`depts`.`user_id` = `user`.`id`").filter("`depts`.`dept_id` IS NULL");
} else {
caze.gotJoin("depts").from("a_master_dept_user").by(FetchCase.INNER).on("`depts`.`user_id` = `user`.`id`").filter("`depts`.`dept_id` IN (?)", pid);
}
}
super.filter(caze, req);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
ActionHelper(io.github.ihongs.action.ActionHelper)
Example 14 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class User method permit.
protected void permit(String id, Map data) throws HongsException {
if (data != null) {
// 登录账号, 空串可能导致重复
if (data.containsKey("username")) {
String un = Synt.declare(data.get("username"), "");
if (un.isEmpty()) {
data.put("username", null);
}
}
// 加密密码, 联动密码更新时间
data.remove("passcode");
if (data.containsKey("password")) {
String pw = Synt.declare(data.get("password"), "");
String pc = Core.newIdentity();
pc = AuthKit.getCrypt(pw + pc);
pw = AuthKit.getCrypt(pw + pc);
data.put("password", pw);
data.put("passcode", pc);
data.put("ptime", System.currentTimeMillis() / 1000);
}
// 状态变更, 联动权限更新时间
if (data.containsKey("state")) {
data.put("rtime", System.currentTimeMillis() / 1000);
}
// 权限限制, 仅能赋予当前登录用户所有的权限
if (data.containsKey("roles")) {
data.put("rtime", System.currentTimeMillis() / 1000);
List list = Synt.asList(data.get("roles"));
AuthKit.cleanUserRoles(list, id);
// if ( list.isEmpty() ) {
// throw new HongsException(400)
// .setLocalizedContent("master.user.role.error")
// .setLocalizedContext("master");
// }
data.put("roles", list);
}
// 部门限制, 仅能指定当前登录用户下属的部门
if (data.containsKey("depts")) {
data.put("rtime", System.currentTimeMillis() / 1000);
List list = Synt.asList(data.get("depts"));
AuthKit.cleanUserDepts(list, id);
if (list.isEmpty()) {
throw new HongsException(400).setLocalizedContent("master.user.dept.error").setLocalizedContext("master");
}
data.put("depts", list);
}
}
if (id != null) {
// 超级管理员可操作任何用户
// 但允许操作自身账号
ActionHelper helper = Core.getInstance(ActionHelper.class);
String uid = (String) helper.getSessibute(Cnst.UID_SES);
if (Cnst.ADM_UID.equals(uid) || id.equals(uid)) {
return;
}
// 超级管理组可操作任何用户
// 但不包含超级管理员
Set cur = AuthKit.getUserDepts(uid);
if (cur.contains(Cnst.ADM_GID) && !Cnst.ADM_UID.equals(id)) {
return;
}
// 仅可以操作下级用户
Set tar = AuthKit.getLessDepts(id);
Dept dept = new Dept();
for (Object gid : cur) {
Set cld = new HashSet(dept.getChildIds((String) gid, true));
cld.retainAll(tar);
if (!cld.isEmpty()) {
return;
}
}
throw new HongsException(400).setLocalizedContent("master.user.unit.error").setLocalizedContext("master");
}
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
List(java.util.List)
HashSet(java.util.HashSet)
Example 15 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class IsFork method verify.
@Override
public Object verify(Value watch) throws Wrong {
// 跳过空值和空串
Object value = watch.get();
if (value == null) {
return STAND;
}
if (value.equals("")) {
return STAND;
}
// 也可用 rule 设置其他的校验规则来跳过
if (Synt.declare(getParam("pass-id"), false)) {
String sv = value.toString();
if (sv.matches("^[\\w\\-]+$")) {
return value;
}
}
String at = (String) getParam("data-at");
String vk = (String) getParam("data-vk");
String fk = (String) getParam("__name__");
String ck = (String) getParam("__conf__");
String fl = (String) getParam("form");
String cl = (String) getParam("conf");
if (cl == null || cl.isEmpty()) {
cl = ck;
}
if (fl == null || fl.isEmpty()) {
fl = fk.replaceFirst("_id$", "");
}
if (at == null || at.isEmpty()) {
at = cl + "/" + fl + "/search";
}
// 请求数据
Map cd = new HashMap();
Map rd = new HashMap();
Set rb = new HashSet();
Set id = new HashSet();
id.add(value);
rb.add(vk);
rb.add(Cnst.ID_KEY);
rd.put(Cnst.ID_KEY, id);
rd.put(Cnst.RB_KEY, rb);
rd.put(Cnst.RN_KEY, 0);
rd.put(Cnst.PN_KEY, 1);
// 执行动作
ActionHelper ah = ActionHelper.newInstance();
ah.setContextData(cd);
ah.setRequestData(rd);
try {
ActionRunner.newInstance(ah, at).doInvoke();
} catch (HongsException ex) {
throw ex.toExemption();
}
// 对比结果
Map sd = ah.getResponseData();
if (sd != null) {
Map nf = (Map) sd.get("info");
if (nf != null && !nf.isEmpty()) {
return value;
}
List ls = (List) sd.get("list");
if (ls != null && !ls.isEmpty()) {
return value;
}
}
throw new Wrong("fore.form.is.not.exists");
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
List(java.util.List)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Aggregations
ActionHelper (io.github.ihongs.action.ActionHelper)21
HashSet (java.util.HashSet)11
Set (java.util.Set)8
HongsException (io.github.ihongs.HongsException)7
HashMap (java.util.HashMap)7
Map (java.util.Map)7
Core (io.github.ihongs.Core)6
List (java.util.List)5
HongsExemption (io.github.ihongs.HongsExemption)4
Table (io.github.ihongs.db.Table)4
NaviMap (io.github.ihongs.action.NaviMap)3
ActionRunner (io.github.ihongs.action.ActionRunner)2
PrintWriter (java.io.PrintWriter)2
CoreConfig (io.github.ihongs.CoreConfig)1
CoreSerial (io.github.ihongs.CoreSerial)1
FormSet (io.github.ihongs.action.FormSet)1
Action (io.github.ihongs.action.anno.Action)1
Cmdlet (io.github.ihongs.cmdlet.anno.Cmdlet)1
DB (io.github.ihongs.db.DB)1
FetchCase (io.github.ihongs.db.util.FetchCase)1
