优化权限

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Permission.java

@@ -47,6 +47,7 @@ public interface Permission extends Serializable {
      * 更新
      */
     String ACTION_UPDATE = "update";
+
     /**
      * 删除
      */

hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/GenericEntityController.java

@@ -18,19 +18,9 @@
 
 package org.hswebframework.web.controller;
 
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiResponse;
-import io.swagger.annotations.ApiResponses;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.commons.entity.Entity;
 import org.hswebframework.web.commons.entity.GenericEntity;
-import org.hswebframework.web.controller.message.ResponseMessage;
-import org.hswebframework.web.logging.AccessLogger;
 import org.hswebframework.web.service.CrudService;
-import org.springframework.web.bind.annotation.PatchMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.RequestBody;
 
 /**
  * 通用实体的增删改查控制器
@@ -45,20 +35,4 @@ public interface GenericEntityController<E extends GenericEntity<PK>, PK, Q exte
 
     CrudService<E, PK> getService();
 
-    @Authorize(action = {Permission.ACTION_UPDATE, Permission.ACTION_ADD})
-    @PatchMapping(path = "/{id}")
-    @AccessLogger("{save_or_update}")
-    @ApiOperation("根据ID修改数据,如果数据不存在则新增一条数据")
-    @ApiResponses({
-            @ApiResponse(code = 200, message = "修改(新增)成功,返回数据ID"),
-            @ApiResponse(code = 401, message = "未授权"),
-            @ApiResponse(code = 403, message = "无权限"),
-            @ApiResponse(code = 409, message = "存在重复的资源")
-    })
-    default ResponseMessage<PK> saveOrUpdate(@PathVariable PK id, @RequestBody M data) {
-        E entity = getService().createEntity();
-        entity.setId(id);
-        return ResponseMessage.ok(getService().saveOrUpdate(modelToEntity(data, entity)));
-    }
-
 }

hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/SimpleGenericEntityController.java

@@ -45,19 +45,5 @@ public interface SimpleGenericEntityController<E extends GenericEntity<PK>, PK,
 
     CrudService<E, PK> getService();
 
-    @Authorize(action = {Permission.ACTION_UPDATE, Permission.ACTION_ADD})
-    @PatchMapping(path = "/{id}")
-    @AccessLogger("{save_or_update}")
-    @ApiOperation("根据ID修改数据,如果数据不存在则新增一条数据")
-    @ApiResponses({
-            @ApiResponse(code = 200, message = "修改(新增)成功,返回数据ID"),
-            @ApiResponse(code = 401, message = "未授权"),
-            @ApiResponse(code = 403, message = "无权限"),
-            @ApiResponse(code = 409, message = "存在重复的资源")
-    })
-    default ResponseMessage<PK> saveOrUpdate(@PathVariable PK id, @RequestBody E data) {
-        data.setId(id);
-        return ResponseMessage.ok(getService().saveOrUpdate(data));
-    }
 
 }

hsweb-commons/hsweb-commons-controller/src/main/java/org/hswebframework/web/controller/UpdateController.java

@@ -23,10 +23,12 @@ import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
+import org.hswebframework.web.authorization.annotation.Logical;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.hswebframework.web.logging.AccessLogger;
 import org.hswebframework.web.service.CreateEntityService;
 import org.hswebframework.web.service.UpdateService;
+import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -43,18 +45,21 @@ public interface UpdateController<E, PK, M> {
     @PutMapping(path = "/{id}")
     @AccessLogger("{update_by_primary_key}")
     @ApiOperation("根据ID修改数据")
-    @ApiResponses({
-            @ApiResponse(code = 200, message = "修改成功"),
-            @ApiResponse(code = 401, message = "未授权"),
-            @ApiResponse(code = 403, message = "无权限"),
-            @ApiResponse(code = 404, message = "要修改的数据不存在"),
-            @ApiResponse(code = 409, message = "存在重复的资源")
-    })
-    default ResponseMessage updateByPrimaryKey(@PathVariable PK id, @RequestBody M data) {
+    default ResponseMessage<Integer> updateByPrimaryKey(@PathVariable PK id, @RequestBody M data) {
         E entity = getService().createEntity();
         return ResponseMessage.ok(getService().updateByPk(id, modelToEntity(data, entity)));
     }
 
+    @Authorize(action = {Permission.ACTION_UPDATE, Permission.ACTION_ADD}, logical = Logical.AND)
+    @PatchMapping
+    @AccessLogger("{save_or_update}")
+    @ApiOperation("保存数据,如果数据不存在则新增一条数据")
+    default ResponseMessage<PK> saveOrUpdate(@RequestBody M data) {
+        E entity = getService().createEntity();
+        return ResponseMessage.ok(getService().saveOrUpdate(modelToEntity(data, entity)));
+    }
+
+
     /**
      * 将model转为entity
      *

hsweb-commons/hsweb-commons-entity/src/main/java/org/hswebframework/web/commons/entity/SortSupportEntity.java

@@ -28,6 +28,7 @@ public interface SortSupportEntity extends Comparable<SortSupportEntity>, Entity
 
     default int compareTo(SortSupportEntity support) {
         if (support == null) return -1;
-        return Long.compare(getSortIndex(), support.getSortIndex());
+        
+        return Long.compare(getSortIndex() == null ? 0 : getSortIndex(), support.getSortIndex() == null ? 0 : support.getSortIndex());
     }
 }

hsweb-commons/hsweb-commons-entity/src/main/java/org/hswebframework/web/commons/entity/TreeSupportEntity.java

@@ -24,10 +24,7 @@ import org.hswebframwork.utils.RandomUtil;
 
 import java.math.BigDecimal;
 import java.util.*;
-import java.util.function.BiConsumer;
-import java.util.function.Function;
-import java.util.function.Predicate;
-import java.util.function.Supplier;
+import java.util.function.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -64,6 +61,15 @@ public interface TreeSupportEntity<PK> extends GenericEntity<PK> {
         return path.substring(0, path.length() - 5);
     }
 
+    static <T extends TreeSupportEntity> void forEach(Collection<T> list, Consumer<T> consumer) {
+        list.forEach(node -> {
+            consumer.accept(node);
+            if (node.getChildren() != null) {
+                forEach(node.getChildren(), consumer);
+            }
+        });
+    }
+
     /**
      * 将树形结构转为列表结构，并填充对应的数据。<br>
      * 如树结构数据： {name:'父节点',children:[{name:'子节点1'},{name:'子节点2'}]}<br>

hsweb-commons/hsweb-commons-entity/src/main/java/org/hswebframework/web/commons/entity/factory/MapperEntityFactory.java

@@ -25,9 +25,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.lang.reflect.Modifier;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
+import java.util.*;
 import java.util.function.Supplier;
 
 /**
@@ -72,7 +70,6 @@ public class MapperEntityFactory implements EntityFactory {
 
     private String getCopierCacheKey(Class source, Class target) {
         return source.getName().concat("->").concat(target.getName());
-
     }
 
     @Override
@@ -93,8 +90,10 @@ public class MapperEntityFactory implements EntityFactory {
     protected <T> Mapper<T> initCache(Class<T> beanClass) {
         Mapper<T> mapper = null;
         Class<T> realType = null;
-        if (!Modifier.isInterface(beanClass.getModifiers()) && !Modifier.isAbstract(beanClass.getModifiers())) {
-            realType = beanClass;
+        ServiceLoader<T> serviceLoader = ServiceLoader.load(beanClass, this.getClass().getClassLoader());
+        Iterator<T> iterator = serviceLoader.iterator();
+        if (iterator.hasNext()) {
+            realType = (Class<T>) iterator.next().getClass();
         }
         //尝试使用 Simple类，如: package.SimpleUserBean
         if (realType == null) {
@@ -105,7 +104,11 @@ public class MapperEntityFactory implements EntityFactory {
                 throw new NotFoundException(e.getMessage());
             }
         }
+        if (!Modifier.isInterface(beanClass.getModifiers()) && !Modifier.isAbstract(beanClass.getModifiers())) {
+            realType = beanClass;
+        }
         if (realType != null) {
+            logger.debug("use instance {} for {}", realType, beanClass);
             mapper = new Mapper<>(realType, new DefaultInstanceGetter(realType));
             realTypeMapper.put(beanClass, mapper);
         }

hsweb-datasource/hsweb-datasource-jta/src/test/resources/application.yml

@@ -14,7 +14,6 @@ spring:
       connectionfactory:
         max-pool-size: 20
         local-transaction-mode: true
-
   activemq:
 #    broker-url: tcp://localhost:61616
     in-memory: true

hsweb-examples/hsweb-examples-simple/pom.xml

@@ -99,11 +99,11 @@
             <version>${project.version}</version>
         </dependency>
         <!--使用shiro实现权限控制-->
-        <dependency>
-            <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-authorization-shiro</artifactId>
-            <version>${project.version}</version>
-        </dependency>
+        <!--<dependency>-->
+            <!--<groupId>org.hswebframework.web</groupId>-->
+            <!--<artifactId>hsweb-authorization-shiro</artifactId>-->
+            <!--<version>${project.version}</version>-->
+        <!--</dependency>-->
 
         <!--组织架构-->
         <dependency>

hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java

@@ -46,6 +46,7 @@ import org.hswebframework.web.service.organizational.PositionService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.cache.annotation.EnableCaching;
@@ -174,37 +175,38 @@ public class SpringBootExample implements CommandLineRunner {
         DataAccessEntity accessEntity = new DataAccessEntity();
         accessEntity.setType(DataAccessConfig.DefaultType.OWN_CREATED);
         accessEntity.setAction(Permission.ACTION_QUERY);
+        accessEntity.setDescribe("只能查询自己创建的数据");
 
         //只能修改自己创建的数据
         DataAccessEntity updateAccessEntity = new DataAccessEntity();
         updateAccessEntity.setType(DataAccessConfig.DefaultType.OWN_CREATED);
         updateAccessEntity.setAction(Permission.ACTION_UPDATE);
-
+        updateAccessEntity.setDescribe("只能修改自己的数据");
         //不能查询password
         DataAccessEntity denyQueryFields = new DataAccessEntity();
-        denyQueryFields.setType(DataAccessConfig.DefaultType.ALLOW_FIELDS);
+        denyQueryFields.setType(DataAccessConfig.DefaultType.DENY_FIELDS);
         denyQueryFields.setAction(Permission.ACTION_QUERY);
         denyQueryFields.setConfig(JSON.toJSONString(new SimpleFieldFilterDataAccessConfig("password")));
-
+        denyQueryFields.setDescribe("不能查询密码");
         //不能修改password
         DataAccessEntity denyUpdateFields = new DataAccessEntity();
-        denyUpdateFields.setType(DataAccessConfig.DefaultType.ALLOW_FIELDS);
+        denyUpdateFields.setType(DataAccessConfig.DefaultType.DENY_FIELDS);
         denyUpdateFields.setAction(Permission.ACTION_UPDATE);
         denyUpdateFields.setConfig(JSON.toJSONString(new SimpleFieldFilterDataAccessConfig("password")));
-
+        denyUpdateFields.setDescribe("不能直接修改密码");
         //只能查看自己部门的数据
         DataAccessEntity onlyDepartmentData = new DataAccessEntity();
         onlyDepartmentData.setType(DataAccessType.DEPARTMENT_SCOPE);
         onlyDepartmentData.setAction(Permission.ACTION_QUERY);
         onlyDepartmentData.setConfig(JSON.toJSONString(new SimpleScopeDataAccessConfig(DataAccessType.SCOPE_TYPE_CHILDREN)));
-
+        onlyDepartmentData.setDescribe("只能查看自己部门的数据");
 
         PermissionEntity permission = entityFactory.newInstance(PermissionEntity.class);
         permission.setName("测试");
         permission.setId("test");
         permission.setStatus((byte) 1);
         permission.setActions(ActionEntity.create(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
-        permission.setDataAccess(Arrays.asList(accessEntity, updateAccessEntity, denyUpdateFields, denyUpdateFields, onlyDepartmentData));
+//        permission.setDataAccess(Arrays.asList(accessEntity, updateAccessEntity, denyUpdateFields, denyUpdateFields, onlyDepartmentData));
         permissionService.insert(permission);
 
         BindPermissionRoleEntity<PermissionRoleEntity> roleEntity = entityFactory.newInstance(BindPermissionRoleEntity.class);
@@ -212,7 +214,7 @@ public class SpringBootExample implements CommandLineRunner {
         permissionRoleEntity.setRoleId("admin");
         permissionRoleEntity.setPermissionId("test");
         permissionRoleEntity.setActions(Arrays.asList(Permission.ACTION_QUERY, Permission.ACTION_UPDATE));
-        permissionRoleEntity.setDataAccesses(permission.getDataAccess());
+        permissionRoleEntity.setDataAccesses(Arrays.asList(accessEntity, updateAccessEntity, denyQueryFields, denyUpdateFields, onlyDepartmentData));
         roleEntity.setId("admin");
         roleEntity.setName("test");
         roleEntity.setPermissions(Arrays.asList(permissionRoleEntity));

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/src/main/java/org/hswebframework/web/controller/authorization/RoleController.java

@@ -94,7 +94,7 @@ public class RoleController implements QueryController<RoleEntity, String, Query
     @ApiOperation("修改角色")
     public ResponseMessage updateRole(@PathVariable String id, @RequestBody RoleModel roleModel) {
         roleModel.setId(id);
-        roleService.updateByPrimaryKey(modelToEntity(roleModel));
+        roleService.update(modelToEntity(roleModel));
         return ok();
     }
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/PermissionEntity.java

@@ -49,8 +49,10 @@ public interface PermissionEntity extends GenericEntity<String> {
 
     void setActions(List<ActionEntity> actions);
 
+    @Deprecated
     List<DataAccessEntity> getDataAccess();
 
+    @Deprecated
     void setDataAccess(List<DataAccessEntity> dataAccess);
 
     void setOptionalFields(List<OptionalField> fields);

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-model/src/main/java/org/hswebframework/web/model/authorization/PermissionRoleModel.java

@@ -51,11 +51,6 @@ public interface PermissionRoleModel extends Model {
     @ApiModelProperty(value = "数据级权限控制配置", dataType = "DataAccessModel")
     List<DataAccessModel> getDataAccesses();
 
-    @ApiModelProperty(value = "字段级权限控制配置", dataType = "FieldAccessModel")
-    List<FieldAccessModel> getFieldAccesses();
-
     void setDataAccesses(List<DataAccessModel> dataAccesses);
 
-    void setFieldAccesses(List<FieldAccessModel> fieldAccesses);
-
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-model/src/main/java/org/hswebframework/web/model/authorization/SimplePermissionRoleModel.java

@@ -35,18 +35,6 @@ public class SimplePermissionRoleModel implements PermissionRoleModel {
 
     private List<DataAccessModel> dataAccesses;
 
-    private List<FieldAccessModel> fieldAccesses;
-//
-//    @Override
-//    public String getRoleId() {
-//        return roleId;
-//    }
-//
-//    @Override
-//    public void setRoleId(String roleId) {
-//        this.roleId = roleId;
-//    }
-
     @Override
     public String getPermissionId() {
         return permissionId;
@@ -74,20 +62,9 @@ public class SimplePermissionRoleModel implements PermissionRoleModel {
         return this.dataAccesses;
     }
 
-    @Override
-    public List<FieldAccessModel> getFieldAccesses() {
-        if (this.fieldAccesses == null) return Collections.emptyList();
-        return this.fieldAccesses;
-    }
-
     @Override
     public void setDataAccesses(List<DataAccessModel> dataAccesses) {
         this.dataAccesses = dataAccesses;
     }
 
-    @Override
-    public void setFieldAccesses(List<FieldAccessModel> fieldAccesses) {
-        this.fieldAccesses = fieldAccesses;
-    }
-
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/RoleService.java

@@ -17,8 +17,6 @@ public interface RoleService extends
 
     <T extends PermissionRoleEntity> String insert(BindPermissionRoleEntity<T> roleEntity);
 
-    <T extends PermissionRoleEntity> void updateByPrimaryKey(BindPermissionRoleEntity<T> roleEntity);
-
     void enable(String roleId);
 
     void disable(String roleId);

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleRoleService.java

@@ -78,16 +78,6 @@ public class SimpleRoleService extends AbstractService<RoleEntity, String>
         return roleEntity.getId();
     }
 
-    @Override
-    public <T extends PermissionRoleEntity> void updateByPrimaryKey(BindPermissionRoleEntity<T> roleEntity) {
-        tryValidateProperty(StringUtils.hasLength(roleEntity.getId()), RoleEntity.id, "id {not_be_null}");
-        roleEntity.setEnabled(null);
-        tryValidate(roleEntity);
-        DefaultDSLUpdateService
-                .createUpdate(roleDao, roleEntity)
-                .where(GenericEntity.id, roleEntity.getId());
-    }
-
     @Override
     public void enable(String roleId) {
         tryValidateProperty(StringUtils.hasLength(roleId), RoleEntity.id, "{id_is_null}");
@@ -135,7 +125,6 @@ public class SimpleRoleService extends AbstractService<RoleEntity, String>
     @CacheEvict(value = USER_AUTH_CACHE_NAME, allEntries = true)
     public <T extends PermissionRoleEntity> boolean update(BindPermissionRoleEntity<T> roleEntity) {
         tryValidateProperty(StringUtils.hasLength(roleEntity.getId()), RoleEntity.id, "id {not_be_null}");
-        tryValidateProperty(null == selectByPk(roleEntity.getId()), RoleEntity.id, "{role_not_exists}");
         tryValidate(roleEntity);
         DefaultDSLUpdateService.createUpdate(roleDao)
                 .set(RoleEntity.name, roleEntity.getName())

pom.xml

@@ -88,7 +88,7 @@
         <javassist.version>3.20.0-GA</javassist.version>
         <activiti.version>5.19.0.2</activiti.version>
 
-        <fastjson.version>1.2.31</fastjson.version>
+        <fastjson.version>1.2.32</fastjson.version>
         <h2.version>1.4.191</h2.version>
         <mysql.version>5.1.39</mysql.version>
         <cglib.version>3.2.2</cglib.version>