优化数据权限控制

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java

@@ -17,6 +17,7 @@ import org.springframework.http.ResponseEntity;
 
 import java.lang.reflect.InvocationTargetException;
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -87,7 +88,7 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler {
 
     @SuppressWarnings("all")
     protected boolean doQueryAccess(FieldFilterDataAccessConfig access, AuthorizingContext context) {
-        if (context.getDefinition().getPhased() == Phased.before) {
+        if (context.getDefinition().getDataAccessDefinition().getPhased() == Phased.before) {
             QueryParamEntity entity = context.getParamContext().getParams()
                     .values().stream()
                     .filter(QueryParamEntity.class::isInstance)
@@ -97,7 +98,8 @@ public class FieldFilterDataAccessHandler implements DataAccessHandler {
                 logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity");
                 return true;
             }
-            entity.excludes(access.getFields().toArray(new String[access.getFields().size()]));
+            Set<String> denyFields = access.getFields();
+            entity.excludes(denyFields.toArray(new String[denyFields.size()]));
         } else {
             Object result = InvokeResultUtils.convertRealResult(context.getParamContext().getInvokeResult());
             if (result instanceof Collection) {

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java

@@ -84,7 +84,7 @@ public class FieldScopeDataAccessHandler implements DataAccessHandler {
 
     @SuppressWarnings("all")
     protected boolean doQueryAccess(FieldScopeDataAccessConfig access, AuthorizingContext context) {
-        if (context.getDefinition().getPhased() == Phased.before) {
+        if (context.getDefinition().getDataAccessDefinition().getPhased() == Phased.before) {
             QueryParamEntity entity = context.getParamContext().getParams()
                     .values().stream()
                     .filter(QueryParamEntity.class::isInstance)

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/InvokeResultUtils.java

@@ -1,15 +1,19 @@
 package org.hswebframework.web.authorization.basic.handler.access;
 
+import org.hswebframework.web.commons.entity.PagerResult;
 import org.hswebframework.web.controller.message.ResponseMessage;
 import org.springframework.http.ResponseEntity;
 
 public class InvokeResultUtils {
     public static Object convertRealResult(Object result) {
+        if (result instanceof ResponseEntity) {
+            result = ((ResponseEntity) result).getBody();
+        }
         if (result instanceof ResponseMessage) {
-            return ((ResponseMessage) result).getResult();
+            result = ((ResponseMessage) result).getResult();
         }
-        if (result instanceof ResponseEntity) {
-            return ((ResponseEntity) result).getBody();
+        if (result instanceof PagerResult) {
+            result = ((PagerResult) result).getData();
         }
         return result;
     }

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java

@@ -99,7 +99,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler {
     protected boolean doQueryAccess(OwnCreatedDataAccessConfig access, AuthorizingContext context) {
         String userId = context.getAuthentication().getUser().getId();
 
-        if (context.getDefinition().getPhased() == Phased.before) {
+        if (context.getDefinition().getDataAccessDefinition().getPhased() == Phased.before) {
             Entity entity = context.getParamContext().getParams()
                     .values().stream()
                     .filter(Entity.class::isInstance)
@@ -144,8 +144,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler {
         } else if (result instanceof Collection) {
             Collection<?> collection = ((Collection) result);
             //删掉不能访问的对象
-            collection.removeAll(collection.stream().filter((Object o) -> !matchCreatorId(o, userId))
-                    .collect(Collectors.toList()));
+            collection.removeAll(collection.stream().filter((Object o) -> !matchCreatorId(o, userId)).collect(Collectors.toList()));
         } else {
             try {
                 return userId.equals(PropertyUtils.getProperty(result, "creatorId"));