调整权限

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/src/main/java/org/hswebframework/web/controller/authorization/RoleController.java

@@ -18,26 +18,22 @@
 
 package org.hswebframework.web.controller.authorization;
 
-import io.swagger.annotations.*;
-import org.apache.commons.collections.CollectionUtils;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.hswebframework.web.authorization.Permission;
 import org.hswebframework.web.authorization.annotation.Authorize;
-import org.hswebframework.web.commons.entity.factory.EntityFactory;
 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
-import org.hswebframework.web.controller.QueryController;
+import org.hswebframework.web.controller.SimpleGenericEntityController;
 import org.hswebframework.web.controller.message.ResponseMessage;
-import org.hswebframework.web.entity.authorization.*;
-import org.hswebframework.web.entity.authorization.bind.BindPermissionRoleEntity;
+import org.hswebframework.web.entity.authorization.RoleEntity;
 import org.hswebframework.web.logging.AccessLogger;
-import org.hswebframework.web.model.authorization.*;
 import org.hswebframework.web.service.authorization.RoleService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
-import java.util.stream.Collectors;
-
-import static org.hswebframework.web.controller.QueryController.*;
 import static org.hswebframework.web.controller.message.ResponseMessage.ok;
 
 /**
@@ -50,54 +46,16 @@ import static org.hswebframework.web.controller.message.ResponseMessage.ok;
 @AccessLogger("{role_manager}")
 @Authorize(permission = "role")
 @Api(tags = "role-manager", description = "角色管理")
-public class RoleController implements QueryController<RoleEntity, String, QueryParamEntity> {
+public class RoleController implements SimpleGenericEntityController<RoleEntity, String, QueryParamEntity> {
 
     @Autowired
     private RoleService roleService;
 
-    @Autowired
-    private EntityFactory entityFactory;
-
     @Override
     public RoleService getService() {
         return roleService;
     }
 
-    @SuppressWarnings("unchecked")
-    public BindPermissionRoleEntity<PermissionRoleEntity> modelToEntity(RoleModel roleModel) {
-        return entityFactory.newInstance(BindPermissionRoleEntity.class, roleModel);
-    }
-
-    protected RoleModel entityToModel(RoleEntity roleEntity) {
-        return entityFactory.newInstance(RoleModel.class, roleEntity);
-    }
-
-    @Authorize(action = Permission.ACTION_GET)
-    @GetMapping(path = "/{id:.+}/detail")
-    @AccessLogger("{get_by_id}")
-    @ApiOperation("根据主键查询完整数据")
-    public ResponseMessage<RoleModel> getDetailByPrimaryKey(@PathVariable String id) {
-        return ok(entityToModel(assertNotNull(getService().selectDetailByPk(id))));
-    }
-
-    @PostMapping
-    @Authorize(action = Permission.ACTION_ADD)
-    @AccessLogger("{add}")
-    @ApiOperation("添加角色")
-    public ResponseMessage<String> addRole(@RequestBody RoleModel roleModel) {
-        return ok(roleService.insert(modelToEntity(roleModel)));
-    }
-
-    @PutMapping("/{id:.+}")
-    @Authorize(action = Permission.ACTION_UPDATE)
-    @AccessLogger("{update}")
-    @ApiOperation("修改角色")
-    public ResponseMessage updateRole(@PathVariable String id, @RequestBody RoleModel roleModel) {
-        roleModel.setId(id);
-        roleService.update(modelToEntity(roleModel));
-        return ok();
-    }
-
     @PutMapping("/disable/{id:.+}")
     @Authorize(action = Permission.ACTION_DISABLE)
     @AccessLogger("{disable}")

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-dao/hsweb-system-authorization-dao-api/src/main/java/org/hswebframework/web/dao/authorization/PermissionRoleDao.java

@@ -1,26 +0,0 @@
-package org.hswebframework.web.dao.authorization;
-
-import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
-import org.hswebframework.web.dao.Dao;
-
-import java.util.List;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-@Deprecated
-public interface PermissionRoleDao extends Dao {
-    int insert(PermissionRoleEntity permissionRoleBean);
-
-    List<PermissionRoleEntity> selectByRoleId(String roleId);
-
-    List<PermissionRoleEntity> selectByRoleIdList(List<String> roleIds);
-
-    List<PermissionRoleEntity> selectByPermissionId(String roleId);
-
-    int deleteByRoleId(String roleId);
-
-    int deleteByPermissionId(String permissionId);
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-dao/hsweb-system-authorization-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/authorization/PermissionMapper.xml

@@ -28,8 +28,7 @@
         <result property="status" column="status" javaType="Byte" jdbcType="NUMERIC"/>
         <result property="actions" column="actions" javaType="java.util.List" jdbcType="VARCHAR"/>
         <result property="optionalFields" column="optional_fields" javaType="java.util.List" jdbcType="CLOB"/>
-        <result property="dataAccess" column="data_access" javaType="java.util.List" jdbcType="CLOB"/>
-
+        <result property="supportDataAccessTypes" column="spt_da_types" javaType="java.util.List" jdbcType="CLOB"/>
     </resultMap>
 
     <!--用于动态生成sql所需的配置-->

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-dao/hsweb-system-authorization-dao-mybatis/src/main/resources/org/hswebframework/web/dao/mybatis/mappers/authorization/PermissionRoleMapper.xml

@@ -1,68 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!--
-  ~ Copyright 2016 http://www.hswebframework.org
-  ~
-  ~ Licensed under the Apache License, Version 2.0 (the "License");
-  ~ you may not use this file except in compliance with the License.
-  ~ You may obtain a copy of the License at
-  ~
-  ~       http://www.apache.org/licenses/LICENSE-2.0
-  ~
-  ~ Unless required by applicable law or agreed to in writing, software
-  ~ distributed under the License is distributed on an "AS IS" BASIS,
-  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  ~  See the License for the specific language governing permissions and
-  ~  limitations under the License.
-  ~
-  -->
-
-<!DOCTYPE mapper
-        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
-        "http://www.mybatis.org/dtd/mybatis-3-mapper.dtd">
-
-<mapper namespace="org.hswebframework.web.dao.authorization.PermissionRoleDao">
-    <resultMap id="PermissionRoleResultMap" type="org.hswebframework.web.entity.authorization.SimplePermissionRoleEntity">
-        <result property="roleId" column="role_id" javaType="string" jdbcType="VARCHAR"/>
-        <result property="permissionId" column="permission_id" javaType="string" jdbcType="VARCHAR"/>
-        <result property="actions" column="actions" javaType="java.util.List" jdbcType="VARCHAR"/>
-        <result property="dataAccesses" column="data_access" javaType="java.util.List" jdbcType="CLOB"/>
-    </resultMap>
-
-    <!--用于动态生成sql所需的配置-->
-    <sql id="config">
-        <bind name="resultMapId" value="'PermissionRoleResultMap'"/>
-        <bind name="tableName" value="'s_permission_role'"/>
-    </sql>
-
-    <insert id="insert" parameterType="org.hswebframework.web.entity.authorization.PermissionRoleEntity">
-        <include refid="config"/>
-        <include refid="BasicMapper.buildInsertSql"/>
-    </insert>
-
-    <delete id="deleteByRoleId" parameterType="String">
-        delete from s_permission_role where role_id =#{id}
-    </delete>
-
-    <delete id="deleteByPermissionId" parameterType="String">
-        delete from s_permission_role where permission_id =#{id}
-    </delete>
-
-    <select id="selectByPermissionId" parameterType="string" resultMap="PermissionRoleResultMap">
-        select * from s_permission_role where permission_id=#{id}
-    </select>
-
-    <select id="selectByRoleIdList" parameterType="List" resultMap="PermissionRoleResultMap">
-        select * from s_permission_role
-        <where>
-            role_id in
-            <foreach item="id" collection="list" open="(" separator="," close=")">
-                #{id}
-            </foreach>
-        </where>
-    </select>
-
-    <select id="selectByRoleId" parameterType="String" resultMap="PermissionRoleResultMap">
-        select * from s_permission_role where role_id=#{id}
-    </select>
-
-</mapper>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/MenuEntity.java

@@ -51,7 +51,7 @@ public interface MenuEntity
 
     void setStatus(Byte status);
 
-    void setChildren(List<? extends MenuEntity> children);
+    void setChildren(List<MenuEntity> children);
 
     MenuEntity clone();
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/PermissionEntity.java

@@ -39,21 +39,23 @@ public interface PermissionEntity extends GenericEntity<String> {
 
     Byte getStatus();
 
+    void setStatus(Byte status);
+
+    String getType();
+
+    void setType(String type);
+
     void setName(String name);
 
     void setDescribe(String comment);
 
-    void setStatus(Byte status);
-
     List<ActionEntity> getActions();
 
     void setActions(List<ActionEntity> actions);
 
-    @Deprecated
-    List<DataAccessEntity> getDataAccess();
+    List<String> getSupportDataAccessTypes();
 
-    @Deprecated
-    void setDataAccess(List<DataAccessEntity> dataAccess);
+    void setSupportDataAccessTypes(List<String> supportDataAccessTypes);
 
     void setOptionalFields(List<OptionalField> fields);
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/PermissionRoleEntity.java

@@ -1,30 +0,0 @@
-package org.hswebframework.web.entity.authorization;
-
-import org.hswebframework.web.commons.entity.CloneableEntity;
-
-import java.util.List;
-
-/**
- * 权限设置已经重构至 {@link AuthorizationSettingEntity} ,将在接下来移除
- *
- * @author zhouhao
- */
-@Deprecated
-public interface PermissionRoleEntity extends CloneableEntity {
-
-    void setRoleId(String roleId);
-
-    void setPermissionId(String permissionId);
-
-    void setActions(List<String> actions);
-
-    String getRoleId();
-
-    String getPermissionId();
-
-    List<String> getActions();
-
-    List<DataAccessEntity> getDataAccesses();
-
-    void setDataAccesses(List<DataAccessEntity> dataAccesses);
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/SimpleMenuEntity.java

@@ -53,17 +53,16 @@ public class SimpleMenuEntity extends SimpleTreeSortSupportEntity<String>
     private Byte status;
 
     //子菜单
-    private List<SimpleMenuEntity> children;
+    private List<MenuEntity> children;
 
     @Override
-    public List<SimpleMenuEntity> getChildren() {
-        if (children == null) return null;
-        return new ArrayList<>(children);
+    public List<MenuEntity> getChildren() {
+        return children;
     }
 
     @Override
-    public void setChildren(List<? extends MenuEntity> children) {
-        this.children = ((List) children);
+    public void setChildren(List<MenuEntity> children) {
+        this.children = children;
     }
 
     public String getName() {

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/SimplePermissionEntity.java

@@ -3,6 +3,7 @@ package org.hswebframework.web.entity.authorization;
 import org.hibernate.validator.constraints.NotBlank;
 import org.hswebframework.web.commons.entity.SimpleGenericEntity;
 
+import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -19,11 +20,14 @@ public class SimplePermissionEntity extends SimpleGenericEntity<String> implemen
 
     private Byte status;
 
+    private String type;
+
+    //支持的数据权限控制类型
+    private List<String> supportDataAccessTypes;
+
     //可选事件
     private List<ActionEntity> actions;
 
-    private List<DataAccessEntity> dataAccess;
-
     private List<OptionalField> optionalFields;
 
     public String getName() {
@@ -60,16 +64,6 @@ public class SimplePermissionEntity extends SimpleGenericEntity<String> implemen
         this.actions = actions;
     }
 
-    @Override
-    public List<DataAccessEntity> getDataAccess() {
-        return this.dataAccess;
-    }
-
-    @Override
-    public void setDataAccess(List<DataAccessEntity> dataAccess) {
-        this.dataAccess = dataAccess;
-    }
-
     @Override
     public void setOptionalFields(List<OptionalField> optionalFields) {
         this.optionalFields = optionalFields;
@@ -88,10 +82,27 @@ public class SimplePermissionEntity extends SimpleGenericEntity<String> implemen
         if (optionalFields != null) {
             target.setOptionalFields(getOptionalFields().stream().map(OptionalField::clone).collect(Collectors.toList()));
         }
-        if (dataAccess != null) {
-            target.setDataAccess(getDataAccess().stream().map(DataAccessEntity::clone).collect(Collectors.toList()));
+        if (supportDataAccessTypes != null) {
+            target.setSupportDataAccessTypes(new ArrayList<>(supportDataAccessTypes));
         }
         return target;
     }
 
+    @Override
+    public String getType() {
+        return type;
+    }
+
+    @Override
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    public List<String> getSupportDataAccessTypes() {
+        return supportDataAccessTypes;
+    }
+
+    public void setSupportDataAccessTypes(List<String> supportDataAccessTypes) {
+        this.supportDataAccessTypes = supportDataAccessTypes;
+    }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/SimplePermissionRoleEntity.java

@@ -1,72 +0,0 @@
-package org.hswebframework.web.entity.authorization;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.stream.Collectors;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimplePermissionRoleEntity implements PermissionRoleEntity {
-    private String roleId;
-
-    private String permissionId;
-
-    private List<String> actions;
-
-    private List<DataAccessEntity> dataAccesses;
-
-    @Override
-    public String getRoleId() {
-        return roleId;
-    }
-
-    @Override
-    public void setRoleId(String roleId) {
-        this.roleId = roleId;
-    }
-
-    @Override
-    public String getPermissionId() {
-        return permissionId;
-    }
-
-    @Override
-    public void setPermissionId(String permissionId) {
-        this.permissionId = permissionId;
-    }
-
-    @Override
-    public List<String> getActions() {
-        return actions;
-    }
-
-    @Override
-    public void setActions(List<String> actions) {
-        this.actions = actions;
-    }
-
-    @Override
-    public List<DataAccessEntity> getDataAccesses() {
-        return this.dataAccesses;
-    }
-
-    @Override
-    public void setDataAccesses(List<DataAccessEntity> dataAccesses) {
-        this.dataAccesses = dataAccesses;
-    }
-
-    @Override
-    public SimplePermissionRoleEntity clone() {
-        SimplePermissionRoleEntity target = new SimplePermissionRoleEntity();
-        target.setPermissionId(getPermissionId());
-        target.setRoleId(getRoleId());
-        if (actions != null)
-            target.setActions(new ArrayList<>(getActions()));
-        if (dataAccesses != null)
-            target.setDataAccesses(dataAccesses.stream().map(DataAccessEntity::clone).collect(Collectors.toList()));
-        return target;
-    }
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/bind/BindPermissionRoleEntity.java

@@ -1,18 +0,0 @@
-package org.hswebframework.web.entity.authorization.bind;
-
-import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
-import org.hswebframework.web.entity.authorization.RoleEntity;
-
-import java.util.List;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-@Deprecated
-public interface BindPermissionRoleEntity<T extends PermissionRoleEntity> extends RoleEntity {
-    List<T> getPermissions();
-
-    void setPermissions(List<T> permissions);
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/bind/SimpleBindPermissionRoleEntity.java

@@ -1,35 +0,0 @@
-package org.hswebframework.web.entity.authorization.bind;
-
-import org.hswebframework.web.entity.authorization.SimplePermissionRoleEntity;
-import org.hswebframework.web.entity.authorization.SimpleRoleEntity;
-
-import java.util.List;
-import java.util.stream.Collectors;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleBindPermissionRoleEntity extends SimpleRoleEntity implements BindPermissionRoleEntity<SimplePermissionRoleEntity> {
-    private List<SimplePermissionRoleEntity> permissions;
-
-    @Override
-    public List<SimplePermissionRoleEntity> getPermissions() {
-        return permissions;
-    }
-
-    @Override
-    public void setPermissions(List<SimplePermissionRoleEntity> permissions) {
-        this.permissions = permissions;
-    }
-
-    @Override
-    public SimpleBindPermissionRoleEntity clone() {
-        SimpleBindPermissionRoleEntity target = ((SimpleBindPermissionRoleEntity) super.clone());
-        if (permissions != null && !permissions.isEmpty()) {
-            target.permissions = permissions.stream().map(SimplePermissionRoleEntity::clone).collect(Collectors.toList());
-        }
-        return target;
-    }
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-model/src/main/java/org/hswebframework/web/model/authorization/RoleModel.java

@@ -1,52 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.model.authorization;
-
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import org.hswebframework.web.commons.model.Model;
-
-import java.util.List;
-
-/**
- * @author zhouhao
- */
-@ApiModel(value = "RoleModel", description = "角色模型")
-public interface RoleModel extends Model {
-
-    @ApiModelProperty(value = "角色ID", readOnly = true, required = true, example = "admin")
-    String getId();
-
-    void setId(String id);
-
-    @ApiModelProperty(value = "角色名", required = true)
-    String getName();
-
-    void setName(String name);
-
-    @ApiModelProperty("说明")
-    String getDescribe();
-
-    void setDescribe(String describe);
-
-    @ApiModelProperty(value = "权限配置", dataType = "PermissionRoleModel")
-    List<PermissionRoleModel> getPermissions();
-
-    void setPermissions(List<PermissionRoleModel> permissions);
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-model/src/main/java/org/hswebframework/web/model/authorization/SimpleRoleModel.java

@@ -1,74 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.model.authorization;
-
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleRoleModel implements RoleModel {
-    private String id;
-
-    private String name;
-
-    private String describe;
-
-    private List<SimplePermissionRoleModel> permissions;
-
-    @Override
-    public String getId() {
-        return id;
-    }
-
-    @Override
-    public void setId(String id) {
-        this.id = id;
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
-    public String getDescribe() {
-        return describe;
-    }
-
-    public void setDescribe(String describe) {
-        this.describe = describe;
-    }
-
-    @Override
-    public List<PermissionRoleModel> getPermissions() {
-        if (null == permissions) permissions = new ArrayList<>();
-        return new ArrayList<>(permissions);
-    }
-
-    public void setPermissions(List<PermissionRoleModel> permissions) {
-        this.permissions = ((List) permissions);
-    }
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/RoleService.java

@@ -1,30 +1,16 @@
 package org.hswebframework.web.service.authorization;
 
-import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
 import org.hswebframework.web.entity.authorization.RoleEntity;
-import org.hswebframework.web.entity.authorization.bind.BindPermissionRoleEntity;
-import org.hswebframework.web.service.CreateEntityService;
-import org.hswebframework.web.service.QueryByEntityService;
+import org.hswebframework.web.service.CrudService;
 
 /**
- * TODO 完成注释
+ * 角色服务
  *
  * @author zhouhao
+ * @since 3.0
  */
-public interface RoleService extends
-        CreateEntityService<RoleEntity>,
-        QueryByEntityService<RoleEntity> {
-
-    <T extends PermissionRoleEntity> String insert(BindPermissionRoleEntity<T> roleEntity);
-
+public interface RoleService extends CrudService<RoleEntity, String> {
     void enable(String roleId);
 
     void disable(String roleId);
-
-    <T extends PermissionRoleEntity> boolean update(BindPermissionRoleEntity<T> roleEntity);
-
-    RoleEntity selectByPk(String roleId);
-
-    <T extends PermissionRoleEntity> BindPermissionRoleEntity<T> selectDetailByPk(String roleId);
-
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleAuthenticationBuilder.java

@@ -1,66 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.service.authorization.simple;
-
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.simple.SimpleAuthentication;
-import org.hswebframework.web.authorization.simple.SimplePermission;
-import org.hswebframework.web.authorization.simple.SimpleRole;
-import org.hswebframework.web.authorization.simple.SimpleUser;
-import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
-import org.hswebframework.web.entity.authorization.RoleEntity;
-import org.hswebframework.web.entity.authorization.UserEntity;
-import org.hswebframework.web.service.authorization.DataAccessFactory;
-
-import java.util.HashSet;
-import java.util.List;
-import java.util.stream.Collectors;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class SimpleAuthenticationBuilder {
-
-    public static Authentication build(UserEntity user,
-                                       List<RoleEntity> roleEntities,
-                                       List<PermissionRoleEntity> permissionRoleEntities,
-                                       DataAccessFactory dataAccessFactory) {
-        SimpleAuthentication authentication = new SimpleAuthentication();
-        authentication.setUser(new SimpleUser(user.getId(), user.getUsername(), user.getName()));
-        authentication.setRoles(roleEntities.stream()
-                .map(roleEntity -> new SimpleRole(roleEntity.getId(), roleEntity.getName()))
-                .collect(Collectors.toList()));
-        authentication.setPermissions(permissionRoleEntities.stream()
-                .map(permissionRoleEntity -> {
-                    SimplePermission permission = new SimplePermission(permissionRoleEntity.getPermissionId(), new HashSet<>(permissionRoleEntity.getActions()));
-                    if (null != dataAccessFactory && null != permissionRoleEntity.getDataAccesses()) {
-                        permission.setDataAccesses(permissionRoleEntity
-                                .getDataAccesses()
-                                .stream()
-                                .map(dataAccessFactory::create)
-                                .collect(Collectors.toSet()));
-                    }
-                    return permission;
-                })
-                .collect(Collectors.toList()));
-        return authentication;
-    }
-
-}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleAuthorizationSettingService.java

@@ -16,6 +16,7 @@
  */
 package org.hswebframework.web.service.authorization.simple;
 
+import org.apache.commons.collections.CollectionUtils;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.AuthenticationInitializeService;
 import org.hswebframework.web.authorization.Permission;
@@ -47,6 +48,9 @@ import java.util.function.Predicate;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import static org.apache.commons.collections.CollectionUtils.*;
+import static org.hswebframework.web.commons.entity.DataStatus.*;
+import static org.hswebframework.web.entity.authorization.AuthorizationSettingDetailEntity.*;
 import static org.hswebframework.web.entity.authorization.AuthorizationSettingDetailEntity.STATE_OK;
 import static org.hswebframework.web.entity.authorization.AuthorizationSettingEntity.settingFor;
 import static org.hswebframework.web.entity.authorization.AuthorizationSettingEntity.type;
@@ -72,10 +76,13 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
 
     private UserService userService;
 
+    private PermissionService permissionService;
+
     private List<AuthorizationSettingTypeSupplier> authorizationSettingTypeSuppliers;
 
     private DataAccessFactory dataAccessFactory;
 
+
     @Override
     protected IDGenerator<String> getIDGenerator() {
         return IDGenerator.MD5;
@@ -110,11 +117,11 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
     @CacheEvict(allEntries = true)
     public String insert(AuthorizationSettingEntity entity) {
         tryValidateProperty(select(entity.getType(), entity.getSettingFor()) == null, AuthorizationSettingEntity.settingFor, "存在相同的配置!");
-        entity.setStatus(DataStatus.STATUS_ENABLED);
+        entity.setStatus(STATUS_ENABLED);
         String id = super.insert(entity);
         if (entity.getMenus() != null) {
             TreeSupportEntity.forEach(entity.getMenus(), menu -> {
-                menu.setStatus(DataStatus.STATUS_ENABLED);
+                menu.setStatus(STATUS_ENABLED);
                 menu.setSettingId(id);
             });
             authorizationSettingMenuService.insertBatch(entity.getMenus());
@@ -124,7 +131,7 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
                 tryValidate(detail);
                 detail.setId(getIDGenerator().generate());
                 detail.setSettingId(id);
-                detail.setStatus(DataStatus.STATUS_ENABLED);
+                detail.setStatus(STATUS_ENABLED);
                 authorizationSettingDetailDao.insert(detail);
             }
         }
@@ -138,7 +145,7 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
         if (entity.getMenus() != null) {
             authorizationSettingMenuService.deleteBySettingId(id);
             TreeSupportEntity.forEach(entity.getMenus(), menu -> {
-                menu.setStatus(DataStatus.STATUS_ENABLED);
+                menu.setStatus(STATUS_ENABLED);
                 menu.setSettingId(id);
             });
             authorizationSettingMenuService.insertBatch(entity.getMenus());
@@ -146,12 +153,12 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
         if (entity.getDetails() != null) {
             DefaultDSLDeleteService
                     .createDelete(authorizationSettingDetailDao)
-                    .where(AuthorizationSettingDetailEntity.settingId, id)
+                    .where(settingId, id)
                     .exec();
             for (AuthorizationSettingDetailEntity detail : entity.getDetails()) {
                 detail.setId(getIDGenerator().generate());
                 detail.setSettingId(id);
-                detail.setStatus(DataStatus.STATUS_ENABLED);
+                detail.setStatus(STATUS_ENABLED);
                 authorizationSettingDetailDao.insert(detail);
             }
         }
@@ -260,10 +267,12 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
         authentication.setUser(new SimpleUser(userId, userEntity.getUsername(), userEntity.getName()));
         //角色
         authentication.setRoles(userService.getUserRole(userId)
-                .stream().map(role -> new SimpleRole(role.getId(), role.getName()))
+                .stream()
+                .map(role -> new SimpleRole(role.getId(), role.getName()))
                 .collect(Collectors.toList()));
 
-        List<String> settingIdList = getUserSetting(userId).stream()
+        List<String> settingIdList = getUserSetting(userId)
+                .stream()
                 .map(AuthorizationSettingEntity::getId)
                 .collect(Collectors.toList());
 
@@ -275,14 +284,49 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
         // where status=1 and setting_id in (?,?,?)
         List<AuthorizationSettingDetailEntity> detailList = DefaultDSLQueryService
                 .createQuery(authorizationSettingDetailDao)
-                .where(AuthorizationSettingDetailEntity.status, STATE_OK)
-                .and().in(AuthorizationSettingDetailEntity.settingId, settingIdList)
+                .where(status, STATE_OK)
+                .and().in(settingId, settingIdList)
                 .listNoPaging();
+        //权限id集合
+        List<String> permissionIds = detailList.stream()
+                .map(AuthorizationSettingDetailEntity::getPermissionId)
+                .distinct()
+                .collect(Collectors.toList());
+        //权限信息缓存
+        Map<String, PermissionEntity> permissionEntityCache =
+                permissionService.selectByPk(permissionIds)
+                        .stream()
+                        .collect(Collectors.toMap(PermissionEntity::getId, Function.identity()));
+        //防止越权
+        detailList = detailList.stream().filter(detail -> {
+            PermissionEntity entity = permissionEntityCache.get(detail.getPermissionId());
+            if (entity == null || !STATUS_ENABLED.equals(entity.getStatus())) {
+                return false;
+            }
+            List<String> allActions = entity.getActions().stream().map(ActionEntity::getAction).collect(Collectors.toList());
+            if (isNotEmpty(entity.getActions())) {
+                detail.setActions(detail.getActions().stream().filter(allActions::contains).collect(Collectors.toSet()));
+            }
+            if (isEmpty(entity.getSupportDataAccessTypes())) {
+                detail.setDataAccesses(Collections.emptyList());
+            } else if (isNotEmpty(detail.getDataAccesses())) {
+                //重构为权限支持的数据权限控制方式,防止越权设置权限
+                detail.setDataAccesses(detail
+                        .getDataAccesses()
+                        .stream()
+                        .filter(access -> entity.getSupportDataAccessTypes().contains(access.getType()))
+                        .collect(Collectors.toList()));
+            }
+            return true;
+        }).collect(Collectors.toList());
+
         //权限
         Map<String, List<AuthorizationSettingDetailEntity>> settings = detailList
                 .stream()
                 .collect(Collectors.groupingBy(AuthorizationSettingDetailEntity::getPermissionId));
+
         List<Permission> permissions = new ArrayList<>();
+
         settings.forEach((permissionId, details) -> {
             SimplePermission permission = new SimplePermission();
             permission.setId(permissionId);
@@ -351,4 +395,9 @@ public class SimpleAuthorizationSettingService extends GenericEntityService<Auth
     public void setMenuService(MenuService menuService) {
         this.menuService = menuService;
     }
+
+    @Autowired
+    public void setPermissionService(PermissionService permissionService) {
+        this.permissionService = permissionService;
+    }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimplePermissionService.java

@@ -1,5 +1,6 @@
 package org.hswebframework.web.service.authorization.simple;
 
+import org.hswebframework.web.commons.entity.DataStatus;
 import org.hswebframework.web.dao.authorization.PermissionDao;
 import org.hswebframework.web.entity.authorization.PermissionEntity;
 import org.hswebframework.web.id.IDGenerator;
@@ -31,7 +32,7 @@ public class SimplePermissionService extends GenericEntityService<PermissionEnti
 
     @Override
     public String insert(PermissionEntity entity) {
-        entity.setStatus((byte) 1);
+        entity.setStatus(DataStatus.STATUS_ENABLED);
         return super.insert(entity);
     }
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleRoleService.java

@@ -18,64 +18,47 @@
 package org.hswebframework.web.service.authorization.simple;
 
 import org.hswebframework.web.commons.entity.DataStatus;
-import org.hswebframework.web.dao.authorization.PermissionRoleDao;
 import org.hswebframework.web.dao.authorization.RoleDao;
-import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
 import org.hswebframework.web.entity.authorization.RoleEntity;
-import org.hswebframework.web.entity.authorization.bind.BindPermissionRoleEntity;
-import org.hswebframework.web.service.AbstractService;
-import org.hswebframework.web.service.DefaultDSLQueryService;
+import org.hswebframework.web.id.IDGenerator;
 import org.hswebframework.web.service.DefaultDSLUpdateService;
+import org.hswebframework.web.service.GenericEntityService;
 import org.hswebframework.web.service.authorization.RoleService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.StringUtils;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import static org.hswebframework.web.service.authorization.simple.CacheConstants.USER_AUTH_CACHE_NAME;
-
 /**
  * TODO 完成注释
  *
  * @author zhouhao
  */
-@Transactional(rollbackFor = Throwable.class)
 @Service("roleService")
-public class SimpleRoleService extends AbstractService<RoleEntity, String>
-        implements RoleService, DefaultDSLQueryService<RoleEntity, String> {
+public class SimpleRoleService extends GenericEntityService<RoleEntity, String> implements RoleService {
 
     @Autowired
     private RoleDao roleDao;
 
-    @Autowired
-    private PermissionRoleDao permissionRoleDao;
+    @Override
+    protected IDGenerator<String> getIDGenerator() {
+        return IDGenerator.MD5;
+    }
 
     @Override
     public RoleDao getDao() {
         return roleDao;
     }
 
-    protected <T extends PermissionRoleEntity> void syncPermissions(String roleId, List<T> permissionRoleEntities) {
-        if (permissionRoleEntities == null) return;
-        permissionRoleEntities.forEach(permission -> {
-            permission.setRoleId(roleId);
-            permissionRoleDao.insert(permission);
-        });
+    @Override
+    public String insert(RoleEntity entity) {
+        entity.setStatus(DataStatus.STATUS_ENABLED);
+        return super.insert(entity);
     }
 
     @Override
-    public <T extends PermissionRoleEntity> String insert(BindPermissionRoleEntity<T> roleEntity) {
-        tryValidateProperty(StringUtils.hasLength(roleEntity.getId()), RoleEntity.id, "id {not_be_null}");
-        tryValidateProperty(null == selectByPk(roleEntity.getId()), RoleEntity.id, "{role_exists}");
-        roleEntity.setStatus(DataStatus.STATUS_ENABLED);
-        tryValidate(roleEntity);
-        roleDao.insert(roleEntity);
-        syncPermissions(roleEntity.getId(), roleEntity.getPermissions());
-        return roleEntity.getId();
+    public int updateByPk(String s, RoleEntity entity) {
+        entity.setStatus(null);
+        return super.updateByPk(s, entity);
     }
 
     @Override
@@ -95,45 +78,4 @@ public class SimpleRoleService extends AbstractService<RoleEntity, String>
                 .where(RoleEntity.id, roleId)
                 .exec();
     }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public RoleEntity selectByPk(String roleId) {
-        tryValidateProperty(StringUtils.hasLength(roleId), RoleEntity.id, "{id_is_null}");
-        return createQuery().where(RoleEntity.id, roleId).single();
-    }
-
-    @Override
-    public List<RoleEntity> selectByPk(List<String> id) {
-        tryValidateProperty(id == null || id.isEmpty(), RoleEntity.id, "{id_is_null}");
-        return createQuery().where().in(RoleEntity.id, id).listNoPaging();
-    }
-
-    @Override
-    @SuppressWarnings("unchecked")
-    public <T extends PermissionRoleEntity> BindPermissionRoleEntity<T> selectDetailByPk(String roleId) {
-        RoleEntity entity = createQuery().where(RoleEntity.id, roleId).single();
-        if (entity == null) return null;
-        BindPermissionRoleEntity<T> bindPermissionRoleEntity =
-                entityFactory.newInstance(BindPermissionRoleEntity.class, entity);
-
-        bindPermissionRoleEntity.setPermissions(new ArrayList(permissionRoleDao.selectByRoleId(roleId)));
-        return bindPermissionRoleEntity;
-    }
-
-    @Override
-    @CacheEvict(value = USER_AUTH_CACHE_NAME, allEntries = true)
-    public <T extends PermissionRoleEntity> boolean update(BindPermissionRoleEntity<T> roleEntity) {
-        tryValidateProperty(StringUtils.hasLength(roleEntity.getId()), RoleEntity.id, "id {not_be_null}");
-        tryValidate(roleEntity);
-        DefaultDSLUpdateService.createUpdate(roleDao)
-                .set(RoleEntity.name, roleEntity.getName())
-                .set(RoleEntity.describe, roleEntity.getDescribe())
-                .where(RoleEntity.id, roleEntity.getId()).exec();
-        if (roleEntity.getPermissions() != null) {
-            permissionRoleDao.deleteByRoleId(roleEntity.getId());
-            syncPermissions(roleEntity.getId(), roleEntity.getPermissions());
-        }
-        return true;
-    }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/resources/hsweb-starter.js

@@ -62,7 +62,7 @@ function install(context) {
         .addColumn().name("describe").varchar(128).comment("说明").commit()
         .addColumn().name("status").number(4).notNull().comment("状态").commit()
         .addColumn().name("actions").clob().notNull().comment("可选操作(按钮)").commit()
-        .addColumn().name("data_access").clob().comment("数据级控制配置").commit()
+        .addColumn().name("spt_da_types").clob().comment("支持的数据权限类型").commit()
         .addColumn().name("optional_fields").clob().comment("可选字段").commit()
         .comment("权限表").commit();
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/PermissionTests.java

@@ -65,7 +65,6 @@ public class PermissionTests extends SimpleWebApplicationTests {
         entity.setName("测试");
         entity.setActions(Arrays.asList(new ActionEntity("C")));
         entity.setId("test");
-        entity.setDataAccess(Arrays.asList(dataAccessEntity));
         String id = permissionService.insert(entity);
         Assert.assertNotNull(id);
 
@@ -73,9 +72,6 @@ public class PermissionTests extends SimpleWebApplicationTests {
         Assert.assertEquals(data.getId(), entity.getId());
         Assert.assertEquals(data.getName(), entity.getName());
         Assert.assertEquals(data.getStatus(), entity.getStatus());
-        Assert.assertNotNull(data.getDataAccess());
-        Assert.assertEquals(data.getDataAccess().get(0).getAction(), dataAccessEntity.getAction());
-        Assert.assertEquals(data.getDataAccess().get(0).getType(), dataAccessEntity.getType());
 
         data.setName("测试修改");
         permissionService.updateByPk(data.getId(), data);