6 years ago · 3ae3a95a66
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/ScopeByUserHandler.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/ScopeByUserHandler.java
@@ -117,7 +117,7 @@ public class ScopeByUserHandler implements DataAccessHandler {
 
				                 return scopeInfo.allScope.contains(controllerCache.targetIdGetter.apply(entity));
			
 
				             }
			
 
				         } else {
			
 
				-            log.warn("Controller没有实现任何通用CURD功能,无法进行数据权限控制!");
			
 
				+            log.debug("Controller没有实现任何通用CURD功能,无法进行数据权限控制!");
			
 
				         }
			
 
				         return true;
			
 
				 
			
@@ -245,7 +245,7 @@ public class ScopeByUserHandler implements DataAccessHandler {
 
				             }
			
 
				         }
			
 
				         if (useProperty == null) {
			
 
				-            log.warn("类[{}]中未包含字段[{}],可能无法进行数据权限控制.", entityClass, Arrays.asList(properties));
			
 
				+            log.debug("类[{}]中未包含字段[{}],可能无法进行数据权限控制.", entityClass, Arrays.asList(properties));
			
 
				         }
			
 
				         return entity -> {
			
 
				             Map<String, String> userInfo = FastBeanCopier.copy(entity, new HashMap<>(), FastBeanCopier.include(properties));
			
@@ -441,7 +441,7 @@ public class ScopeByUserHandler implements DataAccessHandler {
 
				                 controllerCache.queryConsumer.accept(query, scopeInfo);
			
 
				             });
			
 
				         } else {
			
 
				-            log.warn("方法[{}]未使用动态查询参数[QueryParamEntity],无法进行数据权限控制!", context.getParamContext().getMethod());
			
 
				+            log.debug("方法[{}]未使用动态查询参数[QueryParamEntity],无法进行数据权限控制!", context.getParamContext().getMethod());
			
 
				         }
			
 
				         return true;
			
 
				     }
			
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-web/src/main/java/org/hswebframework/web/controller/organizational/PersonController.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-web/src/main/java/org/hswebframework/web/controller/organizational/PersonController.java
@@ -23,6 +23,7 @@ import org.hswebframework.web.NotFoundException;
 
				 import org.hswebframework.web.authorization.Permission;
			
 
				 import org.hswebframework.web.authorization.annotation.Authorize;
			
 
				 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
			
 
				+import org.hswebframework.web.authorization.define.Phased;
			
 
				 import org.hswebframework.web.commons.entity.PagerResult;
			
 
				 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
			
 
				 import org.hswebframework.web.controller.SimpleGenericEntityController;
			
@@ -110,29 +111,29 @@ public class PersonController implements SimpleGenericEntityController<PersonEnt
 
				 
			
 
				     @GetMapping("/{personId}/authorization")
			
 
				     @ApiOperation("查看人员权限信息")
			
 
				-    @Authorize(action = Permission.ACTION_GET)
			
 
				+    @Authorize(action = Permission.ACTION_GET, dataAccess = @RequiresDataAccess(ignore = true))
			
 
				     public ResponseMessage<PersonnelAuthentication> getPersonDetail(@PathVariable String personId) {
			
 
				         return ResponseMessage.ok(PersonnelAuthenticationHolder.getByPersonId(personId));
			
 
				     }
			
 
				 
			
 
				     @GetMapping("/{id}/detail")
			
 
				     @ApiOperation("查看人员详情")
			
 
				-    @Authorize(action = Permission.ACTION_GET)
			
 
				+    @Authorize(action = Permission.ACTION_GET, dataAccess = @RequiresDataAccess(phased = Phased.after))
			
 
				     public ResponseMessage<PersonAuthBindEntity> getDetail(@PathVariable String id) {
			
 
				         return ResponseMessage.ok(personService.selectAuthBindByPk(id));
			
 
				     }
			
 
				 
			
 
				     @PostMapping("/detail")
			
 
				     @ApiOperation("新增人员信息,并关联用户信息")
			
 
				-    @Authorize(action = Permission.ACTION_ADD)
			
 
				+    @Authorize(action = Permission.ACTION_ADD, dataAccess = @RequiresDataAccess(ignore = true))
			
 
				     @ResponseStatus(HttpStatus.CREATED)
			
 
				-    public ResponseMessage<String> getDetail(@RequestBody PersonAuthBindEntity bindEntity) {
			
 
				+    public ResponseMessage<String> createPersonDetail(@RequestBody PersonAuthBindEntity bindEntity) {
			
 
				         return ResponseMessage.ok(personService.insert(bindEntity));
			
 
				     }
			
 
				 
			
 
				     @PutMapping("/{id}/detail")
			
 
				     @ApiOperation("修改人员信息,并关联用户信息")
			
 
				-    @Authorize(action = Permission.ACTION_UPDATE)
			
 
				+    @Authorize(action = Permission.ACTION_UPDATE, dataAccess = @RequiresDataAccess(ignore = true))
			
 
				     public ResponseMessage<String> getDetail(@PathVariable String id, @RequestBody PersonAuthBindEntity bindEntity) {
			
 
				         bindEntity.setId(id);
			
 
				         personService.updateByPk(bindEntity);
			
@@ -141,7 +142,7 @@ public class PersonController implements SimpleGenericEntityController<PersonEnt
 
				 
			
 
				     @GetMapping("/in-position/{positionId}")
			
 
				     @ApiOperation("获取指定岗位的人员")
			
 
				-    @Authorize(action = Permission.ACTION_GET)
			
 
				+    @Authorize(action = Permission.ACTION_GET, dataAccess = @RequiresDataAccess(phased = Phased.after))
			
 
				     public ResponseMessage<List<PersonEntity>> getByPositionId(@PathVariable String positionId) {
			
 
				         return ResponseMessage.ok(personService.selectByPositionId(positionId));
			
 
				     }