移除shiro对自定义权限控制的实现

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/BoostAuthorizationAttributeSourceAdvisor.java

@@ -51,9 +51,7 @@ public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatche
                     RequiresGuest.class,
                     RequiresAuthentication.class,
                     //自定义
-                    RequiresExpression.class,
-                    Authorize.class,
-                    RequiresDataAccess.class
+                    Authorize.class
             };
 
     protected SecurityManager securityManager = null;
@@ -73,12 +71,6 @@ public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatche
                     }
                 };
         AnnotationResolver resolver = new SpringAnnotationResolver();
-        // @RequiresExpression support
-        interceptor.getMethodInterceptors().add(new ExpressionAnnotationMethodInterceptor(resolver));
-        // @RequiresDataAccess support
-        interceptor.getMethodInterceptors().add(new DataAccessAnnotationMethodInterceptor(dataAccessController, resolver));
-        // @Authorize support
-        interceptor.getMethodInterceptors().add(new SimpleAuthorizeMethodInterceptor(resolver));
         setAdvice(interceptor);
     }
 

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java

@@ -1,150 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.apache.shiro.aop.AnnotationResolver;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
-import org.hswebframework.web.ApplicationContextHolder;
-import org.hswebframework.web.AuthorizeException;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.DataAccessController;
-import org.hswebframework.web.authorization.annotation.Authorize;
-import org.hswebframework.web.authorization.annotation.Logical;
-import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.hswebframework.utils.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.lang.annotation.Annotation;
-import java.util.*;
-import java.util.function.Function;
-import java.util.function.Predicate;
-import java.util.stream.Collectors;
-
-/**
- * 数据级权限控制实现 <br>
- * 通过在方法上注解{@link RequiresDataAccess}，标识需要进行数据级权限控制<br>
- * 控制的方式和规则由 {@link Permission#getDataAccesses()}实现<br>
- *
- * @author zhouhao
- * @see DefaultDataAccessController
- * @see DataAccessAnnotationHandler#assertAuthorized(Annotation)
- * @since 3.0
- */
-public class DataAccessAnnotationMethodInterceptor extends AuthorizingAnnotationMethodInterceptor {
-
-    public DataAccessAnnotationMethodInterceptor(DataAccessController controller, AnnotationResolver resolver) {
-        super(new DataAccessAnnotationHandler(controller), resolver);
-    }
-
-    private static final Logger logger = LoggerFactory.getLogger(DataAccessAnnotationMethodInterceptor.class);
-
-    static class DataAccessAnnotationHandler extends AuthorizingAnnotationHandler {
-        protected DataAccessController dataAccessController;
-
-        public DataAccessAnnotationHandler(DataAccessController controller) {
-            super(RequiresDataAccess.class);
-            this.dataAccessController = controller;
-        }
-
-        final Map<Class<DataAccessController>, DataAccessController> cache = new HashMap<>(128);
-
-        @Override
-        public void assertAuthorized(Annotation a) throws AuthorizationException {
-            if (!(a instanceof RequiresDataAccess)) return;
-            MethodInterceptorHolder holder = MethodInterceptorHolder.current();
-            if (null == holder) {
-                logger.warn("MethodInterceptorHolder is null!");
-                return;
-            }
-            //无权限信息
-            Authentication authentication = Authentication.current().orElseThrow(AuthorizeException::new);
-            RequiresDataAccess accessAnn = ((RequiresDataAccess) a);
-            DataAccessController accessController = dataAccessController;
-            //在注解上自定义的权限控制器
-            if (DataAccessController.class != accessAnn.controllerClass()) {
-                if (null == (accessController = cache.get(accessAnn.controllerClass()))) {
-                    synchronized (cache) {
-                        if (null == (accessController = cache.get(accessAnn.controllerClass())))
-                            try {
-                                accessController = accessAnn.controllerClass().newInstance();
-                                cache.put(accessAnn.controllerClass(), accessController);
-                            } catch (Exception e) {
-                                throw new RuntimeException(e);
-                            }
-                    }
-                }
-            } else if (!StringUtils.isNullOrEmpty(accessAnn.controllerBeanName())) {
-                //获取spring上下文中的控制器
-                accessController = ApplicationContextHolder.get().getBean(accessAnn.controllerBeanName(), DataAccessController.class);
-            }
-            DataAccessController finalAccessController = accessController;
-            Authorize classAnnotation = holder.findClassAnnotation(Authorize.class);
-            Authorize methodAnnotation = holder.findMethodAnnotation(Authorize.class);
-            Set<String> permissions = new HashSet<>();
-            List<String> actionList = new ArrayList<>(Arrays.asList(accessAnn.action()));
-
-            if (classAnnotation != null) {
-                permissions.addAll(Arrays.asList(classAnnotation.permission()));
-                if (actionList.isEmpty())
-                    actionList.addAll(Arrays.asList(classAnnotation.action()));
-            }
-            if (methodAnnotation != null) {
-                permissions.addAll(Arrays.asList(methodAnnotation.permission()));
-                if (actionList.isEmpty())
-                    actionList.addAll(Arrays.asList(methodAnnotation.action()));
-            }
-
-            String permission = accessAnn.permission();
-
-            if ("".equals(permission)) {
-                if (permissions.size() != 1) {
-                    throw new IndexOutOfBoundsException("permission setting size must be 1");
-                }
-                permission = permissions.iterator().next();
-            }
-            MethodInterceptorParamContext context = holder.createParamContext();
-            Permission permissionInfo = authentication.getPermission(permission).orElseThrow(AuthenticationException::new);
-
-            //取得当前登录用户持有的控制规则
-            Set<DataAccessConfig> accesses = permissionInfo
-                    .getDataAccesses()
-                    .stream()
-                    .filter(access -> actionList.contains(access.getAction()))
-                    .collect(Collectors.toSet());
-            //无规则,则代表不进行控制
-            if (accesses.isEmpty()) return;
-            //单个规则验证函数
-            Function<Predicate<DataAccessConfig>, Boolean> function =
-                    accessAnn.logical() == Logical.AND ?
-                            accesses.stream()::allMatch : accesses.stream()::anyMatch;
-            //调用控制器进行验证
-            boolean isAccess = function.apply(access -> finalAccessController.doAccess(access, context));
-            if (!isAccess) {
-                throw new AuthorizationException("{access_deny}");
-            }
-        }
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultDataAccessController.java

@@ -1,60 +0,0 @@
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.DataAccessController;
-import org.hswebframework.web.authorization.access.DataAccessHandler;
-import org.hswebframework.web.authorization.shiro.boost.handler.*;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-
-import java.util.LinkedList;
-import java.util.List;
-
-/**
- * 默认的行级权限控制.通过获取DataAccessHandler进行实际处理
- *
- * @author zhouhao
- * @see DataAccessHandler
- * @since 3.0
- */
-public final class DefaultDataAccessController implements DataAccessController {
-
-    private DataAccessController parent;
-
-    private List<DataAccessHandler> handlers = new LinkedList<>();
-
-    public DefaultDataAccessController() {
-        this(null);
-    }
-
-    public DefaultDataAccessController(DataAccessController parent) {
-        if (parent == this) throw new UnsupportedOperationException();
-        this.parent = parent;
-        addHandler(new CustomDataAccessHandler());
-        addHandler(new OwnCreatedDataAccessHandler());
-        addHandler(new ScriptDataAccessHandler());
-        addHandler(new FieldFilterDataAccessHandler());
-        addHandler(new FieldScopeDataAccessHandler());
-    }
-
-    @Override
-    public boolean doAccess(DataAccessConfig access, MethodInterceptorParamContext params) {
-        if (parent != null) parent.doAccess(access, params);
-        return handlers.parallelStream()
-                // TODO: 17-3-28 可以换成access对应的handler以提高效率
-                .filter(handler -> handler.isSupport(access))
-                .allMatch(handler -> handler.handle(access, params));
-    }
-
-    public DefaultDataAccessController addHandler(DataAccessHandler handler) {
-        handlers.add(handler);
-        return this;
-    }
-
-    public void setHandlers(List<DataAccessHandler> handlers) {
-        this.handlers = handlers;
-    }
-
-    public List<DataAccessHandler> getHandlers() {
-        return handlers;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/ExpressionAnnotationMethodInterceptor.java

@@ -1,87 +0,0 @@
-/*
- * Copyright 2016 http://www.hswebframework.org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *       http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- */
-
-package org.hswebframework.web.authorization.shiro.boost;
-
-import org.apache.shiro.aop.AnnotationResolver;
-import org.apache.shiro.authz.AuthorizationException;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
-import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
-import org.hswebframework.expands.script.engine.DynamicScriptEngine;
-import org.hswebframework.expands.script.engine.DynamicScriptEngineFactory;
-import org.hswebframework.web.BusinessException;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.annotation.RequiresExpression;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.lang.annotation.Annotation;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class ExpressionAnnotationMethodInterceptor extends AuthorizingAnnotationMethodInterceptor {
-    public ExpressionAnnotationMethodInterceptor() {
-        super(new ExpressionAnnotationHandler());
-    }
-
-    public ExpressionAnnotationMethodInterceptor(AnnotationResolver resolver) {
-        super(new ExpressionAnnotationHandler(), resolver);
-    }
-
-    private static final Logger logger = LoggerFactory.getLogger(ExpressionAnnotationMethodInterceptor.class);
-
-    static class ExpressionAnnotationHandler extends AuthorizingAnnotationHandler {
-
-        public ExpressionAnnotationHandler() {
-            super(RequiresExpression.class);
-        }
-
-        @Override
-        public void assertAuthorized(Annotation a) throws AuthorizationException {
-            if (!(a instanceof RequiresExpression)) return;
-            MethodInterceptorHolder holder = MethodInterceptorHolder.current();
-            if (null == holder) {
-                return;
-            }
-            RequiresExpression expression = ((RequiresExpression) a);
-            DynamicScriptEngine engine = DynamicScriptEngineFactory.getEngine(expression.language());
-            if (null == engine) {
-                throw new AuthorizationException("{unknown_engine}:" + expression.language());
-            }
-            if (!engine.compiled(holder.getId())) {
-                try {
-                    engine.compile(holder.getId(), expression.value());
-                } catch (Exception e) {
-                    logger.error("express compile error", e);
-                    throw new BusinessException("{expression_error}");
-                }
-            }
-            Map<String, Object> var = new HashMap<>(holder.getArgs());
-            var.put("auth", getSubject().getSession().getAttribute(Authentication.class.getName()));
-            Object success = engine.execute(holder.getId(), var).get();
-            if (!(success instanceof Boolean) || !((Boolean) success)) {
-                throw new AuthorizationException();
-            }
-        }
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/CustomDataAccessHandler.java

@@ -1,42 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.shiro.boost.handler;
-
-import org.hswebframework.web.authorization.access.*;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-
-/**
- * 当配置为自定义处理器时(实现{@link CustomDataAccessConfig }接口),此处理器生效
- *
- * @author zhouhao
- * @see 3.0
- */
-public class CustomDataAccessHandler implements DataAccessHandler {
-
-    @Override
-    public boolean isSupport(DataAccessConfig access) {
-        return access instanceof CustomDataAccessConfig;
-    }
-
-    @Override
-    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
-        CustomDataAccessConfig custom = ((CustomDataAccessConfig) access);
-        return custom.getController().doAccess(access, context);
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldFilterDataAccessHandler.java

@@ -1,86 +0,0 @@
-package org.hswebframework.web.authorization.shiro.boost.handler;
-
-import org.apache.commons.beanutils.BeanUtilsBean;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.DataAccessHandler;
-import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.hswebframework.web.commons.entity.Entity;
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
-import org.hswebframework.web.commons.model.Model;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * 数据权限字段过滤处理,目前仅支持deny. {@link DataAccessConfig.DefaultType#DENY_FIELDS}
- *
- * @author zhouhao
- */
-public class FieldFilterDataAccessHandler implements DataAccessHandler {
-    private Logger logger = LoggerFactory.getLogger(this.getClass());
-
-    @Override
-    public boolean isSupport(DataAccessConfig access) {
-        return access instanceof FieldFilterDataAccessConfig && DataAccessConfig.DefaultType.DENY_FIELDS.equals(access.getType());
-    }
-
-    @Override
-    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
-        FieldFilterDataAccessConfig filterDataAccessConfig = ((FieldFilterDataAccessConfig) access);
-
-        switch (access.getAction()) {
-            case Permission.ACTION_QUERY:
-                return doQueryAccess(filterDataAccessConfig, context);
-            case Permission.ACTION_UPDATE:
-                return doUpdateAccess(filterDataAccessConfig, context);
-            default:
-                if (logger.isDebugEnabled())
-                    logger.debug("field filter not support for {}", access.getAction());
-                return true;
-        }
-    }
-
-    /**
-     * @param accesses 不可操作的字段
-     * @param params   参数上下文
-     * @return true
-     * @see BeanUtilsBean
-     * @see org.apache.commons.beanutils.PropertyUtilsBean
-     */
-    protected boolean doUpdateAccess(FieldFilterDataAccessConfig accesses, MethodInterceptorParamContext params) {
-        Object supportParam = params.getParams().values().stream()
-                .filter(param -> (param instanceof Entity) | (param instanceof Model))
-                .findAny().orElse(null);
-        if (null != supportParam) {
-            for (String field : accesses.getFields()) {
-                try {
-                    //设置值为null,跳过修改
-                    BeanUtilsBean.getInstance()
-                            .getPropertyUtils()
-                            .setProperty(supportParam, field, null);
-                } catch (Exception e) {
-                    logger.warn("can't set {} null", field, e);
-                }
-            }
-        } else {
-            logger.warn("doUpdateAccess skip ,because can not found any entity in param!");
-        }
-        return true;
-    }
-
-
-    protected boolean doQueryAccess(FieldFilterDataAccessConfig access, MethodInterceptorParamContext context) {
-        QueryParamEntity entity = context.getParams()
-                .values().stream()
-                .filter(QueryParamEntity.class::isInstance)
-                .map(QueryParamEntity.class::cast)
-                .findAny().orElse(null);
-        if (entity == null) {
-            logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity");
-            return true;
-        }
-        entity.excludes(access.getFields().toArray(new String[access.getFields().size()]));
-        return true;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldScopeDataAccessHandler.java

@@ -1,114 +0,0 @@
-package org.hswebframework.web.authorization.shiro.boost.handler;
-
-import org.apache.commons.beanutils.BeanUtilsBean;
-import org.apache.commons.beanutils.PropertyUtilsBean;
-import org.hsweb.ezorm.core.param.Term;
-import org.hsweb.ezorm.core.param.TermType;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.DataAccessHandler;
-import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig;
-import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
-import org.hswebframework.web.controller.QueryController;
-import org.hswebframework.web.service.QueryService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * @author zhouhao
- */
-public class FieldScopeDataAccessHandler implements DataAccessHandler {
-    private PropertyUtilsBean propertyUtilsBean = BeanUtilsBean.getInstance().getPropertyUtils();
-
-    private final Logger logger = LoggerFactory.getLogger(this.getClass());
-
-    @Override
-    public boolean isSupport(DataAccessConfig access) {
-        return access instanceof FieldScopeDataAccessConfig;
-    }
-
-    @Override
-    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
-        FieldScopeDataAccessConfig own = ((FieldScopeDataAccessConfig) access);
-        Object controller = context.getTarget();
-        if (controller != null) {
-            switch (access.getAction()) {
-                case Permission.ACTION_QUERY:
-                    return doQueryAccess(own, context);
-                case Permission.ACTION_GET:
-                case Permission.ACTION_DELETE:
-                case Permission.ACTION_UPDATE:
-                    return doRWAccess(own, context, controller);
-                case Permission.ACTION_ADD:
-                default:
-                    logger.warn("action: {} not support now!", access.getAction());
-            }
-        } else {
-            logger.warn("target is null!");
-        }
-        return true;
-    }
-
-    @SuppressWarnings("unchecked")
-    protected boolean doRWAccess(FieldScopeDataAccessConfig access, MethodInterceptorParamContext context, Object controller) {
-        //获取注解
-        RequiresDataAccess dataAccess = context.getAnnotation(RequiresDataAccess.class);
-        Object id = context.<String>getParameter(dataAccess.idParamName()).orElse(null);
-        //通过QueryController获取QueryService
-        //然后调用selectByPk 查询旧的数据,进行对比
-        if (controller instanceof QueryController) {
-            QueryService queryService = (QueryService) ((QueryController) controller).getService();
-            Object oldData = queryService.selectByPk(id);
-            if (oldData != null) {
-                try {
-                    Object value = propertyUtilsBean.getProperty(oldData, access.getField());
-                    return access.getScope().contains(value);
-                } catch (Exception e) {
-                    logger.error("can't read property {}", access.getField(), e);
-                }
-                return false;
-            }
-        } else {
-            logger.warn("controller is not instanceof QueryController");
-        }
-        return true;
-    }
-
-
-    protected boolean doQueryAccess(FieldScopeDataAccessConfig access, MethodInterceptorParamContext context) {
-        QueryParamEntity entity = context.getParams()
-                .values().stream()
-                .filter(QueryParamEntity.class::isInstance)
-                .map(QueryParamEntity.class::cast)
-                .findAny().orElse(null);
-        if (entity == null) {
-            logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity");
-            return true;
-        }
-        //重构查询条件
-        //如: 旧的条件为 where column =? or column = ?
-        //重构后为: where creatorId=? and (column = ? or column = ?)
-        List<Term> oldParam = entity.getTerms();
-        //清空旧的查询条件
-        entity.setTerms(new ArrayList<>());
-        //添加一个查询条件
-        entity.addTerm(createQueryTerm(access))
-                //客户端提交的参数 作为嵌套参数
-                .nest().setTerms(oldParam);
-        return true;
-    }
-
-    protected Term createQueryTerm(FieldScopeDataAccessConfig access) {
-        Term term = new Term();
-        term.setType(Term.Type.and);
-        term.setColumn(access.getField());
-        term.setTermType(TermType.in);
-        term.setValue(access.getScope());
-        return term;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/OwnCreatedDataAccessHandler.java

@@ -1,129 +0,0 @@
-package org.hswebframework.web.authorization.shiro.boost.handler;
-
-import org.hsweb.ezorm.core.param.Term;
-import org.hswebframework.web.AuthorizeException;
-import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.Permission;
-import org.hswebframework.web.authorization.access.DataAccessConfig;
-import org.hswebframework.web.authorization.access.DataAccessHandler;
-import org.hswebframework.web.authorization.access.OwnCreatedDataAccessConfig;
-import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.hswebframework.web.commons.entity.Entity;
-import org.hswebframework.web.commons.entity.RecordCreationEntity;
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
-import org.hswebframework.web.controller.QueryController;
-import org.hswebframework.web.service.QueryService;
-import org.hswebframework.utils.ClassUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class OwnCreatedDataAccessHandler implements DataAccessHandler {
-    private static final Logger logger = LoggerFactory.getLogger(OwnCreatedDataAccessHandler.class);
-
-    @Override
-    public boolean isSupport(DataAccessConfig access) {
-        return access instanceof OwnCreatedDataAccessConfig;
-    }
-
-    @Override
-    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
-        OwnCreatedDataAccessConfig own = ((OwnCreatedDataAccessConfig) access);
-        Object controller = context.getTarget();
-        if (controller != null) {
-            switch (access.getAction()) {
-                case Permission.ACTION_QUERY:
-                    return doQueryAccess(own, context);
-                case Permission.ACTION_GET:
-                case Permission.ACTION_DELETE:
-                case Permission.ACTION_UPDATE:
-                    return doRWAccess(own, context, controller);
-                case Permission.ACTION_ADD:
-                    //put creator_id to data
-                    return putCreatorId(own, context);
-                default:
-                    logger.warn("action: {} not support now!", access.getAction());
-            }
-        } else {
-            logger.warn("target is null!");
-        }
-        return true;
-    }
-
-    public boolean putCreatorId(OwnCreatedDataAccessConfig access, MethodInterceptorParamContext context) {
-        RecordCreationEntity entity = context.getParams()
-                .values().stream()
-                .filter(RecordCreationEntity.class::isInstance)
-                .map(RecordCreationEntity.class::cast)
-                .findAny().orElse(null);
-        if (entity != null) {
-            entity.setCreatorId(Authentication.current()
-                    .orElseThrow(AuthorizeException::new)
-                    .getUser().getId());
-        } else {
-            logger.warn("try put creatorId property,but not found any RecordCreationEntity!");
-        }
-        return true;
-    }
-
-    @SuppressWarnings("unchecked")
-    protected boolean doRWAccess(OwnCreatedDataAccessConfig access, MethodInterceptorParamContext context, Object controller) {
-        //获取注解
-        RequiresDataAccess dataAccess = context.getAnnotation(RequiresDataAccess.class);
-        Object id = context.<String>getParameter(dataAccess.idParamName()).orElse(null);
-        //通过QueryController获取QueryService
-        //然后调用selectByPk 查询旧的数据,进行对比
-        if (controller instanceof QueryController) {
-            //判断是否满足条件(泛型为 RecordCreationEntity)
-            Class entityType = ClassUtils.getGenericType(controller.getClass(), 0);
-            if (ClassUtils.instanceOf(entityType, RecordCreationEntity.class)) {
-                QueryService<RecordCreationEntity, Object> queryService =
-                        ((QueryController<RecordCreationEntity, Object, Entity>) controller).getService();
-                RecordCreationEntity oldData = queryService.selectByPk(id);
-                if (oldData != null && !Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId().equals(oldData.getCreatorId())) {
-                    return false;
-                }
-            }
-        }
-        return true;
-    }
-
-    protected boolean doQueryAccess(OwnCreatedDataAccessConfig access, MethodInterceptorParamContext context) {
-        Entity entity = context.getParams()
-                .values().stream()
-                .filter(Entity.class::isInstance)
-                .map(Entity.class::cast)
-                .findAny().orElse(null);
-        if (entity == null) {
-            logger.warn("try validate query access, but query entity is null or not instance of org.hswebframework.web.commons.entity.Entity");
-            return true;
-        }
-        if (entity instanceof QueryParamEntity) {
-            QueryParamEntity queryParamEntity = ((QueryParamEntity) entity);
-            //重构查询条件
-            //如: 旧的条件为 where name =? or name = ?
-            //重构后为: where creatorId=? and (name = ? or name = ?)
-            List<Term> oldParam = queryParamEntity.getTerms();
-            //清空旧的查询条件
-            queryParamEntity.setTerms(new ArrayList<>());
-            //添加一个查询条件
-            queryParamEntity
-                    .where(RecordCreationEntity.creatorId, Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId())
-                    //客户端提交的参数 作为嵌套参数
-                    .nest().setTerms(oldParam);
-        } else if (entity instanceof RecordCreationEntity) {
-            ((RecordCreationEntity) entity).setCreatorId(Authentication.current().orElseThrow(AuthorizeException::new).getUser().getId());
-        } else {
-            logger.warn("try validate query access,but entity not support, QueryParamEntity and RecordCreationEntity support now!");
-        }
-        return true;
-    }
-}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/ScriptDataAccessHandler.java

@@ -1,39 +0,0 @@
-package org.hswebframework.web.authorization.shiro.boost.handler;
-
-import org.apache.commons.codec.digest.DigestUtils;
-import org.hswebframework.expands.script.engine.DynamicScriptEngine;
-import org.hswebframework.expands.script.engine.DynamicScriptEngineFactory;
-import org.hswebframework.web.BusinessException;
-import org.hswebframework.web.authorization.access.*;
-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
-import org.hswebframework.utils.StringUtils;
-
-/**
- * TODO 完成注释
- *
- * @author zhouhao
- */
-public class ScriptDataAccessHandler implements DataAccessHandler {
-    @Override
-    public boolean isSupport(DataAccessConfig access) {
-        return access instanceof ScriptDataAccessConfig;
-    }
-
-    @Override
-    public boolean handle(DataAccessConfig access, MethodInterceptorParamContext context) {
-        ScriptDataAccessConfig dataAccess = ((ScriptDataAccessConfig) access);
-        DynamicScriptEngine engine = DynamicScriptEngineFactory.getEngine(dataAccess.getScriptLanguage());
-        if (engine == null) throw new UnsupportedOperationException(dataAccess.getScriptLanguage() + " {not_support}");
-        String scriptId = DigestUtils.md5Hex(dataAccess.getScript());
-        try {
-            if (!engine.compiled(scriptId)) {
-                engine.compile(scriptId, dataAccess.getScript());
-            }
-            Object success = engine.execute(scriptId, context.getParams()).getIfSuccess();
-            return StringUtils.isTrue(success);
-        } catch (Exception e) {
-            throw new BusinessException("{script_error}", e);
-        }
-    }
-
-}