优化动态表单验证逻辑

hsweb-web-controller/src/main/java/org/hsweb/web/controller/ControllerExceptionTranslator.java

@@ -1,5 +1,6 @@
 package org.hsweb.web.controller;
 
+import org.hsweb.web.core.exception.BusinessException;
 import org.hsweb.web.core.exception.NotFoundException;
 import org.hsweb.web.core.exception.ValidationException;
 import org.hsweb.web.core.message.ResponseMessage;
@@ -20,6 +21,14 @@ public class ControllerExceptionTranslator {
     }
 
 
+    @ExceptionHandler(BusinessException.class)
+    @ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+    @ResponseBody
+    ResponseMessage handleException(BusinessException exception) {
+        return ResponseMessage.error(exception.getMessage(), exception.getStatus());
+    }
+
+
     @ExceptionHandler(NotFoundException.class)
     @ResponseStatus(HttpStatus.NOT_FOUND)
     @ResponseBody

hsweb-web-controller/src/main/java/org/hsweb/web/controller/DynamicFormAuthorizeValidator.java

@@ -2,9 +2,12 @@ package org.hsweb.web.controller;
 
 import org.hsweb.web.bean.po.user.User;
 
+import java.util.Map;
+
 /**
  * Created by zhouhao on 16-5-16.
  */
 public interface DynamicFormAuthorizeValidator {
-    boolean validate(String formName, User user, String... actions);
+    boolean validate(String formName, User user,Map<String,Object> params, String... actions);
+
 }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/DynamicFormAuthorizeValidatorConfiguration.java

@@ -6,6 +6,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import java.util.List;
+import java.util.Map;
 
 /**
  * Created by zhouhao on 16-5-16.
@@ -16,10 +17,10 @@ public class DynamicFormAuthorizeValidatorConfiguration implements ExpressionSco
     @Autowired(required = false)
     private List<DynamicFormAuthorizeValidator> dynamicFormAuthorizeValidators;
 
-    public boolean validate(String formName, User user, String... actions) {
+    public boolean validate(String formName, User user, Map<String,Object> param, String... actions) {
         if (dynamicFormAuthorizeValidators != null) {
             for (DynamicFormAuthorizeValidator validator : dynamicFormAuthorizeValidators) {
-                if (validator.validate(formName, user, actions)) {
+                if (validator.validate(formName, user, param, actions)) {
                     return true;
                 }
             }

hsweb-web-controller/src/main/java/org/hsweb/web/controller/form/DynamicFormController.java

@@ -36,14 +36,14 @@ public class DynamicFormController {
     private FileService fileService;
 
     @RequestMapping(value = "/deployed/{name}", method = RequestMethod.GET)
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'R')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
     public ResponseMessage deployed(@PathVariable("name") String name) throws Exception {
         return ResponseMessage.ok(formService.selectDeployed(name));
     }
 
     @RequestMapping(value = "/{name}", method = RequestMethod.GET)
     @AccessLogger("查看列表")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'R')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
     public ResponseMessage list(@PathVariable("name") String name,
                                 QueryParam param) throws Exception {
         // 获取条件查询
@@ -58,7 +58,7 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.GET)
     @AccessLogger("按主键查询")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'R')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'R')")
     public ResponseMessage info(@PathVariable("name") String name,
                                 @PathVariable("primaryKey") String primaryKey) throws Exception {
         Map<String, Object> data = dynamicFormService.selectByPk(name, primaryKey);
@@ -67,7 +67,7 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}", method = RequestMethod.POST)
     @AccessLogger("新增数据")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'C')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'C')")
     public ResponseMessage insert(@PathVariable("name") String name,
                                   @RequestBody(required = true) Map<String, Object> data) throws Exception {
         String pk = dynamicFormService.insert(name, new InsertMapParam(data));
@@ -76,7 +76,7 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.PUT)
     @AccessLogger("更新数据")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'U')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'U')")
     public ResponseMessage update(@PathVariable("name") String name,
                                   @PathVariable("primaryKey") String primaryKey,
                                   @RequestBody(required = true) Map<String, Object> data) throws Exception {
@@ -86,7 +86,7 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}/{primaryKey}", method = RequestMethod.DELETE)
     @AccessLogger("删除数据")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'D')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'D')")
     public ResponseMessage delete(@PathVariable("name") String name,
                                   @PathVariable("primaryKey") String primaryKey) throws Exception {
         dynamicFormService.deleteByPk(name, primaryKey);
@@ -95,7 +95,7 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}/export/{fileName:.+}", method = RequestMethod.GET)
     @AccessLogger("导出excel")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'export')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'export')")
     public void exportExcel(@PathVariable("name") String name,
                             @PathVariable("fileName") String fileName,
                             QueryParam queryParam,
@@ -107,7 +107,7 @@ public class DynamicFormController {
 
     @RequestMapping(value = "/{name}/import/{fileId:.+}", method = {RequestMethod.PATCH})
     @AccessLogger("导入为excel")
-    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,'import')")
+    @Authorize(expression = "#dynamicFormAuthorizeValidator.validate(#name,#user,#paramsMap,'import')")
     public ResponseMessage importExcel(@PathVariable("name") String name,
                                        @PathVariable("fileId") String fileId) throws Exception {
         String[] ids = fileId.split("[,]");

hsweb-web-controller/src/main/java/org/hsweb/web/controller/user/UserController.java

@@ -50,12 +50,14 @@ public class UserController extends GenericController<User, String> {
 
     @AccessLogger("禁用")
     @RequestMapping(value = "/{id}/disable", method = RequestMethod.PUT)
+    @Authorize(action = "disable")
     public ResponseMessage disable(@PathVariable("id") String id) throws Exception {
         getService().disableUser(id);
         return ResponseMessage.ok();
     }
 
     @AccessLogger("启用")
+    @Authorize(action = "enable")
     @RequestMapping(value = "/{id}/enable", method = RequestMethod.PUT)
     public ResponseMessage enable(@PathVariable("id") String id) throws Exception {
         getService().enableUser(id);