Add param: checkPrivileges

2025-02-22 05:14:38 +08:00 · 2021-07-15 18:23:24 +08:00 · 2021-07-15 18:23:24 +08:00 · 4bf862a2ba
commit 4bf862a2ba
parent ecb4dd6d95
1 changed files with 10 additions and 6 deletions
--- a/src/main/java/com/rebuild/web/general/ReferenceSearchController.java
+++ b/src/main/java/com/rebuild/web/general/ReferenceSearchController.java
@ -212,29 +212,33 @@ public class ReferenceSearchController extends EntityController {
    // 获取记录的名称字段值
    @GetMapping("read-labels")
    public RespBody referenceLabel(HttpServletRequest request) {
-        String ids = getParameter(request, "ids", null);
+        final String ids = getParameter(request, "ids", null);
        if (StringUtils.isBlank(ids)) {
            return RespBody.ok();
        }

+        final ID user = getRequestUser(request);
+
        // 不存在的记录不返回
        boolean ignoreMiss = getBoolParameter(request, "ignoreMiss", false);
+        // 检查权限，无权限的不返回
+        boolean checkPrivileges = getBoolParameter(request, "checkPrivileges", false);

        Map<String, String> labels = new HashMap<>();
        for (String id : ids.split("[|,]")) {
            if (!ID.isId(id)) continue;

-            String label;
+            ID recordId = ID.valueOf(id);
+            if (checkPrivileges && !Application.getPrivilegesManager().allowRead(user, recordId)) continue;
+
            if (ignoreMiss) {
                try {
-                    label = FieldValueHelper.getLabel(ID.valueOf(id));
-                    labels.put(id, label);
+                    labels.put(id, FieldValueHelper.getLabel(recordId));
                } catch (NoRecordFoundException ignored) {
                }

            } else {
-                label = FieldValueHelper.getLabelNotry(ID.valueOf(id));
-                labels.put(id, label);
+                labels.put(id, FieldValueHelper.getLabelNotry(recordId));
            }
        }