From 4bf862a2bae34c443ab935d8e49e0e18ffe7d131 Mon Sep 17 00:00:00 2001 From: devezhao <> Date: Thu, 15 Jul 2021 18:23:24 +0800 Subject: [PATCH] Add param: checkPrivileges --- .../web/general/ReferenceSearchController.java | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/main/java/com/rebuild/web/general/ReferenceSearchController.java b/src/main/java/com/rebuild/web/general/ReferenceSearchController.java index fa7eebc18..a5713cfe7 100644 --- a/src/main/java/com/rebuild/web/general/ReferenceSearchController.java +++ b/src/main/java/com/rebuild/web/general/ReferenceSearchController.java @@ -212,29 +212,33 @@ public class ReferenceSearchController extends EntityController { // 获取记录的名称字段值 @GetMapping("read-labels") public RespBody referenceLabel(HttpServletRequest request) { - String ids = getParameter(request, "ids", null); + final String ids = getParameter(request, "ids", null); if (StringUtils.isBlank(ids)) { return RespBody.ok(); } + final ID user = getRequestUser(request); + // 不存在的记录不返回 boolean ignoreMiss = getBoolParameter(request, "ignoreMiss", false); + // 检查权限,无权限的不返回 + boolean checkPrivileges = getBoolParameter(request, "checkPrivileges", false); Map labels = new HashMap<>(); for (String id : ids.split("[|,]")) { if (!ID.isId(id)) continue; - String label; + ID recordId = ID.valueOf(id); + if (checkPrivileges && !Application.getPrivilegesManager().allowRead(user, recordId)) continue; + if (ignoreMiss) { try { - label = FieldValueHelper.getLabel(ID.valueOf(id)); - labels.put(id, label); + labels.put(id, FieldValueHelper.getLabel(recordId)); } catch (NoRecordFoundException ignored) { } } else { - label = FieldValueHelper.getLabelNotry(ID.valueOf(id)); - labels.put(id, label); + labels.put(id, FieldValueHelper.getLabelNotry(recordId)); } }