fix: none privileges query

src/main/java/com/rebuild/core/privileges/PrivilegesManager.java

@@ -203,8 +203,9 @@ public class PrivilegesManager {
         if (action.getMask() <= BizzPermission.READ.getMask() && EasyMetaFactory.valueOf(entity).isPlainEntity()) {
             return true;
         }
-        // Feeds: R
-        if (entity == EntityHelper.Feeds && action == BizzPermission.READ) {
+        // 允许读取
+        if ((entity == EntityHelper.Feeds || entity == EntityHelper.ProjectTask)
+                && action == BizzPermission.READ) {
             return true;
         }
 

src/main/java/com/rebuild/core/privileges/RoleBaseQueryFilter.java

@@ -22,6 +22,7 @@ import com.rebuild.core.metadata.MetadataHelper;
 import com.rebuild.core.metadata.easymeta.EasyMetaFactory;
 import com.rebuild.core.privileges.bizz.Department;
 import com.rebuild.core.privileges.bizz.User;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang.StringUtils;
 
 import java.util.HashSet;
@@ -33,6 +34,7 @@ import java.util.Set;
  * @author Zhao Fangfang
  * @since 1.0, 2013-6-21
  */
+@Slf4j
 public class RoleBaseQueryFilter implements Filter, QueryFilter {
     private static final long serialVersionUID = -7388577069739389698L;
 
@@ -85,21 +87,22 @@ public class RoleBaseQueryFilter implements Filter, QueryFilter {
     }
 
     @Override
-    public String evaluate(Entity entity) {
+    public String evaluate(final Entity entity) {
         if (user == null || !user.isActive()) {
             return DENIED.evaluate(null);
         } else if (user.isAdmin()) {
             return ALLOWED.evaluate(null);
         }
 
-        Entity useMain = null;
+        Entity useMainEntity = null;
         if (!MetadataHelper.hasPrivilegesField(entity)) {
             // NOTE BIZZ 实体全部用户可见
             if (MetadataHelper.isBizzEntity(entity) || EasyMetaFactory.valueOf(entity).isPlainEntity()) {
                 return ALLOWED.evaluate(null);
             } else if (entity.getMainEntity() != null) {
-                useMain = entity.getMainEntity();
+                useMainEntity = entity.getMainEntity();
             } else {
+                log.warn("None privileges entity use `Application#createQueryNoFilter` please : {}", entity);
                 return DENIED.evaluate(null);
             }
         }
@@ -107,7 +110,7 @@ public class RoleBaseQueryFilter implements Filter, QueryFilter {
         // 未配置权限的默认拒绝
         // 明细实体使用主实体权限
         Privileges ep = user.getOwningRole().getPrivileges(
-                useMain != null ? useMain.getEntityCode() : entity.getEntityCode());
+                useMainEntity != null ? useMainEntity.getEntityCode() : entity.getEntityCode());
         if (ep == Privileges.NONE) {
             return DENIED.evaluate(null);
         }
@@ -119,7 +122,7 @@ public class RoleBaseQueryFilter implements Filter, QueryFilter {
 
         String ownFormat = "%s = '%s'";
         Field dtmField = null;
-        if (useMain != null) {
+        if (useMainEntity != null) {
             dtmField = MetadataHelper.getDetailToMainField(entity);
             ownFormat = dtmField.getName() + "." + ownFormat;
         }

src/main/java/com/rebuild/web/general/RelatedListController.java

@@ -10,6 +10,7 @@ package com.rebuild.web.general;
 import cn.devezhao.commons.ObjectUtils;
 import cn.devezhao.persist4j.Entity;
 import cn.devezhao.persist4j.Field;
+import cn.devezhao.persist4j.Query;
 import cn.devezhao.persist4j.dialect.FieldType;
 import cn.devezhao.persist4j.engine.ID;
 import com.alibaba.fastjson.JSON;
@@ -54,16 +55,17 @@ public class RelatedListController extends BaseController {
         String sql = buildMainSql(mainid, related, q, false);
         sql += " order by " + sort.replace(":", " ");
 
-        String[] ef = related.split("\\.");
-        Field nameField = MetadataHelper.getEntity(ef[0]).getNameField();
-
         int pn = NumberUtils.toInt(getParameter(request, "pageNo"), 1);
         int ps = NumberUtils.toInt(getParameter(request, "pageSize"), 200);
 
-        Object[][] array = Application.createQuery(sql).setLimit(ps, pn * ps - ps).array();
+        Entity relatedEntity = MetadataHelper.getEntity(related.split("\\.")[0]);
+
+        Query query = MetadataHelper.hasPrivilegesField(relatedEntity)
+                ? Application.createQuery(sql) : Application.createQueryNoFilter(sql);
+        Object[][] array = query.setLimit(ps, pn * ps - ps).array();
         for (Object[] o : array) {
             Object nameValue = o[1];
-            nameValue = FieldValueHelper.wrapFieldValue(nameValue, nameField, true);
+            nameValue = FieldValueHelper.wrapFieldValue(nameValue, relatedEntity.getNameField(), true);
             if (nameValue == null || StringUtils.isEmpty(nameValue.toString())) {
                 nameValue = FieldValueHelper.NO_LABEL_PREFIX + o[0].toString().toUpperCase();
             }
@@ -84,7 +86,10 @@ public class RelatedListController extends BaseController {
         for (String related : relateds) {
             String sql = buildMainSql(mainid, related, null, true);
             if (sql != null) {
-                Object[] count = Application.createQuery(sql).unique();
+                Entity relatedEntity = MetadataHelper.getEntity(related.split("\\.")[0]);
+
+                Object[] count = MetadataHelper.hasPrivilegesField(relatedEntity)
+                        ? Application.createQuery(sql).unique() : Application.createQueryNoFilter(sql).unique();
                 countMap.put(related, ObjectUtils.toInt(count[0]));
             }
         }
@@ -111,9 +116,7 @@ public class RelatedListController extends BaseController {
             }
         }
 
-        if (relatedFields.isEmpty()) {
-            return null;
-        }
+        if (relatedFields.isEmpty()) return null;
 
         String mainWhere = "(" + StringUtils.join(relatedFields, " = ''{0}'' or ") + " = ''{0}'')";
         mainWhere = MessageFormat.format(mainWhere, recordOfMain);