priv

2024-09-20 15:35:55 +08:00 · 2018-10-22 00:07:50 +08:00 · 2018-10-22 00:07:50 +08:00 · 9f7d7e1510
parent 7808b83b47
commit 9f7d7e1510
8 changed files with 47 additions and 31 deletions
--- a/src/main/java/com/rebuild/server/bizz/RoleService.java
+++ b/src/main/java/com/rebuild/server/bizz/RoleService.java
@ -62,7 +62,7 @@ public class RoleService extends GeneralEntityService {
 	 * @param roleId
 	 * @param definition
 	 */
-	public void bulkUpdatePrivileges(ID roleId, JSONObject definition) {
+	public void txUpdatePrivileges(ID roleId, JSONObject definition) {
 		Object[][] array = Application.createQuery(
 				"select privilegesId,definition,entity,zeroKey from RolePrivileges where roleId = ?")
 				.setParameter(1, roleId)
--- a/src/main/java/com/rebuild/server/bizz/privileges/EntityQueryFilter.java
+++ b/src/main/java/com/rebuild/server/bizz/privileges/EntityQueryFilter.java
@ -18,7 +18,6 @@ along with this program. If not, see <https://www.gnu.org/licenses/>.

 package com.rebuild.server.bizz.privileges;

-import java.text.MessageFormat;
 import java.util.HashSet;
 import java.util.Set;

@ -104,17 +103,18 @@ public class EntityQueryFilter implements Filter, QueryFilter {
 			return ALLOWED.evaluate(null);
 		}
 		
-		String fvFormat = "{0} = '{1}'";
+		String fvFormat = "%s = '%s'";
 		
 		if (de == BizzDepthEntry.PRIVATE) {
-			return appendViaShare(entity, MessageFormat.format(fvFormat, EntityHelper.owningUser, user.getIdentity()));
+			return appendShareFilter(entity, 
+					String.format(fvFormat, EntityHelper.owningUser, user.getIdentity()));
 		}
 		
 		Department dept = user.getOwningDept();
-		String deptSql = MessageFormat.format(fvFormat, EntityHelper.owningDept, dept.getIdentity());
+		String deptSql = String.format(fvFormat, EntityHelper.owningDept, dept.getIdentity());
 		
 		if (de == BizzDepthEntry.LOCAL) {
-			return appendViaShare(entity, deptSql);
+			return appendShareFilter(entity, deptSql);
 		}
 		
 		if (de == BizzDepthEntry.DEEPDOWN) {
@ -122,22 +122,30 @@ public class EntityQueryFilter implements Filter, QueryFilter {
 			sqls.add(deptSql);
 			
 			for (BusinessUnit child : dept.getAllChildren()) {
-				sqls.add(MessageFormat.format(fvFormat, EntityHelper.owningDept, child.getIdentity()));
+				sqls.add(String.format(fvFormat, EntityHelper.owningDept, child.getIdentity()));
 			}
-			return appendViaShare(entity, "(" + StringUtils.join(sqls, " or ") + ")");
+			return appendShareFilter(entity, "(" + StringUtils.join(sqls, " or ") + ")");
 		}

 		return DENIED.evaluate(null);
 	}
 	
 	/**
-	 * TODO 通过共享添加的权限
+	 * TODO 共享权限
 	 * 
 	 * @param entity
-	 * @param filter
+	 * @param filtered
 	 * @return
 	 */
-	protected String appendViaShare(Entity entity, String filter) {
-		return filter;
+	protected String appendShareFilter(Entity entity, String filtered) {
+		// TODO exists 不能用
+//		String shareFilter = "exists (select rights from ShareAccess where entity = %d and shareTo = '%s' and recordId = ^%s)";
+//		shareFilter = String.format(shareFilter,
+//				entity.getEntityCode(), user.getIdentity().toString(), entity.getPrimaryField().getName());
+		
+		String shareFilter = "%s in (select recordId from ShareAccess where entity = %d and shareTo = '%s')";
+		shareFilter = String.format(shareFilter, 
+				entity.getPrimaryField().getName(), entity.getEntityCode(), user.getIdentity());
+		return "(" + filtered + " or " + shareFilter + ")";
 	}
 }
--- a/src/main/java/com/rebuild/web/admin/bizuser/RolePrivilegesControll.java
+++ b/src/main/java/com/rebuild/web/admin/bizuser/RolePrivilegesControll.java
@ -120,7 +120,7 @@ public class RolePrivilegesControll extends BaseControll {
 	public void privilegesUpdate(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		JSON post = ServletUtils.getRequestJson(request);
 		ID role = getIdParameterNotNull(request, "role");
-		Application.getBean(RoleService.class).bulkUpdatePrivileges(role, (JSONObject) post);
+		Application.getBean(RoleService.class).txUpdatePrivileges(role, (JSONObject) post);
 		writeSuccess(response);
 	}
 }
--- a/src/main/java/com/rebuild/web/admin/entityhub/MetaEntityControll.java
+++ b/src/main/java/com/rebuild/web/admin/entityhub/MetaEntityControll.java
@ -54,12 +54,12 @@ import cn.devezhao.persist4j.engine.ID;
@Controller
@RequestMapping("/admin/")
 public class MetaEntityControll extends BaseControll {
-	
+
 	@RequestMapping("entities")
 	public ModelAndView pageList(HttpServletRequest request) throws IOException {
 		return createModelAndView("/admin/entity/entity-grid.jsp");
 	}
-	
+
 	@RequestMapping("entity/{entity}/base")
 	public ModelAndView pageEntityBase(@PathVariable String entity, HttpServletRequest request) throws IOException {
 		ModelAndView mv = createModelAndView("/admin/entity/entity-edit.jsp");
@ -84,13 +84,15 @@ public class MetaEntityControll extends BaseControll {
 		}
 		writeSuccess(response, ret);
 	}
-	
+
 	@RequestMapping("entity/entity-new")
 	public void entityNew(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		ID user = getRequestUser(request);
-		String label = getParameterNotNull(request, "label");
-		String comments = getParameter(request, "comments");
-		
+		JSONObject reqJson = (JSONObject) ServletUtils.getRequestJson(request);
+
+		String label = reqJson.getString("label");
+		String comments = reqJson.getString("comments");
+
 		String entityName = null;
 		try {
 			entityName = new Entity2Schema(user).create(label, comments);
@ -100,18 +102,18 @@ public class MetaEntityControll extends BaseControll {
 			return;
 		}
 	}
-	
+
 	@RequestMapping("entity/entity-update")
 	public void entityUpdate(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		ID user = getRequestUser(request);
 		JSON formJson = ServletUtils.getRequestJson(request);
 		Record record = EntityHelper.parse((JSONObject) formJson, user);
 		Application.getCommonService().update(record);
-		
+
 		Application.getMetadataFactory().refresh(false);
 		writeSuccess(response);
 	}
-	
+
 	/**
 	 * @param mv
 	 * @param entity
--- a/src/main/java/com/rebuild/web/admin/entityhub/MetaFieldControll.java
+++ b/src/main/java/com/rebuild/web/admin/entityhub/MetaFieldControll.java
@ -129,11 +129,13 @@ public class MetaFieldControll extends BaseControll  {
 	@RequestMapping("field-new")
 	public void fieldNew(HttpServletRequest request, HttpServletResponse response) throws IOException {
 		ID user = getRequestUser(request);
-		String entityName = getParameterNotNull(request, "entity");
-		String label = getParameterNotNull(request, "label");
-		String type = getParameterNotNull(request, "type");
-		String comments = getParameter(request, "comments");
-		String refEntity = getParameter(request, "refEntity");
+		JSONObject reqJson = (JSONObject) ServletUtils.getRequestJson(request);
+
+		String entityName = reqJson.getString("entity");
+		String label = reqJson.getString("label");
+		String type = reqJson.getString("type");
+		String comments = reqJson.getString("comments");
+		String refEntity = reqJson.getString("refEntity");
 		
 		Entity entity = MetadataHelper.getEntity(entityName);
 		DisplayType dt = DisplayType.valueOf(type);
--- a/src/main/webapp/admin/entity/entity-new.jsp
+++ b/src/main/webapp/admin/entity/entity-new.jsp
@ -37,9 +37,11 @@ $(document).ready(function(){
 		if (!entityLabel){
 			rb.notice('请输入实体名称'); return;
 		}
+		let _data = { label:entityLabel, comments:comments }
+		_data = JSON.stringify(_data)
 		
 		btn.button('loading');
-		$.post(rb.baseUrl + '/admin/entity/entity-new', { label:entityLabel, comments:comments }, function(res){
+		$.post(rb.baseUrl + '/admin/entity/entity-new', _data, function(res){
 			if (res.error_code == 0) parent.location.href = rb.baseUrl + '/admin/entity/' +res.data + '/base';
 			else rb.notice(res.error_msg, 'danger')
 		});
--- a/src/main/webapp/admin/entity/field-new.jsp
+++ b/src/main/webapp/admin/entity/field-new.jsp
@ -73,6 +73,8 @@ $(document).ready(function(){
 		}
 		
 		let _data = { entity:entity, label:fieldLabel, type:type, comments:comments, refEntity:refEntity };
+		_data = JSON.stringify(_data)
+		
 		btn.button('loading');
 		$.post(rb.baseUrl + '/admin/entity/field-new', _data, function(res){
 			btn.button('reset')
--- a/src/main/webapp/assets/js/assign-share.jsx
+++ b/src/main/webapp/assets/js/assign-share.jsx
@ -19,7 +19,7 @@ class TheBothDialog extends React.Component {
                                <div className="form-group row">
                                    <label className="col-sm-3 col-form-label text-sm-right">{this.opType + '哪些记录'}</label>
                                    <div className="col-sm-7">
-                                        <div className="form-control-plaintext" id="records">{'选中的记录 (' + this.state.ids.split(',').length + '条)'}</div>
+                                        <div className="form-control-plaintext" id="records">{'选中的记录 (' + this.state.ids.length + '条)'}</div>
                                    </div>
                                </div>
                                <div className="form-group row">
@ -133,12 +133,12 @@ class TheBothDialog extends React.Component {

 var rb = rb || {}

-// props = { entity, id }
+// props = { entity, ids }
 rb.AssignDialog = function(props){
    props = { ...props, type: 'assign' }
    return renderRbcomp(<TheBothDialog { ...props} />)
 }
-// props = { entity, id }
+// props = { entity, ids }
 rb.ShareDialog = function(props){
    props = { ...props, type: 'share' }
    return renderRbcomp(<TheBothDialog { ...props} />)