diff --git a/src/main/java/com/zhgd/mybatis/DataScopeHandler.java b/src/main/java/com/zhgd/mybatis/DataScopeHandler.java index 46fbea56f..9512e9406 100644 --- a/src/main/java/com/zhgd/mybatis/DataScopeHandler.java +++ b/src/main/java/com/zhgd/mybatis/DataScopeHandler.java @@ -8,6 +8,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.extension.plugins.handler.DataPermissionHandler; import com.zhgd.annotation.DataScope; import com.zhgd.xmgl.modules.basicdata.enums.SystemUserAccountTypeEnum; +import com.zhgd.xmgl.modules.basicdata.service.ICompanyService; import com.zhgd.xmgl.modules.ocr.service.IOcrBuildLogService; import com.zhgd.xmgl.modules.video.service.IAiAnalyseHardWareRecordService; import com.zhgd.xmgl.modules.worker.entity.EnterpriseInfo; @@ -59,6 +60,9 @@ public class DataScopeHandler implements DataPermissionHandler { IAiAnalyseHardWareRecordService aiAnalyseHardWareRecordService; @Lazy @Autowired + ICompanyService companyService; + @Lazy + @Autowired private XzSupplierQualificationApplyServiceImpl xzSupplierQualificationApplyService; @Lazy @Autowired @@ -127,6 +131,12 @@ public class DataScopeHandler implements DataPermissionHandler { return tables; } + private HashMap getFieldProjectSnTables() { + HashMap tables = new HashMap<>(16); + tables.put("notice_remind_sound", getProjectSn()); + return tables; + } + private HashMap getFieldAiTables() { HashMap tables = new HashMap<>(16); if (!environmentUtil.isBaise()) { @@ -155,120 +165,36 @@ public class DataScopeHandler implements DataPermissionHandler { init(plainSelect); //expressions List expressions = new ArrayList<>(); - Long userId = SecurityUtils.getUser().getUserId(); if (!DataScopeInterceptor.findIgnoreDataScope(parameter, ds)) { if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.ENTERPRISE_ADMINISTRATOR_ACCOUNT.getValue())) { - filterForCompanyOrProject(plainSelect, ds, expressions, userId, (userFilterItem) -> get1CompanySql(userId, userFilterItem)); + filterForCompanyOrProject(plainSelect, ds, expressions, SecurityUtils.getUser().getUserId(), (userFilterItem) -> get1CompanySql(SecurityUtils.getUser().getUserId(), userFilterItem)); } else if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.ENTERPRISE_DISTRICT_ACCOUNT.getValue())) { - filterForCompanyOrProject(plainSelect, ds, expressions, userId, (userFilterItem) -> get2CompanySql(userId, userFilterItem)); + filterForCompanyOrProject(plainSelect, ds, expressions, SecurityUtils.getUser().getUserId(), (userFilterItem) -> get2CompanySql(SecurityUtils.getUser().getUserId(), userFilterItem)); } else if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.ENTERPRISE_CITY_ACCOUNT.getValue())) { - filterForCompanyOrProject(plainSelect, ds, expressions, userId, (userFilterItem) -> get3CompanySql(userId, userFilterItem)); + filterForCompanyOrProject(plainSelect, ds, expressions, SecurityUtils.getUser().getUserId(), (userFilterItem) -> get3CompanySql(SecurityUtils.getUser().getUserId(), userFilterItem)); } else if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.ENTERPRISE_SUB_ACCOUNT.getValue())) { - filterForCompanyOrProject(plainSelect, ds, expressions, userId, (userFilterItem) -> get4CompanySql(userId, userFilterItem)); + filterForCompanyOrProject(plainSelect, ds, expressions, SecurityUtils.getUser().getUserId(), (userFilterItem) -> get4CompanySql(SecurityUtils.getUser().getUserId(), userFilterItem)); + List projectSns = companyService.getProjectSnsBySn(SecurityUtils.getUser().getSn()); +// List filterProjectItems = getNeedFilterLeftExpression(plainSelect, getFieldProjectSnTables(), ds); +// if (CollUtil.isNotEmpty(filterProjectItems)) { +// for (String item : filterProjectItems) { +// inExpression(item, , plainSelect); +// } +// } } else if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue())) { - filterForCompanyOrProject(plainSelect, ds, expressions, userId, (userFilterItem) -> { + filterForCompanyOrProject(plainSelect, ds, expressions, SecurityUtils.getUser().getUserId(), (userFilterItem) -> { return StrUtil.format(" \n" + " {} in (\n" + " select u.sn\n" + " from system_user u\n" + " WHERE u.user_id={}\n" + - " ) and {}.account_type = 6", userFilterItem, userId, StrUtil.subBefore(userFilterItem, ".", true)); + " ) and {}.account_type = 6", userFilterItem, SecurityUtils.getUser().getUserId(), StrUtil.subBefore(userFilterItem, ".", true)); }); + filterProjectForProject(plainSelect, ds); } else if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue())) { - List authEnterpriseIds = userEnterpriseService.getEnterpriseIdsIfSubProject(); - authEnterpriseIds.add("0"); - List filterEnterprises = getNeedFilterLeftExpression(plainSelect, getFieldEnterpriseTables(), ds); - if (CollUtil.isNotEmpty(filterEnterprises)) { - for (String filterEnterprise : filterEnterprises) { - inExpression(filterEnterprise, authEnterpriseIds, plainSelect); - } - } - - List filterItems = getNeedFilterLeftExpression(plainSelect, getFieldVideoTables(), ds); - if (CollUtil.isNotEmpty(filterItems)) { - List videoItems = userDevAuthorityService.getVideoItemsIfSubProject(); - for (String item : filterItems) { - inExpression(item, videoItems, plainSelect); - } - } - - List filterAis = getNeedFilterLeftExpression(plainSelect, getFieldAiTables(), ds, true); - if (CollUtil.isNotEmpty(filterAis)) { - List videoItems = aiAnalyseHardWareRecordService.getAiAnalyseHardIdsByUserId(); - if (CollUtil.isEmpty(videoItems)) { - videoItems.add("0"); - } - videoItems = videoItems.stream().map(s -> "'" + s + "'").collect(Collectors.toList()); - for (String filterAi : filterAis) { - String sql = StrUtil.format(" ({}.hardware_id in ({}) OR ({}.quality_region_id in (select distinct quality_region_id from quality_region_to_user where user_id = {}))) ", - filterAi, StrUtil.join(",", videoItems), filterAi, userId); - expressions.add(parseCondExpression(sql)); - } - } - - //ocr施工日志施工单位 - HashMap ocrBuildLogTables = new HashMap<>(); - ocrBuildLogTables.put("ocr_build_log", "id"); - List filterOcrBuildLogTables = getNeedFilterLeftExpression(plainSelect, ocrBuildLogTables, ds); - if (CollUtil.isNotEmpty(filterOcrBuildLogTables)) { - for (String filterEnterprise : filterOcrBuildLogTables) { - String uploaderIdField = StrUtil.subBefore(filterEnterprise, ".", false) + "." + "uploader_id"; - String sql = StrUtil.format(" ( ({} in (select ocr_build_log_id from ocr_build_log_enterprise where enterprise_id in ({}))) OR ( {} = {}))", - filterEnterprise, StrUtil.join(",", authEnterpriseIds), uploaderIdField, userId); - try { - Expression expression = CCJSqlParserUtil.parseCondExpression(sql); - expressions.add(expression); - } catch (Exception e) { - log.error(e.getMessage(), e); - } - } - } - - //安全隐患 - HashMap xzSecurityTables = new HashMap<>(); - xzSecurityTables.put("xz_security_quality_inspection_record", "id"); - List filterXzSecurityEnterprises = getNeedFilterLeftExpression(plainSelect, xzSecurityTables, ds); - if (CollUtil.isNotEmpty(filterXzSecurityEnterprises)) { - List enterpriseIds = userEnterpriseService.getEnterpriseIdsIfSubProject(); - enterpriseIds.add("0"); - List rids = xzSecurityQualityInspectionEnterpriseService.list(new LambdaQueryWrapper() - .in(XzSecurityQualityInspectionEnterprise::getEnterpriseId, enterpriseIds)).stream().map(XzSecurityQualityInspectionEnterprise::getInspectionId).collect(Collectors.toList()); - rids.add(0L); - for (String item : filterXzSecurityEnterprises) { - inExpression(item, rids.stream().map(Convert::toStr).collect(Collectors.toList()), plainSelect); - } - } - + filterByProjectSubAccount(plainSelect, ds, expressions); } else if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.SUPPLIER.getValue())) { - List filterEnterprises = getNeedFilterLeftExpression(plainSelect, getFieldEnterpriseTables(), ds); - EnterpriseInfo ei = enterpriseInfoMapper.getXzSupplierByUserId(userId); - Long id; - if (ei == null) { - id = -1L; - } else { - id = ei.getId(); - } - for (String filterEnterprise : filterEnterprises) { - String sql = StrUtil.format(" ({} = {} OR {} IN ( SELECT DISTINCT t.enterprise_id FROM " + - "(SELECT t.id FROM project_enterprise t WHERE t.enterprise_id = {}) t2 join project_enterprise t on find_in_set( t2.id, ancestors ) )) ", - filterEnterprise, id, filterEnterprise, id); - expressions.add(parseCondExpression(sql)); - } - - //解析ai预警 - List filterAis = getNeedFilterLeftExpression(plainSelect, getFieldAiTables(), ds, true); - if (CollUtil.isNotEmpty(filterAis)) { - List videoItems = aiAnalyseHardWareRecordService.getAiAnalyseHardIdsByEnterpriseId(id); - if (CollUtil.isEmpty(videoItems)) { - videoItems.add("0"); - } - videoItems = videoItems.stream().map(s -> "'" + s + "'").collect(Collectors.toList()); - for (String filterAi : filterAis) { - String sql = StrUtil.format(" ({}.hardware_id in ({}) OR ({}.quality_region_id in (select distinct quality_region_id from quality_region_to_user where user_id = {}))) ", - filterAi, StrUtil.join(",", videoItems), filterAi, userId); - expressions.add(parseCondExpression(sql)); - } - } + filterBySupplier(plainSelect, ds, expressions); } if (expressions.size() > 0) { Expression dataExpression; @@ -338,6 +264,134 @@ public class DataScopeHandler implements DataPermissionHandler { return plainSelect; } + /** + * 过滤供应商 + * + * @param plainSelect + * @param ds + * @param expressions + */ + private void filterBySupplier(PlainSelect plainSelect, DataScope ds, List expressions) { + List filterEnterprises = getNeedFilterLeftExpression(plainSelect, getFieldEnterpriseTables(), ds); + EnterpriseInfo ei = enterpriseInfoMapper.getXzSupplierByUserId(SecurityUtils.getUser().getUserId()); + Long id; + if (ei == null) { + id = -1L; + } else { + id = ei.getId(); + } + for (String filterEnterprise : filterEnterprises) { + String sql = StrUtil.format(" ({} = {} OR {} IN ( SELECT DISTINCT t.enterprise_id FROM " + + "(SELECT t.id FROM project_enterprise t WHERE t.enterprise_id = {}) t2 join project_enterprise t on find_in_set( t2.id, ancestors ) )) ", + filterEnterprise, id, filterEnterprise, id); + expressions.add(parseCondExpression(sql)); + } + + //解析ai预警 + List filterAis = getNeedFilterLeftExpression(plainSelect, getFieldAiTables(), ds, true); + if (CollUtil.isNotEmpty(filterAis)) { + List videoItems = aiAnalyseHardWareRecordService.getAiAnalyseHardIdsByEnterpriseId(id); + if (CollUtil.isEmpty(videoItems)) { + videoItems.add("0"); + } + videoItems = videoItems.stream().map(s -> "'" + s + "'").collect(Collectors.toList()); + for (String filterAi : filterAis) { + String sql = StrUtil.format(" ({}.hardware_id in ({}) OR ({}.quality_region_id in (select distinct quality_region_id from quality_region_to_user where user_id = {}))) ", + filterAi, StrUtil.join(",", videoItems), filterAi, SecurityUtils.getUser().getUserId()); + expressions.add(parseCondExpression(sql)); + } + } + } + + /** + * 过滤项目子账号 + * + * @param plainSelect + * @param ds + * @param expressions + */ + private void filterByProjectSubAccount(PlainSelect plainSelect, DataScope ds, List expressions) { + filterProjectForProject(plainSelect, ds); + List authEnterpriseIds = userEnterpriseService.getEnterpriseIdsIfSubProject(); + authEnterpriseIds.add("0"); + List filterEnterprises = getNeedFilterLeftExpression(plainSelect, getFieldEnterpriseTables(), ds); + if (CollUtil.isNotEmpty(filterEnterprises)) { + for (String filterEnterprise : filterEnterprises) { + inExpression(filterEnterprise, authEnterpriseIds, plainSelect); + } + } + + List filterItems = getNeedFilterLeftExpression(plainSelect, getFieldVideoTables(), ds); + if (CollUtil.isNotEmpty(filterItems)) { + List videoItems = userDevAuthorityService.getVideoItemsIfSubProject(); + for (String item : filterItems) { + inExpression(item, videoItems, plainSelect); + } + } + + List filterAis = getNeedFilterLeftExpression(plainSelect, getFieldAiTables(), ds, true); + if (CollUtil.isNotEmpty(filterAis)) { + List videoItems = aiAnalyseHardWareRecordService.getAiAnalyseHardIdsByUserId(); + if (CollUtil.isEmpty(videoItems)) { + videoItems.add("0"); + } + videoItems = videoItems.stream().map(s -> "'" + s + "'").collect(Collectors.toList()); + for (String filterAi : filterAis) { + String sql = StrUtil.format(" ({}.hardware_id in ({}) OR ({}.quality_region_id in (select distinct quality_region_id from quality_region_to_user where user_id = {}))) ", + filterAi, StrUtil.join(",", videoItems), filterAi, SecurityUtils.getUser().getUserId()); + expressions.add(parseCondExpression(sql)); + } + } + + //ocr施工日志施工单位 + HashMap ocrBuildLogTables = new HashMap<>(); + ocrBuildLogTables.put("ocr_build_log", "id"); + List filterOcrBuildLogTables = getNeedFilterLeftExpression(plainSelect, ocrBuildLogTables, ds); + if (CollUtil.isNotEmpty(filterOcrBuildLogTables)) { + for (String filterEnterprise : filterOcrBuildLogTables) { + String uploaderIdField = StrUtil.subBefore(filterEnterprise, ".", false) + "." + "uploader_id"; + String sql = StrUtil.format(" ( ({} in (select ocr_build_log_id from ocr_build_log_enterprise where enterprise_id in ({}))) OR ( {} = {}))", + filterEnterprise, StrUtil.join(",", authEnterpriseIds), uploaderIdField, SecurityUtils.getUser().getUserId()); + try { + Expression expression = CCJSqlParserUtil.parseCondExpression(sql); + expressions.add(expression); + } catch (Exception e) { + log.error(e.getMessage(), e); + } + } + } + + //安全隐患 + HashMap xzSecurityTables = new HashMap<>(); + xzSecurityTables.put("xz_security_quality_inspection_record", "id"); + List filterXzSecurityEnterprises = getNeedFilterLeftExpression(plainSelect, xzSecurityTables, ds); + if (CollUtil.isNotEmpty(filterXzSecurityEnterprises)) { + List enterpriseIds = userEnterpriseService.getEnterpriseIdsIfSubProject(); + enterpriseIds.add("0"); + List rids = xzSecurityQualityInspectionEnterpriseService.list(new LambdaQueryWrapper() + .in(XzSecurityQualityInspectionEnterprise::getEnterpriseId, enterpriseIds)).stream().map(XzSecurityQualityInspectionEnterprise::getInspectionId).collect(Collectors.toList()); + rids.add(0L); + for (String item : filterXzSecurityEnterprises) { + inExpression(item, rids.stream().map(Convert::toStr).collect(Collectors.toList()), plainSelect); + } + } + } + + /** + * 项目(子)账号过滤项目sn + * + * @param plainSelect + * @param ds + */ + private void filterProjectForProject(PlainSelect plainSelect, DataScope ds) { + List filterProjectItems = getNeedFilterLeftExpression(plainSelect, getFieldProjectSnTables(), ds); + if (CollUtil.isNotEmpty(filterProjectItems)) { + for (String item : filterProjectItems) { + equalsTo(item, SecurityUtils.getUser().getSn(), plainSelect); + } + } + } + /** * 过滤企业或项目的用户权限 * diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleController.java index ecd9c8b3a..a8118587a 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleController.java @@ -19,6 +19,7 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections.MapUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -89,6 +90,7 @@ public class BaseModuleController { @ApiImplicitParam(name = "projectSn", value = "项目sn", paramType = "body", required = true, dataType = "String"), }) @PostMapping(value = "/getProjectModuleList") + @PreAuthorize("@perm.hasProjectSnAccess(#map['projectSn'])") public Result> getProjectModuleList(@RequestBody Map map) { return Result.success(baseModuleService.getProjectModuleList(map)); } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleProjectController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleProjectController.java index 763e6bca6..93551b75a 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleProjectController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/BaseModuleProjectController.java @@ -9,6 +9,7 @@ import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -42,6 +43,7 @@ public class BaseModuleProjectController { @ApiImplicitParam(name = "moduleIdStr", value = "模块ID,多个时逗号分割", paramType = "body", required = true, dataType = "String"), }) @PostMapping(value = "/edit") + @PreAuthorize("@perm.hasSnAccess(#map['sn'])") public Result edit(@RequestBody Map map) { baseModuleProjectService.editBaseModuleProject(map); return Result.ok(); diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenConfigController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenConfigController.java index a298fa8a3..fe5aaea97 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenConfigController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenConfigController.java @@ -17,6 +17,7 @@ import org.apache.commons.collections.MapUtils; import org.simpleframework.xml.core.Validate; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -64,6 +65,7 @@ public class CompanyBigScreenConfigController { @OperLog(operModul = "企业大屏配置管理", operType = "列表查询", operDesc = "列表查询企业大屏配置信息") @ApiOperation(value = "列表查询企业大屏配置信息", notes = "列表查询企业大屏配置信息", httpMethod = "GET") @GetMapping(value = "/list") + @PreAuthorize("@perm.hasSnAccess(#param['sn'])") public Result> queryList(@ApiIgnore @RequestParam HashMap param) { return Result.success(companyBigScreenConfigService.queryList(param)); } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenStatisticsController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenStatisticsController.java index 11c8dba41..edb83747f 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenStatisticsController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyBigScreenStatisticsController.java @@ -19,6 +19,7 @@ import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -64,6 +65,7 @@ public class CompanyBigScreenStatisticsController { @ApiImplicitParam(name = "sn", value = "公司sn", paramType = "body", required = true, dataType = "String"), }) @PostMapping("/selectCooperateEnterpriseList") + @PreAuthorize("@perm.hasCompanySnAccess(#map['sn'])") public Result>> selectCooperateEnterpriseList(@RequestBody Map map) { return Result.success(companyBigScreenStatisticsService.selectCooperateEnterpriseList(map)); } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyFileController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyFileController.java index 30af790ce..44163a027 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyFileController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/CompanyFileController.java @@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections.MapUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -56,11 +57,12 @@ public class CompanyFileController { @ApiOperation(value = "分页查询自己企业的文件资料记录", notes = "分页查询自己企业的文件资料记录") @ApiImplicitParams({ @ApiImplicitParam(name = "fileName", value = "文件名称", paramType = "body", required = false, dataType = "String"), - @ApiImplicitParam(name = "companySn", value = "企业总部sn", paramType = "body", required = false, dataType = "String"), + @ApiImplicitParam(name = "companySn", value = "企业总部sn", paramType = "body", required = true, dataType = "String"), @ApiImplicitParam(name = "pageNo", value = "第几页", paramType = "body", required = true, dataType = "Integer"), @ApiImplicitParam(name = "pageSize", value = "每页显示条数", paramType = "body", required = true, dataType = "Integer"), }) @PostMapping("/my/list") + @PreAuthorize("@perm.hasCompanySnAccess(#map['companySn'])") public Result> selectMyCompanyFileList(@RequestBody Map map) { return Result.success(companyFileService.selectMyCompanyFileList(map)); } @@ -74,6 +76,7 @@ public class CompanyFileController { @OperLog(operModul = "企业文件资料管理", operType = "添加企业文件资料信息", operDesc = "添加企业文件资料信息") @ApiOperation(value = "添加企业文件资料信息", notes = "添加企业文件资料信息", httpMethod = "POST") @PostMapping(value = "/add") + @PreAuthorize("@perm.hasCompanySnAccess(#companyFile.companySn)") public Result add(@RequestBody CompanyFile companyFile) { companyFileService.add(companyFile); return Result.ok(); @@ -88,6 +91,7 @@ public class CompanyFileController { @OperLog(operModul = "企业文件资料管理", operType = "编辑企业文件资料信息", operDesc = "编辑企业文件资料信息") @ApiOperation(value = "编辑企业文件资料信息", notes = "编辑企业文件资料信息", httpMethod = "POST") @PostMapping(value = "/edit") + @PreAuthorize("@perm.hasIdAccess('CompanyFile', 'companySn', #companyFile.id)") public Result edit(@RequestBody CompanyFile companyFile) { companyFileService.edit(companyFile); return Result.ok(); @@ -103,6 +107,7 @@ public class CompanyFileController { @ApiOperation(value = "删除企业文件资料信息", notes = "删除企业文件资料信息", httpMethod = "POST") @ApiImplicitParam(name = "id", value = "企业文件资料ID", paramType = "body", required = true, dataType = "Integer") @PostMapping(value = "/delete") + @PreAuthorize("@perm.hasIdAccess('CompanyFile', 'companySn', #map['id'])") public Result delete(@RequestBody Map map) { Result result = new Result(); CompanyFile companyFile = companyFileService.getById(MapUtils.getString(map, "id")); diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/NoticeRemindSoundController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/NoticeRemindSoundController.java index 267cf98a7..ff3ff89d7 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/NoticeRemindSoundController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/NoticeRemindSoundController.java @@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections.MapUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -46,6 +47,7 @@ public class NoticeRemindSoundController { @ApiImplicitParam(name = "projectSn", value = "项目sn", paramType = "body", required = true, dataType = "String"), }) @PostMapping(value = "/list") + @PreAuthorize("@perm.hasProjectSnAccess(#map['projectSn'])") public Result> selectList(@RequestBody Map map) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda().eq(NoticeRemindSound::getProjectSn, MapUtils.getString(map, "projectSn")); @@ -61,6 +63,7 @@ public class NoticeRemindSoundController { */ @ApiOperation(value = "添加通知提示音信息", notes = "添加通知提示音信息", httpMethod = "POST") @PostMapping(value = "/add") + @PreAuthorize("@perm.hasProjectSnAccess(#noticeRemindSound.projectSn)") public Result add(@RequestBody NoticeRemindSound noticeRemindSound) { noticeRemindSoundService.saveNoticeRemindSound(noticeRemindSound); return Result.ok(); @@ -74,6 +77,7 @@ public class NoticeRemindSoundController { */ @ApiOperation(value = "编辑通知提示音信息", notes = "编辑通知提示音信息", httpMethod = "POST") @PostMapping(value = "/edit") + @PreAuthorize("@perm.hasIdAccess('NoticeRemindSound', 'projectSn', #noticeRemindSound.id)") public Result edit(@RequestBody NoticeRemindSound noticeRemindSound) { noticeRemindSoundService.editNoticeRemindSound(noticeRemindSound); return Result.ok(); @@ -87,6 +91,7 @@ public class NoticeRemindSoundController { @ApiOperation(value = "删除通知提示音信息", notes = "删除通知提示音信息", httpMethod = "POST") @ApiImplicitParam(name = "id", value = "通知提示音ID", paramType = "body", required = true, dataType = "Integer") @PostMapping(value = "/delete") + @PreAuthorize("@perm.hasIdAccess('NoticeRemindSound', 'projectSn', #map['id'])") public Result delete(@RequestBody Map map) { Result result = new Result(); NoticeRemindSound noticeRemindSound = noticeRemindSoundService.getById(MapUtils.getString(map, "id")); @@ -110,6 +115,7 @@ public class NoticeRemindSoundController { @ApiOperation(value = "通过id查询通知提示音信息", notes = "通过id查询通知提示音信息", httpMethod = "POST") @ApiImplicitParam(name = "id", value = "通知提示音ID", paramType = "body", required = true, dataType = "Integer") @PostMapping(value = "/queryById") + @PreAuthorize("@perm.hasIdAccess('NoticeRemindSound', 'projectSn', #map['id'])") public Result queryById(@RequestBody Map map) { Result result = new Result(); NoticeRemindSound noticeRemindSound = noticeRemindSoundService.getById(MapUtils.getString(map, "id")); @@ -124,6 +130,7 @@ public class NoticeRemindSoundController { @ApiOperation(value = "保存通知提示音信息", notes = "保存通知提示音信息", httpMethod = "POST") @PostMapping(value = "/saveSound") + @PreAuthorize("@perm.hasProjectSnAccess(#noticeRemindSound.projectSn)") public Result saveSound(@RequestBody NoticeRemindSound noticeRemindSound) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.lambda() diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/OrganizationJobController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/OrganizationJobController.java index 84c2edb4a..0024138b8 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/OrganizationJobController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/OrganizationJobController.java @@ -79,6 +79,7 @@ public class OrganizationJobController { @OperLog(operModul = "组织岗位", operType = "添加组织岗位信息", operDesc = "添加组织岗位信息") @ApiOperation(value = "添加组织岗位信息", notes = "添加组织岗位信息", httpMethod = "POST") @PostMapping(value = "/add") + @PreAuthorize("@perm.hasSnAccess(#organizationJob.sn)") public Result add(@RequestBody OrganizationJob organizationJob) { organizationJobService.addOrganizationJob(organizationJob); return Result.ok(); @@ -93,6 +94,7 @@ public class OrganizationJobController { @OperLog(operModul = "组织岗位", operType = "编辑组织岗位信息", operDesc = "编辑组织岗位信息") @ApiOperation(value = "编辑组织岗位信息", notes = "编辑组织岗位信息", httpMethod = "POST") @PostMapping(value = "/edit") + @PreAuthorize("@perm.hasIdAccess('OrganizationJob', 'sn', #organizationJob.id)") public Result edit(@RequestBody OrganizationJob organizationJob) { organizationJobService.editOrganizationJob(organizationJob); return Result.ok(); @@ -108,6 +110,7 @@ public class OrganizationJobController { @ApiOperation(value = "删除组织岗位信息", notes = "删除组织岗位信息", httpMethod = "POST") @ApiImplicitParam(name = "id", value = "组织岗位ID", paramType = "body", required = true, dataType = "Integer") @PostMapping(value = "/delete") + @PreAuthorize("@perm.hasIdAccess('OrganizationJob', 'sn', #map['id'])") public Result delete(@RequestBody Map map) { Result result = new Result(); OrganizationJob organizationJob = organizationJobService.getById(MapUtils.getString(map, "id")); diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SystemUserController.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SystemUserController.java index d7fbbccdb..341a62f16 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SystemUserController.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/controller/SystemUserController.java @@ -73,7 +73,7 @@ public class SystemUserController { @OperLog(operModul = "账号管理", operType = "编辑账号信息", operDesc = "编辑账号信息") @ApiOperation(value = "编辑账号信息", notes = "编辑账号信息", httpMethod = "POST") @PostMapping(value = "/edit") - @PreAuthorize("@perm.hasSnAccess(#systemUser.sn)") + @PreAuthorize("@perm.hasSnAccess(#systemUser.sn) and @perm.hasUserAccess(#systemUser.userId)") public Result edit(@RequestBody SystemUser systemUser) { systemUserService.editSystemUser(systemUser); return Result.ok(); @@ -106,6 +106,7 @@ public class SystemUserController { @ApiImplicitParam(name = "id", value = "账号ID", paramType = "body", required = true, dataType = "Integer") }) @PostMapping(value = "/delete") + @PreAuthorize("@perm.hasUserAccess(#map['id'])") public Result delete(@RequestBody Map map) { systemUserService.delete(map); return Result.ok(); diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/CompanyMapper.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/CompanyMapper.java index ea792064f..a4c31fcc2 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/CompanyMapper.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/CompanyMapper.java @@ -191,4 +191,6 @@ public interface CompanyMapper extends BaseMapper { boolean hasProjectSnAccessBy4(@Param("userId") Long userId, @Param("sn") String sn); + List getProjectSnsBySn(@Param("sn") String sn); + } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/NoticeRemindSoundMapper.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/NoticeRemindSoundMapper.java index 2c012745b..81f9e3536 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/NoticeRemindSoundMapper.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/NoticeRemindSoundMapper.java @@ -1,6 +1,7 @@ package com.zhgd.xmgl.modules.basicdata.mapper; import com.baomidou.mybatisplus.core.mapper.BaseMapper; +import com.zhgd.annotation.DataScope; import com.zhgd.xmgl.modules.basicdata.entity.NoticeRemindSound; import org.apache.ibatis.annotations.Mapper; @@ -11,6 +12,7 @@ import org.apache.ibatis.annotations.Mapper; * @version: V1.0 */ @Mapper +@DataScope public interface NoticeRemindSoundMapper extends BaseMapper { } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/xml/CompanyMapper.xml b/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/xml/CompanyMapper.xml index 96a34ef4f..af590e637 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/xml/CompanyMapper.xml +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/mapper/xml/CompanyMapper.xml @@ -411,4 +411,12 @@ JOIN system_user u on c.company_sn=u.sn WHERE u.user_id=#{userId} and p.project_sn = #{sn} + + diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ICompanyService.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ICompanyService.java index 7fab56294..3e394d486 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ICompanyService.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/ICompanyService.java @@ -211,4 +211,6 @@ public interface ICompanyService extends IService { boolean hasProjectSnAccessBy3(Long userId, String sn); boolean hasProjectSnAccessBy4(Long userId, String sn); + + List getProjectSnsBySn(String sn); } diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/CompanyServiceImpl.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/CompanyServiceImpl.java index cfbfb49ef..e9a2b10a3 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/CompanyServiceImpl.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/CompanyServiceImpl.java @@ -1014,6 +1014,11 @@ public class CompanyServiceImpl extends ServiceImpl impl return baseMapper.hasProjectSnAccessBy4(userId, sn); } + @Override + public List getProjectSnsBySn(String sn) { + return baseMapper.getProjectSnsBySn(sn); + } + private void recursionFilterData(Map existSnMap, JSONObject clJo, JSONArray rtJa) { String sn = getSn(clJo); if (!existSnMap.containsKey(sn)) { diff --git a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java index 81581eff3..dc1dda7fa 100644 --- a/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java +++ b/src/main/java/com/zhgd/xmgl/modules/basicdata/service/impl/SystemUserServiceImpl.java @@ -184,6 +184,11 @@ public class SystemUserServiceImpl extends ServiceImpl= 2; - if (needCode) { + if (needCode || Objects.equals(needEveryLoginCodeValid, "1")) { if (StrUtil.isBlank(code)) { throw new OpenAlertException("请输入验证码"); } diff --git a/src/main/java/com/zhgd/xmgl/modules/project/controller/LargeScreenConfigController.java b/src/main/java/com/zhgd/xmgl/modules/project/controller/LargeScreenConfigController.java index b612254bf..653a7b0ca 100644 --- a/src/main/java/com/zhgd/xmgl/modules/project/controller/LargeScreenConfigController.java +++ b/src/main/java/com/zhgd/xmgl/modules/project/controller/LargeScreenConfigController.java @@ -16,6 +16,7 @@ import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections.MapUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -196,6 +197,7 @@ public class LargeScreenConfigController { @ApiOperation(value = " 通过项目SN查询", notes = "通过项目SN查询", httpMethod = "POST") @ApiImplicitParam(name = "projectSn", value = "项目SN", paramType = "body", required = false) @PostMapping(value = "/queryByProject") + @PreAuthorize("@perm.hasSnAccess(#largeScreenConfig.projectSn)") public Result queryByProject(@ApiIgnore @RequestBody LargeScreenConfig largeScreenConfig) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(largeScreenConfig); LargeScreenConfig config = largeScreenConfigService.getOne(queryWrapper); diff --git a/src/main/java/com/zhgd/xmgl/modules/project/controller/ProjectController.java b/src/main/java/com/zhgd/xmgl/modules/project/controller/ProjectController.java index 4bb736a06..b07f68278 100644 --- a/src/main/java/com/zhgd/xmgl/modules/project/controller/ProjectController.java +++ b/src/main/java/com/zhgd/xmgl/modules/project/controller/ProjectController.java @@ -85,6 +85,7 @@ public class ProjectController { @ApiOperation(value = "企业大屏统计项目信息", notes = "企业大屏统计项目信息") @ApiImplicitParam(name = "companySn", value = "总公司sn", paramType = "body", required = true, dataType = "String") @PostMapping("/selectProjectListByCompany") + @PreAuthorize("@perm.hasCompanySnAccess(#map['companySn'])") public Result selectProjectListByCompany(@RequestBody Map map) { return Result.success(projectService.selectProjectListByCompany(map)); } diff --git a/src/main/java/com/zhgd/xmgl/modules/worker/controller/UfaceRecognitionController.java b/src/main/java/com/zhgd/xmgl/modules/worker/controller/UfaceRecognitionController.java index 6e3d10f5e..4620377f2 100644 --- a/src/main/java/com/zhgd/xmgl/modules/worker/controller/UfaceRecognitionController.java +++ b/src/main/java/com/zhgd/xmgl/modules/worker/controller/UfaceRecognitionController.java @@ -60,6 +60,8 @@ public class UfaceRecognitionController { public static final String LINUX = "linux"; @Value("${basePath}") private String basePath; + @Value("${enableCheckFace}") + private String enableCheckFace; @Autowired private IWorkerInfoService workerInfoService; @Autowired @@ -89,6 +91,11 @@ public class UfaceRecognitionController { String message = "message"; String projectSn = MapUtils.getString(map, "projectSn"); String fileUrl = MapUtils.getString(map, "fileUrl"); + if (Objects.equals(enableCheckFace, "0")) { + data.put(checkType, sucType); + data.put(message, "成功"); + return Result.success(data); + } WorkerManufacturer workerManufacturer = workerManufacturerFactory.getWorkerManufacturer(projectSn); if (workerManufacturer != null) { if (StringUtils.isNotEmpty(fileUrl)) { diff --git a/src/main/java/com/zhgd/xmgl/security/MyUserDetailsImpl.java b/src/main/java/com/zhgd/xmgl/security/MyUserDetailsImpl.java index 9fef0aa58..24a4d4a24 100644 --- a/src/main/java/com/zhgd/xmgl/security/MyUserDetailsImpl.java +++ b/src/main/java/com/zhgd/xmgl/security/MyUserDetailsImpl.java @@ -43,7 +43,7 @@ public class MyUserDetailsImpl implements UserDetailsService { return "admin"; } }); - return new UserInfo(username, user.getPassword(), true, true, true, true, grantedAuthorityList, user.getUserId(), user.getAccountType(), user.getRealName()); + return new UserInfo(username, user.getPassword(), true, true, true, true, grantedAuthorityList, user.getUserId(), user.getAccountType(), user.getRealName(), user.getSn()); } } diff --git a/src/main/java/com/zhgd/xmgl/security/PermissionEvaluator.java b/src/main/java/com/zhgd/xmgl/security/PermissionEvaluator.java index f897c21d9..2d51f1d94 100644 --- a/src/main/java/com/zhgd/xmgl/security/PermissionEvaluator.java +++ b/src/main/java/com/zhgd/xmgl/security/PermissionEvaluator.java @@ -1,16 +1,34 @@ package com.zhgd.xmgl.security; +import cn.hutool.core.convert.Convert; +import cn.hutool.core.util.StrUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; +import com.zhgd.jeecg.common.util.SpringContextUtils; +import com.zhgd.xmgl.constant.Cts; import com.zhgd.xmgl.modules.basicdata.entity.Company; +import com.zhgd.xmgl.modules.basicdata.entity.SystemUser; import com.zhgd.xmgl.modules.basicdata.enums.SystemUserAccountTypeEnum; import com.zhgd.xmgl.modules.basicdata.service.ICompanyService; +import com.zhgd.xmgl.modules.basicdata.service.ISystemUserService; import com.zhgd.xmgl.modules.project.service.IProjectService; +import com.zhgd.xmgl.modules.worker.entity.UserEnterprise; +import com.zhgd.xmgl.modules.worker.entity.WorkerInfo; +import com.zhgd.xmgl.modules.worker.service.IUserEnterpriseService; +import com.zhgd.xmgl.modules.worker.service.IWorkerInfoService; import com.zhgd.xmgl.security.entity.UserInfo; import com.zhgd.xmgl.security.util.SecurityUtils; +import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; +import java.io.Serializable; +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.util.Objects; + +@Slf4j @Component("perm") public class PermissionEvaluator { @Lazy @@ -19,6 +37,15 @@ public class PermissionEvaluator { @Lazy @Autowired private IProjectService projectService; + @Lazy + @Autowired + private ISystemUserService systemUserService; + @Lazy + @Autowired + private IUserEnterpriseService userEnterpriseService; + @Lazy + @Autowired + private IWorkerInfoService workerInfoService; /** * 有企业sn的权限 @@ -62,27 +89,233 @@ public class PermissionEvaluator { */ public boolean hasSnAccess(String sn) { UserInfo user = SecurityUtils.getUser(); + if (user == null) { + return false; + } int c = companyService.count(new LambdaQueryWrapper() .eq(Company::getCompanySn, sn)); if (c > 0) { return hasCompanySnAccess(sn); } else { - if (user.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_ADMINISTRATOR_ACCOUNT.getValue())) { - return companyService.hasProjectSnAccessBy1(user.getUserId(), sn); - } else if (user.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_DISTRICT_ACCOUNT.getValue())) { - return companyService.hasProjectSnAccessBy2(user.getUserId(), sn); - } else if (user.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_CITY_ACCOUNT.getValue())) { - return companyService.hasProjectSnAccessBy3(user.getUserId(), sn); - } else if (user.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_SUB_ACCOUNT.getValue())) { - return companyService.hasProjectSnAccessBy4(user.getUserId(), sn); - } else if (user.getAccountType().equals(SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue())) { - return projectService.hasProjectSnAccess(user.getUserId(), sn); - } else if (user.getAccountType().equals(SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue())) { - return projectService.hasProjectSnAccess(user.getUserId(), sn); - } else if (user.getAccountType().equals(SystemUserAccountTypeEnum.NEW_USER.getValue())) { - return projectService.hasProjectSnAccessByNewUser(user.getUserId(), sn); - } + return hasProjectSnAccess(sn); } - return true; } + + /** + * 有项目sn的权限 + * + * @param projectSn + * @return + */ + public boolean hasProjectSnAccess(String projectSn) { + UserInfo owner = SecurityUtils.getUser(); + if (owner.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_ADMINISTRATOR_ACCOUNT.getValue())) { + return companyService.hasProjectSnAccessBy1(owner.getUserId(), projectSn); + } else if (owner.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_DISTRICT_ACCOUNT.getValue())) { + return companyService.hasProjectSnAccessBy2(owner.getUserId(), projectSn); + } else if (owner.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_CITY_ACCOUNT.getValue())) { + return companyService.hasProjectSnAccessBy3(owner.getUserId(), projectSn); + } else if (owner.getAccountType().equals(SystemUserAccountTypeEnum.ENTERPRISE_SUB_ACCOUNT.getValue())) { + return companyService.hasProjectSnAccessBy4(owner.getUserId(), projectSn); + } else if (owner.getAccountType().equals(SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue())) { + return projectService.hasProjectSnAccess(owner.getUserId(), projectSn); + } else if (owner.getAccountType().equals(SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue())) { + return projectService.hasProjectSnAccess(owner.getUserId(), projectSn); + } else if (owner.getAccountType().equals(SystemUserAccountTypeEnum.NEW_USER.getValue())) { + return projectService.hasProjectSnAccessByNewUser(owner.getUserId(), projectSn); + } + return false; + } + + /** + * 能访问这个用户id + * + * @param userId + * @return + */ + public boolean hasUserAccess(String userId) { + SystemUser checkUser = systemUserService.getById(userId); + UserInfo owner = SecurityUtils.getUser(); + Integer checkAccountType = checkUser.getAccountType(); + Integer ownerAccountType = owner.getAccountType(); + if (isCompanyType(checkAccountType)) { + if (!isCompanyType(ownerAccountType)) { + return false; + } + if (!hasCompanySnAccess(checkUser.getSn())) { + return false; + } + String ownerSn = getSn(owner.getUserId() + ""); + return !Objects.equals(ownerSn, checkUser.getSn()); + } else if (checkAccountType.equals(SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue())) { + if (!hasSnAccess(checkUser.getSn())) { + return false; + } + if (isCompanyType(ownerAccountType)) { + return true; + } + String ownerSn = getSn(owner.getUserId() + ""); + return !Objects.equals(ownerSn, checkUser.getSn()); + } else if (checkAccountType.equals(SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue())) { + if (!hasSnAccess(checkUser.getSn())) { + return false; + } + if (isCompanyType(ownerAccountType)) { + return true; + } + if (ownerAccountType.equals(SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue()) + || ownerAccountType.equals(SystemUserAccountTypeEnum.NEW_USER.getValue())) { + return true; + } else { + //项目子账号 + UserEnterprise userEnterprise = userEnterpriseService.selectUserEnterpriseByUserId(owner.getUserId()); + WorkerInfo workerInfo = workerInfoService.getOne(new LambdaQueryWrapper() + .eq(WorkerInfo::getId, checkUser.getWorkerId()).last(Cts.IGNORE_DATA_SCOPE_CONDITION)); + return userEnterprise != null && StrUtil.isNotBlank(userEnterprise.getEnterpriseId()) + && workerInfo != null && userEnterprise.getEnterpriseId().contains(Convert.toStr(workerInfo.getEnterpriseId())); + } + } else if (checkAccountType.equals(SystemUserAccountTypeEnum.NEW_USER.getValue())) { + if (isProjectType(ownerAccountType) || ownerAccountType.equals(SystemUserAccountTypeEnum.NEW_USER.getValue())) { + return false; + } + return true; + } + return false; + } + + /** + * 获取账号的sn + * + * @param userId + * @return + */ + private String getSn(String userId) { + SystemUser user = systemUserService.getById(userId); + if (isCompanyType(user.getAccountType()) + || user.getAccountType().equals(SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue()) + || user.getAccountType().equals(SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue()) + ) { + return user.getSn(); + } + return null; + } + + /** + * 是项目级别账号 + * + * @param accountType + * @return + */ + private boolean isProjectType(Integer accountType) { + return accountType.equals(SystemUserAccountTypeEnum.PROJECT_ACCOUNT.getValue()) + || accountType.equals(SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue()); + } + + /** + * 是企业级别账号 + * + * @param accountType + * @return + */ + private boolean isCompanyType(Integer accountType) { + return accountType.equals(SystemUserAccountTypeEnum.ENTERPRISE_ADMINISTRATOR_ACCOUNT.getValue()) + || accountType.equals(SystemUserAccountTypeEnum.ENTERPRISE_DISTRICT_ACCOUNT.getValue()) + || accountType.equals(SystemUserAccountTypeEnum.ENTERPRISE_CITY_ACCOUNT.getValue()) + || accountType.equals(SystemUserAccountTypeEnum.ENTERPRISE_SUB_ACCOUNT.getValue()); + } + + + /** + * 通用ID权限验证方法,id的entityClassName.fieldName查询出sn,通过sn判断是否有权限 + * + * @param entityClassName 实体类名 + * @param snFieldName sn属性字段名 + * @param id 实体ID值 + * @return 是否有权限 + */ + public boolean hasIdAccess(String entityClassName, String snFieldName, String id) { + if (StringUtils.isBlank(entityClassName) || StringUtils.isBlank(snFieldName) || id == null) { + return false; + } + + try { + // 1. 根据实体类名获取对应的实体对象 + Object entity = getEntityById(entityClassName, id); + if (entity == null) { + return true; + } + + // 2. 通过反射获取指定字段的值 + Object fieldValue = getFieldValue(entity, snFieldName); + if (fieldValue == null) { + return false; + } + + // 3. 调用hasSnAccess进行权限验证 + return hasSnAccess(fieldValue.toString()); + + } catch (Exception e) { + log.error("权限验证失败 entity: {}, snFieldName: {}, id: {}", entityClassName, snFieldName, id, e); + return false; + } + } + + /** + * 根据实体类名和ID获取实体对象 + */ + private Object getEntityById(String entityClassName, Serializable id) { + switch (entityClassName) { + case "XXX": +// return organizationJobMapper.selectById(id); + default: + // 通用反射方式获取(需要规范命名) + return getEntityByReflection(entityClassName, id); + } + } + + /** + * 反射方式通用获取实体(需要规范Mapper命名) + */ + private Object getEntityByReflection(String entityClassName, Serializable id) { + try { + String mapperBeanName = StringUtils.uncapitalize(entityClassName) + "Mapper"; + Object mapper = SpringContextUtils.getBean(mapperBeanName); + + Method selectByIdMethod = mapper.getClass().getMethod("selectById", Serializable.class); + return selectByIdMethod.invoke(mapper, id); + + } catch (Exception e) { + log.warn("通过反射获取实体失败: {}", entityClassName, e); + return null; + } + } + + /** + * 通过反射获取字段值 + */ + private Object getFieldValue(Object entity, String fieldName) { + try { + Field field = entity.getClass().getDeclaredField(fieldName); + field.setAccessible(true); + return field.get(entity); + } catch (Exception e) { + // 尝试通过getter方法获取 + return getFieldValueByGetter(entity, fieldName); + } + } + + /** + * 通过getter方法获取字段值 + */ + private Object getFieldValueByGetter(Object entity, String fieldName) { + try { + String getterMethodName = "get" + StringUtils.capitalize(fieldName); + Method getterMethod = entity.getClass().getMethod(getterMethodName); + return getterMethod.invoke(entity); + } catch (Exception e) { + log.warn("获取字段值失败: {}", fieldName, e); + return null; + } + } + } diff --git a/src/main/java/com/zhgd/xmgl/security/entity/UserInfo.java b/src/main/java/com/zhgd/xmgl/security/entity/UserInfo.java index ba0cb5315..8549ed050 100644 --- a/src/main/java/com/zhgd/xmgl/security/entity/UserInfo.java +++ b/src/main/java/com/zhgd/xmgl/security/entity/UserInfo.java @@ -12,6 +12,7 @@ public class UserInfo extends User { * 账号类型,1系统管理员:jxjadmin,2企业管理员账号:17512009894,3企业区账号,4企业市账号,5项目账号(thhy,只能看一个项目),6项目子账号(aq,比一个项目更小),7企业子账号:qyyszh(只能看到很多项目的账号):,8参建单位,9政务 */ private java.lang.Integer accountType; + private String sn; public UserInfo(String username, String password, Collection authorities, Long userId, String realName) { super(username, password, authorities); @@ -19,11 +20,12 @@ public class UserInfo extends User { this.realName = realName; } - public UserInfo(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection authorities, Long userId, Integer accountType, String realName) { + public UserInfo(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection authorities, Long userId, Integer accountType, String realName, String sn) { super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); this.userId = userId; this.accountType = accountType; this.realName = realName; + this.sn = sn; } public Long getUserId() { @@ -49,4 +51,12 @@ public class UserInfo extends User { public void setRealName(String realName) { this.realName = realName; } + + public String getSn() { + return sn; + } + + public void setSn(String sn) { + this.sn = sn; + } }