From 9692801e52a3db3b85f611350134338d9d1fe738 Mon Sep 17 00:00:00 2001 From: Guo XIn <371864209@qq.com> Date: Mon, 3 Jul 2023 15:58:50 +0800 Subject: [PATCH] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E4=B8=AD?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=95=B0=E6=8D=AE=E5=AF=86=E7=BA=A7=E5=88=A4?= =?UTF-8?q?=E6=96=AD=E9=80=BB=E8=BE=91=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../bianmu/service/DirPermissionService.java | 58 ++++++++++++------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java b/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java index c348bdb..b457bff 100644 --- a/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java +++ b/shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java @@ -112,17 +112,31 @@ public class DirPermissionService { */ public boolean hasReadPermis(SysUser user, DirectoryVo dir) { try { - return isEveryoneRead(dir) - || isOwnerSelf(user, dir) - || isAllParentRead(user, dir) - || isParentRead(user, dir) - || isAllChildRead(user, dir) - || isChildRead(user, dir) - || isMemberRead(user, dir); + if (secretLevelAllow(user, dir)) { + return isEveryoneRead(dir) + || isOwnerSelf(user, dir) + || isAllParentRead(user, dir) + || isParentRead(user, dir) + || isAllChildRead(user, dir) + || isChildRead(user, dir) + || isMemberRead(user, dir); + } } catch (Exception e) { log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); - return false; } + return false; + } + + /** + * 判断数据密级 + * + * @param user + * @param dir + * @return + */ + private boolean secretLevelAllow(SysUser user, DirectoryVo dir) { + + return user.getSecretLevel() > dir.getSecretLevel(); } /** @@ -134,17 +148,19 @@ public class DirPermissionService { */ public boolean hasWritePermis(SysUser user, DirectoryVo dir) { try { - return isEveryoneWrite(dir) - || isOwnerSelf(user, dir) - || isAllParentWrite(user, dir) - || isParentWrite(user, dir) - || isAllChildWrite(user, dir) - || isChildWrite(user, dir) - || isMemberWrite(user, dir); + if (secretLevelAllow(user, dir)) { + return isEveryoneWrite(dir) + || isOwnerSelf(user, dir) + || isAllParentWrite(user, dir) + || isParentWrite(user, dir) + || isAllChildWrite(user, dir) + || isChildWrite(user, dir) + || isMemberWrite(user, dir); + } } catch (Exception e) { log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); - return false; } + return false; } private boolean isAllParentRead(SysUser user, DirectoryVo dir) { @@ -152,7 +168,7 @@ public class DirPermissionService { } private boolean isAllParentWrite(SysUser user, DirectoryVo dir) { - return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir); + return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir); } private boolean isAllParent(SysUser user, DirectoryVo dir) { @@ -174,7 +190,7 @@ public class DirPermissionService { } private boolean isParentRead(SysUser user, DirectoryVo dir) { - return dir.getPermisParent()!= null && dir.getPermisParent().contains("read") && isParent(user, dir); + return dir.getPermisParent() != null && dir.getPermisParent().contains("read") && isParent(user, dir); } private boolean isParentWrite(SysUser user, DirectoryVo dir) { @@ -252,7 +268,7 @@ public class DirPermissionService { * @return */ private boolean isEveryoneRead(DirectoryVo dir) { - return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("read"); + return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("read"); } /** @@ -262,7 +278,7 @@ public class DirPermissionService { * @return */ private boolean isEveryoneWrite(DirectoryVo dir) { - return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("write"); + return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("write"); } /** @@ -506,7 +522,7 @@ public class DirPermissionService { private List selectDirectoryList() { QueryWrapper wrapper = new QueryWrapper<>(); - wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD"); + wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD", "SECRET_LEVEL"); wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR); return directoryService.list(wrapper); }