guoxin
/
shandan
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

数据权限中增加数据密级判断逻辑代码

Browse Source
master
Guo XIn 1 year ago
parent f0f83f0c7c
commit 9692801e52
1 changed files with 37 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 20
      shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java

20
shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java
Unescape View File

@ -112,6 +112,7 @@ public class DirPermissionService {
*/ */
public boolean hasReadPermis(SysUser user, DirectoryVo dir) { public boolean hasReadPermis(SysUser user, DirectoryVo dir) {
try { try {
if (secretLevelAllow(user, dir)) {
return isEveryoneRead(dir) return isEveryoneRead(dir)
|| isOwnerSelf(user, dir) || isOwnerSelf(user, dir)
|| isAllParentRead(user, dir) || isAllParentRead(user, dir)
@ -119,10 +120,23 @@ public class DirPermissionService {
|| isAllChildRead(user, dir) || isAllChildRead(user, dir)
|| isChildRead(user, dir) || isChildRead(user, dir)
|| isMemberRead(user, dir); || isMemberRead(user, dir);
}
} catch (Exception e) { } catch (Exception e) {
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId());
}
return false; return false;
} }
/**
* 判断数据密级
*
* @param user
* @param dir
* @return
*/
private boolean secretLevelAllow(SysUser user, DirectoryVo dir) {
return user.getSecretLevel() > dir.getSecretLevel();
} }
/** /**
@ -134,6 +148,7 @@ public class DirPermissionService {
*/ */
public boolean hasWritePermis(SysUser user, DirectoryVo dir) { public boolean hasWritePermis(SysUser user, DirectoryVo dir) {
try { try {
if (secretLevelAllow(user, dir)) {
return isEveryoneWrite(dir) return isEveryoneWrite(dir)
|| isOwnerSelf(user, dir) || isOwnerSelf(user, dir)
|| isAllParentWrite(user, dir) || isAllParentWrite(user, dir)
@ -141,10 +156,11 @@ public class DirPermissionService {
|| isAllChildWrite(user, dir) || isAllChildWrite(user, dir)
|| isChildWrite(user, dir) || isChildWrite(user, dir)
|| isMemberWrite(user, dir); || isMemberWrite(user, dir);
}
} catch (Exception e) { } catch (Exception e) {
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId());
return false;
} }
return false;
} }
private boolean isAllParentRead(SysUser user, DirectoryVo dir) { private boolean isAllParentRead(SysUser user, DirectoryVo dir) {
@ -506,7 +522,7 @@ public class DirPermissionService {
private List<DirectoryVo> selectDirectoryList() { private List<DirectoryVo> selectDirectoryList() {
QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>(); QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>();
wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD"); wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD", "SECRET_LEVEL");
wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR); wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR);
return directoryService.list(wrapper); return directoryService.list(wrapper);
} }