数据权限中增加数据密级判断逻辑代码

master
Guo XIn 1 year ago
parent f0f83f0c7c
commit 9692801e52
  1. 58
      shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java

@ -112,17 +112,31 @@ public class DirPermissionService {
*/ */
public boolean hasReadPermis(SysUser user, DirectoryVo dir) { public boolean hasReadPermis(SysUser user, DirectoryVo dir) {
try { try {
return isEveryoneRead(dir) if (secretLevelAllow(user, dir)) {
|| isOwnerSelf(user, dir) return isEveryoneRead(dir)
|| isAllParentRead(user, dir) || isOwnerSelf(user, dir)
|| isParentRead(user, dir) || isAllParentRead(user, dir)
|| isAllChildRead(user, dir) || isParentRead(user, dir)
|| isChildRead(user, dir) || isAllChildRead(user, dir)
|| isMemberRead(user, dir); || isChildRead(user, dir)
|| isMemberRead(user, dir);
}
} catch (Exception e) { } catch (Exception e) {
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId());
return false;
} }
return false;
}
/**
* 判断数据密级
*
* @param user
* @param dir
* @return
*/
private boolean secretLevelAllow(SysUser user, DirectoryVo dir) {
return user.getSecretLevel() > dir.getSecretLevel();
} }
/** /**
@ -134,17 +148,19 @@ public class DirPermissionService {
*/ */
public boolean hasWritePermis(SysUser user, DirectoryVo dir) { public boolean hasWritePermis(SysUser user, DirectoryVo dir) {
try { try {
return isEveryoneWrite(dir) if (secretLevelAllow(user, dir)) {
|| isOwnerSelf(user, dir) return isEveryoneWrite(dir)
|| isAllParentWrite(user, dir) || isOwnerSelf(user, dir)
|| isParentWrite(user, dir) || isAllParentWrite(user, dir)
|| isAllChildWrite(user, dir) || isParentWrite(user, dir)
|| isChildWrite(user, dir) || isAllChildWrite(user, dir)
|| isMemberWrite(user, dir); || isChildWrite(user, dir)
|| isMemberWrite(user, dir);
}
} catch (Exception e) { } catch (Exception e) {
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId());
return false;
} }
return false;
} }
private boolean isAllParentRead(SysUser user, DirectoryVo dir) { private boolean isAllParentRead(SysUser user, DirectoryVo dir) {
@ -152,7 +168,7 @@ public class DirPermissionService {
} }
private boolean isAllParentWrite(SysUser user, DirectoryVo dir) { private boolean isAllParentWrite(SysUser user, DirectoryVo dir) {
return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir); return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir);
} }
private boolean isAllParent(SysUser user, DirectoryVo dir) { private boolean isAllParent(SysUser user, DirectoryVo dir) {
@ -174,7 +190,7 @@ public class DirPermissionService {
} }
private boolean isParentRead(SysUser user, DirectoryVo dir) { private boolean isParentRead(SysUser user, DirectoryVo dir) {
return dir.getPermisParent()!= null && dir.getPermisParent().contains("read") && isParent(user, dir); return dir.getPermisParent() != null && dir.getPermisParent().contains("read") && isParent(user, dir);
} }
private boolean isParentWrite(SysUser user, DirectoryVo dir) { private boolean isParentWrite(SysUser user, DirectoryVo dir) {
@ -252,7 +268,7 @@ public class DirPermissionService {
* @return * @return
*/ */
private boolean isEveryoneRead(DirectoryVo dir) { private boolean isEveryoneRead(DirectoryVo dir) {
return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("read"); return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("read");
} }
/** /**
@ -262,7 +278,7 @@ public class DirPermissionService {
* @return * @return
*/ */
private boolean isEveryoneWrite(DirectoryVo dir) { private boolean isEveryoneWrite(DirectoryVo dir) {
return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("write"); return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("write");
} }
/** /**
@ -506,7 +522,7 @@ public class DirPermissionService {
private List<DirectoryVo> selectDirectoryList() { private List<DirectoryVo> selectDirectoryList() {
QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>(); QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>();
wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD"); wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD", "SECRET_LEVEL");
wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR); wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR);
return directoryService.list(wrapper); return directoryService.list(wrapper);
} }