|
|
@ -112,17 +112,31 @@ public class DirPermissionService { |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public boolean hasReadPermis(SysUser user, DirectoryVo dir) { |
|
|
|
public boolean hasReadPermis(SysUser user, DirectoryVo dir) { |
|
|
|
try { |
|
|
|
try { |
|
|
|
return isEveryoneRead(dir) |
|
|
|
if (secretLevelAllow(user, dir)) { |
|
|
|
|| isOwnerSelf(user, dir) |
|
|
|
return isEveryoneRead(dir) |
|
|
|
|| isAllParentRead(user, dir) |
|
|
|
|| isOwnerSelf(user, dir) |
|
|
|
|| isParentRead(user, dir) |
|
|
|
|| isAllParentRead(user, dir) |
|
|
|
|| isAllChildRead(user, dir) |
|
|
|
|| isParentRead(user, dir) |
|
|
|
|| isChildRead(user, dir) |
|
|
|
|| isAllChildRead(user, dir) |
|
|
|
|| isMemberRead(user, dir); |
|
|
|
|| isChildRead(user, dir) |
|
|
|
|
|
|
|
|| isMemberRead(user, dir); |
|
|
|
|
|
|
|
} |
|
|
|
} catch (Exception e) { |
|
|
|
} catch (Exception e) { |
|
|
|
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); |
|
|
|
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); |
|
|
|
return false; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return false; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
|
|
|
* 判断数据密级 |
|
|
|
|
|
|
|
* |
|
|
|
|
|
|
|
* @param user |
|
|
|
|
|
|
|
* @param dir |
|
|
|
|
|
|
|
* @return |
|
|
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
private boolean secretLevelAllow(SysUser user, DirectoryVo dir) { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return user.getSecretLevel() > dir.getSecretLevel(); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
@ -134,17 +148,19 @@ public class DirPermissionService { |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
public boolean hasWritePermis(SysUser user, DirectoryVo dir) { |
|
|
|
public boolean hasWritePermis(SysUser user, DirectoryVo dir) { |
|
|
|
try { |
|
|
|
try { |
|
|
|
return isEveryoneWrite(dir) |
|
|
|
if (secretLevelAllow(user, dir)) { |
|
|
|
|| isOwnerSelf(user, dir) |
|
|
|
return isEveryoneWrite(dir) |
|
|
|
|| isAllParentWrite(user, dir) |
|
|
|
|| isOwnerSelf(user, dir) |
|
|
|
|| isParentWrite(user, dir) |
|
|
|
|| isAllParentWrite(user, dir) |
|
|
|
|| isAllChildWrite(user, dir) |
|
|
|
|| isParentWrite(user, dir) |
|
|
|
|| isChildWrite(user, dir) |
|
|
|
|| isAllChildWrite(user, dir) |
|
|
|
|| isMemberWrite(user, dir); |
|
|
|
|| isChildWrite(user, dir) |
|
|
|
|
|
|
|
|| isMemberWrite(user, dir); |
|
|
|
|
|
|
|
} |
|
|
|
} catch (Exception e) { |
|
|
|
} catch (Exception e) { |
|
|
|
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); |
|
|
|
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId()); |
|
|
|
return false; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return false; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private boolean isAllParentRead(SysUser user, DirectoryVo dir) { |
|
|
|
private boolean isAllParentRead(SysUser user, DirectoryVo dir) { |
|
|
@ -152,7 +168,7 @@ public class DirPermissionService { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private boolean isAllParentWrite(SysUser user, DirectoryVo dir) { |
|
|
|
private boolean isAllParentWrite(SysUser user, DirectoryVo dir) { |
|
|
|
return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir); |
|
|
|
return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private boolean isAllParent(SysUser user, DirectoryVo dir) { |
|
|
|
private boolean isAllParent(SysUser user, DirectoryVo dir) { |
|
|
@ -174,7 +190,7 @@ public class DirPermissionService { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private boolean isParentRead(SysUser user, DirectoryVo dir) { |
|
|
|
private boolean isParentRead(SysUser user, DirectoryVo dir) { |
|
|
|
return dir.getPermisParent()!= null && dir.getPermisParent().contains("read") && isParent(user, dir); |
|
|
|
return dir.getPermisParent() != null && dir.getPermisParent().contains("read") && isParent(user, dir); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private boolean isParentWrite(SysUser user, DirectoryVo dir) { |
|
|
|
private boolean isParentWrite(SysUser user, DirectoryVo dir) { |
|
|
@ -252,7 +268,7 @@ public class DirPermissionService { |
|
|
|
* @return |
|
|
|
* @return |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
private boolean isEveryoneRead(DirectoryVo dir) { |
|
|
|
private boolean isEveryoneRead(DirectoryVo dir) { |
|
|
|
return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("read"); |
|
|
|
return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("read"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
@ -262,7 +278,7 @@ public class DirPermissionService { |
|
|
|
* @return |
|
|
|
* @return |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
private boolean isEveryoneWrite(DirectoryVo dir) { |
|
|
|
private boolean isEveryoneWrite(DirectoryVo dir) { |
|
|
|
return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("write"); |
|
|
|
return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("write"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
@ -506,7 +522,7 @@ public class DirPermissionService { |
|
|
|
|
|
|
|
|
|
|
|
private List<DirectoryVo> selectDirectoryList() { |
|
|
|
private List<DirectoryVo> selectDirectoryList() { |
|
|
|
QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>(); |
|
|
|
QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>(); |
|
|
|
wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD"); |
|
|
|
wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD", "SECRET_LEVEL"); |
|
|
|
wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR); |
|
|
|
wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR); |
|
|
|
return directoryService.list(wrapper); |
|
|
|
return directoryService.list(wrapper); |
|
|
|
} |
|
|
|
} |
|
|
|