guoxin
/
shandan
Archived
2
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

数据权限中增加数据密级判断逻辑代码

Browse Source
master
Guo XIn 1 year ago
parent f0f83f0c7c
commit 9692801e52
1 changed files with 37 additions and 21 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 58
      shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java

58
shandan-system/src/main/java/com/keyware/shandan/bianmu/service/DirPermissionService.java
Unescape View File

@ -112,17 +112,31 @@ public class DirPermissionService {
*/
public boolean hasReadPermis(SysUser user, DirectoryVo dir) {
try {
return isEveryoneRead(dir)
|| isOwnerSelf(user, dir)
|| isAllParentRead(user, dir)
|| isParentRead(user, dir)
|| isAllChildRead(user, dir)
|| isChildRead(user, dir)
|| isMemberRead(user, dir);
if (secretLevelAllow(user, dir)) {
return isEveryoneRead(dir)
|| isOwnerSelf(user, dir)
|| isAllParentRead(user, dir)
|| isParentRead(user, dir)
|| isAllChildRead(user, dir)
|| isChildRead(user, dir)
|| isMemberRead(user, dir);
}
} catch (Exception e) {
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId());
return false;
}
return false;
}
/**
* 判断数据密级
*
* @param user
* @param dir
* @return
*/
private boolean secretLevelAllow(SysUser user, DirectoryVo dir) {
return user.getSecretLevel() > dir.getSecretLevel();
}
/**
@ -134,17 +148,19 @@ public class DirPermissionService {
*/
public boolean hasWritePermis(SysUser user, DirectoryVo dir) {
try {
return isEveryoneWrite(dir)
|| isOwnerSelf(user, dir)
|| isAllParentWrite(user, dir)
|| isParentWrite(user, dir)
|| isAllChildWrite(user, dir)
|| isChildWrite(user, dir)
|| isMemberWrite(user, dir);
if (secretLevelAllow(user, dir)) {
return isEveryoneWrite(dir)
|| isOwnerSelf(user, dir)
|| isAllParentWrite(user, dir)
|| isParentWrite(user, dir)
|| isAllChildWrite(user, dir)
|| isChildWrite(user, dir)
|| isMemberWrite(user, dir);
}
} catch (Exception e) {
log.error("目录权限校验异常:目录ID:{},用户ID:{}", dir.getId(), user.getUserId());
return false;
}
return false;
}
private boolean isAllParentRead(SysUser user, DirectoryVo dir) {
@ -152,7 +168,7 @@ public class DirPermissionService {
}
private boolean isAllParentWrite(SysUser user, DirectoryVo dir) {
return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir);
return dir.getPermisAllParent() != null && dir.getPermisAllParent().contains("write") && isAllParent(user, dir);
}
private boolean isAllParent(SysUser user, DirectoryVo dir) {
@ -174,7 +190,7 @@ public class DirPermissionService {
}
private boolean isParentRead(SysUser user, DirectoryVo dir) {
return dir.getPermisParent()!= null && dir.getPermisParent().contains("read") && isParent(user, dir);
return dir.getPermisParent() != null && dir.getPermisParent().contains("read") && isParent(user, dir);
}
private boolean isParentWrite(SysUser user, DirectoryVo dir) {
@ -252,7 +268,7 @@ public class DirPermissionService {
* @return
*/
private boolean isEveryoneRead(DirectoryVo dir) {
return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("read");
return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("read");
}
/**
@ -262,7 +278,7 @@ public class DirPermissionService {
* @return
*/
private boolean isEveryoneWrite(DirectoryVo dir) {
return dir.getPermisEveryone()!= null && dir.getPermisEveryone().contains("write");
return dir.getPermisEveryone() != null && dir.getPermisEveryone().contains("write");
}
/**
@ -506,7 +522,7 @@ public class DirPermissionService {
private List<DirectoryVo> selectDirectoryList() {
QueryWrapper<DirectoryVo> wrapper = new QueryWrapper<>();
wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD");
wrapper.select("ID", "DIRECTORY_NAME", "OWNER_TYPE", "OWNER_ID", "PERMIS_EVERYONE", "PERMIS_ALL_PARENT", "PERMIS_PARENT", "PERMIS_ALL_CHILD", "PERMIS_CHILD", "SECRET_LEVEL");
wrapper.in("DIRECTORY_TYPE", DirectoryType.DIRECTORY, DirectoryType.LINK_DIR);
return directoryService.list(wrapper);
}