Commit 0008ef2d by 宋祥

1.权限过滤,非超级管理员进行授权时只能授权自身拥有的权限

parent cb63a7ab
......@@ -45,26 +45,17 @@ public class ServiceXS0705 extends MenuTreeService {
if (StringUtils.isEmpty(parentLabel) || "$".equals(parentLabel)) {
parentLabel = "root";
}
String loginName = UserSession.getUser().getUsername();
params.put("node", parentLabel);
params.put("loginName", loginName);
params.put("isUserAdmin", "1");
// 非管理员仅查询指定菜单权限 added by songx at 2024-01-16
if (!LoginUserDetails.isUserAdmin(UserSessionUtils.getLoginName())) {
if (!LoginUserDetails.isUserAdmin(loginName)) {
params.put("isUserAdmin", "0");
// root:根节点
if ("root".equals(parentLabel)) {
params.put("notNodeEnames", new String[]{"EP"});
}
// EP:系统平台
if ("EP".equals(parentLabel)) {
params.put("nodeEnames", new String[]{"OG", "XS"});
}
// OG:组织机构
if ("OG".equals(parentLabel)) {
params.put("nodeEnames", new String[]{"XS40", "XSOG0801"});
}
// XS:安全管理
if ("XS".equals(parentLabel)) {
params.put("nodeEnames", new String[]{"XS30", "XS32"});
}
}
String stmt = "XS0702.query";
List ret = this.dao.query(stmt, params);
......@@ -83,7 +74,6 @@ public class ServiceXS0705 extends MenuTreeService {
}
}
String loginName = UserSession.getUser().getUsername();
List authorized = new ArrayList();
if (!LoginUserDetails.isUserAdmin(loginName)) {
if (AuthenticationInfo.userManageAuthentication.get(loginName) == null) {
......
package com.baosight.xservices.xs.service;
import com.baosight.hpjx.core.security.UserSessionUtils;
import com.baosight.iplat4j.core.ei.EiBlockMeta;
import com.baosight.iplat4j.core.ei.EiColumn;
import com.baosight.iplat4j.core.ei.EiConstant;
import com.baosight.iplat4j.core.ioc.spring.PlatApplicationContext;
import com.baosight.iplat4j.ef.ui.tree.MenuTreeService;
import com.baosight.xservices.xs.util.LoginUserDetails;
import com.baosight.xservices.xs.util.UserSession;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
/**
*
* @author:songx
* @date:2024/1/26,11:26
*/
public class ServiceXS0710 extends MenuTreeService {
private EiBlockMeta eiMetadata = null;
public ServiceXS0710() {
}
public List getTopNodes() {
HashMap<String, String> map = new HashMap();
List<HashMap> list = new ArrayList();
map.put("label", "root");
map.put("text", "用户组管理");
map.put("leaf", "0");
map.put("parent", "0");
list.add(map);
return list;
}
public List getChildNodes(String parentLabel) {
String manageSwitch = StringUtils.defaultIfEmpty(PlatApplicationContext.getProperty("xservices.security.manage.switch"), "off");
List resultList = null;
String stmt = "XS0702.queryAllGroups";
Map map = new HashMap();
map.put("node", parentLabel);
String loginName = UserSession.getUser().getUsername();
if (!"off".equals(manageSwitch) && !LoginUserDetails.isUserAdmin(loginName)) {
map.put("loginName", loginName);
if ("root".equals(parentLabel)) {
stmt = "XS0702.queryAllGroupsWithRoot";
} else {
stmt = "XS0702.queryAllGroups";
}
}
// 非管理员仅查询所属企业用户 added by songx at 2024-01-16
if (!LoginUserDetails.isUserAdmin(UserSessionUtils.getLoginName())) {
map.put("companyCode", UserSessionUtils.getCompanyCode());
}
resultList = this.dao.query(stmt, map, 0, -999999);
List haveAuth = ServiceXS0707.haveAuthList;
if (null != haveAuth && haveAuth.size() > 0) {
for(int i = 0; i < resultList.size(); ++i) {
Map resultMap = (Map)resultList.get(i);
for(int j = 0; j < haveAuth.size(); ++j) {
Map haveAuthMap = (Map)haveAuth.get(j);
if (resultMap.get("label").toString().equals(haveAuthMap.get("label").toString()) && resultMap.get("parent").toString().equals(haveAuthMap.get("parent").toString())) {
resultMap.put("isAuth", "1");
}
}
}
}
return resultList;
}
public EiBlockMeta initMetaData() {
if (this.eiMetadata == null) {
this.eiMetadata = new EiBlockMeta();
EiColumn eiColumn = new EiColumn("label");
eiColumn.setDescName("label");
eiColumn.setNullable(false);
eiColumn.setPrimaryKey(false);
this.eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn("leaf");
eiColumn.setDescName("leaf");
eiColumn.setType(EiConstant.COLUMN_TYPE_NUMBER);
eiColumn.setNullable(false);
eiColumn.setPrimaryKey(false);
this.eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn("text");
eiColumn.setDescName("text");
eiColumn.setNullable(false);
eiColumn.setPrimaryKey(false);
this.eiMetadata.addMeta(eiColumn);
}
return this.eiMetadata;
}
}
......@@ -171,9 +171,10 @@ public class ServiceXS3201 extends ServiceEPBase {
inBlock.setAttr(inInfo.getBlock("result5").getAttr());
inInfo.setBlock(inBlock);
}
String loginName = UserSessionUtils.getLoginName();
// 非管理员不显示XS、OG等开头的系统平台资源 added by songx at 2024-01-16
inInfo.set("inqu_status-0-isUserAdmin", LoginUserDetails.isUserAdmin(UserSessionUtils.getLoginName())
? "1" : "0");
inInfo.set("inqu_status-0-loginName", loginName);
inInfo.set("inqu_status-0-isUserAdmin", LoginUserDetails.isUserAdmin(loginName) ? "1" : "0");
EiInfo outInfo = super.query(inInfo, "XS3201.queryResourceOutOfAuth", new XS04());
EiBlock eiBlock = new EiBlock("result5");
eiBlock.setRows(outInfo.getBlock("result").getRows());
......
......@@ -115,13 +115,15 @@
like ('%$subjectName$%') or t5.resource_ename like ('%$subjectName$%') )
</isNotEmpty>
<isNotEmpty prepend=" AND " property="objectName">
(t6.resource_group_cname like ('%$objectName$%') or t8.form_cname like ('%$objectName$%') or t9.form_cname like ('%$objectName$%'))
(t6.resource_group_cname like concat('%', #objectName#, '%')
or t8.form_cname like concat('%', #objectName#, '%')
or t9.form_cname like concat('%', #objectName#, '%'))
</isNotEmpty>
<isNotEmpty prepend=" AND " property="operationType">
t1.operation_type = #operationType#
</isNotEmpty>
<isNotEmpty prepend=" AND " property="objectEname">
(t6.resource_group_ename = #objectEname# or t7.resource_ename = #objectEname#)
(t6.resource_group_ename = #objectEname# or t7.resource_ename like concat(#objectEname#, '%'))
</isNotEmpty>
<isNotEmpty prepend=" AND " property="companyCode">
t2.company_code = #companyCode#
......
......@@ -9,7 +9,7 @@
0 as "leaf",
node_ename as "label",
node_sort_id as "sortIndex"
FROM ${platSchema}.TEDPI10
FROM ${platSchema}.TEDPI10 m
<dynamic prepend="WHERE">
<isNotEmpty prepend=" AND " property="node">
tree_ename = #node#
......@@ -20,6 +20,25 @@
<isNotEmpty prepend=" AND " property="notNodeEnames">
node_ename not in <iterate close=")" open="(" conjunction="," property="notNodeEnames">#notNodeEnames[]#</iterate>
</isNotEmpty>
<!-- 非管理员非root节点仅显示有权限的菜单 added by songx at 20240126 -->
<isNotEqual property="node" compareValue="root">
<isEqual prepend=" AND " property="isUserAdmin" compareValue="0">
exists (
select
c. object_id, d.resource_ename
from ${platSchema}.xs_user a,
${platSchema}.xs_user_group_member b,
${platSchema}.xs_authorization c,
${platSchema}.xs_resource d
where a.user_id = b.member_id
and b.parent_id = c.subject_id
and c.object_id = d.id
and a.login_name = #loginName#
and d.type = 'PAGE'
and m.node_ename = d.resource_ename
)
</isEqual>
</isNotEqual>
</dynamic>
UNION
SELECT
......@@ -50,6 +69,7 @@
</isNotEmpty>
order by "sortIndex"
</select>
<select id="query2" resultClass="java.util.HashMap">
SELECT
tree_ename as "parent",
......@@ -143,6 +163,9 @@
<isNotEmpty prepend="AND" property="loginName">
t1.member_id IN (<include refid="getAllManagerGroupsByLoginNameDetail"/>)
</isNotEmpty>
<isNotEmpty prepend=" AND " property="companyCode">
t2.COMPANY_CODE = #companyCode#
</isNotEmpty>
</sql>
<select id="queryAllGroups" resultClass="java.util.HashMap">
......
......@@ -93,6 +93,17 @@
</isNotEmpty>
<isEqual property="isUserAdmin" compareValue="0">
and t1.resource_ename not like 'XS%'
and exists (
select
c. object_id
from ${platSchema}.xs_user a,
${platSchema}.xs_user_group_member b,
${platSchema}.xs_authorization c
where a.user_id = b.member_id
and b.parent_id = c.subject_id
and c.object_id = t1.id
and a.login_name = #loginName#
)
</isEqual>
ORDER BY t1.SORT_INDEX,t1.ID
</select>
......
......@@ -52,7 +52,7 @@ function uploadFile(id) {
href: "HPSC099?methodName=initLoad",
title: "<div style='text-align: center;'>附件上传</div>",
width: "60%",
height: "70%",
height: "50%",
callbackName: uploadFileCallback
});
}
......
......@@ -54,7 +54,7 @@ function openUploadFile(id) {
href: "HPSC099?methodName=initLoad",
title: "<div style='text-align: center;'>附件上传</div>",
width: "60%",
height: "70%",
height: "50%",
callbackName: function (docId) {
let inEiInfo = new EiInfo();
inEiInfo.set("result-0-id", id);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment