From 2f3bb896c0d1f758d0c3bf98655b0de2b106745c Mon Sep 17 00:00:00 2001 From: sunhongfei01 Date: Tue, 1 Apr 2025 09:55:51 +0800 Subject: [PATCH 1/5] =?UTF-8?q?feat(view-object):=20=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E8=A7=86=E5=9B=BE=E6=A8=A1=E5=9E=8B=E8=BF=90=E8=A1=8C=E6=97=B6?= =?UTF-8?q?=E6=9C=8D=E5=8A=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 实现了 ViewModelRtService 接口,提供视图模型字段信息获取功能 - 新增 ColumnSecurityFieldInfo 类用于存储列权限字段信息 - 在 VMManagerConfig 中注册 ViewModelRtServiceImpl 作为 Bean- 更新 pom.xml 文件,添加新的模块和依赖 --- pom.xml | 6 + view-object-manager/pom.xml | 4 + .../vmmanager/config/VMManagerConfig.java | 7 + .../service/ViewModelRtServiceImpl.java | 164 ++++++++++++++++++ view-object-rtapi/pom.xml | 36 ++++ .../formserver/rt/api/ViewModelRtService.java | 32 ++++ .../rt/api/dto/ColumnSecurityFieldInfo.java | 35 ++++ 7 files changed, 284 insertions(+) create mode 100644 view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java create mode 100644 view-object-rtapi/pom.xml create mode 100644 view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/ViewModelRtService.java create mode 100644 view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/dto/ColumnSecurityFieldInfo.java diff --git a/pom.xml b/pom.xml index 4cc2c2a..111ed01 100644 --- a/pom.xml +++ b/pom.xml @@ -36,6 +36,7 @@ view-object-webapi view-object-rtwebapi view-object-api + view-object-rtapi @@ -83,6 +84,11 @@ view-object-api ${project.version} + + com.inspur.edp + view-object-rtapi + ${project.version} + com.inspur.edp view-object-manager diff --git a/view-object-manager/pom.xml b/view-object-manager/pom.xml index d167808..75fd250 100644 --- a/view-object-manager/pom.xml +++ b/view-object-manager/pom.xml @@ -31,6 +31,10 @@ com.inspur.edp view-object-api + + com.inspur.edp + view-object-rtapi + com.inspur.edp view-object-model diff --git a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/config/VMManagerConfig.java b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/config/VMManagerConfig.java index 569666e..f4951fa 100644 --- a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/config/VMManagerConfig.java +++ b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/config/VMManagerConfig.java @@ -17,9 +17,12 @@ package com.inspur.edp.formserver.vmmanager.config; import com.inspur.edp.caf.cef.dt.spi.CommonStructureSchemaExtension; +import com.inspur.edp.formserver.rt.api.ViewModelRtService; import com.inspur.edp.formserver.vmapi.ViewModelService; import com.inspur.edp.formserver.vmmanager.commonstructure.VMComStructureSchemaExtension; +import com.inspur.edp.formserver.vmmanager.service.ViewModelRtServiceImpl; import com.inspur.edp.formserver.vmmanager.service.ViewModelServiceImpl; +import com.inspur.edp.metadata.rtcustomization.api.CustomizationService; import io.iec.edp.caf.securityentry.api.manager.SecurityEntryService; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -35,6 +38,10 @@ public class VMManagerConfig { public ViewModelService getViewModelService(SecurityEntryService securityEntryService) { return new ViewModelServiceImpl(securityEntryService); } + @Bean("com.inspur.edp.formserver.vmmanager.service.ViewModelRtServiceImpl") + public ViewModelRtService getViewModelRtService(CustomizationService customizationService) { + return new ViewModelRtServiceImpl(customizationService); + } } diff --git a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java new file mode 100644 index 0000000..3ffcf37 --- /dev/null +++ b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2020 - present, Inspur Genersoft Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.inspur.edp.formserver.vmmanager.service; + +import com.inspur.edp.cef.designtime.api.IGspCommonField; +import com.inspur.edp.das.commonmodel.IGspCommonObject; +import com.inspur.edp.formserver.rt.api.ViewModelRtService; +import com.inspur.edp.formserver.rt.api.dto.ColumnSecurityFieldInfo; +import com.inspur.edp.formserver.viewmodel.GspViewModel; +import com.inspur.edp.formserver.viewmodel.GspViewObject; +import com.inspur.edp.formserver.viewmodel.collection.VMElementCollection; +import com.inspur.edp.formserver.viewmodel.collection.ViewObjectCollection; +import com.inspur.edp.formserver.viewmodel.exception.ViewModelException; +import com.inspur.edp.formserver.vmmanager.exception.VoManagerErrorCodes; +import com.inspur.edp.lcm.metadata.api.entity.GspMetadata; +import com.inspur.edp.metadata.rtcustomization.api.CustomizationService; +import com.inspur.edp.metadata.rtcustomization.api.entity.MetadataQueryParam; +import com.inspur.edp.metadata.rtcustomization.api.entity.MetadataScopeEnum; +import io.iec.edp.caf.commons.utils.CollectionUtils; +import org.apache.commons.lang3.StringUtils; + +import javax.annotation.Nullable; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * 视图对象服务实现类 + */ +public class ViewModelRtServiceImpl implements ViewModelRtService { + private final CustomizationService customizationService; + + public ViewModelRtServiceImpl(CustomizationService customizationService) { + this.customizationService = customizationService; + } + + @Override + public Map getViewModelColumnSecurityFieldInfo(String viewModelId, List fieldIds) { + // 参数不合法时返回空集合 + if (StringUtils.isBlank(viewModelId) || CollectionUtils.isEmpty(fieldIds)) { + return Collections.emptyMap(); + } + // 获取主对象,若获取元数据存在异常,则返回空 + GspViewObject mainObject = getGspViewObject(viewModelId); + // 如果主对象为空,则返回空集合 + if (mainObject == null) { + return Collections.emptyMap(); + } + // 创建结果集 + Map result = new HashMap<>(); + + // 遍历路径集合获取对应字段 + for (String fieldId : fieldIds) { + // 分割路径节点 + String[] pathSegments = fieldId.split("#"); + // 跳过空路径 + if (pathSegments.length == 0) { + continue; + } + + // 逐级定位节点 + GspViewObject currentObject = mainObject; + for (int i = 0; i < pathSegments.length - 1; i++) { + // 逐级获取子节点 + currentObject = findChildByCode(currentObject.getContainChildObjects(), pathSegments[i]); + // 如果子节点为空,则跳出循环 + if (currentObject == null) { + break; + } + } + // 如果子节点为空,则跳过当前fieldId + if (currentObject == null) { + continue; + } + + // 定位字段 + IGspCommonField field = findFieldByCode(currentObject.getContainElements(), + pathSegments[pathSegments.length - 1]); + if (field == null) { + continue; + } + + // 组装结果 + ColumnSecurityFieldInfo info = new ColumnSecurityFieldInfo(); + info.setId(field.getID()); + info.setCode(field.getCode()); + info.setName(field.getName()); + result.put(fieldId, info); + } + return result; + } + + /** + * 根据视图模型ID获取主对象 + * @param viewModelId 视图模型ID + * @return 主对象 + */ + @Nullable + private GspViewObject getGspViewObject(String viewModelId) { + // 获取元数据 + GspMetadata gspMetadata = customizationService.getGspMetadata(new MetadataQueryParam(viewModelId, true, MetadataScopeEnum.RUNTIME)); + // 如果元数据不存在, 则返回null + if (gspMetadata == null) { + return null; + } + // 如果元数据不是视图模型元数据,则抛出异常 + if (!(gspMetadata.getContent() instanceof GspViewModel)) { + throw new ViewModelException(VoManagerErrorCodes.GSP_VIEWOBJECT_MANAGER_0094, null, viewModelId); + } + // 获取视图模型元数据 + GspViewModel viewModel = (GspViewModel) gspMetadata.getContent(); + return viewModel.getMainObject(); + } + + /** + * 在子节点集合中查找指定编码的节点 + * @param children 子节点集合 + * @param code 要查找的编码 + */ + private GspViewObject findChildByCode(ViewObjectCollection children, String code) { + if (children == null || code == null) { + return null; + } + for (IGspCommonObject obj : children) { + if (obj instanceof GspViewObject && code.equals(obj.getCode())) { + return (GspViewObject) obj; + } + } + return null; + } + + /** + * 在字段集合中查找指定编码的字段 + * @param elements 字段集合 + * @param code 要查找的编码 + * @return 字段 + */ + private IGspCommonField findFieldByCode(VMElementCollection elements, String code) { + if (elements == null || code == null) { + return null; + } + for (IGspCommonField field : elements) { + if (code.equals(field.getCode())) { + return field; + } + } + return null; + } +} diff --git a/view-object-rtapi/pom.xml b/view-object-rtapi/pom.xml new file mode 100644 index 0000000..8aeb985 --- /dev/null +++ b/view-object-rtapi/pom.xml @@ -0,0 +1,36 @@ + + + + + 4.0.0 + + com.inspur.edp + viewObject-model1 + 0.2.0-SNAPSHOT + + + view-object-rtapi + + + 8 + 8 + UTF-8 + + + \ No newline at end of file diff --git a/view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/ViewModelRtService.java b/view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/ViewModelRtService.java new file mode 100644 index 0000000..9b23a89 --- /dev/null +++ b/view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/ViewModelRtService.java @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2020 - present, Inspur Genersoft Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.inspur.edp.formserver.rt.api; + +import com.inspur.edp.formserver.rt.api.dto.ColumnSecurityFieldInfo; + +import java.util.List; +import java.util.Map; + +public interface ViewModelRtService { + /** + * 根据列权限字段中记录的视图模型字段路径编码集合获取视图模型字段信息 + * @param viewModelId 视图模型id + * @param fieldIds 视图模型字段路径编码集合 + * @return 视图模型字段信息 + */ + Map getViewModelColumnSecurityFieldInfo(String viewModelId, List fieldIds); +} diff --git a/view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/dto/ColumnSecurityFieldInfo.java b/view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/dto/ColumnSecurityFieldInfo.java new file mode 100644 index 0000000..d18472e --- /dev/null +++ b/view-object-rtapi/src/main/java/com/inspur/edp/formserver/rt/api/dto/ColumnSecurityFieldInfo.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2020 - present, Inspur Genersoft Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.inspur.edp.formserver.rt.api.dto; + +import lombok.Getter; +import lombok.Setter; + +/** + * 列权限对应字段信息 + * @author sunhongfei01 + */ +@Getter +@Setter +public class ColumnSecurityFieldInfo { + // 字段ID + private String id; + // 字段编码 + private String code; + // 字段名称 + private String name; +} -- Gitee From df966b7aaa111b3f2d8db2b831ee519ca4d37025 Mon Sep 17 00:00:00 2001 From: sunhongfei01 Date: Thu, 10 Apr 2025 15:23:34 +0800 Subject: [PATCH 2/5] =?UTF-8?q?build:=E5=8D=87=E7=BA=A7=20bff-engine=20?= =?UTF-8?q?=E7=89=88=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 将 bff-engine 版本从 0.1.5 升级到 0.1.7 - 此更新可能包含 bug 修复、性能优化或其他改进 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 111ed01..0629018 100644 --- a/pom.xml +++ b/pom.xml @@ -54,7 +54,7 @@ 0.2.26 0.1.18 0.2.17 - 0.1.5 + 0.1.7 0.1.5 0.1.36 0.1.15 -- Gitee From e03a8cdea2f0b7407bfc52f82b18055cd8c411c5 Mon Sep 17 00:00:00 2001 From: sunhongfei01 Date: Mon, 14 Apr 2025 16:30:47 +0800 Subject: [PATCH 3/5] =?UTF-8?q?feat(security):=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E8=A7=86=E5=9B=BE=E5=AF=B9=E8=B1=A1=E5=88=97=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=8E=A7=E5=88=B6=E5=B9=B6=E4=BC=98=E5=8C=96=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=A4=84=E7=90=86=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 新增列权限处理逻辑,实现对视图对象列级权限的控制 - 优化功能权限、数据权限和规则权限的处理逻辑 -增加权限配置有效性校验,确保只保存合法的权限配置 - 重构代码,提高权限处理的可读性和可维护性 --- .../service/ViewModelServiceImpl.java | 211 ++++++++++++++++-- 1 file changed, 189 insertions(+), 22 deletions(-) diff --git a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java index 649cdf4..2473c5e 100644 --- a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java +++ b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java @@ -43,6 +43,8 @@ public class ViewModelServiceImpl implements ViewModelService { private static final String PERMRULE_AUTH_SECURITY_EXTTYPE = "VMRule"; // 数据权限extType private static final String AUTH_SECURITY_EXTTYPE = "VM"; + // 列权限extType + private static final String COLUMN_SECURITY_EXTTYPE = "VM"; // 权限服务 private final SecurityEntryService securityEntryService; @@ -82,13 +84,7 @@ public class ViewModelServiceImpl implements ViewModelService { // 事务开始 tran.begin(); // 保存功能权限 - SecurityEntry funcSecurity = authInfo.getFuncSecurity(); - // 若权限ID不为空且待删除的权限ID集合中包含当前权限ID时应将其移除不做保存 - if (funcSecurity != null && (StringUtils.isBlank(funcSecurity.getId()) || !authIdsToDelete.contains(funcSecurity.getId()))) { - funcSecurity.setEx1(viewModelId); - funcSecurity.setExtType(FUNC_SECURITY_EXTTYPE); - securityEntryService.saveFuncSecurityEntry(funcSecurity); - } + handleFuncSecurity(viewModelId, authIdsToDelete, authInfo.getFuncSecurity()); // 保存数据权限信息 Map authSecurityMap = authInfo.getAuthSecurityMap(); @@ -100,29 +96,26 @@ public class ViewModelServiceImpl implements ViewModelService { // 判断是否为权限规则 if (value.isPermRule()) { // 保存权限规则 - SecurityEntry4RuleDTO permSecurityEntry = value.getPermSecurityEntry(); - // 若权限ID不为空且待删除的权限ID集合中包含当前权限ID时应将其移除不做保存 - if (permSecurityEntry != null - && (StringUtils.isBlank(permSecurityEntry.getId()) - || !authIdsToDelete.contains(permSecurityEntry.getId()))) { - permSecurityEntry.setEx1(viewModelId); - permSecurityEntry.setExtType(PERMRULE_AUTH_SECURITY_EXTTYPE); - securityEntryService.saveAuthRuleSecurityEntryDTO(permSecurityEntry); + handlePermSecurity(viewModelId, authIdsToDelete, value.getPermSecurityEntry()); + // 若存在数据权限则移除 + if (value.getAuthSecurityEntry() != null && StringUtils.isNotBlank(value.getAuthSecurityEntry().getId())) { + authIdsToDelete.add(value.getAuthSecurityEntry().getId()); } + } else { // 保存数据权限 - SecurityEntry authSecurityEntry = value.getAuthSecurityEntry(); - // 若权限ID不为空且待删除的权限ID集合中包含当前权限ID时应将其移除不做保存 - if (authSecurityEntry != null && (StringUtils.isBlank(authSecurityEntry.getId()) - || !authIdsToDelete.contains(authSecurityEntry.getId()))) { - authSecurityEntry.setEx1(viewModelId); - authSecurityEntry.setExtType(AUTH_SECURITY_EXTTYPE); - securityEntryService.saveAuthSecurityEntry(authSecurityEntry); + handleAuthSecurity(viewModelId, authIdsToDelete, value.getAuthSecurityEntry()); + // 若存在数据权限则移除 + if (value.getPermSecurityEntry() != null && StringUtils.isNotBlank(value.getPermSecurityEntry().getId())) { + authIdsToDelete.add(value.getPermSecurityEntry().getId()); } } } } + // 保存列权限 + handleColumnSecurity(viewModelId, authIdsToDelete, authInfo.getColumnSecurity()); + // 删除权限 if (!CollectionUtils.isEmpty(authIdsToDelete)) { for (String authId : authIdsToDelete) { @@ -142,6 +135,104 @@ public class ViewModelServiceImpl implements ViewModelService { } } + private void handleColumnSecurity(String viewModelId, Set authIdsToDelete, SecurityEntry columnSecurity) { + if (isConfigedColumnSecurityEntry(columnSecurity)) { + // 有效权限处理逻辑 + if (StringUtils.isBlank(columnSecurity.getId())) { + // ID不存在时直接保存 + columnSecurity.setEx1(viewModelId); + columnSecurity.setExtType(COLUMN_SECURITY_EXTTYPE); + columnSecurity.setAuthType(AuthType.ColumnLevel); + securityEntryService.saveVOColumn(columnSecurity); + } else if (!authIdsToDelete.contains(columnSecurity.getId())) { + // ID存在且不在删除列表时保存 + columnSecurity.setEx1(viewModelId); + columnSecurity.setExtType(COLUMN_SECURITY_EXTTYPE); + columnSecurity.setAuthType(AuthType.ColumnLevel); + securityEntryService.saveVOColumn(columnSecurity); + } + } else { + // 无效权限处理逻辑 + if (StringUtils.isNotBlank(columnSecurity.getId())) { + // ID存在时加入删除列表 + authIdsToDelete.add(columnSecurity.getId()); + } + // ID不存在时无需处理 + } + } + + private void handleAuthSecurity(String viewModelId, Set authIdsToDelete, SecurityEntry authSecurityEntry) { + if (isConfigedAuthSecurityEntry(authSecurityEntry)) { + // 有效权限处理逻辑 + if (StringUtils.isBlank(authSecurityEntry.getId())) { + // ID不存在时直接保存 + authSecurityEntry.setEx1(viewModelId); + authSecurityEntry.setExtType(AUTH_SECURITY_EXTTYPE); + securityEntryService.saveAuthSecurityEntry(authSecurityEntry); + } else if (!authIdsToDelete.contains(authSecurityEntry.getId())) { + // ID存在且不在删除列表时保存 + authSecurityEntry.setEx1(viewModelId); + authSecurityEntry.setExtType(AUTH_SECURITY_EXTTYPE); + securityEntryService.saveAuthSecurityEntry(authSecurityEntry); + } + } else { + // 无效权限处理逻辑 + if (StringUtils.isNotBlank(authSecurityEntry.getId())) { + // ID存在时加入删除列表 + authIdsToDelete.add(authSecurityEntry.getId()); + } + // ID不存在时无需处理 + } + } + + private void handlePermSecurity(String viewModelId, Set authIdsToDelete, SecurityEntry4RuleDTO permSecurityEntry) throws Exception { + if (isConfigedPermSecurityEntry(permSecurityEntry)) { + // 有效权限处理逻辑 + if (StringUtils.isBlank(permSecurityEntry.getId())) { + // ID不存在时直接保存 + permSecurityEntry.setEx1(viewModelId); + permSecurityEntry.setExtType(PERMRULE_AUTH_SECURITY_EXTTYPE); + securityEntryService.saveAuthRuleSecurityEntryDTO(permSecurityEntry); + } else if (!authIdsToDelete.contains(permSecurityEntry.getId())) { + // ID存在且不在删除列表时保存 + permSecurityEntry.setEx1(viewModelId); + permSecurityEntry.setExtType(PERMRULE_AUTH_SECURITY_EXTTYPE); + securityEntryService.saveAuthRuleSecurityEntryDTO(permSecurityEntry); + } + } else { + // 无效权限处理逻辑 + if (StringUtils.isNotBlank(permSecurityEntry.getId())) { + // ID存在时加入删除列表 + authIdsToDelete.add(permSecurityEntry.getId()); + } + // ID不存在时无需处理 + } + } + + private void handleFuncSecurity(String viewModelId, Set authIdsToDelete, SecurityEntry funcSecurity) { + if (isConfigedFuncSecurityEntry(funcSecurity)) { + // 有效权限处理逻辑 + if (StringUtils.isBlank(funcSecurity.getId())) { + // ID不存在时直接保存 + funcSecurity.setEx1(viewModelId); + funcSecurity.setExtType(FUNC_SECURITY_EXTTYPE); + securityEntryService.saveFuncSecurityEntry(funcSecurity); + } else if (!authIdsToDelete.contains(funcSecurity.getId())) { + // ID存在且不在删除列表时保存 + funcSecurity.setEx1(viewModelId); + funcSecurity.setExtType(FUNC_SECURITY_EXTTYPE); + securityEntryService.saveFuncSecurityEntry(funcSecurity); + } + } else { + // 无效权限处理逻辑 + if (funcSecurity != null && StringUtils.isNotBlank(funcSecurity.getId())) { + // ID存在时加入删除列表 + authIdsToDelete.add(funcSecurity.getId()); + } + // ID不存在时无需处理 + } + } + @Override public ViewModelAuthInfoDto loadViewModelAuthInfo(String viewModelId) { ViewModelAuthInfoDto authInfo = new ViewModelAuthInfoDto(); @@ -167,6 +258,82 @@ public class ViewModelServiceImpl implements ViewModelService { authSecuritySelect.setAuthType(AuthType.Auth); SecurityEntry authSecurityEntry = securityEntryService.getAuthSecurityEntry(authSecuritySelect); authInfo.addAuthSecurityEntry(viewModelId, authSecurityEntry, permRuleSecurityEntry); + + // 查询视图对象的列权限 + SecurityEntry columnSecuritySelect = new SecurityEntry(); + columnSecuritySelect.setEx1(viewModelId); + columnSecuritySelect.setExtType(COLUMN_SECURITY_EXTTYPE); + columnSecuritySelect.setAuthType(AuthType.ColumnLevel); + authInfo.setColumnSecurity(securityEntryService.getVOColumn(columnSecuritySelect)); + return authInfo; } + + /** + * 判断功能权限是否已配置 + * 校验规则: + * 1. 权限对象ID不能为空(authObjIds) + * 2. 必须包含至少一个功能操作关系(opRelations) + * + * @param funcSecurityEntry 功能权限 + * @return true-已配置有效权限需要保存,false-无需保存 + */ + private boolean isConfigedFuncSecurityEntry(SecurityEntry funcSecurityEntry) { + return funcSecurityEntry!=null + && StringUtils.isNotBlank(funcSecurityEntry.getAuthObjIds()) + && !CollectionUtils.isEmpty(funcSecurityEntry.getOpRelations()); + } + + /** + * 校验数据权限配置有效性 + * 需要满足: + * 1. 权限对象ID不能为空 + * 2. 至少配置一个认证字段(authFields) + * + * @param authSecurityEntry 数据权限 + * @return true-需要保存的合法配置 + */ + private boolean isConfigedAuthSecurityEntry(SecurityEntry authSecurityEntry) { + return authSecurityEntry != null + && StringUtils.isNotBlank(authSecurityEntry.getAuthObjIds()) + && !CollectionUtils.isEmpty(authSecurityEntry.getAuthFields()); + } + /** + * 校验规则型权限配置有效性 + * 需满足: + * 1. 规则规则结构必须存在(authorizationDTO) + * 2. 规则规则列表不能为空(authEntryRuleList) + * 3. 规则列表不能为空(securityRuleEntryList) + * + * @param permSecurityEntry 规则权限 + * @return true-合法配置需要保存 + */ + private boolean isConfigedPermSecurityEntry(SecurityEntry4RuleDTO permSecurityEntry) { + return permSecurityEntry != null + && permSecurityEntry.getAuthorizationDTO() != null + && !CollectionUtils.isEmpty(permSecurityEntry.getAuthorizationDTO().getAuthEntryRuleList()) + && !CollectionUtils.isEmpty(permSecurityEntry.getSecurityRuleEntryList()); + } + /** + * 校验列权限配置有效性 + * 需要满足: + * 1. 权限对象ID不为空 + * 2. 必须且只能配置一个字段的权限 + * 3. 该字段必须包含: + * - 列集合不能为空(authFieldElements) + * - 必须且只能配置一个操作关系 + * + * @param columnSecurityEntry 列级权限条目 + * @return true-符合要求的列级权限配置 + */ + private boolean isConfigedColumnSecurityEntry(SecurityEntry columnSecurityEntry) { + return columnSecurityEntry != null + && StringUtils.isNotBlank(columnSecurityEntry.getAuthObjIds()) + && columnSecurityEntry.getAuthFields() != null + && columnSecurityEntry.getAuthFields().size() == 1 + && columnSecurityEntry.getAuthFields().get(0) != null + && !CollectionUtils.isEmpty(columnSecurityEntry.getAuthFields().get(0).getAuthFieldElements()) + && columnSecurityEntry.getAuthFields().get(0).getAuthOpRelations() != null + && columnSecurityEntry.getAuthFields().get(0).getAuthOpRelations().size() == 1; + } } -- Gitee From f9787adc2ec3454b638f0835fab1bbb075b14968 Mon Sep 17 00:00:00 2001 From: sunhongfei01 Date: Wed, 16 Apr 2025 17:50:56 +0800 Subject: [PATCH 4/5] =?UTF-8?q?refactor(security):=20=E4=BC=98=E5=8C=96?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E6=9D=83=E9=99=90=E9=85=8D=E7=BD=AE=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit -移除了对权限对象 ID(authObjIds) 的校验 -增加了对操作关系中操作 ID(operationId) 的校验 - 优化了校验逻辑,提高了代码可读性和准确性 --- .../formserver/vmmanager/service/ViewModelServiceImpl.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java index 2473c5e..1939a33 100644 --- a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java +++ b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelServiceImpl.java @@ -272,16 +272,15 @@ public class ViewModelServiceImpl implements ViewModelService { /** * 判断功能权限是否已配置 * 校验规则: - * 1. 权限对象ID不能为空(authObjIds) - * 2. 必须包含至少一个功能操作关系(opRelations) + * 1. 必须包含至少一个功能操作关系(opRelations)且关系中操作(operationId)不能为空 * * @param funcSecurityEntry 功能权限 * @return true-已配置有效权限需要保存,false-无需保存 */ private boolean isConfigedFuncSecurityEntry(SecurityEntry funcSecurityEntry) { return funcSecurityEntry!=null - && StringUtils.isNotBlank(funcSecurityEntry.getAuthObjIds()) - && !CollectionUtils.isEmpty(funcSecurityEntry.getOpRelations()); + && !CollectionUtils.isEmpty(funcSecurityEntry.getOpRelations()) + && funcSecurityEntry.getOpRelations().stream().anyMatch(item -> StringUtils.isNotBlank(item.getOperationId())); } /** -- Gitee From e901fb84457e44f258aac6334ea6ad9ab62885d8 Mon Sep 17 00:00:00 2001 From: sunhongfei01 Date: Thu, 8 May 2025 10:25:18 +0800 Subject: [PATCH 5/5] =?UTF-8?q?refactor(view-object-manager):=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E8=A7=86=E5=9B=BE=E5=AF=B9=E8=B1=A1=E6=9C=8D=E5=8A=A1?= =?UTF-8?q?=E7=9A=84=E6=97=A5=E5=BF=97=E8=AE=B0=E5=BD=95=E5=92=8C=E5=8F=82?= =?UTF-8?q?=E6=95=B0=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在 ViewModelRtServiceImpl 类中添加了日志记录,提高了系统的可追踪性和可维护性 - 优化了 findChildByCode 和 findFieldByCode 方法的参数校验,增强了代码的健壮性 - 使用了 Lombok 的 @Slf4j 注解,简化了日志记录的配置 --- .../vmmanager/service/ViewModelRtServiceImpl.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java index 3ffcf37..1c0f82a 100644 --- a/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java +++ b/view-object-manager/src/main/java/com/inspur/edp/formserver/vmmanager/service/ViewModelRtServiceImpl.java @@ -31,6 +31,7 @@ import com.inspur.edp.metadata.rtcustomization.api.CustomizationService; import com.inspur.edp.metadata.rtcustomization.api.entity.MetadataQueryParam; import com.inspur.edp.metadata.rtcustomization.api.entity.MetadataScopeEnum; import io.iec.edp.caf.commons.utils.CollectionUtils; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import javax.annotation.Nullable; @@ -42,6 +43,7 @@ import java.util.Map; /** * 视图对象服务实现类 */ +@Slf4j public class ViewModelRtServiceImpl implements ViewModelRtService { private final CustomizationService customizationService; @@ -59,6 +61,7 @@ public class ViewModelRtServiceImpl implements ViewModelRtService { GspViewObject mainObject = getGspViewObject(viewModelId); // 如果主对象为空,则返回空集合 if (mainObject == null) { + log.debug("查询视图对象[{}]列权限时,视图对象不存在或其不存在主对象。", viewModelId); return Collections.emptyMap(); } // 创建结果集 @@ -70,6 +73,7 @@ public class ViewModelRtServiceImpl implements ViewModelRtService { String[] pathSegments = fieldId.split("#"); // 跳过空路径 if (pathSegments.length == 0) { + log.debug("查询视图对象[{}]列权限时,存在fieldId分割后为空", viewModelId); continue; } @@ -80,11 +84,13 @@ public class ViewModelRtServiceImpl implements ViewModelRtService { currentObject = findChildByCode(currentObject.getContainChildObjects(), pathSegments[i]); // 如果子节点为空,则跳出循环 if (currentObject == null) { + log.debug("查询视图对象[{}]列权限时,fieldid[{}]中指定的节点编码[{}]不存在", viewModelId, fieldId, pathSegments[i]); break; } } // 如果子节点为空,则跳过当前fieldId if (currentObject == null) { + log.debug("查询视图对象[{}]列权限时,fieldid[{}]中指定的节点路径不存在", viewModelId, fieldId); continue; } @@ -92,6 +98,7 @@ public class ViewModelRtServiceImpl implements ViewModelRtService { IGspCommonField field = findFieldByCode(currentObject.getContainElements(), pathSegments[pathSegments.length - 1]); if (field == null) { + log.debug("查询视图对象[{}]列权限时,fieldid[{}]未在指定节点路径下找到对应编码[{}]的字段", viewModelId, fieldId, pathSegments[pathSegments.length - 1]); continue; } @@ -133,7 +140,7 @@ public class ViewModelRtServiceImpl implements ViewModelRtService { * @param code 要查找的编码 */ private GspViewObject findChildByCode(ViewObjectCollection children, String code) { - if (children == null || code == null) { + if (children == null || StringUtils.isBlank(code)) { return null; } for (IGspCommonObject obj : children) { @@ -151,7 +158,7 @@ public class ViewModelRtServiceImpl implements ViewModelRtService { * @return 字段 */ private IGspCommonField findFieldByCode(VMElementCollection elements, String code) { - if (elements == null || code == null) { + if (elements == null || StringUtils.isBlank(code)) { return null; } for (IGspCommonField field : elements) { -- Gitee