package com.vci.web.controller; import com.vci.corba.common.PLException; import com.vci.corba.omd.data.BusinessObject; import com.vci.starter.web.enumpck.DataSecretEnum; import com.vci.starter.web.enumpck.UserSecretEnum; import com.vci.starter.web.pagemodel.BaseResult; import com.vci.starter.web.pagemodel.SessionInfo; import com.vci.dto.BaseModelDTO; import com.vci.dto.BaseModelDTOList; import com.vci.web.properties.WebProperties; import com.vci.web.service.WebSecretServiceI; import com.vci.web.util.WebUtil; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import javax.servlet.http.HttpServletRequest; /** * 数据权限控制 * @author weidy */ @Controller @RequestMapping("/webDataRightController") public class WebDataRightController { /** * 日志 */ private Logger logger = LoggerFactory.getLogger(getClass()); /** * 配置信息 */ @Autowired private WebProperties webProperties; /** * 密级的信息 */ @Autowired private WebSecretServiceI secretService; /** * 获取数据权限校验的开关 * @return Json */ @ResponseBody @RequestMapping("/getDataRightSwitch") public BaseResult getDataRightSwitch(){ return BaseResult.success(webProperties.isDataRight()); } /** * 对业务数据校验数据权限 * @param methodKey 按钮的标识 * @param sourceData 业务数据 * @return Json */ @ResponseBody @RequestMapping("/checkDataRightForBO") public BaseResult checkDataRightForBO(String methodKey, BaseModelDTOList sourceData, HttpServletRequest request){ if(!webProperties.isDataRight()){ return BaseResult.success(true); }else{ if(sourceData == null ){ return BaseResult.fail("没有传递业务类型的数据,无法校验"); }else if (StringUtils.isBlank(methodKey)){ return BaseResult.fail("没有传递按钮标识符,无法校验"); }else{ //先判断密级 //weidy修改,换成从线程里获取当前用户信息 SessionInfo si = WebUtil.getCurrentUserSessionInfo(); // DataRightUtil dataRightUtil = new DataRightUtil(new HashMap()); StringBuilder sb = new StringBuilder(); return BaseResult.fail(""); } } } /** * 回去选择的数据 * @param boData 业务数据的信息 * @return 选择的数据 * @throws PLException 缺少的时候会抛出异常 */ protected Object getSelectedObject(BaseModelDTO boData) throws PLException { //此方法没有被引用,且IDataNode对象没有 // IDataNode selectedObject = new DefaultTableNode(); BusinessObject cbo = new BusinessObject(); if(StringUtils.isBlank(boData.getOid())){ throw new PLException("没有获取到数据的主键",new String[0]); } if(StringUtils.isBlank(boData.getRevisionOid())){ throw new PLException("没有获取到数据的版本主键",new String[0]); } if(StringUtils.isBlank(boData.getNameOid())){ throw new PLException("没有获取到数据的项主键",new String[0]); } if(StringUtils.isBlank(boData.getBtmName())){ throw new PLException("没有获取到数据的业务类型",new String[0]); } cbo.oid = boData.getOid(); cbo.revoid = boData.getRevisionOid(); cbo.nameoid = boData.getNameOid(); cbo.btName = boData.getBtmName(); return null; } /** * 判断当前用户的密级是否有权限来访问数据的密级 * @param dataSecret 数据的密级 * @return 判断结果 */ @RequestMapping("/checkDataSecret") @ResponseBody public BaseResult checkDataSecret(int dataSecret){ //weidy修改,换成从线程里获取当前用户信息 SessionInfo si = WebUtil.getCurrentUserSessionInfo(); if(webProperties.isSecretRight() && dataSecret > -1){ int userSecret = WebUtil.getInt(si.getUserSecret()); if (!secretService.checkDataSecret(dataSecret, userSecret) ){ return BaseResult.fail("您的密级不能操作这条数据,您的密级为" + UserSecretEnum.getSecretText(userSecret) + ",数据的密级为" + DataSecretEnum.getSecretText(dataSecret)); } } return BaseResult.success(); } }