package com.vci.web.service.impl; import com.vci.frameworkcore.compatibility.SmUserQueryServiceI; import com.vci.frameworkcore.pagemodel.SmUserVO; import com.vci.starter.web.enumpck.DataSecretEnum; import com.vci.starter.web.enumpck.UserSecretEnum; import com.vci.starter.web.exception.VciBaseException; import com.vci.starter.web.util.VciBaseUtil; import com.vci.web.constant.EnumIdConstant; import com.vci.web.pageModel.KeyValue; import com.vci.web.properties.WebProperties; import com.vci.web.service.WebBoServiceI; import com.vci.web.service.OsEnumServiceI; import com.vci.web.service.WebSecretServiceI; import com.vci.web.util.WebUtil; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; import plm.bs.bom.clientobject.ClientBusinessObject; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.stream.Collectors; import static com.vci.frameworkcore.constant.FrameWorkBusLangCodeConstant.DATA_ID_NOT_EXIST; /** * 密级的服务 * @author weidy * @date 2021-2-16 */ @Service public class WebSecretServiceImpl implements WebSecretServiceI { /** * 枚举的服务 */ @Autowired(required = false) @Lazy private OsEnumServiceI enumService; /** * 用户查询服务 */ @Autowired private SmUserQueryServiceI userQueryService; /** * 业务类型服务 */ @Autowired private WebBoServiceI boService; /** * 属性的对象 */ @Autowired private WebProperties properties; /** * 获取用户密级的最小值 * * @return 密级的值 * @throws VciBaseException 查询出错会抛出异常 */ @Override public int getMinUserSecret() throws VciBaseException { List enumKeyValueList = enumService.getEnum(EnumIdConstant.USERSECRET_ENUMNAME); //重新设置枚举的值 if(!CollectionUtils.isEmpty(enumKeyValueList)){ List keyValues = enumKeyValueList.stream().sorted((a, b) -> ((Integer) VciBaseUtil.getInt(a.getKey())).compareTo((Integer) VciBaseUtil.getInt(b.getKey()))).collect(Collectors.toList()); for(int i = 0 ; i < keyValues.size() ; i++){ KeyValue keyValue = keyValues.get(i); if(i ==0){ UserSecretEnum.NONE.setValue(VciBaseUtil.getInt(keyValue.getKey())); UserSecretEnum.NONE.setText(keyValue.getValue()); }else if(i ==1){ UserSecretEnum.SECRET.setValue(VciBaseUtil.getInt(keyValue.getKey())); UserSecretEnum.SECRET.setText(keyValue.getValue()); }else{ UserSecretEnum.PRIVACY.setValue(VciBaseUtil.getInt(keyValue.getKey())); UserSecretEnum.PRIVACY.setText(keyValue.getValue()); } } } return getMinValueInKeyValueList(enumKeyValueList,UserSecretEnum.NONE.getValue()); } /** * 获取枚举中的最小值 * @param enumKeyValueList 枚举K-V列表 * @param minValue 最小值 * @return 最小值 */ private int getMinValueInKeyValueList( List enumKeyValueList,int minValue){ for(KeyValue ec : enumKeyValueList){ int value = VciBaseUtil.getInt(ec.getKey()); if(minValue> value){ minValue = value; } } return minValue; } /** * 获取数据密级的默认值 * * @return 最小密级的值 * @throws VciBaseException 查询出错会抛出异常 */ @Override public int getMinDataSecret() throws VciBaseException { List enumKeyValueList = enumService.getEnum(EnumIdConstant.DATASECRET_ENUMNAME); //重新设置枚举的值 if(!CollectionUtils.isEmpty(enumKeyValueList)){ List keyValues = enumKeyValueList.stream().sorted((a, b) -> ((Integer) VciBaseUtil.getInt(a.getKey())).compareTo((Integer) VciBaseUtil.getInt(b.getKey()))).collect(Collectors.toList()); for(int i = 0 ; i < keyValues.size() ; i++){ KeyValue keyValue = keyValues.get(i); if(i ==0){ DataSecretEnum.NONE.setValue(VciBaseUtil.getInt(keyValue.getKey())); DataSecretEnum.NONE.setText(keyValue.getValue()); }else if(i ==1){ DataSecretEnum.INNER.setValue(VciBaseUtil.getInt(keyValue.getKey())); DataSecretEnum.INNER.setText(keyValue.getValue()); }else if(i ==2){ DataSecretEnum.SECRET.setValue(VciBaseUtil.getInt(keyValue.getKey())); DataSecretEnum.SECRET.setText(keyValue.getValue()); }else{ DataSecretEnum.PRIVACY.setValue(VciBaseUtil.getInt(keyValue.getKey())); DataSecretEnum.PRIVACY.setText(keyValue.getValue()); } } } return getMinValueInKeyValueList(enumKeyValueList,DataSecretEnum.NONE.getValue()); } /** * 获取IP密级的默认值 * * @return 最小密级的值 * @throws VciBaseException 查询出错会抛出异常 */ @Override public int getMinIpSecret() throws VciBaseException { List enumKeyValueList = enumService.getEnum(EnumIdConstant.IPSECRET_ENUMNAME); return getMinValueInKeyValueList(enumKeyValueList,10); } /** * 获取用户密级 * * @param userId 用户名 * @return 用户密级的值，如果没有密级，默认为最小密级 * @throws VciBaseException 查询出错会抛出异常 */ @Override public int getUserSecret(String userId) throws VciBaseException { WebUtil.alertNotNull(userId,"用户名"); SmUserVO userVO = userQueryService.getUserByUserId(userId); if(userVO == null || StringUtils.isBlank(userVO.getOid())){ throw new VciBaseException(DATA_ID_NOT_EXIST,new String[]{userId}); } return userVO.getSecretGrade()==null?getMinUserSecret():userVO.getSecretGrade(); } /** * 获取用户密级 * * @param userVO 用户的对象 * @return 密级，不存在的时候为最低密级 * @throws VciBaseException 查询出错会抛出异常 */ @Override public int getUserSecret(SmUserVO userVO) throws VciBaseException { if(userVO == null || StringUtils.isBlank(userVO.getOid())){ throw new VciBaseException(DATA_ID_NOT_EXIST,new String[0]); } return userVO.getSecretGrade()==null?getMinUserSecret():userVO.getSecretGrade(); } /** * 校验当前用户是否有权限访问数据 * * @param secret 数据的密级 * @return true表示可以访问 */ @Override public boolean checkDataSecret(int secret) { return checkDataSecret(secret,WebUtil.getCurrentUserSecret()==null?getMinUserSecret():WebUtil.getCurrentUserSecret()); } /** * 获取数据权限 * @param secret 数据的密级的值 * @return 数据密级 */ private DataSecretEnum dataSecretForValue(int secret){ for(DataSecretEnum de : DataSecretEnum.values()){ if(de.getValue() == secret){ return de; } } return null; } /** * 用户的密级 * @param userSecret 用户的密级 * @return 密级的对象 */ private UserSecretEnum userSecretForValue(int userSecret){ for(UserSecretEnum ue : UserSecretEnum.values()){ if(ue.getValue() == userSecret){ return ue; } } return null; } /** * 校验用户的密级是否是否有权限访问数据 * * @param secret 数据的密级 * @param userSecret 用户密级 * @return true表示可以访问 */ @Override public boolean checkDataSecret(int secret, int userSecret){ //可能被转换了下 DataSecretEnum de = dataSecretForValue(secret); if(de == null){ de = DataSecretEnum.NONE; } UserSecretEnum ue = userSecretForValue(userSecret); if(ue == null){ ue = UserSecretEnum.NONE; } int reaySecret = 0; switch (de){ case NONE: reaySecret=1; break; case INNER: reaySecret = 2; break; case SECRET: reaySecret = 3; break; default: reaySecret = 4; break; } int userReaySecret = 0; switch (ue){ case NONE: userReaySecret = 1; break; case SECRET: userReaySecret = 3; break; default: userReaySecret = 4; break; } if(reaySecret> userReaySecret){ return false; }else{ return true; } } /** * 根据用户名来校验数据密级 * * @param secret 数据的密级 * @param userId 用户名 * @return true表示可以访问 * @throws VciBaseException 查询出错会抛出异常 */ @Override public boolean checkDataSecret(int secret, String userId) throws VciBaseException { return checkDataSecret(secret,getUserSecret(userId)); } /** * 根据用户对象来校验数据密级 * * @param secret 数据密级 * @param userVO 用户的对象 * @return true表示可以访问 */ @Override public boolean checkDataSecret(int secret, SmUserVO userVO) { return checkDataSecret(secret,getUserSecret(userVO)); } /** * 获取IP地址的密级 * * @param ip ip地址 * @return 密级的值 * @throws VciBaseException 查询出错的时候会抛出异常 */ @Override public int getIpSecret(String ip) throws VciBaseException { if(StringUtils.isBlank(ip)){ return getMinIpSecret(); } Map conditionMap = new HashMap(); conditionMap.put("startip",ip.trim()); List ipCbos = boService.queryCBO(EnumIdConstant.IPSECRET_BTMNAME,conditionMap,null, Arrays.asList(new String[]{"ipsecret"})); int ipSecret = 0; if(ipCbos!=null&& ipCbos.size()>0){ ipSecret = WebUtil.getInt(ipCbos.get(0).getAttributeValue("ipsecret")); } if(ipSecret == 0){ ipSecret = getMinIpSecret(); } return ipSecret; } /** * 检查机器密级 * * @param ipSecret 机器密级 * @param userSecret 用户的密级 * @return true表示许可 */ @Override public boolean checkIpSecret(int ipSecret, int userSecret) { if(ipSecret> userSecret){ return false; }else{ return true; } } /** * 检查当前用户是否符合机器密级 * * @param ipSecret 机器密级 * @return true表示许可 */ @Override public boolean checkIpSecret(int ipSecret) { return checkIpSecret(ipSecret,WebUtil.getCurrentUserSecret()==null?getMinUserSecret():WebUtil.getCurrentUserSecret()); } /** * 校验指定ip和用户是否符合机器密级 * * @param ip ip地址 * @param userId 用户名 * @return true表示许可 * @throws VciBaseException 查询出错会抛出异常 */ @Override public boolean checkIpSecret(String ip, String userId) throws VciBaseException { return checkIpSecret(getIpSecret(ip),getUserSecret(userId)); } /** * 校验指定IP和用户对象符合机器密级 * * @param ip ip地址 * @param userVO 用户对象 * @return true表示许可 */ @Override public boolean checkIpSecret(String ip, SmUserVO userVO) { return checkIpSecret(getIpSecret(ip),getUserSecret(userVO)); } }