@Authorize(action = Permission.ACTION_ADD) @PostMapping @ResponseStatus(HttpStatus.CREATED) @ApiOperation(value = "新增") default ResponseMessage<PK> add(@RequestBody M data) { E entity = modelToEntity(data, getService().createEntity()); //自动添加创建人和创建时间 if (entity instanceof RecordCreationEntity) { RecordCreationEntity creationEntity = (RecordCreationEntity) entity; creationEntity.setCreateTimeNow(); creationEntity.setCreatorId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } //修改人和修改时间 if (entity instanceof RecordModifierEntity) { RecordModifierEntity creationEntity = (RecordModifierEntity) entity; creationEntity.setModifyTimeNow(); creationEntity.setModifierId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } return ok(getService().insert(entity)); }
@SuppressWarnings("all") protected boolean matchCreatorId(Object result, String userId) { if (null == result) { return true; } if (result instanceof RecordCreationEntity) { return userId.equals(((RecordCreationEntity) result).getCreatorId()); } else if (result instanceof Collection) { Collection<?> collection = ((Collection) result); //删掉不能访问的对象 collection.removeAll(collection.stream().filter((Object o) -> !matchCreatorId(o, userId)).collect(Collectors.toList())); } else { try { return userId.equals(PropertyUtils.getProperty(result, "creatorId")); } catch (Exception ignore) { } } return true; } }
@Override public int updateByPk(PK pk, E entity) { Assert.notNull(pk, "primary key can not be null"); Assert.hasText(String.valueOf(pk), "primary key can not be null"); Assert.notNull(entity, "entity can not be null"); entity.setId(pk); tryValidate(entity, UpdateGroup.class); return createUpdate(entity) //如果是RecordCreationEntity则不修改creator_id和creator_time .when(entity instanceof RecordCreationEntity, update -> update.and().excludes(((RecordCreationEntity) entity).getCreatorIdProperty(), RecordCreationEntity.createTime)) .where(GenericEntity.id, pk) .exec(); }
public boolean putCreatorId(OwnCreatedDataAccessConfig access, AuthorizingContext context) { RecordCreationEntity entity = context.getParamContext().getParams() .values().stream() .filter(RecordCreationEntity.class::isInstance) .map(RecordCreationEntity.class::cast) .findAny().orElse(null); if (entity != null) { entity.setCreatorId(context.getAuthentication().getUser().getId()); } else { logger.warn("try put creatorId property,but not found any RecordCreationEntity!"); } return true; }
@Override public PK insert(E entity) { if (!StringUtils.isEmpty(entity.getId())) { if ((entity.getId() instanceof String) && !StringUtils.isEmpty(entity.getId())) { tryValidateProperty(entity.getId().toString().matches("[a-zA-Z0-9_\\-]+"), "id", "只能由数字,字母,下划线,和-组成"); } tryValidateProperty(selectByPk(entity.getId()) == null, "id", entity.getId() + "已存在"); } if (StringUtils.isEmpty(entity.getId()) && getIDGenerator() != null) { entity.setId(getIDGenerator().generate()); } if (entity instanceof RecordCreationEntity) { ((RecordCreationEntity) entity).setCreateTimeNow(); } tryValidate(entity, CreateGroup.class); getDao().insert(entity); return entity.getId(); }
default void setCreateTimeNow() { setCreateTime(System.currentTimeMillis()); }
((RecordCreationEntity) entity).setCreatorId(userId); } else { logger.warn("try validate query access,but entity not support, QueryParamEntity and RecordCreationEntity support now!");
@Override public PK insert(E entity) { if (!StringUtils.isEmpty(entity.getId())) { if ((entity.getId() instanceof String) && !StringUtils.isEmpty(entity.getId())) { tryValidateProperty(entity.getId().toString().matches("[a-zA-Z0-9_\\-]+"), "id", "只能由数字,字母,下划线,和-组成"); } tryValidateProperty(selectByPk(entity.getId()) == null, "id", entity.getId() + "已存在"); } if (StringUtils.isEmpty(entity.getId()) && getIDGenerator() != null) { entity.setId(getIDGenerator().generate()); } if (entity instanceof RecordCreationEntity) { ((RecordCreationEntity) entity).setCreateTimeNow(); } tryValidate(entity, CreateGroup.class); getDao().insert(entity); return entity.getId(); }
@Authorize(action = {Permission.ACTION_UPDATE, Permission.ACTION_ADD}, logical = Logical.AND) @PatchMapping @ApiOperation("新增或者修改") default ResponseMessage<PK> saveOrUpdate(@RequestBody M data) { E entity = modelToEntity(data, getService().createEntity()); //自动添加创建人和创建时间 if (entity instanceof RecordCreationEntity) { RecordCreationEntity creationEntity = (RecordCreationEntity) entity; creationEntity.setCreateTimeNow(); creationEntity.setCreatorId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } //修改人和修改时间 if (entity instanceof RecordModifierEntity) { RecordModifierEntity creationEntity = (RecordModifierEntity) entity; creationEntity.setModifyTimeNow(); creationEntity.setModifierId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } return ResponseMessage.ok(getService().saveOrUpdate(entity)); }
public boolean putCreatorId(OwnCreatedDataAccessConfig access, AuthorizingContext context) { RecordCreationEntity entity = context.getParamContext().getParams() .values().stream() .filter(RecordCreationEntity.class::isInstance) .map(RecordCreationEntity.class::cast) .findAny().orElse(null); if (entity != null) { entity.setCreatorId(context.getAuthentication().getUser().getId()); } else { logger.warn("try put creatorId property,but not found any RecordCreationEntity!"); } return true; }
@SuppressWarnings("unchecked") protected boolean doRWAccess(OwnCreatedDataAccessConfig access, AuthorizingContext context, Object controller) { //获取注解 Object id = context.getParamContext().<String>getParameter(context.getDefinition().getDataAccessDefinition().getIdParameterName()).orElse(null); //通过QueryController获取QueryService //然后调用selectByPk 查询旧的数据,进行对比 if (controller instanceof QueryController) { //判断是否满足条件(泛型为 RecordCreationEntity) Class entityType = ClassUtils.getGenericType(controller.getClass(), 0); if (ClassUtils.instanceOf(entityType, RecordCreationEntity.class)) { QueryService<RecordCreationEntity, Object> queryService = ((QueryController<RecordCreationEntity, Object, Entity>) controller).getService(); RecordCreationEntity oldData = queryService.selectByPk(id); if (oldData != null && !context.getAuthentication().getUser().getId().equals(oldData.getCreatorId())) { return false; } } } return true; }
@Override public int updateByPk(PK pk, E entity) { Assert.notNull(pk, "primary key can not be null"); Assert.hasText(String.valueOf(pk), "primary key can not be null"); Assert.notNull(entity, "entity can not be null"); entity.setId(pk); tryValidate(entity, UpdateGroup.class); return createUpdate(entity) //如果是RecordCreationEntity则不修改creator_id和creator_time .when(entity instanceof RecordCreationEntity, update -> update.and().excludes(((RecordCreationEntity) entity).getCreatorIdProperty(), RecordCreationEntity.createTime)) .where(GenericEntity.id, pk) .exec(); }
@Authorize(action = Permission.ACTION_ADD) @PostMapping @ResponseStatus(HttpStatus.CREATED) @ApiOperation(value = "新增") default ResponseMessage<PK> add(@RequestBody M data) { E entity = modelToEntity(data, getService().createEntity()); //自动添加创建人和创建时间 if (entity instanceof RecordCreationEntity) { RecordCreationEntity creationEntity = (RecordCreationEntity) entity; creationEntity.setCreateTimeNow(); creationEntity.setCreatorId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } //修改人和修改时间 if (entity instanceof RecordModifierEntity) { RecordModifierEntity creationEntity = (RecordModifierEntity) entity; creationEntity.setModifyTimeNow(); creationEntity.setModifierId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } return ok(getService().insert(entity)); }
((RecordCreationEntity) entity).setCreatorId(userId); } else { logger.warn("try validate query access,but entity not support, QueryParamEntity and RecordCreationEntity support now!");
@SuppressWarnings("all") protected boolean matchCreatorId(Object result, String userId) { if (null == result) { return true; } if (result instanceof RecordCreationEntity) { return userId.equals(((RecordCreationEntity) result).getCreatorId()); } else if (result instanceof Collection) { Collection<?> collection = ((Collection) result); //删掉不能访问的对象 collection.removeAll(collection.stream().filter((Object o) -> !matchCreatorId(o, userId)).collect(Collectors.toList())); } else { try { return userId.equals(PropertyUtils.getProperty(result, "creatorId")); } catch (Exception ignore) { } } return true; } }
@Authorize(action = {Permission.ACTION_UPDATE, Permission.ACTION_ADD}, logical = Logical.AND) @PatchMapping @ApiOperation("新增或者修改") default ResponseMessage<PK> saveOrUpdate(@RequestBody M data) { E entity = modelToEntity(data, getService().createEntity()); //自动添加创建人和创建时间 if (entity instanceof RecordCreationEntity) { RecordCreationEntity creationEntity = (RecordCreationEntity) entity; creationEntity.setCreateTimeNow(); creationEntity.setCreatorId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } //修改人和修改时间 if (entity instanceof RecordModifierEntity) { RecordModifierEntity creationEntity = (RecordModifierEntity) entity; creationEntity.setModifyTimeNow(); creationEntity.setModifierId(Authentication.current() .map(Authentication::getUser) .map(User::getId) .orElse(null)); } return ResponseMessage.ok(getService().saveOrUpdate(entity)); }
@SuppressWarnings("unchecked") protected boolean doRWAccess(OwnCreatedDataAccessConfig access, AuthorizingContext context, Object controller) { //获取注解 Object id = context.getParamContext().<String>getParameter(context.getDefinition().getDataAccessDefinition().getIdParameterName()).orElse(null); //通过QueryController获取QueryService //然后调用selectByPk 查询旧的数据,进行对比 if (controller instanceof QueryController) { //判断是否满足条件(泛型为 RecordCreationEntity) Class entityType = ClassUtils.getGenericType(controller.getClass(), 0); if (ClassUtils.instanceOf(entityType, RecordCreationEntity.class)) { QueryService<RecordCreationEntity, Object> queryService = ((QueryController<RecordCreationEntity, Object, Entity>) controller).getService(); RecordCreationEntity oldData = queryService.selectByPk(id); if (oldData != null && !context.getAuthentication().getUser().getId().equals(oldData.getCreatorId())) { return false; } } } return true; }