package com.kingdee.eas.base.permission.app.adapter; import com.kingdee.bos.BOSException; import com.kingdee.bos.Context; import com.kingdee.bos.dao.IObjectPK; import com.kingdee.bos.dao.IObjectValue; import com.kingdee.bos.dao.ormapping.impl.ImplUtils; import com.kingdee.bos.metadata.IMetaDataLoader; import com.kingdee.bos.metadata.IMetaDataPK; import com.kingdee.bos.metadata.MetaDataLoaderFactory; import com.kingdee.bos.metadata.MetaDataTypeList; import com.kingdee.bos.metadata.bo.BusinessObjectInfo; import com.kingdee.bos.metadata.bo.MethodCollection; import com.kingdee.bos.metadata.bo.MethodInfo; import com.kingdee.bos.metadata.entity.EntityViewInfo; import com.kingdee.bos.metadata.entity.FilterInfo; import com.kingdee.bos.service.AbstractServiceAdapter; import com.kingdee.bos.service.IServiceAdapter; import com.kingdee.bos.service.IServiceContext; import com.kingdee.bos.sql.ParserException; import com.kingdee.bos.util.BOSObjectType; import com.kingdee.bos.util.BOSUuid; import com.kingdee.bos.workflow.metas.AssignFactory; import com.kingdee.bos.workflow.metas.IAssign; import com.kingdee.eas.base.param.util.ParamManager; import com.kingdee.eas.base.permission.IPermission; import com.kingdee.eas.base.permission.IPermissionServiceProvider; import com.kingdee.eas.base.permission.OperationType; import com.kingdee.eas.base.permission.PermDebugHelper; import com.kingdee.eas.base.permission.PermItemInfo; import com.kingdee.eas.base.permission.PermissionException; import com.kingdee.eas.base.permission.PermissionFactory; import com.kingdee.eas.base.permission.PermissionServiceException; import com.kingdee.eas.base.permission.PermissionServiceProviderFactory; import com.kingdee.eas.base.permission.app.cache.IPermItemCache; import com.kingdee.eas.base.permission.app.cache.PermissionCacheFactory; import com.kingdee.eas.base.permission.app.config.PermissionFilterConfiguration; import com.kingdee.eas.common.EASBizException; import com.kingdee.util.LowTimer; import com.kingdee.util.StringUtils; import org.apache.log4j.Logger; public class PermissionServiceAdapter extends AbstractServiceAdapter implements IServiceAdapter { private static Logger logger = Logger.getLogger(PermissionServiceAdapter.class); protected static final String PERMISSION_ITEMS = "PERMISSION_ITEMS"; private static final String DISABLE_DATA_PERM = "DISABLE_DATA_PERM"; private static final int PERMISSION_PRIORITY = 100; public int getPriority() { return 100; } public String getName() { return "PERMISSION_SERVICE"; } public void execute(IServiceContext serviceContext) throws BOSException { LowTimer lowTimer = new LowTimer(); float beginTime = (float)lowTimer.msValue(); float endTime = (float)lowTimer.msValue(); Context context = serviceContext.getContext(); Object objForKScript = context.get("disablePermissionForKScript"); StringBuffer objForKScriptLog = new StringBuffer().append(":disablePermissionForKScript is set to be:").append(objForKScript); PermDebugHelper.logInfo(objForKScriptLog.toString()); logger.error("start^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"); logger.error("end^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"); if (objForKScript != null) { if ((objForKScript instanceof Boolean)) { if (((Boolean)objForKScript).booleanValue()) { return; } } } try { if (serviceContext.getExecutionMode() == 0) { handleServiceBefore(serviceContext); } } catch (EASBizException e) { logger.error("", e); throw new PermissionServiceException(e.getMessage()); } if (logger.isDebugEnabled()) { endTime = (float)lowTimer.msValue(); logger.debug("execute(): " + (endTime - beginTime)); } } public boolean enableDataPermFromContext(IServiceContext serviceContext) { boolean defaultVaue = true; if ((serviceContext == null) || (serviceContext.getContext() == null)) return defaultVaue; String disableDataPerm = StringUtils.cnulls(serviceContext.getContext().get("DISABLE_DATA_PERM")); if (disableDataPerm.equalsIgnoreCase("true")) return !defaultVaue; StringBuffer enableDataPermissionFromContextLog = new StringBuffer().append("enableDataPermFromContext is set to :" + defaultVaue); PermDebugHelper.logInfo(enableDataPermissionFromContextLog.toString()); return defaultVaue; } private void handleServiceBefore(IServiceContext serviceContext) throws EASBizException, BOSException { if (isBindPermission(serviceContext)) { IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext()); String[] permItemNames = getPermItemNames(serviceContext); int length = permItemNames.length; boolean isEnableDataPermFromContext = enableDataPermFromContext(serviceContext); boolean isEnableDataPermission = provider.isEnableDataPermission(); for (int i = 0; i < length; i++) { if ((isEnableDataPermission) && (isEnableDataPermFromContext)) { PermDebugHelper.logInfo("handleServiceBefore:is enableDataPermission"); handleWithEnableDataPermision(serviceContext, permItemNames[i]); } else { PermDebugHelper.logInfo("handleServiceBefore:is not enableDataPermission"); handleWithoutEnableDataPermision(serviceContext, permItemNames[i]); } } } } private boolean isFacadeObject(IServiceContext serviceContext) { return serviceContext.getMetaType() == MetaDataTypeList.FACADE; } private boolean isEntityObject(IServiceContext serviceContext) { return serviceContext.getMetaType() == MetaDataTypeList.ENTITY; } private boolean isQueryObject(IServiceContext serviceContext) { return serviceContext.getMetaType() == MetaDataTypeList.BASEQUERY; } private void bindPermissionContext(IServiceContext serviceContext, String rule) throws EASBizException, BOSException { PermissionServiceAdapterHelper.bindPermissionContext(serviceContext, rule); } private String[] getPermItemNames(IServiceContext serviceContext) { return (String[])serviceContext.getServiceParameter("PERMISSION_SERVICE", "PERMISSION_ITEMS"); } private boolean isBindPermission(IServiceContext serviceContext) { String[] permItemNames = getPermItemNames(serviceContext); return (permItemNames != null) && (permItemNames.length > 0); } private IObjectPK getMainBizOrgPK(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { return PermissionServiceAdapterHelper.getMainBizOrgPK(serviceContext, permItemInfo); } private void handleWithoutEnableDataPermision(IServiceContext serviceContext, String permItemName) throws EASBizException, BOSException { PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName); if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext))) { PermDebugHelper.logInfo("handleWithoutEnableDataPermision:is facade or entity object"); handleMethodFunctionPermission(serviceContext, permItemInfo); } else if (isQueryObject(serviceContext)) { PermDebugHelper.logInfo("handleWithoutEnableDataPermision is query object"); handleQueryFunctionPermission(serviceContext, permItemInfo); } } private void handleMethodFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext()); iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName()); } private boolean hasFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext()); return iPermission.hasFunctionPermission(userPK, orgPK, permItemInfo.getName()); } private void handleQueryFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { if (!hasFunctionPermission(serviceContext, permItemInfo)) { PermDebugHelper.logInfo("handleQueryFunctionPermission:has not function permission ,add no permission filter"); bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName())); } } private void handleMethodDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); Object objForKScript = context.get("disablePermissionForKScript"); StringBuffer objForKScriptLog = new StringBuffer().append("::disablePermissionForKScript is set to be::").append(objForKScript); PermDebugHelper.logInfo(objForKScriptLog.toString()); IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext()); if ((StringUtils.isEmpty(permItemInfo.getObjectType())) || (!permItemInfo.isEnableDataPermission())) { StringBuffer onlyFunctionLog = new StringBuffer().append(",permitem:").append(permItemInfo.getName()).append(" objectType is null or enableDatapermission is false"); PermDebugHelper.logInfo(onlyFunctionLog.toString()); iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName()); } else { BOSObjectType objectType = BOSObjectType.create(permItemInfo.getObjectType()); if (permItemInfo.getOperationType().equals(OperationType.ADDNEW)) { IObjectValue objectValue = getObjectValue(serviceContext, objectType); if (objectValue != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue); } } else if (permItemInfo.getOperationType().equals(OperationType.DELETE)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } } else if (permItemInfo.getOperationType().equals(OperationType.UPDATE)) { IObjectValue objectValue = getObjectValue(serviceContext, objectType); if (objectValue != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue); } } else if (permItemInfo.getOperationType().equals(OperationType.READ)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (isIgnoreAndAssigned(serviceContext, permItemInfo)) { PermDebugHelper.logInfo("isIgnoreAndAssigned return without datapermissioncheck"); return; } if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } setMethodService(permItemInfo, serviceContext, userPK, orgPK); } else if (permItemInfo.getOperationType().equals(OperationType.EXECUTE)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } } else if (permItemInfo.getOperationType().equals(OperationType.OTHER)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } } } } private void setMethodService(PermItemInfo permItemInfo, IServiceContext serviceContext, IObjectPK userPK, IObjectPK orgPK) throws BOSException, EASBizException { if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission())) { IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext()); String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName()); if (!StringUtils.isEmpty(rule)) { try { EntityViewInfo resultEntityViewInfo = new EntityViewInfo(rule); serviceContext.setServiceResult("PERMISSION_SERVICE", resultEntityViewInfo.getFilter()); logger.info("resultEntityViewInfo is:" + resultEntityViewInfo); serviceContext.getContext().put(getMethodPK(serviceContext), resultEntityViewInfo); } catch (ParserException e) { logger.error(" rule: " + rule, e); throw new PermissionException(PermissionException.CHECK_PERMISSION_FAIL, e); } } } } private String getMethodPK(IServiceContext serviceContext) { String methodNamePK = serviceContext.getOperationPK().getName(); IMetaDataLoader iMetaDataLoader = MetaDataLoaderFactory.getLocalMetaDataLoader(serviceContext.getContext()); BusinessObjectInfo entity = iMetaDataLoader.getBusinessObject(serviceContext.getBoType()); MethodCollection methodCol = entity.getAllMethods(); String methodName = ""; for (int i = 0; i < methodCol.size(); i++) { MethodInfo methodInfo = methodCol.get(i); logger.info("innerId is:" + methodInfo.getInnerID()); if (!methodInfo.getInnerID().equals(methodNamePK)) continue; methodName = methodInfo.getName(); break; } Object[] obj = serviceContext.getOperationParameters(); String pk = ImplUtils.buildPermissionServiceKey(serviceContext.getBoType(), methodName, obj); logger.info(" methodPK is:" + pk); return pk; } private void handleQueryDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { if (!hasFunctionPermission(serviceContext, permItemInfo)) { PermDebugHelper.logInfo("handleQueryDataPermission:has not function permission"); bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName())); } else if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission())) { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext()); String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName()); if (!StringUtils.isEmpty(rule)) { bindPermissionContext(serviceContext, rule); } } } private String getNoRightRuleInfo(String strKey) { return PermissionFilterConfiguration.getList().getFilterString(strKey); } private boolean isIgnoreAndAssigned(IServiceContext serviceContext, PermItemInfo permItemInfo) throws BOSException, EASBizException { String isIgnore = ParamManager.getParamValue(serviceContext.getContext(), null, "IgnoreDataPermForAssignUser"); boolean isIgnoreDataPermForAssignUser = false; if (!StringUtils.isEmpty(isIgnore)) { isIgnoreDataPermForAssignUser = Boolean.valueOf(isIgnore).booleanValue(); } logger.info("####now isIgnoreAndAssigned is :-----:" + isIgnoreDataPermForAssignUser); if (!isIgnoreDataPermForAssignUser) { return false; } logger.info("isIgnoreAndAssigned:permItemInfo" + permItemInfo.getName()); logger.info("isIgnoreAndAssigned:permItemInfo.getOperationType():" + permItemInfo.getOperationType()); if (permItemInfo.getOperationType().equals(OperationType.READ)) { BOSObjectType objectTYpe = BOSObjectType.create(permItemInfo.getObjectType()); IObjectPK objectPK = getObjectPK(serviceContext, objectTYpe); String objectPKString = StringUtils.cnulls(objectPK); logger.info("isIgnoreAndAssigned:objectPKString:" + objectPKString); if (StringUtils.isEmpty(objectPKString)) { Object[] params = serviceContext.getOperationParameters(); if (params.length == 2) { String idString = null; if (params[1] != null) { idString = params[1].toString(); } if ((idString != null) && (idString.indexOf("'") > 0) && (idString.indexOf("'") < idString.lastIndexOf("'"))) { objectPKString = idString.substring(idString.indexOf("'") + 1, idString.lastIndexOf("'")); } if (!BOSUuid.isValid(objectPKString, true)) { objectPKString = ""; } } } if (!StringUtils.isEmpty(objectPKString)) { IAssign iAssign = AssignFactory.getLocalInstance(serviceContext.getContext()); IObjectPK userPK = serviceContext.getContext().getCaller(); logger.info("isIgnoreAndAssigned:userPK:" + userPK + " ,objectPKString:" + objectPKString); try { FilterInfo filter1 = new FilterInfo("personUserID = '" + userPK.toString() + "'"); filter2 = new FilterInfo("bizObjID = '" + objectPKString + "'"); } catch (ParserException e) { FilterInfo filter2; throw new BOSException(e); } FilterInfo filter2; FilterInfo filter1; filter1.mergeFilter(filter2, "and"); IObjectPK[] pks = iAssign.getPKList(filter1, null); if ((pks != null) && (pks.length > 0)) { return true; } } } return false; } private void handleWithEnableDataPermision(IServiceContext serviceContext, String permItemName) throws EASBizException, BOSException { PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName); if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext))) { PermDebugHelper.logInfo("handleWithEnableDataPermision:is facade or entity object"); handleMethodDataPermission(serviceContext, permItemInfo); } else if (isQueryObject(serviceContext)) { PermDebugHelper.logInfo("handleWithEnableDataPermision:is query object"); MutiOrgPermissionServiceAdapter adapter = new MutiOrgPermissionServiceAdapter(); if (adapter.isMutiOrgPerm(serviceContext)) { PermDebugHelper.logInfo("handleWithEnableDataPermision:is multi org Perm"); adapter.handleQueryDataPermission(serviceContext, permItemInfo); } else { PermDebugHelper.logInfo("handleWithEnableDataPermision:is single org perm"); handleQueryDataPermission(serviceContext, permItemInfo); } } } private IObjectPK getObjectPK(IServiceContext serviceContext, BOSObjectType objectType) { IObjectPK objectPK = PermissionServiceAdapterHelper.getObjectPK(serviceContext, objectType); if (objectPK == null) { PermDebugHelper.logInfo("objectPK is null,will not check dataPermission"); } return objectPK; } private IObjectValue getObjectValue(IServiceContext serviceContext, BOSObjectType objectType) { IObjectValue objectValue = PermissionServiceAdapterHelper.getObjectValue(serviceContext, objectType); if (objectValue == null) { PermDebugHelper.logInfo("objectValueNullLog is null,will not check dataPermission"); } return objectValue; } }
相关推荐
4. **多权限请求**:有时应用需要同时请求多个权限,工具类会封装这个流程,一次性处理多个权限的请求,避免频繁弹出权限请求对话框。 5. **解释权限需求**:当用户在权限请求中选择了“不再询问”或者之前已经拒绝...
"权限请求工具类"是一个专门为Android应用设计的辅助类,帮助开发者更方便地处理权限请求流程。这个工具类简化了用户在运行时对特定权限进行询问和管理的过程,使得应用能更好地遵循Android的新权限模型。 在...
5. **最佳实践**:权限工具类还可能包含关于最佳实践的指南,比如何时应该请求权限,如何优雅地处理权限被拒绝的情况,以及如何在权限丢失后恢复功能。 6. **批量权限处理**:对于需要多个权限的情况,工具类可以一...
1. **动态权限申请**:针对Android 6.0及以上版本,该工具类能帮助开发者轻松地处理运行时权限申请,包括检查权限状态、显示权限请求对话框以及处理用户响应。 2. **简化代码**:通过封装权限申请逻辑,避免在...
Android权限分为两类:正常权限和危险权限。正常权限不会影响用户的隐私,系统会在安装时自动授予。而危险权限涉及用户隐私,需要在运行时动态申请。 三、请求权限流程 1. **检查已有的权限状态**:在使用权限相关...
工具类可能包含检查权限状态、显示权限请求对话框和处理结果回调等功能。 - 检查权限状态:使用`Context.checkSelfPermission()`方法判断当前应用是否已经拥有某个权限。 - 请求权限:调用`ActivityCompat....
`android.support.v4.content.ContextCompat`是支持库中处理权限的关键类之一。这个类提供了一系列静态方法,用于在不考虑Android API级别的情况下,安全地调用与权限相关的系统服务。例如,`checkSelfPermission()`...
在每个需要权限控制的方法或事件处理程序中,添加权限检查代码。例如,当用户尝试编辑记录时,先检查他们是否拥有编辑权限。 ```csharp if (CurrentUser.HasPermission("EditRecord")) { // 允许执行编辑操作 } ...
一个十分简单的权限工具类。只需一个方法,便可以实现权限的授权,不同版本的兼容,以及回调的正确处理了。 对原有项目尽可能小的改动,方便已有项目的接入。使用方法示例如下: /*需要动态请求相机权限*/ ...
这对于开发者来说,意味着需要在代码中处理权限检查和请求。Qt for Android作为跨平台开发框架,同样需要适配这种新的权限管理机制。本文将详细介绍如何在Qt for Android应用中实现动态权限申请。 首先,理解...
6. **处理权限异常**:在尝试执行需要高权限的操作时,应捕获并处理可能的`System.UnauthorizedAccessException`,以提供合适的错误信息给用户。 在开发过程中,需要注意的是,频繁请求管理员权限可能导致用户体验...
Java 递归处理权限管理菜单树或分类 ...本文介绍了 Java 递归处理权限管理菜单树或分类的技术,包括数据库表设计、实体类设计和递归工具类的实现细节,并且讨论了递归算法在权限管理系统中的应用和优缺点。
在Android 6.0(Marshmallow)及其后续版本中,系统的权限管理机制发生了重大变化,引入了运行时权限的概念。...在处理CheckPermission这类与权限相关的任务时,一定要按照上述流程进行,确保应用的稳定性和合规性。
在权限管理上,Struts可以通过拦截器或自定义Action类实现对用户访问的控制。 3. **Hibernate**:这是一个对象关系映射(ORM)工具,它简化了数据库操作,将Java对象与数据库表进行映射,从而减少SQL代码的编写。在...
这个应用的源代码可能包含多个类,比如一个`PermissionManager`来处理权限请求,一个`ImageProcessor`来处理图片的Base64转换和压缩,以及一个`ImageAnalyzer`来识别图片格式。这些组件可以协同工作,提供一个健壮的...
在VB.NET中,对文件和文件夹进行权限设置是编程中的一个重要方面,特别是在开发需要处理用户访问控制的应用程序时。Visual Studio .NET 2008 提供了丰富的功能来帮助开发者实现这一目标。以下是对这个主题的详细阐述...
- **@RuntimePermissions**:此注解用于类,表明类中的某些方法需要权限控制。 - **@NeedsPermission**:此注解用于方法,表示该方法需要特定的权限才能执行。 - **@OnShowRationale**:当权限被拒绝且需要解释...
该工具类可以调出各大手机厂商的权限设置页 测试结果: 华为:OK 小米:OK 锤子:OK 一加:OK vivo:OK,vivo有自己的提示,再次点击后也是会跳出提示,有瑕疵,但是还可以 oppo:OK,自己会提示 魅族:暂时跳转没...
`ECAuthorizationMicrophone`类帮助你处理麦克风权限。 6. **位置权限(CLLocationManager)**:用于获取用户的地理位置信息。`ECAuthorizationLocation`类包括了定位权限的检查和请求。 7. **健康数据权限...
7. **权限类(Permission Class)**:每个权限都有对应的类,如`java.io.FilePermission`,这些类在`java.security`包下定义。 8. **认证(Authentication)与授权(Authorization)**:认证是确定用户身份的过程,...