package com.kingdee.eas.base.permission.app.adapter;
import com.kingdee.bos.BOSException;
import com.kingdee.bos.Context;
import com.kingdee.bos.dao.IObjectPK;
import com.kingdee.bos.dao.IObjectValue;
import com.kingdee.bos.dao.ormapping.impl.ImplUtils;
import com.kingdee.bos.metadata.IMetaDataLoader;
import com.kingdee.bos.metadata.IMetaDataPK;
import com.kingdee.bos.metadata.MetaDataLoaderFactory;
import com.kingdee.bos.metadata.MetaDataTypeList;
import com.kingdee.bos.metadata.bo.BusinessObjectInfo;
import com.kingdee.bos.metadata.bo.MethodCollection;
import com.kingdee.bos.metadata.bo.MethodInfo;
import com.kingdee.bos.metadata.entity.EntityViewInfo;
import com.kingdee.bos.metadata.entity.FilterInfo;
import com.kingdee.bos.service.AbstractServiceAdapter;
import com.kingdee.bos.service.IServiceAdapter;
import com.kingdee.bos.service.IServiceContext;
import com.kingdee.bos.sql.ParserException;
import com.kingdee.bos.util.BOSObjectType;
import com.kingdee.bos.util.BOSUuid;
import com.kingdee.bos.workflow.metas.AssignFactory;
import com.kingdee.bos.workflow.metas.IAssign;
import com.kingdee.eas.base.param.util.ParamManager;
import com.kingdee.eas.base.permission.IPermission;
import com.kingdee.eas.base.permission.IPermissionServiceProvider;
import com.kingdee.eas.base.permission.OperationType;
import com.kingdee.eas.base.permission.PermDebugHelper;
import com.kingdee.eas.base.permission.PermItemInfo;
import com.kingdee.eas.base.permission.PermissionException;
import com.kingdee.eas.base.permission.PermissionFactory;
import com.kingdee.eas.base.permission.PermissionServiceException;
import com.kingdee.eas.base.permission.PermissionServiceProviderFactory;
import com.kingdee.eas.base.permission.app.cache.IPermItemCache;
import com.kingdee.eas.base.permission.app.cache.PermissionCacheFactory;
import com.kingdee.eas.base.permission.app.config.PermissionFilterConfiguration;
import com.kingdee.eas.common.EASBizException;
import com.kingdee.util.LowTimer;
import com.kingdee.util.StringUtils;
import org.apache.log4j.Logger;
public class PermissionServiceAdapter extends AbstractServiceAdapter
implements IServiceAdapter
{
private static Logger logger = Logger.getLogger(PermissionServiceAdapter.class);
protected static final String PERMISSION_ITEMS = "PERMISSION_ITEMS";
private static final String DISABLE_DATA_PERM = "DISABLE_DATA_PERM";
private static final int PERMISSION_PRIORITY = 100;
public int getPriority()
{
return 100;
}
public String getName()
{
return "PERMISSION_SERVICE";
}
public void execute(IServiceContext serviceContext) throws BOSException
{
LowTimer lowTimer = new LowTimer();
float beginTime = (float)lowTimer.msValue();
float endTime = (float)lowTimer.msValue();
Context context = serviceContext.getContext();
Object objForKScript = context.get("disablePermissionForKScript");
StringBuffer objForKScriptLog = new StringBuffer().append(":disablePermissionForKScript is set to be:").append(objForKScript);
PermDebugHelper.logInfo(objForKScriptLog.toString());
logger.error("start^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^");
logger.error("end^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^");
if (objForKScript != null)
{
if ((objForKScript instanceof Boolean))
{
if (((Boolean)objForKScript).booleanValue())
{
return;
}
}
}
try
{
if (serviceContext.getExecutionMode() == 0)
{
handleServiceBefore(serviceContext);
}
}
catch (EASBizException e)
{
logger.error("", e);
throw new PermissionServiceException(e.getMessage());
}
if (logger.isDebugEnabled())
{
endTime = (float)lowTimer.msValue();
logger.debug("execute(): " + (endTime - beginTime));
}
}
public boolean enableDataPermFromContext(IServiceContext serviceContext)
{
boolean defaultVaue = true;
if ((serviceContext == null) || (serviceContext.getContext() == null)) return defaultVaue;
String disableDataPerm = StringUtils.cnulls(serviceContext.getContext().get("DISABLE_DATA_PERM"));
if (disableDataPerm.equalsIgnoreCase("true")) return !defaultVaue;
StringBuffer enableDataPermissionFromContextLog = new StringBuffer().append("enableDataPermFromContext is set to :" + defaultVaue);
PermDebugHelper.logInfo(enableDataPermissionFromContextLog.toString());
return defaultVaue;
}
private void handleServiceBefore(IServiceContext serviceContext)
throws EASBizException, BOSException
{
if (isBindPermission(serviceContext))
{
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String[] permItemNames = getPermItemNames(serviceContext);
int length = permItemNames.length;
boolean isEnableDataPermFromContext = enableDataPermFromContext(serviceContext);
boolean isEnableDataPermission = provider.isEnableDataPermission();
for (int i = 0; i < length; i++)
{
if ((isEnableDataPermission) && (isEnableDataPermFromContext))
{
PermDebugHelper.logInfo("handleServiceBefore:is enableDataPermission");
handleWithEnableDataPermision(serviceContext, permItemNames[i]);
}
else
{
PermDebugHelper.logInfo("handleServiceBefore:is not enableDataPermission");
handleWithoutEnableDataPermision(serviceContext, permItemNames[i]);
}
}
}
}
private boolean isFacadeObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.FACADE;
}
private boolean isEntityObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.ENTITY;
}
private boolean isQueryObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.BASEQUERY;
}
private void bindPermissionContext(IServiceContext serviceContext, String rule)
throws EASBizException, BOSException
{
PermissionServiceAdapterHelper.bindPermissionContext(serviceContext, rule);
}
private String[] getPermItemNames(IServiceContext serviceContext)
{
return (String[])serviceContext.getServiceParameter("PERMISSION_SERVICE", "PERMISSION_ITEMS");
}
private boolean isBindPermission(IServiceContext serviceContext)
{
String[] permItemNames = getPermItemNames(serviceContext);
return (permItemNames != null) && (permItemNames.length > 0);
}
private IObjectPK getMainBizOrgPK(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
return PermissionServiceAdapterHelper.getMainBizOrgPK(serviceContext, permItemInfo);
}
private void handleWithoutEnableDataPermision(IServiceContext serviceContext, String permItemName)
throws EASBizException, BOSException
{
PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName);
if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext)))
{
PermDebugHelper.logInfo("handleWithoutEnableDataPermision:is facade or entity object");
handleMethodFunctionPermission(serviceContext, permItemInfo);
}
else if (isQueryObject(serviceContext))
{
PermDebugHelper.logInfo("handleWithoutEnableDataPermision is query object");
handleQueryFunctionPermission(serviceContext, permItemInfo);
}
}
private void handleMethodFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
private boolean hasFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
return iPermission.hasFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
private void handleQueryFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
if (!hasFunctionPermission(serviceContext, permItemInfo))
{
PermDebugHelper.logInfo("handleQueryFunctionPermission:has not function permission ,add no permission filter");
bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName()));
}
}
private void handleMethodDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
Object objForKScript = context.get("disablePermissionForKScript");
StringBuffer objForKScriptLog = new StringBuffer().append("::disablePermissionForKScript is set to be::").append(objForKScript);
PermDebugHelper.logInfo(objForKScriptLog.toString());
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
if ((StringUtils.isEmpty(permItemInfo.getObjectType())) || (!permItemInfo.isEnableDataPermission()))
{
StringBuffer onlyFunctionLog = new StringBuffer().append(",permitem:").append(permItemInfo.getName()).append(" objectType is null or enableDatapermission is false");
PermDebugHelper.logInfo(onlyFunctionLog.toString());
iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
else
{
BOSObjectType objectType = BOSObjectType.create(permItemInfo.getObjectType());
if (permItemInfo.getOperationType().equals(OperationType.ADDNEW))
{
IObjectValue objectValue = getObjectValue(serviceContext, objectType);
if (objectValue != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.DELETE))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.UPDATE))
{
IObjectValue objectValue = getObjectValue(serviceContext, objectType);
if (objectValue != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.READ))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (isIgnoreAndAssigned(serviceContext, permItemInfo)) {
PermDebugHelper.logInfo("isIgnoreAndAssigned return without datapermissioncheck");
return;
}
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
setMethodService(permItemInfo, serviceContext, userPK, orgPK);
}
else if (permItemInfo.getOperationType().equals(OperationType.EXECUTE))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.OTHER))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
}
}
private void setMethodService(PermItemInfo permItemInfo, IServiceContext serviceContext, IObjectPK userPK, IObjectPK orgPK)
throws BOSException, EASBizException
{
if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission()))
{
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName());
if (!StringUtils.isEmpty(rule))
{
try
{
EntityViewInfo resultEntityViewInfo = new EntityViewInfo(rule);
serviceContext.setServiceResult("PERMISSION_SERVICE", resultEntityViewInfo.getFilter());
logger.info("resultEntityViewInfo is:" + resultEntityViewInfo);
serviceContext.getContext().put(getMethodPK(serviceContext), resultEntityViewInfo);
}
catch (ParserException e)
{
logger.error(" rule: " + rule, e);
throw new PermissionException(PermissionException.CHECK_PERMISSION_FAIL, e);
}
}
}
}
private String getMethodPK(IServiceContext serviceContext)
{
String methodNamePK = serviceContext.getOperationPK().getName();
IMetaDataLoader iMetaDataLoader = MetaDataLoaderFactory.getLocalMetaDataLoader(serviceContext.getContext());
BusinessObjectInfo entity = iMetaDataLoader.getBusinessObject(serviceContext.getBoType());
MethodCollection methodCol = entity.getAllMethods();
String methodName = "";
for (int i = 0; i < methodCol.size(); i++)
{
MethodInfo methodInfo = methodCol.get(i);
logger.info("innerId is:" + methodInfo.getInnerID());
if (!methodInfo.getInnerID().equals(methodNamePK))
continue;
methodName = methodInfo.getName();
break;
}
Object[] obj = serviceContext.getOperationParameters();
String pk = ImplUtils.buildPermissionServiceKey(serviceContext.getBoType(), methodName, obj);
logger.info(" methodPK is:" + pk);
return pk;
}
private void handleQueryDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
if (!hasFunctionPermission(serviceContext, permItemInfo))
{
PermDebugHelper.logInfo("handleQueryDataPermission:has not function permission");
bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName()));
}
else if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission()))
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName());
if (!StringUtils.isEmpty(rule))
{
bindPermissionContext(serviceContext, rule);
}
}
}
private String getNoRightRuleInfo(String strKey)
{
return PermissionFilterConfiguration.getList().getFilterString(strKey);
}
private boolean isIgnoreAndAssigned(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws BOSException, EASBizException
{
String isIgnore = ParamManager.getParamValue(serviceContext.getContext(), null, "IgnoreDataPermForAssignUser");
boolean isIgnoreDataPermForAssignUser = false;
if (!StringUtils.isEmpty(isIgnore)) {
isIgnoreDataPermForAssignUser = Boolean.valueOf(isIgnore).booleanValue();
}
logger.info("####now isIgnoreAndAssigned is :-----:" + isIgnoreDataPermForAssignUser);
if (!isIgnoreDataPermForAssignUser) {
return false;
}
logger.info("isIgnoreAndAssigned:permItemInfo" + permItemInfo.getName());
logger.info("isIgnoreAndAssigned:permItemInfo.getOperationType():" + permItemInfo.getOperationType());
if (permItemInfo.getOperationType().equals(OperationType.READ)) {
BOSObjectType objectTYpe = BOSObjectType.create(permItemInfo.getObjectType());
IObjectPK objectPK = getObjectPK(serviceContext, objectTYpe);
String objectPKString = StringUtils.cnulls(objectPK);
logger.info("isIgnoreAndAssigned:objectPKString:" + objectPKString);
if (StringUtils.isEmpty(objectPKString))
{
Object[] params = serviceContext.getOperationParameters();
if (params.length == 2) {
String idString = null;
if (params[1] != null) {
idString = params[1].toString();
}
if ((idString != null) && (idString.indexOf("'") > 0) && (idString.indexOf("'") < idString.lastIndexOf("'"))) {
objectPKString = idString.substring(idString.indexOf("'") + 1, idString.lastIndexOf("'"));
}
if (!BOSUuid.isValid(objectPKString, true)) {
objectPKString = "";
}
}
}
if (!StringUtils.isEmpty(objectPKString)) {
IAssign iAssign = AssignFactory.getLocalInstance(serviceContext.getContext());
IObjectPK userPK = serviceContext.getContext().getCaller();
logger.info("isIgnoreAndAssigned:userPK:" + userPK + " ,objectPKString:" + objectPKString);
try {
FilterInfo filter1 = new FilterInfo("personUserID = '" + userPK.toString() + "'");
filter2 = new FilterInfo("bizObjID = '" + objectPKString + "'");
}
catch (ParserException e)
{
FilterInfo filter2;
throw new BOSException(e);
}
FilterInfo filter2;
FilterInfo filter1;
filter1.mergeFilter(filter2, "and");
IObjectPK[] pks = iAssign.getPKList(filter1, null);
if ((pks != null) && (pks.length > 0)) {
return true;
}
}
}
return false;
}
private void handleWithEnableDataPermision(IServiceContext serviceContext, String permItemName)
throws EASBizException, BOSException
{
PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName);
if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext)))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is facade or entity object");
handleMethodDataPermission(serviceContext, permItemInfo);
}
else if (isQueryObject(serviceContext))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is query object");
MutiOrgPermissionServiceAdapter adapter = new MutiOrgPermissionServiceAdapter();
if (adapter.isMutiOrgPerm(serviceContext))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is multi org Perm");
adapter.handleQueryDataPermission(serviceContext, permItemInfo);
}
else
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is single org perm");
handleQueryDataPermission(serviceContext, permItemInfo);
}
}
}
private IObjectPK getObjectPK(IServiceContext serviceContext, BOSObjectType objectType)
{
IObjectPK objectPK = PermissionServiceAdapterHelper.getObjectPK(serviceContext, objectType);
if (objectPK == null) {
PermDebugHelper.logInfo("objectPK is null,will not check dataPermission");
}
return objectPK;
}
private IObjectValue getObjectValue(IServiceContext serviceContext, BOSObjectType objectType)
{
IObjectValue objectValue = PermissionServiceAdapterHelper.getObjectValue(serviceContext, objectType);
if (objectValue == null) {
PermDebugHelper.logInfo("objectValueNullLog is null,will not check dataPermission");
}
return objectValue;
}
}
相关推荐
4. **多权限请求**:有时应用需要同时请求多个权限,工具类会封装这个流程,一次性处理多个权限的请求,避免频繁弹出权限请求对话框。 5. **解释权限需求**:当用户在权限请求中选择了“不再询问”或者之前已经拒绝...
"权限请求工具类"是一个专门为Android应用设计的辅助类,帮助开发者更方便地处理权限请求流程。这个工具类简化了用户在运行时对特定权限进行询问和管理的过程,使得应用能更好地遵循Android的新权限模型。 在...
4. **工具类封装**:为了简化权限管理,开发者通常会创建一个权限工具类,集中处理权限相关的逻辑,包括检查、请求以及处理结果。这样的工具类可以避免在多个地方重复相同的代码,提高代码复用性和可维护性。 5. **...
5. **最佳实践**:权限工具类还可能包含关于最佳实践的指南,比如何时应该请求权限,如何优雅地处理权限被拒绝的情况,以及如何在权限丢失后恢复功能。 6. **批量权限处理**:对于需要多个权限的情况,工具类可以一...
1. **动态权限申请**:针对Android 6.0及以上版本,该工具类能帮助开发者轻松地处理运行时权限申请,包括检查权限状态、显示权限请求对话框以及处理用户响应。 2. **简化代码**:通过封装权限申请逻辑,避免在...
Android权限分为两类:正常权限和危险权限。正常权限不会影响用户的隐私,系统会在安装时自动授予。而危险权限涉及用户隐私,需要在运行时动态申请。 三、请求权限流程 1. **检查已有的权限状态**:在使用权限相关...
工具类可能包含检查权限状态、显示权限请求对话框和处理结果回调等功能。 - 检查权限状态:使用`Context.checkSelfPermission()`方法判断当前应用是否已经拥有某个权限。 - 请求权限:调用`ActivityCompat....
`android.support.v4.content.ContextCompat`是支持库中处理权限的关键类之一。这个类提供了一系列静态方法,用于在不考虑Android API级别的情况下,安全地调用与权限相关的系统服务。例如,`checkSelfPermission()`...
在每个需要权限控制的方法或事件处理程序中,添加权限检查代码。例如,当用户尝试编辑记录时,先检查他们是否拥有编辑权限。 ```csharp if (CurrentUser.HasPermission("EditRecord")) { // 允许执行编辑操作 } ...
一个十分简单的权限工具类。只需一个方法,便可以实现权限的授权,不同版本的兼容,以及回调的正确处理了。 对原有项目尽可能小的改动,方便已有项目的接入。使用方法示例如下: /*需要动态请求相机权限*/ ...
这对于开发者来说,意味着需要在代码中处理权限检查和请求。Qt for Android作为跨平台开发框架,同样需要适配这种新的权限管理机制。本文将详细介绍如何在Qt for Android应用中实现动态权限申请。 首先,理解...
6. **处理权限异常**:在尝试执行需要高权限的操作时,应捕获并处理可能的`System.UnauthorizedAccessException`,以提供合适的错误信息给用户。 在开发过程中,需要注意的是,频繁请求管理员权限可能导致用户体验...
Java 递归处理权限管理菜单树或分类 ...本文介绍了 Java 递归处理权限管理菜单树或分类的技术,包括数据库表设计、实体类设计和递归工具类的实现细节,并且讨论了递归算法在权限管理系统中的应用和优缺点。
在Android 6.0(Marshmallow)及其后续版本中,系统的权限管理机制发生了重大变化,引入了运行时权限的概念。...在处理CheckPermission这类与权限相关的任务时,一定要按照上述流程进行,确保应用的稳定性和合规性。
在权限管理上,Struts可以通过拦截器或自定义Action类实现对用户访问的控制。 3. **Hibernate**:这是一个对象关系映射(ORM)工具,它简化了数据库操作,将Java对象与数据库表进行映射,从而减少SQL代码的编写。在...
这个应用的源代码可能包含多个类,比如一个`PermissionManager`来处理权限请求,一个`ImageProcessor`来处理图片的Base64转换和压缩,以及一个`ImageAnalyzer`来识别图片格式。这些组件可以协同工作,提供一个健壮的...
在VB.NET中,对文件和文件夹进行权限设置是编程中的一个重要方面,特别是在开发需要处理用户访问控制的应用程序时。Visual Studio .NET 2008 提供了丰富的功能来帮助开发者实现这一目标。以下是对这个主题的详细阐述...
该工具类可以调出各大手机厂商的权限设置页 测试结果: 华为:OK 小米:OK 锤子:OK 一加:OK vivo:OK,vivo有自己的提示,再次点击后也是会跳出提示,有瑕疵,但是还可以 oppo:OK,自己会提示 魅族:暂时跳转没...
`ECAuthorizationMicrophone`类帮助你处理麦克风权限。 6. **位置权限(CLLocationManager)**:用于获取用户的地理位置信息。`ECAuthorizationLocation`类包括了定位权限的检查和请求。 7. **健康数据权限...
7. **权限类(Permission Class)**:每个权限都有对应的类,如`java.io.FilePermission`,这些类在`java.security`包下定义。 8. **认证(Authentication)与授权(Authorization)**:认证是确定用户身份的过程,...