package com.kingdee.eas.base.permission.app.adapter;
import com.kingdee.bos.BOSException;
import com.kingdee.bos.Context;
import com.kingdee.bos.dao.IObjectPK;
import com.kingdee.bos.dao.IObjectValue;
import com.kingdee.bos.dao.ormapping.impl.ImplUtils;
import com.kingdee.bos.metadata.IMetaDataLoader;
import com.kingdee.bos.metadata.IMetaDataPK;
import com.kingdee.bos.metadata.MetaDataLoaderFactory;
import com.kingdee.bos.metadata.MetaDataTypeList;
import com.kingdee.bos.metadata.bo.BusinessObjectInfo;
import com.kingdee.bos.metadata.bo.MethodCollection;
import com.kingdee.bos.metadata.bo.MethodInfo;
import com.kingdee.bos.metadata.entity.EntityViewInfo;
import com.kingdee.bos.metadata.entity.FilterInfo;
import com.kingdee.bos.service.AbstractServiceAdapter;
import com.kingdee.bos.service.IServiceAdapter;
import com.kingdee.bos.service.IServiceContext;
import com.kingdee.bos.sql.ParserException;
import com.kingdee.bos.util.BOSObjectType;
import com.kingdee.bos.util.BOSUuid;
import com.kingdee.bos.workflow.metas.AssignFactory;
import com.kingdee.bos.workflow.metas.IAssign;
import com.kingdee.eas.base.param.util.ParamManager;
import com.kingdee.eas.base.permission.IPermission;
import com.kingdee.eas.base.permission.IPermissionServiceProvider;
import com.kingdee.eas.base.permission.OperationType;
import com.kingdee.eas.base.permission.PermDebugHelper;
import com.kingdee.eas.base.permission.PermItemInfo;
import com.kingdee.eas.base.permission.PermissionException;
import com.kingdee.eas.base.permission.PermissionFactory;
import com.kingdee.eas.base.permission.PermissionServiceException;
import com.kingdee.eas.base.permission.PermissionServiceProviderFactory;
import com.kingdee.eas.base.permission.app.cache.IPermItemCache;
import com.kingdee.eas.base.permission.app.cache.PermissionCacheFactory;
import com.kingdee.eas.base.permission.app.config.PermissionFilterConfiguration;
import com.kingdee.eas.common.EASBizException;
import com.kingdee.util.LowTimer;
import com.kingdee.util.StringUtils;
import org.apache.log4j.Logger;
public class PermissionServiceAdapter extends AbstractServiceAdapter
implements IServiceAdapter
{
private static Logger logger = Logger.getLogger(PermissionServiceAdapter.class);
protected static final String PERMISSION_ITEMS = "PERMISSION_ITEMS";
private static final String DISABLE_DATA_PERM = "DISABLE_DATA_PERM";
private static final int PERMISSION_PRIORITY = 100;
public int getPriority()
{
return 100;
}
public String getName()
{
return "PERMISSION_SERVICE";
}
public void execute(IServiceContext serviceContext) throws BOSException
{
LowTimer lowTimer = new LowTimer();
float beginTime = (float)lowTimer.msValue();
float endTime = (float)lowTimer.msValue();
Context context = serviceContext.getContext();
Object objForKScript = context.get("disablePermissionForKScript");
StringBuffer objForKScriptLog = new StringBuffer().append(":disablePermissionForKScript is set to be:").append(objForKScript);
PermDebugHelper.logInfo(objForKScriptLog.toString());
logger.error("start^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^");
logger.error("end^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^");
if (objForKScript != null)
{
if ((objForKScript instanceof Boolean))
{
if (((Boolean)objForKScript).booleanValue())
{
return;
}
}
}
try
{
if (serviceContext.getExecutionMode() == 0)
{
handleServiceBefore(serviceContext);
}
}
catch (EASBizException e)
{
logger.error("", e);
throw new PermissionServiceException(e.getMessage());
}
if (logger.isDebugEnabled())
{
endTime = (float)lowTimer.msValue();
logger.debug("execute(): " + (endTime - beginTime));
}
}
public boolean enableDataPermFromContext(IServiceContext serviceContext)
{
boolean defaultVaue = true;
if ((serviceContext == null) || (serviceContext.getContext() == null)) return defaultVaue;
String disableDataPerm = StringUtils.cnulls(serviceContext.getContext().get("DISABLE_DATA_PERM"));
if (disableDataPerm.equalsIgnoreCase("true")) return !defaultVaue;
StringBuffer enableDataPermissionFromContextLog = new StringBuffer().append("enableDataPermFromContext is set to :" + defaultVaue);
PermDebugHelper.logInfo(enableDataPermissionFromContextLog.toString());
return defaultVaue;
}
private void handleServiceBefore(IServiceContext serviceContext)
throws EASBizException, BOSException
{
if (isBindPermission(serviceContext))
{
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String[] permItemNames = getPermItemNames(serviceContext);
int length = permItemNames.length;
boolean isEnableDataPermFromContext = enableDataPermFromContext(serviceContext);
boolean isEnableDataPermission = provider.isEnableDataPermission();
for (int i = 0; i < length; i++)
{
if ((isEnableDataPermission) && (isEnableDataPermFromContext))
{
PermDebugHelper.logInfo("handleServiceBefore:is enableDataPermission");
handleWithEnableDataPermision(serviceContext, permItemNames[i]);
}
else
{
PermDebugHelper.logInfo("handleServiceBefore:is not enableDataPermission");
handleWithoutEnableDataPermision(serviceContext, permItemNames[i]);
}
}
}
}
private boolean isFacadeObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.FACADE;
}
private boolean isEntityObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.ENTITY;
}
private boolean isQueryObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.BASEQUERY;
}
private void bindPermissionContext(IServiceContext serviceContext, String rule)
throws EASBizException, BOSException
{
PermissionServiceAdapterHelper.bindPermissionContext(serviceContext, rule);
}
private String[] getPermItemNames(IServiceContext serviceContext)
{
return (String[])serviceContext.getServiceParameter("PERMISSION_SERVICE", "PERMISSION_ITEMS");
}
private boolean isBindPermission(IServiceContext serviceContext)
{
String[] permItemNames = getPermItemNames(serviceContext);
return (permItemNames != null) && (permItemNames.length > 0);
}
private IObjectPK getMainBizOrgPK(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
return PermissionServiceAdapterHelper.getMainBizOrgPK(serviceContext, permItemInfo);
}
private void handleWithoutEnableDataPermision(IServiceContext serviceContext, String permItemName)
throws EASBizException, BOSException
{
PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName);
if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext)))
{
PermDebugHelper.logInfo("handleWithoutEnableDataPermision:is facade or entity object");
handleMethodFunctionPermission(serviceContext, permItemInfo);
}
else if (isQueryObject(serviceContext))
{
PermDebugHelper.logInfo("handleWithoutEnableDataPermision is query object");
handleQueryFunctionPermission(serviceContext, permItemInfo);
}
}
private void handleMethodFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
private boolean hasFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
return iPermission.hasFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
private void handleQueryFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
if (!hasFunctionPermission(serviceContext, permItemInfo))
{
PermDebugHelper.logInfo("handleQueryFunctionPermission:has not function permission ,add no permission filter");
bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName()));
}
}
private void handleMethodDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
Object objForKScript = context.get("disablePermissionForKScript");
StringBuffer objForKScriptLog = new StringBuffer().append("::disablePermissionForKScript is set to be::").append(objForKScript);
PermDebugHelper.logInfo(objForKScriptLog.toString());
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
if ((StringUtils.isEmpty(permItemInfo.getObjectType())) || (!permItemInfo.isEnableDataPermission()))
{
StringBuffer onlyFunctionLog = new StringBuffer().append(",permitem:").append(permItemInfo.getName()).append(" objectType is null or enableDatapermission is false");
PermDebugHelper.logInfo(onlyFunctionLog.toString());
iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
else
{
BOSObjectType objectType = BOSObjectType.create(permItemInfo.getObjectType());
if (permItemInfo.getOperationType().equals(OperationType.ADDNEW))
{
IObjectValue objectValue = getObjectValue(serviceContext, objectType);
if (objectValue != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.DELETE))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.UPDATE))
{
IObjectValue objectValue = getObjectValue(serviceContext, objectType);
if (objectValue != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.READ))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (isIgnoreAndAssigned(serviceContext, permItemInfo)) {
PermDebugHelper.logInfo("isIgnoreAndAssigned return without datapermissioncheck");
return;
}
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
setMethodService(permItemInfo, serviceContext, userPK, orgPK);
}
else if (permItemInfo.getOperationType().equals(OperationType.EXECUTE))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.OTHER))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
}
}
private void setMethodService(PermItemInfo permItemInfo, IServiceContext serviceContext, IObjectPK userPK, IObjectPK orgPK)
throws BOSException, EASBizException
{
if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission()))
{
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName());
if (!StringUtils.isEmpty(rule))
{
try
{
EntityViewInfo resultEntityViewInfo = new EntityViewInfo(rule);
serviceContext.setServiceResult("PERMISSION_SERVICE", resultEntityViewInfo.getFilter());
logger.info("resultEntityViewInfo is:" + resultEntityViewInfo);
serviceContext.getContext().put(getMethodPK(serviceContext), resultEntityViewInfo);
}
catch (ParserException e)
{
logger.error(" rule: " + rule, e);
throw new PermissionException(PermissionException.CHECK_PERMISSION_FAIL, e);
}
}
}
}
private String getMethodPK(IServiceContext serviceContext)
{
String methodNamePK = serviceContext.getOperationPK().getName();
IMetaDataLoader iMetaDataLoader = MetaDataLoaderFactory.getLocalMetaDataLoader(serviceContext.getContext());
BusinessObjectInfo entity = iMetaDataLoader.getBusinessObject(serviceContext.getBoType());
MethodCollection methodCol = entity.getAllMethods();
String methodName = "";
for (int i = 0; i < methodCol.size(); i++)
{
MethodInfo methodInfo = methodCol.get(i);
logger.info("innerId is:" + methodInfo.getInnerID());
if (!methodInfo.getInnerID().equals(methodNamePK))
continue;
methodName = methodInfo.getName();
break;
}
Object[] obj = serviceContext.getOperationParameters();
String pk = ImplUtils.buildPermissionServiceKey(serviceContext.getBoType(), methodName, obj);
logger.info(" methodPK is:" + pk);
return pk;
}
private void handleQueryDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
if (!hasFunctionPermission(serviceContext, permItemInfo))
{
PermDebugHelper.logInfo("handleQueryDataPermission:has not function permission");
bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName()));
}
else if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission()))
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName());
if (!StringUtils.isEmpty(rule))
{
bindPermissionContext(serviceContext, rule);
}
}
}
private String getNoRightRuleInfo(String strKey)
{
return PermissionFilterConfiguration.getList().getFilterString(strKey);
}
private boolean isIgnoreAndAssigned(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws BOSException, EASBizException
{
String isIgnore = ParamManager.getParamValue(serviceContext.getContext(), null, "IgnoreDataPermForAssignUser");
boolean isIgnoreDataPermForAssignUser = false;
if (!StringUtils.isEmpty(isIgnore)) {
isIgnoreDataPermForAssignUser = Boolean.valueOf(isIgnore).booleanValue();
}
logger.info("####now isIgnoreAndAssigned is :-----:" + isIgnoreDataPermForAssignUser);
if (!isIgnoreDataPermForAssignUser) {
return false;
}
logger.info("isIgnoreAndAssigned:permItemInfo" + permItemInfo.getName());
logger.info("isIgnoreAndAssigned:permItemInfo.getOperationType():" + permItemInfo.getOperationType());
if (permItemInfo.getOperationType().equals(OperationType.READ)) {
BOSObjectType objectTYpe = BOSObjectType.create(permItemInfo.getObjectType());
IObjectPK objectPK = getObjectPK(serviceContext, objectTYpe);
String objectPKString = StringUtils.cnulls(objectPK);
logger.info("isIgnoreAndAssigned:objectPKString:" + objectPKString);
if (StringUtils.isEmpty(objectPKString))
{
Object[] params = serviceContext.getOperationParameters();
if (params.length == 2) {
String idString = null;
if (params[1] != null) {
idString = params[1].toString();
}
if ((idString != null) && (idString.indexOf("'") > 0) && (idString.indexOf("'") < idString.lastIndexOf("'"))) {
objectPKString = idString.substring(idString.indexOf("'") + 1, idString.lastIndexOf("'"));
}
if (!BOSUuid.isValid(objectPKString, true)) {
objectPKString = "";
}
}
}
if (!StringUtils.isEmpty(objectPKString)) {
IAssign iAssign = AssignFactory.getLocalInstance(serviceContext.getContext());
IObjectPK userPK = serviceContext.getContext().getCaller();
logger.info("isIgnoreAndAssigned:userPK:" + userPK + " ,objectPKString:" + objectPKString);
try {
FilterInfo filter1 = new FilterInfo("personUserID = '" + userPK.toString() + "'");
filter2 = new FilterInfo("bizObjID = '" + objectPKString + "'");
}
catch (ParserException e)
{
FilterInfo filter2;
throw new BOSException(e);
}
FilterInfo filter2;
FilterInfo filter1;
filter1.mergeFilter(filter2, "and");
IObjectPK[] pks = iAssign.getPKList(filter1, null);
if ((pks != null) && (pks.length > 0)) {
return true;
}
}
}
return false;
}
private void handleWithEnableDataPermision(IServiceContext serviceContext, String permItemName)
throws EASBizException, BOSException
{
PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName);
if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext)))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is facade or entity object");
handleMethodDataPermission(serviceContext, permItemInfo);
}
else if (isQueryObject(serviceContext))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is query object");
MutiOrgPermissionServiceAdapter adapter = new MutiOrgPermissionServiceAdapter();
if (adapter.isMutiOrgPerm(serviceContext))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is multi org Perm");
adapter.handleQueryDataPermission(serviceContext, permItemInfo);
}
else
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is single org perm");
handleQueryDataPermission(serviceContext, permItemInfo);
}
}
}
private IObjectPK getObjectPK(IServiceContext serviceContext, BOSObjectType objectType)
{
IObjectPK objectPK = PermissionServiceAdapterHelper.getObjectPK(serviceContext, objectType);
if (objectPK == null) {
PermDebugHelper.logInfo("objectPK is null,will not check dataPermission");
}
return objectPK;
}
private IObjectValue getObjectValue(IServiceContext serviceContext, BOSObjectType objectType)
{
IObjectValue objectValue = PermissionServiceAdapterHelper.getObjectValue(serviceContext, objectType);
if (objectValue == null) {
PermDebugHelper.logInfo("objectValueNullLog is null,will not check dataPermission");
}
return objectValue;
}
}
相关推荐
"权限工具类"是为了解决这一问题而设计的,它提供了一种简洁、高效的方式来处理应用所需的权限请求。这个工具类通常包含了对Android运行时权限模型的封装,使得开发者能够更方便地在应用中请求和管理用户权限。 ...
而`PermissionHandler`可能是示例代码中的一个关键类,负责权限请求的封装和处理。 通过这个示例,开发者可以学习到如何在Android 6.0及以上版本优雅地处理权限,使得应用更加符合用户隐私保护的需求,同时也能提供...
4. **多权限请求**:有时应用需要同时请求多个权限,工具类会封装这个流程,一次性处理多个权限的请求,避免频繁弹出权限请求对话框。 5. **解释权限需求**:当用户在权限请求中选择了“不再询问”或者之前已经拒绝...
1. **动态权限申请**:针对Android 6.0及以上版本,该工具类能帮助开发者轻松地处理运行时权限申请,包括检查权限状态、显示权限请求对话框以及处理用户响应。 2. **简化代码**:通过封装权限申请逻辑,避免在...
Android权限分为两类:正常权限和危险权限。正常权限不会影响用户的隐私,系统会在安装时自动授予。而危险权限涉及用户隐私,需要在运行时动态申请。 三、请求权限流程 1. **检查已有的权限状态**:在使用权限相关...
它是一个实用程序类,提供了一种简洁的方法来处理运行时权限的请求。下面将详细解释`PermissionUtil`的核心功能和使用方法。 1. **权限请求**: `PermissionUtil`工具类通常包含一个静态方法,用于发起权限请求。...
工具类可能包含检查权限状态、显示权限请求对话框和处理结果回调等功能。 - 检查权限状态:使用`Context.checkSelfPermission()`方法判断当前应用是否已经拥有某个权限。 - 请求权限:调用`ActivityCompat....
`android.support.v4.content.ContextCompat`是支持库中处理权限的关键类之一。这个类提供了一系列静态方法,用于在不考虑Android API级别的情况下,安全地调用与权限相关的系统服务。例如,`checkSelfPermission()`...
在每个需要权限控制的方法或事件处理程序中,添加权限检查代码。例如,当用户尝试编辑记录时,先检查他们是否拥有编辑权限。 ```csharp if (CurrentUser.HasPermission("EditRecord")) { // 允许执行编辑操作 } ...
这对于开发者来说,意味着需要在代码中处理权限检查和请求。Qt for Android作为跨平台开发框架,同样需要适配这种新的权限管理机制。本文将详细介绍如何在Qt for Android应用中实现动态权限申请。 首先,理解...
6. **处理权限异常**:在尝试执行需要高权限的操作时,应捕获并处理可能的`System.UnauthorizedAccessException`,以提供合适的错误信息给用户。 在开发过程中,需要注意的是,频繁请求管理员权限可能导致用户体验...
Java 递归处理权限管理菜单树或分类 ...本文介绍了 Java 递归处理权限管理菜单树或分类的技术,包括数据库表设计、实体类设计和递归工具类的实现细节,并且讨论了递归算法在权限管理系统中的应用和优缺点。
源代码中可能包含了对用户角色和权限的定义、分配以及检查的函数或类。 3. **MVC(Model-View-Controller)架构**:这是一个常见的Web应用程序设计模式,用于分离业务逻辑、数据处理和用户界面。在这个权限管理系统...
这些库通常提供了更友好的API来处理权限问题,但依然需要确保在manifest文件中声明它们所需的权限。 5. **USB串口访问**:对于通过USB连接的串口设备,需要使用`usbAccessory`或`usbDevice`权限,同时实现`...
在VB.NET中,对文件和文件夹进行权限设置是编程中的一个重要方面,特别是在开发需要处理用户访问控制的应用程序时。Visual Studio .NET 2008 提供了丰富的功能来帮助开发者实现这一目标。以下是对这个主题的详细阐述...
在Android 6.0(API级别23)中,谷歌引入了运行时权限管理系统,这是一项重要的安全更新,改变了之前版本中对应用权限的传统处理方式。在此系统下,应用程序不再在安装时获得所有请求的权限,而是需要在运行时根据...
该工具类可以调出各大手机厂商的权限设置页 测试结果: 华为:OK 小米:OK 锤子:OK 一加:OK vivo:OK,vivo有自己的提示,再次点击后也是会跳出提示,有瑕疵,但是还可以 oppo:OK,自己会提示 魅族:暂时跳转没...
`ECAuthorizationMicrophone`类帮助你处理麦克风权限。 6. **位置权限(CLLocationManager)**:用于获取用户的地理位置信息。`ECAuthorizationLocation`类包括了定位权限的检查和请求。 7. **健康数据权限...
C# 反射,操作权限(新增,删除等),动态实例化类,一个C/S系统,每个模块上面都有很多操作按钮,你不可能每一窗体内在设权限的时候都用btn.enable=false/true,这样太烦了,可以作一个控件,这样统一按钮名称,然后...
在Asp.NET MVC框架中,身份验证、异常处理和权限验证是构建安全、稳定和高效Web应用程序的关键组件。本文将详细解析这些概念以及如何通过源码实现。 **身份验证(Authentication)** 身份验证是确定用户身份的过程...