Inicio Explorar Ayuda
Registro Iniciar sesión
ZhuJiaHao
/
zdqy_ibps
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

[task-7497]纸质运行记录私有文件可见性改造

xiexh hace 3 semanas
padre
42bea9d354
commit
b79e74671a
Se han modificado 2 ficheros con 74 adiciones y 3 borrados
Dividir vista Mostrar estadísticas de diff
  1. 71 2
      ibps-base-root/modules/base-cloud/src/main/java/com/lc/ibps/cloud/provider/GenericProvider.java
  2. 3 1
      ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/components/employee/provider/OperateRecordProvider.java

+ 71 - 2
ibps-base-root/modules/base-cloud/src/main/java/com/lc/ibps/cloud/provider/GenericProvider.java
Ver fichero 

@@ -1,12 +1,16 @@
 
 package com.lc.ibps.cloud.provider;
 
 
 import java.io.UnsupportedEncodingException;
 
+import java.lang.reflect.Field;
 
 import java.util.Collections;
 
 import java.util.List;
 
+import java.util.Map;
 
 
+import javax.annotation.Resource;
 
 import javax.servlet.http.HttpServletRequest;
 
 import javax.servlet.http.HttpServletResponse;
 
 
+import com.lc.ibps.base.framework.table.ICommonDao;
 
 import org.slf4j.Logger;
 
 import org.slf4j.LoggerFactory;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -55,7 +59,10 @@ public class GenericProvider {
 
 	protected MultipartResolver getMultipartResolver () {
 
 		return multipartResolver;
 
 	}
 
-	
+
 
+	@Resource
 
+	private ICommonDao<?> commonDao;
 
+
 
 	protected HttpServletRequest getRequest() {
 
 		ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
 
 		try {
 
@@ -87,7 +94,6 @@ public class GenericProvider {
 
 	 */
 
 	protected <E> APIPageList<E> getAPIPageList(List<E> data){
 
 		APIPageList<E> apiPageList = new APIPageList<E>();
 
-		
 		apiPageList.setDataResult(data);
 
 		if(null != data && data instanceof PageList){
 
 			PageList<E> pageList = (PageList<E>)data;
 
@@ -101,6 +107,69 @@ public class GenericProvider {
 
 		
 		return apiPageList;
 
 	}
 
+
 
+	protected <E> APIPageList<E> getAPIPageListByAcct(List<E> data,String userId){
 
+		APIPageList<E> apiPageList = new APIPageList<E>();
 
+		//根据用户查询分类表判断是否为私有分类,如果是则根据用户id过滤
 
+		constructPrivateTypeData(data,userId);
 
+		apiPageList.setDataResult(data);
 
+		if(null != data && data instanceof PageList){
 
+			PageList<E> pageList = (PageList<E>)data;
 
+			PageResult pageResult = pageList.getPageResult() != null ? pageList.getPageResult() : new PageResult();
 
+			APIPageResult apiPageResult = new APIPageResult();
 
+			apiPageResult.setPage(pageResult.getPage());
 
+			apiPageResult.setLimit(pageResult.getLimit());
 
+			apiPageResult.setTotalCount(pageResult.getTotalCount());
 
+			apiPageList.setPageResult(apiPageResult);
 
+		}
 
+
 
+		return apiPageList;
 
+	}
 
+
 
+	private <E> void constructPrivateTypeData(List<E> data,String usrId) {
 
+		if(null == data || BeanUtils.isEmpty(usrId))return;
 
+		//过滤其他用户的私有分类数据
 
+		if(data instanceof PageList){
 
+			//遍历数据获取分类id查询分类表,如果OWNER_ID_存在值且值不等于usrId则过滤掉
 
+			data.removeIf(item -> {
 
+				try {
 
+					Field field = getFieldRecursively(item.getClass(), "fenLeiId");
 
+					field.setAccessible(true);
 
+					Object fenLeiIdObj = field.get(item);
 
+					if (fenLeiIdObj == null) return false;
 
+					String sql = "select ID_,CATEGORY_KEY_,name_,OWNER_ID_ from ibps_cat_type where ID_='"+fenLeiIdObj.toString().trim()+"'";
 
+					List<Map<String, Object>> catType = (List<Map<String, Object>>) commonDao.query(sql);
 
+					String ownerId = "";
 
+					String id = "" ;
 
+					if(catType.size()>0 && BeanUtils.isNotEmpty(catType.get(0).get("OWNER_ID_"))){
 
+						ownerId = catType.get(0).get("OWNER_ID_").toString();
 
+						id = catType.get(0).get("ID_").toString();
 
+					}
 
+					if(BeanUtils.isEmpty(ownerId)||ownerId.equals("0")){//说明不是私人的,跳过
 
+						return false;
 
+					}
 
+					Boolean filterFlag = !ownerId.equals(usrId);
 
+					if(filterFlag){
 
+						logger.warn("分类表记录id值[{}]账号[{}]私人数据,登录账号[{}]不允许查看",id,ownerId,usrId);
 
+					}
 
+					return filterFlag;
 
+				} catch (Exception e) {
 
+					return false;
 
+				}
 
+			});
 
+		}
 
+
 
+	}
 
+	private Field getFieldRecursively(Class<?> clazz, String fieldName) {
 
+		try {
 
+			return clazz.getDeclaredField(fieldName);
 
+		} catch (NoSuchFieldException e) {
 
+			if (clazz.getSuperclass() != null) {
 
+				return getFieldRecursively(clazz.getSuperclass(), fieldName);
 
+			}
 
+			throw new RuntimeException("字段 " + fieldName + " 不存在", e);
 
+		}
 
+	}
 
 	protected <E> APIPageList<E> getAPIPageList(List<E> data,String str){
 
 		APIPageList<E> apiPageList = new APIPageList<E>();
 
 		data.removeAll(Collections.singleton(null));

+ 3 - 1
ibps-provider-root/modules/provider-business/src/main/java/com/lc/ibps/components/employee/provider/OperateRecordProvider.java
Ver fichero 

@@ -3,6 +3,7 @@ package com.lc.ibps.components.employee.provider;
 
 import com.lc.ibps.api.base.constants.StateEnum;
 
 import com.lc.ibps.api.base.query.QueryFilter;
 
 import com.lc.ibps.base.core.constants.StringPool;
 
+import com.lc.ibps.base.web.context.ContextUtil;
 
 import com.lc.ibps.cloud.entity.APIPageList;
 
 import com.lc.ibps.cloud.entity.APIRequest;
 
 import com.lc.ibps.cloud.entity.APIResult;
 
@@ -43,8 +44,9 @@ public class OperateRecordProvider extends GenericProvider implements IOperateRe
 
 		APIResult<APIPageList<OperateRecordPo>> result = new APIResult<>();
 
 		try {
 
 			QueryFilter queryFilter = getQueryFilter(request);
 
+			String userId = ContextUtil.getCurrentUserId();
 
 			List<OperateRecordPo> data = operateRecordRepository.query(queryFilter);
 
-			APIPageList<OperateRecordPo> apiPageData = getAPIPageList(data);
 
+			APIPageList<OperateRecordPo> apiPageData = getAPIPageListByAcct(data,userId);
 
 			result.setData(apiPageData);
 
 		} catch (Exception e) {
 
 			// TODO ERROR => other error message