【流程+表单】完善子集权限控制

63eb40e7 · 雍欢 · ce1cfa62 · 63eb40e7 · 63eb40e7 · 63eb40e7
Commit 63eb40e7 authored Nov 06, 2020 by 雍欢
6 changed files
--- a/huigou-explorer/src/main/java/com/huigou/explorer/controller/ModelController.java
+++ b/huigou-explorer/src/main/java/com/huigou/explorer/controller/ModelController.java
@@ -17,6 +17,7 @@ import com.huigou.uasp.client.CommonController;
 import com.huigou.uasp.log.annotation.LogInfo;
 import com.huigou.uasp.log.domain.model.LogType;
 import com.huigou.uasp.log.domain.model.OperationType;
+import com.huigou.util.ClassHelper;
 import com.huigou.util.SDO;
 import com.mxgraph.util.mxUtils;
 import org.activiti.bpmn.converter.BpmnXMLConverter;
@@ -26,6 +27,7 @@ import org.activiti.engine.delegate.ExecutionListener;
 import org.activiti.engine.delegate.TaskListener;
 import org.activiti.engine.impl.util.io.StringStreamSource;
 import org.activiti.engine.repository.ProcessDefinition;
+import org.apache.commons.beanutils.converters.ClassConverter;
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
@@ -281,9 +283,21 @@ public class ModelController extends CommonController implements ApplicationCont
    public String queryFormFields() {
        String formNo = getSDO().getString("formNo");
        EntityManager em = generalRepository.getEntityManager();
-        List<?> formFields = em.createQuery("select fa from FormAttribute fa inner join  SafFormslist f on fa.formId=f.id where f.formNo=:formNo")
+        List<Map<String, Object>> formFields = ((List<Object>) em.createQuery("select fa from FormAttribute fa inner join  SafFormslist f on fa.formId=f.id where f.formNo=:formNo")
                .setParameter("formNo", formNo)
-                .getResultList();
+                .getResultList())
+                .stream()
+                .map(field -> ClassHelper.beanToMap(field))
+                .map((Map<String, Object> field) -> {
+                    em.createQuery("select t.name from DbTables t where t.tableName=:tableName")
+                            .setParameter("tableName", field.get("tableName"))
+                            .getResultList()
+                            .stream()
+                            .map(String::valueOf)
+                            .findAny()
+                            .ifPresent(tableName -> field.put("tableLabel", tableName));
+                    return field;
+                }).collect(Collectors.toList());
        return toResult(formFields);
    }


--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/ExecuteContextInterceptor.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/intercept/ExecuteContextInterceptor.java
 package com.huigou.uasp.bmp.intercept;

-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
 import com.huigou.context.ContextUtil;
 import com.huigou.context.Operator;
 import com.huigou.context.ThreadLocalUtil;
+import com.huigou.data.domain.model.AbstractEntity;
 import com.huigou.data.repository.GeneralRepository;
 import com.huigou.exception.ApplicationException;
 import com.huigou.uasp.bmp.operator.OperatorUIElementPermissionBuilder;
@@ -25,6 +24,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.*;
+import java.util.stream.Collectors;

 /**
 * 系统权限获取 页面元素使用
@@ -52,16 +52,16 @@ public class ExecuteContextInterceptor extends HandlerInterceptorAdapter {
    private void handlePermission(Collection<Map<String, Object>> permissions, HttpServletRequest request) {
        if (permissions != null && permissions.size() > 0) {
            request.getSession().setAttribute("PermissionInterceptorSet", permissions);
-            Map<String, Object> noaccessField = new HashMap<String, Object>(permissions.size());
-            Map<String, Object> noaccessDetail = new HashMap<String, Object>(permissions.size());
+            Map<String, Object> noaccessField = new HashMap<>(permissions.size());
+            Map<String, Object> noaccessDetail = new HashMap<>(permissions.size());
            String code = "", operationId = "", uiElmentKindId = "";
            for (Map<String, Object> m : permissions) {
                // 如果界面元素的formFieldId不为空，则说明该界面元素是与表单字段进行的绑定，这时需要将界面元素的code替换为：field+表单字段排序
                String formFieldId = (String) m.get("formFieldId");
                if (StringUtils.isNotBlank(formFieldId)) {
-                    generalRepository.getEntityManager().createQuery("select fa from FormAttribute fa where fa.id=?1")
+                    ((List<? extends AbstractEntity>) generalRepository.getEntityManager().createQuery("select fa from FormAttribute fa where fa.id=?1")
                            .setParameter(1, formFieldId)
-                            .getResultList()
+                            .getResultList())
                            .stream()
                            .findAny()
                            .map(this::formatFormFieldName)
@@ -91,60 +91,36 @@ public class ExecuteContextInterceptor extends HandlerInterceptorAdapter {
        }
    }

-    private String formatFormFieldName(Object formField) {
-        String formId, fieldName;
+    private String formatFormFieldName(AbstractEntity formField) {
+        String formId, tableName;
+        Integer tableType;
        try {
            formId = BeanUtils.getProperty(formField, "formId");
-            fieldName = BeanUtils.getProperty(formField, "attrCode");
+            tableName = BeanUtils.getProperty(formField, "tableName");
+            tableType = Integer.valueOf(BeanUtils.getProperty(formField, "tableType"));
        } catch (Exception e) {
            throw new ApplicationException(e);
        }
-        Optional<JSONObject> optionalJson = getFormJson(formId);
        int index = -1;
-        if (optionalJson.isPresent()) {
-            // 从json中解析字段的显示index
-            List<Object> formFields = optionalJson.get().getJSONArray("list");
-            for (Object o : formFields) {
-                index++;
-                JSONObject f = (JSONObject) o;
-                if (Objects.equals(f.getString("model"), fieldName)) {
-                    break;
-                }
-            }
-        } else {
-            // 从SAF_FORM_ATTRIBUTE从解析字段的显示index
-            List<Object> formFields = generalRepository.getEntityManager().createQuery("select fa from FormAttribute fa where fa.formId=:formId order by fa.sequence")
-                    .setParameter("formId", formId)
-                    .getResultList();
-            for (Object f : formFields) {
-                index++;
-                if (f.equals(formField)) {
-                    break;
-                }
-            }
-        }
-        return String.format("field%d", index);
-    }
-
-    /**
-     * 获取表单字段的定义JSON
-     *
-     * @param formId 表单id
-     * @return 表单字段的定义JSON
-     */
-    private Optional<JSONObject> getFormJson(String formId) {
-        return generalRepository.getEntityManager().createQuery("select f from SafFormslist f where f.id=:formId")
+        // 从SAF_FORM_ATTRIBUTE从解析字段的显示index
+        List<Map<String, Object>> formFields = ((List<? extends AbstractEntity>) generalRepository.getEntityManager()
+                .createQuery("select fa from FormAttribute fa where fa.formId=:formId order by fa.sequence")
                .setParameter("formId", formId)
-                .getResultList()
+                .getResultList())
                .stream()
-                .findAny()
-                .map(form -> {
-                    try {
-                        return BeanUtils.getProperty(form, "json");
-                    } catch (Exception e) {
-                        throw new ApplicationException(e);
-                    }
-                }).map(str -> JSON.parseObject((String) str));
+                .map(ClassHelper::beanToMap)
+                // 根据表名分组
+                .collect(Collectors.groupingBy(field -> field.get("tableName")))
+                .getOrDefault(tableName, Collections.emptyList());
+        for (Map<String, Object> f : formFields) {
+            index++;
+            if (formField.getId().equals(f.get("id"))) {
+                break;
+            }
+        }
+        return Objects.equals(tableType, 2) ?
+                String.format("%s.field%d", StringUtil.getHumpName(tableName), index)
+                : String.format("field%d", index);
    }

    public void intercept(HttpServletRequest request, HttpServletResponse response) throws Exception {

--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/operator/impl/OperatorUIElementPermissionBuilderImp.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/operator/impl/OperatorUIElementPermissionBuilderImp.java
@@ -86,11 +86,7 @@ public class OperatorUIElementPermissionBuilderImp implements OperatorUIElementP
                }
            }
            String approvalRuleHandlerId = procUnitHandler != null ? procUnitHandler.getApprovalRuleHandlerId() : null;
-            flowElementFieldPermissions.forEach(it -> {
-                it.put("approvalRuleHandlerId", approvalRuleHandlerId);
-                // TODO 暂时标记为主集
-                it.put("kindId", "0");
-            });
+            flowElementFieldPermissions.forEach(it -> it.put("approvalRuleHandlerId", approvalRuleHandlerId));
            return flowElementFieldPermissions;
        }
    }
@@ -121,8 +117,10 @@ public class OperatorUIElementPermissionBuilderImp implements OperatorUIElementP
                .map(ExtensionAttribute::getValue)
                .map(formNo -> getFlowElementFieldPermissions(formNo, fe))
                .orElseGet(Collections::emptyList);
-        // TODO 暂时设置为主表
-        flowElementFieldPermissions.forEach(flowElementFieldPermission -> flowElementFieldPermission.put("kindId", "0"));
+        flowElementFieldPermissions.forEach(flowElementFieldPermission ->
+                getFormFieldPermissionKindId((String) flowElementFieldPermission.get("formFieldId"))
+                        .ifPresent(kindId -> flowElementFieldPermission.put("kindId", kindId))
+        );
        return flowElementFieldPermissions;
    }

@@ -205,6 +203,7 @@ public class OperatorUIElementPermissionBuilderImp implements OperatorUIElementP
                // 不是关联的表单字段，直接添加进合并结果集
                mergeResult.add(o);
            }
+            getFormFieldPermissionKindId(formFieldId).ifPresent(kindId -> o.put("kindId", kindId));
            Optional<Map<String, Object>> uiElementPermissionOptional = mergeResult.stream().filter(it -> it.get("formFieldId").equals(formFieldId)).findAny();
            if (uiElementPermissionOptional.isPresent()) {
                Map<String, Object> uiElementPermission = uiElementPermissionOptional.get();
@@ -216,6 +215,15 @@ public class OperatorUIElementPermissionBuilderImp implements OperatorUIElementP
        return mergeResult;
    }

+    private Optional<Integer> getFormFieldPermissionKindId(String formFieldId) {
+        return ((List<Integer>) generalRepository.getEntityManager().createQuery("select fa.tableType from FormAttribute fa where fa.id=:formFieldId")
+                .setParameter("formFieldId", formFieldId)
+                .getResultList())
+                .stream()
+                .findAny()
+                .map(tableType -> tableType.intValue() == 1 ? 0 : 1);
+    }
+
    private Optional<ExtensionAttribute> getFieldExtensionElement(BaseElement be, String fieldName) {
        return be.getExtensionElements().getOrDefault("field", Collections.emptyList())
                .stream()

--- a/huigou-xt/src/main/webapp/javaScript/UICtrl.js
+++ b/huigou-xt/src/main/webapp/javaScript/UICtrl.js
@@ -98,13 +98,26 @@ UICtrl.useUIElementPermission = function ($doc) {

 // 获取不同类别权限字段
 // kindId 0：主集 ，1：子集 ，2：按钮 {FIELD:'0',DETAIL:'1',BUTTON:'2'}
-UICtrl.getUIElementPermissions = function (operationId, kindId) {
+UICtrl.getUIElementPermissions = function (operationId, kindId, gridId) {
    var result = [], permission = window['UIElementPermission'] || {};
    $.each(permission, function (p, o) {
        if (o.operationId == operationId && o.kindId == kindId) {
            result.push(p);
        }
    });
+    // 针对自定义表单做特别处理
+    if (gridId) {
+        _.each(_.pairs(permission), function (kv) {
+            var permission = kv[1];
+            if (permission.operationId == operationId && permission.kindId == kindId && /([a-zA-Z0-9_]+)\.([a-zA-Z0-9_]+)/.test(kv[0])) {
+                var tableName = RegExp.$1;
+                if (tableName + 'Grid' == gridId) {
+                    var fieldName = RegExp.$2;
+                    result.push(fieldName)
+                }
+            }
+        });
+    }
    return result;
 };

@@ -172,11 +185,11 @@ UICtrl.checkButtonNoAccess = function (id, gridId) {
 UICtrl.disposeGridPermissionField = function (options, gridId) {
    options = options || {};
    // 取子集中只读字段
-    var readOnlyList = UICtrl.getUIElementPermissions(UIPO.READONLY, UIPK.DETAIL);
+    var readOnlyList = UICtrl.getUIElementPermissions(UIPO.READONLY, UIPK.DETAIL, gridId);
    // 取子集中无访问权限字段
-    var noAccessList = UICtrl.getUIElementPermissions(UIPO.NOACCESS, UIPK.DETAIL);
+    var noAccessList = UICtrl.getUIElementPermissions(UIPO.NOACCESS, UIPK.DETAIL, gridId);
    // 取子集中有读写权限字段
-    var readwriteList = UICtrl.getUIElementPermissions(UIPO.READWRITE, UIPK.DETAIL);
+    var readwriteList = UICtrl.getUIElementPermissions(UIPO.READWRITE, UIPK.DETAIL, gridId);
    var columns = options['columns'];
    if (options.enabledEdit === true) {
        if (Public.isReadOnly) {// 只读模式不添加事件

--- a/huigou-xt/src/main/webapp/system/configtool/editor/js/Format.js
+++ b/huigou-xt/src/main/webapp/system/configtool/editor/js/Format.js
@@ -5040,7 +5040,7 @@ PropertyPanel.prototype.init = function () {
                        for (var i = 0; i < formParameters.length; i++) {
                            var formParameter = formParameters[i];
                            var html = ['<div class="hg-form-row">'];
-                            html.push('<div class="col-xs-4 col-sm-4"><label class="hg-form-label">' + formParameter.attrName + '</label></div>');
+                            html.push('<div class="col-xs-4 col-sm-4"><label class="hg-form-label"><b>' + formParameter.attrName + '</b>[' + formParameter.tableLabel + ']' + '</label></div>');
                            html.push('<div class="col-xs-8 col-white-bg col-sm-8">')
                            html.push('<input type="checkbox" name="' + formParameter.attrCode + '" value="readwrite" id="' + formParameter.attrCode + '_readwrite"><label for="' + formParameter.parmCode + '_readwrite" style="margin:0 5px 0 5px">读写</label>');
                            html.push('<input type="checkbox" name="' + formParameter.attrCode + '" value="readonly" id="' + formParameter.attrCode + '_readonly"><label for="' + formParameter.parmCode + '_readonly" style="margin:0 5px 0 5px">只读</label>');

--- a/huigou-xt/src/main/webapp/template/simple/headBase.ftl
+++ b/huigou-xt/src/main/webapp/template/simple/headBase.ftl
@@ -4,6 +4,7 @@
 	<link href='${parameters.webApp?default("")?html}/themes/css/style.css?v=20181010' rel='stylesheet' type='text/css'/>
 	<link href='${parameters.webApp?default("")?html}/themes/css/ui.css?v=20181009' rel='stylesheet' type='text/css'/>
 <#--	<script src='${parameters.webApp?default("")?html}/javaScript/WEB_APP.js' type='text/javascript'></script>-->
+	<script src='${parameters.webApp?default("")?html}/lib/underscore-min.js' type='text/javascript'></script>
 	<script src='${parameters.webApp?default("")?html}/lib/jquery/jquery.min.js' type='text/javascript'></script>
 	<script src='${parameters.webApp?default("")?html}/lib/jquery/jquery.json-2.4.min.js' type='text/javascript'></script>
 	<script src='${parameters.webApp?default("")?html}/lib/jquery/jquery.i18n.properties.js' type='text/javascript'></script>