上传附件的时候，检查附件密级是否与人员密级匹配

aa97650f · 雍欢 · a788fad2 · aa97650f · aa97650f · aa97650f
Commit aa97650f authored Mar 08, 2021 by 雍欢
10 changed files
--- a/huigou-common/src/main/java/com/huigou/cache/DictionaryDesc.java
+++ b/huigou-common/src/main/java/com/huigou/cache/DictionaryDesc.java
 package com.huigou.cache;
-import java.io.Serializable;
 import com.huigou.context.MessageSourceContext;
+import java.io.Serializable;
 /**
 * 系统字典成员
 *
@@ -79,4 +79,5 @@ public class DictionaryDesc implements Serializable {
    public void setSequence(Integer sequence) {
        this.sequence = sequence;
    }
 }
--- a/huigou-data/src/main/java/com/huigou/data/domain/model/SecretRelatedEntity.java
+++ b/huigou-data/src/main/java/com/huigou/data/domain/model/SecretRelatedEntity.java
@@ -16,5 +16,5 @@ public interface SecretRelatedEntity {
    /**
     * 获取密级期限
     */
-    String setSecrecyLimit();
+    String getSecrecyLimit();
 }
--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/AttachmentSecretInfoResolver.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/AttachmentSecretInfoResolver.java
+package com.huigou.uasp.bmp.doc.attachment.application;
+import com.huigou.uasp.bmp.doc.attachment.domain.model.Attachment;
+/**
+ * 附件涉密信息解析器
+ *
+ * @author yonghuan
+ */
+public interface AttachmentSecretInfoResolver {
+    /**
+     * 解析附件密级
+     *
+     * @param attachment 附件
+     * @throws IllegalArgumentException 如果解析失败将抛出该异常
+     */
+    void resolve(Attachment attachment);
+}
--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/impl/TestAttachmentSecretInfoResolver.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/impl/TestAttachmentSecretInfoResolver.java
+package com.huigou.uasp.bmp.doc.attachment.application.impl;
+import com.huigou.cache.DictionaryDesc;
+import com.huigou.cache.SystemCache;
+import com.huigou.context.ThreadLocalUtil;
+import com.huigou.uasp.bmp.doc.attachment.application.AttachmentSecretInfoResolver;
+import com.huigou.uasp.bmp.doc.attachment.domain.model.Attachment;
+import com.huigou.uasp.bmp.doc.attachment.domain.model.AttachmentConfiguration;
+import com.huigou.uasp.bmp.doc.attachment.repository.AttachmentConfigurationRepository;
+import com.huigou.uasp.bmp.opm.application.OrgApplication;
+import com.huigou.uasp.bmp.opm.domain.model.org.Person;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.Assert;
+import java.util.Collection;
+import java.util.Objects;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+/**
+ * 这是一个测试类，该类认为附件名的格式为【密级名称】xxx.xx,如 【非密】报销单.pdf
+ *
+ * @author yonghuan
+ */
+public class TestAttachmentSecretInfoResolver implements AttachmentSecretInfoResolver {
+    /**
+     * 附件文件名格式,如 【非密】报销单.pdf
+     */
+    private final static Pattern FILE_NAME_PATTERN = Pattern.compile("^【(.+)】.+$");
+    private AttachmentConfigurationRepository attachmentConfigurationRepository;
+    private OrgApplication orgApplication;
+    @Autowired
+    public void setAttachmentConfigurationRepository(AttachmentConfigurationRepository attachmentConfigurationRepository) {
+        this.attachmentConfigurationRepository = attachmentConfigurationRepository;
+    }
+    @Autowired
+    public void setOrgApplication(OrgApplication orgApplication) {
+        this.orgApplication = orgApplication;
+    }
+    @Override
+    public void resolve(Attachment attachment) {
+        AttachmentConfiguration attachmentConfiguration = attachmentConfigurationRepository.findByCode(attachment.getBizKindId());
+        if (!Objects.equals(attachmentConfiguration.getEnableSecret(), 1)) {
+            // 未启用密级
+            return;
+        }
+        // 1、从文件名中解析附件密级
+        Matcher matcher = FILE_NAME_PATTERN.matcher(attachment.getFileName());
+        Assert.isTrue(matcher.matches(), "附件名不合法");
+        String attachmentSecurityGradeName = matcher.group(1);
+        Assert.hasText(attachmentSecurityGradeName, "附件名中未包含附件密级信息");
+        Collection<DictionaryDesc> secrecyLevels = SystemCache.getDictionary("secrecyLevel").values();
+        DictionaryDesc attachmentSecurityGrade = secrecyLevels
+                .stream()
+                .filter(e -> Objects.equals(e.getName(), attachmentSecurityGradeName))
+                .findAny()
+                .orElseThrow(() -> new IllegalArgumentException(String.format("无效的附件密级：%s", attachmentSecurityGradeName)));
+        // 2、校验附件密级是否与人员密级匹配
+        Person person = orgApplication.loadPerson(ThreadLocalUtil.getOperator().getUserId());
+        DictionaryDesc personSecurityGrade = secrecyLevels
+                .stream()
+                .filter(e -> Objects.equals(e.getValue(), person.getPersonSecurityGrade()))
+                .findAny()
+                .orElseThrow(() -> new IllegalArgumentException(String.format("无效的人员密级：%s", person.getPersonSecurityGrade())));
+        boolean personSecurityGradeGreaterThanAttachmentSecurityGrade = personSecurityGrade.getSequence().compareTo(attachmentSecurityGrade.getSequence()) > -1;
+        Assert.isTrue(personSecurityGradeGreaterThanAttachmentSecurityGrade, "附件密级与人员密级不匹配");
+        // 3、设置附件密级
+        attachment.setSecretLevel(attachmentSecurityGrade.getValue());
+    }
+}
--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/impl/WebUploaderServiceImpl.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/impl/WebUploaderServiceImpl.java
@@ -19,6 +19,7 @@ import java.util.Map;
 import java.util.Random;
 import java.util.concurrent.locks.Lock;
+import com.huigou.uasp.bmp.doc.attachment.application.AttachmentSecretInfoResolver;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -41,6 +42,8 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
    @Autowired
    private AttachmentApplication attachmentApplication;
+    @Autowired
+    private AttachmentSecretInfoResolver attachmentSecretInfoResolver;
    /**
     * 文件上传路径更新为指定文件信息签名后的临时文件夹，用于后期合并
@@ -242,6 +245,7 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
        return null;
    }
    @Override
    public String saveFileMap(FileInfo fileInfo, File newFile) {
        if (newFile == null || !newFile.exists()) {
@@ -272,6 +276,7 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
            attachment.setStatus(Attachment.Status.NORMAL.getId());
            attachment.setUploadKind(Attachment.UploadKind.WEB.name());
            attachment.setIsMore(fileInfo.getIsMore());
+            attachmentSecretInfoResolver.resolve(attachment);
            return this.attachmentApplication.saveAttachment(attachment);
        } catch (Exception ex) {

--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/domain/model/Attachment.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/domain/model/Attachment.java
@@ -10,6 +10,7 @@ import javax.persistence.Entity;
 import javax.persistence.Table;
 import javax.persistence.Transient;
+import com.huigou.data.domain.model.SecretRelatedEntity;
 import org.springframework.util.Assert;
 import com.huigou.context.Operator;
@@ -24,7 +25,7 @@ import com.huigou.data.domain.model.Creator;
 */
 @Entity
 @Table(name = "SA_Attachment")
-public class Attachment extends AbstractEntity {
+public class Attachment extends AbstractEntity implements SecretRelatedEntity {
    private static final long serialVersionUID = 8896755628851634664L;
@@ -63,6 +64,17 @@ public class Attachment extends AbstractEntity {
    @Embedded
    private Creator creator;
+    /**
+     * 密级
+     */
+    @Column(name = "secret_level")
+    private String secretLevel;
+    /**
+     * 密级期限
+     */
+    @Column(name = "secrecy_limit")
+    private String secrecyLimit;
    @Transient
    private String isMore;
@@ -179,6 +191,24 @@ public class Attachment extends AbstractEntity {
        this.sequence = sequence;
    }
+    @Override
+    public String getSecretLevel() {
+        return secretLevel;
+    }
+    public void setSecretLevel(String secretLevel) {
+        this.secretLevel = secretLevel;
+    }
+    @Override
+    public String getSecrecyLimit() {
+        return secrecyLimit;
+    }
+    public void setSecrecyLimit(String secrecyLimit) {
+        this.secrecyLimit = secrecyLimit;
+    }
    @Override
    public void checkConstraints() {
        super.checkConstraints();

--- a/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/domain/model/AttachmentConfiguration.java
+++ b/huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/domain/model/AttachmentConfiguration.java
@@ -30,6 +30,11 @@ public class AttachmentConfiguration extends BaseInfoWithFolderAbstractEntity {
    @OneToMany(cascade = CascadeType.ALL, orphanRemoval = true)
    @JoinColumn(name = "attachmentconfig_id")
    private List<AttachmentConfigurationDetail> details;
+    /**
+     * 是否启用密级
+     */
+    @Column(name = "enable_secret")
+    private Integer enableSecret;
    private String remark;
@@ -49,6 +54,14 @@ public class AttachmentConfiguration extends BaseInfoWithFolderAbstractEntity {
        this.remark = remark;
    }
+    public Integer getEnableSecret() {
+        return enableSecret;
+    }
+    public void setEnableSecret(Integer enableSecret) {
+        this.enableSecret = enableSecret;
+    }
    @Override
    @JsonIgnore
    public List<AttachmentConfigurationDetail> getDetails() {

--- a/huigou-xt/src/main/resources/config/spring/spring-extend.xml
+++ b/huigou-xt/src/main/resources/config/spring/spring-extend.xml
@@ -21,6 +21,15 @@
        <property name="useTspm" value="false"/>
        <property name="enableTspm" value="false"/>
        <property name="doHideSuperAdministrator" value="false"/>
+        <!-- 三员日志查看权限 -->
+        <property name="logAuthorities">
+            <value>
+                common=
+                administrator=
+                securityGuard=common,auditor
+                auditor=administrator,securityGuard
+            </value>
+        </property>
    </bean>
    <bean id="loadExpressClasses" class="com.huigou.express.LoadExpressClasses">
@@ -61,5 +70,8 @@
        <property name="initPswMail" value="initPasswordMail"/>
    </bean>
-    <bean id="awesomeCssIconParser" class="com.huigou.uasp.bmp.opm.application.impl.FontAwesomeCssIconParser" />
+    <bean id="awesomeCssIconParser" class="com.huigou.uasp.bmp.opm.application.impl.FontAwesomeCssIconParser"/>
+    <bean id="attachmentSecretInfoResolver"
+          class="com.huigou.uasp.bmp.doc.attachment.application.impl.TestAttachmentSecretInfoResolver" />
 </beans>
--- a/huigou-xt/src/main/webapp/biz/demo/leaveDetails.jsp
+++ b/huigou-xt/src/main/webapp/biz/demo/leaveDetails.jsp
@@ -28,7 +28,7 @@
        <div class="hg-form-cols">
            <div class="hg-form-row">
                <x:selectC name="secretLevel" title="密级" required="true" label="密级" labelCol="2" fieldCol="2"
-                           dictionary="personSecurityGrade"/>
+                           dictionary="secrecyLevel"/>
                <x:inputC name="secrecyLimit" title="密级年限" required="false" label="密级年限" labelCol="2" fieldCol="2"
                          mask="nnn"/>
            </div>

--- a/huigou-xt/src/main/webapp/system/configuration/AttachmentConfigurationDetail.jsp
+++ b/huigou-xt/src/main/webapp/system/configuration/AttachmentConfigurationDetail.jsp
@@ -8,6 +8,7 @@
 		<x:inputC name="name" required="true" label="名称" maxLength="32" labelCol="1" fieldCol="3"/>
 		<x:radioC name="allowDelete" label="可删除" dictionary="yesorno"
 			value="1" labelCol="2" fieldCol="2"/>
+		<x:radioC name="enableSecret" label="启用密级" dictionary="yesorno" value="1" labelCol="2" fieldCol="2"/>
 	</div>
 	<div class="hg-form-row">
 		<x:inputC name="remark" required="false" label="备注" maxLength="128" labelCol="1" fieldCol="11"/>