上传附件的时候，检查附件密级是否与人员密级匹配、校验附件密级是否与表单密级匹配

huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/AttachmentSecretInfoResolver.java

 package com.huigou.uasp.bmp.doc.attachment.application;
 
-import com.huigou.uasp.bmp.doc.attachment.domain.model.Attachment;
+import com.huigou.uasp.bmp.doc.attachment.domain.model.FileInfo;
 
 /**
  * 附件涉密信息解析器
@@ -12,9 +12,10 @@ public interface AttachmentSecretInfoResolver {
     /**
      * 解析附件密级
      *
-     * @param attachment 附件
+     * @param fileInfo 附件
+     * @return 附件密级
      * @throws IllegalArgumentException 如果解析失败将抛出该异常
      */
-    void resolve(Attachment attachment);
+    String resolve(FileInfo fileInfo);
 
 }

huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/WebUploaderService.java

@@ -2,6 +2,7 @@ package com.huigou.uasp.bmp.doc.attachment.application;
 
 import java.io.File;
 
+import com.huigou.uasp.bmp.doc.attachment.domain.model.Attachment;
 import com.huigou.uasp.bmp.doc.attachment.domain.model.FileInfo;
 
 
@@ -40,4 +41,6 @@ public interface WebUploaderService {
      * @return
      */
     String saveFileMap(FileInfo info, File file);
-}
+
\ No newline at end of file
+    Attachment saveFile(FileInfo info, File file);
+}

huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/impl/TestAttachmentSecretInfoResolver.java

@@ -4,8 +4,8 @@ import com.huigou.cache.DictionaryDesc;
 import com.huigou.cache.SystemCache;
 import com.huigou.context.ThreadLocalUtil;
 import com.huigou.uasp.bmp.doc.attachment.application.AttachmentSecretInfoResolver;
-import com.huigou.uasp.bmp.doc.attachment.domain.model.Attachment;
 import com.huigou.uasp.bmp.doc.attachment.domain.model.AttachmentConfiguration;
+import com.huigou.uasp.bmp.doc.attachment.domain.model.FileInfo;
 import com.huigou.uasp.bmp.doc.attachment.repository.AttachmentConfigurationRepository;
 import com.huigou.uasp.bmp.opm.application.OrgApplication;
 import com.huigou.uasp.bmp.opm.domain.model.org.Person;
@@ -49,14 +49,14 @@ public class TestAttachmentSecretInfoResolver implements AttachmentSecretInfoRes
     }
 
     @Override
-    public void resolve(Attachment attachment) {
-        AttachmentConfiguration attachmentConfiguration = attachmentConfigurationRepository.findByCode(attachment.getBizKindId());
+    public String resolve(FileInfo fileInfo) {
+        AttachmentConfiguration attachmentConfiguration = attachmentConfigurationRepository.findByCode(fileInfo.getBizCode());
         if (!Objects.equals(attachmentConfiguration.getEnableSecret(), 1)) {
             // 未启用密级
-            return;
+            return null;
         }
         // 1、从文件名中解析附件密级
-        Matcher matcher = FILE_NAME_PATTERN.matcher(attachment.getFileName());
+        Matcher matcher = FILE_NAME_PATTERN.matcher(fileInfo.getName());
         Assert.isTrue(matcher.matches(), "附件名不合法");
         String attachmentSecurityGradeName = matcher.group(1);
         Assert.hasText(attachmentSecurityGradeName, "附件名中未包含附件密级信息");
@@ -75,7 +75,16 @@ public class TestAttachmentSecretInfoResolver implements AttachmentSecretInfoRes
                 .orElseThrow(() -> new IllegalArgumentException(String.format("无效的人员密级：%s", person.getPersonSecurityGrade())));
         boolean personSecurityGradeGreaterThanAttachmentSecurityGrade = personSecurityGrade.getSequence().compareTo(attachmentSecurityGrade.getSequence()) > -1;
         Assert.isTrue(personSecurityGradeGreaterThanAttachmentSecurityGrade, "附件密级与人员密级不匹配");
-        // 3、设置附件密级
-        attachment.setSecretLevel(attachmentSecurityGrade.getValue());
+        // 3、校验附件密级是否与表单密级匹配
+        Assert.hasText(fileInfo.getFormSecretLevel(), "表单密级不能为空");
+        DictionaryDesc formSecurityGrade = secrecyLevels
+                .stream()
+                .filter(e -> Objects.equals(e.getValue(), fileInfo.getFormSecretLevel()))
+                .findAny()
+                .orElseThrow(() -> new IllegalArgumentException(String.format("无效的表单密级：%s", fileInfo.getFormSecretLevel())));
+        boolean formSecurityGradeThanAttachmentSecurityGrade = formSecurityGrade.getSequence().compareTo(attachmentSecurityGrade.getSequence()) > -1;
+        Assert.isTrue(formSecurityGradeThanAttachmentSecurityGrade, "附件密级与表单密级不匹配");
+        // 4、返回附件密级
+        return attachmentSecurityGrade.getValue();
     }
 }

huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/application/impl/WebUploaderServiceImpl.java

@@ -47,7 +47,7 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 文件上传路径更新为指定文件信息签名后的临时文件夹，用于后期合并
-     * 
+     *
      * @param info
      * @return
      */
@@ -64,7 +64,7 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 获取文件保存目录
-     * 
+     *
      * @return
      */
     private String getFileSavePath(FileInfo info) {
@@ -81,7 +81,7 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 获取正式文件保存路径信息
-     * 
+     *
      * @return
      */
     private Map<String, String> getSaveFilePathInfo(FileInfo info) {
@@ -245,6 +245,11 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
         return null;
     }
 
+    @Override
+    public Attachment saveFile(FileInfo fileInfo, File newFile) {
+        String id = saveFileMap(fileInfo, newFile);
+        return attachmentApplication.loadAttachment(id);
+    }
 
     @Override
     public String saveFileMap(FileInfo fileInfo, File newFile) {
@@ -276,7 +281,7 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
             attachment.setStatus(Attachment.Status.NORMAL.getId());
             attachment.setUploadKind(Attachment.UploadKind.WEB.name());
             attachment.setIsMore(fileInfo.getIsMore());
-            attachmentSecretInfoResolver.resolve(attachment);
+            attachment.setSecretLevel(attachmentSecretInfoResolver.resolve(fileInfo));
             return this.attachmentApplication.saveAttachment(attachment);
 
         } catch (Exception ex) {
@@ -290,11 +295,9 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
     /**
      * 清理分片上传的相关数据
      * 文件夹，tmp文件
-     * 
-     * @param folder
-     *            文件夹名称
-     * @param path
-     *            上传文件根路径
+     *
+     * @param folder 文件夹名称
+     * @param path   上传文件根路径
      * @return
      */
     private boolean cleanSpace(String folder, String path) {
@@ -313,9 +316,8 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 获取指定文件的所有分片
-     * 
-     * @param folder
-     *            文件夹路径
+     *
+     * @param folder 文件夹路径
      * @return
      */
     private File[] getChunks(String folder) {
@@ -339,9 +341,8 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 获取指定文件的分片数量
-     * 
-     * @param folder
-     *            文件夹路径
+     *
+     * @param folder 文件夹路径
      * @return
      */
     private int getChunksNum(String folder) {
@@ -354,9 +355,8 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 创建存放上传的文件的文件夹
-     * 
-     * @param file
-     *            文件夹路径
+     *
+     * @param file 文件夹路径
      * @return
      */
     private boolean createFileFolder(String file, boolean hasTmp) {
@@ -389,9 +389,8 @@ public class WebUploaderServiceImpl extends BaseApplication implements WebUpload
 
     /**
      * 为上传的文件生成随机名称
-     * 
-     * @param ext
-     *            文件的原始名称，主要用来获取文件的后缀名
+     *
+     * @param ext 文件的原始名称，主要用来获取文件的后缀名
      * @return
      */
     private String randomFileName(String extName) {

huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/controller/WebUploadController.java

@@ -3,6 +3,7 @@ package com.huigou.uasp.bmp.doc.attachment.controller;
 import java.io.File;
 import java.util.Map;
 
+import com.huigou.uasp.bmp.doc.attachment.domain.model.Attachment;
 import org.apache.commons.fileupload.FileItem;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -57,6 +58,7 @@ public class WebUploadController extends CommonController {
         info.setUniqueName(sdo.getProperty("uniqueName", String.class));
         info.setIsMore(sdo.getProperty("isMore", String.class));
         info.setDeleteOld(sdo.getProperty("deleteOld", String.class));
+        info.setFormSecretLevel(sdo.getProperty("formSecretLevel", String.class));
         try {
             String chunkIndex = sdo.getProperty("chunkIndex", String.class);
             info.setChunkIndex(Integer.parseInt(chunkIndex));
@@ -91,9 +93,11 @@ public class WebUploadController extends CommonController {
                 if (info.getChunks() <= 0) {
                     String backurl = this.getBackurl();
                     if (StringUtil.isBlank(backurl)) {
-                        String attachmentId = webUploaderService.saveFileMap(info, target);
+                        Attachment attachment = webUploaderService.saveFile(info, target);
                         Map<String, Object> map = info.toMap();
-                        map.put("id", attachmentId);
+                        map.put("id", attachment.getId());
+                        map.put("secretLevel", attachment.getSecretLevel());
+                        map.put("secretLimit", attachment.getSecrecyLimit());
                         return toResult(map);
                     } else {
                         Map<String, Object> param = info.toMap();
@@ -178,9 +182,11 @@ public class WebUploadController extends CommonController {
             }
             String backurl = this.getBackurl();
             if (StringUtil.isBlank(backurl)) {
-                String fileId = webUploaderService.saveFileMap(info, target);
+                Attachment attachment = webUploaderService.saveFile(info, target);
                 Map<String, Object> map = info.toMap();
-                map.put("id", fileId);
+                map.put("id", attachment.getId());
+                map.put("secretLevel", attachment.getSecretLevel());
+                map.put("secretLimit", attachment.getSecrecyLimit());
                 return toResult(map);
             } else {
                 Map<String, Object> param = info.toMap();
@@ -208,4 +214,4 @@ public class WebUploadController extends CommonController {
         sdo.putProperty("uploadFileType", allowTypes);
         return forward("/lib/webUploader/batchUpload/batchUpload.jsp", sdo);
     }
-}
+}
\ No newline at end of file

huigou-uasp/src/main/java/com/huigou/uasp/bmp/doc/attachment/domain/model/FileInfo.java

@@ -14,7 +14,7 @@ import com.huigou.util.FileHelper;
 
 /**
  * webUploader附件文件对象
- * 
+ *
  * @author gongmm
  */
 public class FileInfo {
@@ -50,6 +50,10 @@ public class FileInfo {
     private String savePath;
 
     private String uniqueName;
+    /**
+     * 对应的表单密级
+     */
+    private String formSecretLevel;
 
     public FileInfo() {
         bizCode = "";
@@ -184,6 +188,14 @@ public class FileInfo {
         this.uniqueName = uniqueName;
     }
 
+    public String getFormSecretLevel() {
+        return formSecretLevel;
+    }
+
+    public void setFormSecretLevel(String formSecretLevel) {
+        this.formSecretLevel = formSecretLevel;
+    }
+
     public boolean deleteOld() {
         return "true".equals(this.deleteOld);
     }
@@ -246,6 +258,6 @@ public class FileInfo {
 
     public String toString() {
         return "name=" + this.name + "; size=" + this.size + "; chunkIndex=" + this.chunkIndex + "; id=" + this.id + "; chunks=" + this.chunks + "; chunk="
-               + this.chunk + "; lastModifiedDate=" + this.lastModifiedDate + "; type=" + this.type + "; ext=" + this.ext;
+                + this.chunk + "; lastModifiedDate=" + this.lastModifiedDate + "; type=" + this.type + "; ext=" + this.ext;
     }
 }

huigou-xt/src/main/resources/config/spring/spring-extend.xml

@@ -74,6 +74,6 @@
 
     <bean id="attachmentSecretInfoResolver"
           class="com.huigou.uasp.bmp.doc.attachment.application.impl.TestAttachmentSecretInfoResolver">
-        <property name="securityGradeDictionaryCode" value="secrecyLevel"/>
+        <property name="securityGradeDictionaryCode" value="securityGrade"/>
     </bean>
 </beans>

huigou-xt/src/main/webapp/biz/demo/leaveDetails.jsp

@@ -28,7 +28,7 @@
         <div class="hg-form-cols">
             <div class="hg-form-row">
                 <x:selectC name="secretLevel" title="密级" required="true" label="密级" labelCol="2" fieldCol="2"
-                           dictionary="secrecyLevel"/>
+                           dictionary="securityGrade"/>
                 <x:inputC name="secrecyLimit" title="密级年限" required="false" label="密级年限" labelCol="2" fieldCol="2"
                           mask="nnn"/>
             </div>
@@ -55,7 +55,9 @@
     function setId(leaveId) {
         $("#leaveId").val(leaveId);
         // 为文件上传控件绑定业务id
-        $('#fileList').fileList({bizId: leaveId});
+        $('#fileList').fileList({
+            bizId: leaveId
+        });
     }
 
     /**

huigou-xt/src/main/webapp/lib/webUploader/jquery.webuploader.js

@@ -17,7 +17,7 @@ WebUploader.Uploader.register({
         //秒传验证
         var task = new $.Deferred();
         var data = $.extend(true, JQWebUploader.getFileParam(file),param);
-        $.ajax({type: "POST", url: JQWebUploader.getBackEndUrl('md5Check'), cache: false, dataType: "json", 
+        $.ajax({type: "POST", url: JQWebUploader.getBackEndUrl('md5Check'), cache: false, dataType: "json",
         	timeout: 1000, //TODO 超时的话，只能认为该文件不曾上传过
         	data:data
         }).then(function(data, textStatus, jqXHR){
@@ -130,6 +130,8 @@ JQWebUploader.createWebUploader=function(element){
 			this['JQWebUploader']=jqWebUp;
 			//动态设置fromData属性
 			this.options.formData=jqWebUp.getParam();
+			// 取到表单密级
+			this.options.formData.formSecretLevel = getSecretLevel();
 		});
 		//当文件被加入队列之前触发，此事件的handler返回值为false，则此文件不会被添加进入队列
 		uploader.on("beforeFileQueued", function(file){
@@ -138,7 +140,7 @@ JQWebUploader.createWebUploader=function(element){
 				lastModifiedDate = d.getFullYear()+''+(d.getMonth()+1)+''+d.getDate()+''+d.getHours()+''+d.getMinutes()+''+d.getSeconds();
 			}catch(e){
 				lastModifiedDate = d+'';
-			}	
+			}
 			file.lastModifiedDate=lastModifiedDate;
 			var jqWebUp=this['JQWebUploader'];//上传按钮对象
 			var flag=jqWebUp.beforeFileQueued(file);
@@ -188,7 +190,7 @@ JQWebUploader.createWebUploader=function(element){
 				div.html('');
 				span=$('<span></span>').appendTo(div);
 			}
-			div.find('span').css("width", progress+ "%"); 
+			div.find('span').css("width", progress+ "%");
 			div.find('span').html(progress + "%");
 			if(parseInt(percentage,10)==1){
 				//文件合并中...
@@ -214,7 +216,7 @@ JQWebUploader.createWebUploader=function(element){
 			JQWebUploader.uploadComplete(file);
 		});
 		uploader.on("uploadError", function(file,msg){
-		
+
 		});
 		uploader.on("error", function(kind){
 			if(kind=='F_EXCEED_SIZE'||kind=='Q_EXCEED_SIZE_LIMIT'){
@@ -261,7 +263,7 @@ JQWebUploader.renderSizeView=function(value){
 	    index +=1;
 	    quotient=quotient/1024;
 	  }
-	  var tempNumber = parseInt((quotient * Math.pow(10,2)+0.5))/Math.pow(10,2);   
+	  var tempNumber = parseInt((quotient * Math.pow(10,2)+0.5))/Math.pow(10,2);
 	  return tempNumber+" "+unitArr[index];
 };
 
@@ -353,6 +355,6 @@ $.extend(JQWebUploader.prototype, {
 					obj.set(op);
 				}
 			}
-		}); 
+		});
 	};
-})(jQuery);
+})(jQuery);
\ No newline at end of file

huigou-xt/src/main/webapp/system/bpm/job.js

@@ -1800,4 +1800,10 @@ function closeJobPageAndReloadTaskCenter(){
 
 function getAdditionSelectOrgParams(){
 	return {};
-}
+}
\ No newline at end of file
+
+/**
+ * 获取表单的密级
+ */
+function getSecretLevel() {
+}