package com.kingdee.eas.base.permission.app.adapter;
import com.kingdee.bos.BOSException;
import com.kingdee.bos.Context;
import com.kingdee.bos.dao.IObjectPK;
import com.kingdee.bos.dao.IObjectValue;
import com.kingdee.bos.dao.ormapping.impl.ImplUtils;
import com.kingdee.bos.metadata.IMetaDataLoader;
import com.kingdee.bos.metadata.IMetaDataPK;
import com.kingdee.bos.metadata.MetaDataLoaderFactory;
import com.kingdee.bos.metadata.MetaDataTypeList;
import com.kingdee.bos.metadata.bo.BusinessObjectInfo;
import com.kingdee.bos.metadata.bo.MethodCollection;
import com.kingdee.bos.metadata.bo.MethodInfo;
import com.kingdee.bos.metadata.entity.EntityViewInfo;
import com.kingdee.bos.metadata.entity.FilterInfo;
import com.kingdee.bos.service.AbstractServiceAdapter;
import com.kingdee.bos.service.IServiceAdapter;
import com.kingdee.bos.service.IServiceContext;
import com.kingdee.bos.sql.ParserException;
import com.kingdee.bos.util.BOSObjectType;
import com.kingdee.bos.util.BOSUuid;
import com.kingdee.bos.workflow.metas.AssignFactory;
import com.kingdee.bos.workflow.metas.IAssign;
import com.kingdee.eas.base.param.util.ParamManager;
import com.kingdee.eas.base.permission.IPermission;
import com.kingdee.eas.base.permission.IPermissionServiceProvider;
import com.kingdee.eas.base.permission.OperationType;
import com.kingdee.eas.base.permission.PermDebugHelper;
import com.kingdee.eas.base.permission.PermItemInfo;
import com.kingdee.eas.base.permission.PermissionException;
import com.kingdee.eas.base.permission.PermissionFactory;
import com.kingdee.eas.base.permission.PermissionServiceException;
import com.kingdee.eas.base.permission.PermissionServiceProviderFactory;
import com.kingdee.eas.base.permission.app.cache.IPermItemCache;
import com.kingdee.eas.base.permission.app.cache.PermissionCacheFactory;
import com.kingdee.eas.base.permission.app.config.PermissionFilterConfiguration;
import com.kingdee.eas.common.EASBizException;
import com.kingdee.util.LowTimer;
import com.kingdee.util.StringUtils;
import org.apache.log4j.Logger;
public class PermissionServiceAdapter extends AbstractServiceAdapter
implements IServiceAdapter
{
private static Logger logger = Logger.getLogger(PermissionServiceAdapter.class);
protected static final String PERMISSION_ITEMS = "PERMISSION_ITEMS";
private static final String DISABLE_DATA_PERM = "DISABLE_DATA_PERM";
private static final int PERMISSION_PRIORITY = 100;
public int getPriority()
{
return 100;
}
public String getName()
{
return "PERMISSION_SERVICE";
}
public void execute(IServiceContext serviceContext) throws BOSException
{
LowTimer lowTimer = new LowTimer();
float beginTime = (float)lowTimer.msValue();
float endTime = (float)lowTimer.msValue();
Context context = serviceContext.getContext();
Object objForKScript = context.get("disablePermissionForKScript");
StringBuffer objForKScriptLog = new StringBuffer().append(":disablePermissionForKScript is set to be:").append(objForKScript);
PermDebugHelper.logInfo(objForKScriptLog.toString());
logger.error("start^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^");
logger.error("end^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^");
if (objForKScript != null)
{
if ((objForKScript instanceof Boolean))
{
if (((Boolean)objForKScript).booleanValue())
{
return;
}
}
}
try
{
if (serviceContext.getExecutionMode() == 0)
{
handleServiceBefore(serviceContext);
}
}
catch (EASBizException e)
{
logger.error("", e);
throw new PermissionServiceException(e.getMessage());
}
if (logger.isDebugEnabled())
{
endTime = (float)lowTimer.msValue();
logger.debug("execute(): " + (endTime - beginTime));
}
}
public boolean enableDataPermFromContext(IServiceContext serviceContext)
{
boolean defaultVaue = true;
if ((serviceContext == null) || (serviceContext.getContext() == null)) return defaultVaue;
String disableDataPerm = StringUtils.cnulls(serviceContext.getContext().get("DISABLE_DATA_PERM"));
if (disableDataPerm.equalsIgnoreCase("true")) return !defaultVaue;
StringBuffer enableDataPermissionFromContextLog = new StringBuffer().append("enableDataPermFromContext is set to :" + defaultVaue);
PermDebugHelper.logInfo(enableDataPermissionFromContextLog.toString());
return defaultVaue;
}
private void handleServiceBefore(IServiceContext serviceContext)
throws EASBizException, BOSException
{
if (isBindPermission(serviceContext))
{
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String[] permItemNames = getPermItemNames(serviceContext);
int length = permItemNames.length;
boolean isEnableDataPermFromContext = enableDataPermFromContext(serviceContext);
boolean isEnableDataPermission = provider.isEnableDataPermission();
for (int i = 0; i < length; i++)
{
if ((isEnableDataPermission) && (isEnableDataPermFromContext))
{
PermDebugHelper.logInfo("handleServiceBefore:is enableDataPermission");
handleWithEnableDataPermision(serviceContext, permItemNames[i]);
}
else
{
PermDebugHelper.logInfo("handleServiceBefore:is not enableDataPermission");
handleWithoutEnableDataPermision(serviceContext, permItemNames[i]);
}
}
}
}
private boolean isFacadeObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.FACADE;
}
private boolean isEntityObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.ENTITY;
}
private boolean isQueryObject(IServiceContext serviceContext)
{
return serviceContext.getMetaType() == MetaDataTypeList.BASEQUERY;
}
private void bindPermissionContext(IServiceContext serviceContext, String rule)
throws EASBizException, BOSException
{
PermissionServiceAdapterHelper.bindPermissionContext(serviceContext, rule);
}
private String[] getPermItemNames(IServiceContext serviceContext)
{
return (String[])serviceContext.getServiceParameter("PERMISSION_SERVICE", "PERMISSION_ITEMS");
}
private boolean isBindPermission(IServiceContext serviceContext)
{
String[] permItemNames = getPermItemNames(serviceContext);
return (permItemNames != null) && (permItemNames.length > 0);
}
private IObjectPK getMainBizOrgPK(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
return PermissionServiceAdapterHelper.getMainBizOrgPK(serviceContext, permItemInfo);
}
private void handleWithoutEnableDataPermision(IServiceContext serviceContext, String permItemName)
throws EASBizException, BOSException
{
PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName);
if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext)))
{
PermDebugHelper.logInfo("handleWithoutEnableDataPermision:is facade or entity object");
handleMethodFunctionPermission(serviceContext, permItemInfo);
}
else if (isQueryObject(serviceContext))
{
PermDebugHelper.logInfo("handleWithoutEnableDataPermision is query object");
handleQueryFunctionPermission(serviceContext, permItemInfo);
}
}
private void handleMethodFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
private boolean hasFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
return iPermission.hasFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
private void handleQueryFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
if (!hasFunctionPermission(serviceContext, permItemInfo))
{
PermDebugHelper.logInfo("handleQueryFunctionPermission:has not function permission ,add no permission filter");
bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName()));
}
}
private void handleMethodDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
Object objForKScript = context.get("disablePermissionForKScript");
StringBuffer objForKScriptLog = new StringBuffer().append("::disablePermissionForKScript is set to be::").append(objForKScript);
PermDebugHelper.logInfo(objForKScriptLog.toString());
IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext());
if ((StringUtils.isEmpty(permItemInfo.getObjectType())) || (!permItemInfo.isEnableDataPermission()))
{
StringBuffer onlyFunctionLog = new StringBuffer().append(",permitem:").append(permItemInfo.getName()).append(" objectType is null or enableDatapermission is false");
PermDebugHelper.logInfo(onlyFunctionLog.toString());
iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName());
}
else
{
BOSObjectType objectType = BOSObjectType.create(permItemInfo.getObjectType());
if (permItemInfo.getOperationType().equals(OperationType.ADDNEW))
{
IObjectValue objectValue = getObjectValue(serviceContext, objectType);
if (objectValue != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.DELETE))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.UPDATE))
{
IObjectValue objectValue = getObjectValue(serviceContext, objectType);
if (objectValue != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.READ))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (isIgnoreAndAssigned(serviceContext, permItemInfo)) {
PermDebugHelper.logInfo("isIgnoreAndAssigned return without datapermissioncheck");
return;
}
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
setMethodService(permItemInfo, serviceContext, userPK, orgPK);
}
else if (permItemInfo.getOperationType().equals(OperationType.EXECUTE))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
else if (permItemInfo.getOperationType().equals(OperationType.OTHER))
{
IObjectPK objectPK = getObjectPK(serviceContext, objectType);
if (objectPK != null)
{
iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK);
}
}
}
}
private void setMethodService(PermItemInfo permItemInfo, IServiceContext serviceContext, IObjectPK userPK, IObjectPK orgPK)
throws BOSException, EASBizException
{
if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission()))
{
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName());
if (!StringUtils.isEmpty(rule))
{
try
{
EntityViewInfo resultEntityViewInfo = new EntityViewInfo(rule);
serviceContext.setServiceResult("PERMISSION_SERVICE", resultEntityViewInfo.getFilter());
logger.info("resultEntityViewInfo is:" + resultEntityViewInfo);
serviceContext.getContext().put(getMethodPK(serviceContext), resultEntityViewInfo);
}
catch (ParserException e)
{
logger.error(" rule: " + rule, e);
throw new PermissionException(PermissionException.CHECK_PERMISSION_FAIL, e);
}
}
}
}
private String getMethodPK(IServiceContext serviceContext)
{
String methodNamePK = serviceContext.getOperationPK().getName();
IMetaDataLoader iMetaDataLoader = MetaDataLoaderFactory.getLocalMetaDataLoader(serviceContext.getContext());
BusinessObjectInfo entity = iMetaDataLoader.getBusinessObject(serviceContext.getBoType());
MethodCollection methodCol = entity.getAllMethods();
String methodName = "";
for (int i = 0; i < methodCol.size(); i++)
{
MethodInfo methodInfo = methodCol.get(i);
logger.info("innerId is:" + methodInfo.getInnerID());
if (!methodInfo.getInnerID().equals(methodNamePK))
continue;
methodName = methodInfo.getName();
break;
}
Object[] obj = serviceContext.getOperationParameters();
String pk = ImplUtils.buildPermissionServiceKey(serviceContext.getBoType(), methodName, obj);
logger.info(" methodPK is:" + pk);
return pk;
}
private void handleQueryDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws EASBizException, BOSException
{
if (!hasFunctionPermission(serviceContext, permItemInfo))
{
PermDebugHelper.logInfo("handleQueryDataPermission:has not function permission");
bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName()));
}
else if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission()))
{
Context context = serviceContext.getContext();
IObjectPK userPK = context.getCaller();
IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo);
IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext());
String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName());
if (!StringUtils.isEmpty(rule))
{
bindPermissionContext(serviceContext, rule);
}
}
}
private String getNoRightRuleInfo(String strKey)
{
return PermissionFilterConfiguration.getList().getFilterString(strKey);
}
private boolean isIgnoreAndAssigned(IServiceContext serviceContext, PermItemInfo permItemInfo)
throws BOSException, EASBizException
{
String isIgnore = ParamManager.getParamValue(serviceContext.getContext(), null, "IgnoreDataPermForAssignUser");
boolean isIgnoreDataPermForAssignUser = false;
if (!StringUtils.isEmpty(isIgnore)) {
isIgnoreDataPermForAssignUser = Boolean.valueOf(isIgnore).booleanValue();
}
logger.info("####now isIgnoreAndAssigned is :-----:" + isIgnoreDataPermForAssignUser);
if (!isIgnoreDataPermForAssignUser) {
return false;
}
logger.info("isIgnoreAndAssigned:permItemInfo" + permItemInfo.getName());
logger.info("isIgnoreAndAssigned:permItemInfo.getOperationType():" + permItemInfo.getOperationType());
if (permItemInfo.getOperationType().equals(OperationType.READ)) {
BOSObjectType objectTYpe = BOSObjectType.create(permItemInfo.getObjectType());
IObjectPK objectPK = getObjectPK(serviceContext, objectTYpe);
String objectPKString = StringUtils.cnulls(objectPK);
logger.info("isIgnoreAndAssigned:objectPKString:" + objectPKString);
if (StringUtils.isEmpty(objectPKString))
{
Object[] params = serviceContext.getOperationParameters();
if (params.length == 2) {
String idString = null;
if (params[1] != null) {
idString = params[1].toString();
}
if ((idString != null) && (idString.indexOf("'") > 0) && (idString.indexOf("'") < idString.lastIndexOf("'"))) {
objectPKString = idString.substring(idString.indexOf("'") + 1, idString.lastIndexOf("'"));
}
if (!BOSUuid.isValid(objectPKString, true)) {
objectPKString = "";
}
}
}
if (!StringUtils.isEmpty(objectPKString)) {
IAssign iAssign = AssignFactory.getLocalInstance(serviceContext.getContext());
IObjectPK userPK = serviceContext.getContext().getCaller();
logger.info("isIgnoreAndAssigned:userPK:" + userPK + " ,objectPKString:" + objectPKString);
try {
FilterInfo filter1 = new FilterInfo("personUserID = '" + userPK.toString() + "'");
filter2 = new FilterInfo("bizObjID = '" + objectPKString + "'");
}
catch (ParserException e)
{
FilterInfo filter2;
throw new BOSException(e);
}
FilterInfo filter2;
FilterInfo filter1;
filter1.mergeFilter(filter2, "and");
IObjectPK[] pks = iAssign.getPKList(filter1, null);
if ((pks != null) && (pks.length > 0)) {
return true;
}
}
}
return false;
}
private void handleWithEnableDataPermision(IServiceContext serviceContext, String permItemName)
throws EASBizException, BOSException
{
PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName);
if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext)))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is facade or entity object");
handleMethodDataPermission(serviceContext, permItemInfo);
}
else if (isQueryObject(serviceContext))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is query object");
MutiOrgPermissionServiceAdapter adapter = new MutiOrgPermissionServiceAdapter();
if (adapter.isMutiOrgPerm(serviceContext))
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is multi org Perm");
adapter.handleQueryDataPermission(serviceContext, permItemInfo);
}
else
{
PermDebugHelper.logInfo("handleWithEnableDataPermision:is single org perm");
handleQueryDataPermission(serviceContext, permItemInfo);
}
}
}
private IObjectPK getObjectPK(IServiceContext serviceContext, BOSObjectType objectType)
{
IObjectPK objectPK = PermissionServiceAdapterHelper.getObjectPK(serviceContext, objectType);
if (objectPK == null) {
PermDebugHelper.logInfo("objectPK is null,will not check dataPermission");
}
return objectPK;
}
private IObjectValue getObjectValue(IServiceContext serviceContext, BOSObjectType objectType)
{
IObjectValue objectValue = PermissionServiceAdapterHelper.getObjectValue(serviceContext, objectType);
if (objectValue == null) {
PermDebugHelper.logInfo("objectValueNullLog is null,will not check dataPermission");
}
return objectValue;
}
}
权限处理类PermissionServiceAdapter
最新推荐文章于 2023-02-11 15:15:29 发布