public AuditLogInfo[] getAuditLogs(int start, int rows, String operationIds
, String beginTime, String endTime, String userId,final UserInfo user) throws UserException {
StringBuilder sql = new StringBuilder();
sql.append("SELECT ID, OPERATION_ID, RESULT, TIME, IP, CLIENT_TYPE, USER_ID, OPER_NAME, REAL_NAME, MODULE_NAME");
sql.append(" FROM( SELECT ROWNUM RN, R.* FROM(");
sql.append(" select al.*, ao.OPER_NAME, ui.REAL_NAME, ag.NAME MODULE_NAME");
sql.append(" from USER_AUDIT_LOG al left join USER_AUDIT_OPERATION ao on al.OPERATION_ID=ao.ID");
sql.append(" left join USER_INFO ui on al.USER_ID=ui.ID left join USER_AUDIT_GROUP ag on ao.GROUP_ID=ag.ID");
StringBuilder whereSql = getAuditCondition(operationIds, beginTime, endTime, userId);
if(whereSql.length() > 0) {
sql.append(" where ");
sql.append(whereSql);
}
sql.append(" order by al.TIME desc ");
sql.append(") R WHERE ROWNUM < ?)WHERE RN >= ?");
if(user.id.equals("syssecurity")){
sql.append(" and USER_ID in('sysadmin','syssecurity','sysaudit') or user_id is null");
}else{
sql.append(" and USER_ID not in('sysadmin','syssecurity','sysaudit') or user_id is null");
}
Object[] param = new Object[]{start + rows, start};
List<AuditLogInfo> logs = jdbcTemplate.query(sql.toString(), param, new RowMapper<AuditLogInfo>() {
public AuditLogInfo mapRow(ResultSet rs, int rowNum) throws SQLException {
return getLogInfo(rs, user);
}
});
return logs.toArray(new AuditLogInfo[0]);
}
public int getAuditLogCount(String operationIds,
String beginTime, String endTime, String userId) throws UserException {
StringBuilder sql = new StringBuilder("SELECT count(*) FROM USER_AUDIT_LOG al");
if(userId != null && userId.trim().length() > 0) {
sql.append(" left join USER_INFO ui on al.USER_ID=ui.ID");
}
StringBuilder whereSql = getAuditCondition(operationIds, beginTime, endTime, userId);
if(whereSql.length() > 0) {
sql.append(" where ");
sql.append(whereSql);
}
return jdbcTemplate.queryForInt(sql.toString());
}
private StringBuilder getAuditCondition(String operationIds,
String beginTime, String endTime, String userId) {
StringBuilder whereSql = new StringBuilder();
if(beginTime != null && beginTime.trim().length() > 0) {
whereSql.append(" al.TIME >= to_date('");
whereSql.append(beginTime.trim());
whereSql.append("', 'yyyy-mm-dd hh24:mi:ss')");
}
if(endTime != null && endTime.trim().length() > 0) {
if(whereSql.length() > 0) {
whereSql.append(" and ");
}
whereSql.append(" al.TIME <= to_date('");
whereSql.append(endTime.trim());
whereSql.append("', 'yyyy-mm-dd hh24:mi:ss')");
}
if(userId != null && userId.trim().length() > 0) {
if(whereSql.length() > 0) {
whereSql.append(" and ");
}
whereSql.append(" ui.REAL_NAME like '%");
whereSql.append(userId.trim());
whereSql.append("%'");
}
if(operationIds != null && operationIds.trim().length() > 0) {
if(whereSql.length() > 0) {
whereSql.append(" and ");
}
whereSql.append(" al.OPERATION_ID in (");
whereSql.append(parseIds(operationIds));
}
return whereSql;
}
private AuditLogInfo getLogInfo(ResultSet rs, UserInfo user) throws SQLException {
String id = rs.getString("ID");
String operationId = rs.getString("OPERATION_ID");
String result = rs.getString("RESULT");
String ip = rs.getString("IP");
String clientType = rs.getString("CLIENT_TYPE");
String userId = rs.getString("USER_ID");
String operationName = rs.getString("OPER_NAME");
String userName = rs.getString("REAL_NAME");
String moduleName = rs.getString("MODULE_NAME");
Timestamp time = rs.getTimestamp("TIME");
SimpleDateFormat sdf = new SimpleDateFormat(PlatformConstants.DATETIME_FORMAT);
String timeStr = sdf.format(time);
AuditLogInfo info = new AuditLogInfo();
info.id = StringUtil.filterNull(id);
info.operationId = StringUtil.filterNull(operationId);
info.result = StringUtil.filterNull(result);
info.ip = StringUtil.filterNull(ip);
info.clientType = StringUtil.filterNull(clientType);
info.userId = StringUtil.filterNull(userId);
info.operationName = StringUtil.filterNull(operationName);
info.userName = StringUtil.filterNull(userName);
info.time = StringUtil.filterNull(timeStr);
info.moduleName = StringUtil.filterNull(moduleName);
info.properties = getPropertiesByLogId(id, user);
return info;
}
private String getPropertiesByLogId(String logId, UserInfo user) {
StringBuilder privilegeSql = new StringBuilder("SELECT PROPERTY_KEY, PROPERTY_VALUE FROM USER_AUDIT_PROPERTY where LOG_ID=?");
if(user.id.equals("syssecurity")){
privilegeSql.append(" and PROPERTY_VALUE in('sysadmin','syssecurity','sysaudit')");
}else{
privilegeSql.append(" and PROPERTY_VALUE not in('sysadmin','syssecurity','sysaudit')");
}
privilegeSql.append(" ");
List<String> privilegeNames = jdbcTemplate.query(privilegeSql.toString(), new RowMapper<String>() {
public String mapRow(ResultSet rs, int rowNum) throws SQLException {
return rs.getString("PROPERTY_KEY") + ":" + rs.getString("PROPERTY_VALUE");
}
}, logId);
return formatValues(privilegeNames);
}