Merge branch 'fix/附件操作权限修改' into 'wrdp'

【流程平台】附件操作权限修改

See merge request o2oa/o2oa!1817

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionBatchDownloadWithWorkOrWorkCompleted.java

@@ -73,7 +73,7 @@ class ActionBatchDownloadWithWorkOrWorkCompleted extends BaseAction {
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
 			List<Attachment> readableAttachmentList = new ArrayList<>();
 			for (Attachment attachment : attachmentList) {
-				if (this.read(attachment, effectivePerson, identities, units)) {
+				if (this.read(attachment, effectivePerson, identities, units, business)) {
 					readableAttachmentList.add(attachment);
 				}
 			}

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionBatchDownloadWithWorkOrWorkCompletedStream.java

@@ -73,7 +73,7 @@ class ActionBatchDownloadWithWorkOrWorkCompletedStream extends BaseAction {
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
 			List<Attachment> readableAttachmentList = new ArrayList<>();
 			for (Attachment attachment : attachmentList) {
-				if (this.read(attachment, effectivePerson, identities, units)) {
+				if (this.read(attachment, effectivePerson, identities, units, business)) {
 					readableAttachmentList.add(attachment);
 				}
 			}

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionChangeOrderNumber.java

@@ -19,6 +19,8 @@ import com.x.processplatform.core.entity.content.Work;
 import com.x.processplatform.core.entity.element.Application;
 import com.x.processplatform.core.entity.element.Process;
 
+import java.util.List;
+
 class ActionChangeOrderNumber extends BaseAction {
 
 	private static Logger logger = LoggerFactory.getLogger(ActionChangeOrderNumber.class);
@@ -41,9 +43,10 @@ class ActionChangeOrderNumber extends BaseAction {
 			if (BooleanUtils.isNotTrue(control.getAllowSave())) {
 				throw new ExceptionAccessDenied(effectivePerson, work);
 			}
-			Application application = business.application().pick(work.getApplication());
-			Process process = business.process().pick(work.getProcess());
-			if (!business.controllerable(effectivePerson, application, process, attachment)) {
+			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
+			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
+			boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
+			if(!canEdit){
 				throw new ExceptionAccessDenied(effectivePerson, attachment);
 			}
 			emc.beginTransaction(Attachment.class);

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionChangeSite.java

@@ -14,6 +14,8 @@ import com.x.processplatform.assemble.surface.WorkControl;
 import com.x.processplatform.core.entity.content.Attachment;
 import com.x.processplatform.core.entity.content.Work;
 
+import java.util.List;
+
 class ActionChangeSite extends BaseAction {
 	ActionResult<Wo> execute(EffectivePerson effectivePerson, String id, String workId, String site) throws Exception {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
@@ -34,6 +36,12 @@ class ActionChangeSite extends BaseAction {
 			if (BooleanUtils.isNotTrue(control.getAllowSave())) {
 				throw new ExceptionAccessDenied(effectivePerson, work);
 			}
+			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
+			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
+			boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
+			if(!canEdit){
+				throw new ExceptionAccessDenied(effectivePerson, attachment);
+			}
 			emc.beginTransaction(Attachment.class);
 			attachment.setSite(site);
 			emc.commit();

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionEdit.java

@@ -56,7 +56,7 @@ class ActionEdit extends BaseAction {
 
 			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
-			boolean canControl = this.control(attachment, effectivePerson, identities, units);
+			boolean canControl = this.control(attachment, effectivePerson, identities, units, business);
 			if(!canControl){
 				throw new ExceptionAccessDenied(effectivePerson, attachment);
 			}

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionGetWithWork.java

@@ -14,7 +14,6 @@ import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.tools.ListTools;
 import com.x.processplatform.assemble.surface.Business;
-import com.x.processplatform.assemble.surface.jaxrs.attachment.ActionListWithWorkOrWorkCompleted.Wo;
 import com.x.processplatform.core.entity.content.Attachment;
 import com.x.processplatform.core.entity.content.Work;
 
@@ -43,9 +42,9 @@ class ActionGetWithWork extends BaseAction {
 
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
 
-			boolean canControl = this.control(wo, effectivePerson, identities, units);
-			boolean canEdit = (this.edit(wo, effectivePerson, identities, units) || canControl);
-			boolean canRead = (this.read(attachment, effectivePerson, identities, units) || canEdit);
+			boolean canControl = this.control(attachment, effectivePerson, identities, units, business);
+			boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
+			boolean canRead = this.read(attachment, effectivePerson, identities, units, business);
 			if (canRead) {
 				wo.getControl().setAllowRead(true);
 				wo.getControl().setAllowEdit(canEdit);

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionGetWithWorkCompleted.java

@@ -42,9 +42,9 @@ class ActionGetWithWorkCompleted extends BaseAction {
 
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
 
-			boolean canControl = this.control(wo, effectivePerson, identities, units);
-			boolean canEdit = (this.edit(wo, effectivePerson, identities, units) || canControl);
-			boolean canRead = (this.read(attachment, effectivePerson, identities, units) || canEdit);
+			boolean canControl = this.control(attachment, effectivePerson, identities, units, business);
+			boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
+			boolean canRead = this.read(attachment, effectivePerson, identities, units, business);
 			if (canRead) {
 				wo.getControl().setAllowRead(true);
 				wo.getControl().setAllowEdit(canEdit);

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionGetWithWorkOrWorkCompleted.java

@@ -44,9 +44,9 @@ class ActionGetWithWorkOrWorkCompleted extends BaseAction {
 
 			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
-			boolean canControl = this.control(wo, effectivePerson, identities, units);
-			boolean canEdit = (this.edit(wo, effectivePerson, identities, units) || canControl);
-			boolean canRead = (this.read(attachment, effectivePerson, identities, units) || canEdit);
+			boolean canControl = this.control(attachment, effectivePerson, identities, units, business);
+			boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
+			boolean canRead = this.read(attachment, effectivePerson, identities, units, business);
 			if (canRead) {
 				wo.getControl().setAllowRead(true);
 				wo.getControl().setAllowEdit(canEdit);

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionListWithWorkOrWorkCompleted.java

@@ -46,9 +46,9 @@ class ActionListWithWorkOrWorkCompleted extends BaseAction {
 
 			for (Attachment attachment : this.list(business, job)) {
 				Wo wo = Wo.copier.copy(attachment);
-				boolean canControl = this.control(wo, effectivePerson, identities, units);
-				boolean canEdit = (this.edit(wo, effectivePerson, identities, units) || canControl);
-				boolean canRead = (this.read(attachment, effectivePerson, identities, units) || canEdit);
+				boolean canControl = this.control(attachment, effectivePerson, identities, units, business);
+				boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
+				boolean canRead = this.read(attachment, effectivePerson, identities, units, business);
 				if (canRead) {
 					wo.getControl().setAllowRead(true);
 					wo.getControl().setAllowEdit(canEdit);

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUpdate.java

@@ -67,8 +67,7 @@ class ActionUpdate extends BaseAction {
 
 			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
 			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
-			boolean canControl = this.control(attachment, effectivePerson, identities, units);
-			boolean canEdit = (this.edit(attachment, effectivePerson, identities, units) || canControl);
+			boolean canEdit = this.edit(attachment, effectivePerson, identities, units, business);
 			if(!canEdit){
 				throw new ExceptionAccessDenied(effectivePerson, attachment);
 			}

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/BaseAction.java

@@ -174,47 +174,39 @@ abstract class BaseAction extends StandardJaxrsAction {
 	}
 
 	public boolean read(Attachment attachment, EffectivePerson effectivePerson, List<String> identities,
-			List<String> units) throws Exception {
+			List<String> units, Business business) throws Exception {
 		boolean value = false;
-		if (effectivePerson.isManager()) {
-			value = true;
-		} else if (effectivePerson.isPerson(attachment.getPerson())) {
-			value = true;
-		} else if (ListTools.isEmpty(attachment.getReadIdentityList())
+		if (ListTools.isEmpty(attachment.getReadIdentityList())
 				&& ListTools.isEmpty(attachment.getReadUnitList())) {
 			value = true;
-		} else {
-			if (ListTools.containsAny(identities, attachment.getReadIdentityList())
+		}else if (ListTools.containsAny(identities, attachment.getReadIdentityList())
 					|| ListTools.containsAny(units, attachment.getReadUnitList())) {
-				value = true;
-			}
+			value = true;
+		}else{
+			value = this.edit(attachment, effectivePerson, identities, units, business);
 		}
 		return value;
 	}
 
 	public boolean edit(Attachment attachment, EffectivePerson effectivePerson, List<String> identities,
-			List<String> units) throws Exception {
+			List<String> units, Business business) throws Exception {
 		boolean value = false;
-		if (effectivePerson.isManager()) {
-			value = true;
-		} else if (effectivePerson.isPerson(attachment.getPerson())) {
-			value = true;
-		} else if (ListTools.isEmpty(attachment.getEditIdentityList())
+		if (ListTools.isEmpty(attachment.getEditIdentityList())
 				&& ListTools.isEmpty(attachment.getEditUnitList())) {
 			value = true;
-		} else {
-			if (ListTools.containsAny(identities, attachment.getEditIdentityList())
+		}else if (ListTools.containsAny(identities, attachment.getEditIdentityList())
 					|| ListTools.containsAny(units, attachment.getEditUnitList())) {
-				value = true;
-			}
+			value = true;
+		}else{
+			value = this.control(attachment, effectivePerson, identities, units, business);
 		}
 		return value;
 	}
 
 	public boolean control(Attachment attachment, EffectivePerson effectivePerson, List<String> identities,
-			List<String> units) throws Exception {
+			List<String> units, Business business) throws Exception {
 		boolean value = false;
-		if (effectivePerson.isManager()) {
+		if (business.canManageApplication(effectivePerson, null)) {
 			value = true;
 		} else if (effectivePerson.isPerson(attachment.getPerson())) {
 			value = true;