From 105dc838d33ca7d700f694513a9763a96f0bad72 Mon Sep 17 00:00:00 2001 From: o2sword <171715986@qq.com> Date: Tue, 14 Dec 2021 13:44:11 +0800 Subject: [PATCH] =?UTF-8?q?=E5=86=85=E5=AE=B9=E7=AE=A1=E7=90=86=E8=AE=BE?= =?UTF-8?q?=E8=AE=A1=E6=9D=83=E9=99=90=E4=BF=AE=E6=94=B92?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../control/jaxrs/appinfo/ActionDelete.java | 53 ++++----- .../control/jaxrs/appinfo/ActionSave.java | 103 ++++++++---------- .../jaxrs/templateform/ActionCreate.java | 6 + .../jaxrs/templateform/ActionDelete.java | 6 +- 4 files changed, 79 insertions(+), 89 deletions(-) diff --git a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java index 2ea24d45ae..4ced7dcbbe 100644 --- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java +++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionDelete.java @@ -2,11 +2,13 @@ package com.x.cms.assemble.control.jaxrs.appinfo; import com.x.base.core.project.annotation.AuditLog; import com.x.base.core.project.cache.CacheManager; +import com.x.base.core.project.exception.ExceptionAccessDenied; import com.x.base.core.project.http.ActionResult; import com.x.base.core.project.http.EffectivePerson; import com.x.base.core.project.jaxrs.WoId; import com.x.base.core.project.logger.Logger; import com.x.base.core.project.logger.LoggerFactory; +import com.x.cms.assemble.control.Business; import com.x.cms.assemble.control.service.CmsBatchOperationPersistService; import com.x.cms.assemble.control.service.CmsBatchOperationProcessService; import com.x.cms.assemble.control.service.LogService; @@ -16,6 +18,10 @@ import org.apache.commons.lang3.StringUtils; import javax.servlet.http.HttpServletRequest; +/** + * 删除栏目信息 + * @author sword + */ public class ActionDelete extends BaseAction { private static Logger logger = LoggerFactory.getLogger( ActionDelete.class ); @@ -23,46 +29,31 @@ public class ActionDelete extends BaseAction { @AuditLog(operation = "删除栏目信息") protected ActionResult execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception { ActionResult result = new ActionResult<>(); - AppInfo appInfo = null; Boolean check = true; - if( StringUtils.isEmpty( id ) ){ - check = false; - Exception exception = new ExceptionAppInfoIdEmpty(); - result.error( exception ); + Business business = new Business(null); + if (!business.isManager( effectivePerson)) { + throw new ExceptionAccessDenied(effectivePerson); } - if( check ){ - try { - appInfo = appInfoServiceAdv.get( id ); - if( appInfo == null ){ - check = false; - Exception exception = new ExceptionAppInfoNotExists( id ); - result.error( exception ); - } - } catch (Exception e) { - check = false; - Exception exception = new ExceptionAppInfoProcess( e, "根据指定ID查询应用栏目信息对象时发生异常。ID:" + id ); - result.error( exception ); - logger.error( e, effectivePerson, request, null); - } + AppInfo appInfo = appInfoServiceAdv.get( id ); + if( appInfo == null ){ + throw new ExceptionAppInfoNotExists( id ); } - if( check ){ - Long count = 0L; - try { - count = appInfoServiceAdv.countCategoryByAppId( id, "全部" ); - if ( count > 0 ){ - check = false; - Exception exception = new ExceptionAppInfoCanNotDelete( count); - result.error( exception ); - } - } catch ( Exception e ) { + Long count = 0L; + try { + count = appInfoServiceAdv.countCategoryByAppId( id, "全部" ); + if ( count > 0 ){ check = false; - Exception exception = new ExceptionAppInfoProcess( e, "系统在根据应用栏目ID查询应用下分类个数时发生异常。ID:" + id ); + Exception exception = new ExceptionAppInfoCanNotDelete( count); result.error( exception ); - logger.error( e, effectivePerson, request, null); } + } catch ( Exception e ) { + check = false; + Exception exception = new ExceptionAppInfoProcess( e, "系统在根据应用栏目ID查询应用下分类个数时发生异常。ID:" + id ); + result.error( exception ); + logger.error( e, effectivePerson, request, null); } if( check ){ try { diff --git a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java index a3252ecd6e..ec6d68771d 100644 --- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java +++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/appinfo/ActionSave.java @@ -6,12 +6,15 @@ import com.x.base.core.project.annotation.FieldDescribe; import com.x.base.core.project.bean.WrapCopier; import com.x.base.core.project.bean.WrapCopierFactory; import com.x.base.core.project.cache.CacheManager; +import com.x.base.core.project.config.Token; +import com.x.base.core.project.exception.ExceptionAccessDenied; import com.x.base.core.project.http.ActionResult; import com.x.base.core.project.http.EffectivePerson; import com.x.base.core.project.jaxrs.WoId; import com.x.base.core.project.logger.Logger; import com.x.base.core.project.logger.LoggerFactory; import com.x.base.core.project.tools.ListTools; +import com.x.cms.assemble.control.Business; import com.x.cms.assemble.control.service.CmsBatchOperationPersistService; import com.x.cms.assemble.control.service.CmsBatchOperationProcessService; import com.x.cms.assemble.control.service.LogService; @@ -26,7 +29,6 @@ public class ActionSave extends BaseAction { private static Logger logger = LoggerFactory.getLogger(ActionSave.class); - @AuditLog(operation = "保存栏目信息") protected ActionResult execute(HttpServletRequest request, EffectivePerson effectivePerson, JsonElement jsonElement ) throws Exception { ActionResult result = new ActionResult<>(); AppInfo old_appInfo = null; @@ -35,49 +37,40 @@ public class ActionSave extends BaseAction { String identityName = null; String unitName = null; String topUnitName = null; - Wi wi = null; Boolean check = true; - try { - wi = this.convertToWrapIn( jsonElement, Wi.class ); - identityName = wi.getIdentity(); - } catch (Exception e) { - check = false; - Exception exception = new ExceptionAppInfoProcess(e, "系统在将JSON信息转换为对象时发生异常。JSON:" + jsonElement.toString()); - result.error(exception); - logger.error(e, effectivePerson, request, null); + Business business = new Business(null); + if (!business.isManager( effectivePerson)) { + throw new ExceptionAccessDenied(effectivePerson); } - - if (check) { - if ( StringUtils.isEmpty( wi.getAppName() ) ) { - check = false; - Exception exception = new ExceptionAppInfoNameEmpty(); - result.error(exception); - } + + Wi wi = this.convertToWrapIn( jsonElement, Wi.class ); + identityName = wi.getIdentity(); + + if ( StringUtils.isEmpty( wi.getAppName() ) ) { + throw new ExceptionAppInfoNameEmpty(); } - - if (check) {//栏目不允许重名 - try { - ids = appInfoServiceAdv.listByAppName( wi.getAppName()); - if ( ListTools.isNotEmpty( ids ) ) { - for( String _id : ids ) { - if( !_id.equalsIgnoreCase( wi.getId() )) { - check = false; - Exception exception = new ExceptionAppInfoNameAlreadyExists( wi.getAppName()); - result.error(exception); - } + + try { + ids = appInfoServiceAdv.listByAppName( wi.getAppName()); + if ( ListTools.isNotEmpty( ids ) ) { + for( String _id : ids ) { + if( !_id.equalsIgnoreCase( wi.getId() )) { + check = false; + Exception exception = new ExceptionAppInfoNameAlreadyExists( wi.getAppName()); + result.error(exception); } } - } catch (Exception e) { - check = false; - Exception exception = new ExceptionAppInfoProcess(e, "系统根据应用栏目名称查询应用栏目信息对象时发生异常。AppName:" + wi.getAppName()); - result.error(exception); - logger.error(e, effectivePerson, request, null); } + } catch (Exception e) { + check = false; + Exception exception = new ExceptionAppInfoProcess(e, "系统根据应用栏目名称查询应用栏目信息对象时发生异常。AppName:" + wi.getAppName()); + result.error(exception); + logger.error(e, effectivePerson, request, null); } - + if (check) { - if ( !"xadmin".equalsIgnoreCase( effectivePerson.getDistinguishedName()) ) { + if ( !Token.defaultInitialManager.equalsIgnoreCase( effectivePerson.getDistinguishedName()) ) { try { identityName = userManagerService.getPersonIdentity( effectivePerson.getDistinguishedName(), identityName ); } catch (Exception e) { @@ -87,13 +80,13 @@ public class ActionSave extends BaseAction { logger.error(e, effectivePerson, request, null); } }else { - identityName = "xadmin"; - unitName = "xadmin"; - topUnitName = "xadmin"; + identityName = Token.defaultInitialManager; + unitName = Token.defaultInitialManager; + topUnitName = Token.defaultInitialManager; } } - if (check && !"xadmin".equals(identityName)) { + if (check && !Token.defaultInitialManager.equals(identityName)) { try { unitName = userManagerService.getUnitNameByIdentity( identityName ); } catch (Exception e) { @@ -103,7 +96,7 @@ public class ActionSave extends BaseAction { logger.error(e, effectivePerson, request, null); } } - if (check && !"xadmin".equals(identityName)) { + if (check && !Token.defaultInitialManager.equals(identityName)) { try { topUnitName = userManagerService.getTopUnitNameByIdentity( identityName ); } catch (Exception e) { @@ -112,7 +105,7 @@ public class ActionSave extends BaseAction { result.error(exception); logger.error(e, effectivePerson, request, null); } - } + } if (check) { if( StringUtils.isEmpty( wi.getDocumentType() ) ) { wi.setDocumentType( "信息" ); @@ -122,7 +115,7 @@ public class ActionSave extends BaseAction { } } } - + if (check) {//栏目不允许重名 if( StringUtils.isEmpty( wi.getId() )) { wi.setId( AppInfo.createId() ); @@ -136,7 +129,7 @@ public class ActionSave extends BaseAction { logger.error(e, effectivePerson, request, null); } } - + if (check) { wi.setCreatorIdentity(identityName); wi.setCreatorPerson(effectivePerson.getDistinguishedName()); @@ -146,32 +139,32 @@ public class ActionSave extends BaseAction { if( StringUtils.equals( "信息", wi.getDocumentType() ) && wi.getSendNotify() == null ) { wi.setSendNotify( true ); } - + try { appInfo = appInfoServiceAdv.save( wi, wi.getConfig(), effectivePerson ); Wo wo = new Wo(); wo.setId( appInfo.getId() ); result.setData( wo ); - + if( old_appInfo != null ) { - if( !old_appInfo.getAppName().equalsIgnoreCase( appInfo.getAppName() ) || + if( !old_appInfo.getAppName().equalsIgnoreCase( appInfo.getAppName() ) || !old_appInfo.getAppAlias().equalsIgnoreCase( appInfo.getAppAlias() ) ) { //修改了栏目名称或者别名,增加删除栏目批量操作(对分类和文档)的信息 - new CmsBatchOperationPersistService().addOperation( - CmsBatchOperationProcessService.OPT_OBJ_APPINFO, + new CmsBatchOperationPersistService().addOperation( + CmsBatchOperationProcessService.OPT_OBJ_APPINFO, CmsBatchOperationProcessService.OPT_TYPE_UPDATENAME, appInfo.getId(), old_appInfo.getAppName(), "更新栏目名称:ID=" + appInfo.getId() ); } if( permissionQueryService.hasDiffrentViewPermissionInAppInfo( old_appInfo, appInfo )) { //修改了栏目名称或者别名,增加删除栏目批量操作(对分类和文档)的信息 - new CmsBatchOperationPersistService().addOperation( - CmsBatchOperationProcessService.OPT_OBJ_APPINFO, + new CmsBatchOperationPersistService().addOperation( + CmsBatchOperationProcessService.OPT_OBJ_APPINFO, CmsBatchOperationProcessService.OPT_TYPE_PERMISSION, appInfo.getId(), appInfo.getAppName(), "变更栏目可见权限:ID=" + appInfo.getId() ); } new LogService().log(null, effectivePerson.getDistinguishedName(), appInfo.getAppName(), appInfo.getId(), "", "", "", "APPINFO", "更新"); }else { new LogService().log(null, effectivePerson.getDistinguishedName(), appInfo.getAppName(), appInfo.getId(), "", "", "", "APPINFO", "新增"); } - + // 更新缓存 CacheManager.notify(AppInfo.class); CacheManager.notify(AppDict.class); @@ -190,9 +183,9 @@ public class ActionSave extends BaseAction { } public static class Wi extends AppInfo { - + private static final long serialVersionUID = -6314932919066148113L; - + @FieldDescribe("指定用于操作的身份,可选参数") private String identity = null; @@ -213,5 +206,5 @@ public class ActionSave extends BaseAction { public static class Wo extends WoId { } - -} \ No newline at end of file + +} diff --git a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionCreate.java b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionCreate.java index dfd553061b..74a09e5032 100644 --- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionCreate.java +++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionCreate.java @@ -3,6 +3,8 @@ package com.x.cms.assemble.control.jaxrs.templateform; import java.util.Arrays; import com.x.base.core.project.cache.CacheManager; +import com.x.base.core.project.exception.ExceptionAccessDenied; +import com.x.cms.assemble.control.Business; import org.apache.commons.lang3.StringUtils; import com.google.gson.JsonElement; @@ -23,6 +25,10 @@ class ActionCreate extends BaseAction { try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) { Wi wi = this.convertToWrapIn(jsonElement, Wi.class); ActionResult result = new ActionResult<>(); + Business business = new Business(emc); + if (!business.isManager( effectivePerson)) { + throw new ExceptionAccessDenied(effectivePerson); + } if (!StringTools.isSimply(wi.getCategory())) { throw new ExceptionInvalidCategory(wi.getCategory()); } diff --git a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionDelete.java b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionDelete.java index 0aaae477e4..41e4985889 100644 --- a/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionDelete.java +++ b/o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/templateform/ActionDelete.java @@ -4,6 +4,7 @@ import com.x.base.core.container.EntityManagerContainer; import com.x.base.core.container.factory.EntityManagerContainerFactory; import com.x.base.core.entity.annotation.CheckRemoveType; import com.x.base.core.project.cache.CacheManager; +import com.x.base.core.project.exception.ExceptionAccessDenied; import com.x.base.core.project.http.ActionResult; import com.x.base.core.project.http.EffectivePerson; import com.x.base.core.project.jaxrs.WoId; @@ -16,9 +17,8 @@ class ActionDelete extends BaseAction { try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) { Business business = new Business(emc); /** 检查管理员和CMS管理员删除的权限 */ - if (effectivePerson.isNotManager() && (!business.organization().person().hasRole(effectivePerson, - OrganizationDefinition.CMSManager))) { - throw new ExceptionInsufficientPermission(effectivePerson.getDistinguishedName()); + if (!business.isManager( effectivePerson)) { + throw new ExceptionAccessDenied(effectivePerson); } ActionResult result = new ActionResult<>(); TemplateForm template = emc.find(id, TemplateForm.class); -- GitLab