Merge branch '修复考勤越权修改管理配置的问题' into 'master'

hotfix/修复考勤越权修改管理配置的问题 to master

See merge request o2oa/o2oa!1416

o2server/x_attendance_assemble_control/src/main/java/com/x/attendance/assemble/control/Business.java

@@ -231,27 +231,6 @@ public class Business {
 		return attendanceSelfHolidayFactory;
 	}
 
-	/**
-	 * TODO 判断用户是否管理员权限 1、person.isManager() 2、xadmin 3、CRMManager
-	 *
-	 * @param request
-	 * @return
-	 * @throws Exception
-	 */
-	public boolean isManager(HttpServletRequest request, EffectivePerson person) throws Exception {
-		// 如果用户的身份是平台的超级管理员，那么就是超级管理员权限
-		if (person.isManager()) {
-			return true;
-		}
-		if ("xadmin".equalsIgnoreCase(person.getDistinguishedName())) {
-			return true;
-		}
-		if (isHasPlatformRole(person.getDistinguishedName(), ThisApplication.ROLE_AttendanceManager)) {
-			return true;
-		}
-		return false;
-	}
-
 	/**
 	 * TODO 判断用户是否管理员权限 1、person.isManager() 2、xadmin 3、CRMManager
 	 * @return
@@ -263,9 +242,6 @@ public class Business {
 		if (person.isManager()) {
 			return true;
 		}
-		if ("xadmin".equalsIgnoreCase(person.getDistinguishedName())) {
-			return true;
-		}
 		if (isHasPlatformRole(person.getDistinguishedName(), ThisApplication.ROLE_AttendanceManager)) {
 			return true;
 		}

o2server/x_attendance_assemble_control/src/main/java/com/x/attendance/assemble/control/jaxrs/attendanceadmin/ActionDelete.java

 package com.x.attendance.assemble.control.jaxrs.attendanceadmin;
 
-import javax.servlet.http.HttpServletRequest;
-
+import com.x.attendance.assemble.control.Business;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 
+import javax.servlet.http.HttpServletRequest;
+
 public class ActionDelete extends BaseAction {
-	
+
 	private static  Logger logger = LoggerFactory.getLogger( ActionDelete.class );
-	
+
 	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, String id ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		EffectivePerson currentPerson = this.effectivePerson(request);
-		Boolean check = true;
-
-		if (check) {
-			if (id == null || id.isEmpty() || "(0)".equals(id)) {
-				check = false;
-				result.error(new Exception("传入的id为空，或者不合法，无法查询数据。"));
-			}
-		}
-		if (check) {
-			try {
-				attendanceAdminServiceAdv.delete(id);
-				result.setData(new Wo(id));
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAttendanceAdminProcess( e, "系统删除考勤打卡记录信息时发生异常。ID:" + id );
-				result.error(exception);
-				logger.error(e, currentPerson, request, null);
-			}
+
+		Business business = new Business(null);
+		if(!business.isManager(effectivePerson)){
+			throw new ExceptionAccessDenied(effectivePerson);
 		}
+
+		attendanceAdminServiceAdv.delete(id);
+		result.setData(new Wo(id));
 		return result;
 	}
-	
+
 	public static class Wo extends WoId {
 		public Wo( String id ) {
 			setId( id );
 		}
 	}
-}
\ No newline at end of file
+}

o2server/x_attendance_assemble_control/src/main/java/com/x/attendance/assemble/control/jaxrs/attendanceadmin/ActionGet.java

 package com.x.attendance.assemble.control.jaxrs.attendanceadmin;
 
-import javax.servlet.http.HttpServletRequest;
-
 import com.x.attendance.entity.AttendanceAdmin;
 import com.x.base.core.entity.JpaObject;
 import com.x.base.core.project.bean.WrapCopier;
@@ -11,6 +9,8 @@ import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 
+import javax.servlet.http.HttpServletRequest;
+
 public class ActionGet extends BaseAction {
 
 	private static  Logger logger = LoggerFactory.getLogger(ActionGet.class);
@@ -18,31 +18,11 @@ public class ActionGet extends BaseAction {
 	protected ActionResult<Wo> execute(HttpServletRequest request, EffectivePerson effectivePerson, String id)
 			throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
+
 		Wo wrap = null;
-		AttendanceAdmin attendanceAdmin = null;
-		Boolean check = true;
-		if (check) {
-			try {
-				attendanceAdmin = attendanceAdminServiceAdv.get(id);
-			} catch (Exception e) {
-				check = false;
-				result.error(e);
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "系统在根据ID获取管理员信息时发生异常！ID:" + id);
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
-		}
-		if (check) {
-			if (attendanceAdmin != null) {
-				try {
-					wrap = Wo.copier.copy(attendanceAdmin);
-				} catch (Exception e) {
-					check = false;
-					Exception exception = new ExceptionAttendanceAdminProcess(e, "系统在转换所有管理员信息为输出对象时发生异常.");
-					result.error(exception);
-					logger.error(e, effectivePerson, request, null);
-				}
-			}
+		AttendanceAdmin attendanceAdmin = attendanceAdminServiceAdv.get(id);
+		if (attendanceAdmin != null) {
+			wrap = Wo.copier.copy(attendanceAdmin);
 		}
 		result.setData(wrap);
 		return result;
@@ -51,7 +31,7 @@ public class ActionGet extends BaseAction {
 	public static class Wo extends AttendanceAdmin {
 
 		private static final long serialVersionUID = -5076990764713538973L;
-		
+
 		public static WrapCopier<AttendanceAdmin, Wo> copier = WrapCopierFactory.wo(AttendanceAdmin.class, Wo.class,
 				null, JpaObject.FieldsInvisible);
 
@@ -65,4 +45,4 @@ public class ActionGet extends BaseAction {
 			this.rank = rank;
 		}
 	}
-}
\ No newline at end of file
+}

o2server/x_attendance_assemble_control/src/main/java/com/x/attendance/assemble/control/jaxrs/attendanceadmin/ActionListAll.java

 package com.x.attendance.assemble.control.jaxrs.attendanceadmin;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
 import com.x.attendance.entity.AttendanceAdmin;
 import com.x.base.core.entity.JpaObject;
 import com.x.base.core.project.bean.WrapCopier;
@@ -15,6 +10,10 @@ import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.tools.ListTools;
 
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.List;
+
 public class ActionListAll extends BaseAction {
 
 	private static  Logger logger = LoggerFactory.getLogger(ActionListAll.class);
@@ -23,31 +22,11 @@ public class ActionListAll extends BaseAction {
 			throws Exception {
 		ActionResult<List<Wo>> result = new ActionResult<>();
 		List<Wo> wraps = null;
-		List<AttendanceAdmin> attendanceAdminList = null;
-		Boolean check = true;
 
-		if (check) {
-			try {
-				attendanceAdminList = attendanceAdminServiceAdv.listAll();
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "系统在获取所有管理员信息时发生异常");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
-		}
+		List<AttendanceAdmin> attendanceAdminList = attendanceAdminServiceAdv.listAll();
 
-		if (check) {
-			if ( ListTools.isNotEmpty( attendanceAdminList )) {
-				try {
-					wraps = Wo.copier.copy(attendanceAdminList);
-				} catch (Exception e) {
-					check = false;
-					Exception exception = new ExceptionAttendanceAdminProcess(e, "系统在转换所有管理员信息为输出对象时发生异常.");
-					result.error(exception);
-					logger.error(e, effectivePerson, request, null);
-				}
-			}
+		if ( ListTools.isNotEmpty( attendanceAdminList )) {
+			wraps = Wo.copier.copy(attendanceAdminList);
 		}
 		result.setData(wraps);
 		return result;
@@ -72,4 +51,4 @@ public class ActionListAll extends BaseAction {
 			this.rank = rank;
 		}
 	}
-}
\ No newline at end of file
+}

o2server/x_attendance_assemble_control/src/main/java/com/x/attendance/assemble/control/jaxrs/attendanceadmin/ActionSave.java

 package com.x.attendance.assemble.control.jaxrs.attendanceadmin;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.commons.lang3.StringUtils;
-
 import com.google.gson.JsonElement;
-import com.x.attendance.assemble.control.ExceptionWrapInConvert;
+import com.x.attendance.assemble.control.Business;
 import com.x.attendance.entity.AttendanceAdmin;
 import com.x.base.core.entity.JpaObject;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
 import com.x.base.core.project.jaxrs.WoId;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.organization.Person;
+import org.apache.commons.lang3.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.List;
 
 public class ActionSave extends BaseAction {
-	
+
 	private static  Logger logger = LoggerFactory.getLogger( ActionSave.class );
-	
+
 	protected ActionResult<Wo> execute( HttpServletRequest request, EffectivePerson effectivePerson, JsonElement jsonElement ) throws Exception {
 		ActionResult<Wo> result = new ActionResult<>();
-		Wi wrapIn = null;
-		EffectivePerson currentPerson = this.effectivePerson(request);
+		Wi wrapIn = this.convertToWrapIn(jsonElement, Wi.class);
 		AttendanceAdmin attendanceAdmin = null;
-		String topUnitName = null;
-		Boolean check = true;
-
-		try {
-			wrapIn = this.convertToWrapIn(jsonElement, Wi.class);
-		} catch (Exception e) {
-			check = false;
-			Exception exception = new ExceptionWrapInConvert(e, jsonElement);
-			result.error(exception);
-			logger.error(e, currentPerson, request, null);
+
+		Business business = new Business(null);
+		if(!business.isManager(effectivePerson)){
+			throw new ExceptionAccessDenied(effectivePerson);
 		}
-		if (check) {
-			if (wrapIn.getUnitName() == null || wrapIn.getUnitName().isEmpty()) {
-				try {
-					topUnitName = userManagerService.getTopUnitNameWithPersonName( currentPerson.getDistinguishedName() );
-				} catch (Exception e) {
-					check = false;
-					Exception exception = new ExceptionAttendanceAdminProcess(e, "系统获取登录用户所属顶层组织时发生异常。Name：" + currentPerson.getDistinguishedName());
-					result.error(exception);
-					logger.error(e, currentPerson, request, null);
-				}
-				wrapIn.setUnitName(topUnitName);
-			}
+
+		if (wrapIn.getUnitName() == null || wrapIn.getUnitName().isEmpty()) {
+			String topUnitName = userManagerService.getTopUnitNameWithPersonName( effectivePerson.getDistinguishedName() );
+			wrapIn.setUnitName(topUnitName);
 		}
-		if (check) {
-			try {
-				attendanceAdmin = new AttendanceAdmin();
-				wrapIn.copyTo( attendanceAdmin, JpaObject.FieldsUnmodify );
-				if ( StringUtils.isNotEmpty( wrapIn.getId() )) {
-					attendanceAdmin.setId(wrapIn.getId());
-				}
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "系统在转换所有管理员信息为输出对象时发生异常.");
-				result.error(exception);
-				logger.error(e, currentPerson, request, null);
-			}
+
+		attendanceAdmin = new AttendanceAdmin();
+		wrapIn.copyTo( attendanceAdmin, JpaObject.FieldsUnmodify );
+		if ( StringUtils.isNotEmpty( wrapIn.getId() )) {
+			attendanceAdmin.setId(wrapIn.getId());
 		}
-		if (check) {
-			//如果adminName为空，根据标识核实admin姓名
-			if( StringUtils.isNotEmpty( attendanceAdmin.getAdmin()) ){
-				Person person = null;
-				try {
-					person = userManagerService.getPersonObjByName(attendanceAdmin.getAdminName());
-				} catch (Exception e) {
-					check = false;
-					Exception exception = new ExceptionAttendanceAdminProcess(e, "系统根据人员标识获取人员信息对象时发生异常.Flag="+attendanceAdmin.getAdmin());
-					result.error(exception);
-					logger.error(e, currentPerson, request, null);
-				}
-				if( person != null ){
-					attendanceAdmin.setAdminName( person.getName() );
-				}
+
+		if( StringUtils.isNotEmpty( attendanceAdmin.getAdmin()) ){
+			Person person = userManagerService.getPersonObjByName(attendanceAdmin.getAdminName());
+			if( person != null ){
+				attendanceAdmin.setAdminName( person.getName() );
 			}
 		}
-		if (check) {
-			//如果admin为空，根据姓名获取admin标识
-			if( StringUtils.isNotEmpty( attendanceAdmin.getAdminName()) ){
-				if( StringUtils.isEmpty( attendanceAdmin.getAdmin()) ){
-					Person person = null;
-					try {
-						person = userManagerService.getPersonObjByName(attendanceAdmin.getAdminName());
-					} catch (Exception e) {
-						check = false;
-						Exception exception = new ExceptionAttendanceAdminProcess(e, "系统根据人员姓名获取人员标识时发生异常.Name=" + attendanceAdmin.getAdminName() );
-						result.error(exception);
-						logger.error(e, currentPerson, request, null);
-					}
-					if( person != null ){
-						attendanceAdmin.setAdmin( person.getDistinguishedName() );
-					}
+
+		if( StringUtils.isNotEmpty( attendanceAdmin.getAdminName()) ){
+			if( StringUtils.isEmpty( attendanceAdmin.getAdmin()) ){
+				Person person = userManagerService.getPersonObjByName(attendanceAdmin.getAdminName());
+				if( person != null ){
+					attendanceAdmin.setAdmin( person.getDistinguishedName() );
 				}
 			}
 		}
 
-		if (check) {
-			try {
-				attendanceAdmin = attendanceAdminServiceAdv.save(attendanceAdmin);
-				result.setData(new Wo(attendanceAdmin.getId()));
-			} catch (Exception e) {
-				check = false;
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "系统保存管理员信息时发生异常.");
-				result.error(exception);
-				logger.error(e, currentPerson, request, null);
-			}
-		}
+		attendanceAdmin = attendanceAdminServiceAdv.save(attendanceAdmin);
+		result.setData(new Wo(attendanceAdmin.getId()));
 		return result;
 	}
-	
+
 	public static class Wi extends AttendanceAdmin {
 		private static final long serialVersionUID = -5076990764713538973L;
 		public static List<String> Excludes = new ArrayList<String>(JpaObject.FieldsUnmodify);
@@ -130,10 +77,10 @@ public class ActionSave extends BaseAction {
 			this.identity = identity;
 		}
 	}
-	
+
 	public static class Wo extends WoId {
 		public Wo( String id ) {
 			setId( id );
 		}
 	}
-}
\ No newline at end of file
+}

o2server/x_attendance_assemble_control/src/main/java/com/x/attendance/assemble/control/jaxrs/attendanceadmin/AttendanceAdminAction.java

@@ -42,17 +42,12 @@ public class AttendanceAdminAction extends StandardJaxrsAction {
 			@Context HttpServletRequest request) {
 		ActionResult<List<ActionListAll.Wo>> result = new ActionResult<>();
 		EffectivePerson effectivePerson = this.effectivePerson(request);
-		Boolean check = true;
 
-		if (check) {
-			try {
-				result = new ActionListAll().execute(request, effectivePerson);
-			} catch (Exception e) {
-				result = new ActionResult<>();
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "根据ID获取信息时发生异常！");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
+		try {
+			result = new ActionListAll().execute(request, effectivePerson);
+		} catch (Exception e) {
+			result.error(e);
+			logger.error(e, effectivePerson, request, null);
 		}
 		asyncResponse.resume(ResponseFactory.getEntityTagActionResultResponse(request, result));
 	}
@@ -66,17 +61,11 @@ public class AttendanceAdminAction extends StandardJaxrsAction {
 			@JaxrsParameterDescribe("考勤管理员配置信息ID") @PathParam("id") String id) {
 		ActionResult<ActionGet.Wo> result = new ActionResult<>();
 		EffectivePerson effectivePerson = this.effectivePerson(request);
-		Boolean check = true;
-
-		if (check) {
-			try {
-				result = new ActionGet().execute(request, effectivePerson, id);
-			} catch (Exception e) {
-				result = new ActionResult<>();
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "根据ID获取信息时发生异常！");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
+		try {
+			result = new ActionGet().execute(request, effectivePerson, id);
+		} catch (Exception e) {
+			result.error(e);
+			logger.error(e, effectivePerson, request, null);
 		}
 		asyncResponse.resume(ResponseFactory.getEntityTagActionResultResponse(request, result));
 	}
@@ -89,17 +78,11 @@ public class AttendanceAdminAction extends StandardJaxrsAction {
 			JsonElement jsonElement) {
 		ActionResult<ActionSave.Wo> result = new ActionResult<>();
 		EffectivePerson effectivePerson = this.effectivePerson(request);
-		Boolean check = true;
-
-		if (check) {
-			try {
-				result = new ActionSave().execute(request, effectivePerson, jsonElement);
-			} catch (Exception e) {
-				result = new ActionResult<>();
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "保存信息时发生异常！");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
+		try {
+			result = new ActionSave().execute(request, effectivePerson, jsonElement);
+		} catch (Exception e) {
+			result.error(e);
+			logger.error(e, effectivePerson, request, null);
 		}
 		asyncResponse.resume(ResponseFactory.getEntityTagActionResultResponse(request, result));
 	}
@@ -113,17 +96,12 @@ public class AttendanceAdminAction extends StandardJaxrsAction {
 			@JaxrsParameterDescribe("考勤管理员配置信息ID") @PathParam("id") String id) {
 		ActionResult<ActionDelete.Wo> result = new ActionResult<>();
 		EffectivePerson effectivePerson = this.effectivePerson(request);
-		Boolean check = true;
-		if (check) {
-			try {
-				result = new ActionDelete().execute(request, effectivePerson, id);
-			} catch (Exception e) {
-				result = new ActionResult<>();
-				Exception exception = new ExceptionAttendanceAdminProcess(e, "根据ID删除信息时发生异常！");
-				result.error(exception);
-				logger.error(e, effectivePerson, request, null);
-			}
+		try {
+			result = new ActionDelete().execute(request, effectivePerson, id);
+		} catch (Exception e) {
+			result.error(e);
+			logger.error(e, effectivePerson, request, null);
 		}
 		asyncResponse.resume(ResponseFactory.getEntityTagActionResultResponse(request, result));
 	}
-}
\ No newline at end of file
+}