修改流程附件排序权限校验

f2203063 · o2sword · 26694132 · f2203063 · f2203063
2 changed file
--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionChangeOrderNumber.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionChangeOrderNumber.java
@@ -35,7 +35,7 @@ class ActionChangeOrderNumber extends BaseAction {
 			if (null == attachment) {
 				throw new ExceptionEntityNotExist(id, Attachment.class);
 			}
-			if (!business.readableWithWorkOrWorkCompleted(effectivePerson, workId)) {
+			if (!business.editable(effectivePerson, attachment.getJob())) {
 				throw new ExceptionAccessDenied(effectivePerson);
 			}
 			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);

--- a/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/BaseAction.java
+++ b/o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/BaseAction.java
@@ -10,6 +10,8 @@ import javax.persistence.criteria.CriteriaQuery;
 import javax.persistence.criteria.Predicate;
 import javax.persistence.criteria.Root;

+import com.x.processplatform.core.entity.element.Application;
+import com.x.processplatform.core.entity.element.Process;
 import org.apache.commons.collections4.ListUtils;
 import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.BooleanUtils;
@@ -258,18 +260,16 @@ abstract class BaseAction extends StandardJaxrsAction {
 	public boolean control(Attachment attachment, EffectivePerson effectivePerson, List<String> identities,
 			List<String> units, Business business) throws Exception {
 		boolean value = false;
-		if (BooleanUtils.isTrue(business.canManageApplication(effectivePerson, null))) {
-			value = true;
-		} else if (effectivePerson.isPerson(attachment.getPerson())) {
+		if (effectivePerson.isPerson(attachment.getPerson())) {
 			value = true;
 		} else if (ListTools.isEmpty(attachment.getControllerUnitList())
 				&& ListTools.isEmpty(attachment.getControllerIdentityList())) {
 			value = true;
-		} else {
-			if (ListTools.containsAny(identities, attachment.getControllerIdentityList())
+		} else if (ListTools.containsAny(identities, attachment.getControllerIdentityList())
 					|| ListTools.containsAny(units, attachment.getControllerUnitList())) {
 				value = true;
-			}
+		} else if (BooleanUtils.isTrue(business.canManageApplicationOrProcess(effectivePerson, attachment.getApplication(), attachment.getProcess()))) {
+			value = true;
 		}
 		return value;
 	}
@@ -302,7 +302,7 @@ abstract class BaseAction extends StandardJaxrsAction {

 	/**
 	 * 判断附件是否符合大小、文件类型的约束
-	 * 
+	 *
 	 * @param size
 	 * @param fileName
 	 * @param callback