角色数据权限范围,支持扩展自定义的数据权限,并相关权限功能优化改进;新增本部门数据、本公司数据、本部门和本公司数据的权限范围
This commit is contained in:
thinkgem
Binary file not shown.
@@ -61,7 +61,9 @@ import com.jeesite.common.utils.excel.fieldtype.OfficeType;
|
||||
@Column(name="area_name", label="区域名称", isQuery=false),
|
||||
@Column(name="area_type", label="区域类型"),
|
||||
}),
|
||||
}, extWhereKeys="dsfOffice, dsfCompany", orderBy="a.user_weight DESC, a.update_date DESC"
|
||||
},
|
||||
extWhereKeys="dsfOffice, dsfCompany",
|
||||
orderBy="a.user_weight DESC, a.update_date DESC"
|
||||
)
|
||||
public class EmpUser extends User {
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ public class Office extends TreeEntity<Office> {
|
||||
private String viewCode; // 机构代码(作为显示用,多租户内唯一)
|
||||
private String officeName; // 机构名称
|
||||
private String fullName; // 机构全称
|
||||
private String officeType; // 机构类型(1:公司;2:部门;3:小组)
|
||||
private String officeType; // 机构类型(1:省级公司;2:市级公司;3:部门)
|
||||
private String leader; // 负责人
|
||||
private String phone; // 电话
|
||||
private String address; // 联系地址
|
||||
|
||||
@@ -28,7 +28,6 @@ import com.jeesite.common.lang.StringUtils;
|
||||
import com.jeesite.common.web.BaseController;
|
||||
import com.jeesite.modules.sys.entity.Company;
|
||||
import com.jeesite.modules.sys.entity.Office;
|
||||
import com.jeesite.modules.sys.entity.UserDataScope;
|
||||
import com.jeesite.modules.sys.service.CompanyService;
|
||||
import com.jeesite.modules.sys.service.OfficeService;
|
||||
import com.jeesite.modules.sys.utils.UserUtils;
|
||||
@@ -74,7 +73,7 @@ public class CompanyController extends BaseController {
|
||||
@RequiresPermissions("user")
|
||||
@RequestMapping(value = "listData")
|
||||
@ResponseBody
|
||||
public List<Company> listData(Company company) {
|
||||
public List<Company> listData(Company company, String ctrlPermi) {
|
||||
if (StringUtils.isBlank(company.getParentCode())) {
|
||||
company.setParentCode(Company.ROOT_CODE);
|
||||
}
|
||||
@@ -83,7 +82,7 @@ public class CompanyController extends BaseController {
|
||||
|| StringUtils.isNotBlank(company.getFullName())){
|
||||
company.setParentCode(null);
|
||||
}
|
||||
companyService.addDataScopeFilter(company, UserDataScope.CTRL_PERMI_MANAGE);
|
||||
companyService.addDataScopeFilter(company, ctrlPermi);
|
||||
List<Company> list = companyService.findList(company);
|
||||
return list;
|
||||
}
|
||||
@@ -211,8 +210,7 @@ public class CompanyController extends BaseController {
|
||||
Company where = new Company();
|
||||
where.setStatus(Company.STATUS_NORMAL);
|
||||
if (!(isAll != null && isAll)){
|
||||
companyService.addDataScopeFilter(where, StringUtils.defaultIfBlank(
|
||||
ctrlPermi, UserDataScope.CTRL_PERMI_HAVE));
|
||||
companyService.addDataScopeFilter(where, ctrlPermi);
|
||||
}
|
||||
List<Company> list = companyService.findList(where);
|
||||
for (int i = 0; i < list.size(); i++) {
|
||||
|
||||
@@ -24,7 +24,6 @@ import com.jeesite.common.idgen.IdGen;
|
||||
import com.jeesite.common.lang.StringUtils;
|
||||
import com.jeesite.common.web.BaseController;
|
||||
import com.jeesite.modules.sys.entity.Office;
|
||||
import com.jeesite.modules.sys.entity.UserDataScope;
|
||||
import com.jeesite.modules.sys.service.OfficeService;
|
||||
import com.jeesite.modules.sys.utils.UserUtils;
|
||||
import com.jeesite.modules.sys.web.user.EmpUserController;
|
||||
@@ -71,7 +70,7 @@ public class OfficeController extends BaseController {
|
||||
@RequiresPermissions("user")
|
||||
@RequestMapping(value = "listData")
|
||||
@ResponseBody
|
||||
public List<Office> listData(Office office) {
|
||||
public List<Office> listData(Office office, String ctrlPermi) {
|
||||
if (StringUtils.isBlank(office.getParentCode())){
|
||||
office.setParentCode(Office.ROOT_CODE);
|
||||
}
|
||||
@@ -80,7 +79,7 @@ public class OfficeController extends BaseController {
|
||||
|| StringUtils.isNotBlank(office.getFullName())){
|
||||
office.setParentCode(null);
|
||||
}
|
||||
officeService.addDataScopeFilter(office, UserDataScope.CTRL_PERMI_MANAGE);
|
||||
officeService.addDataScopeFilter(office, ctrlPermi);
|
||||
List<Office> list = officeService.findList(office);
|
||||
return list;
|
||||
}
|
||||
@@ -204,7 +203,7 @@ public class OfficeController extends BaseController {
|
||||
* @param excludeCode 排除的ID
|
||||
* @param parentCode 上级Code
|
||||
* @param isAll 是否显示所有机构(true:不进行权限过滤)
|
||||
* @param officeTypes 机构类型(1:公司, 2:部门, 3:小组, 4:其它)
|
||||
* @param officeTypes 机构类型(1:省级公司;2:市级公司;3:部门)
|
||||
* @param companyCode 仅查询公司下的机构
|
||||
* @param isShowCode 是否显示编码(true or 1:显示在左侧;2:显示在右侧;false or null:不显示)
|
||||
* @param isShowFullName 是否显示全机构名称
|
||||
@@ -224,8 +223,7 @@ public class OfficeController extends BaseController {
|
||||
where.setStatus(Office.STATUS_NORMAL);
|
||||
where.setCompanyCode(companyCode);
|
||||
if (!(isAll != null && isAll)){
|
||||
officeService.addDataScopeFilter(where, StringUtils.defaultIfBlank(
|
||||
ctrlPermi, UserDataScope.CTRL_PERMI_HAVE));
|
||||
officeService.addDataScopeFilter(where, ctrlPermi);
|
||||
}
|
||||
List<Office> list = officeService.findList(where);
|
||||
for (int i = 0; i < list.size(); i++) {
|
||||
@@ -272,7 +270,7 @@ public class OfficeController extends BaseController {
|
||||
map.put("isParent", true);
|
||||
List<Map<String, Object>> userList;
|
||||
userList = empUserController.treeData("u_", e.getOfficeCode(), e.getOfficeCode(),
|
||||
companyCode, postCode, roleCode, isAll, isShowCode);
|
||||
companyCode, postCode, roleCode, isAll, isShowCode, ctrlPermi);
|
||||
mapList.addAll(userList);
|
||||
}
|
||||
mapList.add(map);
|
||||
|
||||
@@ -92,11 +92,11 @@ public class EmpUserController extends BaseController {
|
||||
@RequiresPermissions("user")
|
||||
@RequestMapping(value = "listData")
|
||||
@ResponseBody
|
||||
public Page<EmpUser> listData(EmpUser empUser, Boolean isAll, HttpServletRequest request, HttpServletResponse response) {
|
||||
public Page<EmpUser> listData(EmpUser empUser, Boolean isAll, String ctrlPermi, HttpServletRequest request, HttpServletResponse response) {
|
||||
empUser.getEmployee().getOffice().setIsQueryChildren(true);
|
||||
empUser.getEmployee().getCompany().setIsQueryChildren(true);
|
||||
if (!(isAll != null && isAll)){
|
||||
empUserService.addDataScopeFilter(empUser, UserDataScope.CTRL_PERMI_MANAGE);
|
||||
empUserService.addDataScopeFilter(empUser, ctrlPermi);
|
||||
}
|
||||
empUser.setPage(new Page<>(request, response));
|
||||
Page<EmpUser> page = empUserService.findPage(empUser);
|
||||
@@ -172,11 +172,11 @@ public class EmpUserController extends BaseController {
|
||||
*/
|
||||
@RequiresPermissions("sys:empUser:view")
|
||||
@RequestMapping(value = "exportData")
|
||||
public void exportData(EmpUser empUser, Boolean isAll, HttpServletResponse response) {
|
||||
public void exportData(EmpUser empUser, Boolean isAll, String ctrlPermi, HttpServletResponse response) {
|
||||
empUser.getEmployee().getOffice().setIsQueryChildren(true);
|
||||
empUser.getEmployee().getCompany().setIsQueryChildren(true);
|
||||
if (!(isAll != null && isAll)){
|
||||
empUserService.addDataScopeFilter(empUser, UserDataScope.CTRL_PERMI_MANAGE);
|
||||
empUserService.addDataScopeFilter(empUser, ctrlPermi);
|
||||
}
|
||||
List<EmpUser> list = empUserService.findList(empUser);
|
||||
String fileName = "用户数据" + DateUtils.getDate("yyyyMMddHHmmss") + ".xlsx";
|
||||
@@ -354,8 +354,8 @@ public class EmpUserController extends BaseController {
|
||||
@RequestMapping(value = "treeData")
|
||||
@ResponseBody
|
||||
public List<Map<String, Object>> treeData(String idPrefix, String pId,
|
||||
String officeCode, String companyCode, String postCode,
|
||||
String roleCode, Boolean isAll, String isShowCode) {
|
||||
String officeCode, String companyCode, String postCode, String roleCode,
|
||||
Boolean isAll, String isShowCode, String ctrlPermi) {
|
||||
List<Map<String, Object>> mapList = ListUtils.newArrayList();
|
||||
EmpUser empUser = new EmpUser();
|
||||
Employee employee = empUser.getEmployee();
|
||||
@@ -369,7 +369,7 @@ public class EmpUserController extends BaseController {
|
||||
empUser.setUserType(User.USER_TYPE_EMPLOYEE);
|
||||
empUser.setMgrType(User.MGR_TYPE_NOT_ADMIN);
|
||||
if (!(isAll != null && isAll)) {
|
||||
empUserService.addDataScopeFilter(empUser);
|
||||
empUserService.addDataScopeFilter(empUser, ctrlPermi);
|
||||
}
|
||||
List<EmpUser> list = empUserService.findList(empUser);
|
||||
for (int i = 0; i < list.size(); i++) {
|
||||
@@ -388,13 +388,12 @@ public class EmpUserController extends BaseController {
|
||||
*/
|
||||
@RequiresPermissions("user")
|
||||
@RequestMapping(value = "empUserSelect")
|
||||
public String empUserSelect(EmpUser empUser, String selectData, String checkbox, Model model) {
|
||||
public String empUserSelect(EmpUser empUser, String selectData, Model model) {
|
||||
String selectDataJson = EncodeUtils.decodeUrl(selectData);
|
||||
if (JsonMapper.fromJson(selectDataJson, Map.class) != null){
|
||||
model.addAttribute("selectData", selectDataJson);
|
||||
}
|
||||
model.addAttribute("checkbox", checkbox); // 是否显示复选框,支持多选
|
||||
model.addAttribute("empUser", empUser); // ModelAttribute
|
||||
model.addAttribute("empUser", empUser);
|
||||
return "modules/sys/user/empUserSelect";
|
||||
}
|
||||
|
||||
|
||||
@@ -24,7 +24,7 @@ jdbc:
|
||||
minIdle: 3
|
||||
# 最大连接数
|
||||
maxActive: 20
|
||||
|
||||
|
||||
# 获取连接等待超时时间,单位毫秒(4.0.6+)
|
||||
maxWait: 60000
|
||||
|
||||
@@ -81,13 +81,13 @@ adminPath: /a
|
||||
# 前端基础路径
|
||||
frontPath: /f
|
||||
|
||||
# 分页配置
|
||||
# 分页相关
|
||||
page:
|
||||
|
||||
# 分页默认大小
|
||||
pageSize: 20
|
||||
|
||||
# 用户相关参数
|
||||
# 用户相关
|
||||
user:
|
||||
|
||||
# 指定超级管理员编号(研发团队使用的账号)
|
||||
@@ -143,7 +143,7 @@ user:
|
||||
expandLevel: -1,
|
||||
remarks: ""
|
||||
}]
|
||||
|
||||
|
||||
# 多租户模式(SAAS模式)(专业版)
|
||||
useCorpModel: false
|
||||
|
||||
@@ -153,7 +153,47 @@ user:
|
||||
registerUser:
|
||||
enabled: false
|
||||
userTypes: 0, 1
|
||||
|
||||
|
||||
# 角色管理
|
||||
role:
|
||||
# 扩展数据权限定义:3:本部门;4:本公司;5:本部门和本公司
|
||||
# 如果 ctrlTypeClass 为 NONE,则代表是不控制该类型权限
|
||||
extendDataScopes: >
|
||||
{
|
||||
3: {
|
||||
Office: {
|
||||
ctrlTypeClass: "com.jeesite.modules.sys.entity.Office",
|
||||
ctrlDataAttrName: "currentUser.refObj.office.officeCode",
|
||||
ctrlDataParentCodesAttrName: "currentUser.refObj.office.parentCodes"
|
||||
},
|
||||
Company: {
|
||||
ctrlTypeClass: "NONE"
|
||||
}
|
||||
},
|
||||
4: {
|
||||
Office: {
|
||||
ctrlTypeClass: "NONE"
|
||||
},
|
||||
Company: {
|
||||
ctrlTypeClass: "com.jeesite.modules.sys.entity.Company",
|
||||
ctrlDataAttrName: "currentUser.refObj.company.companyCode",
|
||||
ctrlDataParentCodesAttrName: "currentUser.refObj.company.parentCodes"
|
||||
}
|
||||
},
|
||||
5: {
|
||||
Office: {
|
||||
ctrlTypeClass: "com.jeesite.modules.sys.entity.Office",
|
||||
ctrlDataAttrName: "currentUser.refObj.office.officeCode",
|
||||
ctrlDataParentCodesAttrName: "currentUser.refObj.office.parentCodes"
|
||||
},
|
||||
Company: {
|
||||
ctrlTypeClass: "com.jeesite.modules.sys.entity.Company",
|
||||
ctrlDataAttrName: "currentUser.refObj.company.companyCode",
|
||||
ctrlDataParentCodesAttrName: "currentUser.refObj.company.parentCodes"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# 菜单管理
|
||||
menu:
|
||||
# 根据模块状态去更新相连的菜单状态(仅作为微服务时设为false)
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
<div class="col-sm-8">
|
||||
<#form:treeselect id="parent" title="${text('上级公司')}"
|
||||
path="parent.id" labelPath="parent.companyName"
|
||||
url="${ctx}/sys/company/treeData?excludeCode=${company.id}"
|
||||
url="${ctx}/sys/company/treeData?excludeCode=${company.id}&ctrlPermi=2"
|
||||
class="" allowClear="true" canSelectRoot="true" canSelectParent="true"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
<div class="box-body">
|
||||
<#form:form id="searchForm" model="${company}" action="${ctx}/sys/company/listData" method="post" class="form-inline hide"
|
||||
data-page-no="${parameter.pageNo}" data-page-size="${parameter.pageSize}" data-order-by="${parameter.orderBy}">
|
||||
<#form:hidden name="ctrlPermi" value="2"/>
|
||||
<div class="form-group">
|
||||
<label class="control-label">${text('公司代码')}:</label>
|
||||
<div class="control-inline">
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
<div class="col-sm-8">
|
||||
<#form:treeselect id="parent" title="${text('上级机构')}"
|
||||
path="parent.id" labelPath="parent.officeName"
|
||||
url="${ctx}/sys/office/treeData?excludeCode=${office.id}"
|
||||
url="${ctx}/sys/office/treeData?excludeCode=${office.id}&ctrlPermi=2"
|
||||
class="" allowClear="true" canSelectRoot="true" canSelectParent="true"/>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
<div class="box-body">
|
||||
<#form:form id="searchForm" model="${office}" action="${ctx}/sys/office/listData" method="post" class="form-inline hide"
|
||||
data-page-no="${parameter.pageNo}" data-page-size="${parameter.pageSize}" data-order-by="${parameter.orderBy}">
|
||||
<#form:hidden name="ctrlPermi" value="2"/>
|
||||
<div class="form-group">
|
||||
<label class="control-label">${text('机构代码')}:</label>
|
||||
<div class="control-inline">
|
||||
|
||||
@@ -25,7 +25,7 @@
|
||||
<div class="col-sm-8">
|
||||
<#form:treeselect id="office" title="${text('机构选择')}"
|
||||
path="employee.office.officeCode" labelPath="employee.office.officeName"
|
||||
url="${ctx}/sys/office/treeData" class="required" allowClear="false"/>
|
||||
url="${ctx}/sys/office/treeData?ctrlPermi=2" class="required" allowClear="false"/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
@@ -36,7 +36,7 @@
|
||||
<div class="col-sm-8">
|
||||
<#form:treeselect id="company" title="${text('公司选择')}"
|
||||
path="employee.company.companyCode" labelPath="employee.company.companyName"
|
||||
url="${ctx}/sys/company/treeData" btnClass="" allowClear="true"/>
|
||||
url="${ctx}/sys/company/treeData?ctrlPermi=2" btnClass="" allowClear="true"/>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -24,6 +24,7 @@
|
||||
<div class="box-body">
|
||||
<#form:form id="searchForm" model="${empUser}" action="${ctx}/sys/empUser/listData" method="post" class="form-inline "
|
||||
data-page-no="${parameter.pageNo}" data-page-size="${parameter.pageSize}" data-order-by="${parameter.orderBy}">
|
||||
<#form:hidden name="ctrlPermi" value="2"/>
|
||||
<div class="form-group">
|
||||
<label class="control-label">${text('账号')}:</label>
|
||||
<div class="control-inline">
|
||||
@@ -66,7 +67,7 @@
|
||||
<div class="control-inline width-90">
|
||||
<#form:treeselect id="office" title="${text('机构选择')}"
|
||||
path="employee.office.officeCode" labelPath="employee.office.officeName"
|
||||
url="${ctx}/sys/office/treeData" btnClass="btn-sm" allowClear="true" canSelectParent="true"/>
|
||||
url="${ctx}/sys/office/treeData?ctrlPermi=2" btnClass="btn-sm" allowClear="true" canSelectParent="true"/>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
@@ -74,7 +75,7 @@
|
||||
<div class="control-inline width-90">
|
||||
<#form:treeselect id="company" title="${text('公司选择')}"
|
||||
path="employee.company.companyCode" labelPath="employee.company.companyName"
|
||||
url="${ctx}/sys/company/treeData" btnClass="btn-sm" allowClear="true" canSelectParent="true"/>
|
||||
url="${ctx}/sys/company/treeData?ctrlPermi=2" btnClass="btn-sm" allowClear="true" canSelectParent="true"/>
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
|
||||
@@ -5,6 +5,7 @@
|
||||
<#form:form id="searchForm" action="${ctx}/sys/empUser/listData" method="post" class="form-inline "
|
||||
data-page-no="${parameter.pageNo}" data-page-size="${parameter.pageSize}" data-order-by="${parameter.orderBy}">
|
||||
<#form:hidden name="status" value="${isNotBlank(empUser.status) ? empUser.status : '0'}"/>
|
||||
<#form:hidden name="isAll" value="${parameter.isAll}"/>
|
||||
<div class="form-group">
|
||||
<label class="control-label">${text('账号')}:</label>
|
||||
<div class="control-inline">
|
||||
@@ -102,7 +103,7 @@ selectNum = 0, dataGrid = $('#dataGrid').dataGrid({
|
||||
$('.tags-input').height($('.ui-jqgrid').height() - 10);
|
||||
return height;
|
||||
},
|
||||
showCheckbox: ${checkbox! == 'true'},
|
||||
showCheckbox: '${parameter.checkbox}' == 'true',
|
||||
multiboxonly: false, // 单击复选框时再多选
|
||||
ajaxSuccess: function(data){
|
||||
$.each(selectData, function(key, value){
|
||||
@@ -111,7 +112,7 @@ selectNum = 0, dataGrid = $('#dataGrid').dataGrid({
|
||||
initSelectTag();
|
||||
},
|
||||
onSelectRow: function(id, isSelect, event){
|
||||
if (${checkbox! == 'true'}){
|
||||
if ('${parameter.checkbox}' == 'true'){
|
||||
if(isSelect){
|
||||
selectData[id] = JSON.parse(dataGrid.dataGrid('getRowData', id).rowData);
|
||||
}else{
|
||||
@@ -124,7 +125,7 @@ selectNum = 0, dataGrid = $('#dataGrid').dataGrid({
|
||||
initSelectTag();
|
||||
},
|
||||
onSelectAll: function(ids, isSelect){
|
||||
if (${checkbox! == 'true'}){
|
||||
if ('${parameter.checkbox}' == 'true'){
|
||||
for (var i=0; i<ids.length; i++){
|
||||
if(isSelect){
|
||||
selectData[ids[i]] = JSON.parse(dataGrid.dataGrid('getRowData', ids[i]).rowData);
|
||||
@@ -136,7 +137,7 @@ selectNum = 0, dataGrid = $('#dataGrid').dataGrid({
|
||||
initSelectTag();
|
||||
},
|
||||
ondblClickRow: function(id, rownum, colnum, event){
|
||||
if (${checkbox! != 'true'}){
|
||||
if ('${parameter.checkbox}' != 'true'){
|
||||
js.layer.$('#' + window.name).closest('.layui-layer')
|
||||
.find(".layui-layer-btn0").trigger("click");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user