/**
* 处理其他方法
*
* @throws Exception
* @throws
* @throws InstantiationException
*/
@SuppressWarnings({"rawtypes", "unchecked"})
protected boolean handleOther(
HttpServletRequest request,
Set<SearchFilter> filterSet,
Method method,
DataControl dataControl,
Module module)
throws Exception {
String[] ids = null;
if (method.getName().endsWith(MANY_METHOD_SUFFIX)) { // 多对象操作方法
ids = request.getParameterValues(MANY_KEY);
if (ids != null) {
filterSet.add(new SearchFilter("id", Operator.IN, ids));
}
} else {
String id = request.getParameter("id");
if (id != null) {
filterSet.add(new SearchFilter("id", Operator.EQ, id));
} else {
// 截取类似/update/{id}的id
String uri = request.getRequestURI();
String tmp = StringUtils.substringAfterLast(uri, "/");
Long longId = NumberUtils.toLong(tmp);
if (longId != 0L) {
filterSet.add(new SearchFilter("id", Operator.EQ, longId));
}
}
}
Object clazz = Class.forName(module.getClassName()).newInstance();
// Object clazz = null;
Specification spec = DynamicSpecifications.bySearchFilter(request, clazz.getClass(), filterSet);
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery criteriaQuery = builder.createQuery(clazz.getClass());
Root root = criteriaQuery.from(clazz.getClass());
Predicate predicate = spec.toPredicate(root, criteriaQuery, builder);
criteriaQuery.where(predicate);
List<Object> objects = em.createQuery(criteriaQuery).getResultList();
if (ids != null) {
if (objects.size() == ids.length) {
return true;
}
} else {
if (objects.size() > 0) {
return true;
}
}
return false;
}
@RequiresPermissions("ClassifyInfo:view")
@RequestMapping(
value = "/list",
method = {RequestMethod.GET, RequestMethod.POST})
public String list(ServletRequest request, Page page, Map<String, Object> map) {
Specification<ClassifyInfo> specification =
DynamicSpecifications.bySearchFilter(request, ClassifyInfo.class);
List<ClassifyInfo> classifyInfos = classifyInfoService.findByExample(specification, page);
map.put("page", page);
map.put("classifyInfos", classifyInfos);
mapPutCostsCategoriess(map);
return LIST;
}
@RequiresPermissions("Organization:view")
@RequestMapping(
value = "/list/{parentOrganizationId}",
method = {RequestMethod.GET, RequestMethod.POST})
public String list(
ServletRequest request,
Page page,
@PathVariable Long parentOrganizationId,
Map<String, Object> map) {
Specification<Organization> specification =
DynamicSpecifications.bySearchFilter(
request,
Organization.class,
new SearchFilter("parent.id", Operator.EQ, parentOrganizationId));
List<Organization> organizations = organizationService.findByExample(specification, page);
map.put("page", page);
map.put("organizations", organizations);
map.put("parentOrganizationId", parentOrganizationId);
return LIST;
}
/**
* @param request
* @param response
* @param handler
* @return
* @throws Exception
* @see
* org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.http.HttpServletRequest,
* javax.servlet.http.HttpServletResponse, java.lang.Object)
*/
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
DynamicSpecifications.putRequest(request);
if (!(handler instanceof HandlerMethod)) {
return true;
}
final HandlerMethod handlerMethod = (HandlerMethod) handler;
Method method = handlerMethod.getMethod();
final RequiresPermissions rps = method.getAnnotation(RequiresPermissions.class);
if (rps == null) {
return true;
}
Logical logical = rps.logical();
String[] pv = rps.value();
// 假如验证逻辑为OR,并且有些权限不需要做数据权限检查的,直接返回true。
if (logical.equals(Logical.OR)) {
for (String p : pv) {
if (p.split(PART_DIVIDER_TOKEN).length < 3) {
return true;
}
}
}
boolean firstPermitted = false;
for (String p : pv) {
String[] v = p.split(PART_DIVIDER_TOKEN);
if (v.length == 3) {
// 进行初次验证,确保shiro中用户的权限被初始化。
if (!firstPermitted) {
Subject subject = SecurityUtils.getSubject();
if (!subject.isPermitted(p)) {
throw new UnauthorizedException("数据权限验证失败!");
}
firstPermitted = true;
}
try {
// 把内部动态查询参数常量,logical放入request
request.setAttribute(SecurityConstants.NEST_DYNAMIC_SEARCH_LOGICAL, logical);
boolean checkResult =
(check(request, response, method, v[0], v[2]) == true) ? true : false;
if (!checkResult) {
throw new UnauthorizedException("数据权限验证失败!");
}
if (checkResult == true && logical.equals(Logical.OR)) {
return true;
}
} catch (Exception e) {
logger.error(Exceptions.getStackTraceAsString(e));
throw new UnauthorizedException("数据权限验证失败!");
}
}
}
return true;
}
/* (non-Javadoc)
* @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#afterCompletion(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object, java.lang.Exception)
*/
@Override
public void afterCompletion(
HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
throws Exception {
DynamicSpecifications.removeRequest();
}
