PermissionCheckAspect.java
8.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
package com.hotent.runtime.aop;
import com.fasterxml.jackson.databind.JsonNode;
import com.hotent.base.context.BaseContext;
import com.hotent.base.enums.ResponseErrorEnums;
import com.hotent.base.exception.BaseException;
import com.hotent.base.query.*;
import com.hotent.base.util.BeanUtils;
import com.hotent.base.util.ContextThread;
import com.hotent.base.util.JsonUtil;
import com.hotent.base.util.StringUtil;
import com.hotent.bpm.persistence.manager.BpmDefActManager;
import com.hotent.bpm.persistence.manager.BpmDefAuthorizeManager;
import com.hotent.bpm.persistence.manager.BpmProcessInstanceManager;
import com.hotent.bpm.persistence.manager.BpmTaskManager;
import com.hotent.bpm.persistence.model.BpmDefAuthorizeType;
import com.hotent.bpm.persistence.model.DefaultBpmProcessInstance;
import com.hotent.bpm.persistence.model.DefaultBpmTask;
import com.hotent.runtime.annotation.PermissionCheck;
import com.hotent.runtime.manager.IFlowManager;
import com.hotent.uc.api.impl.util.ContextUtil;
import io.swagger.annotations.ApiOperation;
import org.apache.poi.ss.formula.functions.T;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Map;
/**
* 流程实例和待办任务权限校验
* <pre>
* 流程实例和待办任务权限校验
* </pre>
*
* @company 广州宏天软件股份有限公司
* @author yijj
* @email yijj@jee-soft.cn
* @date 2022年11月01日
*/
@Aspect
@Component
public class PermissionCheckAspect {
@Resource
IFlowManager iFlowManager;
@Resource
BaseContext baseContext;
@Resource
BpmDefAuthorizeManager bpmDefAuthorizeManager;
@Resource
BpmProcessInstanceManager bpmProcessInstanceManager;
@Resource
BpmTaskManager bpmTaskManager;
private Logger logger = LoggerFactory.getLogger(getClass());
@Around("execution(* *..*Controller.*(..)) && @annotation(com.hotent.runtime.annotation.PermissionCheck)")
public Object permissionCheck(ProceedingJoinPoint joinPoint) throws Throwable{
//获取注解标注的方法
Class<?> targetClass = joinPoint.getTarget().getClass();
String methodName =joinPoint.getSignature().getName();
Method[] methods = targetClass.getMethods();
Object[] args = joinPoint.getArgs();
// 当前切中的方法
Method method = null;
for (int i = 0; i < methods.length; i++){
if (methods[i].getName().equals(methodName)){
method = methods[i];
break;
}
}
PermissionCheck permissionCheck = method.getAnnotation(PermissionCheck.class);
//获取被拦截方法参数名列表(使用Spring支持类库)
LocalVariableTableParameterNameDiscoverer localVariableTable = new LocalVariableTableParameterNameDiscoverer();
String[] paraNameArr = localVariableTable.getParameterNames(method);
//使用SPEL进行key的解析
ExpressionParser parser = new SpelExpressionParser();
//SPEL上下文
StandardEvaluationContext context = new StandardEvaluationContext();
//把方法参数放入SPEL上下文中
for(int i=0;i<paraNameArr.length;i++) {
context.setVariable(paraNameArr[i], args[i]);
}
String instanceId = permissionCheck.instanceId();
String taskId = permissionCheck.taskId();
String isDefAuthorize = permissionCheck.isDefAuthorize();
// 使用变量方式传入业务动态数据
if(instanceId.matches("^#.*.$")) {
instanceId = parser.parseExpression(instanceId).getValue(context, String.class);
}
if(taskId.matches("^#.*.$")) {
taskId = parser.parseExpression(taskId).getValue(context, String.class);
}
if(isDefAuthorize.matches("^#.*.$")) {
isDefAuthorize = parser.parseExpression(isDefAuthorize).getValue(context, String.class);
}
String currentUserAccount = baseContext.getCurrentUserAccout();
String currentUserId = baseContext.getCurrentUserId();
boolean isPermissions=true;
//判断是否是流程分管授权进来
if ("true".equals(isDefAuthorize)){
if (ContextUtil.getCurrentUser().isAdmin()){
return joinPoint.proceed();
}
Map<String, Object> actRight = bpmDefAuthorizeManager.getActRightByUserId(currentUserId, BpmDefAuthorizeType.BPMDEFAUTHORIZE_RIGHT_TYPE.INSTANCE, true, false);
DefaultBpmProcessInstance processInstance=new DefaultBpmProcessInstance();
String procDefKey="";
if (StringUtil.isNotEmpty(instanceId)){
processInstance = bpmProcessInstanceManager.get(instanceId);
procDefKey=processInstance.getProcDefKey();
}
if(StringUtil.isNotEmpty(taskId)){
DefaultBpmTask defaultBpmTask = bpmTaskManager.get(taskId);
procDefKey=defaultBpmTask.getProcDefKey();
}
if (actRight.containsKey("defKeys")){
if (!Arrays.asList(actRight.get("defKeys").toString().split(",")).contains("'"+procDefKey+"'")){
isPermissions=false;
}
}
}else {
if (StringUtil.isNotEmpty(instanceId)){
isPermissions=this.isInstancePermission(instanceId);
}
if (StringUtil.isNotEmpty(taskId)){
QueryFilter<DefaultBpmTask> queryFilter = QueryFilter.build();
queryFilter.addFilter("bt.id_",taskId,QueryOP.EQUAL,FieldRelation.AND);
long todoTotal = iFlowManager.getTodoList(currentUserAccount,queryFilter).get().getTotal();
long leaderTotal=0;
try {
leaderTotal = iFlowManager.getLeaderTodoList(currentUserAccount, getQueryFilter("task_id_",taskId)).getTotal();
}catch (Exception e){}
isPermissions=!(todoTotal==0&&leaderTotal==0);
}
}
if (!isPermissions){
throw new BaseException(ResponseErrorEnums.USER_PERMISSION);
}
return joinPoint.proceed();
}
/**
* 判断当前用户是否有权限访问流程实例
* @param instanceId 流程实例ID
* @return 结果
* @throws Throwable
*/
private Boolean isInstancePermission(String instanceId) throws Throwable {
String currentUserAccount = baseContext.getCurrentUserAccout();
//获取已办数量
if(iFlowManager.getDoneInstList(currentUserAccount,
getQueryFilter("wfInst.id_", instanceId), null)
.get().getTotal() > 0){
return true;
}
//获取已阅任务(知会任务)
if(iFlowManager.getNoticeDoneReadList(currentUserAccount,
getQueryFilter("bpm_task_notice_done.proc_inst_id_",instanceId))
.getTotal() > 0){
return true;
}
//获取我的请求列表
if(iFlowManager.myRequest(currentUserAccount,
getQueryFilter("bpm_pro_inst.id_",instanceId))
.getTotal() > 0){
return true;
}
//获取待阅任务(知会任务)
if(iFlowManager.getNoticeTodoReadList(currentUserAccount,
getQueryFilter("bpm_task_notice.proc_inst_id_",instanceId))
.getTotal() > 0){
return true;
}
//获取我传阅的任务(知会任务)
if(iFlowManager.getMyNoticeReadList(currentUserAccount,
getQueryFilter("bpm_task_notice.proc_inst_id_",instanceId))
.getTotal() > 0){
return true;
}
//获取用户转办代理事宜
return iFlowManager.getDelegate(currentUserAccount,
getQueryFilter("a.proc_inst_id_", instanceId))
.getTotal() > 0;
}
private QueryFilter getQueryFilter(String property,String value){
QueryFilter queryFilter = QueryFilter.build();
queryFilter.setPageBean(new PageBean(1, 1, true));
queryFilter.addFilter(property,value,QueryOP.EQUAL,FieldRelation.AND,"permissionCheck");
return queryFilter;
}
}