Merge branch 'fix/附件权限问题' into 'develop'

【流程平台】修复附件权限问题

See merge request o2oa/o2oa!1276

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionEdit.java

@@ -1,6 +1,7 @@
 package com.x.processplatform.assemble.surface.jaxrs.attachment;
 
 import java.util.Arrays;
+import java.util.List;
 
 import org.apache.commons.lang3.BooleanUtils;
 
@@ -52,9 +53,11 @@ class ActionEdit extends BaseAction {
 			if (BooleanUtils.isNotTrue(control.getAllowSave())) {
 				throw new ExceptionAccessDenied(effectivePerson, work);
 			}
-			Application application = business.application().pick(work.getApplication());
-			Process process = business.process().pick(work.getProcess());
-			if (!business.controllerable(effectivePerson, application, process, attachment)) {
+
+			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
+			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
+			boolean canControl = this.control(attachment, effectivePerson, identities, units);
+			if(!canControl){
 				throw new ExceptionAccessDenied(effectivePerson, attachment);
 			}
 		}

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionGetWithWorkOrWorkCompleted.java

@@ -0,0 +1,160 @@
+package com.x.processplatform.assemble.surface.jaxrs.attachment;
+
+import com.x.base.core.container.EntityManagerContainer;
+import com.x.base.core.container.factory.EntityManagerContainerFactory;
+import com.x.base.core.entity.JpaObject;
+import com.x.base.core.project.bean.WrapCopier;
+import com.x.base.core.project.bean.WrapCopierFactory;
+import com.x.base.core.project.exception.ExceptionAccessDenied;
+import com.x.base.core.project.exception.ExceptionEntityNotExist;
+import com.x.base.core.project.gson.GsonPropertyObject;
+import com.x.base.core.project.http.ActionResult;
+import com.x.base.core.project.http.EffectivePerson;
+import com.x.base.core.project.tools.ListTools;
+import com.x.processplatform.assemble.surface.Business;
+import com.x.processplatform.core.entity.content.Attachment;
+import com.x.processplatform.core.entity.content.Work;
+import com.x.processplatform.core.entity.content.WorkCompleted;
+
+import java.util.List;
+
+class ActionGetWithWorkOrWorkCompleted extends BaseAction {
+	ActionResult<Wo> execute(EffectivePerson effectivePerson, String id, String workId) throws Exception {
+		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
+			ActionResult<Wo> result = new ActionResult<>();
+			Business business = new Business(emc);
+			Work work = emc.find(workId, Work.class);
+			if(work == null){
+				WorkCompleted workCompleted = emc.find(workId, WorkCompleted.class);
+				if (null == workCompleted) {
+					throw new ExceptionEntityNotExist(workId, Work.class);
+				}
+			}
+			Attachment attachment = emc.find(id, Attachment.class);
+			if (null == attachment) {
+				throw new ExceptionEntityNotExist(id, Attachment.class);
+			}
+
+			if (!business.readableWithWorkOrWorkCompleted(effectivePerson, work.getId(),
+					new ExceptionEntityNotExist(work.getId()))) {
+				throw new ExceptionAccessDenied(effectivePerson);
+			}
+
+			Wo wo = Wo.copier.copy(attachment);
+
+			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
+			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
+			boolean canControl = this.control(wo, effectivePerson, identities, units);
+			boolean canEdit = (this.edit(wo, effectivePerson, identities, units) || canControl);
+			boolean canRead = (this.read(attachment, effectivePerson, identities, units) || canEdit);
+			if (canRead) {
+				wo.getControl().setAllowRead(true);
+				wo.getControl().setAllowEdit(canEdit);
+				wo.getControl().setAllowControl(canControl);
+			}
+
+			result.setData(wo);
+			return result;
+		}
+	}
+
+	public static class Wo extends Attachment {
+
+		private static final long serialVersionUID = 1954637399762611493L;
+
+		static WrapCopier<Attachment, Wo> copier = WrapCopierFactory.wo(Attachment.class, Wo.class, null,
+				JpaObject.FieldsInvisible);
+
+		private WoControl control = new WoControl();
+
+		public WoControl getControl() {
+			return control;
+		}
+
+		public void setControl(WoControl control) {
+			this.control = control;
+		}
+
+	}
+
+	public static class WoControl extends GsonPropertyObject {
+
+		private Boolean allowRead = false;
+		private Boolean allowEdit = false;
+		private Boolean allowControl = false;
+
+		public Boolean getAllowRead() {
+			return allowRead;
+		}
+
+		public void setAllowRead(Boolean allowRead) {
+			this.allowRead = allowRead;
+		}
+
+		public Boolean getAllowEdit() {
+			return allowEdit;
+		}
+
+		public void setAllowEdit(Boolean allowEdit) {
+			this.allowEdit = allowEdit;
+		}
+
+		public Boolean getAllowControl() {
+			return allowControl;
+		}
+
+		public void setAllowControl(Boolean allowControl) {
+			this.allowControl = allowControl;
+		}
+
+	}
+
+	private boolean read(Wo wo, EffectivePerson effectivePerson, List<String> identities, List<String> units)
+			throws Exception {
+		boolean value = false;
+		if (effectivePerson.isPerson(wo.getPerson())) {
+			value = true;
+		} else if (ListTools.isEmpty(wo.getReadIdentityList()) && ListTools.isEmpty(wo.getReadUnitList())) {
+			value = true;
+		} else {
+			if (ListTools.containsAny(identities, wo.getReadIdentityList())
+					|| ListTools.containsAny(identities, wo.getReadUnitList())) {
+				value = true;
+			}
+		}
+		wo.getControl().setAllowRead(value);
+		return value;
+	}
+
+	private boolean edit(Wo wo, EffectivePerson effectivePerson, List<String> identities, List<String> units)
+			throws Exception {
+		boolean value = false;
+		if (effectivePerson.isPerson(wo.getPerson())) {
+			value = true;
+		} else if (ListTools.isEmpty(wo.getEditIdentityList()) && ListTools.isEmpty(wo.getEditUnitList())) {
+			value = true;
+		} else {
+			if (ListTools.containsAny(identities, wo.getEditIdentityList())
+					|| ListTools.containsAny(identities, wo.getEditUnitList())) {
+				value = true;
+			}
+		}
+		return value;
+	}
+
+	private boolean control(Wo wo, EffectivePerson effectivePerson, List<String> identities, List<String> units)
+			throws Exception {
+		boolean value = false;
+		if (effectivePerson.isPerson(wo.getPerson())) {
+			value = true;
+		} else if (ListTools.isEmpty(wo.getControllerUnitList()) && ListTools.isEmpty(wo.getControllerIdentityList())) {
+			value = true;
+		} else {
+			if (ListTools.containsAny(identities, wo.getControllerIdentityList())
+					|| ListTools.containsAny(identities, wo.getControllerUnitList())) {
+				value = true;
+			}
+		}
+		return value;
+	}
+}

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/ActionUpdate.java

@@ -22,6 +22,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.tika.Tika;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 
+import java.util.List;
+
 class ActionUpdate extends BaseAction {
 
 	private static Logger logger = LoggerFactory.getLogger(ActionUpdate.class);
@@ -63,6 +65,14 @@ class ActionUpdate extends BaseAction {
 				throw new ExceptionAccessDenied(effectivePerson, work);
 			}
 
+			List<String> identities = business.organization().identity().listWithPerson(effectivePerson);
+			List<String> units = business.organization().unit().listWithPerson(effectivePerson);
+			boolean canControl = this.control(attachment, effectivePerson, identities, units);
+			boolean canEdit = (this.edit(attachment, effectivePerson, identities, units) || canControl);
+			if(!canEdit){
+				throw new ExceptionAccessDenied(effectivePerson, attachment);
+			}
+
 			StorageMapping mapping = ThisApplication.context().storageMappings().get(Attachment.class,
 					attachment.getStorage());
 			emc.beginTransaction(Attachment.class);

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/AttachmentAction.java

@@ -85,8 +85,8 @@ public class AttachmentAction extends StandardJaxrsAction {
 	@Produces(HttpMediaType.APPLICATION_JSON_UTF_8)
 	@Consumes(MediaType.APPLICATION_JSON)
 	public void getWithWorkCompleted(@Suspended final AsyncResponse asyncResponse, @Context HttpServletRequest request,
-			@JaxrsParameterDescribe("已完成工作标识") @PathParam("workCompletedId") String workCompletedId,
-			@JaxrsParameterDescribe("附件标识") @PathParam("id") String id) {
+									 @JaxrsParameterDescribe("已完成工作标识") @PathParam("workCompletedId") String workCompletedId,
+									 @JaxrsParameterDescribe("附件标识") @PathParam("id") String id) {
 		ActionResult<ActionGetWithWorkCompleted.Wo> result = new ActionResult<>();
 		EffectivePerson effectivePerson = this.effectivePerson(request);
 		try {
@@ -98,6 +98,25 @@ public class AttachmentAction extends StandardJaxrsAction {
 		asyncResponse.resume(ResponseFactory.getEntityTagActionResultResponse(request, result));
 	}
 
+	@JaxrsMethodDescribe(value = "根据WorkCompleted和附件Id获取单个附件信息", action = ActionGetWithWorkOrWorkCompleted.class)
+	@GET
+	@Path("{id}/workorworkcompleted/{workOrWorkCompleted}")
+	@Produces(HttpMediaType.APPLICATION_JSON_UTF_8)
+	@Consumes(MediaType.APPLICATION_JSON)
+	public void getWithWorkOrWorkCompleted(@Suspended final AsyncResponse asyncResponse, @Context HttpServletRequest request,
+									 @JaxrsParameterDescribe("工作或已完成工作标识") @PathParam("workOrWorkCompleted") String workOrWorkCompleted,
+									 @JaxrsParameterDescribe("附件标识") @PathParam("id") String id) {
+		ActionResult<ActionGetWithWorkOrWorkCompleted.Wo> result = new ActionResult<>();
+		EffectivePerson effectivePerson = this.effectivePerson(request);
+		try {
+			result = new ActionGetWithWorkOrWorkCompleted().execute(effectivePerson, id, workOrWorkCompleted);
+		} catch (Exception e) {
+			logger.error(e, effectivePerson, request, null);
+			result.error(e);
+		}
+		asyncResponse.resume(ResponseFactory.getEntityTagActionResultResponse(request, result));
+	}
+
 	@JaxrsMethodDescribe(value = "根据Work获取Attachment列表.", action = ActionListWithWork.class)
 	@GET
 	@Path("list/work/{workId}")

o2server/x_processplatform_assemble_surface/src/main/java/com/x/processplatform/assemble/surface/jaxrs/attachment/BaseAction.java

@@ -175,7 +175,9 @@ abstract class BaseAction extends StandardJaxrsAction {
 	public boolean read(Attachment attachment, EffectivePerson effectivePerson, List<String> identities, List<String> units)
 			throws Exception {
 		boolean value = false;
-		if (effectivePerson.isPerson(attachment.getPerson())) {
+		if(effectivePerson.isManager()) {
+			value = true;
+		}else if (effectivePerson.isPerson(attachment.getPerson())) {
 			value = true;
 		} else if (ListTools.isEmpty(attachment.getReadIdentityList()) && ListTools.isEmpty(attachment.getReadUnitList())) {
 			value = true;
@@ -191,7 +193,9 @@ abstract class BaseAction extends StandardJaxrsAction {
 	public boolean edit(Attachment attachment, EffectivePerson effectivePerson, List<String> identities, List<String> units)
 			throws Exception {
 		boolean value = false;
-		if (effectivePerson.isPerson(attachment.getPerson())) {
+		if(effectivePerson.isManager()) {
+			value = true;
+		}else if (effectivePerson.isPerson(attachment.getPerson())) {
 			value = true;
 		} else if (ListTools.isEmpty(attachment.getEditIdentityList()) && ListTools.isEmpty(attachment.getEditUnitList())) {
 			value = true;
@@ -207,7 +211,9 @@ abstract class BaseAction extends StandardJaxrsAction {
 	public boolean control(Attachment attachment, EffectivePerson effectivePerson, List<String> identities, List<String> units)
 			throws Exception {
 		boolean value = false;
-		if (effectivePerson.isPerson(attachment.getPerson())) {
+		if(effectivePerson.isManager()) {
+			value = true;
+		}else if (effectivePerson.isPerson(attachment.getPerson())) {
 			value = true;
 		} else if (ListTools.isEmpty(attachment.getControllerUnitList()) && ListTools.isEmpty(attachment.getControllerIdentityList())) {
 			value = true;