Merge branch 'fix/CMS.permissionService_bug' into 'develop'

Merge of fix/CMS.permissionService_bug to develop

See merge request o2oa/o2oa!344

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/ThisApplication.java

@@ -12,6 +12,7 @@ public class ThisApplication {
 	protected static Context context;
 	
 	public static final String ROLE_CMSManager = "CMSManager@CMSManagerSystemRole@R";
+	public static final String ROLE_Manager = "Manager@ManagerSystemRole@R";
 	public static QueueDataRowImport queueDataRowImport;
 	public static QueueDocumentDelete queueDocumentDelete;
 	public static QueueDocumentUpdate queueDocumentUpdate;

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/ActionApplication.java

@@ -53,8 +53,11 @@ public class ActionApplication extends AbstractActionApplication {
 		this.classes.add(DataAction.class);
 		this.classes.add(DocumentAction.class);
 		this.classes.add(DocumentCipherAction.class);
+
+		this.classes.add(PermissionAction.class);
 		this.classes.add(PermissionForDocumentAction.class);
 		this.classes.add(PermissionManagerAction.class);
+
 		this.classes.add(DocumentViewRecordAction.class);
 		this.classes.add(FileInfoAction.class);
 		this.classes.add(FileAction.class);
@@ -73,7 +76,6 @@ public class ActionApplication extends AbstractActionApplication {
 		this.classes.add(SearchFilterAction.class);
 		this.classes.add(InputAction.class);
 		this.classes.add(OutputAction.class);
-		this.classes.add(PermissionAction.class);
 		
 		this.classes.add(AppInfoAnonymousAction.class);
 		this.classes.add(AppDictAnonymousAction.class);

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/CmsJaxrsCipherFilter.java

@@ -12,7 +12,7 @@ import javax.servlet.annotation.WebFilter;
  */
 @WebFilter(urlPatterns = { 
 		"/jaxrs/document/cipher/*",
-		"/jaxrs/permission/manager*"
+		"/jaxrs/permission/management/*"
 }, asyncSupported = true )
 public class CmsJaxrsCipherFilter extends CipherManagerJaxrsFilter {
 

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/CmsJaxrsFilter.java

@@ -31,13 +31,13 @@ import javax.servlet.annotation.WebFilter;
         "/jaxrs/surface/appdict/*",
         "/jaxrs/script/*",
         "/jaxrs/uuid/*",
-        "/jaxrs/docpermission/*",
         "/jaxrs/viewrecord/*",
         "/jaxrs/searchfilter/*",
         "/jaxrs/templateform/*",
         "/jaxrs/input/*",
         "/jaxrs/output/*",
         "/jaxrs/permission/*",
+        "/jaxrs/docpermission/*",
         "/jaxrs/comment/*",
         "/servlet/*"
 }, asyncSupported = true)

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/categoryinfo/ActionSave.java

@@ -51,7 +51,16 @@ public class ActionSave extends BaseAction {
 			result.error(exception);
 			logger.error(e, effectivePerson, request, null);
 		}
-		
+
+		//判断用户是否有权限来进行分类的管理
+		if (check) {
+			if( !userManagerService.hasCategoryManagerPermission( effectivePerson, wi.getAppId() ) ){
+				check = false;
+				Exception exception = new ExceptionCategoryInfoProcess("用户操作权限不足，无法在此栏目中管理分类信息。" );
+				result.error(exception);
+			}
+		}
+
 		if (check) {
 			if ( StringUtils.isEmpty( identityName ) && !"xadmin".equalsIgnoreCase(effectivePerson.getDistinguishedName())) {
 				try {

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/categoryinfo/ExceptionCategoryInfoProcess.java

@@ -9,4 +9,8 @@ class ExceptionCategoryInfoProcess extends PromptException {
 	ExceptionCategoryInfoProcess( Throwable e, String message ) {
 		super( message, e );
 	}
+
+	ExceptionCategoryInfoProcess( String message ) {
+		super( message );
+	}
 }

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/jaxrs/permission/PermissionManagerAction.java

@@ -19,7 +19,7 @@ import javax.ws.rs.container.Suspended;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 
-@Path("permission/manager")
+@Path("permission/management")
 @JaxrsDescribe("文档权限操作服务（管理员）")
 public class PermissionManagerAction extends StandardJaxrsAction {
 

o2server/x_cms_assemble_control/src/main/java/com/x/cms/assemble/control/service/UserManagerService.java

@@ -3,6 +3,7 @@ package com.x.cms.assemble.control.service;
 import java.util.ArrayList;
 import java.util.List;
 
+import com.x.cms.core.entity.AppInfo;
 import org.apache.commons.lang3.StringUtils;
 
 import com.x.base.core.container.EntityManagerContainer;
@@ -530,4 +531,70 @@ public class UserManagerService {
 		}
 		return false;
 	}
+
+	public boolean hasCategoryManagerPermission( EffectivePerson person, String appId) throws Exception {
+		//xadmin或者Cipher
+		if( person.isManager() || person.isCipher() ){
+			return true;
+		}
+		if( StringUtils.equalsIgnoreCase("xadmin", person.getName() ) || StringUtils.equalsIgnoreCase("xadmin", person.getDistinguishedName() ) ){
+			return true;
+		}
+		UserManagerService userManagerService = new UserManagerService();
+		//Manager管理员
+		if( userManagerService.isHasPlatformRole( person.getDistinguishedName(), ThisApplication.ROLE_Manager )){
+			return true;
+		}
+		//CMS管理员
+		if( userManagerService.isHasPlatformRole( person.getDistinguishedName(), ThisApplication.ROLE_CMSManager )){
+			return true;
+		}
+
+		//查询用户是否为该栏目的管理者
+		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
+			AppInfo appInfo = emc.find( appId, AppInfo.class );
+			//是管理员
+			if( ListTools.isNotEmpty(appInfo.getManageablePersonList()) && ListTools.contains( appInfo.getManageablePersonList(), person.getDistinguishedName() )){
+				return true;
+			}
+			if( ListTools.isNotEmpty( appInfo.getManageableUnitList() )){
+				List<String> unitNames = userManagerService.listUnitNamesWithPerson( person.getDistinguishedName() );
+				if( ListTools.isNotEmpty( unitNames )){
+					unitNames.retainAll( appInfo.getManageableUnitList() );
+					if( ListTools.isNotEmpty( unitNames )){
+						return true;
+					}
+				}
+			}
+			if( ListTools.isNotEmpty( appInfo.getManageableGroupList() )){
+				List<String> groupNames = userManagerService.listGroupNamesByPerson( person.getDistinguishedName() );
+				if( ListTools.isNotEmpty( groupNames )){
+					groupNames.retainAll( appInfo.getManageableGroupList() );
+					if( ListTools.isNotEmpty( groupNames )){
+						return true;
+					}
+				}
+			}
+		} catch (Exception e) {
+			throw e;
+		}
+
+		return false;
+	}
+
+	public boolean hasAppInfoManagerPermission( EffectivePerson person ) throws Exception {
+		//系统管理员
+		if( person.isManager() || person.isCipher() ){
+			return true;
+		}
+		if( StringUtils.equalsIgnoreCase("xadmin", person.getName() ) || StringUtils.equalsIgnoreCase("xadmin", person.getDistinguishedName() ) ){
+			return true;
+		}
+		//CMS管理员
+		UserManagerService userManagerService = new UserManagerService();
+		if( userManagerService.isHasPlatformRole( person.getDistinguishedName(), ThisApplication.ROLE_CMSManager )){
+			return true;
+		}
+		return false;
+	}
 }