feat:实现特殊情况的保存
This commit is contained in:
parent
38f90de292
commit
617098577e
@ -6,6 +6,7 @@ import com.flyfish.framework.domain.po.Department;
|
||||
import com.flyfish.framework.enums.UserType;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.apache.commons.lang3.BooleanUtils;
|
||||
import org.springframework.data.mongodb.core.query.Criteria;
|
||||
|
||||
import java.util.Collections;
|
||||
@ -37,9 +38,15 @@ public abstract class AuthorizedQo<T extends AuthorizedDomain> extends NameLikeQ
|
||||
|
||||
@Override
|
||||
public CriteriaBuilder<T> criteriaBuilder() {
|
||||
// 超级管理员拥有查看所有草稿的权限
|
||||
if (user.getType() == UserType.SUPER_ADMIN) {
|
||||
return super.criteriaBuilder().with("published");
|
||||
}
|
||||
// 查询草稿,只查询自己的
|
||||
if (BooleanUtils.isFalse(published)) {
|
||||
return super.criteriaBuilder().with("published").with(() -> Criteria.where("creatorId").is(user.getId()));
|
||||
}
|
||||
// 普通查询,根据权限配置查询
|
||||
return super.criteriaBuilder()
|
||||
.with(() -> Criteria.where("$or").is(
|
||||
CriteriaBuilder.createCriteriaList(
|
||||
|
||||
@ -56,30 +56,31 @@ public final class DepartUtils {
|
||||
if (item instanceof AuthorizedVo) {
|
||||
AuthorizedVo<?> vo = CastUtils.cast(item);
|
||||
// 已发布的内容,谁都不能修改
|
||||
if (BooleanUtils.isTrue(po.getPublished())) {
|
||||
vo.setReadonly(true);
|
||||
} else {
|
||||
vo.setReadonly(false);
|
||||
// 获取当前用户
|
||||
IUser user = po.getCurrentUser();
|
||||
if (user.getType() != UserType.SUPER_ADMIN) {
|
||||
// 用户所属部门
|
||||
Set<String> userDeparts = DepartUtils.mergeDeparts(user.getDepartments());
|
||||
// 实体归属部门
|
||||
String currentDepart = po.getAuthorizeId();
|
||||
// 用户权限合集
|
||||
Set<Role.Authority> authorities = user.getRoles().stream()
|
||||
.flatMap(role -> null == role.getAuthorities() ? Stream.empty() : role.getAuthorities().stream())
|
||||
.collect(Collectors.toSet());
|
||||
// 取出权限,便于判定
|
||||
boolean admin = authorities.contains(Role.Authority.ADMIN);
|
||||
boolean edit = authorities.contains(Role.Authority.EDIT);
|
||||
boolean editChildren = authorities.contains(Role.Authority.EDIT_CHILDREN);
|
||||
// 开始判定只读情况,管理员权限或者创建者,均具有读写权限
|
||||
if (!admin && !po.getCreatorId().equals(user.getId())) {
|
||||
vo.setReadonly(!edit && userDeparts.contains(currentDepart) ||
|
||||
!editChildren && !userDeparts.contains(currentDepart));
|
||||
}
|
||||
vo.setReadonly(false);
|
||||
// 获取当前用户
|
||||
IUser user = po.getCurrentUser();
|
||||
// 非超级管理员,才需要判定
|
||||
if (user.getType() != UserType.SUPER_ADMIN) {
|
||||
// 用户所属部门
|
||||
Set<String> userDeparts = DepartUtils.mergeDeparts(user.getDepartments());
|
||||
// 实体归属部门
|
||||
String depart = po.getAuthorizeId();
|
||||
// 用户权限合集
|
||||
Set<Role.Authority> authorities = user.getRoles().stream()
|
||||
.flatMap(role -> null == role.getAuthorities() ? Stream.empty() : role.getAuthorities().stream())
|
||||
.collect(Collectors.toSet());
|
||||
// 取出权限,便于判定
|
||||
boolean admin = authorities.contains(Role.Authority.ADMIN);
|
||||
boolean edit = authorities.contains(Role.Authority.EDIT);
|
||||
boolean editChildren = authorities.contains(Role.Authority.EDIT_CHILDREN);
|
||||
// 开始判定只读情况,已发布,仅有编辑权限的用户可编辑,管理员权限或者相应部门可编辑权限,才具有读写权限
|
||||
if (BooleanUtils.isTrue(po.getPublished())) {
|
||||
vo.setReadonly(!admin && (
|
||||
!edit && userDeparts.contains(depart) || !editChildren && !userDeparts.contains(depart)
|
||||
));
|
||||
} else {
|
||||
// 草稿状态,仅创建者可编辑,其余任何人不可编辑(除了超级管理员)
|
||||
vo.setReadonly(!po.getCreatorId().equals(user.getId()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -42,6 +42,12 @@ public abstract class ReactiveBaseController<T extends Domain, Q extends Qo<T>>
|
||||
return reactiveService.count(qo).map(Result::accept);
|
||||
}
|
||||
|
||||
@PostMapping(value = "", headers = "Draft=1")
|
||||
@Operation.Create
|
||||
public Mono<Result<T>> createDraft(@RequestBody T entity) {
|
||||
return reactiveService.create(entity).map(Result::accept);
|
||||
}
|
||||
|
||||
@PostMapping("")
|
||||
@Operation.Create
|
||||
public Mono<Result<T>> create(@ValidRequestBody T entity) {
|
||||
@ -53,6 +59,12 @@ public abstract class ReactiveBaseController<T extends Domain, Q extends Qo<T>>
|
||||
return reactiveService.getById(id).map(Result::accept).defaultIfEmpty(Result.notFound());
|
||||
}
|
||||
|
||||
@PutMapping(value = "{id}", headers = "Draft=1")
|
||||
@Operation.Update
|
||||
public Mono<Result<T>> updateDraft(@RequestBody T entity) {
|
||||
return reactiveService.updateSelectiveById(entity).map(Result::accept).defaultIfEmpty(Result.notFound());
|
||||
}
|
||||
|
||||
@PutMapping("{id}")
|
||||
@Operation.Update
|
||||
public Mono<Result<T>> update(@ValidRequestBody T entity) {
|
||||
|
||||
@ -24,6 +24,7 @@ import reactor.core.publisher.Flux;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
@ -348,7 +349,7 @@ public class BaseReactiveServiceImpl<T extends Domain> implements BaseReactiveSe
|
||||
.flatMapMany(list -> repository.saveAll(list))
|
||||
.flatMap(this::post);
|
||||
}
|
||||
return Flux.fromIterable(entities);
|
||||
return Flux.fromIterable(Collections.emptyList());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
Reference in New Issue
Block a user