package com.kingdee.eas.base.permission.app.adapter; import com.kingdee.bos.BOSException; import com.kingdee.bos.Context; import com.kingdee.bos.dao.IObjectPK; import com.kingdee.bos.dao.IObjectValue; import com.kingdee.bos.dao.ormapping.impl.ImplUtils; import com.kingdee.bos.metadata.IMetaDataLoader; import com.kingdee.bos.metadata.IMetaDataPK; import com.kingdee.bos.metadata.MetaDataLoaderFactory; import com.kingdee.bos.metadata.MetaDataTypeList; import com.kingdee.bos.metadata.bo.BusinessObjectInfo; import com.kingdee.bos.metadata.bo.MethodCollection; import com.kingdee.bos.metadata.bo.MethodInfo; import com.kingdee.bos.metadata.entity.EntityViewInfo; import com.kingdee.bos.metadata.entity.FilterInfo; import com.kingdee.bos.service.AbstractServiceAdapter; import com.kingdee.bos.service.IServiceAdapter; import com.kingdee.bos.service.IServiceContext; import com.kingdee.bos.sql.ParserException; import com.kingdee.bos.util.BOSObjectType; import com.kingdee.bos.util.BOSUuid; import com.kingdee.bos.workflow.metas.AssignFactory; import com.kingdee.bos.workflow.metas.IAssign; import com.kingdee.eas.base.param.util.ParamManager; import com.kingdee.eas.base.permission.IPermission; import com.kingdee.eas.base.permission.IPermissionServiceProvider; import com.kingdee.eas.base.permission.OperationType; import com.kingdee.eas.base.permission.PermDebugHelper; import com.kingdee.eas.base.permission.PermItemInfo; import com.kingdee.eas.base.permission.PermissionException; import com.kingdee.eas.base.permission.PermissionFactory; import com.kingdee.eas.base.permission.PermissionServiceException; import com.kingdee.eas.base.permission.PermissionServiceProviderFactory; import com.kingdee.eas.base.permission.app.cache.IPermItemCache; import com.kingdee.eas.base.permission.app.cache.PermissionCacheFactory; import com.kingdee.eas.base.permission.app.config.PermissionFilterConfiguration; import com.kingdee.eas.common.EASBizException; import com.kingdee.util.LowTimer; import com.kingdee.util.StringUtils; import org.apache.log4j.Logger; public class PermissionServiceAdapter extends AbstractServiceAdapter implements IServiceAdapter { private static Logger logger = Logger.getLogger(PermissionServiceAdapter.class); protected static final String PERMISSION_ITEMS = "PERMISSION_ITEMS"; private static final String DISABLE_DATA_PERM = "DISABLE_DATA_PERM"; private static final int PERMISSION_PRIORITY = 100; public int getPriority() { return 100; } public String getName() { return "PERMISSION_SERVICE"; } public void execute(IServiceContext serviceContext) throws BOSException { LowTimer lowTimer = new LowTimer(); float beginTime = (float)lowTimer.msValue(); float endTime = (float)lowTimer.msValue(); Context context = serviceContext.getContext(); Object objForKScript = context.get("disablePermissionForKScript"); StringBuffer objForKScriptLog = new StringBuffer().append(":disablePermissionForKScript is set to be:").append(objForKScript); PermDebugHelper.logInfo(objForKScriptLog.toString()); logger.error("start^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"); logger.error("end^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"); if (objForKScript != null) { if ((objForKScript instanceof Boolean)) { if (((Boolean)objForKScript).booleanValue()) { return; } } } try { if (serviceContext.getExecutionMode() == 0) { handleServiceBefore(serviceContext); } } catch (EASBizException e) { logger.error("", e); throw new PermissionServiceException(e.getMessage()); } if (logger.isDebugEnabled()) { endTime = (float)lowTimer.msValue(); logger.debug("execute(): " + (endTime - beginTime)); } } public boolean enableDataPermFromContext(IServiceContext serviceContext) { boolean defaultVaue = true; if ((serviceContext == null) || (serviceContext.getContext() == null)) return defaultVaue; String disableDataPerm = StringUtils.cnulls(serviceContext.getContext().get("DISABLE_DATA_PERM")); if (disableDataPerm.equalsIgnoreCase("true")) return !defaultVaue; StringBuffer enableDataPermissionFromContextLog = new StringBuffer().append("enableDataPermFromContext is set to :" + defaultVaue); PermDebugHelper.logInfo(enableDataPermissionFromContextLog.toString()); return defaultVaue; } private void handleServiceBefore(IServiceContext serviceContext) throws EASBizException, BOSException { if (isBindPermission(serviceContext)) { IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext()); String[] permItemNames = getPermItemNames(serviceContext); int length = permItemNames.length; boolean isEnableDataPermFromContext = enableDataPermFromContext(serviceContext); boolean isEnableDataPermission = provider.isEnableDataPermission(); for (int i = 0; i < length; i++) { if ((isEnableDataPermission) && (isEnableDataPermFromContext)) { PermDebugHelper.logInfo("handleServiceBefore:is enableDataPermission"); handleWithEnableDataPermision(serviceContext, permItemNames[i]); } else { PermDebugHelper.logInfo("handleServiceBefore:is not enableDataPermission"); handleWithoutEnableDataPermision(serviceContext, permItemNames[i]); } } } } private boolean isFacadeObject(IServiceContext serviceContext) { return serviceContext.getMetaType() == MetaDataTypeList.FACADE; } private boolean isEntityObject(IServiceContext serviceContext) { return serviceContext.getMetaType() == MetaDataTypeList.ENTITY; } private boolean isQueryObject(IServiceContext serviceContext) { return serviceContext.getMetaType() == MetaDataTypeList.BASEQUERY; } private void bindPermissionContext(IServiceContext serviceContext, String rule) throws EASBizException, BOSException { PermissionServiceAdapterHelper.bindPermissionContext(serviceContext, rule); } private String[] getPermItemNames(IServiceContext serviceContext) { return (String[])serviceContext.getServiceParameter("PERMISSION_SERVICE", "PERMISSION_ITEMS"); } private boolean isBindPermission(IServiceContext serviceContext) { String[] permItemNames = getPermItemNames(serviceContext); return (permItemNames != null) && (permItemNames.length > 0); } private IObjectPK getMainBizOrgPK(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { return PermissionServiceAdapterHelper.getMainBizOrgPK(serviceContext, permItemInfo); } private void handleWithoutEnableDataPermision(IServiceContext serviceContext, String permItemName) throws EASBizException, BOSException { PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName); if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext))) { PermDebugHelper.logInfo("handleWithoutEnableDataPermision:is facade or entity object"); handleMethodFunctionPermission(serviceContext, permItemInfo); } else if (isQueryObject(serviceContext)) { PermDebugHelper.logInfo("handleWithoutEnableDataPermision is query object"); handleQueryFunctionPermission(serviceContext, permItemInfo); } } private void handleMethodFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext()); iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName()); } private boolean hasFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext()); return iPermission.hasFunctionPermission(userPK, orgPK, permItemInfo.getName()); } private void handleQueryFunctionPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { if (!hasFunctionPermission(serviceContext, permItemInfo)) { PermDebugHelper.logInfo("handleQueryFunctionPermission:has not function permission ,add no permission filter"); bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName())); } } private void handleMethodDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); Object objForKScript = context.get("disablePermissionForKScript"); StringBuffer objForKScriptLog = new StringBuffer().append("::disablePermissionForKScript is set to be::").append(objForKScript); PermDebugHelper.logInfo(objForKScriptLog.toString()); IPermission iPermission = PermissionFactory.getLocalInstance(serviceContext.getContext()); if ((StringUtils.isEmpty(permItemInfo.getObjectType())) || (!permItemInfo.isEnableDataPermission())) { StringBuffer onlyFunctionLog = new StringBuffer().append(",permitem:").append(permItemInfo.getName()).append(" objectType is null or enableDatapermission is false"); PermDebugHelper.logInfo(onlyFunctionLog.toString()); iPermission.checkFunctionPermission(userPK, orgPK, permItemInfo.getName()); } else { BOSObjectType objectType = BOSObjectType.create(permItemInfo.getObjectType()); if (permItemInfo.getOperationType().equals(OperationType.ADDNEW)) { IObjectValue objectValue = getObjectValue(serviceContext, objectType); if (objectValue != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue); } } else if (permItemInfo.getOperationType().equals(OperationType.DELETE)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } } else if (permItemInfo.getOperationType().equals(OperationType.UPDATE)) { IObjectValue objectValue = getObjectValue(serviceContext, objectType); if (objectValue != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectValue); } } else if (permItemInfo.getOperationType().equals(OperationType.READ)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (isIgnoreAndAssigned(serviceContext, permItemInfo)) { PermDebugHelper.logInfo("isIgnoreAndAssigned return without datapermissioncheck"); return; } if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } setMethodService(permItemInfo, serviceContext, userPK, orgPK); } else if (permItemInfo.getOperationType().equals(OperationType.EXECUTE)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } } else if (permItemInfo.getOperationType().equals(OperationType.OTHER)) { IObjectPK objectPK = getObjectPK(serviceContext, objectType); if (objectPK != null) { iPermission.checkDataPermission(userPK, orgPK, permItemInfo.getName(), objectPK); } } } } private void setMethodService(PermItemInfo permItemInfo, IServiceContext serviceContext, IObjectPK userPK, IObjectPK orgPK) throws BOSException, EASBizException { if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission())) { IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext()); String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName()); if (!StringUtils.isEmpty(rule)) { try { EntityViewInfo resultEntityViewInfo = new EntityViewInfo(rule); serviceContext.setServiceResult("PERMISSION_SERVICE", resultEntityViewInfo.getFilter()); logger.info("resultEntityViewInfo is:" + resultEntityViewInfo); serviceContext.getContext().put(getMethodPK(serviceContext), resultEntityViewInfo); } catch (ParserException e) { logger.error(" rule: " + rule, e); throw new PermissionException(PermissionException.CHECK_PERMISSION_FAIL, e); } } } } private String getMethodPK(IServiceContext serviceContext) { String methodNamePK = serviceContext.getOperationPK().getName(); IMetaDataLoader iMetaDataLoader = MetaDataLoaderFactory.getLocalMetaDataLoader(serviceContext.getContext()); BusinessObjectInfo entity = iMetaDataLoader.getBusinessObject(serviceContext.getBoType()); MethodCollection methodCol = entity.getAllMethods(); String methodName = ""; for (int i = 0; i < methodCol.size(); i++) { MethodInfo methodInfo = methodCol.get(i); logger.info("innerId is:" + methodInfo.getInnerID()); if (!methodInfo.getInnerID().equals(methodNamePK)) continue; methodName = methodInfo.getName(); break; } Object[] obj = serviceContext.getOperationParameters(); String pk = ImplUtils.buildPermissionServiceKey(serviceContext.getBoType(), methodName, obj); logger.info(" methodPK is:" + pk); return pk; } private void handleQueryDataPermission(IServiceContext serviceContext, PermItemInfo permItemInfo) throws EASBizException, BOSException { if (!hasFunctionPermission(serviceContext, permItemInfo)) { PermDebugHelper.logInfo("handleQueryDataPermission:has not function permission"); bindPermissionContext(serviceContext, getNoRightRuleInfo(permItemInfo.getName())); } else if ((!StringUtils.isEmpty(permItemInfo.getObjectType())) && (permItemInfo.isEnableDataPermission())) { Context context = serviceContext.getContext(); IObjectPK userPK = context.getCaller(); IObjectPK orgPK = getMainBizOrgPK(serviceContext, permItemInfo); IPermissionServiceProvider provider = PermissionServiceProviderFactory.getLocalInstance(serviceContext.getContext()); String rule = provider.getPermissionRule(userPK, orgPK, permItemInfo.getName()); if (!StringUtils.isEmpty(rule)) { bindPermissionContext(serviceContext, rule); } } } private String getNoRightRuleInfo(String strKey) { return PermissionFilterConfiguration.getList().getFilterString(strKey); } private boolean isIgnoreAndAssigned(IServiceContext serviceContext, PermItemInfo permItemInfo) throws BOSException, EASBizException { String isIgnore = ParamManager.getParamValue(serviceContext.getContext(), null, "IgnoreDataPermForAssignUser"); boolean isIgnoreDataPermForAssignUser = false; if (!StringUtils.isEmpty(isIgnore)) { isIgnoreDataPermForAssignUser = Boolean.valueOf(isIgnore).booleanValue(); } logger.info("####now isIgnoreAndAssigned is :-----:" + isIgnoreDataPermForAssignUser); if (!isIgnoreDataPermForAssignUser) { return false; } logger.info("isIgnoreAndAssigned:permItemInfo" + permItemInfo.getName()); logger.info("isIgnoreAndAssigned:permItemInfo.getOperationType():" + permItemInfo.getOperationType()); if (permItemInfo.getOperationType().equals(OperationType.READ)) { BOSObjectType objectTYpe = BOSObjectType.create(permItemInfo.getObjectType()); IObjectPK objectPK = getObjectPK(serviceContext, objectTYpe); String objectPKString = StringUtils.cnulls(objectPK); logger.info("isIgnoreAndAssigned:objectPKString:" + objectPKString); if (StringUtils.isEmpty(objectPKString)) { Object[] params = serviceContext.getOperationParameters(); if (params.length == 2) { String idString = null; if (params[1] != null) { idString = params[1].toString(); } if ((idString != null) && (idString.indexOf("'") > 0) && (idString.indexOf("'") < idString.lastIndexOf("'"))) { objectPKString = idString.substring(idString.indexOf("'") + 1, idString.lastIndexOf("'")); } if (!BOSUuid.isValid(objectPKString, true)) { objectPKString = ""; } } } if (!StringUtils.isEmpty(objectPKString)) { IAssign iAssign = AssignFactory.getLocalInstance(serviceContext.getContext()); IObjectPK userPK = serviceContext.getContext().getCaller(); logger.info("isIgnoreAndAssigned:userPK:" + userPK + " ,objectPKString:" + objectPKString); try { FilterInfo filter1 = new FilterInfo("personUserID = '" + userPK.toString() + "'"); filter2 = new FilterInfo("bizObjID = '" + objectPKString + "'"); } catch (ParserException e) { FilterInfo filter2; throw new BOSException(e); } FilterInfo filter2; FilterInfo filter1; filter1.mergeFilter(filter2, "and"); IObjectPK[] pks = iAssign.getPKList(filter1, null); if ((pks != null) && (pks.length > 0)) { return true; } } } return false; } private void handleWithEnableDataPermision(IServiceContext serviceContext, String permItemName) throws EASBizException, BOSException { PermItemInfo permItemInfo = PermissionCacheFactory.getPermItemCache(serviceContext.getContext()).getPermItem(serviceContext.getContext(), permItemName); if ((isFacadeObject(serviceContext)) || (isEntityObject(serviceContext))) { PermDebugHelper.logInfo("handleWithEnableDataPermision:is facade or entity object"); handleMethodDataPermission(serviceContext, permItemInfo); } else if (isQueryObject(serviceContext)) { PermDebugHelper.logInfo("handleWithEnableDataPermision:is query object"); MutiOrgPermissionServiceAdapter adapter = new MutiOrgPermissionServiceAdapter(); if (adapter.isMutiOrgPerm(serviceContext)) { PermDebugHelper.logInfo("handleWithEnableDataPermision:is multi org Perm"); adapter.handleQueryDataPermission(serviceContext, permItemInfo); } else { PermDebugHelper.logInfo("handleWithEnableDataPermision:is single org perm"); handleQueryDataPermission(serviceContext, permItemInfo); } } } private IObjectPK getObjectPK(IServiceContext serviceContext, BOSObjectType objectType) { IObjectPK objectPK = PermissionServiceAdapterHelper.getObjectPK(serviceContext, objectType); if (objectPK == null) { PermDebugHelper.logInfo("objectPK is null,will not check dataPermission"); } return objectPK; } private IObjectValue getObjectValue(IServiceContext serviceContext, BOSObjectType objectType) { IObjectValue objectValue = PermissionServiceAdapterHelper.getObjectValue(serviceContext, objectType); if (objectValue == null) { PermDebugHelper.logInfo("objectValueNullLog is null,will not check dataPermission"); } return objectValue; } }