View Javadoc
1   /**
2    * 
3    */
4   package gboat2.web.service.impl;
5   
6   import gboat2.base.bridge.GboatAppContext;
7   import gboat2.base.bridge.model.NaviResource;
8   import gboat2.base.bridge.model.Priority;
9   import gboat2.base.bridge.model.Resource;
10  import gboat2.base.bridge.model.UserSession;
11  import gboat2.base.core.cache.ICacheService;
12  import gboat2.base.core.logging.IBusinessLogService;
13  import gboat2.base.core.logging.Level;
14  import gboat2.base.core.model.Opera;
15  import gboat2.base.core.service.IModuleService;
16  import gboat2.web.Constants;
17  import gboat2.web.business.IAuthorityBusiness;
18  import gboat2.web.business.IDataLevelBusiness;
19  import gboat2.web.business.IShortcutBusiness;
20  import gboat2.web.business.ISystemConfigBusiness;
21  import gboat2.web.business.IUserBusiness;
22  import gboat2.web.model.AuthorityDataLevelResourceVO;
23  import gboat2.web.model.AuthorityOperationResourceVO;
24  import gboat2.web.model.AuthorityResourceVO;
25  import gboat2.web.model.DataLevel;
26  import gboat2.web.model.Group;
27  import gboat2.web.model.Role;
28  import gboat2.web.model.SystemConfig;
29  import gboat2.web.model.User;
30  import gboat2.web.model.UserGroupOrganMapper;
31  import gboat2.web.service.ISessionService;
32  import gboat2.web.service.PrivilegeException;
33  
34  import java.util.ArrayList;
35  import java.util.HashMap;
36  import java.util.Iterator;
37  import java.util.LinkedList;
38  import java.util.List;
39  import java.util.Map;
40  import java.util.Set;
41  
42  import javax.servlet.http.HttpServletRequest;
43  
44  import org.apache.commons.lang3.StringUtils;
45  import org.springframework.beans.factory.annotation.Autowired;
46  
47  /**
48   * @author zhaop
49   * 
50   */
51  public class SessionServiceImpl implements ISessionService {
52  
53  	@Autowired
54  	private IUserBusiness userService;
55  
56  	@Autowired
57  	private IAuthorityBusiness authorityService;
58  
59  	@Autowired
60  	private IModuleService moduleService;
61  
62  	@Autowired
63  	private IBusinessLogService loggerService;
64  
65  	@Autowired
66  	private ICacheService cacheSer;
67  
68  	@Autowired
69  	private IDataLevelBusiness dataLevelService;
70  	
71  	@Autowired
72  	private ISystemConfigBusiness systemService;
73  
74  	/** 快捷图标服务*/
75  	@Autowired
76  	private IShortcutBusiness shortcutService;
77  	
78  	/*
79  	 * (non-Javadoc)
80  	 * 
81  	 * @see gboat2.web.service.ISessionService#getGroupByCode(java.lang.String)
82  	 */
83  	@Override
84  	public Group getGroupByCode(String groupCode) {
85  
86  		return null;
87  	}
88  
89  	/*
90  	 * (non-Javadoc)
91  	 * 
92  	 * @see gboat2.web.service.ISessionService#getRoleByCode(java.lang.String)
93  	 */
94  	@Override
95  	public Role getRoleByCode(String roleCode) {
96  		// TODO Auto-generated method stub
97  		return null;
98  	}
99  
100 	/** 
101 	  * {@inheritDoc}   
102 	  * @see gboat2.web.service.ISessionService#getDeniedPriority(javax.servlet.http.HttpServletRequest) 
103 	  */
104 	public Map<String, List<String>> getDeniedPriority(HttpServletRequest request) {
105 		UserSession session = GboatAppContext.getUserSession();
106 		if (null == session || null == session.getPriority()) {
107 			return null;
108 		}
109 		Set<String> actionNames = session.getPriority().getPriorityActionNames();
110 		if (null == actionNames) {
111 			return null;
112 		}
113 
114 		Map<String, List<String>> deniedPriority = new HashMap<String, List<String>>();
115 		for (String actionName : actionNames) {
116 			List<String> operaCodes = getAnnotatedOperasByAction(actionName);
117 			if (null != operaCodes) {
118 				List<String> deniedCodes = new ArrayList<String>(operaCodes.size());
119 				for (String code : operaCodes) {
120 					if (!session.havePriority(new Resource(actionName, code))) {//如果无权限,则加入禁止列表
121 						deniedCodes.add(code);
122 					}
123 				}
124 				deniedPriority.put(actionName, deniedCodes);
125 			}
126 		}
127 
128 		return deniedPriority;
129 	}
130 
131 	private List<String> getAnnotatedOperasByAction(String actionName) {
132 		List<String> tmpMethods = new ArrayList<String>();
133 		List<Opera> tmpOperaList = moduleService.getOperaByAction(actionName);
134 		if (null != tmpOperaList) {
135 			for (Opera opera : tmpOperaList) {
136 				tmpMethods.add(opera.getCode());
137 			}
138 		}
139 		return tmpMethods;
140 	}
141 
142 	/*
143 	 * (non-Javadoc)
144 	 * 
145 	 * @see gboat2.web.service.ISessionService#login(java.lang.String,
146 	 * java.lang.String)
147 	 */
148 	@Override
149 	public UserSession login(String loginId, String passwd) {
150 		// TODO Auto-generated method stub
151 		return null;
152 	}
153 
154 	/*
155 	 * (non-Javadoc)
156 	 * 
157 	 * @see gboat2.web.service.ISessionService#login(java.lang.String,
158 	 * java.lang.String, java.lang.String)
159 	 */
160 	@Override
161 	public UserSession login(String userId, String groupId, String roleId, String systemId) throws PrivilegeException {
162 		User user = (User) userService.get(User.class, userId);
163 		UserSession userSession = null;
164 		if (user != null) {
165 			List<UserGroupOrganMapper> statusList = userService.getURGOMapperByUserId(user.getUserId());
166 			UserGroupOrganMapper status = null;
167 			for (UserGroupOrganMapper m : statusList) {
168 				if (groupId.equals(m.getGroupId()) && roleId.equals(m.getRoleId())) {
169 					status = m;
170 					break;
171 				}
172 			}
173 			if (user != null && status != null) {
174 				/**修改成获取全部系统角色权限的方式 2014-05-25**/
175 				//userSession = login(user, status, systemId);
176 				userSession = login(user, status);
177 			} else {
178 				throw new PrivilegeException("无法获取到用户的有效身份!");
179 			}
180 		} else {
181 			throw new PrivilegeException("用户不存在!");
182 		}
183 		return userSession;
184 	}
185 
186 	/*
187 	 * (non-Javadoc)
188 	 * 
189 	 * @see gboat2.web.service.ISessionService#login(gboat2.web.model.User,
190 	 * gboat2.web.model.UserGroupOrganMapper)
191 	 */
192 	@Override
193 	public UserSession login(User user, UserGroupOrganMapper status, String systemId) throws PrivilegeException {
194 		UserSession userSession = new UserSession();
195 		userSession.setUserId(user.getUserId());
196 		userSession.setSystemId(systemId);
197 		userSession.setLoginId(user.getLoginId());
198 		userSession.setUserNameZh(user.getUserNameZh());
199 		userSession.setUserNameEn(user.getUserNameEn());
200 		userSession.setOrganId(status.getOrganId());
201 		userSession.setOrganType(status.getOrganType());
202 		Group group = (Group) userService.get(Group.class, status.getGroupId());
203 		//userSession.setGroup(group);
204 		//userSession.setRole((Role) userService.get(Role.class, status.getRoleId()));
205 		userSession.setGroupCode(group.getGroupCode());
206 		userSession.setRoleCode(((Role) userService.get(Role.class, status.getRoleId())).getRoleCode());
207 		// userSession.setRoleId(status.getRoleId());
208 
209 		String authForId = status.getGroupId() + "." + status.getRoleId() + "." + status.getUserId();
210 		boolean UserCustomize = authorityService.isAuthorityCustomize(authForId, systemId);
211 		Priority prioity = null;
212 		Map<String, DataLevel> allDataLevel = new HashMap<String, DataLevel>();
213 		//获取数据权限
214 		Map<String, String> dataLevel = this.fetchDataLevelPriority(status.getGroupId(), status.getRoleId(), systemId);
215 		List<DataLevel> dataLevels = dataLevelService.findAllDataLevel();
216 		for (DataLevel item : dataLevels) {
217 			allDataLevel.put(item.getLevelId(), item);
218 		}
219 
220 		if (UserCustomize) {//用户是否定制过权限
221 			prioity = buildPriority(systemId, group, authForId, dataLevel);
222 			userSession.setPriority(prioity);
223 		} else {
224 			//缓存权限
225 			String cacheKey = status.getGroupId() + "." + status.getRoleId() + "-" + systemId;
226 			prioity = (Priority) this.cacheSer.get(Constants.PRIORITY_CACHE_CATALOG, cacheKey);
227 			if (null == prioity) {
228 				authForId = this.computeAuthForId(status.getGroupId(), status.getRoleId(), systemId);
229 				prioity = buildPriority(systemId, group, authForId, dataLevel);
230 				// 缓存
231 				// 需要在【设置权限】和【设置数据级别】的时候清空缓存
232 				this.cacheSer.put(Constants.PRIORITY_CACHE_CATALOG, cacheKey, prioity);
233 			}
234 			userSession.setPriority(prioity);
235 		}
236 
237 		loggerService.log(Level.DEBUG, "用户登录", "用户登录 : " + user.getUserNameZh());
238 
239 		return userSession;
240 	}
241 	
242 	public UserSession login(User user, UserGroupOrganMapper status) throws PrivilegeException{
243 		UserSession userSession = new UserSession();
244 		userSession.setUserId(user.getUserId());
245 		userSession.setLoginId(user.getLoginId());
246 		userSession.setUserNameZh(user.getUserNameZh());
247 		userSession.setUserNameEn(user.getUserNameEn());
248 		userSession.setOrganId(status.getOrganId());
249 		userSession.setOrganType(status.getOrganType());
250 		Group group = (Group) userService.get(Group.class, status.getGroupId());
251 		userSession.setGroupCode(group.getGroupCode());
252 		userSession.setRoleCode(((Role) userService.get(Role.class, status.getRoleId())).getRoleCode());
253 		// userSession.setRoleId(status.getRoleId());
254 
255 		List<SystemConfig> systems = systemService.getAllSystemConfig();
256 		
257 		String systemId;
258 		Priority allPriority = new Priority(group.getDefaultDataLevel());
259 		boolean havePriority = false;
260 		for(SystemConfig system : systems){
261 			try{
262 				systemId = system.getSystemId();
263 				String authForId = status.getGroupId() + "." + status.getRoleId() + "." + status.getUserId();
264 				boolean UserCustomize = authorityService.isAuthorityCustomize(authForId, systemId);
265 				Priority priority = null;
266 				Map<String, DataLevel> allDataLevel = new HashMap<String, DataLevel>();
267 				//获取数据权限
268 				Map<String, String> dataLevel = this.fetchDataLevelPriority(status.getGroupId(), status.getRoleId(), systemId);
269 				List<DataLevel> dataLevels = dataLevelService.findAllDataLevel();
270 				for (DataLevel item : dataLevels) {
271 					allDataLevel.put(item.getLevelId(), item);
272 				}
273 		
274 				if (UserCustomize) {//用户是否定制过权限
275 					priority = buildPriority(systemId, group, authForId, dataLevel);
276 					userSession.setPriority(priority);
277 				} else {
278 					//缓存权限
279 					String cacheKey = status.getGroupId() + "." + status.getRoleId() + "-" + systemId;
280 					priority = (Priority) this.cacheSer.get(Constants.PRIORITY_CACHE_CATALOG, cacheKey);
281 					if (null == priority) {
282 						authForId = this.computeAuthForId(status.getGroupId(), status.getRoleId(), systemId);
283 						priority = buildPriority(systemId, group, authForId, dataLevel);
284 						// 缓存
285 						// 需要在【设置权限】和【设置数据级别】的时候清空缓存
286 						if (null != priority) {
287 							this.cacheSer.put(Constants.PRIORITY_CACHE_CATALOG, cacheKey, priority);
288 						}
289 					}
290 				}
291 				if (null != priority) {
292 					allPriority.appendPriority(priority);
293 					havePriority = true;
294 				}
295 			} catch(Exception e){
296 				//ignore here,adjust after all checked
297 				System.out.println("权限异常:"+e.getMessage());
298 			}
299 		}
300 		
301 		if(!havePriority){
302 			throw new PrivilegeException("没有当前系统的任何模块权限!");
303 		}
304 
305 		userSession.setPriority(allPriority);
306 		loggerService.log(Level.DEBUG, "用户登录", "用户登录 : " + user.getUserNameZh());
307 
308 		return userSession;
309 	}
310 
311 	/**
312 	 * 工具权限对象
313 	 * @param systemId
314 	 * @param group
315 	 * @param authForId
316 	 * @param dataLevel
317 	 * @return
318 	 * @throws PrivilegeException
319 	 */
320 	private Priority buildPriority(String systemId, Group group, String authForId, Map<String, String> dataLevel) {
321 		Priority prioity;
322 		prioity = new Priority(group.getDefaultDataLevel());
323 		//设置操作权限
324 		List<AuthorityOperationResourceVO> aORlist = authorityService.getAuthorityOperationResource(authForId, systemId);
325 		if (null != aORlist && aORlist.size() > 0) {
326 			//记录全操作权限的Action类,当出现对同Action的单方法权限控制时,移除全操作权限
327 			List<String> addedAllActions = new LinkedList<String>();
328 			for (AuthorityOperationResourceVO vo : aORlist) {
329 				if (StringUtils.isEmpty(vo.getOperationCode())) {
330 					prioity.addAllOperationPriorityOf(vo.getActionClass());
331 					addedAllActions.add(vo.getActionClass());
332 				} else {
333 					prioity.addOperationPriority(vo.getActionClass(), vo.getOperationCode());
334 					if(addedAllActions.contains(vo.getActionClass())){
335 						prioity.removeAllOperationProrityOf(vo.getActionClass());
336 						addedAllActions.remove(vo.getActionClass());
337 					}
338 				}
339 			}
340 		} else {
341 			// ignore 
342 			//throw new PrivilegeException("没有当前系统的任何模块权限!");
343 			return null;
344 		}
345 
346 		//设置数据权限
347 		if (null != dataLevel) {
348 			for (Map.Entry<String, String> entry : dataLevel.entrySet()) {
349 				String levelId = entry.getValue();
350 				DataLevel level = (DataLevel) dataLevelService.get(DataLevel.class, levelId);
351 				prioity.addDataPriority(entry.getKey(), level.getLevelCode());
352 			}
353 		}
354 		return prioity;
355 	}
356 
357 	@Override
358 	public String computeAuthForId(String groupId, String roleId, String systemId) {
359 		List<AuthorityResourceVO> groupRoleAuthority = authorityService.getAuthorityByStatus(groupId + "." + roleId, systemId);
360 		if (groupRoleAuthority.size() == 0) {
361 			return roleId;
362 		} else {
363 			return groupId + "." + roleId;
364 		}
365 	}
366 
367 	/**
368 	 * 获取DataLevelPriority
369 	 * 
370 	 * @param groupId 用户组id
371 	 * @param roleId 角色id
372 	 * @return 数据级别
373 	 */
374 	private Map<String, String> fetchDataLevelPriority(String groupId, String roleId, String systemId) {
375 		List<AuthorityDataLevelResourceVO> dataLevelPriority = authorityService.getAuthorityDataLevelResource(groupId, roleId, systemId);
376 		Map<String, String> dataLevel = new HashMap<String, String>();
377 		if (null != dataLevelPriority) {
378 			for (AuthorityDataLevelResourceVO vo : dataLevelPriority) {
379 				dataLevel.put(vo.getActionClass(), vo.getDataLevel());
380 			}
381 		}
382 		return dataLevel;
383 	}
384 
385 	/* (non-Javadoc)
386 	 * @see gboat2.web.service.ISessionService#loadNavigationMenuToSession(gboat2.base.bridge.model.UserSession, gboat2.web.model.UserGroupOrganMapper)
387 	 */
388 	@Override
389 	public UserSession loadNavigationMenuToSession(UserSession userSession, UserGroupOrganMapper mapper) {
390 		String authForId = mapper.getGroupId() + "." + mapper.getRoleId();
391 		if(authorityService.isAuthorityCustomize(authForId + "."+userSession.getUserId(),userSession.getSystemId())){//用户定制
392 			authForId = authForId + "."+userSession.getUserId();
393 		}
394 		String systemIdtemp = userSession.getSystemId();
395 		gboat2.web.model.Resource root = shortcutService.findResourceTreeForRoleOfGroup(authForId,systemIdtemp);
396 		NaviResource navi = new NaviResource();
397 		userSession.setAttribute(UserSession.NAVIGATION_MENU, covertToNaviResource(navi,root));
398 		return userSession;
399 	}
400 	
401 	private NaviResource covertToNaviResource(NaviResource navi, gboat2.web.model.Resource resource){
402 		NaviResource naviResource = covertNaviResource(resource);
403 		navi.addChild(naviResource);
404 		if(resource.getChildren() != null && resource.getChildren().size()>0){
405 			Iterator<gboat2.web.model.Resource> iterator = resource.getChildren().iterator();
406 			while(iterator.hasNext()){
407 				covertToNaviResource(naviResource, iterator.next());
408 			}
409 		}
410 		return navi;
411 	}
412 	
413 	private NaviResource covertNaviResource(gboat2.web.model.Resource resource){
414 		NaviResource navi = new NaviResource();
415 		navi.setResId(resource.getResId());
416 		navi.setResName(resource.getResName());
417 		navi.setResUrl(resource.getResUrl());
418 		navi.setSystemId(resource.getSystemId());
419 		navi.setType(resource.getType());
420 		navi.setLeaf(resource.getLeaf());
421 		navi.setMainMenu(resource.getMainMenu());
422 		navi.setResCode(resource.getResCode());
423 		return navi;
424 	}
425 }