query功能中表操作权限问题

XilongPei / Openparts

MIT License

3 stars 1 forks source link

query功能中表操作权限问题 #43

Open XilongPei opened 6 years ago

XilongPei commented 6 years ago

不是所有用户都可以对表进行增删改查，要可以根据用户角色Role设置权限。

XilongPei commented 6 years ago

add class FunctionRightsUtil commit: https://github.com/XilongPei/Openparts/commit/ff46b338d251a874f6ace18b4acf6d3947aabb91

XilongPei commented 6 years ago

应该在SystemFilter中统一处理功能权限审计问题。 /query这样的请求，query_id不放在JSON对象中，必须做为参数单独传，否则无法对其统一做审计。

XilongPei commented 6 years ago

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) 
    //默认用户拥有所有权限
    Set<String> functionCodes=functionService.getAllFunctionCode();
   /* Set<String> functionCodes=functionService.getFunctionCodeSet(roleCodes);*/

XilongPei commented 6 years ago

add rolesCanAccess attribute for query, default is null commit: https://github.com/XilongPei/Openparts/commit/8ddaa8d6b10ad5a88e12613b7cc60b15b44b78ed

XilongPei commented 6 years ago

response timeout if no data has been loaded commit: https://github.com/XilongPei/Openparts/commit/7466554b122f93d847c861fa22568e73f07fc4e8

最好是前后端约定一下，如果用户没有对数据的操作权限，这时给个合适的提示，而不是简单地timeout掉。

XilongPei commented 6 years ago

response more information when LoadData(execute query) meet error commit: https://github.com/XilongPei/Openparts/commit/fb576a833b30b246643f0a625fae421efb9fdfca