owl-cli 6.102.0 → 6.104.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/.eslintrc.json +2 -2
  2. package/.vscode/launch.json +22 -22
  3. package/.vscode/settings.json +2 -2
  4. package/bin/createTables.js +94 -94
  5. package/bin/deploy.js +66 -66
  6. package/bin/dsl.js +223 -223
  7. package/bin/genEvents.js +188 -188
  8. package/bin/owl-init.js +50 -50
  9. package/bin/owl.js +295 -295
  10. package/bin/owlconfig.json +16 -16
  11. package/bin/table_mysql.js +189 -189
  12. package/bin/undeploy.js +56 -56
  13. package/defaultTemplate/api/build.xml +94 -94
  14. package/defaultTemplate/api/src/about.html +12 -12
  15. package/defaultTemplate/api/src/about.jsx +11 -11
  16. package/defaultTemplate/api/src/handlers/aggs.jsx +161 -161
  17. package/defaultTemplate/api/src/handlers/batchImport.jsx +68 -68
  18. package/defaultTemplate/api/src/handlers/delete.jsx +67 -67
  19. package/defaultTemplate/api/src/handlers/export.jsx +117 -117
  20. package/defaultTemplate/api/src/handlers/exportDoc.jsx +27 -27
  21. package/defaultTemplate/api/src/handlers/exportEx.jsx +77 -77
  22. package/defaultTemplate/api/src/handlers/exportWithTemplates.jsx +50 -50
  23. package/defaultTemplate/api/src/handlers/exportZip.jsx +26 -26
  24. package/defaultTemplate/api/src/handlers/get.jsx +41 -41
  25. package/defaultTemplate/api/src/handlers/getChildren.jsx +97 -97
  26. package/defaultTemplate/api/src/handlers/getExportTaskInfo.jsx +34 -34
  27. package/defaultTemplate/api/src/handlers/getSpec.jsx +40 -40
  28. package/defaultTemplate/api/src/handlers/include/checklogin.jsx +751 -751
  29. package/defaultTemplate/api/src/handlers/include/diff.jsx +315 -315
  30. package/defaultTemplate/api/src/handlers/include/util.jsx +60 -60
  31. package/defaultTemplate/api/src/handlers/list.jsx +239 -239
  32. package/defaultTemplate/api/src/handlers/reIndex.jsx +63 -63
  33. package/defaultTemplate/api/src/handlers/recovery.jsx +53 -53
  34. package/defaultTemplate/api/src/handlers/save.jsx +125 -110
  35. package/defaultTemplate/api/src/handlers/upload.jsx +72 -72
  36. package/defaultTemplate/api/src/init/indexConfigs/changeMapping.json +14 -14
  37. package/defaultTemplate/api/src/init/indexConfigs/createAliase.json +10 -10
  38. package/defaultTemplate/api/src/init/indexConfigs/createIndex.json +55 -55
  39. package/defaultTemplate/api/src/init/indexConfigs/rebuildIndex.sh +27 -27
  40. package/defaultTemplate/api/src/init/indexConfigs/reindex.json +10 -10
  41. package/defaultTemplate/api/src/init/init.jsx +25 -25
  42. package/defaultTemplate/api/src/meta.json +10 -10
  43. package/defaultTemplate/api/src/services/dblayer.jsx +251 -251
  44. package/defaultTemplate/api/src/services/modelService.jsx +1163 -1163
  45. package/defaultTemplate/api/src/services/sqlstring.jsx +240 -240
  46. package/defaultTemplate/api/src/tasks/export.jsx +355 -355
  47. package/defaultTemplate/api/src/tasks/exportDoc.jsx +87 -87
  48. package/defaultTemplate/api/src/tasks/exportExTask.jsx +325 -325
  49. package/defaultTemplate/api/src/tasks/exportWithTemplateTask.jsx +117 -117
  50. package/defaultTemplate/api/src/tasks/exportZip.jsx +49 -49
  51. package/examples/buildProperties/build.properties +2 -2
  52. package/examples/gitignore/gitignore_example.txt +1 -1
  53. package/examples/models/product.json +52 -52
  54. package/examples/models/shop.json +71 -71
  55. package/examples/models/sku.json +254 -254
  56. package/examples/models/user.json +49 -49
  57. package/examples/owlconfig.json +13 -13
  58. package/package.json +33 -33
  59. package/todo.txt +4 -4
package/defaultTemplate/api/src/handlers/include/checklogin.jsx CHANGED
@@ -1,751 +1,751 @@
1
- //#import session.js
2
- //#import $owl_backend_session:services/modelService.jsx
3
- //#import $owlPermission:services/permissionService.jsx
4
- //#import $owl_orgs:services/modelService.jsx
5
- //#import $owl_permission:services/modelService.jsx
6
- //#import $owl_mall_u:services/modelService.jsx
7
-
8
- function getParentOrgIds(orgId) {
9
- if (orgId == '0') {
10
- return ['0'];
11
- }
12
-
13
- var org = owl_orgsService.get(orgId);
14
- if (org) {
15
- return org.parentPathIds;
16
- }
17
- return [orgId];
18
- }
19
-
20
- function checklogin() {
21
- var magic = $.getSystemProperty("magic");
22
- var magicParams = $.params.ma;
23
- var m = '0';//默认是 平台
24
- if (magic === magicParams) {
25
- //代表是内部操作
26
- var user = {
27
- uid: 'internal',
28
- loginId: "internal",
29
- name: "系统内部访问",
30
- allowed_appIds: ["*"]
31
- }
32
-
33
- var env = {
34
- now: new Date().getTime(),
35
- loginUserId: 'internal',
36
- loginId: 'internal',
37
- loginUser:user,
38
- shopId: m,
39
- warehouseId: "",
40
- roleId: 'internal',
41
- orgId: 'internal',
42
- orgIds: 'internal',
43
- m: m
44
- }
45
- return env;
46
-
47
- } else {
48
- var isid = SessionService.getSessionId(request);
49
- var now = new Date().getTime();
50
- var sessionId = 'owl_backend_session_' + isid;
51
- var session = owl_backend_sessionService.get(sessionId);
52
- if (session && session.lastModified > now - 7 * 24 * 3600 * 1000) {
53
- var loginUserId = session.userId
54
- var roleId = session.roleId;
55
- var orgId = session.orgId;
56
- var orgIds = [orgId].concat(getParentOrgIds(orgId));
57
- if (loginUserId) {
58
- var loginUser = owl_mall_uService.get(loginUserId);
59
- var env = {
60
- now: new Date().getTime(),
61
- loginUserId: loginUserId,
62
- loginId: loginUserId,
63
- loginUser:loginUser,
64
- shopId: m,
65
- warehouseId: "",
66
- roleId: roleId,
67
- orgId: orgId,
68
- orgIds: orgIds,
69
- m: m
70
- }
71
- return env;
72
- } else {
73
- var ret = {
74
- state: 'err',
75
- code: 'no login',
76
- msg: "not login!"
77
- }
78
- out.print(JSON.stringify(ret));
79
- return null;
80
- }
81
- } else {
82
- var ret = {
83
- state: 'err',
84
- code: 'no login',
85
- msg: "not login!"
86
- }
87
- out.print(JSON.stringify(ret));
88
- return null;
89
- }
90
- }
91
- }
92
-
93
- function getPermissions(roleId, tableId) {
94
- var searchArgs = {
95
- roleId: roleId,
96
- tables:{
97
- type:"or",
98
- args:[
99
- { tableId: tableId},
100
- { tableId: "*"}
101
- ]
102
- }
103
- }
104
- var sr = owl_permissionService.search("0", searchArgs, null, 0, 10000, null);
105
- if (sr.state === 'ok') {
106
- return sr.list;
107
- }
108
- return [];
109
- }
110
-
111
- function expandTablePermission(permissions) {
112
- // $.log("expandTablePermission,permissions=" + JSON.stringify(per?missions))
113
- var same_org = {};
114
-
115
- var sub_org = { };
116
-
117
- for (var i = 0; i < permissions.length; i++) {
118
- var p = permissions[i];
119
- if(same_org.read!='denied' && p.permission_same_org && p.permission_same_org.read){
120
- same_org.read = p.permission_same_org.read;
121
- }
122
- if(same_org.update!='denied' && p.permission_same_org && p.permission_same_org.update){
123
- same_org.update = p.permission_same_org.update;
124
- }
125
- if(same_org.del!='denied' && p.permission_same_org && p.permission_same_org.del){
126
- same_org.del = p.permission_same_org.del;
127
- }
128
- if(same_org.add!='denied' && p.permission_same_org && p.permission_same_org.add){
129
- same_org.add = p.permission_same_org.add;
130
- }
131
- if(same_org.list!='denied' && p.permission_same_org && p.permission_same_org.list){
132
- same_org.list = p.permission_same_org.add;
133
- }
134
- if(same_org.listall!='denied' && p.permission_same_org && p.permission_same_org.listall){
135
- same_org.listall = p.permission_same_org.listall;
136
- }
137
-
138
- if(sub_org.read!='denied' && p.permission_sub_org && p.permission_sub_org.read){
139
- sub_org.read = p.permission_sub_org.read;
140
- }
141
- if(sub_org.update!='denied' && p.permission_sub_org && p.permission_sub_org.update){
142
- sub_org.update = p.permission_sub_org.update;
143
- }
144
- if(sub_org.del!='denied' && p.permission_sub_org && p.permission_sub_org.del){
145
- same_org.del = p.permission_sub_org.del;
146
- }
147
- if(sub_org.add!='denied' && p.permission_sub_org && p.permission_sub_org.add){
148
- sub_org.add = p.permission_sub_org.add;
149
- }
150
- if(sub_org.list!='denied' && p.permission_sub_org && p.permission_sub_org.list){
151
- sub_org.list = p.permission_sub_org.list;
152
- }
153
- if(sub_org.listall!='denied' && p.permission_sub_org && p.permission_sub_org.listall){
154
- sub_org.listall = p.permission_sub_org.listall;
155
- }
156
- }
157
-
158
- return {
159
- same_org:same_org,
160
- sub_org:sub_org
161
- }
162
-
163
- }
164
-
165
- function expandSectionPermission(permissions) {
166
- var same_org = {
167
- "*": "allowed"
168
- };
169
- var sub_org = {
170
- "*": "allowed"
171
- };
172
-
173
- for (var i = 0; i < permissions.length; i++) {
174
- var p = permissions[i];
175
- var sections_same_org = p.sections_same_org;
176
- var sections_sub_org = p.sections_sub_org;
177
- if (sections_same_org) {
178
- for (var j = 0; j < sections_same_org.length; j++) {
179
- var sec = sections_same_org[j];
180
- if (sec.sectionKey) {
181
- same_org[sec.sectionKey] = sec;
182
- }
183
- }
184
- }
185
- if (sections_sub_org) {
186
- for (var j = 0; j < sections_sub_org.length; j++) {
187
- var sec = sections_sub_org[j];
188
- if (sec.sectionKey) {
189
- sub_org[sec.sectionKey] = sec;
190
- }
191
- }
192
- }
193
- }
194
-
195
- return {
196
- same_org: same_org,
197
- sub_org: sub_org
198
- }
199
- }
200
-
201
- function expandFieldPermission(permissions) {
202
- var same_org = {
203
- "*": {read: "allowed"}
204
- }
205
- var sub_org = {
206
- "*": {read: "allowed"}
207
- }
208
- for (var i = 0; i < permissions.length; i++) {
209
- var p = permissions[i];
210
- if (p.fields_same_org) {
211
- for (var j = 0; j < p.fields_same_org.length; j++) {
212
- var f = p.fields_same_org[j];
213
- var fieldKey = f.fieldKey;
214
- if (f.sectionKey && f.sectionKey != 'main') {
215
- fieldKey = f.sectionKey + "." + f.fieldKey;
216
- }
217
- same_org[fieldKey] = f;
218
- }
219
- }
220
- if (p.fields_sub_org) {
221
- for (var j = 0; j < p.fields_sub_org.length; j++) {
222
- var f = p.fields_sub_org[j];
223
- var fieldKey = f.fieldKey;
224
- if (f.sectionKey && f.sectionKey != 'main') {
225
- fieldKey = f.sectionKey + "." + f.fieldKey;
226
- }
227
- sub_org[fieldKey] = f;
228
- }
229
- }
230
- }
231
- return {
232
- same_org: same_org,
233
- sub_org: sub_org
234
- }
235
- }
236
-
237
- function checkObject(obj, ef_field_permissions, parentKey,action){
238
- for(var k in obj){
239
- var ek = parentKey + "." + k;
240
- if(ef_field_permissions && ef_field_permissions[ek] && ef_field_permissions[ek][action]==='denied'){
241
- throw "没有"+action + "权限,ek=" + ek;
242
- }
243
-
244
- }
245
- }
246
-
247
- function checkPermission(data, permissions, orgId, action) {
248
- var section_permissions = expandSectionPermission(permissions);
249
- var field_permissions = expandFieldPermission(permissions);
250
- var table_permissions = expandTablePermission(permissions);
251
-
252
- var ef_section_permissions = null;
253
- var ef_field_permissions = null;
254
- var ef_table_permissions = null;
255
- if (data._orgId === orgId) {
256
- ef_section_permissions = section_permissions.same_org;
257
- ef_field_permissions = field_permissions.same_org;
258
- ef_table_permissions = table_permissions.same_org;
259
- } else {
260
- ef_section_permissions = section_permissions.sub_org;
261
- ef_field_permissions = field_permissions.sub_org;
262
- ef_table_permissions = field_permissions.sub_org;
263
-
264
- }
265
-
266
- var valid_fields = ['_orgId', '_orgIds', "_v", "del"];
267
- if(ef_table_permissions.add === 'denied'){
268
- throw "表没有添加记录权限。"
269
- }
270
- //检查section_permission
271
- for (var k in data) {
272
- if(valid_fields.indexOf(k)>-1){
273
- continue;
274
- }
275
- var v = data[k];
276
- //if v is section
277
- if (typeof v === 'object') {
278
- //ef_field_permissions
279
- if (ef_section_permissions && ef_section_permissions[k] && ef_section_permissions[k][action] === 'denied') {
280
- throw "section没有" + action + "权限,sectionKey=" + k
281
- }
282
- if(Array.isArray(v)){
283
- for(var i=0; i<v.length; i++){
284
- var r = v[i];
285
- checkObject(r,ef_field_permissions,k,action);
286
- }
287
- }
288
- else{
289
- checkObject(v,ef_field_permissions,k,action);
290
- }
291
- }
292
- else {
293
- if(ef_section_permissions && ef_section_permissions[k] && ef_field_permissions[k].add === 'denied'){
294
- throw "字段没有" + action + "权限, key=" + k
295
- }
296
- }
297
-
298
- }
299
- }
300
-
301
- function checkUpdatePermission(data,diffresult,permissions,orgId){
302
- var section_permissions = expandSectionPermission(permissions);
303
- var field_permissions = expandFieldPermission(permissions);
304
- var table_permissions = expandTablePermission(permissions);
305
-
306
- var ef_section_permissions = null;
307
- var ef_field_permissions = null;
308
- var ef_table_permissions = null;
309
- if (data._orgId === orgId) {
310
- ef_section_permissions = section_permissions.same_org;
311
- ef_field_permissions = field_permissions.same_org;
312
- ef_table_permissions = table_permissions.same_org;
313
- } else {
314
- ef_section_permissions = section_permissions.sub_org;
315
- ef_field_permissions = field_permissions.sub_org;
316
- ef_table_permissions = table_permissions.sub_org;
317
- }
318
-
319
- // $.log("ef_table_permissions=" + JSON.stringify(ef_table_permissions))
320
- if(ef_table_permissions.update === 'denied'){
321
- throw "没有修改的权限。"
322
- }
323
- if(diffresult && diffresult.length>0){
324
- for(var i=0; i<diffresult.length; i++){
325
- var r = diffresult[i];
326
- var pk = "main";
327
- if(r.parentKey && r.parentKey.length>0){
328
- pk = r.parentKey.substring(1);
329
- if(ef_section_permissions[pk] && ef_section_permissions[pk].update ==='denied'){
330
- throw "没有修改的权限,sectionKey=" + r.parentKey
331
- }
332
-
333
- }
334
- var rk = pk + "." + r.fieldKey;
335
- if(ef_field_permissions[rk] && ef_field_permissions[rk].update ==='denied' ){
336
- throw "没有修改字段的权限,fieldKey=" + rk;
337
- }
338
-
339
- }
340
- }
341
- //啥都不做代表检查通过
342
- //TODO:检查用户权限
343
- }
344
-
345
- function filterFields(data, permissions, orgId) {
346
- //根据权限,将没有读权限的字段删除掉
347
- var section_permissions = expandSectionPermission(permissions);
348
- var field_permissions = expandFieldPermission(permissions);
349
- var ef_section_permissions = null;
350
- var ef_field_permissions = null;
351
- if (data._orgId === orgId) {
352
- ef_section_permissions = section_permissions.same_org;
353
- ef_field_permissions = field_permissions.same_org;
354
- } else {
355
- ef_section_permissions = section_permissions.sub_org;
356
- ef_field_permissions = field_permissions.sub_org;
357
- }
358
-
359
- var invisibleFields = [];
360
- data['invisibleFields'] = invisibleFields;
361
-
362
- var valid_fields = ['_orgId', '_orgIds', "_v", "del"];
363
- var curSectionKey = '';
364
- for (var k in data) {
365
- if (valid_fields.indexOf(k) >= 0) {
366
- continue;
367
- } else {
368
- if (typeof data[k] === 'object') {
369
- if ((ef_section_permissions[k] && ef_section_permissions[k].read === 'denied') ||
370
- ((!ef_section_permissions[k] || !ef_section_permissions[k].read) && (ef_section_permissions["*"] && ef_section_permissions["*"].read === 'denied'))) {
371
- delete data[k];
372
- invisibleFields.push(k);
373
- }
374
- var section = data[k];
375
- if (Array.isArray(section)) {
376
- for (var i = 0; i < section.length; i++) {
377
- var r = section[i];
378
- for (var fk in r) {
379
- var rk = k + "." + fk;
380
- if ((ef_field_permissions[rk] && ef_field_permissions[rk].read === 'denied') ||
381
- ((!ef_field_permissions[rk] || !ef_field_permissions[rk].read) && (ef_field_permissions[k + ".*"] && ef_field_permissions[k + ".*"].read === 'denied'))) {
382
- delete r[fk];
383
- invisibleFields.push(rk);
384
- }
385
- }
386
-
387
- }
388
- }
389
- } else {
390
- if ((ef_field_permissions[k] && ef_field_permissions[k].read === 'denied') || ((!ef_field_permissions[k] || !ef_field_permissions[k].read) && ef_field_permissions["*"].read === 'denied')) {
391
- delete data[k];
392
- invisibleFields.push(k);
393
- }
394
- }
395
- }
396
- }
397
- }
398
-
399
- function mergeArray(a1, a2,section_permission){
400
- //a1是旧的,a2是新的
401
- // $.log("diffArray,parentKey=" + parentKey);
402
-
403
- var temp_matched = [];
404
- var result = [];
405
- var merged = [];
406
- if(!a1){
407
- a1 = [];
408
- }
409
- if(!a2){
410
- a2 = [];
411
- }
412
- var newa2 = [];
413
- for(var i=0; i<a2.length; i++){
414
- if(a2[i]!==null){
415
- if(!isScalar(a2[i])){
416
- delete a2[i]._matched;
417
- }
418
- newa2.push(a2[i]);
419
- }
420
- }
421
- a2 = newa2;
422
- for(var i=0; i<a1.length; i++){
423
- var r1 = a1[i];
424
- var found = false;
425
- for(var j=0; j<a2.length; j++){
426
- var r2 = a2[j];
427
- if(isEqual(r1,r2)){
428
- found = true;
429
- if(isScalar(r2)){
430
- temp_matched.push(r2);
431
- }
432
- else{
433
- if(r2!=null){
434
- r2._matched = true;
435
- }
436
-
437
- }
438
- merged.push(r1);
439
- break;
440
- }
441
- }
442
- if(!found){
443
- //r1不存在于a2中,说明r1被删除了
444
- if(section_permission && section_permission.del === 'denied'){
445
- //不允许删除
446
- merged.push(r1);
447
- }
448
- }
449
- }
450
- for(var i=0; i<a2.length; i++){
451
- r2 = a2[i];
452
- if(isScalar(r2)){
453
- if(temp_matched.indexOf(r2)==-1){
454
- if(!section_permission || section_permission.add !== 'denied' ){
455
- merged.push(r2);
456
- }
457
- }
458
-
459
- }
460
- else if(!r2._matched){
461
- if(!section_permission || section_permission.add !== 'denied' ){
462
- merged.push(r2);
463
- }
464
- }
465
- }
466
- return merged;
467
- }
468
-
469
- function merge(oldObj,newObj,permissions,orgId){
470
- var section_permissions = expandSectionPermission(permissions);
471
- var field_permissions = expandFieldPermission(permissions);
472
- var table_permissions = expandTablePermission(permissions);
473
-
474
- var ef_section_permissions = null;
475
- var ef_field_permissions = null;
476
- var ef_table_permissions = null;
477
- if (oldObj._orgId === orgId) {
478
- ef_section_permissions = section_permissions.same_org;
479
- ef_field_permissions = field_permissions.same_org;
480
- ef_table_permissions = table_permissions.same_org;
481
- } else {
482
- ef_section_permissions = section_permissions.sub_org;
483
- ef_field_permissions = field_permissions.sub_org;
484
- ef_table_permissions = table_permissions.sub_org;
485
- }
486
- if(ef_table_permissions && ef_table_permissions.update==='denied'){
487
- throw "没有修改权限。"
488
- }
489
-
490
- for(var k in oldObj){
491
- var vo = oldObj[k];
492
- if(typeof vo === 'object'){
493
- if(ef_section_permissions[k] && ef_section_permissions[k].update==='denied' || ef_section_permissions[k] && ef_section_permissions[k].read==='denied'){
494
- newObj[k] = vo;
495
- continue;
496
- }
497
-
498
- if(Array.isArray(vo)){
499
- //暂时对于Array, 只要对于section有权限,则是对于整行来说的,而不能对于行中的某个字段
500
- var vn = newObj[k];
501
- var merged = mergeArray(vo,vn,ef_section_permissions[k]);
502
- newObj[k] = merged;
503
- }
504
- else {
505
- var vn = newObj[k];
506
- for(var sk in vo){
507
- var fk = k + "." + sk;
508
- if(ef_field_permissions[fk] && ef_field_permissions[fk].update==='denied' || ef_field_permissions[fk] && ef_field_permissions[fk].read==='denied'){
509
- vn[fk] = vo[fk];
510
- }
511
- }
512
- }
513
- }
514
- else if(vo === null){
515
- if((ef_section_permissions[k] && (ef_section_permissions[k].update==='denied' || ef_section_permissions[k].read==='denied') )||
516
- (ef_field_permissions[k] && (ef_field_permissions[k].update==='denied' || ef_field_permissions[k].read==='denied') )
517
- ){
518
- newObj[k] = null;
519
- }
520
- }
521
- else{
522
- if(ef_field_permissions[k] && (ef_field_permissions[k].update==='denied' || ef_field_permissions[k].read==='denied') ){
523
- newObj[k] = oldObj[k];
524
- }
525
- }
526
- }
527
-
528
- for(var k in newObj){
529
- //找到在new 但是 不在 old里面的,这表明是add
530
- var vn = newObj[k];
531
- var vo = oldObj[k];
532
- if(typeof vn === 'object' ){
533
-
534
- if(!vo && ef_section_permissions[k] && ef_section_permissions[k].add === 'denied'){
535
- delete newObj[k];
536
- }
537
- else if(Array.isArray(vn)){
538
- //do nothing
539
- }
540
- else{
541
- for(var nk in vn){
542
- if(vn[nk] && (!vo || !vo[nk])){
543
- var fk = k + "." + nk;
544
- if(ef_field_permissions[fk] && ef_field_permissions[fk].add === 'denied'){
545
- delete vn[nk];
546
- }
547
- }
548
- }
549
- }
550
- }
551
- else{
552
- if(!vo && ef_field_permissions[k] && ef_field_permissions[k].add === 'denied'){
553
- delete newObj[k];
554
- }
555
- }
556
- }
557
- return newObj;
558
-
559
- }
560
-
561
- function getObjectPermissionFilter(tableId, roleId,orgId,userId){
562
- var filters = [];
563
- var excludeFilters = [];
564
-
565
- filters = [
566
- {
567
- bool: {
568
- filter:[
569
- {term:{"permissions.orgId.keyword":orgId}},
570
- {term:{"permissions.roleId.keyword":roleId}},
571
- {term:{"permissions.list.keyword":"allowed"}}
572
- ]
573
- }
574
- },
575
- {
576
- bool: {
577
- filter:[
578
- {term:{"permissions.orgId.keyword":orgId}},
579
- {term:{"permissions.roleId.keyword":"*"}},
580
- {term:{"permissions.list.keyword":"allowed"}}
581
- ]
582
- }
583
- },
584
- {
585
- bool: {
586
- filter:[
587
- {term:{"permissions.orgId.keyword":"*"}},
588
- {term:{"permissions.roleId.keyword":roleId}},
589
- {term:{"permissions.list.keyword":"allowed"}}
590
- ]
591
- }
592
- },
593
- {
594
- bool: {
595
- filter:[
596
- {term:{"permissions.orgId.keyword":"*"}},
597
- {term:{"permissions.roleId.keyword":"*"}},
598
- {term:{"permissions.list.keyword":"allowed"}}
599
- ]
600
- }
601
- },
602
- {
603
- bool: {
604
- filter:[
605
- {term:{"permissions.userId.keyword":userId}},
606
- {term:{"permissions.list.keyword":"allowed"}}
607
- ]
608
- }
609
- },
610
- {
611
- bool: {
612
- filter:[
613
- {term:{"permissions.userId.keyword":"*"}},
614
- {term:{"permissions.list.keyword":"allowed"}}
615
- ]
616
- }
617
- }
618
- ];
619
- //获取对象本身的权限
620
-
621
- excludeFilters= [
622
- {
623
- bool: {
624
- filter:[
625
- {term:{"permissions.orgId.keyword":orgId}},
626
- {term:{"permissions.roleId.keyword":roleId}},
627
- {term:{"permissions.list.keyword":"denied"}}
628
- ]
629
- }
630
- },
631
- {
632
- bool: {
633
- filter:[
634
- {term:{"permissions.orgId.keyword":orgId}},
635
- {term:{"permissions.roleId.keyword":"*"}},
636
- {term:{"permissions.list.keyword":"denied"}}
637
- ]
638
- }
639
- },
640
- {
641
- bool: {
642
- filter:[
643
- {term:{"permissions.orgId.keyword":"*"}},
644
- {term:{"permissions.roleId.keyword":roleId}},
645
- {term:{"permissions.list.keyword":"denied"}}
646
- ]
647
- }
648
- },
649
- {
650
- bool: {
651
- filter:[
652
- {term:{"permissions.orgId.keyword":"*"}},
653
- {term:{"permissions.roleId.keyword":"*"}},
654
- {term:{"permissions.list.keyword":"denied"}}
655
- ]
656
- }
657
- },
658
- {
659
- bool: {
660
- filter:[
661
- {term:{"permissions.userId.keyword":userId}},
662
- {term:{"permissions.list.keyword":"denied"}}
663
- ]
664
- }
665
- },
666
- {
667
- bool: {
668
- filter:[
669
- {term:{"permissions.userId.keyword":"*"}},
670
- {term:{"permissions.list.keyword":"denied"}}
671
- ]
672
- }
673
- }
674
- ];
675
- return [filters,excludeFilters]
676
- }
677
- function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
678
- if(userId==='0' && orgId==='0' && roleId==='0'){
679
- return null;
680
- }
681
-
682
- $.log("getListPermissionFilter tableId="+tableId+",roleId="+roleId+",orgId="+orgId+",userId="+userId+", permissions="+JSON.stringify(permissions));
683
- //获得有权限的对象的filter
684
- var tp = expandTablePermission(permissions);
685
-
686
-
687
- //如果有listAll
688
-
689
- if(tp.same_org.listall==='allowed' || tp.sub_org.listall==='allowed' || roleId=='0' || userId=='0') {
690
- //只能读取本组织的数据
691
- // var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
692
- var orgFilter = null;
693
- if(tp.sub_org.listall==='allowed'){
694
- if(orgId!='0'){
695
- orgFilter = {
696
- "term": {"_orgIds.keyword": orgId}
697
- }
698
- }
699
- else{
700
- orgFilter = { "match_all": {}};
701
- }
702
- }
703
- else if(tp.same_org.listall==='allowed'){
704
- if(orgId!='0'){
705
- orgFilter = {
706
- "term": {"_orgId.keyword": orgId}
707
- }
708
- }
709
- else{
710
- orgFilter = { "match_all": {}};
711
- }
712
-
713
- }
714
- else {
715
- if(orgId!='0'){
716
- orgFilter = {
717
- "term": {"_orgIds.keyword": orgId}
718
- }
719
- }
720
- else{
721
- orgFilter = { "match_all": {}};
722
- }
723
- }
724
- var shouldFilters = [];
725
- if(orgFilter){
726
- shouldFilters.push(orgFilter);
727
- }
728
- //组合对象允许的
729
- return {
730
- bool:{
731
- should:shouldFilters
732
- }
733
- }
734
- }
735
- else {
736
- var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
737
- return {
738
- bool:{
739
- should:objFilters[0],
740
- must_not:objFilters[1]
741
- }
742
- }
743
- }
744
-
745
-
746
- }
747
-
748
-
749
-
750
-
751
-
1
+ //#import session.js
2
+ //#import $owl_backend_session:services/modelService.jsx
3
+ //#import $owlPermission:services/permissionService.jsx
4
+ //#import $owl_orgs:services/modelService.jsx
5
+ //#import $owl_permission:services/modelService.jsx
6
+ //#import $owl_mall_u:services/modelService.jsx
7
+
8
+ function getParentOrgIds(orgId) {
9
+ if (orgId == '0') {
10
+ return ['0'];
11
+ }
12
+
13
+ var org = owl_orgsService.get(orgId);
14
+ if (org) {
15
+ return org.parentPathIds;
16
+ }
17
+ return [orgId];
18
+ }
19
+
20
+ function checklogin() {
21
+ var magic = $.getSystemProperty("magic");
22
+ var magicParams = $.params.ma;
23
+ var m = '0';//默认是 平台
24
+ if (magic === magicParams) {
25
+ //代表是内部操作
26
+ var user = {
27
+ uid: 'internal',
28
+ loginId: "internal",
29
+ name: "系统内部访问",
30
+ allowed_appIds: ["*"]
31
+ }
32
+
33
+ var env = {
34
+ now: new Date().getTime(),
35
+ loginUserId: 'internal',
36
+ loginId: 'internal',
37
+ loginUser:user,
38
+ shopId: m,
39
+ warehouseId: "",
40
+ roleId: 'internal',
41
+ orgId: 'internal',
42
+ orgIds: 'internal',
43
+ m: m
44
+ }
45
+ return env;
46
+
47
+ } else {
48
+ var isid = SessionService.getSessionId(request);
49
+ var now = new Date().getTime();
50
+ var sessionId = 'owl_backend_session_' + isid;
51
+ var session = owl_backend_sessionService.get(sessionId);
52
+ if (session && session.lastModified > now - 7 * 24 * 3600 * 1000) {
53
+ var loginUserId = session.userId
54
+ var roleId = session.roleId;
55
+ var orgId = session.orgId;
56
+ var orgIds = [orgId].concat(getParentOrgIds(orgId));
57
+ if (loginUserId) {
58
+ var loginUser = owl_mall_uService.get(loginUserId);
59
+ var env = {
60
+ now: new Date().getTime(),
61
+ loginUserId: loginUserId,
62
+ loginId: loginUserId,
63
+ loginUser:loginUser,
64
+ shopId: m,
65
+ warehouseId: "",
66
+ roleId: roleId,
67
+ orgId: orgId,
68
+ orgIds: orgIds,
69
+ m: m
70
+ }
71
+ return env;
72
+ } else {
73
+ var ret = {
74
+ state: 'err',
75
+ code: 'no login',
76
+ msg: "not login!"
77
+ }
78
+ out.print(JSON.stringify(ret));
79
+ return null;
80
+ }
81
+ } else {
82
+ var ret = {
83
+ state: 'err',
84
+ code: 'no login',
85
+ msg: "not login!"
86
+ }
87
+ out.print(JSON.stringify(ret));
88
+ return null;
89
+ }
90
+ }
91
+ }
92
+
93
+ function getPermissions(roleId, tableId) {
94
+ var searchArgs = {
95
+ roleId: roleId,
96
+ tables:{
97
+ type:"or",
98
+ args:[
99
+ { tableId: tableId},
100
+ { tableId: "*"}
101
+ ]
102
+ }
103
+ }
104
+ var sr = owl_permissionService.search("0", searchArgs, null, 0, 10000, null);
105
+ if (sr.state === 'ok') {
106
+ return sr.list;
107
+ }
108
+ return [];
109
+ }
110
+
111
+ function expandTablePermission(permissions) {
112
+ // $.log("expandTablePermission,permissions=" + JSON.stringify(per?missions))
113
+ var same_org = {};
114
+
115
+ var sub_org = { };
116
+
117
+ for (var i = 0; i < permissions.length; i++) {
118
+ var p = permissions[i];
119
+ if(same_org.read!='denied' && p.permission_same_org && p.permission_same_org.read){
120
+ same_org.read = p.permission_same_org.read;
121
+ }
122
+ if(same_org.update!='denied' && p.permission_same_org && p.permission_same_org.update){
123
+ same_org.update = p.permission_same_org.update;
124
+ }
125
+ if(same_org.del!='denied' && p.permission_same_org && p.permission_same_org.del){
126
+ same_org.del = p.permission_same_org.del;
127
+ }
128
+ if(same_org.add!='denied' && p.permission_same_org && p.permission_same_org.add){
129
+ same_org.add = p.permission_same_org.add;
130
+ }
131
+ if(same_org.list!='denied' && p.permission_same_org && p.permission_same_org.list){
132
+ same_org.list = p.permission_same_org.add;
133
+ }
134
+ if(same_org.listall!='denied' && p.permission_same_org && p.permission_same_org.listall){
135
+ same_org.listall = p.permission_same_org.listall;
136
+ }
137
+
138
+ if(sub_org.read!='denied' && p.permission_sub_org && p.permission_sub_org.read){
139
+ sub_org.read = p.permission_sub_org.read;
140
+ }
141
+ if(sub_org.update!='denied' && p.permission_sub_org && p.permission_sub_org.update){
142
+ sub_org.update = p.permission_sub_org.update;
143
+ }
144
+ if(sub_org.del!='denied' && p.permission_sub_org && p.permission_sub_org.del){
145
+ same_org.del = p.permission_sub_org.del;
146
+ }
147
+ if(sub_org.add!='denied' && p.permission_sub_org && p.permission_sub_org.add){
148
+ sub_org.add = p.permission_sub_org.add;
149
+ }
150
+ if(sub_org.list!='denied' && p.permission_sub_org && p.permission_sub_org.list){
151
+ sub_org.list = p.permission_sub_org.list;
152
+ }
153
+ if(sub_org.listall!='denied' && p.permission_sub_org && p.permission_sub_org.listall){
154
+ sub_org.listall = p.permission_sub_org.listall;
155
+ }
156
+ }
157
+
158
+ return {
159
+ same_org:same_org,
160
+ sub_org:sub_org
161
+ }
162
+
163
+ }
164
+
165
+ function expandSectionPermission(permissions) {
166
+ var same_org = {
167
+ "*": "allowed"
168
+ };
169
+ var sub_org = {
170
+ "*": "allowed"
171
+ };
172
+
173
+ for (var i = 0; i < permissions.length; i++) {
174
+ var p = permissions[i];
175
+ var sections_same_org = p.sections_same_org;
176
+ var sections_sub_org = p.sections_sub_org;
177
+ if (sections_same_org) {
178
+ for (var j = 0; j < sections_same_org.length; j++) {
179
+ var sec = sections_same_org[j];
180
+ if (sec.sectionKey) {
181
+ same_org[sec.sectionKey] = sec;
182
+ }
183
+ }
184
+ }
185
+ if (sections_sub_org) {
186
+ for (var j = 0; j < sections_sub_org.length; j++) {
187
+ var sec = sections_sub_org[j];
188
+ if (sec.sectionKey) {
189
+ sub_org[sec.sectionKey] = sec;
190
+ }
191
+ }
192
+ }
193
+ }
194
+
195
+ return {
196
+ same_org: same_org,
197
+ sub_org: sub_org
198
+ }
199
+ }
200
+
201
+ function expandFieldPermission(permissions) {
202
+ var same_org = {
203
+ "*": {read: "allowed"}
204
+ }
205
+ var sub_org = {
206
+ "*": {read: "allowed"}
207
+ }
208
+ for (var i = 0; i < permissions.length; i++) {
209
+ var p = permissions[i];
210
+ if (p.fields_same_org) {
211
+ for (var j = 0; j < p.fields_same_org.length; j++) {
212
+ var f = p.fields_same_org[j];
213
+ var fieldKey = f.fieldKey;
214
+ if (f.sectionKey && f.sectionKey != 'main') {
215
+ fieldKey = f.sectionKey + "." + f.fieldKey;
216
+ }
217
+ same_org[fieldKey] = f;
218
+ }
219
+ }
220
+ if (p.fields_sub_org) {
221
+ for (var j = 0; j < p.fields_sub_org.length; j++) {
222
+ var f = p.fields_sub_org[j];
223
+ var fieldKey = f.fieldKey;
224
+ if (f.sectionKey && f.sectionKey != 'main') {
225
+ fieldKey = f.sectionKey + "." + f.fieldKey;
226
+ }
227
+ sub_org[fieldKey] = f;
228
+ }
229
+ }
230
+ }
231
+ return {
232
+ same_org: same_org,
233
+ sub_org: sub_org
234
+ }
235
+ }
236
+
237
+ function checkObject(obj, ef_field_permissions, parentKey,action){
238
+ for(var k in obj){
239
+ var ek = parentKey + "." + k;
240
+ if(ef_field_permissions && ef_field_permissions[ek] && ef_field_permissions[ek][action]==='denied'){
241
+ throw "没有"+action + "权限,ek=" + ek;
242
+ }
243
+
244
+ }
245
+ }
246
+
247
+ function checkPermission(data, permissions, orgId, action) {
248
+ var section_permissions = expandSectionPermission(permissions);
249
+ var field_permissions = expandFieldPermission(permissions);
250
+ var table_permissions = expandTablePermission(permissions);
251
+
252
+ var ef_section_permissions = null;
253
+ var ef_field_permissions = null;
254
+ var ef_table_permissions = null;
255
+ if (data._orgId === orgId) {
256
+ ef_section_permissions = section_permissions.same_org;
257
+ ef_field_permissions = field_permissions.same_org;
258
+ ef_table_permissions = table_permissions.same_org;
259
+ } else {
260
+ ef_section_permissions = section_permissions.sub_org;
261
+ ef_field_permissions = field_permissions.sub_org;
262
+ ef_table_permissions = field_permissions.sub_org;
263
+
264
+ }
265
+
266
+ var valid_fields = ['_orgId', '_orgIds', "_v", "del"];
267
+ if(ef_table_permissions.add === 'denied'){
268
+ throw "表没有添加记录权限。"
269
+ }
270
+ //检查section_permission
271
+ for (var k in data) {
272
+ if(valid_fields.indexOf(k)>-1){
273
+ continue;
274
+ }
275
+ var v = data[k];
276
+ //if v is section
277
+ if (typeof v === 'object') {
278
+ //ef_field_permissions
279
+ if (ef_section_permissions && ef_section_permissions[k] && ef_section_permissions[k][action] === 'denied') {
280
+ throw "section没有" + action + "权限,sectionKey=" + k
281
+ }
282
+ if(Array.isArray(v)){
283
+ for(var i=0; i<v.length; i++){
284
+ var r = v[i];
285
+ checkObject(r,ef_field_permissions,k,action);
286
+ }
287
+ }
288
+ else{
289
+ checkObject(v,ef_field_permissions,k,action);
290
+ }
291
+ }
292
+ else {
293
+ if(ef_section_permissions && ef_section_permissions[k] && ef_field_permissions[k].add === 'denied'){
294
+ throw "字段没有" + action + "权限, key=" + k
295
+ }
296
+ }
297
+
298
+ }
299
+ }
300
+
301
+ function checkUpdatePermission(data,diffresult,permissions,orgId){
302
+ var section_permissions = expandSectionPermission(permissions);
303
+ var field_permissions = expandFieldPermission(permissions);
304
+ var table_permissions = expandTablePermission(permissions);
305
+
306
+ var ef_section_permissions = null;
307
+ var ef_field_permissions = null;
308
+ var ef_table_permissions = null;
309
+ if (data._orgId === orgId) {
310
+ ef_section_permissions = section_permissions.same_org;
311
+ ef_field_permissions = field_permissions.same_org;
312
+ ef_table_permissions = table_permissions.same_org;
313
+ } else {
314
+ ef_section_permissions = section_permissions.sub_org;
315
+ ef_field_permissions = field_permissions.sub_org;
316
+ ef_table_permissions = table_permissions.sub_org;
317
+ }
318
+
319
+ // $.log("ef_table_permissions=" + JSON.stringify(ef_table_permissions))
320
+ if(ef_table_permissions.update === 'denied'){
321
+ throw "没有修改的权限。"
322
+ }
323
+ if(diffresult && diffresult.length>0){
324
+ for(var i=0; i<diffresult.length; i++){
325
+ var r = diffresult[i];
326
+ var pk = "main";
327
+ if(r.parentKey && r.parentKey.length>0){
328
+ pk = r.parentKey.substring(1);
329
+ if(ef_section_permissions[pk] && ef_section_permissions[pk].update ==='denied'){
330
+ throw "没有修改的权限,sectionKey=" + r.parentKey
331
+ }
332
+
333
+ }
334
+ var rk = pk + "." + r.fieldKey;
335
+ if(ef_field_permissions[rk] && ef_field_permissions[rk].update ==='denied' ){
336
+ throw "没有修改字段的权限,fieldKey=" + rk;
337
+ }
338
+
339
+ }
340
+ }
341
+ //啥都不做代表检查通过
342
+ //TODO:检查用户权限
343
+ }
344
+
345
+ function filterFields(data, permissions, orgId) {
346
+ //根据权限,将没有读权限的字段删除掉
347
+ var section_permissions = expandSectionPermission(permissions);
348
+ var field_permissions = expandFieldPermission(permissions);
349
+ var ef_section_permissions = null;
350
+ var ef_field_permissions = null;
351
+ if (data._orgId === orgId) {
352
+ ef_section_permissions = section_permissions.same_org;
353
+ ef_field_permissions = field_permissions.same_org;
354
+ } else {
355
+ ef_section_permissions = section_permissions.sub_org;
356
+ ef_field_permissions = field_permissions.sub_org;
357
+ }
358
+
359
+ var invisibleFields = [];
360
+ data['invisibleFields'] = invisibleFields;
361
+
362
+ var valid_fields = ['_orgId', '_orgIds', "_v", "del"];
363
+ var curSectionKey = '';
364
+ for (var k in data) {
365
+ if (valid_fields.indexOf(k) >= 0) {
366
+ continue;
367
+ } else {
368
+ if (typeof data[k] === 'object') {
369
+ if ((ef_section_permissions[k] && ef_section_permissions[k].read === 'denied') ||
370
+ ((!ef_section_permissions[k] || !ef_section_permissions[k].read) && (ef_section_permissions["*"] && ef_section_permissions["*"].read === 'denied'))) {
371
+ delete data[k];
372
+ invisibleFields.push(k);
373
+ }
374
+ var section = data[k];
375
+ if (Array.isArray(section)) {
376
+ for (var i = 0; i < section.length; i++) {
377
+ var r = section[i];
378
+ for (var fk in r) {
379
+ var rk = k + "." + fk;
380
+ if ((ef_field_permissions[rk] && ef_field_permissions[rk].read === 'denied') ||
381
+ ((!ef_field_permissions[rk] || !ef_field_permissions[rk].read) && (ef_field_permissions[k + ".*"] && ef_field_permissions[k + ".*"].read === 'denied'))) {
382
+ delete r[fk];
383
+ invisibleFields.push(rk);
384
+ }
385
+ }
386
+
387
+ }
388
+ }
389
+ } else {
390
+ if ((ef_field_permissions[k] && ef_field_permissions[k].read === 'denied') || ((!ef_field_permissions[k] || !ef_field_permissions[k].read) && ef_field_permissions["*"].read === 'denied')) {
391
+ delete data[k];
392
+ invisibleFields.push(k);
393
+ }
394
+ }
395
+ }
396
+ }
397
+ }
398
+
399
+ function mergeArray(a1, a2,section_permission){
400
+ //a1是旧的,a2是新的
401
+ // $.log("diffArray,parentKey=" + parentKey);
402
+
403
+ var temp_matched = [];
404
+ var result = [];
405
+ var merged = [];
406
+ if(!a1){
407
+ a1 = [];
408
+ }
409
+ if(!a2){
410
+ a2 = [];
411
+ }
412
+ var newa2 = [];
413
+ for(var i=0; i<a2.length; i++){
414
+ if(a2[i]!==null){
415
+ if(!isScalar(a2[i])){
416
+ delete a2[i]._matched;
417
+ }
418
+ newa2.push(a2[i]);
419
+ }
420
+ }
421
+ a2 = newa2;
422
+ for(var i=0; i<a1.length; i++){
423
+ var r1 = a1[i];
424
+ var found = false;
425
+ for(var j=0; j<a2.length; j++){
426
+ var r2 = a2[j];
427
+ if(isEqual(r1,r2)){
428
+ found = true;
429
+ if(isScalar(r2)){
430
+ temp_matched.push(r2);
431
+ }
432
+ else{
433
+ if(r2!=null){
434
+ r2._matched = true;
435
+ }
436
+
437
+ }
438
+ merged.push(r1);
439
+ break;
440
+ }
441
+ }
442
+ if(!found){
443
+ //r1不存在于a2中,说明r1被删除了
444
+ if(section_permission && section_permission.del === 'denied'){
445
+ //不允许删除
446
+ merged.push(r1);
447
+ }
448
+ }
449
+ }
450
+ for(var i=0; i<a2.length; i++){
451
+ r2 = a2[i];
452
+ if(isScalar(r2)){
453
+ if(temp_matched.indexOf(r2)==-1){
454
+ if(!section_permission || section_permission.add !== 'denied' ){
455
+ merged.push(r2);
456
+ }
457
+ }
458
+
459
+ }
460
+ else if(!r2._matched){
461
+ if(!section_permission || section_permission.add !== 'denied' ){
462
+ merged.push(r2);
463
+ }
464
+ }
465
+ }
466
+ return merged;
467
+ }
468
+
469
+ function merge(oldObj,newObj,permissions,orgId){
470
+ var section_permissions = expandSectionPermission(permissions);
471
+ var field_permissions = expandFieldPermission(permissions);
472
+ var table_permissions = expandTablePermission(permissions);
473
+
474
+ var ef_section_permissions = null;
475
+ var ef_field_permissions = null;
476
+ var ef_table_permissions = null;
477
+ if (oldObj._orgId === orgId) {
478
+ ef_section_permissions = section_permissions.same_org;
479
+ ef_field_permissions = field_permissions.same_org;
480
+ ef_table_permissions = table_permissions.same_org;
481
+ } else {
482
+ ef_section_permissions = section_permissions.sub_org;
483
+ ef_field_permissions = field_permissions.sub_org;
484
+ ef_table_permissions = table_permissions.sub_org;
485
+ }
486
+ if(ef_table_permissions && ef_table_permissions.update==='denied'){
487
+ throw "没有修改权限。"
488
+ }
489
+
490
+ for(var k in oldObj){
491
+ var vo = oldObj[k];
492
+ if(typeof vo === 'object'){
493
+ if(ef_section_permissions[k] && ef_section_permissions[k].update==='denied' || ef_section_permissions[k] && ef_section_permissions[k].read==='denied'){
494
+ newObj[k] = vo;
495
+ continue;
496
+ }
497
+
498
+ if(Array.isArray(vo)){
499
+ //暂时对于Array, 只要对于section有权限,则是对于整行来说的,而不能对于行中的某个字段
500
+ var vn = newObj[k];
501
+ var merged = mergeArray(vo,vn,ef_section_permissions[k]);
502
+ newObj[k] = merged;
503
+ }
504
+ else {
505
+ var vn = newObj[k];
506
+ for(var sk in vo){
507
+ var fk = k + "." + sk;
508
+ if(ef_field_permissions[fk] && ef_field_permissions[fk].update==='denied' || ef_field_permissions[fk] && ef_field_permissions[fk].read==='denied'){
509
+ vn[fk] = vo[fk];
510
+ }
511
+ }
512
+ }
513
+ }
514
+ else if(vo === null){
515
+ if((ef_section_permissions[k] && (ef_section_permissions[k].update==='denied' || ef_section_permissions[k].read==='denied') )||
516
+ (ef_field_permissions[k] && (ef_field_permissions[k].update==='denied' || ef_field_permissions[k].read==='denied') )
517
+ ){
518
+ newObj[k] = null;
519
+ }
520
+ }
521
+ else{
522
+ if(ef_field_permissions[k] && (ef_field_permissions[k].update==='denied' || ef_field_permissions[k].read==='denied') ){
523
+ newObj[k] = oldObj[k];
524
+ }
525
+ }
526
+ }
527
+
528
+ for(var k in newObj){
529
+ //找到在new 但是 不在 old里面的,这表明是add
530
+ var vn = newObj[k];
531
+ var vo = oldObj[k];
532
+ if(typeof vn === 'object' ){
533
+
534
+ if(!vo && ef_section_permissions[k] && ef_section_permissions[k].add === 'denied'){
535
+ delete newObj[k];
536
+ }
537
+ else if(Array.isArray(vn)){
538
+ //do nothing
539
+ }
540
+ else{
541
+ for(var nk in vn){
542
+ if(vn[nk] && (!vo || !vo[nk])){
543
+ var fk = k + "." + nk;
544
+ if(ef_field_permissions[fk] && ef_field_permissions[fk].add === 'denied'){
545
+ delete vn[nk];
546
+ }
547
+ }
548
+ }
549
+ }
550
+ }
551
+ else{
552
+ if(!vo && ef_field_permissions[k] && ef_field_permissions[k].add === 'denied'){
553
+ delete newObj[k];
554
+ }
555
+ }
556
+ }
557
+ return newObj;
558
+
559
+ }
560
+
561
+ function getObjectPermissionFilter(tableId, roleId,orgId,userId){
562
+ var filters = [];
563
+ var excludeFilters = [];
564
+
565
+ filters = [
566
+ {
567
+ bool: {
568
+ filter:[
569
+ {term:{"permissions.orgId.keyword":orgId}},
570
+ {term:{"permissions.roleId.keyword":roleId}},
571
+ {term:{"permissions.list.keyword":"allowed"}}
572
+ ]
573
+ }
574
+ },
575
+ {
576
+ bool: {
577
+ filter:[
578
+ {term:{"permissions.orgId.keyword":orgId}},
579
+ {term:{"permissions.roleId.keyword":"*"}},
580
+ {term:{"permissions.list.keyword":"allowed"}}
581
+ ]
582
+ }
583
+ },
584
+ {
585
+ bool: {
586
+ filter:[
587
+ {term:{"permissions.orgId.keyword":"*"}},
588
+ {term:{"permissions.roleId.keyword":roleId}},
589
+ {term:{"permissions.list.keyword":"allowed"}}
590
+ ]
591
+ }
592
+ },
593
+ {
594
+ bool: {
595
+ filter:[
596
+ {term:{"permissions.orgId.keyword":"*"}},
597
+ {term:{"permissions.roleId.keyword":"*"}},
598
+ {term:{"permissions.list.keyword":"allowed"}}
599
+ ]
600
+ }
601
+ },
602
+ {
603
+ bool: {
604
+ filter:[
605
+ {term:{"permissions.userId.keyword":userId}},
606
+ {term:{"permissions.list.keyword":"allowed"}}
607
+ ]
608
+ }
609
+ },
610
+ {
611
+ bool: {
612
+ filter:[
613
+ {term:{"permissions.userId.keyword":"*"}},
614
+ {term:{"permissions.list.keyword":"allowed"}}
615
+ ]
616
+ }
617
+ }
618
+ ];
619
+ //获取对象本身的权限
620
+
621
+ excludeFilters= [
622
+ {
623
+ bool: {
624
+ filter:[
625
+ {term:{"permissions.orgId.keyword":orgId}},
626
+ {term:{"permissions.roleId.keyword":roleId}},
627
+ {term:{"permissions.list.keyword":"denied"}}
628
+ ]
629
+ }
630
+ },
631
+ {
632
+ bool: {
633
+ filter:[
634
+ {term:{"permissions.orgId.keyword":orgId}},
635
+ {term:{"permissions.roleId.keyword":"*"}},
636
+ {term:{"permissions.list.keyword":"denied"}}
637
+ ]
638
+ }
639
+ },
640
+ {
641
+ bool: {
642
+ filter:[
643
+ {term:{"permissions.orgId.keyword":"*"}},
644
+ {term:{"permissions.roleId.keyword":roleId}},
645
+ {term:{"permissions.list.keyword":"denied"}}
646
+ ]
647
+ }
648
+ },
649
+ {
650
+ bool: {
651
+ filter:[
652
+ {term:{"permissions.orgId.keyword":"*"}},
653
+ {term:{"permissions.roleId.keyword":"*"}},
654
+ {term:{"permissions.list.keyword":"denied"}}
655
+ ]
656
+ }
657
+ },
658
+ {
659
+ bool: {
660
+ filter:[
661
+ {term:{"permissions.userId.keyword":userId}},
662
+ {term:{"permissions.list.keyword":"denied"}}
663
+ ]
664
+ }
665
+ },
666
+ {
667
+ bool: {
668
+ filter:[
669
+ {term:{"permissions.userId.keyword":"*"}},
670
+ {term:{"permissions.list.keyword":"denied"}}
671
+ ]
672
+ }
673
+ }
674
+ ];
675
+ return [filters,excludeFilters]
676
+ }
677
+ function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
678
+ if(userId==='0' && orgId==='0' && roleId==='0'){
679
+ return null;
680
+ }
681
+
682
+ $.log("getListPermissionFilter tableId="+tableId+",roleId="+roleId+",orgId="+orgId+",userId="+userId+", permissions="+JSON.stringify(permissions));
683
+ //获得有权限的对象的filter
684
+ var tp = expandTablePermission(permissions);
685
+
686
+
687
+ //如果有listAll
688
+
689
+ if(tp.same_org.listall==='allowed' || tp.sub_org.listall==='allowed' || roleId=='0' || userId=='0') {
690
+ //只能读取本组织的数据
691
+ // var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
692
+ var orgFilter = null;
693
+ if(tp.sub_org.listall==='allowed'){
694
+ if(orgId!='0'){
695
+ orgFilter = {
696
+ "term": {"_orgIds.keyword": orgId}
697
+ }
698
+ }
699
+ else{
700
+ orgFilter = { "match_all": {}};
701
+ }
702
+ }
703
+ else if(tp.same_org.listall==='allowed'){
704
+ if(orgId!='0'){
705
+ orgFilter = {
706
+ "term": {"_orgId.keyword": orgId}
707
+ }
708
+ }
709
+ else{
710
+ orgFilter = { "match_all": {}};
711
+ }
712
+
713
+ }
714
+ else {
715
+ if(orgId!='0'){
716
+ orgFilter = {
717
+ "term": {"_orgIds.keyword": orgId}
718
+ }
719
+ }
720
+ else{
721
+ orgFilter = { "match_all": {}};
722
+ }
723
+ }
724
+ var shouldFilters = [];
725
+ if(orgFilter){
726
+ shouldFilters.push(orgFilter);
727
+ }
728
+ //组合对象允许的
729
+ return {
730
+ bool:{
731
+ should:shouldFilters
732
+ }
733
+ }
734
+ }
735
+ else {
736
+ var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
737
+ return {
738
+ bool:{
739
+ should:objFilters[0],
740
+ must_not:objFilters[1]
741
+ }
742
+ }
743
+ }
744
+
745
+
746
+ }
747
+
748
+
749
+
750
+
751
+