owl-cli 6.128.0 → 6.129.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -27,6 +27,9 @@
|
|
|
27
27
|
ids = [id];
|
|
28
28
|
}
|
|
29
29
|
|
|
30
|
+
var tableId = 'owl_' + spec._t;
|
|
31
|
+
var permissions = getPermissions(roleId,tableId);
|
|
32
|
+
|
|
30
33
|
for(var i=0;i<ids.length; i++){
|
|
31
34
|
var id = ids[i];
|
|
32
35
|
var oldObj = @projectCodeService.get(id,true);
|
|
@@ -39,17 +42,9 @@
|
|
|
39
42
|
out.print(JSON.stringify(ret));
|
|
40
43
|
return;
|
|
41
44
|
}
|
|
42
|
-
if(roleId!=='internal'
|
|
45
|
+
if(roleId!=='internal' ){
|
|
43
46
|
//检查是否有权限修改
|
|
44
|
-
|
|
45
|
-
var ret = {
|
|
46
|
-
state:'err',
|
|
47
|
-
code: 'no permission',
|
|
48
|
-
msg: '没有权限,id=' + id
|
|
49
|
-
}
|
|
50
|
-
out.print(JSON.stringify(ret));
|
|
51
|
-
return;
|
|
52
|
-
}
|
|
47
|
+
checkPermission(oldObj,permissions,orgId,"del");
|
|
53
48
|
}
|
|
54
49
|
}
|
|
55
50
|
|
|
@@ -116,41 +116,41 @@ function expandTablePermission(permissions) {
|
|
|
116
116
|
|
|
117
117
|
for (var i = 0; i < permissions.length; i++) {
|
|
118
118
|
var p = permissions[i];
|
|
119
|
-
if(same_org.read!='denied' && p.permission_same_org && p.permission_same_org.read){
|
|
119
|
+
if(same_org.read!='denied' && p.permission_same_org && p.permission_same_org.read && p.permission_same_org.read!='noset'){
|
|
120
120
|
same_org.read = p.permission_same_org.read;
|
|
121
121
|
}
|
|
122
|
-
if(same_org.update!='denied' && p.permission_same_org && p.permission_same_org.update){
|
|
122
|
+
if(same_org.update!='denied' && p.permission_same_org && p.permission_same_org.update && p.permission_same_org.update!='noset'){
|
|
123
123
|
same_org.update = p.permission_same_org.update;
|
|
124
124
|
}
|
|
125
|
-
if(same_org.del!='denied' && p.permission_same_org && p.permission_same_org.del){
|
|
125
|
+
if(same_org.del!='denied' && p.permission_same_org && p.permission_same_org.del && p.permission_same_org.del!='noset'){
|
|
126
126
|
same_org.del = p.permission_same_org.del;
|
|
127
127
|
}
|
|
128
|
-
if(same_org.add!='denied' && p.permission_same_org && p.permission_same_org.add){
|
|
128
|
+
if(same_org.add!='denied' && p.permission_same_org && p.permission_same_org.add && p.permission_same_org.add!='noset'){
|
|
129
129
|
same_org.add = p.permission_same_org.add;
|
|
130
130
|
}
|
|
131
|
-
if(same_org.list!='denied' && p.permission_same_org && p.permission_same_org.list){
|
|
131
|
+
if(same_org.list!='denied' && p.permission_same_org && p.permission_same_org.list && p.permission_same_org.list!='noset'){
|
|
132
132
|
same_org.list = p.permission_same_org.add;
|
|
133
133
|
}
|
|
134
|
-
if(same_org.listall!='denied' && p.permission_same_org && p.permission_same_org.listall){
|
|
134
|
+
if(same_org.listall!='denied' && p.permission_same_org && p.permission_same_org.listall && p.permission_same_org.listall!='noset'){
|
|
135
135
|
same_org.listall = p.permission_same_org.listall;
|
|
136
136
|
}
|
|
137
137
|
|
|
138
|
-
if(sub_org.read!='denied' && p.permission_sub_org && p.permission_sub_org.read){
|
|
138
|
+
if(sub_org.read!='denied' && p.permission_sub_org && p.permission_sub_org.read && p.permission_sub_org.read!='noset'){
|
|
139
139
|
sub_org.read = p.permission_sub_org.read;
|
|
140
140
|
}
|
|
141
|
-
if(sub_org.update!='denied' && p.permission_sub_org && p.permission_sub_org.update){
|
|
141
|
+
if(sub_org.update!='denied' && p.permission_sub_org && p.permission_sub_org.update && p.permission_sub_org.update!='noset'){
|
|
142
142
|
sub_org.update = p.permission_sub_org.update;
|
|
143
143
|
}
|
|
144
|
-
if(sub_org.del!='denied' && p.permission_sub_org && p.permission_sub_org.del){
|
|
144
|
+
if(sub_org.del!='denied' && p.permission_sub_org && p.permission_sub_org.del && p.permission_sub_org.del!='noset'){
|
|
145
145
|
same_org.del = p.permission_sub_org.del;
|
|
146
146
|
}
|
|
147
|
-
if(sub_org.add!='denied' && p.permission_sub_org && p.permission_sub_org.add){
|
|
147
|
+
if(sub_org.add!='denied' && p.permission_sub_org && p.permission_sub_org.add && p.permission_sub_org.add!='noset'){
|
|
148
148
|
sub_org.add = p.permission_sub_org.add;
|
|
149
149
|
}
|
|
150
|
-
if(sub_org.list!='denied' && p.permission_sub_org && p.permission_sub_org.list){
|
|
150
|
+
if(sub_org.list!='denied' && p.permission_sub_org && p.permission_sub_org.list && p.permission_sub_org.list!='noset'){
|
|
151
151
|
sub_org.list = p.permission_sub_org.list;
|
|
152
152
|
}
|
|
153
|
-
if(sub_org.listall!='denied' && p.permission_sub_org && p.permission_sub_org.listall){
|
|
153
|
+
if(sub_org.listall!='denied' && p.permission_sub_org && p.permission_sub_org.listall && p.permission_sub_org.listall!='noset'){
|
|
154
154
|
sub_org.listall = p.permission_sub_org.listall;
|
|
155
155
|
}
|
|
156
156
|
}
|
|
@@ -244,6 +244,20 @@ function checkObject(obj, ef_field_permissions, parentKey,action){
|
|
|
244
244
|
}
|
|
245
245
|
}
|
|
246
246
|
|
|
247
|
+
function isSubOrg(data, orgId){
|
|
248
|
+
if(orgId == '0'){
|
|
249
|
+
return true;
|
|
250
|
+
}
|
|
251
|
+
var org = owl_orgsService.get(data._orgId);
|
|
252
|
+
if(!org || !org.parentPathIds){
|
|
253
|
+
return false;
|
|
254
|
+
}
|
|
255
|
+
if(org.parentPathIds.indexOf(orgId)>-1){
|
|
256
|
+
return true;
|
|
257
|
+
}
|
|
258
|
+
return false;
|
|
259
|
+
}
|
|
260
|
+
|
|
247
261
|
function checkPermission(data, permissions, orgId, action) {
|
|
248
262
|
var section_permissions = expandSectionPermission(permissions);
|
|
249
263
|
var field_permissions = expandFieldPermission(permissions);
|
|
@@ -257,16 +271,32 @@ function checkPermission(data, permissions, orgId, action) {
|
|
|
257
271
|
ef_field_permissions = field_permissions.same_org;
|
|
258
272
|
ef_table_permissions = table_permissions.same_org;
|
|
259
273
|
} else {
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
274
|
+
if(isSubOrg(data,orgId)) {
|
|
275
|
+
ef_section_permissions = section_permissions.sub_org;
|
|
276
|
+
ef_field_permissions = field_permissions.sub_org;
|
|
277
|
+
ef_table_permissions = field_permissions.sub_org;
|
|
278
|
+
}
|
|
264
279
|
}
|
|
265
280
|
|
|
281
|
+
if(!ef_table_permissions){
|
|
282
|
+
throw "表没有权限。"
|
|
283
|
+
}
|
|
266
284
|
var valid_fields = ['_orgId', '_orgIds', "_v", "del"];
|
|
267
|
-
if(ef_table_permissions.add
|
|
285
|
+
if(ef_table_permissions.add !== 'allowed' && action==='add'){
|
|
268
286
|
throw "表没有添加记录权限。"
|
|
269
287
|
}
|
|
288
|
+
if(ef_table_permissions.del !== 'allowed' && action==='del'){
|
|
289
|
+
throw "表没有删除记录权限。"
|
|
290
|
+
}
|
|
291
|
+
if(ef_table_permissions.update !== 'allowed' && action==='update'){
|
|
292
|
+
throw "表没有删除记录权限。"
|
|
293
|
+
}
|
|
294
|
+
if(ef_table_permissions.read !== 'read' && action==='read'){
|
|
295
|
+
throw "表没有读取权限。"
|
|
296
|
+
}
|
|
297
|
+
if(ef_table_permissions.list !== 'read' && action==='list'){
|
|
298
|
+
throw "表没有列出权限。"
|
|
299
|
+
}
|
|
270
300
|
//检查section_permission
|
|
271
301
|
for (var k in data) {
|
|
272
302
|
if(valid_fields.indexOf(k)>-1){
|
|
@@ -311,12 +341,17 @@ function checkUpdatePermission(data,diffresult,permissions,orgId){
|
|
|
311
341
|
ef_field_permissions = field_permissions.same_org;
|
|
312
342
|
ef_table_permissions = table_permissions.same_org;
|
|
313
343
|
} else {
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
344
|
+
if(isSubOrg(data,orgId)) {
|
|
345
|
+
ef_section_permissions = section_permissions.sub_org;
|
|
346
|
+
ef_field_permissions = field_permissions.sub_org;
|
|
347
|
+
ef_table_permissions = field_permissions.sub_org;
|
|
348
|
+
}
|
|
317
349
|
}
|
|
318
350
|
|
|
319
351
|
// $.log("ef_table_permissions=" + JSON.stringify(ef_table_permissions))
|
|
352
|
+
if(!ef_table_permissions){
|
|
353
|
+
throw "表没有权限。"
|
|
354
|
+
}
|
|
320
355
|
if(ef_table_permissions.update === 'denied'){
|
|
321
356
|
throw "没有修改的权限。"
|
|
322
357
|
}
|
|
@@ -55,7 +55,7 @@
|
|
|
55
55
|
|
|
56
56
|
//如果检查不通过,则会抛出异常
|
|
57
57
|
if(roleId!=='internal'){
|
|
58
|
-
|
|
58
|
+
checkPermission(modelObject,permissions,orgId,"add");
|
|
59
59
|
}
|
|
60
60
|
modelObject.owl_createUserId = env.loginUserId;
|
|
61
61
|
var newdata = @projectCodeService.add( modelObject,env );
|