owl-cli 6.30.0 → 6.31.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -120,7 +120,7 @@ function expandTablePermission(permissions) {
|
|
|
120
120
|
same_org.del = p.permission_sub_org.del;
|
|
121
121
|
}
|
|
122
122
|
if(sub_org.add!='denied' && p.permission_sub_org && p.permission_sub_org.add){
|
|
123
|
-
sub_org.add =
|
|
123
|
+
sub_org.add = p.permission_sub_org.add;
|
|
124
124
|
}
|
|
125
125
|
}
|
|
126
126
|
|
|
@@ -509,10 +509,110 @@ function merge(oldObj,newObj,permissions,orgId){
|
|
|
509
509
|
}
|
|
510
510
|
}
|
|
511
511
|
}
|
|
512
|
-
return newObj;
|
|
513
512
|
|
|
514
513
|
}
|
|
515
514
|
|
|
515
|
+
function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
|
|
516
|
+
//获得有权限的对象的filter
|
|
517
|
+
var tp = expandTablePermission(permissions);
|
|
518
|
+
var filters = [];
|
|
519
|
+
var excludeFilters = [];
|
|
520
|
+
|
|
521
|
+
if(tp.same_org.read==='allowed' && tp.sub_org.read==='denied') {
|
|
522
|
+
//只能读取本组织的数据
|
|
523
|
+
filters.push({"term": {"_orgId.keyword": orgId}});
|
|
524
|
+
}
|
|
525
|
+
else if(tp.same_org.read==='allowed' && tp.sub_org.read==='allowed'){
|
|
526
|
+
filters.push({"term": {"_orgIds.keyword": orgId}});
|
|
527
|
+
}
|
|
528
|
+
|
|
529
|
+
filters.concat([
|
|
530
|
+
{
|
|
531
|
+
"permissions.orgId.keyword":orgId,
|
|
532
|
+
"permissions.roleId.keyword":roleId,
|
|
533
|
+
"permissions.list.keyword":"allowed",
|
|
534
|
+
},
|
|
535
|
+
{
|
|
536
|
+
"permissions.orgId.keyword":orgId,
|
|
537
|
+
"permissions.roleId.keyword":"*",
|
|
538
|
+
"permissions.list.keyword":"allowed",
|
|
539
|
+
},
|
|
540
|
+
{
|
|
541
|
+
"permissions.orgId.keyword":"*",
|
|
542
|
+
"permissions.roleId.keyword":roleId,
|
|
543
|
+
"permissions.list.keyword":"allowed",
|
|
544
|
+
},
|
|
545
|
+
{
|
|
546
|
+
"permissions.orgId.keyword":"*",
|
|
547
|
+
"permissions.roleId.keyword":"*",
|
|
548
|
+
"permissions.list.keyword":"allowed",
|
|
549
|
+
},
|
|
550
|
+
{
|
|
551
|
+
"permissions.orgId.keyword":orgId,
|
|
552
|
+
"permissions.roleId.keyword":roleId,
|
|
553
|
+
"permissions.list.keyword":"allowed",
|
|
554
|
+
},
|
|
555
|
+
{
|
|
556
|
+
"permissions.orgId.keyword":orgId,
|
|
557
|
+
"permissions.roleId.keyword":"*",
|
|
558
|
+
"permissions.list.keyword":"allowed",
|
|
559
|
+
},
|
|
560
|
+
{
|
|
561
|
+
"permissions.orgId.keyword":"*",
|
|
562
|
+
"permissions.roleId.keyword":roleId,
|
|
563
|
+
"permissions.list.keyword":"allowed",
|
|
564
|
+
},
|
|
565
|
+
{
|
|
566
|
+
"permissions.userId.keyword":userId,
|
|
567
|
+
"permissions.list.keyword":"allowed",
|
|
568
|
+
},
|
|
569
|
+
{
|
|
570
|
+
"permissions.userId":"*",
|
|
571
|
+
"permissions.list.keyword":"allowed",
|
|
572
|
+
}
|
|
573
|
+
]);
|
|
574
|
+
//获取对象本身的权限
|
|
575
|
+
|
|
576
|
+
excludeFilters.concat([
|
|
577
|
+
{
|
|
578
|
+
"permissions.orgId.keyword":orgId,
|
|
579
|
+
"permissions.roleId.keyword":roleId,
|
|
580
|
+
"permissions.list.keyword":"denied",
|
|
581
|
+
},
|
|
582
|
+
{
|
|
583
|
+
"permissions.orgId.keyword":orgId,
|
|
584
|
+
"permissions.roleId.keyword":"*",
|
|
585
|
+
"permissions.list.keyword":"denied",
|
|
586
|
+
},
|
|
587
|
+
{
|
|
588
|
+
"permissions.orgId.keyword":"*",
|
|
589
|
+
"permissions.roleId.keyword":roleId,
|
|
590
|
+
"permissions.list.keyword":"denied",
|
|
591
|
+
},
|
|
592
|
+
{
|
|
593
|
+
"permissions.orgId.keyword":orgId,
|
|
594
|
+
"permissions.roleId.keyword":roleId,
|
|
595
|
+
"permissions.list.keyword":"denied",
|
|
596
|
+
},
|
|
597
|
+
{
|
|
598
|
+
"permissions.orgId.keyword":"*",
|
|
599
|
+
"permissions.roleId.keyword":roleId,
|
|
600
|
+
"permissions.list.keyword":"denied",
|
|
601
|
+
},
|
|
602
|
+
{
|
|
603
|
+
"permissions.userId.keyword":userId,
|
|
604
|
+
"permissions.list.keyword":"denied",
|
|
605
|
+
}
|
|
606
|
+
]);
|
|
607
|
+
|
|
608
|
+
return {
|
|
609
|
+
bool:{
|
|
610
|
+
should:filters,
|
|
611
|
+
must_not:excludeFilters
|
|
612
|
+
}
|
|
613
|
+
};
|
|
614
|
+
}
|
|
615
|
+
|
|
516
616
|
|
|
517
617
|
|
|
518
618
|
|
|
@@ -44,7 +44,9 @@ function buildSort(sort){
|
|
|
44
44
|
var loginId = env.loginId;
|
|
45
45
|
var roleId = env.roleId;
|
|
46
46
|
var orgId = env.orgId;
|
|
47
|
-
|
|
47
|
+
var spec = @spec;
|
|
48
|
+
var tableId = 'owl_' + spec._t;
|
|
49
|
+
var permissions = getPermissions(roleId,tableId);
|
|
48
50
|
var m = shopId;
|
|
49
51
|
///////////////////////////////
|
|
50
52
|
|
|
@@ -137,7 +139,8 @@ function buildSort(sort){
|
|
|
137
139
|
|
|
138
140
|
var filters = getFilters();
|
|
139
141
|
|
|
140
|
-
|
|
142
|
+
var permissionFilter = getListPermissionFilter(tableId,roleId,loginId,permissions);
|
|
143
|
+
filters.push(permissionFilter);
|
|
141
144
|
if(recycleBin){
|
|
142
145
|
filters.push({"term":{"del.keyword":"T"}});
|
|
143
146
|
var query = {
|