owl-cli 6.37.0 → 6.38.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/defaultTemplate/api/src/handlers/include/checklogin.jsx +165 -55
  2. package/package.json +1 -1
package/defaultTemplate/api/src/handlers/include/checklogin.jsx CHANGED
@@ -76,13 +76,19 @@ function checklogin() {
76
76
  function getPermissions(roleId, tableId) {
77
77
  var searchArgs = {
78
78
  roleId: roleId,
79
- tableId: tableId
80
- }
81
- var sr = owl_permissionService.search("0", searchArgs, null, 0, 10000, null);
82
- if (sr.state === 'ok') {
79
+ tables:{
80
+ type:"or",
81
+ args:[
82
+ { tableId: tableId},
83
+ { tableId: "*"}
84
+ ]
85
+ }
86
+ }
87
+ var sr = owl_permissionService.search("0", searchArgs, null, 0, 10000, null);
88
+ if (sr.state === 'ok') {
83
89
  return sr.list;
84
- }
85
- return [];
90
+ }
91
+ return [];
86
92
  }
87
93
 
88
94
  function expandTablePermission(permissions) {
@@ -518,82 +524,186 @@ function merge(oldObj,newObj,permissions,orgId){
518
524
 
519
525
  }
520
526
 
521
- function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
522
- //获得有权限的对象的filter
523
- var tp = expandTablePermission(permissions);
524
- // $.log("tp=" + JSON.stringify(tp));
527
+ function getObjectPermissionFilter(tableId, roleId,orgId,userId){
525
528
  var filters = [];
526
529
  var excludeFilters = [];
527
530
 
528
-
529
- if(tp.same_org.list==='allowed' && tp.sub_org.list==='denied' && orgId!='0') {
530
- //只能读取本组织的数据
531
- filters.push({"term": {"_orgId.keyword": orgId}});
532
- }
533
- else if(tp.same_org.list==='allowed' && tp.sub_org.list==='allowed' && orgId!='0'){
534
- filters.push({"term": {"_orgIds.keyword": orgId}});
535
- }
536
-
537
- filters.concat([
531
+ filters = [
538
532
  {
539
- "permissions.orgId.keyword":orgId,
540
- "permissions.roleId.keyword":roleId,
541
- "permissions.list.keyword":"allowed",
533
+ bool: {
534
+ filter:[
535
+ {term:{"permissions.orgId.keyword":orgId}},
536
+ {term:{"permissions.roleId.keyword":roleId}},
537
+ {term:{"permissions.list.keyword":"allowed"}}
538
+ ]
539
+ }
542
540
  },
543
541
  {
544
- "permissions.orgId.keyword":orgId,
545
- "permissions.roleId.keyword":"*",
546
- "permissions.list.keyword":"allowed",
542
+ bool: {
543
+ filter:[
544
+ {term:{"permissions.orgId.keyword":orgId}},
545
+ {term:{"permissions.roleId.keyword":"*"}},
546
+ {term:{"permissions.list.keyword":"allowed"}}
547
+ ]
548
+ }
547
549
  },
548
550
  {
549
- "permissions.orgId.keyword":"*",
550
- "permissions.roleId.keyword":roleId,
551
- "permissions.list.keyword":"allowed",
551
+ bool: {
552
+ filter:[
553
+ {term:{"permissions.orgId.keyword":"*"}},
554
+ {term:{"permissions.roleId.keyword":roleId}},
555
+ {term:{"permissions.list.keyword":"allowed"}}
556
+ ]
557
+ }
552
558
  },
553
559
  {
554
- "permissions.orgId.keyword":"*",
555
- "permissions.roleId.keyword":"*",
556
- "permissions.list.keyword":"allowed",
560
+ bool: {
561
+ filter:[
562
+ {term:{"permissions.orgId.keyword":"*"}},
563
+ {term:{"permissions.roleId.keyword":"*"}},
564
+ {term:{"permissions.list.keyword":"allowed"}}
565
+ ]
566
+ }
557
567
  },
558
568
  {
559
- "permissions.userId.keyword":userId,
560
- "permissions.list.keyword":"allowed",
569
+ bool: {
570
+ filter:[
571
+ {term:{"permissions.userId.keyword":userId}},
572
+ {term:{"permissions.list.keyword":"allowed"}}
573
+ ]
574
+ }
561
575
  },
562
576
  {
563
- "permissions.userId":"*",
564
- "permissions.list.keyword":"allowed",
577
+ bool: {
578
+ filter:[
579
+ {term:{"permissions.userId.keyword":"*"}},
580
+ {term:{"permissions.list.keyword":"allowed"}}
581
+ ]
582
+ }
565
583
  }
566
- ]);
584
+ ];
567
585
  //获取对象本身的权限
568
586
 
569
- excludeFilters.concat([
587
+ excludeFilters= [
588
+ {
589
+ bool: {
590
+ filter:[
591
+ {term:{"permissions.orgId.keyword":orgId}},
592
+ {term:{"permissions.roleId.keyword":roleId}},
593
+ {term:{"permissions.list.keyword":"denied"}}
594
+ ]
595
+ }
596
+ },
597
+ {
598
+ bool: {
599
+ filter:[
600
+ {term:{"permissions.orgId.keyword":orgId}},
601
+ {term:{"permissions.roleId.keyword":"*"}},
602
+ {term:{"permissions.list.keyword":"denied"}}
603
+ ]
604
+ }
605
+ },
570
606
  {
571
- "permissions.orgId.keyword":orgId,
572
- "permissions.roleId.keyword":roleId,
573
- "permissions.list.keyword":"denied",
607
+ bool: {
608
+ filter:[
609
+ {term:{"permissions.orgId.keyword":"*"}},
610
+ {term:{"permissions.roleId.keyword":roleId}},
611
+ {term:{"permissions.list.keyword":"denied"}}
612
+ ]
613
+ }
574
614
  },
575
615
  {
576
- "permissions.orgId.keyword":orgId,
577
- "permissions.roleId.keyword":"*",
578
- "permissions.list.keyword":"denied",
616
+ bool: {
617
+ filter:[
618
+ {term:{"permissions.orgId.keyword":"*"}},
619
+ {term:{"permissions.roleId.keyword":"*"}},
620
+ {term:{"permissions.list.keyword":"denied"}}
621
+ ]
622
+ }
579
623
  },
580
624
  {
581
- "permissions.orgId.keyword":"*",
582
- "permissions.roleId.keyword":roleId,
583
- "permissions.list.keyword":"denied",
625
+ bool: {
626
+ filter:[
627
+ {term:{"permissions.userId.keyword":userId}},
628
+ {term:{"permissions.list.keyword":"denied"}}
629
+ ]
630
+ }
584
631
  },
585
632
  {
586
- "permissions.userId.keyword":userId,
587
- "permissions.list.keyword":"denied",
633
+ bool: {
634
+ filter:[
635
+ {term:{"permissions.userId.keyword":"*"}},
636
+ {term:{"permissions.list.keyword":"denied"}}
637
+ ]
638
+ }
639
+ }
640
+ ];
641
+ return [filters,excludeFilters]
642
+ }
643
+ function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
644
+ if(userId==='0'){
645
+ return null;
646
+ }
647
+ //获得有权限的对象的filter
648
+ var tp = expandTablePermission(permissions);
649
+ // $.log("tp=" + JSON.stringify(tp));
650
+ var filters = [];
651
+ var excludeFilters = [];
652
+
653
+ //如果有listAll
654
+
655
+ if(tp.same_org.listall==='allowed' || tp.sub_org.listall==='allowed') {
656
+ //只能读取本组织的数据
657
+ var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
658
+ var orgFilter = {
659
+ "term": {"_orgId.keyword": orgId}
660
+ };
661
+ if(tp.sub_org.listall==='allowed'){
662
+ if(orgId!='0'){
663
+ orgFilter = {
664
+ "term": {"_orgIds.keyword": orgId}
665
+ }
666
+ }
667
+ else{
668
+ orgFilter = { "match_all": {}};
669
+ }
670
+ }
671
+ if(tp.same_org.listall!=='allowed'){
672
+ orgFilter = {
673
+ bool:{
674
+ filter:[{
675
+ "term": {"_orgIds.keyword": orgId}
676
+ }],
677
+ must_not:[{
678
+ "term": {"_orgId.keyword": orgId}
679
+ }],
680
+ }
681
+ }
682
+ }
683
+ var shouldFilters = objFilters[0];
684
+ if(orgFilter){
685
+ shouldFilters.push(orgFilter);
686
+ }
687
+ //组合对象允许的
688
+ return {
689
+ bool:{
690
+ should:shouldFilters,
691
+ must_not:objFilters[1]
692
+ }
588
693
  }
589
- ]);
694
+ }
695
+ else {
696
+ var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
590
697
 
591
- return {
592
- bool:{
593
- should:filters,
594
- must_not:excludeFilters
698
+ return {
699
+ bool:{
700
+ should:objFilters[0],
701
+ must_not:objFilters[1]
702
+ }
595
703
  }
596
- };
704
+ }
705
+
706
+
597
707
  }
598
708
 
599
709
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "owl-cli",
3
- "version": "6.37.0",
3
+ "version": "6.38.0",
4
4
  "main": "index.js",
5
5
  "preferGlobal": true,
6
6
  "bin": {