owl-cli 6.37.0 → 6.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/defaultTemplate/api/src/handlers/include/checklogin.jsx +173 -60
  2. package/package.json +1 -1
package/defaultTemplate/api/src/handlers/include/checklogin.jsx CHANGED
@@ -76,23 +76,26 @@ function checklogin() {
76
76
  function getPermissions(roleId, tableId) {
77
77
  var searchArgs = {
78
78
  roleId: roleId,
79
- tableId: tableId
80
- }
81
- var sr = owl_permissionService.search("0", searchArgs, null, 0, 10000, null);
82
- if (sr.state === 'ok') {
79
+ tables:{
80
+ type:"or",
81
+ args:[
82
+ { tableId: tableId},
83
+ { tableId: "*"}
84
+ ]
85
+ }
86
+ }
87
+ var sr = owl_permissionService.search("0", searchArgs, null, 0, 10000, null);
88
+ if (sr.state === 'ok') {
83
89
  return sr.list;
84
- }
85
- return [];
90
+ }
91
+ return [];
86
92
  }
87
93
 
88
94
  function expandTablePermission(permissions) {
89
95
  // $.log("expandTablePermission,permissions=" + JSON.stringify(per?missions))
90
- var same_org = {
91
- };
96
+ var same_org = {};
92
97
 
93
- var sub_org = {
94
-
95
- };
98
+ var sub_org = { };
96
99
 
97
100
  for (var i = 0; i < permissions.length; i++) {
98
101
  var p = permissions[i];
@@ -111,6 +114,9 @@ function expandTablePermission(permissions) {
111
114
  if(same_org.list!='denied' && p.permission_same_org && p.permission_same_org.list){
112
115
  same_org.list = p.permission_same_org.add;
113
116
  }
117
+ if(same_org.listall!='denied' && p.permission_same_org && p.permission_same_org.listall){
118
+ same_org.listall = p.permission_same_org.add;
119
+ }
114
120
 
115
121
  if(sub_org.read!='denied' && p.permission_sub_org && p.permission_sub_org.read){
116
122
  sub_org.read = p.permission_sub_org.read;
@@ -127,6 +133,9 @@ function expandTablePermission(permissions) {
127
133
  if(sub_org.list!='denied' && p.permission_sub_org && p.permission_sub_org.list){
128
134
  sub_org.list = p.permission_sub_org.list;
129
135
  }
136
+ if(sub_org.listall!='denied' && p.permission_sub_org && p.permission_sub_org.listall){
137
+ sub_org.listall = p.permission_sub_org.listall;
138
+ }
130
139
  }
131
140
 
132
141
  return {
@@ -518,82 +527,186 @@ function merge(oldObj,newObj,permissions,orgId){
518
527
 
519
528
  }
520
529
 
521
- function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
522
- //获得有权限的对象的filter
523
- var tp = expandTablePermission(permissions);
524
- // $.log("tp=" + JSON.stringify(tp));
530
+ function getObjectPermissionFilter(tableId, roleId,orgId,userId){
525
531
  var filters = [];
526
532
  var excludeFilters = [];
527
533
 
528
-
529
- if(tp.same_org.list==='allowed' && tp.sub_org.list==='denied' && orgId!='0') {
530
- //只能读取本组织的数据
531
- filters.push({"term": {"_orgId.keyword": orgId}});
532
- }
533
- else if(tp.same_org.list==='allowed' && tp.sub_org.list==='allowed' && orgId!='0'){
534
- filters.push({"term": {"_orgIds.keyword": orgId}});
535
- }
536
-
537
- filters.concat([
534
+ filters = [
538
535
  {
539
- "permissions.orgId.keyword":orgId,
540
- "permissions.roleId.keyword":roleId,
541
- "permissions.list.keyword":"allowed",
536
+ bool: {
537
+ filter:[
538
+ {term:{"permissions.orgId.keyword":orgId}},
539
+ {term:{"permissions.roleId.keyword":roleId}},
540
+ {term:{"permissions.list.keyword":"allowed"}}
541
+ ]
542
+ }
542
543
  },
543
544
  {
544
- "permissions.orgId.keyword":orgId,
545
- "permissions.roleId.keyword":"*",
546
- "permissions.list.keyword":"allowed",
545
+ bool: {
546
+ filter:[
547
+ {term:{"permissions.orgId.keyword":orgId}},
548
+ {term:{"permissions.roleId.keyword":"*"}},
549
+ {term:{"permissions.list.keyword":"allowed"}}
550
+ ]
551
+ }
547
552
  },
548
553
  {
549
- "permissions.orgId.keyword":"*",
550
- "permissions.roleId.keyword":roleId,
551
- "permissions.list.keyword":"allowed",
554
+ bool: {
555
+ filter:[
556
+ {term:{"permissions.orgId.keyword":"*"}},
557
+ {term:{"permissions.roleId.keyword":roleId}},
558
+ {term:{"permissions.list.keyword":"allowed"}}
559
+ ]
560
+ }
552
561
  },
553
562
  {
554
- "permissions.orgId.keyword":"*",
555
- "permissions.roleId.keyword":"*",
556
- "permissions.list.keyword":"allowed",
563
+ bool: {
564
+ filter:[
565
+ {term:{"permissions.orgId.keyword":"*"}},
566
+ {term:{"permissions.roleId.keyword":"*"}},
567
+ {term:{"permissions.list.keyword":"allowed"}}
568
+ ]
569
+ }
557
570
  },
558
571
  {
559
- "permissions.userId.keyword":userId,
560
- "permissions.list.keyword":"allowed",
572
+ bool: {
573
+ filter:[
574
+ {term:{"permissions.userId.keyword":userId}},
575
+ {term:{"permissions.list.keyword":"allowed"}}
576
+ ]
577
+ }
561
578
  },
562
579
  {
563
- "permissions.userId":"*",
564
- "permissions.list.keyword":"allowed",
580
+ bool: {
581
+ filter:[
582
+ {term:{"permissions.userId.keyword":"*"}},
583
+ {term:{"permissions.list.keyword":"allowed"}}
584
+ ]
585
+ }
565
586
  }
566
- ]);
587
+ ];
567
588
  //获取对象本身的权限
568
589
 
569
- excludeFilters.concat([
590
+ excludeFilters= [
570
591
  {
571
- "permissions.orgId.keyword":orgId,
572
- "permissions.roleId.keyword":roleId,
573
- "permissions.list.keyword":"denied",
592
+ bool: {
593
+ filter:[
594
+ {term:{"permissions.orgId.keyword":orgId}},
595
+ {term:{"permissions.roleId.keyword":roleId}},
596
+ {term:{"permissions.list.keyword":"denied"}}
597
+ ]
598
+ }
599
+ },
600
+ {
601
+ bool: {
602
+ filter:[
603
+ {term:{"permissions.orgId.keyword":orgId}},
604
+ {term:{"permissions.roleId.keyword":"*"}},
605
+ {term:{"permissions.list.keyword":"denied"}}
606
+ ]
607
+ }
574
608
  },
575
609
  {
576
- "permissions.orgId.keyword":orgId,
577
- "permissions.roleId.keyword":"*",
578
- "permissions.list.keyword":"denied",
610
+ bool: {
611
+ filter:[
612
+ {term:{"permissions.orgId.keyword":"*"}},
613
+ {term:{"permissions.roleId.keyword":roleId}},
614
+ {term:{"permissions.list.keyword":"denied"}}
615
+ ]
616
+ }
579
617
  },
580
618
  {
581
- "permissions.orgId.keyword":"*",
582
- "permissions.roleId.keyword":roleId,
583
- "permissions.list.keyword":"denied",
619
+ bool: {
620
+ filter:[
621
+ {term:{"permissions.orgId.keyword":"*"}},
622
+ {term:{"permissions.roleId.keyword":"*"}},
623
+ {term:{"permissions.list.keyword":"denied"}}
624
+ ]
625
+ }
584
626
  },
585
627
  {
586
- "permissions.userId.keyword":userId,
587
- "permissions.list.keyword":"denied",
628
+ bool: {
629
+ filter:[
630
+ {term:{"permissions.userId.keyword":userId}},
631
+ {term:{"permissions.list.keyword":"denied"}}
632
+ ]
633
+ }
634
+ },
635
+ {
636
+ bool: {
637
+ filter:[
638
+ {term:{"permissions.userId.keyword":"*"}},
639
+ {term:{"permissions.list.keyword":"denied"}}
640
+ ]
641
+ }
588
642
  }
589
- ]);
643
+ ];
644
+ return [filters,excludeFilters]
645
+ }
646
+ function getListPermissionFilter(tableId, roleId,orgId,userId, permissions){
647
+ if(userId==='0'){
648
+ return null;
649
+ }
650
+ //获得有权限的对象的filter
651
+ var tp = expandTablePermission(permissions);
652
+ // $.log("tp=" + JSON.stringify(tp));
653
+ var filters = [];
654
+ var excludeFilters = [];
590
655
 
591
- return {
592
- bool:{
593
- should:filters,
594
- must_not:excludeFilters
656
+ //如果有listAll
657
+
658
+ if(tp.same_org.listall==='allowed' || tp.sub_org.listall==='allowed') {
659
+ //只能读取本组织的数据
660
+ var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
661
+ var orgFilter = {
662
+ "term": {"_orgId.keyword": orgId}
663
+ };
664
+ if(tp.sub_org.listall==='allowed'){
665
+ if(orgId!='0'){
666
+ orgFilter = {
667
+ "term": {"_orgIds.keyword": orgId}
668
+ }
669
+ }
670
+ else{
671
+ orgFilter = { "match_all": {}};
672
+ }
595
673
  }
596
- };
674
+ if(tp.same_org.listall!=='allowed'){
675
+ orgFilter = {
676
+ bool:{
677
+ filter:[{
678
+ "term": {"_orgIds.keyword": orgId}
679
+ }],
680
+ must_not:[{
681
+ "term": {"_orgId.keyword": orgId}
682
+ }],
683
+ }
684
+ }
685
+ }
686
+ var shouldFilters = objFilters[0];
687
+ if(orgFilter){
688
+ shouldFilters.push(orgFilter);
689
+ }
690
+ //组合对象允许的
691
+ return {
692
+ bool:{
693
+ should:shouldFilters,
694
+ must_not:objFilters[1]
695
+ }
696
+ }
697
+ }
698
+ else {
699
+ var objFilters = getObjectPermissionFilter(tableId, roleId,orgId,userId, permissions);
700
+
701
+ return {
702
+ bool:{
703
+ should:objFilters[0],
704
+ must_not:objFilters[1]
705
+ }
706
+ }
707
+ }
708
+
709
+
597
710
  }
598
711
 
599
712
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "owl-cli",
3
- "version": "6.37.0",
3
+ "version": "6.39.0",
4
4
  "main": "index.js",
5
5
  "preferGlobal": true,
6
6
  "bin": {