模型发布阅览权限控制

com.actionsoft.apps.coe.pal/src/com/actionsoft/apps/coe/pal/pal/repository/PALRepositoryQueryAPIManager.java

@@ -26,6 +26,7 @@ import com.actionsoft.apps.coe.pal.pal.repository.upfile.constant.CoeFileConstan
 import com.actionsoft.apps.coe.pal.pal.repository.web.CoeProcessLevelWeb;
 import com.actionsoft.apps.coe.pal.util.HighSecurityUtil;
 import com.actionsoft.apps.resource.plugin.profile.DCPluginProfile;
+import com.actionsoft.bpms.bo.engine.BO;
 import com.actionsoft.bpms.bpmn.engine.cache.ProcessDefCache;
 import com.actionsoft.bpms.bpmn.modeler.constant.BPMNConstant;
 import com.actionsoft.bpms.bpmn.modeler.constant.BPMNFileConstant;
@@ -38,8 +39,10 @@ import com.actionsoft.bpms.commons.login.constant.LoginConst;
 import com.actionsoft.bpms.commons.mvc.view.ResponseObject;
 import com.actionsoft.bpms.commons.security.high.HighSecurity;
 import com.actionsoft.bpms.org.cache.DepartmentCache;
+import com.actionsoft.bpms.org.cache.UserMapCache;
 import com.actionsoft.bpms.org.model.DepartmentModel;
 import com.actionsoft.bpms.org.model.RoleModel;
+import com.actionsoft.bpms.org.model.UserMapModel;
 import com.actionsoft.bpms.org.model.UserModel;
 import com.actionsoft.bpms.server.DispatcherRequest;
 import com.actionsoft.bpms.server.SSOUtil;
@@ -3450,6 +3453,8 @@ public class PALRepositoryQueryAPIManager {
 	}
 
 
+
+
 	/**
 	 * 流程发布门户详情页面
 	 *
@@ -3483,6 +3488,14 @@ public class PALRepositoryQueryAPIManager {
 				throw new AWSException("该流程当前状态为未发布状态，不允许打开");
 			}
 		}
+
+		// 新的权限校验，若是该模型已发布，按照权限范围表中的权限控制是否可访问，若是该模型尚未发布（例如在发布过程中、已停用等），则不进行权限控制，都可访问
+		if (model.isPublish()) {
+			if (!hasAccessPortalDesignerPerm(uc, model)) {
+				return AlertWindow.getWarningMessagePage("打开失败", "无该文件查看权限");
+			}
+		}
+
 		if (UtilString.isEmpty(taskId)) {// 停用或已发布状态查询流程手册
 			taskId = getProcessReportTaskId(model);
 		}
@@ -3494,6 +3507,73 @@ public class PALRepositoryQueryAPIManager {
 		return web.getPortalDesignerHtml(uuid, upVisit, taskId);// 返回页面
 	}
 
+	public boolean hasAccessPortalDesignerPerm(UserContext uc, PALRepositoryModel model) {
+		String newBoName = "BO_ACT_PUBLISH_PERM_SCOPE";
+		BO bo = SDK.getBOAPI().query(newBoName).addQuery("PALVERSIONID=", model.getVersionId()).detail();
+		if (bo == null) {
+			return false;
+		}
+		String permType = bo.getString("PERMTYPE");
+		if ("1".equals(permType)) {// 全集团，都有权限
+			return true;
+		}
+		// 判断组织权限
+		String orgPerm = bo.getString("ORGPERM");
+		if (UtilString.isNotEmpty(orgPerm)) {
+			// 兼职
+			Set<String> deptIdSet = new HashSet<>();
+			String [] deptIds = orgPerm.split(",");
+			for (int i = 0; i < deptIds.length; i++) {
+				if (UtilString.isNotEmpty(deptIds[i])) {
+					String deptId = deptIds[i];
+					deptIdSet.add(deptId);
+					queryChildDeptList(deptId, deptIdSet);
+				}
+			}
+			// 判断用户的所属部门
+			String currUserDeptId = uc.getDepartmentModel().getId();
+			if (deptIdSet.contains(currUserDeptId)) {
+				return true;
+			}
+			// 判断用户的兼职部门
+			List<UserMapModel> userMapModels = UserMapCache.getMapListOfUser(uc.getUID());
+			for (UserMapModel mapModel : userMapModels) {
+				if (deptIdSet.contains(mapModel.getDepartmentId())) {
+					return true;
+				}
+			}
+		}
+		// 判断岗位权限
+		String postPerm = bo.getString("POSTPERM");
+		if (UtilString.isNotEmpty(postPerm)) {
+			String positionNo = uc.getUserModel().getPositionNo();
+			String [] positionIds = postPerm.split(",");
+			Set<String> positionIdSet = new HashSet<>();
+			for (int i = 0; i < positionIds.length; i++) {
+				positionIdSet.add(positionIds[i]);
+			}
+			if (positionIdSet.contains(positionNo)) {
+				return true;
+			}
+		}
+		// 判断职级权限
+		String levelPerm = bo.getString("LEVELPERM");
+		if (UtilString.isNotEmpty(levelPerm)) {
+			// todo 待完善
+		}
+		return false;
+	}
+
+	private void queryChildDeptList(String pid, Set<String> deptIdSet) {
+		List<DepartmentModel> list = SDK.getORGAPI().getSubDepartments(pid);
+		if (list != null && list.size() > 0) {
+			for (DepartmentModel child : list) {
+				deptIdSet.add(child.getId());
+				queryChildDeptList(child.getId(), deptIdSet);
+			}
+		}
+	}
+
 	/**
 	 * 查询流程的最新流程手册id
 	 *