diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionInterceptor.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionInterceptor.java index 327de97..0a0937d 100644 --- a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionInterceptor.java +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionInterceptor.java @@ -137,7 +137,9 @@ public class DataPermissionInterceptor { return; } - Optional matchDataObjectOptional = this.matchRule(dataPermission, httpRequest); + Long responseBodyWorkspaceId = getRequestBodyWorkspaceId(httpRequest, dataPermission); + + Optional matchDataObjectOptional = this.matchRule(dataPermission, responseBodyWorkspaceId); if (!matchDataObjectOptional.isPresent()) { log.warn("no match data rule, bizCode:{}, personId:{}, ouId:{}, workspaceId:{}", dataPermission.bizCode(), @@ -149,7 +151,7 @@ public class DataPermissionInterceptor { DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.DataPermissionContext.builder() .dataPermission(dataPermission) - .workspaceId(contextInfo.getWorkspaceId()) + .workspaceId(Objects.nonNull(responseBodyWorkspaceId) ? responseBodyWorkspaceId : contextInfo.getWorkspaceId()) .ouId(contextInfo.getOuId()) .personId(contextInfo.getUserInfo().getPersonId()) .resultKey(matchDataObjectOptional.get().getResultKey()) @@ -158,22 +160,14 @@ public class DataPermissionInterceptor { DataPermissionContextHolder.setContext(dataPermissionContext); } - private Optional matchRule(DataPermission dataPermission, HttpServletRequest httpRequest) { + private Optional matchRule(DataPermission dataPermission, Long responseBodyWorkspaceId) { ContextInfo contextInfo = ContextInfoHolder.get(); - Long workspaceId = null; - String requestBodyWorkspaceId = dataPermission.requestBodyWorkspaceId(); - if (StringUtils.isNotBlank(requestBodyWorkspaceId)) { - workspaceId = getRequestBodyWorkspaceId(httpRequest, requestBodyWorkspaceId); - } - if (Objects.isNull(workspaceId)) { - workspaceId = contextInfo.getWorkspaceId(); - } MatchDataObjectReq matchDataObjectReq = MatchDataObjectReq.builder() .dataObjectCode(dataPermission.bizCode()) .ouId(contextInfo.getOuId()) - .workspaceId(workspaceId) + .workspaceId(Objects.nonNull(responseBodyWorkspaceId) ? responseBodyWorkspaceId : contextInfo.getWorkspaceId()) .personId(contextInfo.getUserInfo().getPersonId()) .build(); @@ -202,12 +196,16 @@ public class DataPermissionInterceptor { return dataPermissionContext; } - private Long getRequestBodyWorkspaceId(HttpServletRequest httpRequest, String requestBodyWorkspaceIdKey) { + private Long getRequestBodyWorkspaceId(HttpServletRequest httpRequest, DataPermission dataPermission) { try { + String requestBodyWorkspaceId = dataPermission.requestBodyWorkspaceId(); + if (StringUtils.isBlank(requestBodyWorkspaceId)) { + return null; + } String requestBody = httpRequest.getReader().lines().collect(Collectors.joining(System.lineSeparator())); ObjectMapper mapper = new ObjectMapper(); JsonNode rootNode = mapper.readTree(requestBody); - String workspaceId = rootNode.path(requestBodyWorkspaceIdKey).asText(); + String workspaceId = rootNode.path(requestBodyWorkspaceId).asText(); if (StringUtils.isNotBlank(workspaceId)) { return Long.valueOf(workspaceId); }