chakra-coder
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationHolder.java
Lines changed: 24 additions & 1 deletion b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationHolder.java
Lines changed: 24 additions & 1 deletion
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationSupplier.java
Lines changed: 3 additions & 2 deletions b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/AuthorizationSupplier.java
Lines changed: 3 additions & 2 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Role.java
Lines changed: 9 additions & 1 deletion b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/Role.java
Lines changed: 9 additions & 1 deletion
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/User.java
Lines changed: 11 additions & 1 deletion b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/User.java
Lines changed: 11 additions & 1 deletion
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/CustomDataAccess.java
Lines changed: 4 additions & 2 deletions b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/CustomDataAccess.java
Lines changed: 4 additions & 2 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccess.java
Lines changed: 31 additions & 1 deletion b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccess.java
Lines changed: 31 additions & 1 deletion
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessController.java
Lines changed: 9 additions & 1 deletion b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessController.java
Lines changed: 9 additions & 1 deletion
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessHandler.java
Lines changed: 15 additions & 2 deletions b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/DataAccessHandler.java
Lines changed: 15 additions & 2 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/OwnCreatedDataAccess.java
Lines changed: 3 additions & 0 deletions b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/OwnCreatedDataAccess.java
Lines changed: 3 additions & 0 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/ParamContext.java
Lines changed: 38 additions & 2 deletions b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/ParamContext.java
Lines changed: 38 additions & 2 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/ScriptDataAccess.java
Lines changed: 3 additions & 0 deletions b/‎hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/access/ScriptDataAccess.java
Lines changed: 3 additions & 0 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java
Lines changed: 22 additions & 11 deletions b/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java
Lines changed: 22 additions & 11 deletions
diff --git a/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultDataAccessController.java
Lines changed: 1 addition & 1 deletion b/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/DefaultDataAccessController.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/FieldAccessAnnotationMethodInterceptor.java
Lines changed: 1 addition & 1 deletion b/‎hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/FieldAccessAnnotationMethodInterceptor.java
Lines changed: 1 addition & 1 deletion
@@ -1,14 +1,37 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
 package org.hswebframework.web.authorization;
 
 /**
- * TODO 完成注释
+ * 权限获取器,用于静态方式获取当前登录用户的权限信息
  *
  * @author zhouhao
+ * @see AuthorizationSupplier
+ * @since 3.0
  */
 public final class AuthorizationHolder {
     private static AuthorizationSupplier supplier;
 
     public static Authorization get() {
+        if (null == supplier) {
+            throw new UnsupportedOperationException("AuthorizationSupplier is null!");
+        }
         return supplier.get();
     }
 
 
@@ -20,9 +20,10 @@
 import java.util.function.Supplier;
 
 /**
- * TODO 完成注释
- *
  * @author zhouhao
+ * @see Supplier
+ * @see Authorization
+ * @see AuthorizationHolder
  */
 public interface AuthorizationSupplier extends Supplier<Authorization> {
 }
@@ -20,12 +20,20 @@
 import java.io.Serializable;
 
 /**
- * TODO 完成注释
+ * 角色信息
  *
  * @author zhouhao
  */
 public interface Role extends Serializable {
+
+    /**
+     * @return 角色ID
+     */
     String getId();
 
+    /**
+     *
+     * @return 角色名
+     */
     String getName();
 }
@@ -20,14 +20,24 @@
 import java.io.Serializable;
 
 /**
- * TODO 完成注释
+ * 用户信息
  *
  * @author zhouhao
+ * @since 3.0
  */
 public interface User extends Serializable {
+    /**
+     * @return 用户ID
+     */
     String getId();
 
+    /**
+     * @return 用户名
+     */
     String getUsername();
 
+    /**
+     * @return 姓名
+     */
     String getName();
 }
@@ -1,11 +1,13 @@
 package org.hswebframework.web.authorization.access;
 
 /**
- * TODO 完成注释
- *
  * @author zhouhao
  * @see DataAccess.Type#CUSTOM
  */
 public interface CustomDataAccess extends DataAccess {
     DataAccessController getController();
+
+    default String getType() {
+        return Type.CUSTOM.name();
+    }
 }
@@ -1,3 +1,21 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
 package org.hswebframework.web.authorization.access;
 
 
@@ -6,7 +24,8 @@
 import java.io.Serializable;
 
 /**
- * 数据级的权限控制
+ * 数据级的权限控制,此接口为控制方式配置
+ * 具体的控制逻辑由控制器{@link DataAccessController}实现
  *
  * @author zhouhao
  * @see org.hswebframework.web.authorization.access.CustomDataAccess
@@ -27,6 +46,17 @@ public interface DataAccess extends Serializable {
      */
     String getAction();
 
+    /**
+     * 控制方式标识
+     *
+     * @return 控制方式
+     * @see Type#name()
+     */
+    String getType();
+
+    /**
+     * 内置3中控制方式
+     */
     enum Type {
         OWN_CREATED("自己创建的数据"),
         SCRIPT("脚本"),
 
@@ -1,10 +1,18 @@
 package org.hswebframework.web.authorization.access;
 
 /**
- * TODO 完成注释
+ * 数据级别权限控制器,通过此控制器对当前登录用户进行的操作进行数据级别的权限控制。
+ * 如：A用户只能查询自己创建的B数据,A用户只能修改自己创建的B数据
  *
  * @author zhouhao
+ * @see 3.0
  */
 public interface DataAccessController {
+    /**
+     * 执行权限控制
+     * @param access 控制方式以及配置
+     * @param params 当前操作的方法的参数上下文
+     * @return
+     */
     boolean doAccess(DataAccess access, ParamContext params);
 }
@@ -1,13 +1,26 @@
 package org.hswebframework.web.authorization.access;
 
 /**
- * TODO 完成注释
+ * 数据级别权限控制处理器接口,负责处理支持的权限控制配置
  *
  * @author zhouhao
  */
 public interface DataAccessHandler {
 
+    /**
+     * 是否支持处理此配置
+     *
+     * @param access 控制配置
+     * @return 是否支持
+     */
     boolean isSupport(DataAccess access);
 
-    boolean doAccess(DataAccess access, ParamContext context);
+    /**
+     * 执行处理,返回处理结果
+     *
+     * @param access  控制配置
+     * @param context 参数上下文
+     * @return 处理结果
+     */
+    boolean handle(DataAccess access, ParamContext context);
 }
@@ -6,4 +6,7 @@
  * @author zhouhao
  */
 public interface OwnCreatedDataAccess extends DataAccess {
+    default String getType() {
+        return Type.OWN_CREATED.name();
+    }
 }
@@ -2,21 +2,57 @@
 
 import java.io.Serializable;
 import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
 import java.util.Map;
 import java.util.Optional;
 
 /**
- * TODO 完成注释
+ * 参数上下文，用于获取当前进行操作的方法的各种参数信息，如:当前所在类实例，参数集合，注解
  *
  * @author zhouhao
+ * @see 3.0
  */
 public interface ParamContext extends Serializable {
 
+    /**
+     * 获取当前类实例
+     *
+     * @return 类实例对象
+     */
     Object getTarget();
 
+    /**
+     * 当前操作的方法
+     *
+     * @return 方法实例
+     */
+    Method getMethod();
+
+    /**
+     * 根据参数名获取参数值,此参数为方法的参数,而非http参数 <br/>
+     * 如：当前被操作的方法为 query(QueryParam param); 调用getParameter("param"); 则返回QueryParam实例<br/>
+     * 注意:返回值为Optional对象,使用方法见{@link Optional}<br/>
+     *
+     * @param name 参数名称
+     * @param <T>  参数泛型
+     * @return Optional
+     */
     <T> Optional<T> getParameter(String name);
 
-    <T extends Annotation> T getAnnotation();
+    /**
+     * 获取当前操作方法或实例上指定类型的泛型,如果方法上未获取到,则获取实例类上的注解。实例类上未获取到,则返回null
+     *
+     * @param type 注解的类型
+     * @param <T>  注解泛型
+     * @return 注解
+     */
+    <T extends Annotation> T getAnnotation(Class<T> type);
 
+    /**
+     * 获取全部参数
+     *
+     * @return 参数集合
+     * @see this#getParameter(String)
+     */
     Map<String, Object> getParams();
 }
@@ -6,6 +6,9 @@
  * @author zhouhao
  */
 public interface ScriptDataAccess extends DataAccess {
+    default String getType() {
+        return Type.CUSTOM.name();
+    }
 
     /**
      * 脚本语言: javascript(js),groovy
 
@@ -22,6 +22,7 @@
 import org.apache.shiro.authz.aop.AuthorizingAnnotationMethodInterceptor;
 import org.hsweb.expands.script.engine.DynamicScriptEngine;
 import org.hsweb.expands.script.engine.DynamicScriptEngineFactory;
+import org.hswebframework.web.ApplicationContextHolder;
 import org.hswebframework.web.BusinessException;
 import org.hswebframework.web.authorization.Authorization;
 import org.hswebframework.web.authorization.AuthorizationHolder;
@@ -45,9 +46,14 @@
 import java.util.stream.Collectors;
 
 /**
- * TODO 完成注释
+ * 数据级权限控制实现 <br/>
+ * 通过在方法上注解{@link RequiresDataAccess}，标识需要进行数据级权限控制<br/>
+ * 控制的方式和规则由 {@link Permission#getDataAccesses()}实现<br/>
  *
  * @author zhouhao
+ * @see DefaultDataAccessController
+ * @see DataAccessAnnotationHandler#assertAuthorized(Annotation)
+ * @see 3.0
  */
 public class DataAccessAnnotationMethodInterceptor extends AuthorizingAnnotationMethodInterceptor {
 
@@ -75,8 +81,14 @@ public void assertAuthorized(Annotation a) throws AuthorizationException {
                 logger.warn("MethodInterceptorHolder is null!");
                 return;
             }
+            //无权限信息
+            Authorization authorization = AuthorizationHolder.get();
+            if (authorization == null) {
+                throw new AuthorizationException("{no_authorization}");
+            }
             RequiresDataAccess accessAnn = ((RequiresDataAccess) a);
             DataAccessController accessController = dataAccessController;
+            //在注解上自定义的权限控制器
             if (DataAccessController.class != accessAnn.controllerClass()) {
                 if (null == (accessController = cache.get(accessAnn.controllerClass()))) {
                     synchronized (cache) {
@@ -89,30 +101,29 @@ public void assertAuthorized(Annotation a) throws AuthorizationException {
                             }
                     }
                 }
-            } else if (StringUtils.isNullOrEmpty(accessAnn.controllerBeanName())) {
-                // TODO: 17-2-8  get controller from spring context
+            } else if (!StringUtils.isNullOrEmpty(accessAnn.controllerBeanName())) {
+                //获取spring上下文中的控制器
+                accessController = ApplicationContextHolder.get().getBean(accessAnn.controllerBeanName(), DataAccessController.class);
             }
             DataAccessController finalAccessController = accessController;
 
-            ParamContext context = holder.createParamContext(accessAnn);
-            Authorization authorization = AuthorizationHolder.get();
-            if (authorization == null) {
-                throw new AuthorizationException("{no_authorization}");
-            }
+            ParamContext context = holder.createParamContext();
             String permission = accessAnn.permission();
             Permission permissionInfo = authorization.getPermission(permission);
             List<String> actionList = Arrays.asList(accessAnn.action());
-
+            //取得当前登录用户持有的控制规则
             Set<DataAccess> accesses = permissionInfo
                     .getDataAccesses()
                     .stream()
                     .filter(access -> actionList.contains(access.getAction()))
                     .collect(Collectors.toSet());
+            //无规则,则代表不进行控制
             if (accesses.isEmpty()) return;
+            //单个规则验证函数
             Function<Predicate<DataAccess>, Boolean> function =
-                    (accessAnn.logical() == Logical.AND) ?
+                    accessAnn.logical() == Logical.AND ?
                             accesses.stream()::allMatch : accesses.stream()::anyMatch;
-
+            //调用控制器进行验证
             boolean isAccess = function.apply(access -> finalAccessController.doAccess(access, context));
             if (!isAccess) {
                 throw new AuthorizationException("{access_deny}");
 
@@ -39,7 +39,7 @@ public boolean doAccess(DataAccess access, ParamContext params) {
         if (parent != null) parent.doAccess(access, params);
         return handlers.parallelStream()
                 .filter(handler -> handler.isSupport(access))
-                .anyMatch(handler -> handler.doAccess(access, params));
+                .anyMatch(handler -> handler.handle(access, params));
     }
 
     public DefaultDataAccessController addHandler(DataAccessHandler handler) {
 
@@ -65,7 +65,7 @@ public void assertAuthorized(Annotation a) throws AuthorizationException {
                 return;
             }
             RequiresFieldAccess accessAnn = ((RequiresFieldAccess) a);
-            ParamContext context = holder.createParamContext(accessAnn);
+            ParamContext context = holder.createParamContext();
             Authorization authorization = AuthorizationHolder.get();
             if (authorization == null) {
                 throw new AuthorizationException("{no_authorization}");
Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,7 @@`
`6`	`6`	`* @author zhouhao`
`7`	`7`	`*/`
`8`	`8`	`public interface OwnCreatedDataAccess extends DataAccess {`
	`9`	`+ default String getType() {`
	`10`	`+ return Type.OWN_CREATED.name();`
	`11`	`+ }`
`9`	`12`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public boolean doAccess(DataAccess access, ParamContext params) {`
`39`	`39`	`if (parent != null) parent.doAccess(access, params);`
`40`	`40`	`return handlers.parallelStream()`
`41`	`41`	`.filter(handler -> handler.isSupport(access))`
`42`		`- .anyMatch(handler -> handler.doAccess(access, params));`
	`42`	`+ .anyMatch(handler -> handler.handle(access, params));`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`public DefaultDataAccessController addHandler(DataAccessHandler handler) {`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ public void assertAuthorized(Annotation a) throws AuthorizationException {`
`65`	`65`	`return;`
`66`	`66`	`}`
`67`	`67`	`RequiresFieldAccess accessAnn = ((RequiresFieldAccess) a);`
`68`		`- ParamContext context = holder.createParamContext(accessAnn);`
	`68`	`+ ParamContext context = holder.createParamContext();`
`69`	`69`	`Authorization authorization = AuthorizationHolder.get();`
`70`	`70`	`if (authorization == null) {`
`71`	`71`	`throw new AuthorizationException("{no_authorization}");`