lbqms.git - Gitblit

			@@ -1,6 +1,7 @@
			package com.ruoyi.framework.handler;

			import cn.hutool.core.annotation.AnnotationUtil;
			import cn.hutool.core.collection.ConcurrentHashSet;
			import cn.hutool.core.util.ArrayUtil;
			import cn.hutool.core.util.ClassUtil;
			import cn.hutool.core.util.ObjectUtil;
			@@ -11,12 +12,14 @@
			import com.ruoyi.common.core.service.UserService;
			import com.ruoyi.common.enums.DataScopeType;
			import com.ruoyi.common.exception.ServiceException;
			import com.ruoyi.common.utils.SecurityUtils;
			import com.ruoyi.common.helper.DataPermissionHelper;
			import com.ruoyi.common.utils.LoginUtils;
			import com.ruoyi.common.utils.StringUtils;
			import com.ruoyi.common.utils.spring.SpringUtils;
			import lombok.extern.slf4j.Slf4j;
			import net.sf.jsqlparser.JSQLParserException;
			import net.sf.jsqlparser.expression.Expression;
			import net.sf.jsqlparser.expression.Parenthesis;
			import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
			import net.sf.jsqlparser.parser.CCJSqlParserUtil;
			import org.springframework.context.expression.BeanFactoryResolver;
			@@ -30,40 +33,68 @@
			import java.lang.reflect.Method;
			import java.util.Arrays;
			import java.util.List;
			import java.util.Map;
			import java.util.Set;
			import java.util.concurrent.ConcurrentHashMap;
			import java.util.stream.Collectors;

			/**
			* 数据权限过滤
			*
			* @author Lion Li
			* @version 3.5.0
			*/
			@Slf4j
			public class PlusDataPermissionHandler {

			/**
			* 方法或类(名称) 与注解的映射关系缓存
			*/
			private final Map<String, DataPermission> dataPermissionCacheMap = new ConcurrentHashMap<>();

			/**
			* 无效注解方法缓存用于快速返回
			*/
			private final Set<String> inavlidCacheSet = new ConcurrentHashSet<>();

			/**
			* spel 解析器
			*/
			private final ExpressionParser parser = new SpelExpressionParser();
			private final ParserContext parserContext = new TemplateParserContext();
			/**
			* bean解析器用于处理 spel 表达式中对 bean 的调用
			*/
			private final BeanResolver beanResolver = new BeanFactoryResolver(SpringUtils.getBeanFactory());


			public Expression getSqlSegment(Expression where, String mappedStatementId, boolean isSelect) {
			DataColumn[] dataColumns = findAnnotation(mappedStatementId);
			if (ArrayUtil.isEmpty(dataColumns)) {
			inavlidCacheSet.add(mappedStatementId);
			return where;
			}
			SysUser currentUser = SpringUtils.getBean(UserService.class).selectUserById(SecurityUtils.getUserId());
			SysUser currentUser = DataPermissionHelper.getVariable("user");
			if (ObjectUtil.isNull(currentUser)) {
			currentUser = SpringUtils.getBean(UserService.class).selectUserById(LoginUtils.getUserId());
			DataPermissionHelper.setVariable("user", currentUser);
			}
			// 如果是超级管理员，则不过滤数据
			if (StringUtils.isNull(currentUser) \|\| currentUser.isAdmin()) {
			if (ObjectUtil.isNull(currentUser) \|\| currentUser.isAdmin()) {
			return where;
			}
			String dataFilterSql = buildDataFilter(currentUser, dataColumns, isSelect);
			String dataFilterSql = buildDataFilter(dataColumns, isSelect);
			if (StringUtils.isBlank(dataFilterSql)) {
			return where;
			}
			try {
			Expression expression = CCJSqlParserUtil.parseExpression(dataFilterSql);
			// 数据权限使用单独的括号防止与其他条件冲突
			Parenthesis parenthesis = new Parenthesis(expression);
			if (ObjectUtil.isNotNull(where)) {
			return new AndExpression(where, expression);
			return new AndExpression(where, parenthesis);
			} else {
			return expression;
			return parenthesis;
			}
			} catch (JSQLParserException e) {
			throw new ServiceException("数据权限解析异常 => " + e.getMessage());
			@@ -73,42 +104,47 @@
			/**
			* 构造数据过滤sql
			*/
			private String buildDataFilter(SysUser user, DataColumn[] dataColumns, boolean isSelect) {
			private String buildDataFilter(DataColumn[] dataColumns, boolean isSelect) {
			StringBuilder sqlString = new StringBuilder();

			// 更新或删除需满足所有条件
			String joinStr = isSelect ? " OR " : " AND ";
			SysUser user = DataPermissionHelper.getVariable("user");
			StandardEvaluationContext context = new StandardEvaluationContext();
			context.setBeanResolver(beanResolver);
			context.setVariable("user", user);

			for (DataColumn dataColumn : dataColumns) {
			// 设置注解变量 key 为表达式变量 value 为变量值
			context.setVariable(dataColumn.key(), dataColumn.value());
			for (SysRole role : user.getRoles()) {
			user.setRoleId(role.getRoleId());

			// 获取角色权限泛型
			DataScopeType type = DataScopeType.findCode(role.getDataScope());
			if (ObjectUtil.isNull(type)) {
			throw new ServiceException("角色数据范围异常 => " + role.getDataScope());
			}
			// 全部数据权限直接返回
			if (type == DataScopeType.ALL) {
			return "";
			}
			DataPermissionHelper.getContext().forEach(context::setVariable);
			for (SysRole role : user.getRoles()) {
			user.setRoleId(role.getRoleId());
			// 获取角色权限泛型
			DataScopeType type = DataScopeType.findCode(role.getDataScope());
			if (ObjectUtil.isNull(type)) {
			throw new ServiceException("角色数据范围异常 => " + role.getDataScope());
			}
			// 全部数据权限直接返回
			if (type == DataScopeType.ALL) {
			return "";
			}
			boolean isSuccess = false;
			for (DataColumn dataColumn : dataColumns) {
			// 不包含 key 变量则不处理
			if (!StringUtils.contains(type.getSql(), "#" + dataColumn.key())) {
			if (!StringUtils.contains(type.getSqlTemplate(), "#" + dataColumn.key())) {
			continue;
			}
			// 更新或删除需满足所有条件
			sqlString.append(isSelect ? " OR " : " AND ");
			// 设置注解变量 key 为表达式变量 value 为变量值
			context.setVariable(dataColumn.key(), dataColumn.value());

			// 解析sql模板并填充
			String sql = parser.parseExpression(type.getSql(), parserContext).getValue(context, String.class);
			sqlString.append(sql);
			String sql = parser.parseExpression(type.getSqlTemplate(), parserContext).getValue(context, String.class);
			sqlString.append(joinStr).append(sql);
			isSuccess = true;
			}
			// 未处理成功则填充兜底方案
			if (!isSuccess) {
			sqlString.append(joinStr).append(type.getElseSql());
			}
			}

			if (StringUtils.isNotBlank(sqlString.toString())) {
			return sqlString.substring(isSelect ? 4 : 5);
			return sqlString.substring(joinStr.length());
			}
			return "";
			}
			@@ -122,12 +158,35 @@
			List<Method> methods = Arrays.stream(ClassUtil.getDeclaredMethods(clazz))
			.filter(method -> method.getName().equals(methodName)).collect(Collectors.toList());
			DataPermission dataPermission;
			// 获取方法注解
			for (Method method : methods) {
			dataPermission = dataPermissionCacheMap.get(method.getName());
			if (ObjectUtil.isNotNull(dataPermission)) {
			return dataPermission.value();
			}
			if (AnnotationUtil.hasAnnotation(method, DataPermission.class)) {
			dataPermission = AnnotationUtil.getAnnotation(method, DataPermission.class);
			dataPermissionCacheMap.put(method.getName(), dataPermission);
			return dataPermission.value();
			}
			}
			dataPermission = dataPermissionCacheMap.get(clazz.getName());
			if (ObjectUtil.isNotNull(dataPermission)) {
			return dataPermission.value();
			}
			// 获取类注解
			if (AnnotationUtil.hasAnnotation(clazz, DataPermission.class)) {
			dataPermission = AnnotationUtil.getAnnotation(clazz, DataPermission.class);
			dataPermissionCacheMap.put(clazz.getName(), dataPermission);
			return dataPermission.value();
			}
			return null;
			}

			/**
			* 是否为无效方法无数据权限
			*/
			public boolean isInvalid(String mappedStatementId) {
			return inavlidCacheSet.contains(mappedStatementId);
			}
			}