lbqms.git - Gitblit

			@@ -1,22 +1,24 @@
			package com.ruoyi.framework.handler;

			import cn.hutool.core.annotation.AnnotationUtil;
			import cn.hutool.core.collection.ConcurrentHashSet;
			import cn.hutool.core.util.ArrayUtil;
			import cn.hutool.core.util.ClassUtil;
			import cn.hutool.core.util.ObjectUtil;
			import com.ruoyi.common.annotation.DataColumn;
			import com.ruoyi.common.annotation.DataPermission;
			import com.ruoyi.common.core.domain.entity.SysRole;
			import com.ruoyi.common.core.domain.entity.SysUser;
			import com.ruoyi.common.core.service.UserService;
			import com.ruoyi.common.core.domain.dto.RoleDTO;
			import com.ruoyi.common.core.domain.model.LoginUser;
			import com.ruoyi.common.enums.DataScopeType;
			import com.ruoyi.common.exception.ServiceException;
			import com.ruoyi.common.utils.SecurityUtils;
			import com.ruoyi.common.helper.DataPermissionHelper;
			import com.ruoyi.common.helper.LoginHelper;
			import com.ruoyi.common.utils.StringUtils;
			import com.ruoyi.common.utils.spring.SpringUtils;
			import lombok.extern.slf4j.Slf4j;
			import net.sf.jsqlparser.JSQLParserException;
			import net.sf.jsqlparser.expression.Expression;
			import net.sf.jsqlparser.expression.Parenthesis;
			import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
			import net.sf.jsqlparser.parser.CCJSqlParserUtil;
			import org.springframework.context.expression.BeanFactoryResolver;
			@@ -30,40 +32,68 @@
			import java.lang.reflect.Method;
			import java.util.Arrays;
			import java.util.List;
			import java.util.Map;
			import java.util.Set;
			import java.util.concurrent.ConcurrentHashMap;
			import java.util.stream.Collectors;

			/**
			* 数据权限过滤
			*
			* @author Lion Li
			* @version 3.5.0
			*/
			@Slf4j
			public class PlusDataPermissionHandler {

			/**
			* 方法或类(名称) 与注解的映射关系缓存
			*/
			private final Map<String, DataPermission> dataPermissionCacheMap = new ConcurrentHashMap<>();

			/**
			* 无效注解方法缓存用于快速返回
			*/
			private final Set<String> inavlidCacheSet = new ConcurrentHashSet<>();

			/**
			* spel 解析器
			*/
			private final ExpressionParser parser = new SpelExpressionParser();
			private final ParserContext parserContext = new TemplateParserContext();
			/**
			* bean解析器用于处理 spel 表达式中对 bean 的调用
			*/
			private final BeanResolver beanResolver = new BeanFactoryResolver(SpringUtils.getBeanFactory());


			public Expression getSqlSegment(Expression where, String mappedStatementId, boolean isSelect) {
			DataColumn[] dataColumns = findAnnotation(mappedStatementId);
			if (ArrayUtil.isEmpty(dataColumns)) {
			inavlidCacheSet.add(mappedStatementId);
			return where;
			}
			SysUser currentUser = SpringUtils.getBean(UserService.class).selectUserById(SecurityUtils.getUserId());
			LoginUser currentUser = DataPermissionHelper.getVariable("user");
			if (ObjectUtil.isNull(currentUser)) {
			currentUser = LoginHelper.getLoginUser();
			DataPermissionHelper.setVariable("user", currentUser);
			}
			// 如果是超级管理员，则不过滤数据
			if (StringUtils.isNull(currentUser) \|\| currentUser.isAdmin()) {
			if (LoginHelper.isAdmin()) {
			return where;
			}
			String dataFilterSql = buildDataFilter(currentUser, dataColumns, isSelect);
			String dataFilterSql = buildDataFilter(dataColumns, isSelect);
			if (StringUtils.isBlank(dataFilterSql)) {
			return where;
			}
			try {
			Expression expression = CCJSqlParserUtil.parseExpression(dataFilterSql);
			// 数据权限使用单独的括号防止与其他条件冲突
			Parenthesis parenthesis = new Parenthesis(expression);
			if (ObjectUtil.isNotNull(where)) {
			return new AndExpression(where, expression);
			return new AndExpression(where, parenthesis);
			} else {
			return expression;
			return parenthesis;
			}
			} catch (JSQLParserException e) {
			throw new ServiceException("数据权限解析异常 => " + e.getMessage());
			@@ -73,14 +103,15 @@
			/**
			* 构造数据过滤sql
			*/
			private String buildDataFilter(SysUser user, DataColumn[] dataColumns, boolean isSelect) {
			private String buildDataFilter(DataColumn[] dataColumns, boolean isSelect) {
			StringBuilder sqlString = new StringBuilder();
			// 更新或删除需满足所有条件
			String joinStr = isSelect ? " OR " : " AND ";
			LoginUser user = DataPermissionHelper.getVariable("user");
			StandardEvaluationContext context = new StandardEvaluationContext();
			context.setBeanResolver(beanResolver);
			context.setVariable("user", user);
			for (SysRole role : user.getRoles()) {
			DataPermissionHelper.getContext().forEach(context::setVariable);
			for (RoleDTO role : user.getRoles()) {
			user.setRoleId(role.getRoleId());
			// 获取角色权限泛型
			DataScopeType type = DataScopeType.findCode(role.getDataScope());
			@@ -126,12 +157,35 @@
			List<Method> methods = Arrays.stream(ClassUtil.getDeclaredMethods(clazz))
			.filter(method -> method.getName().equals(methodName)).collect(Collectors.toList());
			DataPermission dataPermission;
			// 获取方法注解
			for (Method method : methods) {
			dataPermission = dataPermissionCacheMap.get(mappedStatementId);
			if (ObjectUtil.isNotNull(dataPermission)) {
			return dataPermission.value();
			}
			if (AnnotationUtil.hasAnnotation(method, DataPermission.class)) {
			dataPermission = AnnotationUtil.getAnnotation(method, DataPermission.class);
			dataPermissionCacheMap.put(mappedStatementId, dataPermission);
			return dataPermission.value();
			}
			}
			dataPermission = dataPermissionCacheMap.get(clazz.getName());
			if (ObjectUtil.isNotNull(dataPermission)) {
			return dataPermission.value();
			}
			// 获取类注解
			if (AnnotationUtil.hasAnnotation(clazz, DataPermission.class)) {
			dataPermission = AnnotationUtil.getAnnotation(clazz, DataPermission.class);
			dataPermissionCacheMap.put(clazz.getName(), dataPermission);
			return dataPermission.value();
			}
			return null;
			}

			/**
			* 是否为无效方法无数据权限
			*/
			public boolean isInvalid(String mappedStatementId) {
			return inavlidCacheSet.contains(mappedStatementId);
			}
			}