| | |
|---|
| | | import cn.hutool.core.util.ObjectUtil; |
|---|
| | | import com.ruoyi.common.annotation.DataColumn; |
|---|
| | | import com.ruoyi.common.annotation.DataPermission; |
|---|
| | | import com.ruoyi.common.core.domain.entity.SysRole; |
|---|
| | | import com.ruoyi.common.core.domain.entity.SysUser; |
|---|
| | | import com.ruoyi.common.core.service.UserService; |
|---|
| | | import com.ruoyi.common.core.domain.dto.RoleDTO; |
|---|
| | | import com.ruoyi.common.core.domain.model.LoginUser; |
|---|
| | | import com.ruoyi.common.enums.DataScopeType; |
|---|
| | | import com.ruoyi.common.exception.ServiceException; |
|---|
| | | import com.ruoyi.common.helper.DataPermissionHelper; |
|---|
| | | import com.ruoyi.common.helper.LoginHelper; |
|---|
| | | import com.ruoyi.common.utils.SecurityUtils; |
|---|
| | | import com.ruoyi.common.utils.StringUtils; |
|---|
| | | import com.ruoyi.common.utils.spring.SpringUtils; |
|---|
| | |
|---|
| | | * 数据权限过滤 |
|---|
| | | * |
|---|
| | | * @author Lion Li |
|---|
| | | * @version 3.5.0 |
|---|
| | | */ |
|---|
| | | @Slf4j |
|---|
| | | public class PlusDataPermissionHandler { |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 方法或类 与 注解的映射关系缓存 |
|---|
| | | * 方法或类(名称) 与 注解的映射关系缓存 |
|---|
| | | */ |
|---|
| | | private final Map<Method, DataPermission> methodCacheMap = new ConcurrentHashMap<>(); |
|---|
| | | private final Map<Class<?>, DataPermission> classCacheMap = new ConcurrentHashMap<>(); |
|---|
| | | private final Map<String, DataPermission> dataPermissionCacheMap = new ConcurrentHashMap<>(); |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 无效注解方法缓存用于快速返回 |
|---|
| | |
|---|
| | | inavlidCacheSet.add(mappedStatementId); |
|---|
| | | return where; |
|---|
| | | } |
|---|
| | | SysUser currentUser = SpringUtils.getBean(UserService.class).selectUserById(SecurityUtils.getUserId()); |
|---|
| | | LoginUser currentUser = DataPermissionHelper.getVariable("user"); |
|---|
| | | if (ObjectUtil.isNull(currentUser)) { |
|---|
| | | currentUser = LoginHelper.getLoginUser(); |
|---|
| | | DataPermissionHelper.setVariable("user", currentUser); |
|---|
| | | } |
|---|
| | | // 如果是超级管理员,则不过滤数据 |
|---|
| | | if (StringUtils.isNull(currentUser) || currentUser.isAdmin()) { |
|---|
| | | if (ObjectUtil.isNull(currentUser) || SecurityUtils.isAdmin(currentUser.getUserId())) { |
|---|
| | | return where; |
|---|
| | | } |
|---|
| | | String dataFilterSql = buildDataFilter(currentUser, dataColumns, isSelect); |
|---|
| | | String dataFilterSql = buildDataFilter(dataColumns, isSelect); |
|---|
| | | if (StringUtils.isBlank(dataFilterSql)) { |
|---|
| | | return where; |
|---|
| | | } |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 构造数据过滤sql |
|---|
| | | */ |
|---|
| | | private String buildDataFilter(SysUser user, DataColumn[] dataColumns, boolean isSelect) { |
|---|
| | | private String buildDataFilter(DataColumn[] dataColumns, boolean isSelect) { |
|---|
| | | StringBuilder sqlString = new StringBuilder(); |
|---|
| | | // 更新或删除需满足所有条件 |
|---|
| | | String joinStr = isSelect ? " OR " : " AND "; |
|---|
| | | LoginUser user = DataPermissionHelper.getVariable("user"); |
|---|
| | | StandardEvaluationContext context = new StandardEvaluationContext(); |
|---|
| | | context.setBeanResolver(beanResolver); |
|---|
| | | context.setVariable("user", user); |
|---|
| | | for (SysRole role : user.getRoles()) { |
|---|
| | | DataPermissionHelper.getContext().forEach(context::setVariable); |
|---|
| | | for (RoleDTO role : user.getRoles()) { |
|---|
| | | user.setRoleId(role.getRoleId()); |
|---|
| | | // 获取角色权限泛型 |
|---|
| | | DataScopeType type = DataScopeType.findCode(role.getDataScope()); |
|---|
| | |
|---|
| | | DataPermission dataPermission; |
|---|
| | | // 获取方法注解 |
|---|
| | | for (Method method : methods) { |
|---|
| | | dataPermission = methodCacheMap.get(method); |
|---|
| | | dataPermission = dataPermissionCacheMap.get(mappedStatementId); |
|---|
| | | if (ObjectUtil.isNotNull(dataPermission)) { |
|---|
| | | return dataPermission.value(); |
|---|
| | | } |
|---|
| | | if (AnnotationUtil.hasAnnotation(method, DataPermission.class)) { |
|---|
| | | dataPermission = AnnotationUtil.getAnnotation(method, DataPermission.class); |
|---|
| | | methodCacheMap.put(method, dataPermission); |
|---|
| | | dataPermissionCacheMap.put(mappedStatementId, dataPermission); |
|---|
| | | return dataPermission.value(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | dataPermission = classCacheMap.get(clazz); |
|---|
| | | dataPermission = dataPermissionCacheMap.get(clazz.getName()); |
|---|
| | | if (ObjectUtil.isNotNull(dataPermission)) { |
|---|
| | | return dataPermission.value(); |
|---|
| | | } |
|---|
| | | // 获取类注解 |
|---|
| | | if (AnnotationUtil.hasAnnotation(clazz, DataPermission.class)) { |
|---|
| | | dataPermission = AnnotationUtil.getAnnotation(clazz, DataPermission.class); |
|---|
| | | classCacheMap.put(clazz, dataPermission); |
|---|
| | | dataPermissionCacheMap.put(clazz.getName(), dataPermission); |
|---|
| | | return dataPermission.value(); |
|---|
| | | } |
|---|
| | | return null; |
|---|
