From 009ac75229725c5d83f80c6d62357b65a6b11e7b Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期四, 14 十一月 2024 16:57:10 +0800
Subject: [PATCH] fix 修复 数据权限多角色与权限标识符共用导致的问题 https://gitee.com/dromara/RuoYi-Vue-Plus/issues/IB4CS4
---
ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java | 157 +++++++++++++++++++---------------------------------
1 files changed, 58 insertions(+), 99 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java
index 7d7fd84..236538a 100644
--- a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java
+++ b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java
@@ -1,15 +1,13 @@
package org.dromara.common.mybatis.handler;
-import cn.hutool.core.annotation.AnnotationUtil;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjectUtil;
import lombok.extern.slf4j.Slf4j;
import net.sf.jsqlparser.JSQLParserException;
import net.sf.jsqlparser.expression.Expression;
-import net.sf.jsqlparser.expression.Parenthesis;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.expression.operators.relational.ParenthesedExpressionList;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
-import org.apache.ibatis.io.Resources;
import org.dromara.common.core.domain.dto.RoleDTO;
import org.dromara.common.core.domain.model.LoginUser;
import org.dromara.common.core.exception.ServiceException;
@@ -21,27 +19,17 @@
import org.dromara.common.mybatis.enums.DataScopeType;
import org.dromara.common.mybatis.helper.DataPermissionHelper;
import org.dromara.common.satoken.utils.LoginHelper;
-import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.expression.BeanFactoryResolver;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
-import org.springframework.core.io.support.ResourcePatternResolver;
-import org.springframework.core.type.ClassMetadata;
-import org.springframework.core.type.classreading.CachingMetadataReaderFactory;
import org.springframework.expression.BeanResolver;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.ParserContext;
import org.springframework.expression.common.TemplateParserContext;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
-import org.springframework.util.ClassUtils;
-import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
-import java.util.Map;
import java.util.Set;
-import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
/**
@@ -54,11 +42,6 @@
public class PlusDataPermissionHandler {
/**
- * 鏂规硶鎴栫被(鍚嶇О) 涓� 娉ㄨВ鐨勬槧灏勫叧绯荤紦瀛�
- */
- private final Map<String, DataPermission> dataPermissionCacheMap = new ConcurrentHashMap<>();
-
- /**
* spel 瑙f瀽鍣�
*/
private final ExpressionParser parser = new SpelExpressionParser();
@@ -68,30 +51,36 @@
*/
private final BeanResolver beanResolver = new BeanFactoryResolver(SpringUtils.getBeanFactory());
- public PlusDataPermissionHandler(String mapperPackage) {
- scanMapperClasses(mapperPackage);
- }
-
-
+ /**
+ * 鑾峰彇鏁版嵁杩囨护鏉′欢鐨� SQL 鐗囨
+ *
+ * @param where 鍘熷鐨勬煡璇㈡潯浠惰〃杈惧紡
+ * @param mappedStatementId Mapper 鏂规硶鐨� ID
+ * @param isSelect 鏄惁涓烘煡璇㈣鍙�
+ * @return 鏁版嵁杩囨护鏉′欢鐨� SQL 鐗囨
+ */
public Expression getSqlSegment(Expression where, String mappedStatementId, boolean isSelect) {
- DataPermission dataPermission = getDataPermission(mappedStatementId);
- LoginUser currentUser = DataPermissionHelper.getVariable("user");
- if (ObjectUtil.isNull(currentUser)) {
- currentUser = LoginHelper.getLoginUser();
- DataPermissionHelper.setVariable("user", currentUser);
- }
- // 濡傛灉鏄秴绾х鐞嗗憳鎴栫鎴风鐞嗗憳锛屽垯涓嶈繃婊ゆ暟鎹�
- if (LoginHelper.isSuperAdmin() || LoginHelper.isTenantAdmin()) {
- return where;
- }
- String dataFilterSql = buildDataFilter(dataPermission.value(), isSelect);
- if (StringUtils.isBlank(dataFilterSql)) {
- return where;
- }
try {
+ // 鑾峰彇鏁版嵁鏉冮檺閰嶇疆
+ DataPermission dataPermission = DataPermissionHelper.getPermission();
+ // 鑾峰彇褰撳墠鐧诲綍鐢ㄦ埛淇℃伅
+ LoginUser currentUser = DataPermissionHelper.getVariable("user");
+ if (ObjectUtil.isNull(currentUser)) {
+ currentUser = LoginHelper.getLoginUser();
+ DataPermissionHelper.setVariable("user", currentUser);
+ }
+ // 濡傛灉鏄秴绾х鐞嗗憳鎴栫鎴风鐞嗗憳锛屽垯涓嶈繃婊ゆ暟鎹�
+ if (LoginHelper.isSuperAdmin() || LoginHelper.isTenantAdmin()) {
+ return where;
+ }
+ // 鏋勯�犳暟鎹繃婊ゆ潯浠剁殑 SQL 鐗囨
+ String dataFilterSql = buildDataFilter(dataPermission, isSelect);
+ if (StringUtils.isBlank(dataFilterSql)) {
+ return where;
+ }
Expression expression = CCJSqlParserUtil.parseExpression(dataFilterSql);
// 鏁版嵁鏉冮檺浣跨敤鍗曠嫭鐨勬嫭鍙� 闃叉涓庡叾浠栨潯浠跺啿绐�
- Parenthesis parenthesis = new Parenthesis(expression);
+ ParenthesedExpressionList<Expression> parenthesis = new ParenthesedExpressionList<>(expression);
if (ObjectUtil.isNotNull(where)) {
return new AndExpression(where, parenthesis);
} else {
@@ -99,15 +88,25 @@
}
} catch (JSQLParserException e) {
throw new ServiceException("鏁版嵁鏉冮檺瑙f瀽寮傚父 => " + e.getMessage());
+ } finally {
+ DataPermissionHelper.removePermission();
}
}
/**
- * 鏋勯�犳暟鎹繃婊ql
+ * 鏋勫缓鏁版嵁杩囨护鏉′欢鐨� SQL 璇彞
+ *
+ * @param dataPermission 鏁版嵁鏉冮檺娉ㄨВ
+ * @param isSelect 鏍囧織褰撳墠鎿嶄綔鏄惁涓烘煡璇㈡搷浣滐紝鏌ヨ鎿嶄綔鍜屾洿鏂版垨鍒犻櫎鎿嶄綔鍦ㄥ鐞嗚繃婊ゆ潯浠舵椂浼氭湁涓嶅悓鐨勫鐞嗘柟寮�
+ * @return 鏋勫缓鐨勬暟鎹繃婊ゆ潯浠剁殑 SQL 璇彞
+ * @throws ServiceException 濡傛灉瑙掕壊鐨勬暟鎹寖鍥村紓甯告垨鑰� key 涓� value 鐨勯暱搴︿笉鍖归厤锛屽垯鎶涘嚭 ServiceException 寮傚父
*/
- private String buildDataFilter(DataColumn[] dataColumns, boolean isSelect) {
+ private String buildDataFilter(DataPermission dataPermission, boolean isSelect) {
// 鏇存柊鎴栧垹闄ら渶婊¤冻鎵�鏈夋潯浠�
String joinStr = isSelect ? " OR " : " AND ";
+ if (StringUtils.isNotBlank(dataPermission.joinStr())) {
+ joinStr = " " + dataPermission.joinStr() + " ";
+ }
LoginUser user = DataPermissionHelper.getVariable("user");
StandardEvaluationContext context = new StandardEvaluationContext();
context.setBeanResolver(beanResolver);
@@ -125,7 +124,7 @@
return "";
}
boolean isSuccess = false;
- for (DataColumn dataColumn : dataColumns) {
+ for (DataColumn dataColumn : dataPermission.value()) {
if (dataColumn.key().length != dataColumn.value().length) {
throw new ServiceException("瑙掕壊鏁版嵁鑼冨洿寮傚父 => key涓巚alue闀垮害涓嶅尮閰�");
}
@@ -135,13 +134,25 @@
)) {
continue;
}
+ // 鍖呭惈鏉冮檺鏍囪瘑绗� 杩欑洿鎺ヨ烦杩�
+ if (StringUtils.isNotBlank(dataColumn.permission()) &&
+ CollUtil.contains(user.getMenuPermission(), dataColumn.permission())
+ ) {
+ // 淇澶氳鑹蹭笌鏉冮檺鏍囪瘑绗﹀叡鐢ㄩ棶棰� https://gitee.com/dromara/RuoYi-Vue-Plus/issues/IB4CS4
+ conditions.add(joinStr + " 1 = 1 ");
+ isSuccess = true;
+ continue;
+ }
// 璁剧疆娉ㄨВ鍙橀噺 key 涓鸿〃杈惧紡鍙橀噺 value 涓哄彉閲忓��
for (int i = 0; i < dataColumn.key().length; i++) {
context.setVariable(dataColumn.key()[i], dataColumn.value()[i]);
}
+ // 蹇界暐鏁版嵁鏉冮檺 闃叉spel琛ㄨ揪寮忓唴鏈夊叾浠杝ql鏌ヨ瀵艰嚧姝诲惊鐜皟鐢�
+ String sql = DataPermissionHelper.ignore(() ->
+ parser.parseExpression(type.getSqlTemplate(), parserContext).getValue(context, String.class)
+ );
// 瑙f瀽sql妯℃澘骞跺~鍏�
- String sql = parser.parseExpression(type.getSqlTemplate(), parserContext).getValue(context, String.class);
conditions.add(joinStr + sql);
isSuccess = true;
}
@@ -159,63 +170,11 @@
}
/**
- * 閫氳繃 mapperPackage 璁剧疆鐨勬壂鎻忓寘 鎵弿缂撳瓨鏈夋敞瑙g殑鏂规硶涓庣被
+ * 妫�鏌ョ粰瀹氱殑鏄犲皠璇彞 ID 鏄惁鏈夋晥锛屽嵆鏄惁鑳藉鎵惧埌瀵瑰簲鐨� DataPermission 娉ㄨВ瀵硅薄
+ *
+ * @return 濡傛灉鎵惧埌瀵瑰簲鐨� DataPermission 娉ㄨВ瀵硅薄锛屽垯杩斿洖 false锛涘惁鍒欒繑鍥� true
*/
- private void scanMapperClasses(String mapperPackage) {
- PathMatchingResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
- CachingMetadataReaderFactory factory = new CachingMetadataReaderFactory();
- String[] packagePatternArray = StringUtils.splitPreserveAllTokens(mapperPackage, ConfigurableApplicationContext.CONFIG_LOCATION_DELIMITERS);
- String classpath = ResourcePatternResolver.CLASSPATH_ALL_URL_PREFIX;
- try {
- for (String packagePattern : packagePatternArray) {
- String path = ClassUtils.convertClassNameToResourcePath(packagePattern);
- Resource[] resources = resolver.getResources(classpath + path + "/*.class");
- for (Resource resource : resources) {
- ClassMetadata classMetadata = factory.getMetadataReader(resource).getClassMetadata();
- Class<?> clazz = Resources.classForName(classMetadata.getClassName());
- findAnnotation(clazz);
- }
- }
- } catch (Exception e) {
- log.error("鍒濆鍖栨暟鎹畨鍏ㄧ紦瀛樻椂鍑洪敊:{}", e.getMessage());
- }
- }
-
- private void findAnnotation(Class<?> clazz) {
- DataPermission dataPermission;
- // 鑾峰彇鏂规硶娉ㄨВ
- for (Method method : clazz.getMethods()) {
- if (method.isDefault() || method.isVarArgs()) {
- continue;
- }
- String mappedStatementId = clazz.getName() + "." + method.getName();
- if (AnnotationUtil.hasAnnotation(method, DataPermission.class)) {
- dataPermission = AnnotationUtil.getAnnotation(method, DataPermission.class);
- dataPermissionCacheMap.put(mappedStatementId, dataPermission);
- }
- }
- // 鑾峰彇绫绘敞瑙�
- if (AnnotationUtil.hasAnnotation(clazz, DataPermission.class)) {
- dataPermission = AnnotationUtil.getAnnotation(clazz, DataPermission.class);
- dataPermissionCacheMap.put(clazz.getName(), dataPermission);
- }
- }
-
- public DataPermission getDataPermission(String mapperId) {
- if (dataPermissionCacheMap.containsKey(mapperId)) {
- return dataPermissionCacheMap.get(mapperId);
- }
- String clazzName = mapperId.substring(0, mapperId.lastIndexOf("."));
- if (dataPermissionCacheMap.containsKey(clazzName)) {
- return dataPermissionCacheMap.get(clazzName);
- }
- return null;
- }
-
- /**
- * 鏄惁鏃犳晥
- */
- public boolean invalid(String mapperId) {
- return getDataPermission(mapperId) == null;
+ public boolean invalid() {
+ return DataPermissionHelper.getPermission() == null;
}
}
--
Gitblit v1.9.3