From 8cc2aee13e5f6e880ced3ba63034bf5bc74dce72 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期六, 29 五月 2021 21:54:20 +0800
Subject: [PATCH] fix 修复单表数据权限问题
---
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java | 54 +++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 43 insertions(+), 11 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index ffd4718..9003bfc 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -19,6 +19,7 @@
import org.springframework.stereotype.Component;
import java.lang.reflect.Method;
+import java.util.Map;
/**
* 鏁版嵁杩囨护澶勭悊
@@ -68,6 +69,7 @@
@Before("dataScopePointCut()")
public void doBefore(JoinPoint point) throws Throwable
{
+ clearDataScope(point);
handleDataScope(point);
}
@@ -104,6 +106,10 @@
{
StringBuilder sqlString = new StringBuilder();
+ // 灏� "." 鎻愬彇鍑�,涓嶅啓鍒悕涓哄崟琛ㄦ煡璇�,鍐欏埆鍚嶄负澶氳〃鏌ヨ
+ deptAlias = StrUtil.isNotBlank(deptAlias) ? deptAlias + "." : "";
+ userAlias = StrUtil.isNotBlank(userAlias) ? userAlias + "." : "";
+
for (SysRole role : user.getRoles())
{
String dataScope = role.getDataScope();
@@ -115,24 +121,24 @@
else if (DATA_SCOPE_CUSTOM.equals(dataScope))
{
sqlString.append(StrUtil.format(
- " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
+ " OR {}dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
role.getRoleId()));
}
else if (DATA_SCOPE_DEPT.equals(dataScope))
{
- sqlString.append(StrUtil.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
+ sqlString.append(StrUtil.format(" OR {}dept_id = {} ", deptAlias, user.getDeptId()));
}
else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
{
sqlString.append(StrUtil.format(
- " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
+ " OR {}dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
deptAlias, user.getDeptId(), user.getDeptId()));
}
else if (DATA_SCOPE_SELF.equals(dataScope))
{
if (StrUtil.isNotBlank(userAlias))
{
- sqlString.append(StrUtil.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
+ sqlString.append(StrUtil.format(" OR {}user_id = {} ", userAlias, user.getUserId()));
}
else
{
@@ -144,13 +150,8 @@
if (StrUtil.isNotBlank(sqlString.toString()))
{
- Object params = joinPoint.getArgs()[0];
- if (Validator.isNotNull(params) && params instanceof BaseEntity)
- {
- BaseEntity baseEntity = (BaseEntity) params;
- baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
- }
- }
+ putDataScope(joinPoint, sqlString.substring(4));
+ }
}
/**
@@ -168,4 +169,35 @@
}
return null;
}
+
+ /**
+ * 鎷兼帴鏉冮檺sql鍓嶅厛娓呯┖params.dataScope鍙傛暟闃叉娉ㄥ叆
+ */
+ private void clearDataScope(final JoinPoint joinPoint)
+ {
+ Object params = joinPoint.getArgs()[0];
+ if (Validator.isNotNull(params))
+ {
+ putDataScope(joinPoint, "");
+ }
+ }
+
+ private static void putDataScope(JoinPoint joinPoint, String sql) {
+ Object params = joinPoint.getArgs()[0];
+ if (Validator.isNotNull(params))
+ {
+ if(params instanceof BaseEntity) {
+ BaseEntity baseEntity = (BaseEntity) params;
+ baseEntity.getParams().put(DATA_SCOPE, sql);
+ } else {
+ try {
+ Method getParams = params.getClass().getDeclaredMethod("getParams", null);
+ Map<String, Object> invoke = (Map<String, Object>) getParams.invoke(params, null);
+ invoke.put(DATA_SCOPE, sql);
+ } catch (Exception e) {
+ // 鏂规硶鏈壘鍒� 涓嶅鐞�
+ }
+ }
+ }
+ }
}
--
Gitblit v1.9.3