From e96118c57448a29addd8294969866a8abcf5efdf Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期日, 29 九月 2024 17:41:16 +0800
Subject: [PATCH] fix 修复 部分web异常被CryptoFilter截胡问题
---
ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java | 174 +++++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 125 insertions(+), 49 deletions(-)
diff --git a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java
index c9a578f..ab7e0f6 100644
--- a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java
+++ b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/PlusDataPermissionHandler.java
@@ -2,10 +2,14 @@
import cn.hutool.core.annotation.AnnotationUtil;
import cn.hutool.core.collection.CollUtil;
-import cn.hutool.core.collection.ConcurrentHashSet;
-import cn.hutool.core.util.ArrayUtil;
-import cn.hutool.core.util.ClassUtil;
import cn.hutool.core.util.ObjectUtil;
+import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.JSQLParserException;
+import net.sf.jsqlparser.expression.Expression;
+import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.expression.operators.relational.ParenthesedExpressionList;
+import net.sf.jsqlparser.parser.CCJSqlParserUtil;
+import org.apache.ibatis.io.Resources;
import org.dromara.common.core.domain.dto.RoleDTO;
import org.dromara.common.core.domain.model.LoginUser;
import org.dromara.common.core.exception.ServiceException;
@@ -17,22 +21,26 @@
import org.dromara.common.mybatis.enums.DataScopeType;
import org.dromara.common.mybatis.helper.DataPermissionHelper;
import org.dromara.common.satoken.utils.LoginHelper;
-import lombok.extern.slf4j.Slf4j;
-import net.sf.jsqlparser.JSQLParserException;
-import net.sf.jsqlparser.expression.Expression;
-import net.sf.jsqlparser.expression.Parenthesis;
-import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
-import net.sf.jsqlparser.parser.CCJSqlParserUtil;
+import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
+import org.springframework.core.io.support.ResourcePatternResolver;
+import org.springframework.core.type.ClassMetadata;
+import org.springframework.core.type.classreading.CachingMetadataReaderFactory;
import org.springframework.expression.BeanResolver;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.ParserContext;
import org.springframework.expression.common.TemplateParserContext;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
+import org.springframework.util.ClassUtils;
import java.lang.reflect.Method;
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Function;
@@ -51,11 +59,6 @@
private final Map<String, DataPermission> dataPermissionCacheMap = new ConcurrentHashMap<>();
/**
- * 鏃犳晥娉ㄨВ鏂规硶缂撳瓨鐢ㄤ簬蹇�熻繑鍥�
- */
- private final Set<String> invalidCacheSet = new ConcurrentHashSet<>();
-
- /**
* spel 瑙f瀽鍣�
*/
private final ExpressionParser parser = new SpelExpressionParser();
@@ -65,13 +68,27 @@
*/
private final BeanResolver beanResolver = new BeanFactoryResolver(SpringUtils.getBeanFactory());
+ /**
+ * 鏋勯�犳柟娉曪紝鎵弿鎸囧畾鍖呬笅鐨� Mapper 绫诲苟鍒濆鍖栫紦瀛�
+ *
+ * @param mapperPackage Mapper 绫绘墍鍦ㄧ殑鍖呰矾寰�
+ */
+ public PlusDataPermissionHandler(String mapperPackage) {
+ scanMapperClasses(mapperPackage);
+ }
+ /**
+ * 鑾峰彇鏁版嵁杩囨护鏉′欢鐨� SQL 鐗囨
+ *
+ * @param where 鍘熷鐨勬煡璇㈡潯浠惰〃杈惧紡
+ * @param mappedStatementId Mapper 鏂规硶鐨� ID
+ * @param isSelect 鏄惁涓烘煡璇㈣鍙�
+ * @return 鏁版嵁杩囨护鏉′欢鐨� SQL 鐗囨
+ */
public Expression getSqlSegment(Expression where, String mappedStatementId, boolean isSelect) {
- DataColumn[] dataColumns = findAnnotation(mappedStatementId);
- if (ArrayUtil.isEmpty(dataColumns)) {
- invalidCacheSet.add(mappedStatementId);
- return where;
- }
+ // 鑾峰彇鏁版嵁鏉冮檺閰嶇疆
+ DataPermission dataPermission = getDataPermission(mappedStatementId);
+ // 鑾峰彇褰撳墠鐧诲綍鐢ㄦ埛淇℃伅
LoginUser currentUser = DataPermissionHelper.getVariable("user");
if (ObjectUtil.isNull(currentUser)) {
currentUser = LoginHelper.getLoginUser();
@@ -81,14 +98,15 @@
if (LoginHelper.isSuperAdmin() || LoginHelper.isTenantAdmin()) {
return where;
}
- String dataFilterSql = buildDataFilter(dataColumns, isSelect);
+ // 鏋勯�犳暟鎹繃婊ゆ潯浠剁殑 SQL 鐗囨
+ String dataFilterSql = buildDataFilter(dataPermission, isSelect);
if (StringUtils.isBlank(dataFilterSql)) {
return where;
}
try {
Expression expression = CCJSqlParserUtil.parseExpression(dataFilterSql);
// 鏁版嵁鏉冮檺浣跨敤鍗曠嫭鐨勬嫭鍙� 闃叉涓庡叾浠栨潯浠跺啿绐�
- Parenthesis parenthesis = new Parenthesis(expression);
+ ParenthesedExpressionList<Expression> parenthesis = new ParenthesedExpressionList<>(expression);
if (ObjectUtil.isNotNull(where)) {
return new AndExpression(where, parenthesis);
} else {
@@ -100,11 +118,19 @@
}
/**
- * 鏋勯�犳暟鎹繃婊ql
+ * 鏋勫缓鏁版嵁杩囨护鏉′欢鐨� SQL 璇彞
+ *
+ * @param dataPermission 鏁版嵁鏉冮檺娉ㄨВ
+ * @param isSelect 鏍囧織褰撳墠鎿嶄綔鏄惁涓烘煡璇㈡搷浣滐紝鏌ヨ鎿嶄綔鍜屾洿鏂版垨鍒犻櫎鎿嶄綔鍦ㄥ鐞嗚繃婊ゆ潯浠舵椂浼氭湁涓嶅悓鐨勫鐞嗘柟寮�
+ * @return 鏋勫缓鐨勬暟鎹繃婊ゆ潯浠剁殑 SQL 璇彞
+ * @throws ServiceException 濡傛灉瑙掕壊鐨勬暟鎹寖鍥村紓甯告垨鑰� key 涓� value 鐨勯暱搴︿笉鍖归厤锛屽垯鎶涘嚭 ServiceException 寮傚父
*/
- private String buildDataFilter(DataColumn[] dataColumns, boolean isSelect) {
+ private String buildDataFilter(DataPermission dataPermission, boolean isSelect) {
// 鏇存柊鎴栧垹闄ら渶婊¤冻鎵�鏈夋潯浠�
String joinStr = isSelect ? " OR " : " AND ";
+ if (StringUtils.isNotBlank(dataPermission.joinStr())) {
+ joinStr = " " + dataPermission.joinStr() + " ";
+ }
LoginUser user = DataPermissionHelper.getVariable("user");
StandardEvaluationContext context = new StandardEvaluationContext();
context.setBeanResolver(beanResolver);
@@ -122,7 +148,7 @@
return "";
}
boolean isSuccess = false;
- for (DataColumn dataColumn : dataColumns) {
+ for (DataColumn dataColumn : dataPermission.value()) {
if (dataColumn.key().length != dataColumn.value().length) {
throw new ServiceException("瑙掕壊鏁版嵁鑼冨洿寮傚父 => key涓巚alue闀垮害涓嶅尮閰�");
}
@@ -130,6 +156,13 @@
if (!StringUtils.containsAny(type.getSqlTemplate(),
Arrays.stream(dataColumn.key()).map(key -> "#" + key).toArray(String[]::new)
)) {
+ continue;
+ }
+ // 鍖呭惈鏉冮檺鏍囪瘑绗� 杩欑洿鎺ヨ烦杩�
+ if (StringUtils.isNotBlank(dataColumn.permission()) &&
+ CollUtil.contains(user.getMenuPermission(), dataColumn.permission())
+ ) {
+ isSuccess = true;
continue;
}
// 璁剧疆娉ㄨВ鍙橀噺 key 涓鸿〃杈惧紡鍙橀噺 value 涓哄彉閲忓��
@@ -155,44 +188,87 @@
return "";
}
- private DataColumn[] findAnnotation(String mappedStatementId) {
- StringBuilder sb = new StringBuilder(mappedStatementId);
- int index = sb.lastIndexOf(".");
- String clazzName = sb.substring(0, index);
- String methodName = sb.substring(index + 1, sb.length());
- Class<?> clazz = ClassUtil.loadClass(clazzName);
- List<Method> methods = Arrays.stream(ClassUtil.getDeclaredMethods(clazz))
- .filter(method -> method.getName().equals(methodName)).toList();
- DataPermission dataPermission;
- // 鑾峰彇鏂规硶娉ㄨВ
- for (Method method : methods) {
- dataPermission = dataPermissionCacheMap.get(mappedStatementId);
- if (ObjectUtil.isNotNull(dataPermission)) {
- return dataPermission.value();
+ /**
+ * 鎵弿鎸囧畾鍖呬笅鐨� Mapper 绫伙紝骞舵煡鎵惧叾涓甫鏈夌壒瀹氭敞瑙g殑鏂规硶鎴栫被
+ *
+ * @param mapperPackage Mapper 绫绘墍鍦ㄧ殑鍖呰矾寰�
+ */
+ private void scanMapperClasses(String mapperPackage) {
+ // 鍒涘缓璧勬簮瑙f瀽鍣ㄥ拰鍏冩暟鎹鍙栧伐鍘�
+ PathMatchingResourcePatternResolver resolver = new PathMatchingResourcePatternResolver();
+ CachingMetadataReaderFactory factory = new CachingMetadataReaderFactory();
+ // 灏� Mapper 鍖呰矾寰勬寜鍒嗛殧绗︽媶鍒嗕负鏁扮粍
+ String[] packagePatternArray = StringUtils.splitPreserveAllTokens(mapperPackage, ConfigurableApplicationContext.CONFIG_LOCATION_DELIMITERS);
+ String classpath = ResourcePatternResolver.CLASSPATH_ALL_URL_PREFIX;
+ try {
+ for (String packagePattern : packagePatternArray) {
+ // 灏嗗寘璺緞杞崲涓鸿祫婧愯矾寰�
+ String path = ClassUtils.convertClassNameToResourcePath(packagePattern);
+ // 鑾峰彇鎸囧畾璺緞涓嬬殑鎵�鏈� .class 鏂囦欢璧勬簮
+ Resource[] resources = resolver.getResources(classpath + path + "/*.class");
+ for (Resource resource : resources) {
+ // 鑾峰彇璧勬簮鐨勭被鍏冩暟鎹�
+ ClassMetadata classMetadata = factory.getMetadataReader(resource).getClassMetadata();
+ // 鑾峰彇璧勬簮瀵瑰簲鐨勭被瀵硅薄
+ Class<?> clazz = Resources.classForName(classMetadata.getClassName());
+ // 鏌ユ壘绫讳腑鐨勭壒瀹氭敞瑙�
+ findAnnotation(clazz);
+ }
}
+ } catch (Exception e) {
+ log.error("鍒濆鍖栨暟鎹畨鍏ㄧ紦瀛樻椂鍑洪敊:{}", e.getMessage());
+ }
+ }
+
+ /**
+ * 鍦ㄦ寚瀹氱殑绫讳腑鏌ユ壘鐗瑰畾鐨勬敞瑙� DataPermission锛屽苟灏嗗甫鏈夎繖涓敞瑙g殑鏂规硶鎴栫被瀛樺偍鍒� dataPermissionCacheMap 涓�
+ *
+ * @param clazz 瑕佹煡鎵剧殑绫�
+ */
+ private void findAnnotation(Class<?> clazz) {
+ DataPermission dataPermission;
+ for (Method method : clazz.getMethods()) {
+ if (method.isDefault() || method.isVarArgs()) {
+ continue;
+ }
+ String mappedStatementId = clazz.getName() + "." + method.getName();
if (AnnotationUtil.hasAnnotation(method, DataPermission.class)) {
dataPermission = AnnotationUtil.getAnnotation(method, DataPermission.class);
dataPermissionCacheMap.put(mappedStatementId, dataPermission);
- return dataPermission.value();
}
}
- dataPermission = dataPermissionCacheMap.get(clazz.getName());
- if (ObjectUtil.isNotNull(dataPermission)) {
- return dataPermission.value();
- }
- // 鑾峰彇绫绘敞瑙�
if (AnnotationUtil.hasAnnotation(clazz, DataPermission.class)) {
dataPermission = AnnotationUtil.getAnnotation(clazz, DataPermission.class);
dataPermissionCacheMap.put(clazz.getName(), dataPermission);
- return dataPermission.value();
+ }
+ }
+
+ /**
+ * 鏍规嵁鏄犲皠璇彞 ID 鎴栫被鍚嶈幏鍙栧搴旂殑 DataPermission 娉ㄨВ瀵硅薄
+ *
+ * @param mapperId 鏄犲皠璇彞 ID
+ * @return DataPermission 娉ㄨВ瀵硅薄锛屽鏋滀笉瀛樺湪鍒欒繑鍥� null
+ */
+ public DataPermission getDataPermission(String mapperId) {
+ // 妫�鏌ョ紦瀛樹腑鏄惁鍖呭惈鏄犲皠璇彞 ID 瀵瑰簲鐨� DataPermission 娉ㄨВ瀵硅薄
+ if (dataPermissionCacheMap.containsKey(mapperId)) {
+ return dataPermissionCacheMap.get(mapperId);
+ }
+ // 濡傛灉缂撳瓨涓笉鍖呭惈鏄犲皠璇彞 ID 瀵瑰簲鐨� DataPermission 娉ㄨВ瀵硅薄锛屽垯灏濊瘯浣跨敤绫诲悕浣滀负閿煡鎵�
+ String clazzName = mapperId.substring(0, mapperId.lastIndexOf("."));
+ if (dataPermissionCacheMap.containsKey(clazzName)) {
+ return dataPermissionCacheMap.get(clazzName);
}
return null;
}
/**
- * 鏄惁涓烘棤鏁堟柟娉� 鏃犳暟鎹潈闄�
+ * 妫�鏌ョ粰瀹氱殑鏄犲皠璇彞 ID 鏄惁鏈夋晥锛屽嵆鏄惁鑳藉鎵惧埌瀵瑰簲鐨� DataPermission 娉ㄨВ瀵硅薄
+ *
+ * @param mapperId 鏄犲皠璇彞 ID
+ * @return 濡傛灉鎵惧埌瀵瑰簲鐨� DataPermission 娉ㄨВ瀵硅薄锛屽垯杩斿洖 false锛涘惁鍒欒繑鍥� true
*/
- public boolean isInvalid(String mappedStatementId) {
- return invalidCacheSet.contains(mappedStatementId);
+ public boolean invalid(String mapperId) {
+ return getDataPermission(mapperId) == null;
}
}
--
Gitblit v1.9.3