| | |
|---|
| | | |
|---|
| | | import java.util.ArrayList; |
|---|
| | | import java.util.List; |
|---|
| | | |
|---|
| | | import org.aspectj.lang.JoinPoint; |
|---|
| | | import org.aspectj.lang.annotation.Aspect; |
|---|
| | | import org.aspectj.lang.annotation.Before; |
|---|
| | |
|---|
| | | */ |
|---|
| | | @Aspect |
|---|
| | | @Component |
|---|
| | | public class DataScopeAspect |
|---|
| | | { |
|---|
| | | public class DataScopeAspect { |
|---|
| | | /** |
|---|
| | | * 全部数据权限 |
|---|
| | | */ |
|---|
| | |
|---|
| | | public static final String DATA_SCOPE = "dataScope"; |
|---|
| | | |
|---|
| | | @Before("@annotation(controllerDataScope)") |
|---|
| | | public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable |
|---|
| | | { |
|---|
| | | public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable { |
|---|
| | | clearDataScope(point); |
|---|
| | | handleDataScope(point, controllerDataScope); |
|---|
| | | } |
|---|
| | | |
|---|
| | | protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope) |
|---|
| | | { |
|---|
| | | protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope) { |
|---|
| | | // 获取当前的用户 |
|---|
| | | LoginUser loginUser = SecurityUtils.getLoginUser(); |
|---|
| | | if (StringUtils.isNotNull(loginUser)) |
|---|
| | | { |
|---|
| | | if (StringUtils.isNotNull(loginUser)) { |
|---|
| | | SysUser currentUser = loginUser.getUser(); |
|---|
| | | // 如果是超级管理员,则不过滤数据 |
|---|
| | | if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()&& !currentUser.isApp()) |
|---|
| | | { |
|---|
| | | // 如果是超级管理员,则不过滤数据;如果是app指挥端,则不过滤数据; |
|---|
| | | if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) { |
|---|
| | | String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext()); |
|---|
| | | dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(), |
|---|
| | | controllerDataScope.userAlias(), permission); |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 数据范围过滤 |
|---|
| | | * |
|---|
| | | * @param joinPoint 切点 |
|---|
| | | * @param user 用户 |
|---|
| | | * @param deptAlias 部门别名 |
|---|
| | | * @param userAlias 用户别名 |
|---|
| | | * @param joinPoint 切点 |
|---|
| | | * @param user 用户 |
|---|
| | | * @param deptAlias 部门别名 |
|---|
| | | * @param userAlias 用户别名 |
|---|
| | | * @param permission 权限字符 |
|---|
| | | */ |
|---|
| | | public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission) |
|---|
| | | { |
|---|
| | | public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission) { |
|---|
| | | StringBuilder sqlString = new StringBuilder(); |
|---|
| | | List<String> conditions = new ArrayList<String>(); |
|---|
| | | |
|---|
| | | for (SysRole role : user.getRoles()) |
|---|
| | | { |
|---|
| | | for (SysRole role : user.getRoles()) { |
|---|
| | | String dataScope = role.getDataScope(); |
|---|
| | | if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) |
|---|
| | | { |
|---|
| | | if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) { |
|---|
| | | continue; |
|---|
| | | } |
|---|
| | | if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) |
|---|
| | | && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) |
|---|
| | | { |
|---|
| | | && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) { |
|---|
| | | continue; |
|---|
| | | } |
|---|
| | | if (DATA_SCOPE_ALL.equals(dataScope)) |
|---|
| | | { |
|---|
| | | if (DATA_SCOPE_ALL.equals(dataScope)) { |
|---|
| | | sqlString = new StringBuilder(); |
|---|
| | | break; |
|---|
| | | } |
|---|
| | | else if (DATA_SCOPE_CUSTOM.equals(dataScope)) |
|---|
| | | { |
|---|
| | | } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) { |
|---|
| | | sqlString.append(StringUtils.format( |
|---|
| | | " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, |
|---|
| | | role.getRoleId())); |
|---|
| | | } |
|---|
| | | else if (DATA_SCOPE_DEPT.equals(dataScope)) |
|---|
| | | { |
|---|
| | | } else if (DATA_SCOPE_DEPT.equals(dataScope)) { |
|---|
| | | sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId())); |
|---|
| | | } |
|---|
| | | else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) |
|---|
| | | { |
|---|
| | | } else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) { |
|---|
| | | sqlString.append(StringUtils.format( |
|---|
| | | " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or '{}'= any(string_to_array(ancestors,',') ))", |
|---|
| | | deptAlias, user.getDeptId(), user.getDeptId())); |
|---|
| | | } |
|---|
| | | else if (DATA_SCOPE_SELF.equals(dataScope)) |
|---|
| | | { |
|---|
| | | if (StringUtils.isNotBlank(userAlias)) |
|---|
| | | { |
|---|
| | | " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or CAST ( {} AS VARCHAR ) = ANY ( string_to_array( ancestors, ',' )))", |
|---|
| | | deptAlias, user.getDeptId(),user.getDeptId())); |
|---|
| | | } else if (DATA_SCOPE_SELF.equals(dataScope)) { |
|---|
| | | if (StringUtils.isNotBlank(userAlias)) { |
|---|
| | | sqlString.append(StringUtils.format(" OR {}.user_id = '{}' ", userAlias, user.getUserId())); |
|---|
| | | } |
|---|
| | | else |
|---|
| | | { |
|---|
| | | } else { |
|---|
| | | // 数据权限为仅本人且没有userAlias别名不查询任何数据 |
|---|
| | | sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias)); |
|---|
| | | } |
|---|
| | |
|---|
| | | conditions.add(dataScope); |
|---|
| | | } |
|---|
| | | |
|---|
| | | if (StringUtils.isNotBlank(sqlString.toString())) |
|---|
| | | { |
|---|
| | | if (StringUtils.isNotBlank(sqlString.toString())) { |
|---|
| | | Object params = joinPoint.getArgs()[0]; |
|---|
| | | if (StringUtils.isNotNull(params) && params instanceof BaseEntity) |
|---|
| | | { |
|---|
| | | if (StringUtils.isNotNull(params) && params instanceof BaseEntity) { |
|---|
| | | BaseEntity baseEntity = (BaseEntity) params; |
|---|
| | | baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")"); |
|---|
| | | } |
|---|
| | |
|---|
| | | /** |
|---|
| | | * 拼接权限sql前先清空params.dataScope参数防止注入 |
|---|
| | | */ |
|---|
| | | private void clearDataScope(final JoinPoint joinPoint) |
|---|
| | | { |
|---|
| | | private void clearDataScope(final JoinPoint joinPoint) { |
|---|
| | | Object params = joinPoint.getArgs()[0]; |
|---|
| | | if (StringUtils.isNotNull(params) && params instanceof BaseEntity) |
|---|
| | | { |
|---|
| | | if (StringUtils.isNotNull(params) && params instanceof BaseEntity) { |
|---|
| | | BaseEntity baseEntity = (BaseEntity) params; |
|---|
| | | baseEntity.getParams().put(DATA_SCOPE, ""); |
|---|
| | | } |
|---|
