~liusuyi/ruoyi-api.git

			@@ -2,6 +2,7 @@

			import java.util.ArrayList;
			import java.util.List;

			import org.aspectj.lang.JoinPoint;
			import org.aspectj.lang.annotation.Aspect;
			import org.aspectj.lang.annotation.Before;
			@@ -23,8 +24,7 @@
			*/
			@Aspect
			@Component
			public class DataScopeAspect
			{
			public class DataScopeAspect {
			/**
			* 全部数据权限
			*/
			@@ -56,22 +56,18 @@
			public static final String DATA_SCOPE = "dataScope";

			@Before("@annotation(controllerDataScope)")
			public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable
			{
			public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable {
			clearDataScope(point);
			handleDataScope(point, controllerDataScope);
			}

			protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope)
			{
			protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope) {
			// 获取当前的用户
			LoginUser loginUser = SecurityUtils.getLoginUser();
			if (StringUtils.isNotNull(loginUser))
			{
			if (StringUtils.isNotNull(loginUser)) {
			SysUser currentUser = loginUser.getUser();
			// 如果是超级管理员，则不过滤数据;如果是app指挥端，则不过滤数据;
			if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()&& !currentUser.isAppLeader())
			{
			if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) {
			String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext());
			dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
			controllerDataScope.userAlias(), permission);
			@@ -83,58 +79,42 @@
			/**
			* 数据范围过滤
			*
			* @param joinPoint 切点
			* @param user 用户
			* @param deptAlias 部门别名
			* @param userAlias 用户别名
			* @param joinPoint 切点
			* @param user 用户
			* @param deptAlias 部门别名
			* @param userAlias 用户别名
			* @param permission 权限字符
			*/
			public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
			{
			public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission) {
			StringBuilder sqlString = new StringBuilder();
			List<String> conditions = new ArrayList<String>();

			for (SysRole role : user.getRoles())
			{
			for (SysRole role : user.getRoles()) {
			String dataScope = role.getDataScope();
			if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
			{
			if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) {
			continue;
			}
			if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
			&& !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
			{
			&& !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) {
			continue;
			}
			if (DATA_SCOPE_ALL.equals(dataScope))
			{
			if (DATA_SCOPE_ALL.equals(dataScope)) {
			sqlString = new StringBuilder();
			break;
			}
			else if (DATA_SCOPE_CUSTOM.equals(dataScope))
			{
			} else if (DATA_SCOPE_CUSTOM.equals(dataScope)) {
			sqlString.append(StringUtils.format(
			" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
			role.getRoleId()));
			}
			else if (DATA_SCOPE_DEPT.equals(dataScope))
			{
			} else if (DATA_SCOPE_DEPT.equals(dataScope)) {
			sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
			}
			else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
			{
			} else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
			sqlString.append(StringUtils.format(
			" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or '{}'= any(string_to_array(ancestors,',') ))",
			deptAlias, user.getDeptId(), user.getDeptId()));
			}
			else if (DATA_SCOPE_SELF.equals(dataScope))
			{
			if (StringUtils.isNotBlank(userAlias))
			{
			" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or CAST ( {} AS VARCHAR ) = ANY ( string_to_array( ancestors, ',' )))",
			deptAlias, user.getDeptId(),user.getDeptId()));
			} else if (DATA_SCOPE_SELF.equals(dataScope)) {
			if (StringUtils.isNotBlank(userAlias)) {
			sqlString.append(StringUtils.format(" OR {}.user_id = '{}' ", userAlias, user.getUserId()));
			}
			else
			{
			} else {
			// 数据权限为仅本人且没有userAlias别名不查询任何数据
			sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
			}
			@@ -142,11 +122,9 @@
			conditions.add(dataScope);
			}

			if (StringUtils.isNotBlank(sqlString.toString()))
			{
			if (StringUtils.isNotBlank(sqlString.toString())) {
			Object params = joinPoint.getArgs()[0];
			if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
			{
			if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
			BaseEntity baseEntity = (BaseEntity) params;
			baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
			}
			@@ -156,11 +134,9 @@
			/**
			* 拼接权限sql前先清空params.dataScope参数防止注入
			*/
			private void clearDataScope(final JoinPoint joinPoint)
			{
			private void clearDataScope(final JoinPoint joinPoint) {
			Object params = joinPoint.getArgs()[0];
			if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
			{
			if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
			BaseEntity baseEntity = (BaseEntity) params;
			baseEntity.getParams().put(DATA_SCOPE, "");
			}