fangqiao/qiaoba-boot
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
qiaoba-boot/qiaoba-auth/src/main/java/com/qiaoba/auth/aspectj/DataScopeAspect.java
ailanyin 0ae1932f4c add
2023-05-23 16:47:47 +08:00

124 lines
4.3 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package com.qiaoba.auth.aspectj;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.StrUtil;
import com.qiaoba.auth.annotation.DataScope;
import com.qiaoba.auth.entity.LoginUser;
import com.qiaoba.auth.entity.dto.RoleDto;
import com.qiaoba.auth.utils.SecurityUtil;
import com.qiaoba.common.base.entity.DataScopeParam;
import com.qiaoba.common.base.utils.DatabaseUtil;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
/**
* 数据过滤处理
*
* @author ruoyi
*/
@Aspect
@Component
public class DataScopeAspect {
/**
* 全部数据权限
*/
public static final String DATA_SCOPE_ALL = "1";
/**
* 自定数据权限
*/
public static final String DATA_SCOPE_CUSTOM = "2";
/**
* 部门数据权限
*/
public static final String DATA_SCOPE_DEPT = "3";
/**
* 部门及以下数据权限
*/
public static final String DATA_SCOPE_DEPT_AND_CHILD = "4";
/**
* 仅本人数据权限
*/
public static final String DATA_SCOPE_SELF = "5";
@Before("@annotation(controllerDataScope)")
public void doBefore(JoinPoint point, DataScope controllerDataScope) throws Throwable {
LoginUser loginUser = SecurityUtil.getLoginUser();
if (Objects.isNull(loginUser)) {
return;
}
Object[] args = point.getArgs();
for (Object arg : args) {
if (Objects.nonNull(arg) && arg instanceof DataScopeParam) {
dataScopeFilter((DataScopeParam) arg, loginUser, controllerDataScope.deptAlias(), controllerDataScope.userAlias());
break;
}
}
}
/**
* 数据范围过滤
*
* @param param 入参
* @param user 用户
* @param deptAlias 部门别名
* @param userAlias 用户别名
*/
public static void dataScopeFilter(DataScopeParam param, LoginUser user, String deptAlias, String userAlias) {
StringBuilder sqlString = new StringBuilder();
List<String> conditions = new ArrayList<String>();
for (RoleDto role : user.getRoles()) {
String dataScope = role.getDataScope();
if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) {
continue;
}
if (DATA_SCOPE_ALL.equals(dataScope)) {
sqlString = new StringBuilder();
conditions.add(dataScope);
break;
} else if (DATA_SCOPE_CUSTOM.equals(dataScope)) {
sqlString.append(StrUtil.format(
" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
role.getRoleId()));
} else if (DATA_SCOPE_DEPT.equals(dataScope)) {
sqlString.append(StrUtil.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
} else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
sqlString.append(StrUtil.format(
" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or {} )",
deptAlias, user.getDeptId(), DatabaseUtil.handleFindInSet(user.getDeptId(), "ancestors")));
} else if (DATA_SCOPE_SELF.equals(dataScope)) {
if (StrUtil.isNotBlank(userAlias)) {
sqlString.append(StrUtil.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
} else {
// 数据权限为仅本人且没有userAlias别名不查询任何数据
sqlString.append(StrUtil.format(" OR {}.dept_id = 0 ", deptAlias));
}
}
conditions.add(dataScope);
}
// 多角色情况下所有角色都不包含传递过来的权限字符这个时候sqlString也会为空所以要限制一下,不查询任何数据
if (CollUtil.isEmpty(conditions)) {
sqlString.append(StrUtil.format(" OR {}.dept_id = 0 ", deptAlias));
}
if (StrUtil.isNotBlank(sqlString)) {
param.setDataScope(" AND (" + sqlString.substring(4) + ")");
}
}
}
Reference in New Issue View Git Blame Copy Permalink