• mybatis拦截器实现数据权限


    mybatis拦截器实现数据权限

    数据权限拦截器:

    @Data
    @NoArgsConstructor
    @AllArgsConstructor
    @ToString(callSuper = true)
    @EqualsAndHashCode(callSuper = true)
    public class MyDataPermissionInterceptor extends JsqlParserSupport implements InnerInterceptor {
    
        /**
         * 数据权限处理器
         */
        private MyDataPermissionHandler dataPermissionHandler;
    
        @Override
        public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException {
            if (InterceptorIgnoreHelper.willIgnoreDataPermission(ms.getId())) {
                return;
            }
            PluginUtils.MPBoundSql mpBs = PluginUtils.mpBoundSql(boundSql);
            mpBs.sql(this.parserSingle(mpBs.sql(), ms.getId()));
        }
    
        @Override
        protected void processSelect(Select select, int index, String sql, Object obj) {
            SelectBody selectBody = select.getSelectBody();
            if (selectBody instanceof PlainSelect) {
                this.setWhere((PlainSelect) selectBody, (String) obj);
            } else if (selectBody instanceof SetOperationList) {
                SetOperationList setOperationList = (SetOperationList) selectBody;
                List<SelectBody> selectBodyList = setOperationList.getSelects();
                selectBodyList.forEach(s -> this.setWhere((PlainSelect) s, (String) obj));
            }
        }
    
        /**
         * 设置 where 条件
         *
         * @param plainSelect  查询对象
         * @param whereSegment 查询条件片段
         */
        private void setWhere(PlainSelect plainSelect, String whereSegment) {
    
            Expression sqlSegment = this.dataPermissionHandler.getSqlSegment(plainSelect, whereSegment);
            if (null != sqlSegment) {
                plainSelect.setWhere(sqlSegment);
            }
        }
    }
    
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38
    • 39
    • 40
    • 41
    • 42
    • 43
    • 44
    • 45
    • 46
    • 47
    • 48

    具体业务实现拼接

    @Slf4j
    public class MyDataPermissionHandler {
    
        private UserService userService;
        /**
         * 获取数据权限 SQL 片段
         *
         * @param plainSelect  查询对象
         * @param whereSegment 查询条件片段
         * @return JSqlParser 条件表达式
         */
        @SneakyThrows(Exception.class)
        public Expression getSqlSegment(PlainSelect plainSelect, String whereSegment) {
            userService = SpringUtils.getBean(UserService.class);
            // 待执行 SQL Where 条件表达式
            Expression where = plainSelect.getWhere();
            if (where == null) {
                where = new HexValue(" 1 = 1 ");
            }
            log.info("开始进行权限过滤,dataFilterMetaData:{} , where: {},mappedStatementId: {}", 111, where, whereSegment);
            //获取mapper名称
            String className = whereSegment.substring(0, whereSegment.lastIndexOf("."));
            //获取方法名
            String methodName = whereSegment.substring(whereSegment.lastIndexOf(".") + 1);
            Table fromItem = (Table) plainSelect.getFromItem();
            // 有别名用别名,无别名用表名,防止字段冲突报错
            Alias fromItemAlias = fromItem.getAlias();
            String mainTableName = fromItemAlias == null ? fromItem.getName() : fromItemAlias.getName();
            //获取当前mapper 的方法
            Method[] methods = Class.forName(className).getMethods();
            for (Method m : methods) {
                if (Objects.equals(m.getName(), methodName)) {
                    UserDataPermission annotation = m.getAnnotation(UserDataPermission.class);
                    if (annotation == null) {
                        return where;
                    }
                    Long userId = BaseContextHandler.getUserId();
                    User currentUser = userService.getById(userId);
                    DataScopeType dsType = currentUser.getDsType();
                    //有注解,需要进行数据权限拦截
                    switch (dsType) {
                        // 查看全部
                        case ALL:
                            return where;
                        // 查看自己的数据
                        case THIS_LEVEL:
                            //  = 表达式
                            // dept_id = deptId
                            EqualsTo usesEqualsTo = new EqualsTo();
                            usesEqualsTo.setLeftExpression(new Column(mainTableName+".create_user"));
                            usesEqualsTo.setRightExpression(new LongValue(currentUser.getId()));
                            return new AndExpression(where, usesEqualsTo);
                        // 查看本人所在职务以及下属职务
                        case THIS_LEVEL_CHILDREN:
                            //create_user  in (····)
                            // 创建IN 表达式
                            // 创建IN范围的元素集合
                            Long stationId = currentUser.getStationId();
                            List<Long> ids =  userService.getUserAndChildJob(stationId);
                            log.info("本级及子级用户id:{}",ids);
                            // 把集合转变为JSQLParser需要的元素列表
                            ItemsList itemsList = new ExpressionList(ids.stream().map(LongValue::new).collect(Collectors.toList()));
                            InExpression inExpression = new InExpression(new Column(mainTableName+".create_user"), itemsList);
                            return new AndExpression(where, inExpression);
                        // 查看当前部门的数据
                        case THIS_DEPARTMENT:
                            // dept_id = dept_id
                            EqualsTo selfEqualsTo = new EqualsTo();
                            selfEqualsTo.setLeftExpression(new Column(mainTableName+".dept_id"));
                            selfEqualsTo.setRightExpression(new LongValue(currentUser.getOrgId()));
                            return new AndExpression(where, selfEqualsTo);
                        //查看当前部门及下属部门
                        case THIS_DEPARTMENT_CHILDREN:
                            // 创建IN 表达式
                            // 创建IN范围的元素集合
                            Set<Long> deptIds = userService.getDeptIds(currentUser.getOrgId());
                            log.info("本部门及子部门部门id:{}",deptIds);
                            // 把集合转变为JSQLParser需要的元素列表
                            ItemsList deptList = new ExpressionList(deptIds.stream().map(LongValue::new).collect(Collectors.toList()));
                            InExpression inExpressiondept = new InExpression(new Column(mainTableName+".dept_id"), deptList);
                            return new AndExpression(where, inExpressiondept);
                        //本地区
                        case THIS_REGION:
                            // region_id = dept_id
                            EqualsTo regionEqualsTo = new EqualsTo();
                            log.info("查询本地区:{}",currentUser.getAdressId());
                            regionEqualsTo.setLeftExpression(new Column(mainTableName+".region_id"));
                            regionEqualsTo.setRightExpression(new LongValue(currentUser.getAdressId()));
                            return new AndExpression(where, regionEqualsTo);
                        case ASSIGN_USER:
                        case ASSIGN_DEPARTMENT:
                        case ASSIGN_REGION:
                        default:
                            break;
                    }
                }
    
            }
            //说明无权查看,
            where = new HexValue(" 1 = 2 ");
            return where;
        }
    
    }
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38
    • 39
    • 40
    • 41
    • 42
    • 43
    • 44
    • 45
    • 46
    • 47
    • 48
    • 49
    • 50
    • 51
    • 52
    • 53
    • 54
    • 55
    • 56
    • 57
    • 58
    • 59
    • 60
    • 61
    • 62
    • 63
    • 64
    • 65
    • 66
    • 67
    • 68
    • 69
    • 70
    • 71
    • 72
    • 73
    • 74
    • 75
    • 76
    • 77
    • 78
    • 79
    • 80
    • 81
    • 82
    • 83
    • 84
    • 85
    • 86
    • 87
    • 88
    • 89
    • 90
    • 91
    • 92
    • 93
    • 94
    • 95
    • 96
    • 97
    • 98
    • 99
    • 100
    • 101
    • 102
    • 103
    • 104

    自定义注解

    @Target({ElementType.METHOD, ElementType.TYPE})
    @Retention(RetentionPolicy.RUNTIME)
    public @interface UserDataPermission {
    }
    
    • 1
    • 2
    • 3
    • 4

    完成拦截器注册

    /**
     * @program: crm_backend
     * @description: mybatisplusconfig
     * @author: JiaChaoYang
     * @create: 2022-07-21 17:07
     **/
    @Configuration
    public class MyBatisPlusConfig {
    
        /**
         * @Description 分页插件,一缓和二缓遵循mybatis的规则,
         * @Params []
         * @Return com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor
         * @Author JiaChaoYang
         * @Date 2022/7/21 17:10
         */
        @Bean
        public MybatisPlusInterceptor mybatisPlusInterceptor() {
            MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
            // 添加数据权限插件
            MyDataPermissionInterceptor dataPermissionInterceptor = new MyDataPermissionInterceptor();
            // 添加自定义的数据权限处理器
            dataPermissionInterceptor.setDataPermissionHandler(new MyDataPermissionHandler());
            interceptor.addInnerInterceptor(dataPermissionInterceptor);
            interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
            return interceptor;
        }
    }
    
    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28

    如何使用:

    在mapper层添加注解即可

        @UserDataPermission
        List<CustomerAllVO> selectAllCustomerPage(IPage<CustomerAllVO> page, @Param("customerName")String customerName ,
                                                  @Param("customerCreditCode")String customerCreditCode,
                                                  @Param("teamUserId")Integer teamUserId);
    
    
    • 1
    • 2
    • 3
    • 4
    • 5
  • 相关阅读:
    Flutter 像素编辑器#04 | 导入导出图像
    计算机网络
    正则系列之组和范围(Groups and Ranges)
    Oracle Redo在线日志&Archive归档日志分析
    react18-学习笔记1-导学笔记
    关于 Redis 必问面试题,你知道哪些?
    记录Vagrant常用的一些命令
    vue富文本编辑器wangeditor输入空格回车的必填判断
    丢掉破解版,官方免费了!!!
    Kafka Tool(Kafka 可视化工具)安装及使用教程
  • 原文地址:https://blog.csdn.net/m0_52255061/article/details/126118291