完善数据权限功能

2024-03-28 15:06:58 +08:00
parent 4aef506c93
commit 20da604267
60 changed files with 4587 additions and 164 deletions
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/handler/AutoFillMetaObjectHandler.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/handler/AutoFillMetaObjectHandler.java
@@ -10,23 +10,25 @@ import org.springframework.stereotype.Component;
 /**
 * 自动填充处理类
 *
- * @author jishanfeng
- * @date 2024-01-12
 */
@Slf4j
@Component
-public class MyMetaObjectHandler implements MetaObjectHandler {
+public class AutoFillMetaObjectHandler implements MetaObjectHandler {

    @Override
    public void insertFill(MetaObject metaObject) {
+        log.info("start insert fill ....");
        // 获取当前登录用户
        String userName = SecurityUtils.getUsername();
+        Long deptId = SecurityUtils.getDeptId();
        fillValue("createBy", userName, metaObject);
        fillValue("createTime", DateUtils.getNowDate(), metaObject);
+        fillValue("deptId", deptId, metaObject);
    }

    @Override
    public void updateFill(MetaObject metaObject) {
+        log.info("start update fill ....");
        // 获取当前登录用户
        String userName = SecurityUtils.getUsername();
        fillValue("updateBy", userName, metaObject);
@@ -37,7 +39,7 @@ public class MyMetaObjectHandler implements MetaObjectHandler {
        if (metaObject.hasSetter(fieldName)) {
            // 值为空时设置默认值
            Object sidObj = getFieldValByName(fieldName, metaObject);
-            if (sidObj == null || "updateBy".equals(fieldName) || "updateTime".equals(fieldName)) {
+            if (sidObj == null) {
                setFieldValByName(fieldName, data, metaObject);
            }
        }
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/DataScopeIntercept.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/DataScopeIntercept.java
@@ -27,6 +27,7 @@ import net.sf.jsqlparser.statement.select.SetOperationList;
 import net.sf.jsqlparser.statement.update.Update;
 import org.apache.ibatis.executor.Executor;
 import org.apache.ibatis.executor.statement.StatementHandler;
+import org.apache.ibatis.jdbc.SQL;
 import org.apache.ibatis.mapping.BoundSql;
 import org.apache.ibatis.mapping.MappedStatement;
 import org.apache.ibatis.session.ResultHandler;
@@ -60,7 +61,7 @@ public class DataScopeIntercept extends JsqlParserSupport implements InnerInterc
            for (Method m : methods) {
                if (Objects.equals(m.getName(), methodName)) {
                    DataScope controllerDataScope = m.getAnnotation(DataScope.class);
-                    if(controllerDataScope!=null){
+                    if (controllerDataScope != null) {
                        String originalSql = boundSql.getSql();
                        // 检查SQL是否包含count()函数
                        if (!originalSql.toLowerCase().contains("count(")) {
@@ -128,8 +129,8 @@ public class DataScopeIntercept extends JsqlParserSupport implements InnerInterc
        String className = mapperId.substring(0, mapperId.lastIndexOf("."));
        //获取方法名
        String methodName = mapperId.substring(mapperId.lastIndexOf(".") + 1);
-        Table fromItem = (Table) plainSelect.getFromItem();
        // 有别名用别名，无别名用表名，防止字段冲突报错
+        // Table fromItem = (Table) plainSelect.getFromItem();
        // Alias fromItemAlias = fromItem.getAlias();
        // String mainTableName = fromItemAlias == null ? fromItem.getName() : fromItemAlias.getName();
        //获取当前mapper 的方法
@@ -157,11 +158,11 @@ public class DataScopeIntercept extends JsqlParserSupport implements InnerInterc
                            try {
                                Expression expression = CCJSqlParserUtil.parseExpression(sql);
                                // 数据权限使用单独的括号 防止与其他条件冲突
-                                Parenthesis parenthesis = new Parenthesis(expression);
+                                // Parenthesis parenthesis = new Parenthesis(expression);
                                if (null != where) {
-                                    return new AndExpression(where, parenthesis);
+                                    return new AndExpression(where, expression);
                                } else {
-                                    return parenthesis;
+                                    return expression;
                                }
                            } catch (Exception e) {
                                throw new RuntimeException("数据权限解析异常 => " + e.getMessage());
@@ -203,20 +204,20 @@ public class DataScopeIntercept extends JsqlParserSupport implements InnerInterc
                break;
            } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) {
                sqlString.append(StringUtils.format(
-                        " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
+                        " {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
                        role.getRoleId()));
            } else if (DATA_SCOPE_DEPT.equals(dataScope)) {
-                sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
+                sqlString.append(StringUtils.format(" {}.dept_id = {} ", deptAlias, user.getDeptId()));
            } else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
                sqlString.append(StringUtils.format(
-                        " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
+                        " {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
                        deptAlias, user.getDeptId(), user.getDeptId()));
            } else if (DATA_SCOPE_SELF.equals(dataScope)) {
                if (StringUtils.isNotBlank(userAlias)) {
-                    sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
+                    sqlString.append(StringUtils.format(" {}.user_id = {} ", userAlias, user.getUserId()));
                } else {
                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
-                    sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
+                    sqlString.append(StringUtils.format(" {}.dept_id = 0 ", deptAlias));
                }
            }
            conditions.add(dataScope);
@@ -224,7 +225,7 @@ public class DataScopeIntercept extends JsqlParserSupport implements InnerInterc

        // 多角色情况下，所有角色都不包含传递过来的权限字符，这个时候sqlString也会为空，所以要限制一下,不查询任何数据
        if (StringUtils.isEmpty(conditions)) {
-            sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
+            sqlString.append(StringUtils.format(" {}.dept_id = 0 ", deptAlias));
        }
        return sqlString.toString();
    }