update 完美修复数据权限功能(支持单表多表过滤)

2021-05-30 02:20:21 +08:00 · 2021-05-30 02:20:21 +08:00 · 6d5a0d8a7e
commit 6d5a0d8a7e
parent 6192d42564
4 changed files with 114 additions and 136 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/DataScope.java
@ -8,7 +8,7 @@ import java.lang.annotation.Target;

 /**
 * 数据权限过滤注解
- * 
+ *
 * @author ruoyi
 */
@Target(ElementType.METHOD)
@ -25,4 +25,9 @@ public @interface DataScope
     * 用户表的别名
     */
    public String userAlias() default "";
+
+	/**
+	 * 是否过滤用户权限
+	 */
+	public boolean isUser() default false;
 }
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@ -24,169 +24,145 @@ import java.util.Map;
 /**
 * 数据过滤处理
 *
- * @author ruoyi
+ * @author Lion Li
 */
@Aspect
@Component
-public class DataScopeAspect
-{
-    /**
-     * 全部数据权限
-     */
-    public static final String DATA_SCOPE_ALL = "1";
+public class DataScopeAspect {

-    /**
-     * 自定数据权限
-     */
-    public static final String DATA_SCOPE_CUSTOM = "2";
+	/**
+	 * 全部数据权限
+	 */
+	public static final String DATA_SCOPE_ALL = "1";

-    /**
-     * 部门数据权限
-     */
-    public static final String DATA_SCOPE_DEPT = "3";
+	/**
+	 * 自定数据权限
+	 */
+	public static final String DATA_SCOPE_CUSTOM = "2";

-    /**
-     * 部门及以下数据权限
-     */
-    public static final String DATA_SCOPE_DEPT_AND_CHILD = "4";
+	/**
+	 * 部门数据权限
+	 */
+	public static final String DATA_SCOPE_DEPT = "3";

-    /**
-     * 仅本人数据权限
-     */
-    public static final String DATA_SCOPE_SELF = "5";
+	/**
+	 * 部门及以下数据权限
+	 */
+	public static final String DATA_SCOPE_DEPT_AND_CHILD = "4";

-    /**
-     * 数据权限过滤关键字
-     */
-    public static final String DATA_SCOPE = "dataScope";
+	/**
+	 * 仅本人数据权限
+	 */
+	public static final String DATA_SCOPE_SELF = "5";

-    // 配置织入点
-    @Pointcut("@annotation(com.ruoyi.common.annotation.DataScope)")
-    public void dataScopePointCut()
-    {
-    }
+	/**
+	 * 数据权限过滤关键字
+	 */
+	public static final String DATA_SCOPE = "dataScope";

-    @Before("dataScopePointCut()")
-    public void doBefore(JoinPoint point) throws Throwable
-    {
+	// 配置织入点
+	@Pointcut("@annotation(com.ruoyi.common.annotation.DataScope)")
+	public void dataScopePointCut() {
+	}
+
+	@Before("dataScopePointCut()")
+	public void doBefore(JoinPoint point) throws Throwable {
 		clearDataScope(point);
-        handleDataScope(point);
-    }
+		handleDataScope(point);
+	}

-    protected void handleDataScope(final JoinPoint joinPoint)
-    {
-        // 获得注解
-        DataScope controllerDataScope = getAnnotationLog(joinPoint);
-        if (controllerDataScope == null)
-        {
-            return;
-        }
-        // 获取当前的用户
-        LoginUser loginUser = SpringUtils.getBean(TokenService.class).getLoginUser(ServletUtils.getRequest());
-        if (Validator.isNotNull(loginUser))
-        {
-            SysUser currentUser = loginUser.getUser();
-            // 如果是超级管理员，则不过滤数据
-            if (Validator.isNotNull(currentUser) && !currentUser.isAdmin())
-            {
-                dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
-                        controllerDataScope.userAlias());
-            }
-        }
-    }
+	protected void handleDataScope(final JoinPoint joinPoint) {
+		// 获得注解
+		DataScope controllerDataScope = getAnnotationLog(joinPoint);
+		if (controllerDataScope == null) {
+			return;
+		}
+		// 获取当前的用户
+		LoginUser loginUser = SpringUtils.getBean(TokenService.class).getLoginUser(ServletUtils.getRequest());
+		if (Validator.isNotNull(loginUser)) {
+			SysUser currentUser = loginUser.getUser();
+			// 如果是超级管理员，则不过滤数据
+			if (Validator.isNotNull(currentUser) && !currentUser.isAdmin()) {
+				dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
+					controllerDataScope.userAlias(), controllerDataScope.isUser());
+			}
+		}
+	}

-    /**
-     * 数据范围过滤
-     *
-     * @param joinPoint 切点
-     * @param user 用户
-     * @param userAlias 别名
-     */
-    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
-    {
-        StringBuilder sqlString = new StringBuilder();
+	/**
+	 * 数据范围过滤
+	 *
+	 * @param joinPoint 切点
+	 * @param user      用户
+	 * @param userAlias 别名
+	 */
+	public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, boolean isUser) {
+		StringBuilder sqlString = new StringBuilder();

 		// 将 "." 提取出,不写别名为单表查询,写别名为多表查询
 		deptAlias = StrUtil.isNotBlank(deptAlias) ? deptAlias + "." : "";
 		userAlias = StrUtil.isNotBlank(userAlias) ? userAlias + "." : "";

-        for (SysRole role : user.getRoles())
-        {
-            String dataScope = role.getDataScope();
-            if (DATA_SCOPE_ALL.equals(dataScope))
-            {
-                sqlString = new StringBuilder();
-                break;
-            }
-            else if (DATA_SCOPE_CUSTOM.equals(dataScope))
-            {
-                sqlString.append(StrUtil.format(
-                        " OR {}dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
-                        role.getRoleId()));
-            }
-            else if (DATA_SCOPE_DEPT.equals(dataScope))
-            {
-                sqlString.append(StrUtil.format(" OR {}dept_id = {} ", deptAlias, user.getDeptId()));
-            }
-            else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
-            {
-                sqlString.append(StrUtil.format(
-                        " OR {}dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
-                        deptAlias, user.getDeptId(), user.getDeptId()));
-            }
-            else if (DATA_SCOPE_SELF.equals(dataScope))
-            {
-                if (StrUtil.isNotBlank(userAlias))
-                {
-                    sqlString.append(StrUtil.format(" OR {}user_id = {} ", userAlias, user.getUserId()));
-                }
-                else
-                {
-                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
-                    sqlString.append(" OR 1=0 ");
-                }
-            }
-        }
+		for (SysRole role : user.getRoles()) {
+			String dataScope = role.getDataScope();
+			if (DATA_SCOPE_ALL.equals(dataScope)) {
+				sqlString = new StringBuilder();
+				break;
+			} else if (DATA_SCOPE_CUSTOM.equals(dataScope)) {
+				sqlString.append(StrUtil.format(
+					" OR {}dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ",
+					deptAlias, role.getRoleId()));
+			} else if (DATA_SCOPE_DEPT.equals(dataScope)) {
+				sqlString.append(StrUtil.format(" OR {}dept_id = {} ",
+					deptAlias, user.getDeptId()));
+			} else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
+				sqlString.append(StrUtil.format(
+					" OR {}dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
+					deptAlias, user.getDeptId(), user.getDeptId()));
+			} else if (DATA_SCOPE_SELF.equals(dataScope)) {
+				if (isUser) {
+					sqlString.append(StrUtil.format(" OR {}user_id = {} ",
+						userAlias, user.getUserId()));
+				} else {
+					// 数据权限为仅本人且没有userAlias别名不查询任何数据
+					sqlString.append(" OR 1=0 ");
+				}
+			}
+		}

-        if (StrUtil.isNotBlank(sqlString.toString()))
-        {
+		if (StrUtil.isNotBlank(sqlString.toString())) {
 			putDataScope(joinPoint, sqlString.substring(4));
 		}
-    }
+	}

-    /**
-     * 是否存在注解，如果存在就获取
-     */
-    private DataScope getAnnotationLog(JoinPoint joinPoint)
-    {
-        Signature signature = joinPoint.getSignature();
-        MethodSignature methodSignature = (MethodSignature) signature;
-        Method method = methodSignature.getMethod();
+	/**
+	 * 是否存在注解，如果存在就获取
+	 */
+	private DataScope getAnnotationLog(JoinPoint joinPoint) {
+		Signature signature = joinPoint.getSignature();
+		MethodSignature methodSignature = (MethodSignature) signature;
+		Method method = methodSignature.getMethod();

-        if (method != null)
-        {
-            return method.getAnnotation(DataScope.class);
-        }
-        return null;
-    }
+		if (method != null) {
+			return method.getAnnotation(DataScope.class);
+		}
+		return null;
+	}

 	/**
 	 * 拼接权限sql前先清空params.dataScope参数防止注入
 	 */
-	private void clearDataScope(final JoinPoint joinPoint)
-	{
+	private void clearDataScope(final JoinPoint joinPoint) {
 		Object params = joinPoint.getArgs()[0];
-		if (Validator.isNotNull(params))
-		{
+		if (Validator.isNotNull(params)) {
 			putDataScope(joinPoint, "");
 		}
 	}

 	private static void putDataScope(JoinPoint joinPoint, String sql) {
 		Object params = joinPoint.getArgs()[0];
-		if (Validator.isNotNull(params))
-		{
-			if(params instanceof BaseEntity) {
+		if (Validator.isNotNull(params)) {
+			if (params instanceof BaseEntity) {
 				BaseEntity baseEntity = (BaseEntity) params;
 				baseEntity.getParams().put(DATA_SCOPE, sql);
 			} else {
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysConfigServiceImpl.java
@ -32,9 +32,6 @@ import java.util.Map;
@Service
 public class SysConfigServiceImpl extends ServiceImpl<SysConfigMapper, SysConfig> implements ISysConfigService {

-	@Autowired
-	private SysConfigMapper configMapper;
-
 	@Autowired
 	private RedisCache redisCache;

@ -160,7 +157,7 @@ public class SysConfigServiceImpl extends ServiceImpl<SysConfigMapper, SysConfig
 			if (StrUtil.equals(UserConstants.YES, config.getConfigType())) {
 				throw new CustomException(String.format("内置参数【%1$s】不能删除 ", config.getConfigKey()));
 			}
-			configMapper.deleteById(configId);
+			baseMapper.deleteById(configId);
 			redisCache.deleteObject(getCacheKey(config.getConfigKey()));
 		}
 	}
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@ -52,7 +52,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
    private ISysConfigService configService;

    @Override
-    @DataScope(deptAlias = "d", userAlias = "u")
+    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
    public TableDataInfo<SysUser> selectPageUserList(SysUser user) {
        return PageUtils.buildDataInfo(baseMapper.selectPageUserList(PageUtils.buildPage(), user));
    }
@ -64,7 +64,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
     * @return 用户信息集合信息
     */
    @Override
-    @DataScope(deptAlias = "d", userAlias = "u")
+    @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
    public List<SysUser> selectUserList(SysUser user) {
        return baseMapper.selectUserList(user);
    }