若依-数据权限控制-通过菜单权限区分不同角色的数据范围

/**
 * 验证用户是否具备某权限
 *
 * @param permission 权限字符串
 * @return 用户是否具备某权限
 */
public boolean hasPermi(String permission)
{
    ServletUtils.getRequest().setAttribute("permission", permission);
    if (StringUtils.isEmpty(permission))
    {
        return false;
    }
    LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
    if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions()))
    {
        return false;
    }
    return hasPermissions(loginUser.getPermissions(), permission);
}

/**
 * 数据范围过滤
 *
 * @param joinPoint 切点
 * @param user 用户
 * @param userAlias 别名
 */
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
{
    List<Long> idList = null;
    // 权限限制
    Object strPer = ServletUtils.getRequest().getAttribute("permission");
    List<RoleMenuPerms> list = SecurityUtils.getLoginUser().getPermsList();
    // 如果有权限限制，则获取权限所在的菜单所属的角色，获取该菜单所关联的数据
    if (null != strPer && StringUtils.isNotEmpty(String.valueOf(strPer)) && list != null) {
        idList = list.stream().filter(one -> String.valueOf(strPer).equals(one.getPerms()))
                .map(RoleMenuPerms::getRoleId).collect(Collectors.toList());
    }
    StringBuilder sqlString = new StringBuilder();

    for (SysRole role : user.getRoles())
    {
        if (idList != null && !idList.contains(role.getRoleId())) {
            continue;
        }
        if (role.getRoleKey().equals("approve")) {// ???
            continue;
        }
        String dataScope = role.getDataScope();
        if (DATA_SCOPE_ALL.equals(dataScope))
        {
            sqlString = new StringBuilder();
            break;
        }
        else if (DATA_SCOPE_CUSTOM.equals(dataScope))
        {
            sqlString.append(StringUtils.format(
                    " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
                    role.getRoleId()));
        }
        else if (DATA_SCOPE_DEPT.equals(dataScope))
        {
            sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
        }
        else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
        {
            sqlString.append(StringUtils.format(
                    " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
                    deptAlias, user.getDeptId(), user.getDeptId()));
        }
        else if (DATA_SCOPE_SELF.equals(dataScope))
        {
            if (StringUtils.isNotBlank(userAlias))
            {
                sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
            } else if (userAlias.equals("c")) {// ???
                // 在部分业务需求中，在本人数据权限下，部门数据权限需要开放。也就是需要实现多选的效果，暂时先硬编码实现
                sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
            }
            else
            {
                // 数据权限为仅本人且没有userAlias别名不查询任何数据
                sqlString.append(" OR 1=0 ");
            }
        }
    }

    if (StringUtils.isNotBlank(sqlString.toString()))
    {
        Object params = joinPoint.getArgs()[0];
        if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
        {
            BaseEntity baseEntity = (BaseEntity) params;
            baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
        }
    }
}