1通过DataScopePermissionHandler 改写
@Aspect
@Slf4j
@Component
public class DataScopePermissionHandler implements DataPermissionHandler {
/**
* 通过ThreadLocal记录权限相关的属性值
*/
ThreadLocal<DataScopeParam> threadLocal = new ThreadLocal<>();
/**
* 清空当前线程上次保存的权限信息
*/
@After("dataScopePointCut()")
public void clearThreadLocal(){
threadLocal.remove();
log.debug("threadLocal.remove()");
}
/**
* 注解对象
*/
private DataScope controllerDataScope;
/**
* 配置织入点
*/
@Pointcut("@annotation(com.xxx.base.datascope.annotation.DataScope)")
public void dataScopePointCut() {
}
@Before("dataScopePointCut()")
public void doBefore(JoinPoint point) {
// 获得注解
controllerDataScope = getAnnotationLog(point);
if (controllerDataScope != null) {
// 获取当前的用户及相关属性,需提前获取和保存数据权限对应的部门ID集合
User currentUser = SecurityUtil.getUser();
DataScopeParam dataScopeParam = new DataScopeParam(controllerDataScope.deptAlias(),
controllerDataScope.deptField(),
currentUser.isAdmin(),
currentUser.getDataScope());
threadLocal.set(dataScopeParam);
log.debug("currentUser.getDataScope() = {}", currentUser.getDataScope());
}
}
/**
* 是否存在注解,如果存在就获取
*/
private DataScope getAnnotationLog(JoinPoint joinPoint) {
Signature signature = joinPoint.getSignature();
MethodSignature methodSignature = (MethodSignature) signature;
Method method = methodSignature.getMethod();
if (method != null) {
return method.getAnnotation(DataScope.class);
}
return null;
}
/**
* @param where 原SQL Where 条件表达式
* @param mappedStatementId Mapper接口方法ID
* @return
*/
@SneakyThrows
@Override
public Expression getSqlSegment(Expression where, String mappedStatementId) {
log.debug("DataScopePermissionHandler .getSqlSegment");
DataScopeParam dataScopeParam = threadLocal.get();
if(controllerDataScope == null || dataScopeParam == null || dataScopeParam.isAdmin()){
return where;
}
if (where == null) {
where = new HexValue(" 1 = 1 ");
}
String deptSql = "".equals(dataScopeParam.deptAlias) ? dataScopeParam.deptField : dataScopeParam.deptAlias + "." + dataScopeParam.deptField;
// 把集合转变为JSQLParser需要的元素列表
ItemsList itemsList;
if(CollectionUtils.isEmpty(dataScopeParam.secretary)){
//如果权限为空,则只能看自己部门的
itemsList = new ExpressionList(Collections.singletonList(new LongValue(SecurityUtil.getUser().getOrganizeId())));
}else {
//查看权限内的数据
itemsList = new ExpressionList(dataScopeParam.secretary.stream().map(LongValue::new).collect(Collectors.toList()));
}
InExpression inExpression = new InExpression(new Column(deptSql), itemsList);
log.debug("where = {}", where);
log.debug("inExpression = {}", inExpression);
return new AndExpression(where, inExpression);
}
/**
* ThreadLocal存储对象
*/
@Data
@AllArgsConstructor
static class DataScopeParam{
/**
* 部门表的别名
*/
private String deptAlias;
/**
* 部门字段名
*/
private String deptField;
/**
* 是否是管理员
*/
private boolean isAdmin;
/**
* 数据权限范围
*/
private Set<Integer> secretary;
}
}
2