package cn.iocoder.yudao.module.system.framework;
import cn.hutool.core.util.ObjectUtil;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule;
import cn.iocoder.yudao.framework.mybatis.core.util.MyBatisUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
import cn.iocoder.yudao.module.system.dal.dataobject.dept.PostDO;
import cn.iocoder.yudao.module.system.dal.dataobject.permission.RoleDO;
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
import cn.iocoder.yudao.module.system.dal.mysql.permission.UserRoleMapper;
import cn.iocoder.yudao.module.system.dal.mysql.user.AdminUserMapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.google.common.collect.Sets;
import net.sf.jsqlparser.expression.Alias;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.LongValue;
import net.sf.jsqlparser.expression.StringValue;
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
import net.sf.jsqlparser.expression.operators.relational.InExpression;
import net.sf.jsqlparser.schema.Column;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Set;
/**
* 数据权限控制:针对表,展示本人及下级数据
*/
@Component // 声明为 Spring Bean,保证被 yudao-spring-boot-starter-biz-data-permission 组件扫描到
public class ChildrenDataPermissionRule implements DataPermissionRule {
@Resource
private UserRoleMapper userRoleMapper;
@Resource
private AdminUserMapper adminUserMapper;
@Override
public Set<String> getTableNames() {
return Sets.newHashSet( "nlm_order_profitt", "system_users","nlm_equipment_param","nlm_contact");
}
@Override
public Expression getExpression(String tableName, Alias tableAlias) {
// 只有有登陆用户的情况下,才进行数据权限的处理
LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
if (loginUser == null) {
return null;
}
// 只有管理员类型的用户,才进行数据权限的处理
if (ObjectUtil.notEqual(loginUser.getUserType(), UserTypeEnum.ADMIN.getValue())) {
return null;
}
Long userId = SecurityFrameworkUtils.getLoginUserId();
if (Objects.equals(tableName, "system_users") && userId == null) {
return null;
}
assert userId != null;
String field;
switch (tableName) {
case "nlm_order_profitt":
case "nlm_equipment_param":
case "nlm_contact":
field = "user_id";
return inChildrenExpression(field, userId, tableName, tableAlias);
case "system_users":
field = "id";
return inChildrenExpression(field, userId, tableName, tableAlias);
default:
return null;
}
}
// 返回in对应的当前用户及下级的id的表达式
public Expression inChildrenExpression(String field, Long userId, String tableName, Alias tableAlias) {
// 判断当前登录者的角色
// List<UserRoleDO> userRoleList = userRoleMapper.selectListByUserId(userId);
List<RoleDO> userRoleList = adminUserMapper.selectRoleByUserId(userId);
// 获取当前最高级角色,判断角色类型
long roleId = 0;
int type = 0;
for (RoleDO userRole : userRoleList) {
if (roleId == 0 || roleId > userRole.getId()) {
roleId = userRole.getId();
}
if(userRole.getType() == 3){
type = 3;
}
}
// 管理员 查询所有
if (roleId < 3 || type == 3) {
return null;
} else if(roleId == 10){
// 区域代理:查询市级
// 获取区域代理对用的市级
String city = adminUserMapper.selectCityString(userId);
if(Objects.equals(city, "")){
return new EqualsTo(null, null);
}
Column column = MyBatisUtils.buildColumn(tableName, tableAlias, "city");
Expression cityExpression = new InExpression(column, new ExpressionList(CollectionUtils.convertList(Arrays.stream(city.split(",")).toList(), StringValue::new)));
if(Objects.equals(tableName, "system_users")){
Expression idExpression = new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, "id"), new LongValue(userId));
return new OrExpression(cityExpression, idExpression);
}
return cityExpression;
}else {
// 代理商数据权限 = 员工数据权限
if (roleId == 4) {
// 查询员工所属的代理商
AdminUserDO agent = adminUserMapper.selectUserById(userId);
userId = "nlm_equipment_param".equals(tableName)||"nlm_contact".equals(tableName) ? userId : agent.getPid();
}
Set<Long> childrenIds = adminUserMapper.selectChildrenIdsByPid(userId);
childrenIds.add(userId);
return new InExpression(MyBatisUtils.buildColumn(tableName, tableAlias, field), new ExpressionList(CollectionUtils.convertList(childrenIds, LongValue::new)));
}
}
}
芋道权限:查询自己及下级的数据
于 2022-12-06 13:50:39 首次发布