芋道权限：查询自己及下级的数据

符文师

已于 2023-04-27 08:40:58 修改

阅读量1.3k

点赞数

分类专栏： java 文章标签： java mybatis spring

于 2022-12-06 13:50:39 首次发布

本文链接：https://blog.csdn.net/qq_31315703/article/details/128201693

版权

java 专栏收录该内容

7 篇文章 0 订阅

订阅专栏

package cn.iocoder.yudao.module.system.framework;

import cn.hutool.core.util.ObjectUtil;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule;
import cn.iocoder.yudao.framework.mybatis.core.util.MyBatisUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
import cn.iocoder.yudao.module.system.dal.dataobject.dept.PostDO;
import cn.iocoder.yudao.module.system.dal.dataobject.permission.RoleDO;
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
import cn.iocoder.yudao.module.system.dal.mysql.permission.UserRoleMapper;
import cn.iocoder.yudao.module.system.dal.mysql.user.AdminUserMapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.google.common.collect.Sets;
import net.sf.jsqlparser.expression.Alias;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.LongValue;
import net.sf.jsqlparser.expression.StringValue;
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
import net.sf.jsqlparser.expression.operators.relational.InExpression;
import net.sf.jsqlparser.schema.Column;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Set;

/**
 * 数据权限控制：针对表，展示本人及下级数据
 */
@Component // 声明为 Spring Bean，保证被 yudao-spring-boot-starter-biz-data-permission 组件扫描到
public class ChildrenDataPermissionRule implements DataPermissionRule {

    @Resource
    private UserRoleMapper userRoleMapper;

    @Resource
    private AdminUserMapper adminUserMapper;

    @Override
    public Set<String> getTableNames() {
        return Sets.newHashSet( "nlm_order_profitt", "system_users","nlm_equipment_param","nlm_contact");
    }

    @Override
    public Expression getExpression(String tableName, Alias tableAlias) {

        // 只有有登陆用户的情况下，才进行数据权限的处理
        LoginUser loginUser = SecurityFrameworkUtils.getLoginUser();
        if (loginUser == null) {
            return null;
        }
        // 只有管理员类型的用户，才进行数据权限的处理
        if (ObjectUtil.notEqual(loginUser.getUserType(), UserTypeEnum.ADMIN.getValue())) {
            return null;
        }
        Long userId = SecurityFrameworkUtils.getLoginUserId();

        if (Objects.equals(tableName, "system_users") && userId == null) {
            return null;
        }
        assert userId != null;
        String field;
        switch (tableName) {
            case "nlm_order_profitt":
            case "nlm_equipment_param":
            case "nlm_contact":
                field = "user_id";
                return inChildrenExpression(field, userId, tableName, tableAlias);
            case "system_users":
                field = "id";
                return inChildrenExpression(field, userId, tableName, tableAlias);
            default:
                return null;
        }
    }

    // 返回in对应的当前用户及下级的id的表达式
    public Expression inChildrenExpression(String field, Long userId, String tableName, Alias tableAlias) {
        // 判断当前登录者的角色
//        List<UserRoleDO> userRoleList = userRoleMapper.selectListByUserId(userId);
        List<RoleDO> userRoleList = adminUserMapper.selectRoleByUserId(userId);
        // 获取当前最高级角色，判断角色类型
        long roleId = 0;
        int type = 0;
        for (RoleDO userRole : userRoleList) {
            if (roleId == 0 || roleId > userRole.getId()) {
                roleId = userRole.getId();
            }
            if(userRole.getType() == 3){
                type = 3;
            }
        }

        // 管理员 查询所有
        if (roleId < 3 || type == 3) {
            return null;
        } else if(roleId == 10){
            // 区域代理：查询市级
            // 获取区域代理对用的市级
            String city = adminUserMapper.selectCityString(userId);
            if(Objects.equals(city, "")){
                return new EqualsTo(null, null);
            }
            Column column = MyBatisUtils.buildColumn(tableName, tableAlias, "city");
            Expression cityExpression = new InExpression(column, new ExpressionList(CollectionUtils.convertList(Arrays.stream(city.split(",")).toList(), StringValue::new)));
            if(Objects.equals(tableName, "system_users")){
                Expression idExpression = new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, "id"), new LongValue(userId));
                return new OrExpression(cityExpression, idExpression);
            }
            return cityExpression;
        }else {
            // 代理商数据权限 = 员工数据权限
            if (roleId == 4) {
                // 查询员工所属的代理商
                AdminUserDO agent = adminUserMapper.selectUserById(userId);
                userId = "nlm_equipment_param".equals(tableName)||"nlm_contact".equals(tableName) ? userId : agent.getPid();
            }
            Set<Long> childrenIds = adminUserMapper.selectChildrenIdsByPid(userId);
            childrenIds.add(userId);
            return new InExpression(MyBatisUtils.buildColumn(tableName, tableAlias, field), new ExpressionList(CollectionUtils.convertList(childrenIds, LongValue::new)));
        }
    }
}