package com.ruoyi.common.datascope.aspect;
|
|
import com.ruoyi.common.core.utils.StringUtils;
|
import com.ruoyi.common.core.web.domain.BaseEntity;
|
import com.ruoyi.common.datascope.annotation.DataScope;
|
import com.ruoyi.common.security.utils.SecurityUtils;
|
import com.ruoyi.system.api.domain.SysUser;
|
import com.ruoyi.system.api.model.LoginUser;
|
import org.aspectj.lang.JoinPoint;
|
import org.aspectj.lang.annotation.Aspect;
|
import org.aspectj.lang.annotation.Before;
|
import org.springframework.stereotype.Component;
|
|
import java.util.ArrayList;
|
import java.util.List;
|
|
/**
|
* 数据过滤处理
|
*
|
* @author ruoyi
|
*/
|
@Aspect
|
@Component
|
public class DataScopeAspect {
|
|
/**
|
* 数据权限过滤关键字
|
*/
|
public static final String DATA_SCOPE = "dataScope";
|
|
@Before("@annotation(controllerDataScope)")
|
public void doBefore(JoinPoint point, DataScope controllerDataScope) {
|
clearDataScope(point);
|
handleDataScope(point, controllerDataScope);
|
}
|
|
protected void handleDataScope(final JoinPoint joinPoint, DataScope controllerDataScope) {
|
// 获取当前的用户
|
LoginUser loginUser = SecurityUtils.getLoginUser();
|
if (StringUtils.isNotNull(loginUser)) {
|
SysUser currentUser = loginUser.getSysUser();
|
// 如果是超级管理员,则不过滤数据
|
if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) {
|
dataScopeFilter(joinPoint, controllerDataScope.deptAlias());
|
}
|
}
|
}
|
|
/**
|
* 数据范围过滤
|
*
|
* @param joinPoint 切点
|
* @param deptAlias 部门别名
|
*/
|
public static void dataScopeFilter(JoinPoint joinPoint, String deptAlias) {
|
StringBuilder sqlString = new StringBuilder();
|
List<String> conditions = new ArrayList<String>();
|
|
// 多角色情况下,所有角色都不包含传递过来的权限字符,这个时候sqlString也会为空,所以要限制一下,不查询任何数据
|
if (StringUtils.isEmpty(conditions)) {
|
sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
|
}
|
if (StringUtils.isNotBlank(sqlString.toString())) {
|
Object params = joinPoint.getArgs()[0];
|
if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
|
BaseEntity baseEntity = (BaseEntity) params;
|
baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
|
}
|
}
|
}
|
|
/**
|
* 拼接权限sql前先清空params.dataScope参数防止注入
|
*/
|
private void clearDataScope(final JoinPoint joinPoint) {
|
Object params = joinPoint.getArgs()[0];
|
if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
|
BaseEntity baseEntity = (BaseEntity) params;
|
baseEntity.getParams().put(DATA_SCOPE, "");
|
}
|
}
|
}
|
