Springboot+mybatis-plus+注解實現數據權限隔離
當此注解打在類上,不需要傳參,該類下所有查詢接口開啟數據隔離;打在方法上默認開啟數據隔離,傳參為false則該方法關閉驗證
/** * 數據權限驗證注解 * @author xiaohua * @date 2021/6/23 */@Documented@Target({METHOD, ANNOTATION_TYPE, TYPE})@Retention(RUNTIME)public @interface DataPermission { /** * 是否要進行數據權限隔離 */ boolean isPermi() default true;}2. 具體實現
@Component@Intercepts({@Signature(type = StatementHandler.class, method = 'prepare', args = {Connection.class, Integer.class})})public class DataPermissionInterceptor implements Interceptor { private static final Logger logger = LoggerFactory.getLogger(DataPermissionInterceptor.class); @Autowired private TokenService tokenService; //掃描的包路徑(根據自己的項目路徑來),這里是取的配置里的包路徑 @Value('${permission.package-path}') private String packagePath; private final static String DEPT_ID = 'dept_id'; private final static String USER_ID = 'create_user'; private static List<String> classNames; @Override public Object intercept(Invocation invocation) throws Throwable {try { LoginInfo user = tokenService.getLoginInfo(); if (user == null){return invocation.proceed(); } List<Long> deptIds = (List<Long>) Convert.toList(user.getDataScope()); if (deptIds == null){deptIds = new ArrayList<>(); } //反射掃包會比較慢,這里做了個懶加載 if (classNames == null) {synchronized (LazyInit.class){ if (classNames == null){//掃描指定包路徑下所有包含指定注解的類Set<Class<?>> classSet = ClassUtil.scanPackageByAnnotation(packagePath, DataPermission.class);if (classSet == null && classSet.size() == 0){ classNames = new ArrayList<>();} else { //取得類全名 classNames = classSet.stream().map(Class::getName).collect(Collectors.toList());} }} } // 拿到mybatis的一些對象 StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget()); MetaObject metaObject = SystemMetaObject.forObject(statementHandler); MappedStatement mappedStatement = (MappedStatement) metaObject.getValue('delegate.mappedStatement'); // mappedStatement.getId()為執行的mapper方法的全路徑名,newId為執行的mapper方法的類全名 String newId = mappedStatement.getId().substring(0, mappedStatement.getId().lastIndexOf('.')); // 如果不是指定的方法,直接結束攔截 if (!classNames.contains(newId)) {return invocation.proceed(); } String newName = mappedStatement.getId().substring(mappedStatement.getId().lastIndexOf('.') + 1, mappedStatement.getId().length()); //是否開啟數據權限 boolean isPermi = true; Class<?> clazz = Class.forName(newId); //遍歷方法 for (Method method : clazz.getDeclaredMethods()) {//方法是否含有DataPermission注解,如果含有注解則將數據結果過濾if (method.isAnnotationPresent(DataPermission.class) && newName.equals(method.getName())) { DataPermission dataPermission = method.getAnnotation(DataPermission.class); if (dataPermission != null) {//不驗證if (!dataPermission.isPermi()) { isPermi = false;} else { //開啟驗證 isPermi = true;} }} } if (isPermi){// 獲取到原始sql語句String sql = statementHandler.getBoundSql().getSql();// 解析并返回新的SQL語句,只處理查詢sqlif (mappedStatement.getSqlCommandType().toString().equals('SELECT')) { // String newSql = getNewSql(sql,deptIds,user.getUserId()); sql = getSql(sql,deptIds,user.getUserId());}// 修改sqlmetaObject.setValue('delegate.boundSql.sql', sql); } return invocation.proceed();} catch (Exception e){ logger.error('數據權限隔離異常:', e); return invocation.proceed();} } /** * 解析SQL語句,并返回新的SQL語句 * 注意,該方法使用了JSqlParser來操作SQL,該依賴包Mybatis-plus已經集成了。如果要單獨使用,請先自行導入依賴 * * @param sql 原SQL * @return 新SQL */ private String getSql(String sql,List<Long> deptIds,Long userId) {try { String condition = ''; String permissionSql = '('; if (deptIds.size() > 0){for (Long deptId : deptIds) { if ('('.equals(permissionSql)){permissionSql = permissionSql + deptId; } else {permissionSql = permissionSql + ',' + deptId; }}permissionSql = permissionSql + ')';// 修改原語句condition = DEPT_ID +' in ' + permissionSql; } else {condition = USER_ID +' = ' + userId; } if (StringUtils.isBlank(condition)){return sql; } Select select = (Select)CCJSqlParserUtil.parse(sql); PlainSelect plainSelect = (PlainSelect)select.getSelectBody(); //取得原SQL的where條件 final Expression expression = plainSelect.getWhere(); //增加新的where條件 final Expression envCondition = CCJSqlParserUtil.parseCondExpression(condition); if (expression == null) {plainSelect.setWhere(envCondition); } else {AndExpression andExpression = new AndExpression(expression, envCondition);plainSelect.setWhere(andExpression); } return plainSelect.toString();} catch (JSQLParserException e) { logger.error('解析原SQL并構建新SQL錯誤:' + e); return sql;} }
到此這篇關于Springboot+mybatis-plus+注解實現數據權限隔離的文章就介紹到這了,更多相關Springboot+mybatis-plus+注解實現數據權限隔離內容請搜索好吧啦網以前的文章或繼續瀏覽下面的相關文章希望大家以后多多支持好吧啦網!
相關文章:
1. Spring security 自定義過濾器實現Json參數傳遞并兼容表單參數(實例代碼)2. docker /var/lib/docker/aufs/mnt 目錄清理方法3. JAMon(Java Application Monitor)備忘記4. Python OpenCV去除字母后面的雜線操作5. 在Mac中配置Python虛擬環境過程解析6. IntelliJ IDEA設置默認瀏覽器的方法7. IntelliJ IDEA設置背景圖片的方法步驟8. Python TestSuite生成測試報告過程解析9. Python 的 __str__ 和 __repr__ 方法對比10. Java類加載機制實現步驟解析
網公網安備