mybatis拦截器权限注释处理

zd-modules/zd-security/src/main/java/com/zd/security/config/MybatisPlusConfig.java

@@ -22,7 +22,7 @@ public class MybatisPlusConfig {
     public MybatisPlusInterceptor mybatisPlusInterceptor() {
         MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
         //数据权限
-        interceptor.addInnerInterceptor(dataScopeInterceptor());
+        //interceptor.addInnerInterceptor(dataScopeInterceptor());
         //分页插件
         interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
         return interceptor;

zd-modules/zd-security/src/main/java/com/zd/security/controller/TestController.java

@@ -10,6 +10,7 @@ import com.zd.model.domain.ResultData;
 import com.zd.security.api.bo.CheckTestBo;
 import com.zd.security.entity.CheckTest;
 import com.zd.security.scope.DataPermission;
+import com.zd.security.scope.DataPermissionAspect;
 import com.zd.security.service.CheckTestService;
 import com.zd.security.util.PageUtil;
 import org.springframework.beans.BeanUtils;
@@ -25,6 +26,28 @@ public class TestController extends AbstractController {
     @Autowired
     private CheckTestService checkTestService;
 
+
+    @DataPermission(tableAlias = "m")
+    @Log(title = "安全服务-测试添加", businessType = BusinessType.INSERT)
+    @GetMapping(value = "/perms1")
+    public ResultData perms1(String str) {
+        //参数检查
+        List<Long> users = DataPermissionAspect.threadLocal.get(); // 获取数据
+        DataPermissionAspect.threadLocal.remove();
+
+        return ResultData.success();
+    }
+
+    @Log(title = "安全服务-测试添加", businessType = BusinessType.INSERT)
+    @GetMapping(value = "/perms2")
+    public ResultData perms2(String str) {
+        //参数检查
+        List<Long> users = DataPermissionAspect.threadLocal.get(); // 获取数据
+        DataPermissionAspect.threadLocal.remove();
+
+        return ResultData.success();
+    }
+
     /**
      * 添加数据
      * @param testBo

zd-modules/zd-security/src/main/java/com/zd/security/scope/DataPermissionAspect.java

@@ -4,7 +4,6 @@ package com.zd.security.scope;
 import com.baomidou.mybatisplus.extension.plugins.inner.InnerInterceptor;
 import com.zd.common.core.redis.RedisService;
 import com.zd.common.core.security.TokenService;
-import com.zd.common.core.utils.DateUtils;
 import com.zd.common.core.utils.ServletUtils;
 import com.zd.common.core.utils.SpringUtils;
 import com.zd.model.constant.BaseConstants;
@@ -27,9 +26,10 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
 import java.lang.reflect.Method;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Comparator;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
@@ -45,6 +45,9 @@ public class DataPermissionAspect implements InnerInterceptor {
     @Autowired
     private RemoteUserService remoteUserService;
 
+    //存储需要传递到Controller的数据
+    public static ThreadLocal<List<Long>> threadLocal = new ThreadLocal<>();
+
     // 配置织入点
     @Pointcut("@annotation(com.zd.security.scope.DataPermission)")
     public void dataPermissionPointCut() {
@@ -62,30 +65,62 @@ public class DataPermissionAspect implements InnerInterceptor {
             if (dataScope == null) {
                 return;
             }
-            long strap = DateUtils.getCurrentTimeMillisRound();
-            HttpSession session = request.getSession();
-            session.setMaxInactiveInterval(30*60);
-            log.info("【数据权限】切面拦截注解获取注解信息：key = {}, dataScope = {}", loginUser.getToken()+"_"+strap+"_"+loginUser.getUserId(), dataScope);
-            session.setAttribute(loginUser.getToken()+"_"+strap+"_"+loginUser.getUserId(),dataScope);
-
-            String key = loginUser.getToken() + "_" + loginUser.getDeptId();
-            if (session.getAttribute(key) == null) {
-                SysDeptUser deptUser = getDeptUser(loginUser.getDeptId());
-                session.setAttribute(loginUser.getToken() + "_" + loginUser.getDeptId(), deptUser);
+
+            //检查排除的角色项
+            String[] arr = dataScope.exclusions();
+            List<LoginRole> useRoles = null;
+            if (arr != null && arr.length > 0) {
+                List<String> list = Arrays.asList(arr);
+                useRoles = loginUser.getRoles().stream().filter(r -> !list.contains(r.getRoleKey())).collect(Collectors.toList());
+            } else {
+                useRoles = loginUser.getRoles();
+            }
+
+            Long roleId = null;
+            Integer scope = DataPermissionEnum.DATA_SCOPE_ALL.getType();
+            //检查指定的角色项
+            String roleKey = dataScope.roleKey();
+            if (useRoles != null && !useRoles.isEmpty()) {
+                if (!"".equals(roleKey)) {
+                    List<LoginRole> roles = useRoles.stream().filter(r -> roleKey.equals(r.getRoleKey())).collect(Collectors.toList());
+                    if (roles != null && !roles.isEmpty()) {
+                        roleId = roles.get(0).getRoleId();
+                        scope = roles.get(0).getDataScope();
+                    }
+                }
+                if (roleId == null) {
+                    List<LoginRole> roles = useRoles.stream().sorted(Comparator.comparing(LoginRole::getDataScope)).collect(Collectors.toList());
+                    roleId = roles.get(0).getRoleId();
+                    scope = roles.get(0).getDataScope();
+                }
             }
-            if (loginUser.getRoles() != null && loginUser.getRoles().size() > 0) {
-                String[] arr = dataScope.exclusions();
-                if (arr != null && arr.length > 0) {
-                    List<String> list = Arrays.asList(arr);
-                    List<LoginRole> roles = loginUser.getRoles().stream().filter(r -> !list.contains(r.getRoleKey())).collect(Collectors.toList());
-                    for (LoginRole role: roles) {
-                        if (role.getDataScope() == DataPermissionEnum.DATA_SCOPE_CUSTOM.getType()) {
-                            List<Long> userIds = getCustomRoleUserIds(role.getRoleId(),role.getDataScopeDept());
-                            session.setAttribute(loginUser.getToken() + "_" + role.getRoleId(), userIds);
-                        }
+            // 如果是超级管理员，则不过滤数据
+            List<Long> userIds = null;
+            if (!loginUser.isAdmin()) {
+                userIds = new ArrayList<>();
+                if (scope == null || DataPermissionEnum.DATA_SCOPE_ALL.getType() == scope) {
+                    //log.info("【数据权限】 所有权限或未分配，不处理");
+                } else if (DataPermissionEnum.DATA_SCOPE_DEPT.getType() == scope) {
+                    //log.info("【数据权限】 部门权限，查本部门数据");
+                    SysDeptUser deptUser = getDeptUser(loginUser.getDeptId());
+                    userIds.addAll(getPermissionUserIds(deptUser,Boolean.FALSE));
+                } else if (DataPermissionEnum.DATA_SCOPE_DEPT_AND_CHILD.getType() == scope) {
+                    //log.info("【数据权限】 部门及子部门权限，查本部门及下属部门数据");
+                    SysDeptUser deptUser = getDeptUser(loginUser.getDeptId());
+                    userIds.addAll(getPermissionUserIds(deptUser,Boolean.TRUE));
+                } else if (DataPermissionEnum.DATA_SCOPE_SELF.getType() == scope) {
+                    //log.info("【数据权限】 个人权限，只可查个人创建的数据");
+                    userIds.add(loginUser.getUserId());
+                } else if (DataPermissionEnum.DATA_SCOPE_CUSTOM.getType() == scope) {
+                    //log.info("【数据权限】 自定义，查自定义指定的部分数据");
+                    List<LoginRole> roles = loginUser.getRoles().stream().filter(r -> r.getDataScope().equals(DataPermissionEnum.DATA_SCOPE_CUSTOM.getType())).collect(Collectors.toList());
+                    if (roles != null && !roles.isEmpty()) {
+                        List<Long> ids = getCustomRoleUserIds(loginUser.getRoleId(),roles.get(0).getDataScopeDept());
+                        userIds.addAll(ids);
                     }
                 }
             }
+            threadLocal.set(userIds);
         }
     }
 
@@ -132,4 +167,21 @@ public class DataPermissionAspect implements InnerInterceptor {
         }
         return users;
     }
+
+    /**
+     * 拼装本部门/本部门及以下 对应用户id
+     * @param deptUser
+     * @param needChildDept
+     * @return
+     */
+    private List<Long> getPermissionUserIds(SysDeptUser deptUser, Boolean needChildDept) {
+        List<Long> userIds = deptUser.getDeptUserIds();
+        if (needChildDept != null && needChildDept) {
+            SysDeptUser childUsers = deptUser.getChildDeptUser();
+            if (childUsers != null) {
+                userIds.addAll(childUsers.getDeptUserIds());
+            }
+        }
+        return userIds;
+    }
 }