权限sql拼装优化

zd-modules/zd-security/src/main/java/com/zd/security/controller/CheckManageController.java

@@ -19,6 +19,7 @@ import com.zd.security.api.vo.CheckHazardInfoVo;
 import com.zd.security.api.vo.CheckManageListVo;
 import com.zd.security.api.vo.CheckManageVo;
 import com.zd.security.entity.*;
+import com.zd.security.scope.DataPermissionAspect;
 import com.zd.security.service.*;
 import com.zd.security.service.impl.WordService;
 import com.zd.system.api.feign.RemoteUserService;
@@ -304,7 +305,12 @@ public class CheckManageController extends AbstractController {
                     sb.append(" OR sub_id in (").append(subIds).append(") ");
                 }
             }
-            sb.append(" OR 1=1 ) ");
+            List<Long> users = DataPermissionAspect.threadLocal.get();
+            DataPermissionAspect.threadLocal.remove();
+            if(CollectionUtil.isNotEmpty(users)){
+                String userStr = users.stream().map(a->a.toString()).collect(Collectors.joining(","));
+                sb.append(" or create_by in(" + userStr + "))");
+            }
         }
         queryWrapper.apply(sb.toString());
         queryWrapper.orderByDesc(CheckManage::getId);

zd-modules/zd-security/src/main/java/com/zd/security/controller/CheckPlanController.java

@@ -201,11 +201,12 @@ public class CheckPlanController extends AbstractController {
             sql.append(" ( create_by = ").append(getCurrentUserId()).append(" ) ");
         }
         //参数检查
-        List<Long> users = DataPermissionAspect.threadLocal.get(); // 获取数据
+        List<Long> users = DataPermissionAspect.threadLocal.get();
+        DataPermissionAspect.threadLocal.remove();
         if(Objects.nonNull(queryCheckPlanListParam.getMyRelated()) && queryCheckPlanListParam.getMyRelated() != 1){
             if(CollectionUtil.isNotEmpty(users)){
                 String userStr = users.stream().map(a->a.toString()).collect(Collectors.joining(","));
-                sql.append(" ( create_by = ").append(getCurrentUserId()).append(" or create_by in("+userStr+"))");
+                sql.append(" ( create_by = ").append(getCurrentUserId()).append(" or create_by in ("+userStr+"))");
             }else{
                 sql.append(" ( create_by = ").append(getCurrentUserId()).append(")");
             }
@@ -240,7 +241,7 @@ public class CheckPlanController extends AbstractController {
      **/
     @ApiOperation("小程序获取检查计划列表（分页）")
     //@DataPermission(permissionStr = PerPrefix.SECURITY_CHECK_PLAN)
-    @DataPermission(roleKey="checkGentle", tableAlias="*")
+    //@DataPermission(roleKey="checkGentle", tableAlias="*")
     @PostMapping(value = "/appList")
     public ResultData appList(@RequestBody QueryCheckPlanListParam queryCheckPlanListParam) {
         queryCheckPlanListParam.setMyRelated(1);
@@ -270,8 +271,15 @@ public class CheckPlanController extends AbstractController {
         if(Objects.nonNull(queryCheckPlanListParam.getMyRelated()) && queryCheckPlanListParam.getMyRelated() == 1){
             sql.append(" ( create_by = ").append(getCurrentUserId()).append(" ) ");
         }
+        List<Long> users = DataPermissionAspect.threadLocal.get();
+        DataPermissionAspect.threadLocal.remove();
         if(Objects.nonNull(queryCheckPlanListParam.getMyRelated()) && queryCheckPlanListParam.getMyRelated() != 1){
-            sql.append(" ( create_by = ").append(getCurrentUserId()).append(" OR 1=1 )");
+            if(CollectionUtil.isNotEmpty(users)){
+                String userStr = users.stream().map(a->a.toString()).collect(Collectors.joining(","));
+                sql.append(" ( create_by = ").append(getCurrentUserId()).append(" or create_by in (" + userStr + "))");
+            }else{
+                sql.append(" ( create_by = ").append(getCurrentUserId()).append(")");
+            }
         }
         queryWrapper.apply(sql.toString());
         queryWrapper.orderByDesc(CheckPlan::getId);