Search in sources :

Example 1 with BaseEntity

use of com.ruoyi.framework.web.domain.BaseEntity in project RuoYi-Vue-Oracle by yangzongzhuan.

the class DataScopeAspect method dataScopeFilter.

/**
 * 数据范围过滤
 *
 * @param joinPoint 切点
 * @param user 用户
 * @param deptAlias 部门别名
 * @param userAlias 用户别名
 */
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias) {
    StringBuilder sqlString = new StringBuilder();
    for (SysRole role : user.getRoles()) {
        String dataScope = role.getDataScope();
        if (DATA_SCOPE_ALL.equals(dataScope)) {
            sqlString = new StringBuilder();
            break;
        } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) {
            sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
        } else if (DATA_SCOPE_DEPT.equals(dataScope)) {
            sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
        } else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
            sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or FIND_IN_SET ( {} ,ancestors ) <> 0 )", deptAlias, user.getDeptId(), user.getDeptId()));
        } else if (DATA_SCOPE_SELF.equals(dataScope)) {
            if (StringUtils.isNotBlank(userAlias)) {
                sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
            } else {
                // 数据权限为仅本人且没有userAlias别名不查询任何数据
                sqlString.append(" OR 1=0 ");
            }
        }
    }
    if (StringUtils.isNotBlank(sqlString.toString())) {
        Object params = joinPoint.getArgs()[0];
        if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
            BaseEntity baseEntity = (BaseEntity) params;
            baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
        }
    }
}
Also used : SysRole(com.ruoyi.project.system.domain.SysRole) BaseEntity(com.ruoyi.framework.web.domain.BaseEntity)

Example 2 with BaseEntity

use of com.ruoyi.framework.web.domain.BaseEntity in project RuoYi-Vue-fast by yangzongzhuan.

the class DataScopeAspect method dataScopeFilter.

/**
 * 数据范围过滤
 *
 * @param joinPoint 切点
 * @param user 用户
 * @param userAlias 别名
 */
public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias) {
    StringBuilder sqlString = new StringBuilder();
    for (SysRole role : user.getRoles()) {
        String dataScope = role.getDataScope();
        if (DATA_SCOPE_ALL.equals(dataScope)) {
            sqlString = new StringBuilder();
            break;
        } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) {
            sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
        } else if (DATA_SCOPE_DEPT.equals(dataScope)) {
            sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
        } else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
            sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId()));
        } else if (DATA_SCOPE_SELF.equals(dataScope)) {
            if (StringUtils.isNotBlank(userAlias)) {
                sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
            } else {
                // 数据权限为仅本人且没有userAlias别名不查询任何数据
                sqlString.append(" OR 1=0 ");
            }
        }
    }
    if (StringUtils.isNotBlank(sqlString.toString())) {
        Object params = joinPoint.getArgs()[0];
        if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
            BaseEntity baseEntity = (BaseEntity) params;
            baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
        }
    }
}
Also used : SysRole(com.ruoyi.project.system.domain.SysRole) BaseEntity(com.ruoyi.framework.web.domain.BaseEntity)

Example 3 with BaseEntity

use of com.ruoyi.framework.web.domain.BaseEntity in project RuoYi-Vue-Oracle by yangzongzhuan.

the class DataScopeAspect method clearDataScope.

/**
 * 拼接权限sql前先清空params.dataScope参数防止注入
 */
private void clearDataScope(final JoinPoint joinPoint) {
    Object params = joinPoint.getArgs()[0];
    if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
        BaseEntity baseEntity = (BaseEntity) params;
        baseEntity.getParams().put(DATA_SCOPE, "");
    }
}
Also used : BaseEntity(com.ruoyi.framework.web.domain.BaseEntity)

Example 4 with BaseEntity

use of com.ruoyi.framework.web.domain.BaseEntity in project RuoYi-Vue-fast by yangzongzhuan.

the class DataScopeAspect method clearDataScope.

/**
 * 拼接权限sql前先清空params.dataScope参数防止注入
 */
private void clearDataScope(final JoinPoint joinPoint) {
    Object params = joinPoint.getArgs()[0];
    if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
        BaseEntity baseEntity = (BaseEntity) params;
        baseEntity.getParams().put(DATA_SCOPE, "");
    }
}
Also used : BaseEntity(com.ruoyi.framework.web.domain.BaseEntity)

Aggregations

BaseEntity (com.ruoyi.framework.web.domain.BaseEntity)4 SysRole (com.ruoyi.project.system.domain.SysRole)2