/**
* 数据范围过滤
*
* @param user 当前用户对象,通过“entity.getCurrentUser()”获取
* @param officeAlias 机构表别名,多个用“,”逗号隔开。
* @param userAlias 用户表别名,多个用“,”逗号隔开,传递空,忽略此参数
* @return 标准连接条件对象
*/
public static String dataScopeFilter(User user, String officeAlias, String userAlias) {
StringBuilder sqlString = new StringBuilder();
// 进行权限过滤,多个角色权限范围之间为或者关系。
List<String> dataScope = Lists.newArrayList();
// 超级管理员,跳过权限过滤
if (!user.isAdmin()) {
boolean isDataScopeAll = false;
for (Role r : user.getRoleList()) {
for (String oa : StringUtils.split(officeAlias, ",")) {
if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(oa)) {
if (Role.DATA_SCOPE_ALL.equals(r.getDataScope())) {
isDataScopeAll = true;
} else if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(r.getDataScope())) {
sqlString.append(" OR " + oa + ".id = '" + user.getCompany().getId() + "'");
sqlString.append(
" OR "
+ oa
+ ".parent_ids LIKE '"
+ user.getCompany().getParentIds()
+ user.getCompany().getId()
+ ",%'");
} else if (Role.DATA_SCOPE_COMPANY.equals(r.getDataScope())) {
sqlString.append(" OR " + oa + ".id = '" + user.getCompany().getId() + "'");
// 包括本公司下的部门 (type=1:公司;type=2:部门)
sqlString.append(
" OR ("
+ oa
+ ".parent_id = '"
+ user.getCompany().getId()
+ "' AND "
+ oa
+ ".type = '2')");
} else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(r.getDataScope())) {
sqlString.append(" OR " + oa + ".id = '" + user.getOffice().getId() + "'");
sqlString.append(
" OR "
+ oa
+ ".parent_ids LIKE '"
+ user.getOffice().getParentIds()
+ user.getOffice().getId()
+ ",%'");
} else if (Role.DATA_SCOPE_OFFICE.equals(r.getDataScope())) {
sqlString.append(" OR " + oa + ".id = '" + user.getOffice().getId() + "'");
} else if (Role.DATA_SCOPE_CUSTOM.equals(r.getDataScope())) {
// String officeIds = StringUtils.join(r.getOfficeIdList(), "','");
// if (StringUtils.isNotEmpty(officeIds)){
// sqlString.append(" OR " + oa + ".id IN ('" + officeIds + "')");
// }
sqlString.append(
" OR EXISTS (SELECT 1 FROM sys_role_office WHERE role_id = '" + r.getId() + "'");
sqlString.append(" AND office_id = " + oa + ".id)");
}
// else if (Role.DATA_SCOPE_SELF.equals(r.getDataScope())){
dataScope.add(r.getDataScope());
}
}
}
// 如果没有全部数据权限,并设置了用户别名,则当前权限为本人;如果未设置别名,当前无权限为已植入权限
if (!isDataScopeAll) {
if (StringUtils.isNotBlank(userAlias)) {
for (String ua : StringUtils.split(userAlias, ",")) {
sqlString.append(" OR " + ua + ".id = '" + user.getId() + "'");
}
} else {
for (String oa : StringUtils.split(officeAlias, ",")) {
// sqlString.append(" OR " + oa + ".id = " + user.getOffice().getId());
sqlString.append(" OR " + oa + ".id IS NULL");
}
}
} else {
// 如果包含全部权限,则去掉之前添加的所有条件,并跳出循环。
sqlString = new StringBuilder();
}
}
if (StringUtils.isNotBlank(sqlString.toString())) {
return " AND (" + sqlString.substring(4) + ")";
}
return "";
}
/**
* 数据范围过滤(符合业务表字段不同的时候使用,采用exists方法)
*
* @param entity 当前过滤的实体类
* @param sqlMapKey sqlMap的键值,例如设置“dsf”时,调用方法:${sqlMap.sdf}
* @param officeWheres office表条件,组成:部门表字段=业务表的部门字段
* @param userWheres user表条件,组成:用户表字段=业务表的用户字段
* @example dataScopeFilter(user, "dsf", "id=a.office_id", "id=a.create_by");
* dataScopeFilter(entity, "dsf", "code=a.jgdm", "no=a.cjr"); //
* 适应于业务表关联不同字段时使用,如果关联的不是机构id是code。
*/
public static void dataScopeFilter(
BaseEntity<?> entity, String sqlMapKey, String officeWheres, String userWheres) {
User user = entity.getCurrentUser();
// 如果是超级管理员,则不过滤数据
if (user.isAdmin()) {
return;
}
// 数据范围(1:所有数据;2:所在公司及以下数据;3:所在公司数据;4:所在部门及以下数据;5:所在部门数据;8:仅本人数据;9:按明细设置)
StringBuilder sqlString = new StringBuilder();
// 获取到最大的数据权限范围
String roleId = "";
int dataScopeInteger = 8;
for (Role r : user.getRoleList()) {
int ds = Integer.valueOf(r.getDataScope());
if (ds == 9) {
roleId = r.getId();
dataScopeInteger = ds;
break;
} else if (ds < dataScopeInteger) {
roleId = r.getId();
dataScopeInteger = ds;
}
}
String dataScopeString = String.valueOf(dataScopeInteger);
// 生成部门权限SQL语句
for (String where : StringUtils.split(officeWheres, ",")) {
if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(dataScopeString)) {
// 包括本公司下的部门 (type=1:公司;type=2:部门)
sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
sqlString.append(" WHERE type='2'");
sqlString.append(" AND (id = '" + user.getCompany().getId() + "'");
sqlString.append(
" OR parent_ids LIKE '"
+ user.getCompany().getParentIds()
+ user.getCompany().getId()
+ ",%')");
sqlString.append(" AND " + where + ")");
} else if (Role.DATA_SCOPE_COMPANY.equals(dataScopeString)) {
sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
sqlString.append(" WHERE type='2'");
sqlString.append(" AND id = '" + user.getCompany().getId() + "'");
sqlString.append(" AND " + where + ")");
} else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(dataScopeString)) {
sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
sqlString.append(" WHERE (id = '" + user.getOffice().getId() + "'");
sqlString.append(
" OR parent_ids LIKE '"
+ user.getOffice().getParentIds()
+ user.getOffice().getId()
+ ",%')");
sqlString.append(" AND " + where + ")");
} else if (Role.DATA_SCOPE_OFFICE.equals(dataScopeString)) {
sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
sqlString.append(" WHERE id = '" + user.getOffice().getId() + "'");
sqlString.append(" AND " + where + ")");
} else if (Role.DATA_SCOPE_CUSTOM.equals(dataScopeString)) {
sqlString.append(" AND EXISTS (SELECT 1 FROM sys_role_office ro123456, sys_office o123456");
sqlString.append(" WHERE ro123456.office_id = o123456.id");
sqlString.append(" AND ro123456.role_id = '" + roleId + "'");
sqlString.append(" AND o123456." + where + ")");
}
}
// 生成个人权限SQL语句
for (String where : StringUtils.split(userWheres, ",")) {
if (Role.DATA_SCOPE_SELF.equals(dataScopeString)) {
sqlString.append(" AND EXISTS (SELECT 1 FROM sys_user");
sqlString.append(" WHERE id='" + user.getId() + "'");
sqlString.append(" AND " + where + ")");
}
}
// System.out.println("dataScopeFilter: " + sqlString.toString());
// 设置到自定义SQL对象
entity.getSqlMap().put(sqlMapKey, sqlString.toString());
}
