/** * 数据范围过滤 * * @param user 当前用户对象,通过“entity.getCurrentUser()”获取 * @param officeAlias 机构表别名,多个用“,”逗号隔开。 * @param userAlias 用户表别名,多个用“,”逗号隔开,传递空,忽略此参数 * @return 标准连接条件对象 */ public static String dataScopeFilter(User user, String officeAlias, String userAlias) { StringBuilder sqlString = new StringBuilder(); // 进行权限过滤,多个角色权限范围之间为或者关系。 List<String> dataScope = Lists.newArrayList(); // 超级管理员,跳过权限过滤 if (!user.isAdmin()) { boolean isDataScopeAll = false; for (Role r : user.getRoleList()) { for (String oa : StringUtils.split(officeAlias, ",")) { if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(oa)) { if (Role.DATA_SCOPE_ALL.equals(r.getDataScope())) { isDataScopeAll = true; } else if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(r.getDataScope())) { sqlString.append(" OR " + oa + ".id = '" + user.getCompany().getId() + "'"); sqlString.append( " OR " + oa + ".parent_ids LIKE '" + user.getCompany().getParentIds() + user.getCompany().getId() + ",%'"); } else if (Role.DATA_SCOPE_COMPANY.equals(r.getDataScope())) { sqlString.append(" OR " + oa + ".id = '" + user.getCompany().getId() + "'"); // 包括本公司下的部门 (type=1:公司;type=2:部门) sqlString.append( " OR (" + oa + ".parent_id = '" + user.getCompany().getId() + "' AND " + oa + ".type = '2')"); } else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(r.getDataScope())) { sqlString.append(" OR " + oa + ".id = '" + user.getOffice().getId() + "'"); sqlString.append( " OR " + oa + ".parent_ids LIKE '" + user.getOffice().getParentIds() + user.getOffice().getId() + ",%'"); } else if (Role.DATA_SCOPE_OFFICE.equals(r.getDataScope())) { sqlString.append(" OR " + oa + ".id = '" + user.getOffice().getId() + "'"); } else if (Role.DATA_SCOPE_CUSTOM.equals(r.getDataScope())) { // String officeIds = StringUtils.join(r.getOfficeIdList(), "','"); // if (StringUtils.isNotEmpty(officeIds)){ // sqlString.append(" OR " + oa + ".id IN ('" + officeIds + "')"); // } sqlString.append( " OR EXISTS (SELECT 1 FROM sys_role_office WHERE role_id = '" + r.getId() + "'"); sqlString.append(" AND office_id = " + oa + ".id)"); } // else if (Role.DATA_SCOPE_SELF.equals(r.getDataScope())){ dataScope.add(r.getDataScope()); } } } // 如果没有全部数据权限,并设置了用户别名,则当前权限为本人;如果未设置别名,当前无权限为已植入权限 if (!isDataScopeAll) { if (StringUtils.isNotBlank(userAlias)) { for (String ua : StringUtils.split(userAlias, ",")) { sqlString.append(" OR " + ua + ".id = '" + user.getId() + "'"); } } else { for (String oa : StringUtils.split(officeAlias, ",")) { // sqlString.append(" OR " + oa + ".id = " + user.getOffice().getId()); sqlString.append(" OR " + oa + ".id IS NULL"); } } } else { // 如果包含全部权限,则去掉之前添加的所有条件,并跳出循环。 sqlString = new StringBuilder(); } } if (StringUtils.isNotBlank(sqlString.toString())) { return " AND (" + sqlString.substring(4) + ")"; } return ""; }
/** * 数据范围过滤(符合业务表字段不同的时候使用,采用exists方法) * * @param entity 当前过滤的实体类 * @param sqlMapKey sqlMap的键值,例如设置“dsf”时,调用方法:${sqlMap.sdf} * @param officeWheres office表条件,组成:部门表字段=业务表的部门字段 * @param userWheres user表条件,组成:用户表字段=业务表的用户字段 * @example dataScopeFilter(user, "dsf", "id=a.office_id", "id=a.create_by"); * dataScopeFilter(entity, "dsf", "code=a.jgdm", "no=a.cjr"); // * 适应于业务表关联不同字段时使用,如果关联的不是机构id是code。 */ public static void dataScopeFilter( BaseEntity<?> entity, String sqlMapKey, String officeWheres, String userWheres) { User user = entity.getCurrentUser(); // 如果是超级管理员,则不过滤数据 if (user.isAdmin()) { return; } // 数据范围(1:所有数据;2:所在公司及以下数据;3:所在公司数据;4:所在部门及以下数据;5:所在部门数据;8:仅本人数据;9:按明细设置) StringBuilder sqlString = new StringBuilder(); // 获取到最大的数据权限范围 String roleId = ""; int dataScopeInteger = 8; for (Role r : user.getRoleList()) { int ds = Integer.valueOf(r.getDataScope()); if (ds == 9) { roleId = r.getId(); dataScopeInteger = ds; break; } else if (ds < dataScopeInteger) { roleId = r.getId(); dataScopeInteger = ds; } } String dataScopeString = String.valueOf(dataScopeInteger); // 生成部门权限SQL语句 for (String where : StringUtils.split(officeWheres, ",")) { if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(dataScopeString)) { // 包括本公司下的部门 (type=1:公司;type=2:部门) sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE"); sqlString.append(" WHERE type='2'"); sqlString.append(" AND (id = '" + user.getCompany().getId() + "'"); sqlString.append( " OR parent_ids LIKE '" + user.getCompany().getParentIds() + user.getCompany().getId() + ",%')"); sqlString.append(" AND " + where + ")"); } else if (Role.DATA_SCOPE_COMPANY.equals(dataScopeString)) { sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE"); sqlString.append(" WHERE type='2'"); sqlString.append(" AND id = '" + user.getCompany().getId() + "'"); sqlString.append(" AND " + where + ")"); } else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(dataScopeString)) { sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE"); sqlString.append(" WHERE (id = '" + user.getOffice().getId() + "'"); sqlString.append( " OR parent_ids LIKE '" + user.getOffice().getParentIds() + user.getOffice().getId() + ",%')"); sqlString.append(" AND " + where + ")"); } else if (Role.DATA_SCOPE_OFFICE.equals(dataScopeString)) { sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE"); sqlString.append(" WHERE id = '" + user.getOffice().getId() + "'"); sqlString.append(" AND " + where + ")"); } else if (Role.DATA_SCOPE_CUSTOM.equals(dataScopeString)) { sqlString.append(" AND EXISTS (SELECT 1 FROM sys_role_office ro123456, sys_office o123456"); sqlString.append(" WHERE ro123456.office_id = o123456.id"); sqlString.append(" AND ro123456.role_id = '" + roleId + "'"); sqlString.append(" AND o123456." + where + ")"); } } // 生成个人权限SQL语句 for (String where : StringUtils.split(userWheres, ",")) { if (Role.DATA_SCOPE_SELF.equals(dataScopeString)) { sqlString.append(" AND EXISTS (SELECT 1 FROM sys_user"); sqlString.append(" WHERE id='" + user.getId() + "'"); sqlString.append(" AND " + where + ")"); } } // System.out.println("dataScopeFilter: " + sqlString.toString()); // 设置到自定义SQL对象 entity.getSqlMap().put(sqlMapKey, sqlString.toString()); }