From 1e2393c1c5e3ee1e1a55c22f90f973a7f293c8ff Mon Sep 17 00:00:00 2001 From: TanJ Date: Mon, 3 Jun 2024 16:41:27 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=95=B0=E6=8D=AE=E6=9D=83?= =?UTF-8?q?=E9=99=90SDK?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- axzo-common-data-permission/pom.xml | 33 ++ .../annotation/DataPermission.java | 17 + .../aop/DataPermissionFilter.java | 16 + .../aop/DataPermissionMybatisInterceptor.java | 325 ++++++++++++++++++ .../config/DataPermissionConfig.java | 42 +++ .../context/DataPermissionContextFactory.java | 30 ++ .../context/DataPermissionContextHolder.java | 40 +++ .../rule/DataPermissionDefaultRule.java | 168 +++++++++ .../rule/DataPermissionRule.java | 20 ++ .../main/resources/META-INF/spring.factories | 2 + pom.xml | 1 + 11 files changed, 694 insertions(+) create mode 100644 axzo-common-data-permission/pom.xml create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/annotation/DataPermission.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionFilter.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionMybatisInterceptor.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/config/DataPermissionConfig.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextFactory.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextHolder.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionDefaultRule.java create mode 100644 axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionRule.java create mode 100644 axzo-common-data-permission/src/main/resources/META-INF/spring.factories diff --git a/axzo-common-data-permission/pom.xml b/axzo-common-data-permission/pom.xml new file mode 100644 index 0000000..34ef42b --- /dev/null +++ b/axzo-common-data-permission/pom.xml @@ -0,0 +1,33 @@ + + + 4.0.0 + + cn.axzo.framework + axzo-framework-commons + 1.0.0-SNAPSHOT + + + axzo-common-data-permission + + + 8 + 8 + UTF-8 + + + + + com.baomidou + mybatis-plus-boot-starter + provided + + + cn.axzo.karma + karma-api + 2.0.0-SNAPSHOT + + + + \ No newline at end of file diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/annotation/DataPermission.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/annotation/DataPermission.java new file mode 100644 index 0000000..75b322e --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/annotation/DataPermission.java @@ -0,0 +1,17 @@ +package cn.axzo.framework.datapermission.annotation; + +import cn.axzo.framework.datapermission.rule.DataPermissionRule; + +/** + * 数据权限注解 + * @author tanjie@axzo.cn + * @date 2024/5/30 17:57 + */ +public @interface DataPermission { + boolean enable() default false; + + Class[] includeRule() default {}; + + String bizCode() default ""; + +} diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionFilter.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionFilter.java new file mode 100644 index 0000000..ee41cad --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionFilter.java @@ -0,0 +1,16 @@ +package cn.axzo.framework.datapermission.aop; + +import cn.axzo.framework.datapermission.annotation.DataPermission; +import cn.axzo.framework.datapermission.config.DataPermissionConfig; + +/** + * + * @author tanjie@axzo.cn + * @date 2024/5/31 16:37 + */ +public class DataPermissionFilter { + + // 拦截@DataPermission + // 设置DataPermissionContext + +} diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionMybatisInterceptor.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionMybatisInterceptor.java new file mode 100644 index 0000000..f579435 --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/aop/DataPermissionMybatisInterceptor.java @@ -0,0 +1,325 @@ +package cn.axzo.framework.datapermission.aop; + +import cn.axzo.framework.datapermission.annotation.DataPermission; +import cn.axzo.framework.datapermission.context.DataPermissionContextFactory; +import cn.axzo.framework.datapermission.context.DataPermissionContextHolder; +import cn.axzo.framework.datapermission.rule.DataPermissionRule; +import com.baomidou.mybatisplus.core.parser.SqlParserHelper; +import com.baomidou.mybatisplus.core.toolkit.CollectionUtils; +import com.baomidou.mybatisplus.core.toolkit.PluginUtils; +import com.baomidou.mybatisplus.extension.parser.JsqlParserSupport; +import com.baomidou.mybatisplus.extension.plugins.inner.InnerInterceptor; +import lombok.RequiredArgsConstructor; +import net.sf.jsqlparser.expression.BinaryExpression; +import net.sf.jsqlparser.expression.Expression; +import net.sf.jsqlparser.expression.NotExpression; +import net.sf.jsqlparser.expression.Parenthesis; +import net.sf.jsqlparser.expression.operators.conditional.AndExpression; +import net.sf.jsqlparser.expression.operators.conditional.OrExpression; +import net.sf.jsqlparser.expression.operators.relational.ExistsExpression; +import net.sf.jsqlparser.expression.operators.relational.InExpression; +import net.sf.jsqlparser.expression.operators.relational.ItemsList; +import net.sf.jsqlparser.schema.Table; +import net.sf.jsqlparser.statement.delete.Delete; +import net.sf.jsqlparser.statement.select.FromItem; +import net.sf.jsqlparser.statement.select.Join; +import net.sf.jsqlparser.statement.select.LateralSubSelect; +import net.sf.jsqlparser.statement.select.PlainSelect; +import net.sf.jsqlparser.statement.select.Select; +import net.sf.jsqlparser.statement.select.SelectBody; +import net.sf.jsqlparser.statement.select.SetOperationList; +import net.sf.jsqlparser.statement.select.SubJoin; +import net.sf.jsqlparser.statement.select.SubSelect; +import net.sf.jsqlparser.statement.select.ValuesList; +import net.sf.jsqlparser.statement.select.WithItem; +import net.sf.jsqlparser.statement.update.Update; +import org.apache.ibatis.executor.Executor; +import org.apache.ibatis.executor.statement.StatementHandler; +import org.apache.ibatis.mapping.BoundSql; +import org.apache.ibatis.mapping.MappedStatement; +import org.apache.ibatis.mapping.SqlCommandType; +import org.apache.ibatis.session.ResultHandler; +import org.apache.ibatis.session.RowBounds; + +import java.sql.Connection; +import java.sql.SQLException; +import java.util.List; +import java.util.Optional; + +/** + * 参考 #{@link com.baomidou.mybatisplus.extension.plugins.inner.TenantLineInnerInterceptor} + * @author tanjie@axzo.cn + * @date 2024/5/31 11:41 + */ +@RequiredArgsConstructor +public class DataPermissionMybatisInterceptor extends JsqlParserSupport implements InnerInterceptor { + + private final DataPermissionContextFactory dataPermissionContextFactory; + @Override + public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException { + if (!filter()) { + return; + } + PluginUtils.MPBoundSql mpBs = PluginUtils.mpBoundSql(boundSql); + mpBs.sql(parserSingle(mpBs.sql(), null)); + } + + @Override + public void beforePrepare(StatementHandler sh, Connection connection, Integer transactionTimeout) { + PluginUtils.MPStatementHandler mpSh = PluginUtils.mpStatementHandler(sh); + MappedStatement ms = mpSh.mappedStatement(); + SqlCommandType sct = ms.getSqlCommandType(); + // 不管insert + if (sct == SqlCommandType.UPDATE || sct == SqlCommandType.DELETE) { + if (!filter()) return; + if (SqlParserHelper.getSqlParserInfo(ms)) return; + PluginUtils.MPBoundSql mpBs = mpSh.mPBoundSql(); + mpBs.sql(parserMulti(mpBs.sql(), null)); + } + } + + @Override + protected void processSelect(Select select, int index, String sql, Object obj) { + processSelectBody(select.getSelectBody()); + List withItemsList = select.getWithItemsList(); + if (!CollectionUtils.isEmpty(withItemsList)) { + withItemsList.forEach(this::processSelectBody); + } + } + + protected void processSelectBody(SelectBody selectBody) { + if (selectBody == null) { + return; + } + if (selectBody instanceof PlainSelect) { + processPlainSelect((PlainSelect) selectBody); + } else if (selectBody instanceof WithItem) { + WithItem withItem = (WithItem) selectBody; + processSelectBody(withItem.getSelectBody()); + } else { + SetOperationList operationList = (SetOperationList) selectBody; + if (operationList.getSelects() != null && operationList.getSelects().size() > 0) { + operationList.getSelects().forEach(this::processSelectBody); + } + } + } + + + /** + * update 语句处理 + */ + @Override + protected void processUpdate(Update update, int index, String sql, Object obj) { + final Table table = update.getTable(); + if (!filter()) { + // 过滤退出执行 + return; + } + update.setWhere(this.andExpression(table, update.getWhere())); + } + + /** + * delete 语句处理 + */ + @Override + protected void processDelete(Delete delete, int index, String sql, Object obj) { + if (!filter()) { + // 过滤退出执行 + return; + } + delete.setWhere(this.andExpression(delete.getTable(), delete.getWhere())); + } + + /** + * delete update 语句 where 处理 + */ + protected Expression andExpression(Table table, Expression where) { + + + DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get(); + DataPermission dataPermission = dataPermissionContext.getDataPermission(); + List byDataPermission = dataPermissionContextFactory.getRuleByDataPermission(dataPermission); + Optional first = byDataPermission.stream().filter(rule -> rule.getTableName().contains(table.getName())).findFirst(); + if (!first.isPresent()) { + return where; + } + DataPermissionRule dataPermissionRule = first.get(); + Expression ruleExpression = dataPermissionRule.getExpression(table.getName(), table.getAlias()); + + if (null != where) { + if (where instanceof OrExpression) { + return new AndExpression(ruleExpression, new Parenthesis(where)); + } else { + return new AndExpression(ruleExpression, where); + } + } + return ruleExpression; + } + + + + + + /** + * 处理 PlainSelect + */ + protected void processPlainSelect(PlainSelect plainSelect) { + FromItem fromItem = plainSelect.getFromItem(); + Expression where = plainSelect.getWhere(); + processWhereSubSelect(where); + if (fromItem instanceof Table) { + Table fromTable = (Table) fromItem; + if (filter()) { + //#1186 github + plainSelect.setWhere(builderExpression(where, fromTable)); + } + } else { + processFromItem(fromItem); + } + List joins = plainSelect.getJoins(); + if (joins != null && joins.size() > 0) { + joins.forEach(j -> { + processJoin(j); + processFromItem(j.getRightItem()); + }); + } + } + + /** + * 处理where条件内的子查询 + *

+ * 支持如下: + * 1. in + * 2. = + * 3. > + * 4. < + * 5. >= + * 6. <= + * 7. <> + * 8. EXISTS + * 9. NOT EXISTS + *

+ * 前提条件: + * 1. 子查询必须放在小括号中 + * 2. 子查询一般放在比较操作符的右边 + * + * @param where where 条件 + */ + protected void processWhereSubSelect(Expression where) { + if (where == null) { + return; + } + if (where instanceof FromItem) { + processFromItem((FromItem) where); + return; + } + if (where.toString().indexOf("SELECT") > 0) { + // 有子查询 + if (where instanceof BinaryExpression) { + // 比较符号 , and , or , 等等 + BinaryExpression expression = (BinaryExpression) where; + processWhereSubSelect(expression.getLeftExpression()); + processWhereSubSelect(expression.getRightExpression()); + } else if (where instanceof InExpression) { + // in + InExpression expression = (InExpression) where; + ItemsList itemsList = expression.getRightItemsList(); + if (itemsList instanceof SubSelect) { + processSelectBody(((SubSelect) itemsList).getSelectBody()); + } + } else if (where instanceof ExistsExpression) { + // exists + ExistsExpression expression = (ExistsExpression) where; + processWhereSubSelect(expression.getRightExpression()); + } else if (where instanceof NotExpression) { + // not exists + NotExpression expression = (NotExpression) where; + processWhereSubSelect(expression.getExpression()); + } else if (where instanceof Parenthesis) { + Parenthesis expression = (Parenthesis) where; + processWhereSubSelect(expression.getExpression()); + } + } + } + + /** + * 处理子查询等 + */ + protected void processFromItem(FromItem fromItem) { + if (fromItem instanceof SubJoin) { + SubJoin subJoin = (SubJoin) fromItem; + if (subJoin.getJoinList() != null) { + subJoin.getJoinList().forEach(this::processJoin); + } + if (subJoin.getLeft() != null) { + processFromItem(subJoin.getLeft()); + } + } else if (fromItem instanceof SubSelect) { + SubSelect subSelect = (SubSelect) fromItem; + if (subSelect.getSelectBody() != null) { + processSelectBody(subSelect.getSelectBody()); + } + } else if (fromItem instanceof ValuesList) { + logger.debug("Perform a subquery, if you do not give us feedback"); + } else if (fromItem instanceof LateralSubSelect) { + LateralSubSelect lateralSubSelect = (LateralSubSelect) fromItem; + if (lateralSubSelect.getSubSelect() != null) { + SubSelect subSelect = lateralSubSelect.getSubSelect(); + if (subSelect.getSelectBody() != null) { + processSelectBody(subSelect.getSelectBody()); + } + } + } + } + + /** + * 处理联接语句 + */ + protected void processJoin(Join join) { + if (join.getRightItem() instanceof Table) { + Table fromTable = (Table) join.getRightItem(); + if (!filter()) { + // 过滤退出执行 + return; + } + join.setOnExpression(builderExpression(join.getOnExpression(), fromTable)); + } + } + + /** + * 处理条件 + */ + protected Expression builderExpression(Expression currentExpression, Table table) { + + DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get(); + DataPermission dataPermission = dataPermissionContext.getDataPermission(); + List byDataPermission = dataPermissionContextFactory.getRuleByDataPermission(dataPermission); + Optional first = byDataPermission.stream().filter(rule -> rule.getTableName().contains(table.getName())).findFirst(); + if (!first.isPresent()) { + return currentExpression; + } + DataPermissionRule dataPermissionRule = first.get(); + Expression ruleExpression = dataPermissionRule.getExpression(table.getName(), table.getAlias()); + if (currentExpression == null) { + return ruleExpression; + } + if (currentExpression instanceof OrExpression) { + return new AndExpression(new Parenthesis(currentExpression), ruleExpression); + } else { + return new AndExpression(currentExpression, ruleExpression); + } + } + + + + + private boolean filter() { + DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get(); + if (null == dataPermissionContext|| !dataPermissionContext.getDataPermission().enable()) { + return false; + } + + return true; + } + +} diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/config/DataPermissionConfig.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/config/DataPermissionConfig.java new file mode 100644 index 0000000..78c911f --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/config/DataPermissionConfig.java @@ -0,0 +1,42 @@ +package cn.axzo.framework.datapermission.config; + +import cn.axzo.framework.datapermission.aop.DataPermissionMybatisInterceptor; +import cn.axzo.framework.datapermission.context.DataPermissionContextFactory; +import cn.axzo.framework.datapermission.rule.DataPermissionDefaultRule; +import cn.axzo.framework.datapermission.rule.DataPermissionRule; +import cn.axzo.karma.client.feign.FlowSupportApi; +import cn.hutool.extra.spring.SpringUtil; +import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor; +import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; +import org.springframework.context.annotation.Bean; + +import java.net.DatagramSocketImplFactory; +import java.util.List; + +/** + * @author tanjie@axzo.cn + * @date 2024/5/31 16:34 + */ +@ConditionalOnBean(MybatisPlusInterceptor.class) +public class DataPermissionConfig { + + @Bean + public DataPermissionDefaultRule deptDataPermissionRule(FlowSupportApi permissionApi) { + // 创建 DeptDataPermissionRule 对象 + return new DataPermissionDefaultRule(permissionApi); + } + + @Bean + @ConditionalOnBean(MybatisPlusInterceptor.class) + public DataPermissionMybatisInterceptor mybatisDataPermissionInterceptor(MybatisPlusInterceptor mybatisPlusInterceptor, DataPermissionContextFactory dataPermissionContextFactory) { + DataPermissionMybatisInterceptor dataPermissionMybatisInterceptor = new DataPermissionMybatisInterceptor(dataPermissionContextFactory); + mybatisPlusInterceptor.addInnerInterceptor(dataPermissionMybatisInterceptor); + return dataPermissionMybatisInterceptor; + } + + + @Bean + public DataPermissionContextFactory dataPermissionRuleFactory(List rules) { + return new DataPermissionContextFactory(rules); + } +} diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextFactory.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextFactory.java new file mode 100644 index 0000000..6c1c7c2 --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextFactory.java @@ -0,0 +1,30 @@ +package cn.axzo.framework.datapermission.context; + +import cn.axzo.framework.datapermission.annotation.DataPermission; +import cn.axzo.framework.datapermission.rule.DataPermissionRule; +import lombok.AllArgsConstructor; + +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; + +/** + * @author tanjie@axzo.cn + * @date 2024/5/31 17:58 + */ +@AllArgsConstructor +public class DataPermissionContextFactory { + + List rules; + + + public List getRules() { + return rules; + } + + public List getRuleByDataPermission(DataPermission dataPermission) { + Class[] classes = dataPermission.includeRule(); + return rules.stream().filter(rule -> Arrays.stream(classes).anyMatch(e -> e.equals(rule.getClass()))).collect(Collectors.toList()); + } + +} diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextHolder.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextHolder.java new file mode 100644 index 0000000..af8919d --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/context/DataPermissionContextHolder.java @@ -0,0 +1,40 @@ +package cn.axzo.framework.datapermission.context; + +import cn.axzo.framework.datapermission.annotation.DataPermission; +import lombok.Data; + +/** + * 数据权限上下文 + * + * @author tanjie@axzo.cn + * @date 2024/5/31 11:42 + */ +public class DataPermissionContextHolder { + + private final static ThreadLocal DATA_PERMISSION_CONTEXT = new ThreadLocal<>(); + + + public static void setContext(DataPermissionContext dataPermission) { + DATA_PERMISSION_CONTEXT.set(dataPermission); + } + + + @Data + public static class DataPermissionContext { + private DataPermission dataPermission; + private Long ouId; + private Long workspaceId; + private Long personId; + } + + public static void remove() { + DATA_PERMISSION_CONTEXT.remove(); + } + + public static DataPermissionContext get() { + return DATA_PERMISSION_CONTEXT.get(); + } + + +} + diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionDefaultRule.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionDefaultRule.java new file mode 100644 index 0000000..089988a --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionDefaultRule.java @@ -0,0 +1,168 @@ +package cn.axzo.framework.datapermission.rule; + +import cn.axzo.karma.client.feign.FlowSupportApi; +import cn.hutool.core.collection.ListUtil; +import com.baomidou.mybatisplus.core.metadata.TableInfo; +import com.baomidou.mybatisplus.core.metadata.TableInfoHelper; +import com.baomidou.mybatisplus.core.toolkit.StringPool; +import com.baomidou.mybatisplus.extension.activerecord.Model; +import lombok.AllArgsConstructor; +import lombok.RequiredArgsConstructor; +import net.sf.jsqlparser.expression.Alias; +import net.sf.jsqlparser.expression.Expression; +import net.sf.jsqlparser.expression.LongValue; +import net.sf.jsqlparser.expression.NullValue; +import net.sf.jsqlparser.expression.Parenthesis; +import net.sf.jsqlparser.expression.operators.conditional.OrExpression; +import net.sf.jsqlparser.expression.operators.relational.ExpressionList; +import net.sf.jsqlparser.expression.operators.relational.InExpression; +import net.sf.jsqlparser.schema.Column; +import org.springframework.stereotype.Component; +import org.springframework.util.CollectionUtils; +import org.springframework.util.StringUtils; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; +import java.util.stream.Collectors; + +/** + * @author tanjie@axzo.cn + * @date 2024/5/30 18:35 + */ +@RequiredArgsConstructor +public class DataPermissionDefaultRule implements DataPermissionRule { + static final Expression EXPRESSION_NULL = new NullValue(); + + private static final String DEFAULT_PERSON = "person_id"; + private static final String DEFAULT_NODE = "organizational_node_id"; + /** + * key 表名 + * value 组织节点字段 + */ + protected final Map nodeTable = new ConcurrentHashMap<>(); + + /** + * key 表名 + * value personId字段 + */ + protected final Map personTable = new ConcurrentHashMap<>(); + + protected final Set tableName =new HashSet<>(); + + + //// TODO: 2024/6/3 查询数据权限的api + private final FlowSupportApi permissionApi; + + @Override + public Set getTableName() { + return tableName; + } + + @Override + public Expression getExpression(String tableName, Alias tableAlias) { + + // TODO: 2024/5/31 可访问的数据 @李龙 + List nodeIds = ListUtil.of(1L, 2L, 3L); + List personIds = ListUtil.of(110L, 223L); + + Expression deptExpression = buildExpression(tableName, tableAlias, nodeIds); + Expression userExpression = buildExpression(tableName, tableAlias, personIds); + if (deptExpression == null && userExpression == null) { + // 未获取到数据权限 返回NULL 不查询数据 + return EXPRESSION_NULL; + } + if (deptExpression == null) { + return userExpression; + } + if (userExpression == null) { + return deptExpression; + } + // 如果两个都有,用or WHERE (organizational_Node_id IN ? OR person_id in ?) + return new Parenthesis(new OrExpression(deptExpression, userExpression)); + + } + + + /** + * 构建查询条件 + * + * @param tableName + * @param tableAlias + * @param ids 可能是nodeids 也可以是personIds + * @return + */ + private Expression buildExpression(String tableName, Alias tableAlias, List ids) { + // 如果不存在配置,则无需作为条件 + String columnName = nodeTable.get(tableName); + if (!StringUtils.hasText(columnName)) { + return null; + } + if (CollectionUtils.isEmpty(ids)) { + return null; + } + // 拼接条件 + return new InExpression( + getColumn(tableAlias, columnName) + , new ExpressionList(ids.stream().map(LongValue::new).collect(Collectors.toList()))); + } + + + private Column getColumn(Alias tableAlias, String columnName) { + String result = tableAlias.getName() + StringPool.DOT + + columnName; + return new Column(result); + } + + /** + * 添加组织节点所对应的字段 + * + * @param entityClass 表所对应的entity + * @param columnName 字段名称 如:organizational_node_id + */ + public void addNodeColumn(Class> entityClass, String columnName) { + TableInfo tableInfo = TableInfoHelper.getTableInfo(entityClass); + if (null == tableInfo) { + return; + } + nodeTable.put(tableInfo.getTableName(), columnName); + tableName.add(tableInfo.getTableName()); + } + + /** + * 添加组织节点所对应的字段 字段默认使用organizational_node_id + * + * @param entityClass 表所对应的entity + */ + public void addNodeColumn(Class> entityClass) { + addNodeColumn(entityClass, DEFAULT_NODE); + } + + /** + * 添加personId所对应的字段 + * + * @param entityClass 表所对应的entity + * @param columnName 字段名称 如:person_id + */ + public void addPersonColumn(Class> entityClass, String columnName) { + TableInfo tableInfo = TableInfoHelper.getTableInfo(entityClass); + if (null == tableInfo) { + return; + } + personTable.put(tableInfo.getTableName(), columnName); + tableName.add(tableInfo.getTableName()); + } + + /** + * 字段默认使用person_id + * + * @param entityClass 表所对应的entity + */ + public void addPersonColumn(Class> entityClass) { + addPersonColumn(entityClass, DEFAULT_PERSON); + } +} diff --git a/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionRule.java b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionRule.java new file mode 100644 index 0000000..7a9ae2e --- /dev/null +++ b/axzo-common-data-permission/src/main/java/cn/axzo/framework/datapermission/rule/DataPermissionRule.java @@ -0,0 +1,20 @@ +package cn.axzo.framework.datapermission.rule; + +import com.baomidou.mybatisplus.extension.plugins.inner.TenantLineInnerInterceptor; +import net.sf.jsqlparser.expression.Alias; +import net.sf.jsqlparser.expression.Expression; + +import java.util.List; +import java.util.Set; + +/** + * @author tanjie@axzo.cn + * @date 2024/5/30 18:31 + */ +public interface DataPermissionRule { + + Set getTableName(); + + Expression getExpression(String tableName, Alias tableAlias); + +} diff --git a/axzo-common-data-permission/src/main/resources/META-INF/spring.factories b/axzo-common-data-permission/src/main/resources/META-INF/spring.factories new file mode 100644 index 0000000..296079e --- /dev/null +++ b/axzo-common-data-permission/src/main/resources/META-INF/spring.factories @@ -0,0 +1,2 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ +cn.axzo.framework.datapermission.config.DataPermissionConfig \ No newline at end of file diff --git a/pom.xml b/pom.xml index 0a8d372..705c95d 100644 --- a/pom.xml +++ b/pom.xml @@ -36,6 +36,7 @@ axzo-common-datas axzo-common-cache axzo-common-rocketmq + axzo-common-data-permission