feat:(REQ-2300) 把数据权限的注解分两个,一个预制数据,一个使用数据,方便拦截器做定制拦截
This commit is contained in:
lilong
parent
0198b16874
commit
f82f85f8fe
@ -1,7 +1,7 @@
|
||||
package cn.axzo.framework.datapermission.advice;
|
||||
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermission;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermissionPrepare;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionPrepareContextHolder;
|
||||
import cn.axzo.framework.datapermission.util.DPUtil;
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
@ -39,12 +39,12 @@ public class DataPermissionResponseBodyAdvice implements ResponseBodyAdvice<Obje
|
||||
|
||||
@Override
|
||||
public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
|
||||
DataPermission dataPermission = returnType.getDeclaringClass().getAnnotation(DataPermission.class);
|
||||
if (dataPermission != null) {
|
||||
return dataPermission.enable();
|
||||
DataPermissionPrepare dataPermissionPrepare = returnType.getDeclaringClass().getAnnotation(DataPermissionPrepare.class);
|
||||
if (dataPermissionPrepare != null) {
|
||||
return dataPermissionPrepare.enable();
|
||||
} else {
|
||||
dataPermission = returnType.getMethodAnnotation(DataPermission.class);
|
||||
return dataPermission != null && dataPermission.enable();
|
||||
dataPermissionPrepare = returnType.getMethodAnnotation(DataPermissionPrepare.class);
|
||||
return dataPermissionPrepare != null && dataPermissionPrepare.enable();
|
||||
}
|
||||
}
|
||||
|
||||
@ -64,7 +64,7 @@ public class DataPermissionResponseBodyAdvice implements ResponseBodyAdvice<Obje
|
||||
log.warn("api result is not object or array");
|
||||
return body;
|
||||
}
|
||||
DataPermissionContextHolder.DataPermissionContext context = DataPermissionContextHolder.get();
|
||||
DataPermissionPrepareContextHolder.DataPermissionPrepareContext context = DataPermissionPrepareContextHolder.get();
|
||||
if (Objects.isNull(context) || Objects.isNull(context.getPersonId())) {
|
||||
log.warn("threadLocal hos not DataPermissionContext or no personId");
|
||||
return body;
|
||||
@ -76,7 +76,7 @@ public class DataPermissionResponseBodyAdvice implements ResponseBodyAdvice<Obje
|
||||
}
|
||||
|
||||
// 最终清除ThreadLocal的内容
|
||||
DataPermissionContextHolder.remove();
|
||||
DataPermissionPrepareContextHolder.remove();
|
||||
return body;
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package cn.axzo.framework.datapermission.advice;
|
||||
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermission;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermissionPrepare;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionPrepareContextHolder;
|
||||
import cn.axzo.framework.datapermission.util.RpcInternalUtil;
|
||||
import cn.axzo.karma.client.feign.tyr.DataObjectApi;
|
||||
import cn.axzo.karma.client.feign.tyr.request.ExamineDpColumnsReq;
|
||||
@ -40,10 +40,10 @@ public class DataPermissionResponseExecutor {
|
||||
}
|
||||
|
||||
|
||||
public void processNode(DataPermissionContextHolder.DataPermissionContext context, JsonNode dataNode) {
|
||||
DataPermission dataPermission = context.getDataPermission();
|
||||
public void processNode(DataPermissionPrepareContextHolder.DataPermissionPrepareContext context, JsonNode dataNode) {
|
||||
DataPermissionPrepare dataPermissionPrepare = context.getDataPermissionPrepare();
|
||||
List<ExamineDpColumnsReq.OrgNodeIdAndPersonId> orgNodeIdAndPersonIds = Lists.newArrayList();
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermission, dataNode, orgNodeIdAndPersonIds);
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermissionPrepare, dataNode, orgNodeIdAndPersonIds);
|
||||
if (CollectionUtils.isEmpty(orgNodeIdAndPersonIds)) {
|
||||
log.warn("api result has no organizationalNodeId and personId, not examine data permission for result columns.");
|
||||
return;
|
||||
@ -60,13 +60,13 @@ public class DataPermissionResponseExecutor {
|
||||
return;
|
||||
}
|
||||
// 根据karma数据列的校验结果,处理api结果的数据对象
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermission, dataNode, examineDpColumnsResp.getAttributeDpResultMap());
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermissionPrepare, dataNode, examineDpColumnsResp.getAttributeDpResultMap());
|
||||
}
|
||||
|
||||
private void recursiveGetOrgNodeIdAndPersonIds(DataPermission dataPermission, JsonNode dataNode, List<ExamineDpColumnsReq.OrgNodeIdAndPersonId> orgNodeIdAndPersonIds) {
|
||||
private void recursiveGetOrgNodeIdAndPersonIds(DataPermissionPrepare dataPermissionPrepare, JsonNode dataNode, List<ExamineDpColumnsReq.OrgNodeIdAndPersonId> orgNodeIdAndPersonIds) {
|
||||
if (dataNode.isObject()) {
|
||||
Long resultOrganizationalNodeId = Objects.nonNull(dataNode.get(dataPermission.key_organizationalNodeId())) ? dataNode.get(dataPermission.key_organizationalNodeId()).asLong() : 0L;
|
||||
Long resultPersonId = Objects.nonNull(dataNode.get(dataPermission.key_personId())) ? dataNode.get(dataPermission.key_personId()).asLong() : 0L;
|
||||
Long resultOrganizationalNodeId = Objects.nonNull(dataNode.get(dataPermissionPrepare.key_organizationalNodeId())) ? dataNode.get(dataPermissionPrepare.key_organizationalNodeId()).asLong() : 0L;
|
||||
Long resultPersonId = Objects.nonNull(dataNode.get(dataPermissionPrepare.key_personId())) ? dataNode.get(dataPermissionPrepare.key_personId()).asLong() : 0L;
|
||||
if (resultOrganizationalNodeId.equals(0L) && resultPersonId.equals(0L)) {
|
||||
return;
|
||||
}
|
||||
@ -77,16 +77,16 @@ public class DataPermissionResponseExecutor {
|
||||
Iterator<JsonNode> elements = arrayNode.elements();
|
||||
while (elements.hasNext()) {
|
||||
JsonNode element = elements.next();
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermission, element, orgNodeIdAndPersonIds);
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermissionPrepare, element, orgNodeIdAndPersonIds);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void recursiveGetOrgNodeIdAndPersonIds(DataPermission dataPermission, JsonNode dataNode,
|
||||
private void recursiveGetOrgNodeIdAndPersonIds(DataPermissionPrepare dataPermissionPrepare, JsonNode dataNode,
|
||||
Map<String, Map<String, ExamineDpColumnsResp.AttributePermissionBasicDTO>> attributeDpResultMap) {
|
||||
if (dataNode.isObject()) {
|
||||
Long resultOrganizationalNodeId = Objects.nonNull(dataNode.get(dataPermission.key_organizationalNodeId())) ? dataNode.get(dataPermission.key_organizationalNodeId()).asLong() : 0L;
|
||||
Long resultPersonId = Objects.nonNull(dataNode.get(dataPermission.key_personId())) ? dataNode.get(dataPermission.key_personId()).asLong() : 0L;
|
||||
Long resultOrganizationalNodeId = Objects.nonNull(dataNode.get(dataPermissionPrepare.key_organizationalNodeId())) ? dataNode.get(dataPermissionPrepare.key_organizationalNodeId()).asLong() : 0L;
|
||||
Long resultPersonId = Objects.nonNull(dataNode.get(dataPermissionPrepare.key_personId())) ? dataNode.get(dataPermissionPrepare.key_personId()).asLong() : 0L;
|
||||
if (resultOrganizationalNodeId.equals(0L) && resultPersonId.equals(0L)) {
|
||||
return;
|
||||
}
|
||||
@ -116,7 +116,7 @@ public class DataPermissionResponseExecutor {
|
||||
Iterator<JsonNode> elements = arrayNode.elements();
|
||||
while (elements.hasNext()) {
|
||||
JsonNode element = elements.next();
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermission, element, attributeDpResultMap);
|
||||
recursiveGetOrgNodeIdAndPersonIds(dataPermissionPrepare, element, attributeDpResultMap);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,20 +1,24 @@
|
||||
package cn.axzo.framework.datapermission.annotation;
|
||||
|
||||
import cn.axzo.framework.datapermission.rule.OrgDefaultRule;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRule;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRuleService;
|
||||
import cn.axzo.framework.datapermission.rule.OrgDefaultRuleServiceImpl;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Inherited;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
/**
|
||||
* 数据权限注解
|
||||
* @author tanjie@axzo.cn
|
||||
* @date 2024/5/30 17:57
|
||||
*/
|
||||
@Inherited
|
||||
@Documented
|
||||
@Target({ElementType.METHOD, ElementType.TYPE})
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface DataPermission {
|
||||
|
||||
boolean enable() default true;
|
||||
|
||||
/**
|
||||
@ -22,23 +26,6 @@ public @interface DataPermission {
|
||||
* 只有在提供sql查询的服务才会生效使用
|
||||
* @return
|
||||
*/
|
||||
Class<? extends DataPermissionRule> includeRule() default OrgDefaultRule.class;
|
||||
|
||||
/**
|
||||
* 数据权限数据对象code
|
||||
* @return
|
||||
*/
|
||||
String bizCode() default "";
|
||||
|
||||
/**
|
||||
* ApiResult返回的机构节点的ID
|
||||
* @return
|
||||
*/
|
||||
String key_organizationalNodeId() default "organizationalNodeId";
|
||||
/**
|
||||
* ApiResult返回的用户的ID
|
||||
* @return
|
||||
*/
|
||||
String key_personId() default "personId";
|
||||
Class<? extends DataPermissionRuleService> includeRule() default OrgDefaultRuleServiceImpl.class;
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,34 @@
|
||||
package cn.axzo.framework.datapermission.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
/**
|
||||
* 数据权限数据预制注解
|
||||
* @author tanjie@axzo.cn
|
||||
* @date 2024/5/30 17:57
|
||||
*/
|
||||
@Inherited
|
||||
@Documented
|
||||
@Target({ElementType.METHOD, ElementType.TYPE})
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
public @interface DataPermissionPrepare {
|
||||
boolean enable() default true;
|
||||
|
||||
/**
|
||||
* 数据权限数据对象code
|
||||
* @return
|
||||
*/
|
||||
String bizCode() default "";
|
||||
|
||||
/**
|
||||
* ApiResult返回的机构节点的ID
|
||||
* @return
|
||||
*/
|
||||
String key_organizationalNodeId() default "organizationalNodeId";
|
||||
/**
|
||||
* ApiResult返回的用户的ID
|
||||
* @return
|
||||
*/
|
||||
String key_personId() default "personId";
|
||||
|
||||
}
|
||||
@ -1,6 +1,7 @@
|
||||
package cn.axzo.framework.datapermission.aop;
|
||||
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionPrepareContextHolder;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import feign.RequestInterceptor;
|
||||
import feign.RequestTemplate;
|
||||
@ -17,11 +18,15 @@ public class DataPermissionFeignInterceptor implements RequestInterceptor {
|
||||
@Override
|
||||
public void apply(RequestTemplate requestTemplate) {
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get();
|
||||
if (dataPermissionContext == null) {
|
||||
DataPermissionPrepareContextHolder.DataPermissionPrepareContext dataPermissionPrepareContext = DataPermissionPrepareContextHolder.get();
|
||||
if (dataPermissionPrepareContext == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.DataPermissionContext.builder()
|
||||
.dataPermissionNodeIds(dataPermissionPrepareContext.getDataPermissionNodeIds())
|
||||
.dataPermissionPersonIds(dataPermissionPrepareContext.getDataPermissionPersonIds())
|
||||
.build();
|
||||
requestTemplate.header(DATA_PERMISSION_HEADER, JSONObject.toJSONString(dataPermissionContext));
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,7 +4,6 @@ import cn.axzo.framework.datapermission.annotation.DataPermission;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.BooleanUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
@ -24,7 +23,7 @@ import static cn.axzo.framework.datapermission.context.DataPermissionContextHold
|
||||
*/
|
||||
@Component
|
||||
@Slf4j
|
||||
public class DataPermissionFilter implements HandlerInterceptor, WebMvcConfigurer {
|
||||
public class DataPermissionInterceptor implements HandlerInterceptor, WebMvcConfigurer {
|
||||
|
||||
/**
|
||||
* 拦截@DataPermission
|
||||
@ -40,12 +39,6 @@ public class DataPermissionFilter implements HandlerInterceptor, WebMvcConfigure
|
||||
throws Exception {
|
||||
if (handler instanceof HandlerMethod) {
|
||||
|
||||
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
||||
DataPermission dataPermission = handlerMethod.getMethodAnnotation(DataPermission.class);
|
||||
if (dataPermission == null || BooleanUtils.isNotTrue(dataPermission.enable())) {
|
||||
return true;
|
||||
}
|
||||
|
||||
String dataPermissionHeader = request.getHeader(DATA_PERMISSION_HEADER);
|
||||
|
||||
if (StringUtils.isBlank(dataPermissionHeader)) {
|
||||
@ -54,6 +47,10 @@ public class DataPermissionFilter implements HandlerInterceptor, WebMvcConfigure
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = JSONObject.parseObject(dataPermissionHeader, DataPermissionContextHolder.DataPermissionContext.class);
|
||||
|
||||
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
||||
DataPermission dataPermission = handlerMethod.getMethodAnnotation(DataPermission.class);
|
||||
dataPermissionContext.setDataPermission(dataPermission);
|
||||
|
||||
DataPermissionContextHolder.setContext(dataPermissionContext);
|
||||
}
|
||||
return true;
|
||||
@ -1,11 +1,11 @@
|
||||
package cn.axzo.framework.datapermission.aop;
|
||||
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermission;
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermissionPrepare;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextFactory;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRule;
|
||||
import cn.axzo.karma.client.feign.tyr.response.MatchDataObjectResp;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionPrepareContextHolder;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRuleService;
|
||||
import com.baomidou.mybatisplus.core.parser.SqlParserHelper;
|
||||
import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
|
||||
import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
|
||||
@ -139,15 +139,15 @@ public class DataPermissionMybatisInterceptor extends JsqlParserSupport implemen
|
||||
protected Expression andExpression(Table table, Expression where) {
|
||||
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get();
|
||||
DataPermission dataPermission = dataPermissionContext.getDataPermission();
|
||||
List<DataPermissionRule> byDataPermission = dataPermissionContextFactory.getRuleByDataPermission(dataPermission);
|
||||
Optional<DataPermissionRule> first = byDataPermission.stream().filter(rule -> rule.getTableName().contains(table.getName())).findFirst();
|
||||
DataPermissionPrepareContextHolder.DataPermissionPrepareContext dataPermissionPrepareContext = DataPermissionPrepareContextHolder.get();
|
||||
DataPermissionPrepare dataPermissionPrepare = dataPermissionPrepareContext.getDataPermissionPrepare();
|
||||
List<DataPermissionRuleService> byDataPermission = dataPermissionContextFactory.getRuleByDataPermission(dataPermissionPrepare);
|
||||
Optional<DataPermissionRuleService> first = byDataPermission.stream().filter(rule -> rule.getTableName().contains(table.getName())).findFirst();
|
||||
if (!first.isPresent()) {
|
||||
return where;
|
||||
}
|
||||
DataPermissionRule dataPermissionRule = first.get();
|
||||
Expression ruleExpression = dataPermissionRule.getExpression(table.getName(), table.getAlias());
|
||||
DataPermissionRuleService dataPermissionRuleService = first.get();
|
||||
Expression ruleExpression = dataPermissionRuleService.getExpression(table.getName(), table.getAlias());
|
||||
|
||||
if (null != where) {
|
||||
if (where instanceof OrExpression) {
|
||||
@ -296,13 +296,13 @@ public class DataPermissionMybatisInterceptor extends JsqlParserSupport implemen
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get();
|
||||
DataPermission dataPermission = dataPermissionContext.getDataPermission();
|
||||
List<DataPermissionRule> byDataPermission = dataPermissionContextFactory.getRuleByDataPermission(dataPermission);
|
||||
Optional<DataPermissionRule> first = byDataPermission.stream().filter(rule -> rule.getTableName().contains(table.getName())).findFirst();
|
||||
List<DataPermissionRuleService> byDataPermission = dataPermissionContextFactory.getRuleByDataPermission(dataPermission);
|
||||
Optional<DataPermissionRuleService> first = byDataPermission.stream().filter(rule -> rule.getTableName().contains(table.getName())).findFirst();
|
||||
if (!first.isPresent()) {
|
||||
return currentExpression;
|
||||
}
|
||||
DataPermissionRule dataPermissionRule = first.get();
|
||||
Expression ruleExpression = dataPermissionRule.getExpression(table.getName(), table.getAlias());
|
||||
DataPermissionRuleService dataPermissionRuleService = first.get();
|
||||
Expression ruleExpression = dataPermissionRuleService.getExpression(table.getName(), table.getAlias());
|
||||
if (currentExpression == null) {
|
||||
return ruleExpression;
|
||||
}
|
||||
@ -313,14 +313,11 @@ public class DataPermissionMybatisInterceptor extends JsqlParserSupport implemen
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
private boolean filter() {
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get();
|
||||
if (null == dataPermissionContext
|
||||
|| dataPermissionContext.getDataPermission() == null
|
||||
|| !dataPermissionContext.getDataPermission().enable()) {
|
||||
DataPermissionPrepareContextHolder.DataPermissionPrepareContext dataPermissionPrepareContext = DataPermissionPrepareContextHolder.get();
|
||||
if (null == dataPermissionPrepareContext
|
||||
|| dataPermissionPrepareContext.getDataPermissionPrepare() == null
|
||||
|| !dataPermissionPrepareContext.getDataPermissionPrepare().enable()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@ -2,13 +2,14 @@ package cn.axzo.framework.datapermission.aop;
|
||||
|
||||
import cn.axzo.framework.auth.domain.ContextInfo;
|
||||
import cn.axzo.framework.auth.domain.ContextInfoHolder;
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermission;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermissionPrepare;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionPrepareContextHolder;
|
||||
import cn.axzo.karma.client.feign.tyr.DataObjectApi;
|
||||
import cn.axzo.karma.client.feign.tyr.request.MatchDataObjectReq;
|
||||
import cn.axzo.karma.client.feign.tyr.response.MatchDataObjectResp;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.BooleanUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
@ -25,7 +26,7 @@ import java.util.Optional;
|
||||
*/
|
||||
@Component
|
||||
@Slf4j
|
||||
public class ResolveDataPermissionRuleFilter implements HandlerInterceptor, WebMvcConfigurer {
|
||||
public class DataPermissionPrepareInterceptor implements HandlerInterceptor, WebMvcConfigurer {
|
||||
|
||||
@Autowired
|
||||
private DataObjectApi dataObjectApi;
|
||||
@ -45,8 +46,8 @@ public class ResolveDataPermissionRuleFilter implements HandlerInterceptor, WebM
|
||||
if (handler instanceof HandlerMethod) {
|
||||
|
||||
HandlerMethod handlerMethod = (HandlerMethod) handler;
|
||||
DataPermission dataPermission = handlerMethod.getMethodAnnotation(DataPermission.class);
|
||||
if (dataPermission == null || BooleanUtils.isNotTrue(dataPermission.enable())) {
|
||||
DataPermissionPrepare dataPermissionPrepare = handlerMethod.getMethodAnnotation(DataPermissionPrepare.class);
|
||||
if (dataPermissionPrepare == null || BooleanUtils.isNotTrue(dataPermissionPrepare.enable()) || StringUtils.isBlank(dataPermissionPrepare.bizCode())) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -55,18 +56,18 @@ public class ResolveDataPermissionRuleFilter implements HandlerInterceptor, WebM
|
||||
return true;
|
||||
}
|
||||
|
||||
Optional<MatchDataObjectResp> matchDataObjectOptional = this.matchRule(dataPermission);
|
||||
Optional<MatchDataObjectResp> matchDataObjectOptional = this.matchRule(dataPermissionPrepare);
|
||||
if (!matchDataObjectOptional.isPresent()) {
|
||||
log.warn("no match data rule, bizCode:{}, personId:{}, ouId:{}, workspaceId:{}",
|
||||
dataPermission.bizCode(),
|
||||
dataPermissionPrepare.bizCode(),
|
||||
contextInfo.getUserInfo().getPersonId(),
|
||||
contextInfo.getOuId(),
|
||||
contextInfo.getWorkspaceId());
|
||||
return true;
|
||||
}
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.DataPermissionContext.builder()
|
||||
.dataPermission(dataPermission)
|
||||
DataPermissionPrepareContextHolder.DataPermissionPrepareContext dataPermissionPrepareContext = DataPermissionPrepareContextHolder.DataPermissionPrepareContext.builder()
|
||||
.dataPermissionPrepare(dataPermissionPrepare)
|
||||
.workspaceId(contextInfo.getWorkspaceId())
|
||||
.ouId(contextInfo.getOuId())
|
||||
.personId(contextInfo.getUserInfo().getPersonId())
|
||||
@ -75,17 +76,17 @@ public class ResolveDataPermissionRuleFilter implements HandlerInterceptor, WebM
|
||||
.resultKey(matchDataObjectOptional.get().getResultKey())
|
||||
.build();
|
||||
|
||||
DataPermissionContextHolder.setContext(dataPermissionContext);
|
||||
DataPermissionPrepareContextHolder.setContext(dataPermissionPrepareContext);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private Optional<MatchDataObjectResp> matchRule(DataPermission dataPermission) {
|
||||
private Optional<MatchDataObjectResp> matchRule(DataPermissionPrepare dataPermissionPrepare) {
|
||||
|
||||
ContextInfo contextInfo = ContextInfoHolder.get();
|
||||
|
||||
MatchDataObjectReq matchDataObjectReq = MatchDataObjectReq.builder()
|
||||
.dataObjectCode(dataPermission.bizCode())
|
||||
.dataObjectCode(dataPermissionPrepare.bizCode())
|
||||
.ouId(contextInfo.getOuId())
|
||||
.workspaceId(contextInfo.getWorkspaceId())
|
||||
.personId(contextInfo.getUserInfo().getPersonId())
|
||||
@ -2,7 +2,7 @@ package cn.axzo.framework.datapermission.config;
|
||||
|
||||
import cn.axzo.framework.datapermission.aop.DataPermissionMybatisInterceptor;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextFactory;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRule;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRuleService;
|
||||
import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
@ -26,7 +26,7 @@ public class DataPermissionConfig {
|
||||
|
||||
|
||||
@Bean
|
||||
public DataPermissionContextFactory dataPermissionRuleFactory(List<DataPermissionRule> rules) {
|
||||
public DataPermissionContextFactory dataPermissionRuleFactory(List<DataPermissionRuleService> rules) {
|
||||
return new DataPermissionContextFactory(rules);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
package cn.axzo.framework.datapermission.context;
|
||||
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermission;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRule;
|
||||
import cn.axzo.framework.datapermission.rule.DataPermissionRuleService;
|
||||
import lombok.AllArgsConstructor;
|
||||
|
||||
import java.util.List;
|
||||
@ -15,15 +15,15 @@ import java.util.stream.Collectors;
|
||||
@AllArgsConstructor
|
||||
public class DataPermissionContextFactory {
|
||||
|
||||
List<DataPermissionRule> rules;
|
||||
List<DataPermissionRuleService> rules;
|
||||
|
||||
|
||||
public List<DataPermissionRule> getRules() {
|
||||
public List<DataPermissionRuleService> getRules() {
|
||||
return rules;
|
||||
}
|
||||
|
||||
public List<DataPermissionRule> getRuleByDataPermission(DataPermission dataPermission) {
|
||||
Class<? extends DataPermissionRule> classes = dataPermission.includeRule();
|
||||
public List<DataPermissionRuleService> getRuleByDataPermission(DataPermission dataPermission) {
|
||||
Class<? extends DataPermissionRuleService> classes = dataPermission.includeRule();
|
||||
return rules.stream().filter(rule -> Objects.equals(classes, rule.getClass())).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
|
||||
@ -8,12 +8,6 @@ import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* 数据权限上下文
|
||||
*
|
||||
* @author tanjie@axzo.cn
|
||||
* @date 2024/5/31 11:42
|
||||
*/
|
||||
public class DataPermissionContextHolder {
|
||||
|
||||
public static final String DATA_PERMISSION_HEADER = "dataPermission";
|
||||
@ -32,21 +26,6 @@ public class DataPermissionContextHolder {
|
||||
public static class DataPermissionContext {
|
||||
private DataPermission dataPermission;
|
||||
|
||||
/**
|
||||
* 当前单位id
|
||||
*/
|
||||
private Long ouId;
|
||||
|
||||
/**
|
||||
* 当前项目id
|
||||
*/
|
||||
private Long workspaceId;
|
||||
|
||||
/**
|
||||
* 登录人
|
||||
*/
|
||||
private Long personId;
|
||||
|
||||
/**
|
||||
* 解析后的人员id
|
||||
*/
|
||||
@ -56,11 +35,6 @@ public class DataPermissionContextHolder {
|
||||
* 解析后的部门id
|
||||
*/
|
||||
private Set<Long> dataPermissionNodeIds;
|
||||
|
||||
/**
|
||||
* 匹配的解析规则放在redis中的key
|
||||
*/
|
||||
private String resultKey;
|
||||
}
|
||||
|
||||
public static void remove() {
|
||||
@ -71,4 +45,3 @@ public class DataPermissionContextHolder {
|
||||
return DATA_PERMISSION_CONTEXT.get();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -0,0 +1,73 @@
|
||||
package cn.axzo.framework.datapermission.context;
|
||||
|
||||
import cn.axzo.framework.datapermission.annotation.DataPermissionPrepare;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* 数据权限上下文
|
||||
*
|
||||
* @author tanjie@axzo.cn
|
||||
* @date 2024/5/31 11:42
|
||||
*/
|
||||
public class DataPermissionPrepareContextHolder {
|
||||
|
||||
|
||||
private final static ThreadLocal<DataPermissionPrepareContext> DATA_PERMISSION_CONTEXT = new ThreadLocal<>();
|
||||
|
||||
public static void setContext(DataPermissionPrepareContext dataPermission) {
|
||||
DATA_PERMISSION_CONTEXT.set(dataPermission);
|
||||
}
|
||||
|
||||
|
||||
@Data
|
||||
@Builder
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public static class DataPermissionPrepareContext {
|
||||
private DataPermissionPrepare dataPermissionPrepare;
|
||||
|
||||
/**
|
||||
* 当前单位id
|
||||
*/
|
||||
private Long ouId;
|
||||
|
||||
/**
|
||||
* 当前项目id
|
||||
*/
|
||||
private Long workspaceId;
|
||||
|
||||
/**
|
||||
* 登录人
|
||||
*/
|
||||
private Long personId;
|
||||
|
||||
/**
|
||||
* 解析后的人员id
|
||||
*/
|
||||
private Set<Long> dataPermissionPersonIds;
|
||||
|
||||
/**
|
||||
* 解析后的部门id
|
||||
*/
|
||||
private Set<Long> dataPermissionNodeIds;
|
||||
|
||||
/**
|
||||
* 匹配的解析规则放在redis中的key
|
||||
*/
|
||||
private String resultKey;
|
||||
}
|
||||
|
||||
public static void remove() {
|
||||
DATA_PERMISSION_CONTEXT.remove();
|
||||
}
|
||||
|
||||
public static DataPermissionPrepareContext get() {
|
||||
return DATA_PERMISSION_CONTEXT.get();
|
||||
}
|
||||
}
|
||||
|
||||
@ -9,7 +9,7 @@ import java.util.Set;
|
||||
* @author tanjie@axzo.cn
|
||||
* @date 2024/5/30 18:31
|
||||
*/
|
||||
public interface DataPermissionRule {
|
||||
public interface DataPermissionRuleService {
|
||||
|
||||
Set<String> getTableName();
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
package cn.axzo.framework.datapermission.rule;
|
||||
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionContextHolder;
|
||||
import cn.axzo.framework.datapermission.context.DataPermissionPrepareContextHolder;
|
||||
import cn.axzo.karma.client.feign.tyr.DataObjectApi;
|
||||
import com.baomidou.mybatisplus.core.metadata.TableInfo;
|
||||
import com.baomidou.mybatisplus.core.metadata.TableInfoHelper;
|
||||
@ -35,7 +35,7 @@ import java.util.stream.Collectors;
|
||||
@Builder
|
||||
@RequiredArgsConstructor
|
||||
@Slf4j
|
||||
public class OrgDefaultRule implements DataPermissionRule {
|
||||
public class OrgDefaultRuleServiceImpl implements DataPermissionRuleService {
|
||||
static final Expression EXPRESSION_NULL = new NullValue();
|
||||
|
||||
private static final String DEFAULT_PERSON = "person_id";
|
||||
@ -64,15 +64,15 @@ public class OrgDefaultRule implements DataPermissionRule {
|
||||
@Override
|
||||
public Expression getExpression(String tableName, Alias tableAlias) {
|
||||
|
||||
DataPermissionContextHolder.DataPermissionContext dataPermissionContext = DataPermissionContextHolder.get();
|
||||
DataPermissionPrepareContextHolder.DataPermissionPrepareContext dataPermissionPrepareContext = DataPermissionPrepareContextHolder.get();
|
||||
|
||||
if (dataPermissionContext == null) {
|
||||
if (dataPermissionPrepareContext == null) {
|
||||
log.warn("not found dataPermissionContext");
|
||||
return EXPRESSION_NULL;
|
||||
}
|
||||
|
||||
Set<Long> nodeIds = dataPermissionContext.getDataPermissionNodeIds();
|
||||
Set<Long> personIds = dataPermissionContext.getDataPermissionPersonIds();
|
||||
Set<Long> nodeIds = dataPermissionPrepareContext.getDataPermissionNodeIds();
|
||||
Set<Long> personIds = dataPermissionPrepareContext.getDataPermissionPersonIds();
|
||||
|
||||
Expression deptExpression = buildExpression(tableName, tableAlias, nodeIds);
|
||||
Expression userExpression = buildExpression(tableName, tableAlias, personIds);
|
||||
Loading…
Reference in New Issue
Block a user