业务场景需求说明:
在项目权限框架体系下。A部门用户 :A张三,创建一条业务单据 :业务单据A数据,
此时呢,业务需求是:【业务单据A数据】只能是 【A部门】下的所有用户能看的见,其他组织无权查看 此条数据
1.数据库设计:
创建:create_dept 字段,记录数据的来源 组织
- 使用SpringAop 技术,将 组织数据过滤 与 业务逻辑隔离。。。
package com.AAA.framework.aspectj;
import com.AAA.common.annotation.BranchScope;
import com.AAA.common.core.domain.BaseEntity;
import com.AAA.common.core.domain.entity.SysUser;
import com.AAA.common.core.domain.model.LoginUser;
import com.AAA.common.utils.SecurityUtils;
import com.AAA.common.utils.StringUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import java.lang.reflect.Method;
/**
- 组织数据过滤处理
* @author wangwei
*/
@Aspect
@Component
public class BranchScopeAspect {/* 数据权限过滤关键字 /
public static final String DATA_SCOPE = "branchScope";// 配置织入点
@Pointcut("@annotation(com.ruoyi.common.annotation.BranchScope)")
public void branchScopePointCut() {}@Before("branchScopePointCut()")
public void doBefore(JoinPoint point) throws Throwable {
handleDataScope(point);
}protected void handleDataScope(final JoinPoint joinPoint) {
// 获得注解
BranchScope controllerBranchScope = getAnnotationLog(joinPoint);
if (controllerBranchScope == null) {
return;
}
// 获取当前的用户
LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNotNull(loginUser)) {
SysUser currentUser = loginUser.getUser();
// 如果是超级管理员,则不过滤数据 && !currentUser.isAdmin()
if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) {branchScopeFilter(joinPoint, currentUser);}
}
}/**
- 数据范围过滤
* - @param joinPoint 切点
- @param user 用户
*/
public static void branchScopeFilter(JoinPoint joinPoint, SysUser user) {
Object params = joinPoint.getArgs()[0];
if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
BaseEntity baseEntity = (BaseEntity) params;
baseEntity
}.getParams() .put( DATA_SCOPE, " AND create_dept IN (SELECT dept_id FROM sys_dept WHERE dept_id = '" + user.getDeptId() + "') ");
}
/* 是否存在注解,如果存在就获取 /
private BranchScope getAnnotationLog(JoinPoint joinPoint) {
Signature signature = joinPoint.getSignature();
MethodSignature methodSignature = (MethodSignature) signature;
Method method = methodSignature.getMethod();
if (method != null) {
return method.getAnnotation(BranchScope.class);
}
return null;
}
}- 数据范围过滤
核心关键点说明: 这里处理 过滤组织数据的 思路是,在查询数据的时候,通过 组织id:dept_id ,查询所有业务单据中 有没有 当前登录组织 创建的单据
完整sql语句:
SELECT count(0) FROM table_aaa WHERE create_dept IN (SELECT dept_id FROM sys_dept WHERE dept_id = '103')
- 详细业务使用:
自定义注解:
package com.AAA.common.annotation;
import java.lang.annotation.*;
/* 组织过滤注解 /
/*
- wangwei
- 2023-05-19 09:08:00
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface BranchScope {}
3.mybatis中配置
${params.branchScope}
<select id="selectJcryList" parameterType="Jcry" resultMap="JcryResult">
<include refid="selectJcryVo"/>
<where>
<if test="name != null and name != ''"> and name like concat('%', #{name}, '%')</if>
<if test="pnumber != null and pnumber != ''"> and pnumber = #{pnumber}</if>
<if test="deleted != null and deleted != ''"> and deleted = #{deleted}</if>
${params.branchScope}
</where>
</select>
