优化数据权限代码
This commit is contained in:
RuoYi
parent
bc7a607033
commit
259dc67728
|
|
@ -365,6 +365,10 @@ public class Convert
|
||||||
*/
|
*/
|
||||||
public static String[] toStrArray(String str)
|
public static String[] toStrArray(String str)
|
||||||
{
|
{
|
||||||
|
if (StringUtils.isEmpty(str))
|
||||||
|
{
|
||||||
|
return new String[] {};
|
||||||
|
}
|
||||||
return toStrArray(",", str);
|
return toStrArray(",", str);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -92,16 +92,22 @@ public class DataScopeAspect
|
||||||
{
|
{
|
||||||
StringBuilder sqlString = new StringBuilder();
|
StringBuilder sqlString = new StringBuilder();
|
||||||
List<String> conditions = new ArrayList<String>();
|
List<String> conditions = new ArrayList<String>();
|
||||||
|
List<String> scopeCustomIds = new ArrayList<String>();
|
||||||
|
user.getRoles().forEach(role -> {
|
||||||
|
if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
|
||||||
|
{
|
||||||
|
scopeCustomIds.add(Convert.toStr(role.getRoleId()));
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
for (SysRole role : user.getRoles())
|
for (SysRole role : user.getRoles())
|
||||||
{
|
{
|
||||||
String dataScope = role.getDataScope();
|
String dataScope = role.getDataScope();
|
||||||
if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
|
if (conditions.contains(dataScope))
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
|
if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
|
||||||
&& !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
|
|
||||||
{
|
{
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
@ -113,9 +119,15 @@ public class DataScopeAspect
|
||||||
}
|
}
|
||||||
else if (DATA_SCOPE_CUSTOM.equals(dataScope))
|
else if (DATA_SCOPE_CUSTOM.equals(dataScope))
|
||||||
{
|
{
|
||||||
sqlString.append(StringUtils.format(
|
if (scopeCustomIds.size() > 1)
|
||||||
" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
|
{
|
||||||
role.getRoleId()));
|
// 多个自定数据权限使用in查询,避免多次拼接。
|
||||||
|
sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds)));
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (DATA_SCOPE_DEPT.equals(dataScope))
|
else if (DATA_SCOPE_DEPT.equals(dataScope))
|
||||||
{
|
{
|
||||||
|
|
@ -123,9 +135,7 @@ public class DataScopeAspect
|
||||||
}
|
}
|
||||||
else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
|
else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
|
||||||
{
|
{
|
||||||
sqlString.append(StringUtils.format(
|
sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId()));
|
||||||
" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
|
|
||||||
deptAlias, user.getDeptId(), user.getDeptId()));
|
|
||||||
}
|
}
|
||||||
else if (DATA_SCOPE_SELF.equals(dataScope))
|
else if (DATA_SCOPE_SELF.equals(dataScope))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -13,9 +13,11 @@ import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||||
import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
|
import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
|
||||||
import com.ruoyi.common.constant.HttpStatus;
|
import com.ruoyi.common.constant.HttpStatus;
|
||||||
import com.ruoyi.common.core.domain.AjaxResult;
|
import com.ruoyi.common.core.domain.AjaxResult;
|
||||||
|
import com.ruoyi.common.core.text.Convert;
|
||||||
import com.ruoyi.common.exception.DemoModeException;
|
import com.ruoyi.common.exception.DemoModeException;
|
||||||
import com.ruoyi.common.exception.ServiceException;
|
import com.ruoyi.common.exception.ServiceException;
|
||||||
import com.ruoyi.common.utils.StringUtils;
|
import com.ruoyi.common.utils.StringUtils;
|
||||||
|
import com.ruoyi.common.utils.html.EscapeUtil;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 全局异常处理器
|
* 全局异常处理器
|
||||||
|
|
@ -79,8 +81,13 @@ public class GlobalExceptionHandler
|
||||||
public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request)
|
public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request)
|
||||||
{
|
{
|
||||||
String requestURI = request.getRequestURI();
|
String requestURI = request.getRequestURI();
|
||||||
|
String value = Convert.toStr(e.getValue());
|
||||||
|
if (StringUtils.isNotEmpty(value))
|
||||||
|
{
|
||||||
|
value = EscapeUtil.clean(value);
|
||||||
|
}
|
||||||
log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e);
|
log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e);
|
||||||
return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), e.getValue()));
|
return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), value));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue