diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java index 382e268146..c9965192cf 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/aspect/DataFilterAspect.java @@ -50,6 +50,8 @@ public class DataFilterAspect { */ private static final ThreadLocal hasConditions = new ThreadLocal(); + public static final ThreadLocal sqlFilter = new ThreadLocal(); + @Autowired private LoginUserUtil loginUserUtil; @@ -63,6 +65,10 @@ public class DataFilterAspect { @Before("@annotation(com.epmet.commons.mybatis.annotation.DataFilter)") public void dataFilter(JoinPoint point) { + + //清空 + sqlFilter.set(null); + // 通过反射,取到注解属性 DataFilter dataFilterAnno = ((MethodSignature) point.getSignature()).getMethod().getAnnotation(DataFilter.class); String tableAlias = dataFilterAnno.tableAlias(); @@ -71,7 +77,7 @@ public class DataFilterAspect { String requirePermission = AccessOpeAspect.requirePermissionTl.get(); // 没有配置所需权限,不做操作,打印提示日志 if (StringUtils.isBlank(requirePermission)) { - log.warn("Api编码需要指定所需权限,请在Api上使用@RequirePermission注解完成所需权限配置"); + log.warn("接口缺少所需权限配置,请在Controller方法上使用@RequirePermission注解完成所需权限配置"); return; } @@ -107,13 +113,18 @@ public class DataFilterAspect { String sqlFilterSegment = getSqlFilterSegment(userId, permCacheResultDTO.getRoleIdList(), requirePermission, permCacheResultDTO.getOrgIdPath(), permCacheResultDTO.getGridId(), tableAlias, permCacheResultDTO.getDeptIdList()); - // 填充到Service方法列表中的DataScope对象中 - Object[] methodArgs = point.getArgs(); - for (Object methodArg : methodArgs) { - if (methodArg instanceof DataScope) { - ((DataScope) methodArg).setSqlFilter(sqlFilterSegment); - return; - } + // 方式1.填充到Service方法列表中的DataScope对象中。如果dao入参是用DTO的话,那么再加一个DataScope入参,sql中会报错提示#{}参数找不到,因此改用方法2 + //Object[] methodArgs = point.getArgs(); + //for (Object methodArg : methodArgs) { + // if (methodArg instanceof DataScope) { + // ((DataScope) methodArg).setSqlFilter(sqlFilterSegment); + // return; + // } + //} + + // 方式2,采用ThreadLocal传参到DataFilterInterceptor中 + if (StringUtils.isNotBlank(sqlFilterSegment)) { + sqlFilter.set(sqlFilterSegment); } } diff --git a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java index e211c01e4e..2545751da6 100644 --- a/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java +++ b/epmet-commons/epmet-commons-mybatis/src/main/java/com/epmet/commons/mybatis/interceptor/DataFilterInterceptor.java @@ -11,6 +11,7 @@ package com.epmet.commons.mybatis.interceptor; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.toolkit.PluginUtils; import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler; +import com.epmet.commons.mybatis.aspect.DataFilterAspect; import com.epmet.commons.mybatis.entity.DataScope; import org.apache.commons.lang3.StringUtils; import org.apache.ibatis.executor.statement.StatementHandler; @@ -53,8 +54,8 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I String originalSql = boundSql.getSql(); Object paramObj = boundSql.getParameterObject(); - // 判断参数里是否有DataScope对象 - DataScope scope = null; + // 方式1.判断参数里是否有DataScope对象 + /*DataScope scope = null; if (paramObj instanceof DataScope) { // 直接传入DataScope,不分页? scope = (DataScope) paramObj; @@ -75,25 +76,34 @@ public class DataFilterInterceptor extends AbstractSqlParserHandler implements I if (scope == null) { return invocation.proceed(); } - - // 拼接新SQL - String orderBy = "ORDER BY"; - String groupBy = "GROUP BY"; String sqlFilter = scope.getSqlFilter(); + */ + + // 方式2.从ThreadLocal中取sqlFilter + String sqlFilter = DataFilterAspect.sqlFilter.get(); + if (StringUtils.isBlank(sqlFilter)) { return invocation.proceed(); } + + // 没有where就拼接where,有了where就拼接AND if (originalSql.indexOf("WHERE") == 0) { // 不包含where,需要手动拼接上 sqlFilter = " WHERE ".concat(sqlFilter); + } else { + sqlFilter = " AND (".concat(sqlFilter).concat(")"); } + // 拼接新SQL + String orderBy = "ORDER BY"; + String groupBy = "GROUP BY"; + if (originalSql.indexOf(groupBy) > -1) { originalSql = originalSql.replace(groupBy, sqlFilter + groupBy); } else if (originalSql.indexOf(orderBy) > -1) { originalSql = originalSql.replace(orderBy, sqlFilter + orderBy); } else { - originalSql = originalSql.concat(" AND (").concat(scope.getSqlFilter()).concat(")"); + originalSql = originalSql.concat(sqlFilter); } // 重写SQL diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java index 3a5fe74459..8e78b778d6 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/annotation/RequirePermission.java @@ -16,6 +16,8 @@ package com.epmet.commons.tools.annotation; +import com.epmet.commons.tools.enums.RequirePermissionEnum; + import java.lang.annotation.*; /** @@ -28,9 +30,5 @@ import java.lang.annotation.*; @Retention(RetentionPolicy.RUNTIME) @Documented public @interface RequirePermission { - - String key() default ""; - - String desc() default ""; - + RequirePermissionEnum requirePermission(); } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java index 72070ee6e1..054710d348 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/aspect/AccessOpeAspect.java @@ -9,6 +9,7 @@ package com.epmet.commons.tools.aspect; import com.epmet.commons.tools.annotation.RequirePermission; +import com.epmet.commons.tools.enums.RequirePermissionEnum; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; @@ -35,8 +36,8 @@ public class AccessOpeAspect { // 取RequirePermission注解 MethodSignature methodSignature = (MethodSignature) point.getSignature(); RequirePermission requirePermissionAnno = methodSignature.getMethod().getAnnotation(RequirePermission.class); - String key = requirePermissionAnno.key(); - String desc = requirePermissionAnno.desc(); + RequirePermissionEnum requirePermissionEnum = requirePermissionAnno.requirePermission(); + String key = requirePermissionEnum.getKey(); // 放入ThreadLocal,供DataFilterAspect中使用 requirePermissionTl.set(key); diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/config/PermissionInitializer.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/config/PermissionInitializer.java new file mode 100644 index 0000000000..b2908f242a --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/config/PermissionInitializer.java @@ -0,0 +1,30 @@ +//package com.epmet.commons.tools.config; +// +//import com.epmet.commons.tools.annotation.RequirePermission; +//import org.springframework.beans.factory.annotation.Autowired; +//import org.springframework.context.ApplicationContext; +//import org.springframework.context.annotation.Configuration; +// +//import javax.annotation.PostConstruct; +//import java.util.Map; +// +//@Configuration +//public class PermissionInitializer { +// +// @Autowired +// private ApplicationContext applicationContext; +// +// /** +// * 初始化操作权限 +// */ +// @PostConstruct +// public void initOpePermissions() { +// Map beanMap = applicationContext.getBeansWithAnnotation(RequirePermission.class); +// for (Map.Entry entry : beanMap.entrySet()) { +// System.out.println(entry); +// } +// +// } +// +// +//} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java new file mode 100644 index 0000000000..13054dc29e --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/enums/RequirePermissionEnum.java @@ -0,0 +1,69 @@ +package com.epmet.commons.tools.enums; + +public enum RequirePermissionEnum { + + WORK_GRASSROOTS_GROUP_AUDITINGLIST("work_grassroots_group_auditinglist", "基层治理-群组管理-待审核列表", "基层治理-群组管理-待审核列表"), + WORK_GRASSROOTS_GROUP_AUDIT("work_grassroots_group_audit", "基层治理-群组管理-审核建组", "基层治理-群组管理-审核建组"), + WORK_GRASSROOTS_GROUP_GROUPSINTHEGRID("work_grassroots_group_groupsinthegrid", "基层治理-群组管理-本网格小组列表", "基层治理-群组管理-本网格小组列表"), + WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITINGLIST("work_grassroots_resi_warmhearted_auditinglist", "基层治理-居民管理-热心居民待审核列表", "基层治理-居民管理-热心居民待审核列表"), + WORK_GRASSROOTS_RESI_WARMHEARTED_AUDITHISTORYLIST("work_grassroots_resi_warmhearted_audithistorylist", "基层治理-居民管理-热心审核历史", "基层治理-居民管理-热心审核历史"), + WORK_GRASSROOTS_RESI_WARMHEARTED_AUDIT("work_grassroots_resi_warmhearted_audit", "基层治理-居民管理-热心居民审核", "基层治理-居民管理-热心居民审核"), + ORG_AGENCY_TRACE("org_agency_trace", "组织-查看上级机关", "组织-查看上级机关"), + ORG_AGENCY_UPDATE("org_agency_update", "组织-机关单位-编辑", "组织-机关单位-编辑"), + ORG_SUBAGENCY_LIST("org_subagency_list", "组织-下级机关-列表", "组织-下级机关-列表"), + ORG_SUBAGENCY_CREATE("org_subagency_create", "组织-下级机关-新增", "组织-下级机关-新增"), + ORG_SUBAGENCY_DELETE("org_subagency_delete", "组织-下级机关-删除", "组织-下级机关-删除"), + ORG_STAFF_DETAIL("org_staff_detail", "组织-工作人员-详情", "组织-工作人员-详情"), + ORG_STAFF_LIST("org_staff_list", "组织-工作人员-列表", "组织-工作人员-列表"), + ORG_STAFF_CREATE("org_staff_create", "组织-工作人员-新增", "组织-工作人员-新增"), + ORG_STAFF_UPDATE("org_staff_update", "组织-工作人员-编辑", "组织-工作人员-编辑"), + ORG_STAFF_FORBIDDEN("org_staff_forbidden", "组织-工作人员-禁用", "组织-工作人员-禁用"), + ORG_DEPARTMENT_LIST("org_department_list", "组织-直属部门-部门列表", "组织-直属部门-部门列表"), + ORG_DEPARTMENT_CREATE("org_department_create", "组织-直属部门-新增部门", "组织-直属部门-新增部门"), + ORG_DEPARTMENT_UPDATE("org_department_update", "组织-直属部门-编辑部门", "组织-直属部门-编辑部门"), + ORG_DEPARTMENT_DELETE("org_department_delete", "组织-直属部门-删除", "组织-直属部门-删除"), + ORG_DEPARTMENT_STAFF_ADD("org_department_staff_add", "组织-直属部门-添加人员", "组织-直属部门-添加人员"), + ORG_DEPARTMENT_STAFF_REMOVE("org_department_staff_remove", "组织-直属部门-移除人员", "组织-直属部门-移除人员"), + ORG_DEPARTMENT_STAFF_LIST("org_department_staff_list", "组织-直属部门-人员列表", "组织-直属部门-人员列表"), + ORG_GRID_LIST("org_grid_list", "组织-治理网格-网格列表", "组织-治理网格-网格列表"), + ORG_GRID_CREATE("org_grid_create", "组织-治理网格-新增网格", "组织-治理网格-新增网格"), + ORG_GRID_UPDATE("org_grid_update", "组织-治理网格-编辑网格", "组织-治理网格-编辑网格"), + ORG_GRID_DELETE("org_grid_delete", "组织-治理网格-删除", "组织-治理网格-删除"), + ORG_GRID_STAFF_ADD("org_grid_staff_add", "组织-治理网格-新增网格工作人员", "组织-治理网格-新增网格工作人员"), + ORG_GRID_STAFF_REMOVE("org_grid_staff_remove", "组织-治理网格-移除网格工作人员", "组织-治理网格-移除网格工作人员"), + ORG_PARTYMEMBER_SUMMARY("org_partymember_summary", "组织-党员-汇总信息", "组织-党员-汇总信息"); + + private String key; + private String name; + private String brief; + + RequirePermissionEnum(String key, String name, String brief) { + this.key = key; + this.name = name; + this.brief = brief; + } + + public String getKey() { + return key; + } + + public void setKey(String key) { + this.key = key; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public String getBrief() { + return brief; + } + + public void setBrief(String brief) { + this.brief = brief; + } +} diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java index a16c1ec5d3..e332d0ffb5 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/StaffRoleController.java @@ -2,6 +2,7 @@ package com.epmet.controller; import com.epmet.commons.mybatis.entity.DataScope; import com.epmet.commons.tools.annotation.RequirePermission; +import com.epmet.commons.tools.enums.RequirePermissionEnum; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.dto.GovStaffRoleDTO; @@ -65,7 +66,7 @@ public class StaffRoleController { * @return */ @PostMapping("staffsinrole") - //@RequirePermission(key = "org_staff_list") + //@RequirePermission(requirePermission = RequirePermissionEnum.ORG_STAFF_LIST) public Result> getStaffsInRole(@RequestBody StaffRoleFormDTO staffRoleFormDTO) { ValidatorUtils.validateEntity(staffRoleFormDTO, StaffRoleFormDTO.GetStaffsInRole.class); String roleKey = staffRoleFormDTO.getRoleKey(); @@ -82,6 +83,7 @@ public class StaffRoleController { * @Date 2020.04.26 13:06 **/ @PostMapping("getcustomerstaffroles") + //@RequirePermission(requirePermission = RequirePermissionEnum.ORG_STAFF_LIST) public Result getCustomerStaffRoles(@RequestBody CommonUserFormDTO commonUserFormDTO){ ValidatorUtils.validateEntity(commonUserFormDTO); return staffRoleService.getStaffRoles(commonUserFormDTO); diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java index 15b5b1c311..0c4365e9fb 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/StaffRoleServiceImpl.java @@ -133,6 +133,7 @@ public class StaffRoleServiceImpl extends BaseServiceImpl getStaffRoles(CommonUserFormDTO userParam) { return new Result().ok(baseDao.getStaffRoles(userParam)); }