userId改为 workcode , 修复数据权限的问题. http://172.16.46.63:31560/index.php?m=task&f=view&taskID=715
This commit is contained in:
ranke
@@ -18,19 +18,24 @@ import com.zt.plat.framework.tenant.core.context.CompanyContextHolder;
|
|||||||
import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
|
import com.zt.plat.framework.tenant.core.context.DeptContextHolder;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import net.sf.jsqlparser.JSQLParserException;
|
||||||
import net.sf.jsqlparser.expression.Alias;
|
import net.sf.jsqlparser.expression.Alias;
|
||||||
import net.sf.jsqlparser.expression.Expression;
|
import net.sf.jsqlparser.expression.Expression;
|
||||||
import net.sf.jsqlparser.expression.LongValue;
|
import net.sf.jsqlparser.expression.LongValue;
|
||||||
import net.sf.jsqlparser.expression.NullValue;
|
import net.sf.jsqlparser.expression.NullValue;
|
||||||
|
import net.sf.jsqlparser.expression.StringValue;
|
||||||
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
|
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
|
||||||
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
|
import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
|
||||||
import net.sf.jsqlparser.expression.operators.relational.*;
|
import net.sf.jsqlparser.expression.operators.relational.*;
|
||||||
|
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
|
||||||
import net.sf.jsqlparser.schema.Column;
|
import net.sf.jsqlparser.schema.Column;
|
||||||
import net.sf.jsqlparser.schema.Table;
|
import net.sf.jsqlparser.schema.Table;
|
||||||
import net.sf.jsqlparser.statement.select.ParenthesedSelect;
|
import net.sf.jsqlparser.statement.select.ParenthesedSelect;
|
||||||
import net.sf.jsqlparser.statement.select.PlainSelect;
|
import net.sf.jsqlparser.statement.select.PlainSelect;
|
||||||
import net.sf.jsqlparser.statement.select.SelectItem;
|
import net.sf.jsqlparser.statement.select.SelectItem;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
||||||
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@@ -67,7 +72,16 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
|||||||
private static final String DEPT_COLUMN_NAME = "dept_id";
|
private static final String DEPT_COLUMN_NAME = "dept_id";
|
||||||
private static final String USER_COLUMN_NAME = "user_id";
|
private static final String USER_COLUMN_NAME = "user_id";
|
||||||
|
|
||||||
static final Expression EXPRESSION_NULL = new NullValue();
|
static final Expression EXPRESSION_NULL;
|
||||||
|
|
||||||
|
static {
|
||||||
|
try {
|
||||||
|
EXPRESSION_NULL = CCJSqlParserUtil.parseCondExpression("1 = 0");
|
||||||
|
} catch (JSQLParserException e) {
|
||||||
|
throw new RuntimeException(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public static final String SYSTEM_USERS = "system_users";
|
public static final String SYSTEM_USERS = "system_users";
|
||||||
|
|
||||||
private final PermissionCommonApi permissionApi;
|
private final PermissionCommonApi permissionApi;
|
||||||
@@ -177,7 +191,9 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
|||||||
// 情况三,拼接 Dept 和 Company User 的条件,最后组合
|
// 情况三,拼接 Dept 和 Company User 的条件,最后组合
|
||||||
Expression deptExpression = buildDeptExpression(tableName, tableAlias, effectiveDeptIds);
|
Expression deptExpression = buildDeptExpression(tableName, tableAlias, effectiveDeptIds);
|
||||||
// Expression deptExpression = buildDeptExpression(tableName, tableAlias, deptDataPermission.getDeptIds());
|
// Expression deptExpression = buildDeptExpression(tableName, tableAlias, deptDataPermission.getDeptIds());
|
||||||
Expression userExpression = buildUserExpression(tableName, tableAlias, effectiveSelf, loginUser.getId());
|
// 使用工号替换 UserId
|
||||||
|
String userWorkCode = SecurityFrameworkUtils.getLoginUserWorkCode();
|
||||||
|
Expression userExpression = buildUserExpression(tableName, tableAlias, effectiveSelf, loginUser.getId(), userWorkCode);
|
||||||
if (deptExpression == null && userExpression == null) {
|
if (deptExpression == null && userExpression == null) {
|
||||||
// TODO ZT:获得不到条件的时候,暂时不抛出异常,而是不返回数据
|
// TODO ZT:获得不到条件的时候,暂时不抛出异常,而是不返回数据
|
||||||
log.warn("[getExpression][LoginUser({}) Table({}/{}) DeptDataPermission({}) 构建的条件为空]",
|
log.warn("[getExpression][LoginUser({}) Table({}/{}) DeptDataPermission({}) 构建的条件为空]",
|
||||||
@@ -241,7 +257,7 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
|||||||
new ParenthesedExpressionList(new ExpressionList<LongValue>(CollectionUtils.convertList(deptIds, LongValue::new))));
|
new ParenthesedExpressionList(new ExpressionList<LongValue>(CollectionUtils.convertList(deptIds, LongValue::new))));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Expression buildUserExpression(String tableName, Alias tableAlias, Boolean self, Long userId) {
|
private Expression buildUserExpression(String tableName, Alias tableAlias, Boolean self, Long userId, String workCode) {
|
||||||
// 如果不查看自己,则无需作为条件
|
// 如果不查看自己,则无需作为条件
|
||||||
if (Boolean.FALSE.equals(self)) {
|
if (Boolean.FALSE.equals(self)) {
|
||||||
return null;
|
return null;
|
||||||
@@ -250,8 +266,13 @@ public class DeptDataPermissionRule implements DataPermissionRule {
|
|||||||
if (StrUtil.isEmpty(columnName)) {
|
if (StrUtil.isEmpty(columnName)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
// 拼接条件
|
// 拼接条件
|
||||||
return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(userId));
|
if (StrUtil.isBlank(workCode)) {
|
||||||
|
return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(userId));
|
||||||
|
} else {
|
||||||
|
return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new StringValue(workCode));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// ==================== 添加配置 ====================
|
// ==================== 添加配置 ====================
|
||||||
|
|||||||
@@ -11,6 +11,7 @@ import com.zt.plat.framework.security.core.LoginUser;
|
|||||||
import com.zt.plat.framework.security.core.util.SecurityFrameworkUtils;
|
import com.zt.plat.framework.security.core.util.SecurityFrameworkUtils;
|
||||||
import com.zt.plat.framework.web.core.util.WebFrameworkUtils;
|
import com.zt.plat.framework.web.core.util.WebFrameworkUtils;
|
||||||
import jakarta.annotation.Resource;
|
import jakarta.annotation.Resource;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.ibatis.reflection.MetaObject;
|
import org.apache.ibatis.reflection.MetaObject;
|
||||||
import org.springframework.context.annotation.Lazy;
|
import org.springframework.context.annotation.Lazy;
|
||||||
import org.springframework.util.ReflectionUtils;
|
import org.springframework.util.ReflectionUtils;
|
||||||
@@ -48,14 +49,16 @@ public class DefaultDBFieldHandler implements MetaObjectHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Long userId = getUserId();
|
Long userId = getUserId();
|
||||||
|
String userWorkCode = SecurityFrameworkUtils.getLoginUserWorkCode();
|
||||||
|
String savedUserWorkCodeOrUserId = StringUtils.isNotEmpty(userWorkCode) ? userWorkCode : userId == null ? null : userId.toString();
|
||||||
String userNickname = SecurityFrameworkUtils.getLoginUserNickname();
|
String userNickname = SecurityFrameworkUtils.getLoginUserNickname();
|
||||||
// 当前登录用户不为空,创建人为空,则当前登录用户为创建人
|
// 当前登录用户不为空,创建人为空,则当前登录用户为创建人
|
||||||
if (Objects.nonNull(userId) && Objects.isNull(baseDO.getCreator())) {
|
if (Objects.nonNull(userId) && Objects.isNull(baseDO.getCreator())) {
|
||||||
baseDO.setCreator(userId.toString());
|
baseDO.setCreator(savedUserWorkCodeOrUserId);
|
||||||
}
|
}
|
||||||
// 当前登录用户不为空,更新人为空,则当前登录用户为更新人
|
// 当前登录用户不为空,更新人为空,则当前登录用户为更新人
|
||||||
if (Objects.nonNull(userId) && Objects.isNull(baseDO.getUpdater())) {
|
if (Objects.nonNull(userId) && Objects.isNull(baseDO.getUpdater())) {
|
||||||
baseDO.setUpdater(userId.toString());
|
baseDO.setUpdater(savedUserWorkCodeOrUserId);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (Objects.nonNull(metaObject) && metaObject.getOriginalObject() instanceof BusinessBaseDO businessBaseDO) {
|
if (Objects.nonNull(metaObject) && metaObject.getOriginalObject() instanceof BusinessBaseDO businessBaseDO) {
|
||||||
|
|||||||
@@ -31,6 +31,9 @@ public class LoginUser {
|
|||||||
// 用户关联的岗位信息
|
// 用户关联的岗位信息
|
||||||
public static final String INFO_KEY_POST_IDS = "postIds";
|
public static final String INFO_KEY_POST_IDS = "postIds";
|
||||||
|
|
||||||
|
// 工号
|
||||||
|
public static final String INFO_KEY_WORK_CODE = "workCode";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 用户编号
|
* 用户编号
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -15,6 +15,7 @@ import org.springframework.security.web.authentication.WebAuthenticationDetailsS
|
|||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 安全服务工具类
|
* 安全服务工具类
|
||||||
@@ -93,6 +94,19 @@ public class SecurityFrameworkUtils {
|
|||||||
return loginUser != null ? loginUser.getVisitCompanyId() : null;
|
return loginUser != null ? loginUser.getVisitCompanyId() : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Nullable
|
||||||
|
public static String getLoginUserWorkCode() {
|
||||||
|
LoginUser loginUser = getLoginUser();
|
||||||
|
if (loginUser == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
Map<String, String> info = loginUser.getInfo();
|
||||||
|
if (info == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return MapUtil.getStr(info, LoginUser.INFO_KEY_WORK_CODE);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获得当前用户的编号,从上下文中
|
* 获得当前用户的编号,从上下文中
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -215,6 +215,7 @@ public class OAuth2TokenServiceImpl implements OAuth2TokenService {
|
|||||||
.put(LoginUser.INFO_KEY_TENANT_ID, user.getTenantId().toString())
|
.put(LoginUser.INFO_KEY_TENANT_ID, user.getTenantId().toString())
|
||||||
.put(LoginUser.INFO_KEY_USERNAME, user.getUsername())
|
.put(LoginUser.INFO_KEY_USERNAME, user.getUsername())
|
||||||
.put(LoginUser.INFO_KEY_PHONE, user.getMobile())
|
.put(LoginUser.INFO_KEY_PHONE, user.getMobile())
|
||||||
|
.put(LoginUser.INFO_KEY_WORK_CODE, user.getWorkcode())
|
||||||
.put(LoginUser.INFO_KEY_POST_IDS, CollUtil.isEmpty(user.getPostIds()) ? "[]" : JsonUtils.toJsonString(user.getPostIds()))
|
.put(LoginUser.INFO_KEY_POST_IDS, CollUtil.isEmpty(user.getPostIds()) ? "[]" : JsonUtils.toJsonString(user.getPostIds()))
|
||||||
.build();
|
.build();
|
||||||
} else if (userType.equals(UserTypeEnum.MEMBER.getValue())) {
|
} else if (userType.equals(UserTypeEnum.MEMBER.getValue())) {
|
||||||
|
|||||||
Reference in New Issue
Block a user