diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/DeptDataPermissionService.java b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/DeptDataPermissionService.java deleted file mode 100644 index c7e44437f..000000000 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/DeptDataPermissionService.java +++ /dev/null @@ -1,21 +0,0 @@ -package cn.iocoder.yudao.adminserver.framework.datapermission.core.service; - -import cn.iocoder.yudao.adminserver.framework.datapermission.core.service.dto.DeptDataPermissionRespDTO; -import cn.iocoder.yudao.framework.security.core.LoginUser; - -/** - * 基于部门的数据权限 Service 接口 - * - * @author 芋道源码 - */ -public interface DeptDataPermissionService { - - /** - * 获得登陆用户的部门数据权限 - * - * @param loginUser 登陆用户 - * @return 部门数据权限 - */ - DeptDataPermissionRespDTO getDeptDataPermission(LoginUser loginUser); - -} diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/impl/DeptDataPermissionServiceImpl.java b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/impl/DeptDataPermissionServiceImpl.java deleted file mode 100644 index b02c7e239..000000000 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/impl/DeptDataPermissionServiceImpl.java +++ /dev/null @@ -1,88 +0,0 @@ -package cn.iocoder.yudao.adminserver.framework.datapermission.core.service.impl; - -import cn.hutool.core.collection.CollUtil; -import cn.iocoder.yudao.adminserver.framework.datapermission.core.service.DeptDataPermissionService; -import cn.iocoder.yudao.adminserver.framework.datapermission.core.service.dto.DeptDataPermissionRespDTO; -import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysDeptDO; -import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.permission.SysRoleDO; -import cn.iocoder.yudao.adminserver.modules.system.service.dept.SysDeptService; -import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysRoleService; -import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils; -import cn.iocoder.yudao.framework.common.util.json.JsonUtils; -import cn.iocoder.yudao.framework.security.core.LoginUser; -import cn.iocoder.yudao.framework.security.core.enums.DataScopeEnum; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; - -import java.util.List; -import java.util.Objects; - -/** - * 基于部门的数据权限 Service 实现类 - * - * @author 芋道源码 - */ -@RequiredArgsConstructor -@Slf4j -public class DeptDataPermissionServiceImpl implements DeptDataPermissionService { - - /** - * LoginUser 的 Context 缓存 Key - */ - private static final String CONTEXT_KEY = DeptDataPermissionServiceImpl.class.getSimpleName(); - - private final SysRoleService roleService; - private final SysDeptService deptService; - - @Override - public DeptDataPermissionRespDTO getDeptDataPermission(LoginUser loginUser) { - // 判断是否 context 已经缓存 - DeptDataPermissionRespDTO result = loginUser.getContext(CONTEXT_KEY, DeptDataPermissionRespDTO.class); - if (result != null) { - return result; - } - - // 创建 DeptDataPermissionRespDTO 对象 - result = new DeptDataPermissionRespDTO(); - List roles = roleService.getRolesFromCache(loginUser.getRoleIds()); - for (SysRoleDO role : roles) { - // 为空时,跳过 - if (role.getDataScope() == null) { - continue; - } - // 情况一,ALL - if (Objects.equals(role.getDataScope(), DataScopeEnum.ALL.getScope())) { - result.setAll(true); - continue; - } - // 情况二,DEPT_CUSTOM - if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_CUSTOM.getScope())) { - CollUtil.addAll(result.getDeptIds(), role.getDataScopeDeptIds()); - continue; - } - // 情况三,DEPT_ONLY - if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_ONLY.getScope())) { - CollectionUtils.addIfNotNull(result.getDeptIds(), loginUser.getDeptId()); - continue; - } - // 情况四,DEPT_DEPT_AND_CHILD - if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_AND_CHILD.getScope())) { - List depts = deptService.getDeptsByParentIdFromCache(loginUser.getDeptId(), true); - CollUtil.addAll(result.getDeptIds(), CollectionUtils.convertList(depts, SysDeptDO::getId)); - continue; - } - // 情况五,SELF - if (Objects.equals(role.getDataScope(), DataScopeEnum.SELF.getScope())) { - result.setSelf(true); - continue; - } - // 未知情况,error log 即可 - log.error("[getDeptDataPermission][LoginUser({}) role({}) 无法处理]", loginUser.getId(), JsonUtils.toJsonString(result)); - } - - // 添加到缓存,并返回 - loginUser.setContext(CONTEXT_KEY, result); - return null; - } - -} diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/controller/user/SysUserController.http b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/controller/user/SysUserController.http index 87283759d..ce138afcd 100644 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/controller/user/SysUserController.http +++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/controller/user/SysUserController.http @@ -1,3 +1,4 @@ ### 请求 /system/user/page 接口 => 没有权限 GET {{baseUrl}}/system/user/page?pageNo=1&pageSize=10 -Authorization: Bearer test104 # 使用测试账号 +Authorization: Bearer test1 # 使用测试账号 +tenant-id: 1 diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/framework/datapermission/config/SysDataPermissionConfiguration.java b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/framework/datapermission/config/SysDataPermissionConfiguration.java new file mode 100644 index 000000000..20f2e1602 --- /dev/null +++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/framework/datapermission/config/SysDataPermissionConfiguration.java @@ -0,0 +1,25 @@ +package cn.iocoder.yudao.adminserver.modules.system.framework.datapermission.config; + +import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysDeptDO; +import cn.iocoder.yudao.coreservice.modules.system.dal.dataobject.user.SysUserDO; +import cn.iocoder.yudao.framework.datapermission.core.dept.rule.DeptDataPermissionRuleCustomizer; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +/** + * system 模块的数据权限 Configuration + * + * @author 芋道源码 + */ +@Configuration +public class SysDataPermissionConfiguration { + + @Bean + public DeptDataPermissionRuleCustomizer sysDeptDataPermissionRuleCustomizer() { + return rule -> { + rule.addDeptColumn(SysUserDO.class); + rule.addDeptColumn(SysDeptDO.class, "id"); + }; + } + +} diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/framework/datapermission/package-info.java b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/framework/datapermission/package-info.java new file mode 100644 index 000000000..cdd6173e2 --- /dev/null +++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/framework/datapermission/package-info.java @@ -0,0 +1,4 @@ +/** + * system 模块的数据权限配置 + */ +package cn.iocoder.yudao.adminserver.modules.system.framework.datapermission; diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/SysPermissionService.java b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/SysPermissionService.java index e159f95be..883a11f4f 100644 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/SysPermissionService.java +++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/SysPermissionService.java @@ -1,5 +1,6 @@ package cn.iocoder.yudao.adminserver.modules.system.service.permission; +import cn.iocoder.yudao.framework.datapermission.core.dept.service.DeptDataPermissionFrameworkService; import cn.iocoder.yudao.framework.security.core.service.SecurityPermissionFrameworkService; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.permission.SysMenuDO; import org.springframework.lang.Nullable; @@ -15,7 +16,7 @@ import java.util.Set; * * @author 芋道源码 */ -public interface SysPermissionService extends SecurityPermissionFrameworkService { +public interface SysPermissionService extends SecurityPermissionFrameworkService, DeptDataPermissionFrameworkService { /** * 初始化权限的本地缓存 diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/impl/SysPermissionServiceImpl.java b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/impl/SysPermissionServiceImpl.java index b4eb2cb34..dd4d3be2f 100644 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/impl/SysPermissionServiceImpl.java +++ b/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/modules/system/service/permission/impl/SysPermissionServiceImpl.java @@ -3,19 +3,25 @@ package cn.iocoder.yudao.adminserver.modules.system.service.permission.impl; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.ArrayUtil; -import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; -import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.permission.SysRoleMenuMapper; -import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.permission.SysUserRoleMapper; +import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.dept.SysDeptDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.permission.SysMenuDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.permission.SysRoleDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.permission.SysRoleMenuDO; import cn.iocoder.yudao.adminserver.modules.system.dal.dataobject.permission.SysUserRoleDO; +import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.permission.SysRoleMenuMapper; +import cn.iocoder.yudao.adminserver.modules.system.dal.mysql.permission.SysUserRoleMapper; import cn.iocoder.yudao.adminserver.modules.system.mq.producer.permission.SysPermissionProducer; +import cn.iocoder.yudao.adminserver.modules.system.service.dept.SysDeptService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysMenuService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysPermissionService; import cn.iocoder.yudao.adminserver.modules.system.service.permission.SysRoleService; import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils; import cn.iocoder.yudao.framework.common.util.collection.MapUtils; +import cn.iocoder.yudao.framework.common.util.json.JsonUtils; +import cn.iocoder.yudao.framework.datapermission.core.dept.service.dto.DeptDataPermissionRespDTO; +import cn.iocoder.yudao.framework.security.core.LoginUser; +import cn.iocoder.yudao.framework.security.core.enums.DataScopeEnum; +import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import com.google.common.collect.ImmutableMultimap; import com.google.common.collect.Multimap; import com.google.common.collect.Sets; @@ -39,6 +45,11 @@ import java.util.*; @Slf4j public class SysPermissionServiceImpl implements SysPermissionService { + /** + * LoginUser 的 Context 缓存 Key + */ + private static final String CONTEXT_KEY = SysPermissionServiceImpl.class.getSimpleName(); + /** * 定时执行 {@link #schedulePeriodicRefresh()} 的周期 * 因为已经通过 Redis Pub/Sub 机制,所以频率不需要高 @@ -75,6 +86,8 @@ public class SysPermissionServiceImpl implements SysPermissionService { private SysRoleService roleService; @Resource private SysMenuService menuService; + @Resource + private SysDeptService deptService; @Resource private SysPermissionProducer permissionProducer; @@ -329,4 +342,58 @@ public class SysPermissionServiceImpl implements SysPermissionService { return CollUtil.containsAny(userRoles, Sets.newHashSet(roles)); } + @Override + public DeptDataPermissionRespDTO getDeptDataPermission(LoginUser loginUser) { + // 判断是否 context 已经缓存 + DeptDataPermissionRespDTO result = loginUser.getContext(CONTEXT_KEY, DeptDataPermissionRespDTO.class); + if (result != null) { + return result; + } + + // 创建 DeptDataPermissionRespDTO 对象 + result = new DeptDataPermissionRespDTO(); + List roles = roleService.getRolesFromCache(loginUser.getRoleIds()); + for (SysRoleDO role : roles) { + // 为空时,跳过 + if (role.getDataScope() == null) { + continue; + } + // 情况一,ALL + if (Objects.equals(role.getDataScope(), DataScopeEnum.ALL.getScope())) { + result.setAll(true); + continue; + } + // 情况二,DEPT_CUSTOM + if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_CUSTOM.getScope())) { + CollUtil.addAll(result.getDeptIds(), role.getDataScopeDeptIds()); + // 自定义可见部门时,保证可以看到自己所在的部门。否则,一些场景下可能会有问题。 + // 例如说,登录时,基于 t_user 的 username 查询会可能被 dept_id 过滤掉 + CollUtil.addAll(result.getDeptIds(), loginUser.getDeptId()); + continue; + } + // 情况三,DEPT_ONLY + if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_ONLY.getScope())) { + CollectionUtils.addIfNotNull(result.getDeptIds(), loginUser.getDeptId()); + continue; + } + // 情况四,DEPT_DEPT_AND_CHILD + if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_AND_CHILD.getScope())) { + List depts = deptService.getDeptsByParentIdFromCache(loginUser.getDeptId(), true); + CollUtil.addAll(result.getDeptIds(), CollectionUtils.convertList(depts, SysDeptDO::getId)); + continue; + } + // 情况五,SELF + if (Objects.equals(role.getDataScope(), DataScopeEnum.SELF.getScope())) { + result.setSelf(true); + continue; + } + // 未知情况,error log 即可 + log.error("[getDeptDataPermission][LoginUser({}) role({}) 无法处理]", loginUser.getId(), JsonUtils.toJsonString(result)); + } + + // 添加到缓存,并返回 + loginUser.setContext(CONTEXT_KEY, result); + return result; + } + } diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/pom.xml b/yudao-framework/yudao-spring-boot-starter-data-permission/pom.xml index fac3234c1..15b0615c1 100644 --- a/yudao-framework/yudao-spring-boot-starter-data-permission/pom.xml +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/pom.xml @@ -21,6 +21,13 @@ yudao-common + + + cn.iocoder.boot + yudao-spring-boot-starter-security + true + + cn.iocoder.boot diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/DataPermissionAutoConfiguration.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/YudaoDataPermissionAutoConfiguration.java similarity index 97% rename from yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/DataPermissionAutoConfiguration.java rename to yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/YudaoDataPermissionAutoConfiguration.java index 44bd502a2..609e8a34b 100644 --- a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/DataPermissionAutoConfiguration.java +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/YudaoDataPermissionAutoConfiguration.java @@ -18,7 +18,7 @@ import java.util.List; * @author 芋道源码 */ @Configuration -public class DataPermissionAutoConfiguration { +public class YudaoDataPermissionAutoConfiguration { @Bean public DataPermissionRuleFactory dataPermissionRuleFactory(List rules) { diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/YudaoDeptDataPermissionAutoConfiguration.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/YudaoDeptDataPermissionAutoConfiguration.java new file mode 100644 index 000000000..b66c17674 --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/YudaoDeptDataPermissionAutoConfiguration.java @@ -0,0 +1,34 @@ +package cn.iocoder.yudao.framework.datapermission.config; + +import cn.iocoder.yudao.framework.datapermission.core.dept.rule.DeptDataPermissionRule; +import cn.iocoder.yudao.framework.datapermission.core.dept.rule.DeptDataPermissionRuleCustomizer; +import cn.iocoder.yudao.framework.datapermission.core.dept.service.DeptDataPermissionFrameworkService; +import cn.iocoder.yudao.framework.security.core.LoginUser; +import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; +import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.List; + +/** + * 基于部门的数据权限 AutoConfiguration + * + * @author 芋道源码 + */ +@Configuration +@ConditionalOnClass(LoginUser.class) +@ConditionalOnBean(value = {DeptDataPermissionFrameworkService.class, DeptDataPermissionRuleCustomizer.class}) +public class YudaoDeptDataPermissionAutoConfiguration { + + @Bean + public DeptDataPermissionRule deptDataPermissionRule(DeptDataPermissionFrameworkService service, + List customizers) { + // 创建 DeptDataPermissionRule 对象 + DeptDataPermissionRule rule = new DeptDataPermissionRule(service); + // 补全表配置 + customizers.forEach(customizer -> customizer.customize(rule)); + return rule; + } + +} diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/package-info.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/package-info.java new file mode 100644 index 000000000..20daa85c5 --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/package-info.java @@ -0,0 +1,6 @@ +/** + * 基于部门的数据权限规则 + * + * @author 芋道源码 + */ +package cn.iocoder.yudao.framework.datapermission.core.dept; diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/rule/DeptDataPermissionRule.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/rule/DeptDataPermissionRule.java similarity index 84% rename from yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/rule/DeptDataPermissionRule.java rename to yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/rule/DeptDataPermissionRule.java index ed5c2b9cf..0bbb1ba9f 100644 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/rule/DeptDataPermissionRule.java +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/rule/DeptDataPermissionRule.java @@ -1,9 +1,9 @@ -package cn.iocoder.yudao.adminserver.framework.datapermission.core.rule; +package cn.iocoder.yudao.framework.datapermission.core.dept.rule; import cn.hutool.core.collection.CollUtil; import cn.hutool.core.util.StrUtil; -import cn.iocoder.yudao.adminserver.framework.datapermission.core.service.DeptDataPermissionService; -import cn.iocoder.yudao.adminserver.framework.datapermission.core.service.dto.DeptDataPermissionRespDTO; +import cn.iocoder.yudao.framework.datapermission.core.dept.service.DeptDataPermissionFrameworkService; +import cn.iocoder.yudao.framework.datapermission.core.dept.service.dto.DeptDataPermissionRespDTO; import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils; import cn.iocoder.yudao.framework.common.util.json.JsonUtils; import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule; @@ -51,7 +51,7 @@ public class DeptDataPermissionRule implements DataPermissionRule { private static final String DEPT_COLUMN_NAME = "dept_id"; private static final String USER_COLUMN_NAME = "user_id"; - private final DeptDataPermissionService deptDataPermissionService; + private final DeptDataPermissionFrameworkService deptDataPermissionService; /** * 基于部门的表字段配置 @@ -60,7 +60,7 @@ public class DeptDataPermissionRule implements DataPermissionRule { * key:表名 * value:字段名 */ - private final Map DEPT_TABLE_CONFIG = new HashMap<>(); + private final Map deptColumns = new HashMap<>(); /** * 基于用户的表字段配置 * 一般情况下,每个表的部门编号字段是 dept_id,通过该配置自定义。 @@ -68,9 +68,9 @@ public class DeptDataPermissionRule implements DataPermissionRule { * key:表名 * value:字段名 */ - private final Map USER_TABLE_CONFIG = new HashMap<>(); + private final Map userColumns = new HashMap<>(); /** - * 所有表名,是 {@link #DEPT_TABLE_CONFIG} 和 {@link #USER_TABLE_CONFIG} 的合集 + * 所有表名,是 {@link #deptColumns} 和 {@link #userColumns} 的合集 */ private final Set TABLE_NAMES = new HashSet<>(); @@ -126,7 +126,7 @@ public class DeptDataPermissionRule implements DataPermissionRule { private Expression buildDeptExpression(String tableName, Alias tableAlias, Set deptIds) { // 如果不存在配置,则无需作为条件 - String columnName = DEPT_TABLE_CONFIG.get(tableName); + String columnName = deptColumns.get(tableName); if (StrUtil.isEmpty(columnName)) { return null; } @@ -140,7 +140,7 @@ public class DeptDataPermissionRule implements DataPermissionRule { if (Boolean.FALSE.equals(self)) { return null; } - String columnName = USER_TABLE_CONFIG.get(tableName); + String columnName = userColumns.get(tableName); if (StrUtil.isEmpty(columnName)) { return null; } @@ -150,23 +150,23 @@ public class DeptDataPermissionRule implements DataPermissionRule { // ==================== 添加配置 ==================== - public void addDeptTableConfig(Class entityClass) { - addDeptTableConfig(entityClass, DEPT_COLUMN_NAME); + public void addDeptColumn(Class entityClass) { + addDeptColumn(entityClass, DEPT_COLUMN_NAME); } - public void addDeptTableConfig(Class entityClass, String columnName) { + public void addDeptColumn(Class entityClass, String columnName) { String tableName = TableInfoHelper.getTableInfo(entityClass).getTableName(); - DEPT_TABLE_CONFIG.put(tableName, columnName); + deptColumns.put(tableName, columnName); TABLE_NAMES.add(tableName); } - public void addUserTableConfig(Class entityClass) { - addUserTableConfig(entityClass, DEPT_COLUMN_NAME); + public void addUserColumn(Class entityClass) { + addUserColumn(entityClass, USER_COLUMN_NAME); } - public void addUserTableConfig(Class entityClass, String columnName) { + public void addUserColumn(Class entityClass, String columnName) { String tableName = TableInfoHelper.getTableInfo(entityClass).getTableName(); - USER_TABLE_CONFIG.put(tableName, columnName); + userColumns.put(tableName, columnName); TABLE_NAMES.add(tableName); } diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/rule/DeptDataPermissionRuleCustomizer.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/rule/DeptDataPermissionRuleCustomizer.java new file mode 100644 index 000000000..5341ee5e4 --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/rule/DeptDataPermissionRuleCustomizer.java @@ -0,0 +1,20 @@ +package cn.iocoder.yudao.framework.datapermission.core.dept.rule; + +/** + * {@link DeptDataPermissionRule} 的自定义配置接口 + * + * @author 芋道源码 + */ +@FunctionalInterface +public interface DeptDataPermissionRuleCustomizer { + + /** + * 自定义该权限规则 + * 1. 调用 {@link DeptDataPermissionRule#addDeptColumn(Class, String)} 方法,配置基于 dept_id 的过滤规则 + * 2. 调用 {@link DeptDataPermissionRule#addUserColumn(Class, String)} 方法,配置基于 user_id 的过滤规则 + * + * @param rule 权限规则 + */ + void customize(DeptDataPermissionRule rule); + +} diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/service/DeptDataPermissionFrameworkService.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/service/DeptDataPermissionFrameworkService.java new file mode 100644 index 000000000..3ee616755 --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/service/DeptDataPermissionFrameworkService.java @@ -0,0 +1,22 @@ +package cn.iocoder.yudao.framework.datapermission.core.dept.service; + +import cn.iocoder.yudao.framework.datapermission.core.dept.service.dto.DeptDataPermissionRespDTO; +import cn.iocoder.yudao.framework.security.core.LoginUser; + +/** + * 基于部门的数据权限 Framework Service 接口 + * 目前的实现类是 SysPermissionServiceImpl 类 + * + * @author 芋道源码 + */ +public interface DeptDataPermissionFrameworkService { + + /** + * 获得登陆用户的部门数据权限 + * + * @param loginUser 登陆用户 + * @return 部门数据权限 + */ + DeptDataPermissionRespDTO getDeptDataPermission(LoginUser loginUser); + +} diff --git a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/dto/DeptDataPermissionRespDTO.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/service/dto/DeptDataPermissionRespDTO.java similarity index 81% rename from yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/dto/DeptDataPermissionRespDTO.java rename to yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/service/dto/DeptDataPermissionRespDTO.java index 3aa3aba51..897fb226a 100644 --- a/yudao-admin-server/src/main/java/cn/iocoder/yudao/adminserver/framework/datapermission/core/service/dto/DeptDataPermissionRespDTO.java +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/dept/service/dto/DeptDataPermissionRespDTO.java @@ -1,10 +1,8 @@ -package cn.iocoder.yudao.adminserver.framework.datapermission.core.service.dto; +package cn.iocoder.yudao.framework.datapermission.core.dept.service.dto; import lombok.Data; -import java.util.ArrayList; import java.util.HashSet; -import java.util.List; import java.util.Set; /** diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/resources/META-INF/spring.factories b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/resources/META-INF/spring.factories index 51af3a28e..1a4c029c9 100644 --- a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/resources/META-INF/spring.factories +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/resources/META-INF/spring.factories @@ -1,2 +1,3 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - cn.iocoder.yudao.framework.datapermission.config.DataPermissionAutoConfiguration + cn.iocoder.yudao.framework.datapermission.config.YudaoDataPermissionAutoConfiguration,\ + cn.iocoder.yudao.framework.datapermission.config.YudaoDeptDataPermissionAutoConfiguration diff --git a/yudao-framework/yudao-spring-boot-starter-tenant/pom.xml b/yudao-framework/yudao-spring-boot-starter-tenant/pom.xml index e7d81f3d6..f7010cf9b 100644 --- a/yudao-framework/yudao-spring-boot-starter-tenant/pom.xml +++ b/yudao-framework/yudao-spring-boot-starter-tenant/pom.xml @@ -22,11 +22,6 @@ - - org.springframework.boot - spring-boot-starter-web - - cn.iocoder.boot yudao-spring-boot-starter-security