diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/DataPermission.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/DataPermission.java new file mode 100644 index 000000000..136c6b09e --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/config/DataPermission.java @@ -0,0 +1,35 @@ +package cn.iocoder.yudao.framework.datapermission.config; + +import cn.iocoder.yudao.framework.datapermission.core.rule.DataPermissionRule; + +import java.lang.annotation.*; + +/** + * 数据权限注解 + * 可声明在类或者方法上,标识使用的数据权限规则 + * + * @author 芋道源码 + */ +@Target({ElementType.TYPE, ElementType.METHOD}) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface DataPermission { + + /** + * 当前类或方法是否开启数据权限 + * 即使不添加 @DataPermission 注解,默认是开启状态 + * 可通过设置 enable 为 false 禁用 + */ + boolean enable() default true; + + /** + * 生效的数据权限规则数组,优先级高于 {@link #excludeRules()} + */ + Class[] includeRules() default {}; + + /** + * 排除的数据权限规则数组,优先级最低 + */ + Class[] excludeRules() default {}; + +} diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/interceptor/DataPermissionInterceptor.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/interceptor/DataPermissionInterceptor.java index 80d460743..f9f8943d9 100644 --- a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/interceptor/DataPermissionInterceptor.java +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/interceptor/DataPermissionInterceptor.java @@ -24,7 +24,6 @@ import org.apache.ibatis.session.ResultHandler; import org.apache.ibatis.session.RowBounds; import java.sql.Connection; -import java.sql.SQLException; import java.util.Collection; import java.util.Deque; import java.util.LinkedList; @@ -35,9 +34,11 @@ public class DataPermissionInterceptor extends JsqlParserSupport implements Inne // private TenantLineHandler tenantLineHandler; @Override - public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException { + public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) { + // TODO 芋艿:这个判断,后续读懂下 if (InterceptorIgnoreHelper.willIgnoreTenantLine(ms.getId())) return; PluginUtils.MPBoundSql mpBs = PluginUtils.mpBoundSql(boundSql); + // TODO 芋艿:null=》DataScope mpBs.sql(parserSingle(mpBs.sql(), null)); } @@ -123,20 +124,6 @@ public class DataPermissionInterceptor extends JsqlParserSupport implements Inne return equalsTo; } - /** - * 追加 SelectItem - * - * @param selectItems SelectItem - */ - protected void appendSelectItem(List selectItems) { - if (CollectionUtils.isEmpty(selectItems)) return; - if (selectItems.size() == 1) { - SelectItem item = selectItems.get(0); - if (item instanceof AllColumns || item instanceof AllTableColumns) return; - } - selectItems.add(new SelectExpressionItem(new Column(getTenantIdColumn()))); - } - /** * 处理 PlainSelect */ @@ -377,12 +364,6 @@ public class DataPermissionInterceptor extends JsqlParserSupport implements Inne return new Column(column.toString()); } -// @Override -// public void setProperties(Properties properties) { -// PropertyMapper.newInstance(properties).whenNotBlank("tenantLineHandler", -// ClassUtils::newInstance, this::setTenantLineHandler); -// } - // TODO 芋艿:未实现 private boolean ignoreTable(String tableName) { diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/DataPermissionRule.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/DataPermissionRule.java new file mode 100644 index 000000000..2bccde85f --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/DataPermissionRule.java @@ -0,0 +1,36 @@ +package cn.iocoder.yudao.framework.datapermission.core.rule; + +import com.baomidou.mybatisplus.core.metadata.TableInfoHelper; +import net.sf.jsqlparser.expression.Alias; +import net.sf.jsqlparser.expression.Expression; + +import java.util.Set; + +/** + * 数据权限规则接口 + * 通过实现接口,自定义数据规则。例如说, + * + * @author 芋道源码 + */ +public interface DataPermissionRule { + + /** + * 返回需要生效的表名数组 + * 为什么需要该方法?Data Permission 数组基于 SQL 重写,通过 Where 返回只有权限的数据 + * + * 如果需要基于实体名获得表名,可调用 {@link TableInfoHelper#getTableInfo(Class)} 获得 + * + * @return 表名数组 + */ + Set getTableNames(); + + /** + * 根据表名和别名,生成对应的 WHERE / OR 过滤条件 + * + * @param tableName 表名 + * @param tableAlias 别名,可能为空 + * @return 过滤条件 Expression 表达式 + */ + Expression getExpression(String tableName, Alias tableAlias); + +} diff --git a/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/DataPermissionRuleFactory.java b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/DataPermissionRuleFactory.java new file mode 100644 index 000000000..f0191cbc3 --- /dev/null +++ b/yudao-framework/yudao-spring-boot-starter-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/DataPermissionRuleFactory.java @@ -0,0 +1,9 @@ +package cn.iocoder.yudao.framework.datapermission.core.rule; + +/** + * {@link DataPermissionRule} 工厂接口,提供如下能力: + * 1. {@link DataPermissionRule} 的容器 + * 2. TODO 芋艿: + */ +public interface DataPermissionRuleFactory { +}