You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
package com.gaotao.common.aspect;
import com.gaotao.common.annotation.DataScope;import com.gaotao.common.utils.StringUtils;import com.gaotao.core.domain.BaseEntity;import com.gaotao.modules.sys.entity.SysUserEntity;import org.apache.shiro.SecurityUtils;import org.aspectj.lang.JoinPoint;import org.aspectj.lang.annotation.Aspect;import org.aspectj.lang.annotation.Before;import org.springframework.stereotype.Component;
/** * 数据过滤处理 */@Aspect@Componentpublic class DataScopeAspect {
/** * 数据权限过滤关键字 */ public static final String DATA_SCOPE = "dataScope";
@Before("@annotation(dataScope)") public void doBefore(JoinPoint joinPoint, DataScope dataScope) { clearDataScope(joinPoint); handleDataScope(joinPoint, dataScope); }
protected void handleDataScope(final JoinPoint joinPoint, DataScope dataScope) { //获取当前登录用户部门id
SysUserEntity currentUser = (SysUserEntity) SecurityUtils.getSubject().getPrincipal(); String site = currentUser.getSite();
StringBuilder sqlString = new StringBuilder();
if(currentUser.isAdmin()){ return; } //判断参数类型,分别处理,部门分类
if (StringUtils.isNotEmpty(dataScope.deptAlias())) { sqlString.append("CHARINDEX(" + dataScope.deptAlias() + ".site, '" + site + "')>0"); } //判断参数类型,分别处理,用户分类
if (StringUtils.isNotBlank(sqlString.toString())) { Object params = joinPoint.getArgs()[0]; if (StringUtils.isNotNull(params) && params instanceof BaseEntity) { BaseEntity baseEntity = (BaseEntity) params; baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString + ")"); } } }
/** * 拼接权限sql前先清空params.dataScope参数防止注入 */ private void clearDataScope(final JoinPoint joinPoint) { Object params = joinPoint.getArgs()[0]; if (StringUtils.isNotNull(params) && params instanceof BaseEntity) { BaseEntity baseEntity = (BaseEntity) params; baseEntity.getParams().put(DATA_SCOPE, ""); } }}
|
