Skip to content

A
amos-boot-biz
Commit 1f5cc0ff authored by chenzhao's avatar chenzhao
Browse files
Options

权限修改 拦截器合并 注解废弃

parent 1c1540b1
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 532 deletions
amos-boot-system-jxiop/amos-boot-module-hygf-api/src/main/java/com/yeejoin/amos/boot/module/hygf/api/config/DealerRestrictInterceptor.java deleted 100644 → 0
View file @ 1c1540b1
package com.yeejoin.amos.boot.module.hygf.api.config;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
import com.yeejoin.amos.boot.biz.common.bo.ReginParams;
import com.yeejoin.amos.boot.biz.common.utils.RedisKey;
import com.yeejoin.amos.boot.biz.common.utils.RedisUtils;
import com.yeejoin.amos.boot.module.hygf.api.entity.StdUserEmpower;
import com.yeejoin.amos.feign.privilege.model.RoleModel;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import org.apache.commons.io.IOUtils;
import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.executor.statement.StatementHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.plugin.*;
import org.apache.ibatis.reflection.MetaObject;
import org.apache.ibatis.reflection.SystemMetaObject;
import org.apache.ibatis.session.ResultHandler;
import org.apache.ibatis.session.RowBounds;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.Resource;
import org.typroject.tyboot.core.foundation.context.RequestContext;
import org.typroject.tyboot.core.foundation.utils.ValidationUtil;
import org.typroject.tyboot.core.restful.exception.instance.BadRequest;
import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.sql.Connection;
import java.util.*;
import static com.alibaba.fastjson.JSON.parseArray;
@Intercepts({@Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class,
RowBounds.class, ResultHandler.class}), @Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})})
public class DealerRestrictInterceptor implements Interceptor {
private static final String ROLEFLAG="-经销商-";
@Value("classpath:/json/DealerRestrict.json")
private Resource paramsTree;
@Autowired
RedisUtils redisUtils;
@Override
public Object intercept(Invocation invocation) throws Throwable {
ReginParams reginParam = JSON.parseObject(redisUtils.get(RedisKey.buildReginKey(RequestContext.getExeUserId()
, RequestContext.getToken())).toString(), ReginParams.class);
String org= reginParam.getUserModel().getOrgNames();
//判断是否经销商,经销商跟管理端互斥
if(org.contains(ROLEFLAG)){
try {
StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget());
MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
//获取方法注解
Method method = getTargetDataAuthMethod(mappedStatement);
DealerRestrict dealerRestrict = getTargetDataAuthAnnotation(mappedStatement);
if (dealerRestrict == null) {
return invocation.proceed();
}
//获取字段
String[] filed = dealerRestrict.field();
//获取字段条件表达式
String[] fileCondition = dealerRestrict.fieldConditions();
//获取 参数之间关系
String fileBetweenCondition = dealerRestrict.relationship();
//获取参数值,
StdUserEmpower dataAuthRule =(StdUserEmpower) redisUtils.get("Emp_"+RedisKey.buildReginKey(RequestContext.getExeUserId(), RequestContext.getToken()));
String[] data = new String[]{String.join(",",dataAuthRule.getAmosOrgCode()),dataAuthRule.getRegionalCompaniesCode(),dataAuthRule.getUserId(),dataAuthRule.getAdminRegionalCompaniesCode()};
BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
List<String> sq ;
//获取sql
String sql = boundSql.getSql();
List<String> fileds = Arrays.asList(filed);
if (!ValidationUtil.isEmpty(dataAuthRule.getAdminRegionalCompaniesCode())) {
sq = selectSql(new String[]{fileds.get(0), fileds.get(1)}, fileCondition, Arrays.asList(data));
} else if (!ValidationUtil.isEmpty(dataAuthRule.getUserId())) {
sq = selectSql(new String[]{fileds.get(0), fileds.get(2)}, fileCondition, Arrays.asList(data));
} else {
sq = selectSql(new String[]{fileds.get(0), fileds.get(1)}, fileCondition, Arrays.asList(data));
}
String sqldata = " ";
if (sq != null && sq.size() > 0) {
if (fileCondition.length == 1) {
sqldata = sqldata + sq.get(0);
} else {
if (fileBetweenCondition != null && !fileBetweenCondition.isEmpty()) {
for (int i = 0; i < sq.size(); i++) {
if (i == sq.size() - 1) {
sqldata = sqldata + sq.get(i);
} else {
sqldata = sqldata + sq.get(i) + " " + fileBetweenCondition + " ";
}
}
} else {
sqldata = " ";
}
}
}
Select select = (Select) CCJSqlParserUtil.parse(sql);
PlainSelect selectBody = (PlainSelect) select.getSelectBody();
if (!ValidationUtil.isEmpty(sqldata.trim())) {
} else {
sqldata = " 1= 2 ";
}
if (ValidationUtil.isEmpty(selectBody.getWhere())) {
selectBody.setWhere(CCJSqlParserUtil.parseCondExpression(sqldata));
} else {
AndExpression andExpr = new AndExpression(selectBody.getWhere(), CCJSqlParserUtil.parseCondExpression(sqldata));
selectBody.setWhere(andExpr);
}
System.out.println(selectBody.toString());
metaObject.setValue("delegate.boundSql.sql", selectBody.toString());
} catch (Exception e) {
e.printStackTrace();
throw new BadRequest("权限认证失败!");
} finally {
}
}
return invocation.proceed();
}
@Override
public Object plugin(Object target) {
if (target instanceof StatementHandler) {
return Plugin.wrap(target, this);
}
return target;
}
@Override
public void setProperties(Properties properties) {
}
private List<String> selectSql(String[] filed, String[] fileCondition, List<String> data) {
List<String> sql = new ArrayList<>();
if (filed != null && filed.length > 0 && fileCondition != null && fileCondition.length > 0 && data != null && data.size() > 0) {
for (int i = 0; i < filed.length; i++) {
String sq = " ";
sq = getCondition(filed[i], fileCondition[i], data);
sql.add(sq);
}
}
return sql;
}
private String getCondition(String filed, String type, List<String> data) {
String sql = " ";
switch (type) {
case "in":
sql = sql + getInData(filed, data);
break;
case "like":
if (data.size() == 1) {
sql = sql + getlikeData(filed, data);
} else {
}
break;
case "likeLeft":
if (data.size() == 1) {
sql = sql + getlikeLeftData(filed, data);
} else {
}
break;
case "likeRight":
if (data.size() == 1) {
sql = sql + getlikeRightData(filed, data);
} else {
}
break;
case "eq":
if (data.size() == 1) {
sql = sql + getData(filed, data);
} else {
}
break;
}
return sql;
}
private String getInData(String filed, List<String> data) {
String sql = " ( ";
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + "'" + data.get(i) + "' ) ";
} else {
sql = sql + "'" + data.get(i) + "',";
}
}
return filed + " in " + sql;
}
private String getData(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + data.get(0);
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + data.get(i) + " ";
} else {
sql = sql + filed + " = " + data.get(i) + " and ";
;
}
}
}
return sql;
}
private String getlikeRightData(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + data.get(0) + "%";
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + data.get(i) + "%" + " ";
} else {
sql = sql + filed + " = " + data.get(i) + "%" + " and ";
}
}
}
return sql;
}
private String getlikeLeftData(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + "%" + data.get(0);
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + "%" + data.get(i) + " ";
} else {
sql = sql + filed + " = " + "%" + data.get(i) + " and ";
}
}
}
return sql;
}
private String getlikeData(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + "%" + data.get(0) + "%";
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + "%" + data.get(i) + "%" + " ";
} else {
sql = sql + filed + " = " + "%" + data.get(i) + "%" + " and ";
}
}
}
return sql;
}
/**
* 获取当前添加数据权限DataAuth的执行语句对应mapper方法
*
* @param mappedStatement
* @return
* @throws ClassNotFoundException
*/
private Method getTargetDataAuthMethod(MappedStatement mappedStatement) throws ClassNotFoundException {
String id = mappedStatement.getId();
String className = id.substring(0, id.lastIndexOf("."));
String methodName = id.substring(id.lastIndexOf(".") + 1);
final Class<?> cls = Class.forName(className);
final Method[] methods = cls.getMethods();
for (Method method : methods) {
// TODO 后续重载方法需要优化
if (method.getName().equals(methodName) && method.isAnnotationPresent(DealerRestrict.class)) {
return method;
}
}
return null;
}
/**
* 获取当前执行语句对应mapper方法的DataAuth注解
*
* @param mappedStatement
* @return
* @throws ClassNotFoundException
*/
private DealerRestrict getTargetDataAuthAnnotation(MappedStatement mappedStatement) throws ClassNotFoundException {
if (ValidationUtil.isEmpty(getTargetDataAuthMethod(mappedStatement))) {
return null;
}
return getTargetDataAuthMethod(mappedStatement).getAnnotation(DealerRestrict.class);
}
}
amos-boot-system-jxiop/amos-boot-module-hygf-api/src/main/java/com/yeejoin/amos/boot/module/hygf/api/config/UserEmpowerInterceptor.java
View file @ 1f5cc0ff
...@@ -39,7 +39,6 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -39,7 +39,6 @@ public class UserEmpowerInterceptor implements Interceptor {
@Autowired @Autowired
private RedisUtils redisUtils; private RedisUtils redisUtils;
private static final String ROLEFLAG="-经销商-";
...@@ -130,17 +129,16 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -130,17 +129,16 @@ public class UserEmpowerInterceptor implements Interceptor {
MetaObject metaObject = SystemMetaObject.forObject(statementHandler); MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement"); MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
//获取方法注解 //获取方法注解
Method method = getTargetDataAuthMethodJXS(mappedStatement); Method method = getTargetDataAuthMethod(mappedStatement);
DealerRestrict dealerRestrict = getTargetDataAuthAnnotationJXS(mappedStatement); UserEmpower userEmpower = getTargetDataAuthAnnotation(mappedStatement);
if (dealerRestrict == null) { if (userEmpower == null) {
return invocation.proceed(); return invocation.proceed();
} }
//获取字段 //获取字段
String[] filed = dealerRestrict.field(); String[] filed = userEmpower.dealerField();
//获取字段条件表达式 //获取字段条件表达式
String[] fileCondition = dealerRestrict.fieldConditions(); String[] fileCondition = userEmpower.fieldConditions();
//获取 参数之间关系
String fileBetweenCondition = dealerRestrict.relationship();
//获取参数值, //获取参数值,
StdUserEmpower dataAuthRule =(StdUserEmpower) redisUtils.get("Emp_"+RedisKey.buildReginKey(RequestContext.getExeUserId(), RequestContext.getToken())); StdUserEmpower dataAuthRule =(StdUserEmpower) redisUtils.get("Emp_"+RedisKey.buildReginKey(RequestContext.getExeUserId(), RequestContext.getToken()));
String[] data = new String[]{String.join(",",dataAuthRule.getAmosOrgCode()),dataAuthRule.getRegionalCompaniesCode(),dataAuthRule.getUserId(),dataAuthRule.getAdminRegionalCompaniesCode()}; String[] data = new String[]{String.join(",",dataAuthRule.getAmosOrgCode()),dataAuthRule.getRegionalCompaniesCode(),dataAuthRule.getUserId(),dataAuthRule.getAdminRegionalCompaniesCode()};
...@@ -167,18 +165,15 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -167,18 +165,15 @@ public class UserEmpowerInterceptor implements Interceptor {
sqldata = sqldata + sq.get(0); sqldata = sqldata + sq.get(0);
} else { } else {
if (fileBetweenCondition != null && !fileBetweenCondition.isEmpty()) {
for (int i = 0; i < sq.size(); i++) { for (int i = 0; i < sq.size(); i++) {
if (i == sq.size() - 1) { if (i == sq.size() - 1) {
sqldata = sqldata + sq.get(i); sqldata = sqldata + sq.get(i);
} else { } else {
sqldata = sqldata + sq.get(i) + " " + fileBetweenCondition + " "; sqldata = sqldata + sq.get(i) + " " + "and" + " ";
} }
} }
} else {
sqldata = " ";
}
} }
} }
...@@ -201,11 +196,6 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -201,11 +196,6 @@ public class UserEmpowerInterceptor implements Interceptor {
} }
}catch (Exception e){ }catch (Exception e){
e.printStackTrace(); e.printStackTrace();
throw new BadRequest("权限认证失败!"); throw new BadRequest("权限认证失败!");
...@@ -319,7 +309,6 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -319,7 +309,6 @@ public class UserEmpowerInterceptor implements Interceptor {
private String getCondition(String filed,String type, List<String> data){ private String getCondition(String filed,String type, List<String> data){
String sql=" "; String sql=" ";
switch (type) { switch (type) {
...@@ -384,7 +373,6 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -384,7 +373,6 @@ public class UserEmpowerInterceptor implements Interceptor {
return filed+" not in "+sql; return filed+" not in "+sql;
} }
private String getData( String filed,List<String> data){ private String getData( String filed,List<String> data){
String sql=""; String sql="";
if(data.size()==1){ if(data.size()==1){
...@@ -439,23 +427,6 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -439,23 +427,6 @@ public class UserEmpowerInterceptor implements Interceptor {
return sql; return sql;
} }
private String getlikeData( String filed,List<String> data){
String sql="";
if(data.size()==1){
sql= sql+filed+" = "+"%"+data.get(0)+"%";
}else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + "%"+data.get(i)+"%" +" ";
} else {
sql = sql + filed + " = " + "%"+data.get(i)+"%" +" and ";
}
}
}
return sql;
}
...@@ -504,137 +475,28 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -504,137 +475,28 @@ public class UserEmpowerInterceptor implements Interceptor {
for (int i = 0; i < filed.length; i++) { for (int i = 0; i < filed.length; i++) {
String sq = " "; String sq = " ";
sq = getConditionJXS(filed[i], fileCondition[i], data); sq = getCondition(filed[i], fileCondition[i], data);
sql.add(sq); sql.add(sq);
} }
} }
return sql; return sql;
} }
private String getConditionJXS(String filed, String type, List<String> data) {
String sql = " ";
switch (type) {
case "in":
sql = sql + getInDataJXS(filed, data);
break;
case "like":
if (data.size() == 1) {
sql = sql + getlikeDataJXS(filed, data);
} else {
}
break;
case "likeLeft":
if (data.size() == 1) {
sql = sql + getlikeLeftDataJXS(filed, data);
} else {
}
break;
case "likeRight":
if (data.size() == 1) {
sql = sql + getlikeRightDataJXS(filed, data);
} else {
}
break;
case "eq":
if (data.size() == 1) {
sql = sql + getDataJXS(filed, data);
} else {
}
break;
}
return sql;
}
private String getInDataJXS(String filed, List<String> data) {
String sql = " ( ";
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + "'" + data.get(i) + "' ) ";
} else {
sql = sql + "'" + data.get(i) + "',";
}
}
return filed + " in " + sql;
}
private String getDataJXS(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + data.get(0);
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + data.get(i) + " ";
} else {
sql = sql + filed + " = " + data.get(i) + " and ";
;
}
}
}
return sql;
}
private String getlikeRightDataJXS(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + data.get(0) + "%";
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + data.get(i) + "%" + " ";
} else {
sql = sql + filed + " = " + data.get(i) + "%" + " and ";
}
}
}
return sql;
}
private String getlikeLeftDataJXS(String filed, List<String> data) {
String sql = "";
if (data.size() == 1) {
sql = sql + filed + " = " + "%" + data.get(0);
} else {
for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) {
sql = sql + filed + " = " + "%" + data.get(i) + " ";
} else {
sql = sql + filed + " = " + "%" + data.get(i) + " and ";
}
}
}
return sql;
}
private String getlikeDataJXS(String filed, List<String> data) { private String getlikeData( String filed,List<String> data){
String sql = ""; String sql="";
if (data.size() == 1) { if(data.size()==1){
sql = sql + filed + " = " + "%" + data.get(0) + "%"; sql= sql+filed+" = "+"%"+data.get(0)+"%";
} else { }else {
for (int i = 0; i < data.size(); i++) { for (int i = 0; i < data.size(); i++) {
if (i == data.size() - 1) { if (i == data.size() - 1) {
sql = sql + filed + " = " + "%" + data.get(i) + "%" + " "; sql = sql + filed + " = " + "%"+data.get(i)+"%" +" ";
} else { } else {
sql = sql + filed + " = " + "%" + data.get(i) + "%" + " and "; sql = sql + filed + " = " + "%"+data.get(i)+"%" +" and ";
} }
} }
} }
...@@ -643,40 +505,6 @@ public class UserEmpowerInterceptor implements Interceptor { ...@@ -643,40 +505,6 @@ public class UserEmpowerInterceptor implements Interceptor {
} }
/**
* 获取当前添加数据权限DataAuth的执行语句对应mapper方法
*
* @param mappedStatement
* @return
* @throws ClassNotFoundException
*/
private Method getTargetDataAuthMethodJXS(MappedStatement mappedStatement) throws ClassNotFoundException {
String id = mappedStatement.getId();
String className = id.substring(0, id.lastIndexOf("."));
String methodName = id.substring(id.lastIndexOf(".") + 1);
final Class<?> cls = Class.forName(className);
final Method[] methods = cls.getMethods();
for (Method method : methods) {
// TODO 后续重载方法需要优化
if (method.getName().equals(methodName) && method.isAnnotationPresent(DealerRestrict.class)) {
return method;
}
}
return null;
}
/**
* 获取当前执行语句对应mapper方法的DataAuth注解
*
* @param mappedStatement
* @return
* @throws ClassNotFoundException
*/
private DealerRestrict getTargetDataAuthAnnotationJXS(MappedStatement mappedStatement) throws ClassNotFoundException {
if (ValidationUtil.isEmpty(getTargetDataAuthMethodJXS(mappedStatement))) {
return null;
}
return getTargetDataAuthMethodJXS(mappedStatement).getAnnotation(DealerRestrict.class);
}
} }
\ No newline at end of file
amos-boot-system-jxiop/amos-boot-module-hygf-biz/src/main/java/com/yeejoin/amos/boot/module/hygf/biz/config/MysqlServerConfig.java
View file @ 1f5cc0ff
...@@ -6,7 +6,6 @@ import com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor; ...@@ -6,7 +6,6 @@ import com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor;
import com.baomidou.mybatisplus.extension.spring.MybatisSqlSessionFactoryBean; import com.baomidou.mybatisplus.extension.spring.MybatisSqlSessionFactoryBean;
import com.github.pagehelper.PageInterceptor; import com.github.pagehelper.PageInterceptor;
import com.yeejoin.amos.boot.biz.config.MetaHandler; import com.yeejoin.amos.boot.biz.config.MetaHandler;
import com.yeejoin.amos.boot.module.hygf.api.config.DealerRestrictInterceptor;
import com.yeejoin.amos.boot.module.hygf.api.config.UserEmpowerInterceptor; import com.yeejoin.amos.boot.module.hygf.api.config.UserEmpowerInterceptor;
import org.apache.ibatis.plugin.Interceptor; import org.apache.ibatis.plugin.Interceptor;
import org.apache.ibatis.session.SqlSessionFactory; import org.apache.ibatis.session.SqlSessionFactory;
...@@ -72,8 +71,7 @@ public class MysqlServerConfig { ...@@ -72,8 +71,7 @@ public class MysqlServerConfig {
bean.setPlugins(new Interceptor[] {interceptor, bean.setPlugins(new Interceptor[] {interceptor,
paginationInterceptor(), paginationInterceptor(),
userEmpowerInterceptor(), userEmpowerInterceptor()
dealerRestrictInterceptor()
}); });
return bean.getObject(); return bean.getObject();
} }
...@@ -105,10 +103,5 @@ public class MysqlServerConfig { ...@@ -105,10 +103,5 @@ public class MysqlServerConfig {
return userEmpowerInterceptor; return userEmpowerInterceptor;
} }
@Bean
public DealerRestrictInterceptor dealerRestrictInterceptor() {
DealerRestrictInterceptor dealerRestrictInterceptor = new DealerRestrictInterceptor();
return dealerRestrictInterceptor;
}
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment