• Java-Code-权限管理-RBAC:BaseService.java

    ylbtech-Java-Code-权限管理-RBAC:BaseService.java
    1.返回顶部
    1、
    package com.sp.manager.util.common.service;

import java.util.List;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

import com.sp.manager.util.common.persistence.BaseEntity;
import com.sp.manager.util.modules.sys.entity.Role;
import com.sp.manager.util.modules.sys.entity.User;
import com.google.common.collect.Lists;

/**
 * Service基类
 * @author
 * @version 2014-05-16
 */
@Transactional(readOnly = true)
public abstract class BaseService {
    
    /**
     * 日志对象
     */
    protected Logger logger = LoggerFactory.getLogger(getClass());

    /**
     * 数据范围过滤
     * @param user 当前用户对象,通过“entity.getCurrentUser()”获取
     * @param officeAlias 机构表别名,多个用“,”逗号隔开。
     * @param userAlias 用户表别名,多个用“,”逗号隔开,传递空,忽略此参数
     * @return 标准连接条件对象
     */
    public static String dataScopeFilter(User user, String officeAlias, String userAlias) {

        StringBuilder sqlString = new StringBuilder();
        
        // 进行权限过滤,多个角色权限范围之间为或者关系。
        List<String> dataScope = Lists.newArrayList();
        
        // 超级管理员,跳过权限过滤
        if (!user.isAdmin()){
            boolean isDataScopeAll = false;
            for (Role r : user.getRoleList()){
                for (String oa : StringUtils.split(officeAlias, ",")){
                    if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(oa)){
                        if (Role.DATA_SCOPE_ALL.equals(r.getDataScope())){
                            isDataScopeAll = true;
                        }
                        else if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(r.getDataScope())){
                            sqlString.append(" OR " + oa + ".id = '" + user.getCompany().getId() + "'");
                            sqlString.append(" OR " + oa + ".parent_ids LIKE '" + user.getCompany().getParentIds() + user.getCompany().getId() + ",%'");
                        }
                        else if (Role.DATA_SCOPE_COMPANY.equals(r.getDataScope())){
                            sqlString.append(" OR " + oa + ".id = '" + user.getCompany().getId() + "'");
                            // 包括本公司下的部门 (type=1:公司;type=2:部门)
                            sqlString.append(" OR (" + oa + ".parent_id = '" + user.getCompany().getId() + "' AND " + oa + ".type = '2')");
                        }
                        else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(r.getDataScope())){
                            sqlString.append(" OR " + oa + ".id = '" + user.getOffice().getId() + "'");
                            sqlString.append(" OR " + oa + ".parent_ids LIKE '" + user.getOffice().getParentIds() + user.getOffice().getId() + ",%'");
                        }
                        else if (Role.DATA_SCOPE_OFFICE.equals(r.getDataScope())){
                            sqlString.append(" OR " + oa + ".id = '" + user.getOffice().getId() + "'");
                        }
                        else if (Role.DATA_SCOPE_CUSTOM.equals(r.getDataScope())){
//                            String officeIds =  StringUtils.join(r.getOfficeIdList(), "','");
//                            if (StringUtils.isNotEmpty(officeIds)){
//                                sqlString.append(" OR " + oa + ".id IN ('" + officeIds + "')");
//                            }
                            sqlString.append(" OR EXISTS (SELECT 1 FROM sys_role_office WHERE role_id = '" + r.getId() + "'");
                            sqlString.append(" AND office_id = " + oa +".id)");
                        }
                        //else if (Role.DATA_SCOPE_SELF.equals(r.getDataScope())){
                        dataScope.add(r.getDataScope());
                    }
                }
            }
            // 如果没有全部数据权限,并设置了用户别名,则当前权限为本人;如果未设置别名,当前无权限为已植入权限
            if (!isDataScopeAll){
                if (StringUtils.isNotBlank(userAlias)){
                    for (String ua : StringUtils.split(userAlias, ",")){
                        sqlString.append(" OR " + ua + ".id = '" + user.getId() + "'");
                    }
                }else {
                    for (String oa : StringUtils.split(officeAlias, ",")){
                        //sqlString.append(" OR " + oa + ".id  = " + user.getOffice().getId());
                        sqlString.append(" OR " + oa + ".id IS NULL");
                    }
                }
            }else{
                // 如果包含全部权限,则去掉之前添加的所有条件,并跳出循环。
                sqlString = new StringBuilder();
            }
        }
        if (StringUtils.isNotBlank(sqlString.toString())){
            return " AND (" + sqlString.substring(4) + ")";
        }
        return "";
    }

    /**
     * 数据范围过滤(符合业务表字段不同的时候使用,采用exists方法)
     * @param entity 当前过滤的实体类
     * @param sqlMapKey sqlMap的键值,例如设置“dsf”时,调用方法:${sqlMap.sdf}
     * @param officeWheres office表条件,组成:部门表字段=业务表的部门字段
     * @param userWheres user表条件,组成:用户表字段=业务表的用户字段
     * @example
     *         dataScopeFilter(user, "dsf", "id=a.office_id", "id=a.create_by");
     *         dataScopeFilter(entity, "dsf", "code=a.jgdm", "no=a.cjr"); // 适应于业务表关联不同字段时使用,如果关联的不是机构id是code。
     */
    public static void dataScopeFilter(BaseEntity<?> entity, String sqlMapKey, String officeWheres, String userWheres) {

        User user = entity.getCurrentUser();
        
        // 如果是超级管理员,则不过滤数据
        if (user.isAdmin()) {
            return;
        }

        // 数据范围(1:所有数据;2:所在公司及以下数据;3:所在公司数据;4:所在部门及以下数据;5:所在部门数据;8:仅本人数据;9:按明细设置)
        StringBuilder sqlString = new StringBuilder();
        
        // 获取到最大的数据权限范围
        String roleId = "";
        int dataScopeInteger = 8;
        for (Role r : user.getRoleList()){
            int ds = Integer.valueOf(r.getDataScope());
            if (ds == 9){
                roleId = r.getId();
                dataScopeInteger = ds;
                break;
            }else if (ds < dataScopeInteger){
                roleId = r.getId();
                dataScopeInteger = ds;
            }
        }
        String dataScopeString = String.valueOf(dataScopeInteger);
        
        // 生成部门权限SQL语句
        for (String where : StringUtils.split(officeWheres, ",")){
            if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(dataScopeString)){
                // 包括本公司下的部门 (type=1:公司;type=2:部门)
                sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
                sqlString.append(" WHERE type='2'");
                sqlString.append(" AND (id = '" + user.getCompany().getId() + "'");
                sqlString.append(" OR parent_ids LIKE '" + user.getCompany().getParentIds() + user.getCompany().getId() + ",%')");
                sqlString.append(" AND " + where +")");
            }
            else if (Role.DATA_SCOPE_COMPANY.equals(dataScopeString)){
                sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
                sqlString.append(" WHERE type='2'");
                sqlString.append(" AND id = '" + user.getCompany().getId() + "'");
                sqlString.append(" AND " + where +")");
            }
            else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(dataScopeString)){
                sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
                sqlString.append(" WHERE (id = '" + user.getOffice().getId() + "'");
                sqlString.append(" OR parent_ids LIKE '" + user.getOffice().getParentIds() + user.getOffice().getId() + ",%')");
                sqlString.append(" AND " + where +")");
            }
            else if (Role.DATA_SCOPE_OFFICE.equals(dataScopeString)){
                sqlString.append(" AND EXISTS (SELECT 1 FROM SYS_OFFICE");
                sqlString.append(" WHERE id = '" + user.getOffice().getId() + "'");
                sqlString.append(" AND " + where +")");
            }
            else if (Role.DATA_SCOPE_CUSTOM.equals(dataScopeString)){
                sqlString.append(" AND EXISTS (SELECT 1 FROM sys_role_office ro123456, sys_office o123456");
                sqlString.append(" WHERE ro123456.office_id = o123456.id");
                sqlString.append(" AND ro123456.role_id = '" + roleId + "'");
                sqlString.append(" AND o123456." + where +")");
            }
        }
        // 生成个人权限SQL语句
        for (String where : StringUtils.split(userWheres, ",")){
            if (Role.DATA_SCOPE_SELF.equals(dataScopeString)){
                sqlString.append(" AND EXISTS (SELECT 1 FROM sys_user");
                sqlString.append(" WHERE id='" + user.getId() + "'");
                sqlString.append(" AND " + where + ")");
            }
        }

//        System.out.println("dataScopeFilter: " + sqlString.toString());

        // 设置到自定义SQL对象
        entity.getSqlMap().put(sqlMapKey, sqlString.toString());
        
    }

}
    2、
    2.返回顶部
     
    3.返回顶部
     
    4.返回顶部
     
    5.返回顶部
     
     
    6.返回顶部
     
    warn 作者:ylbtech
    出处:http://ylbtech.cnblogs.com/
    本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。
  • 相关阅读:
    <置顶>Eclipse和myeclipse常用快捷键-操作-设置
    Eclipse : Loading descriptor for ...错误解决
    ORA-00937: 不是单组分组函数
    An error has occurred,See error log for more details 错误解决办法
    [Error Code: 942, SQL State: 42000] ORA-00942: 表或视图不存在
    ORA-00001: 违反唯一约束条件
    eclipse 出现user operation is waiting
    [空格][空白][特殊]字符/文字
    powerdesigner16.5安装教程及破解步骤
    mybatis遇到日期类型数据时String到date的转化
  • 原文地址:https://www.cnblogs.com/storebook/p/9605369.html
Copyright © 2020-2023  润新知