|
|
@@ -0,0 +1,148 @@
|
|
|
+package com.gxzc.zen.orm.data.authority.interceptor
|
|
|
+
|
|
|
+import com.baomidou.mybatisplus.plugins.SqlParserHandler
|
|
|
+import com.baomidou.mybatisplus.toolkit.PluginUtils
|
|
|
+import com.gxzc.zen.api.util.SysParamUtil
|
|
|
+import com.gxzc.zen.common.contants.ZenConstants
|
|
|
+import com.gxzc.zen.orm.data.authority.DAHelper
|
|
|
+import com.gxzc.zen.orm.data.authority.visitor.DataAuthoritySelectVisitor
|
|
|
+import com.gxzc.zen.umps.util.SSOUtil
|
|
|
+import net.sf.jsqlparser.parser.CCJSqlParserManager
|
|
|
+import net.sf.jsqlparser.statement.select.Select
|
|
|
+import org.apache.ibatis.executor.statement.StatementHandler
|
|
|
+import org.apache.ibatis.mapping.BoundSql
|
|
|
+import org.apache.ibatis.mapping.MappedStatement
|
|
|
+import org.apache.ibatis.mapping.SqlCommandType
|
|
|
+import org.apache.ibatis.plugin.*
|
|
|
+import org.apache.ibatis.reflection.SystemMetaObject
|
|
|
+import org.slf4j.LoggerFactory
|
|
|
+import java.io.StringReader
|
|
|
+import java.sql.Connection
|
|
|
+import java.util.*
|
|
|
+
|
|
|
+/**
|
|
|
+ * 数据权限 <br>
|
|
|
+ * Sql拦截器 <br>
|
|
|
+ * 拦截 SELECT <br>
|
|
|
+ * 注入查询条件
|
|
|
+ * @author NorthLan
|
|
|
+ * @date 2018/7/6
|
|
|
+ * @url https://noahlan.com
|
|
|
+ */
|
|
|
+@Intercepts(Signature(type = StatementHandler::class, method = "prepare", args = [Connection::class, java.lang.Integer::class]))
|
|
|
+open class ZenDataAuthorityInterceptor : SqlParserHandler(), Interceptor {
|
|
|
+ companion object {
|
|
|
+ private val log = LoggerFactory.getLogger(ZenDataAuthorityInterceptor::class.java)
|
|
|
+ }
|
|
|
+
|
|
|
+ private val parserManager = CCJSqlParserManager()
|
|
|
+
|
|
|
+ override fun intercept(invocation: Invocation): Any {
|
|
|
+ if (!validate()) {
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ // 未登录,不执行数权拦截
|
|
|
+ if (!SSOUtil.isLogin()) {
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+
|
|
|
+ // 当前账户名
|
|
|
+ val currentAccount = SSOUtil.getCurAccount()
|
|
|
+ if (currentAccount.isNullOrEmpty()) {
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+
|
|
|
+ // 权限总开关
|
|
|
+ if (ZenConstants.FALSE == SysParamUtil.getByKey(ZenConstants.PARAMKEY_SYS_DA_ENABLED)?.value) {
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+
|
|
|
+ // 超级管理员
|
|
|
+ val superAccountList = SysParamUtil.getByKey(ZenConstants.PARAMKEY_SUPER_ACCOUNT)?.value
|
|
|
+ ?: return invocation.proceed()
|
|
|
+ if (currentAccount!! in superAccountList) {
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+
|
|
|
+ // ThreadLocal 先序判定是否启用 系统 数据权限
|
|
|
+ val da = DAHelper.getDA()
|
|
|
+ if (da != null) {
|
|
|
+ if (!da.sysDAEnabled) {
|
|
|
+
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ // 当前操作员的数据权限(人员+部门+角色)(业务数权交由后续链处理)
|
|
|
+
|
|
|
+ val statementHandler = PluginUtils.realTarget(invocation.target) as StatementHandler
|
|
|
+ val metaObject = SystemMetaObject.forObject(statementHandler)
|
|
|
+ this.sqlParser(metaObject)
|
|
|
+ // 获取SQL操作类型
|
|
|
+ val mappedStatement = metaObject.getValue("delegate.mappedStatement") as MappedStatement
|
|
|
+
|
|
|
+ val boundSql = metaObject.getValue("delegate.boundSql") as BoundSql
|
|
|
+ val originalSql = boundSql.sql
|
|
|
+
|
|
|
+ when (mappedStatement.sqlCommandType) {
|
|
|
+ SqlCommandType.SELECT -> {
|
|
|
+ // 仅查询 本部门+子部门 + 特殊 人员创建的数据
|
|
|
+ val select = parserManager.parse(StringReader(originalSql)) as Select
|
|
|
+ select.selectBody.accept(DataAuthoritySelectVisitor())
|
|
|
+ metaObject.setValue("delegate.boundSql.sql", select.toString())
|
|
|
+ }
|
|
|
+ SqlCommandType.DELETE,
|
|
|
+ SqlCommandType.INSERT,
|
|
|
+ SqlCommandType.UPDATE -> {
|
|
|
+ // 判断权限是否足够
|
|
|
+ }
|
|
|
+ else -> {
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return invocation.proceed()
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 数据权限 断言验证
|
|
|
+ */
|
|
|
+ private fun validate(): Boolean {
|
|
|
+ // 未登录,不执行数权拦截
|
|
|
+ if (!SSOUtil.isLogin()) {
|
|
|
+ return false
|
|
|
+ }
|
|
|
+
|
|
|
+ // 当前账户名
|
|
|
+ val currentAccount = SSOUtil.getCurAccount()
|
|
|
+ if (currentAccount.isNullOrEmpty()) {
|
|
|
+ return false
|
|
|
+ }
|
|
|
+
|
|
|
+ // 权限总开关
|
|
|
+ if (ZenConstants.FALSE == SysParamUtil.getByKey(ZenConstants.PARAMKEY_SYS_DA_ENABLED)?.value) {
|
|
|
+ return false
|
|
|
+ }
|
|
|
+
|
|
|
+ // 超级管理员
|
|
|
+ val superAccountList = SysParamUtil.getByKey(ZenConstants.PARAMKEY_SUPER_ACCOUNT)?.value
|
|
|
+ ?: return false
|
|
|
+ if (currentAccount!! in superAccountList) {
|
|
|
+ return false
|
|
|
+ }
|
|
|
+
|
|
|
+ return true
|
|
|
+ }
|
|
|
+
|
|
|
+ override fun plugin(target: Any): Any {
|
|
|
+ return if (target is StatementHandler) {
|
|
|
+ Plugin.wrap(target, this)
|
|
|
+ } else {
|
|
|
+ target
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ override fun setProperties(properties: Properties) {
|
|
|
+ }
|
|
|
+}
|
NorthLan