部门数据权限

2025-03-09 21:27:37 +08:00 · 2025-03-09 21:27:37 +08:00 · 1ed91b7987
parent 2c1d5d7c6a
commit 1ed91b7987
6 changed files with 131 additions and 24 deletions
--- a/bonus-api/bonus-api-system/src/main/java/com/bonus/system/api/domain/SysRole.java
+++ b/bonus-api/bonus-api-system/src/main/java/com/bonus/system/api/domain/SysRole.java
@ -41,8 +41,8 @@ public class SysRole extends BaseEntity
    @Excel(name = "角色排序")
    private Integer roleSort;

-    /** 角色类型(1-全数据类,2-组织类,3-商户类) */
-    private Integer roleType;
+    /** 数据类型(1-组织类,2-区域类) */
+    private Integer dataType;

    /** 数据范围（1：所有数据权限；2：自定义数据权限；3：本部门数据权限；4：本部门及以下数据权限；5：仅本人数据权限） */
    @Excel(name = "数据范围", readConverterExp = "1=所有数据权限,2=自定义数据权限,3=本部门数据权限,4=本部门及以下数据权限,5=仅本人数据权限")
@ -151,12 +151,12 @@ public class SysRole extends BaseEntity
        this.roleSort = roleSort;
    }

-    public Integer getRoleType() {
-        return roleType;
+    public Integer getDataType() {
+        return dataType;
    }

-    public void setRoleType(Integer roleType) {
-        this.roleType = roleType;
+    public void setDataType(Integer dataType) {
+        this.dataType = dataType;
    }

    public String getDataScope()
--- a/bonus-common/bonus-common-datascope/src/main/java/com/bonus/common/datascope/annotation/DataScope.java
+++ b/bonus-common/bonus-common-datascope/src/main/java/com/bonus/common/datascope/annotation/DataScope.java
@ -21,6 +21,11 @@ public @interface DataScope
     */
    public String deptAlias() default "";

+    /**
+     * 区域表的别名
+     */
+    public String areaAlias() default "";
+
    /**
     * 用户表的别名
     */
--- a/bonus-common/bonus-common-datascope/src/main/java/com/bonus/common/datascope/aspect/DataScopeAspect.java
+++ b/bonus-common/bonus-common-datascope/src/main/java/com/bonus/common/datascope/aspect/DataScopeAspect.java
@ -74,8 +74,10 @@ public class DataScopeAspect
            if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
            {
                String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), SecurityContextHolder.getPermission());
-                dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
+                deptDataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
                        controllerDataScope.userAlias(), permission);
+//                areaDataScopeFilter(joinPoint, currentUser, controllerDataScope.areaAlias(),
+//                        controllerDataScope.userAlias(), permission);
            }
        }
    }
@ -89,7 +91,7 @@ public class DataScopeAspect
     * @param userAlias 用户别名
     * @param permission 权限字符
     */
-    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
+    public static void deptDataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission)
    {
        StringBuilder sqlString = new StringBuilder();
        List<String> conditions = new ArrayList<String>();
@ -160,6 +162,86 @@ public class DataScopeAspect
        }
    }

+    /**
+     * 数据范围过滤
+     *
+     * @param joinPoint 切点
+     * @param user 用户
+     * @param areaAlias 区域别名
+     * @param userAlias 用户别名
+     * @param permission 权限字符
+     */
+    public static void areaDataScopeFilter(JoinPoint joinPoint, SysUser user, String areaAlias, String userAlias, String permission)
+    {
+        StringBuilder sqlString = new StringBuilder();
+        List<String> conditions = new ArrayList<String>();
+
+        for (SysRole role : user.getRoles())
+        {
+            String dataScope = role.getDataScope();
+            if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
+            {
+                continue;
+            }
+            if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
+                    && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+            {
+                continue;
+            }
+            if (DATA_SCOPE_ALL.equals(dataScope))
+            {
+                sqlString = new StringBuilder();
+                conditions.add(dataScope);
+                break;
+            }
+            else if (DATA_SCOPE_CUSTOM.equals(dataScope))
+            {
+                sqlString.append(StringUtils.format(
+                        " OR {}.area_id IN ( SELECT area_id FROM sys_role_area WHERE role_id = {} ) ", areaAlias,
+                        role.getRoleId()));
+            }
+            else if (DATA_SCOPE_DEPT.equals(dataScope))
+            {
+                sqlString.append(StringUtils.format(" OR {}.area_id = {} ", areaAlias, user.getDeptId()));
+            }
+            else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
+            {
+                sqlString.append(StringUtils.format(
+                        " OR {}.area_id IN ( SELECT area_id FROM alloc_area WHERE area_id = {} or find_in_set( {} , area_full_id ) )",
+                        areaAlias, user.getDeptId(), user.getDeptId()));
+            }
+            else if (DATA_SCOPE_SELF.equals(dataScope))
+            {
+                if (StringUtils.isNotBlank(userAlias))
+                {
+                    sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
+                }
+                else
+                {
+                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
+                    sqlString.append(StringUtils.format(" OR {}.area_id = 0 ", areaAlias));
+                }
+            }
+            conditions.add(dataScope);
+        }
+
+        // 多角色情况下，所有角色都不包含传递过来的权限字符，这个时候sqlString也会为空，所以要限制一下,不查询任何数据
+        if (StringUtils.isEmpty(conditions))
+        {
+            sqlString.append(StringUtils.format(" OR {}.area_id = 0 ", areaAlias));
+        }
+
+        if (StringUtils.isNotBlank(sqlString.toString()))
+        {
+            Object params = joinPoint.getArgs()[0];
+            if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
+            {
+                BaseEntity baseEntity = (BaseEntity) params;
+                baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
+            }
+        }
+    }
+
    /**
     * 拼接权限sql前先清空params.dataScope参数防止注入
     */
--- a/bonus-common/bonus-common-datascope/src/main/java/com/bonus/common/datascope/enums/DataTypeEnum.java
+++ b/bonus-common/bonus-common-datascope/src/main/java/com/bonus/common/datascope/enums/DataTypeEnum.java
@ -0,0 +1,16 @@
+package com.bonus.common.datascope.enums;
+
+public enum DataTypeEnum {
+   PERMISSION_ORG(1),
+   PERMISSION_AREA(2);
+
+   private final Integer key;
+
+   private DataTypeEnum(Integer key) {
+      this.key = key;
+   }
+
+   public Integer getKey() {
+      return this.key;
+   }
+}
--- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java
+++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java
@ -7,6 +7,7 @@ import java.util.List;
 import java.util.Set;

 import com.bonus.common.core.web.domain.BaseEntity;
+import com.bonus.common.datascope.enums.DataTypeEnum;
 import com.bonus.common.datascope.utils.CommonDataPermissionInfo;
 import com.bonus.system.api.domain.SysUserRole;
 import com.bonus.system.domain.SysRoleArea;
@ -308,16 +309,19 @@ public class SysRoleServiceImpl implements ISysRoleService
    public int authDataScope(SysRole role)
    {
        // 修改角色信息
-        roleMapper.updateRole(role);
-        // 删除角色与部门关联
-        roleDeptMapper.deleteRoleDeptByRoleId(role.getRoleId());
-        // 新增角色和部门信息（数据权限）
-        int roleDeptCount = insertRoleDept(role);
-        // 删除角色与区域关联
-        //roleAreaMapper.deleteRoleAreaByRoleId(role.getRoleId());
-        // 新增角色和区域信息（数据权限）
-        //int roleAreaCount = insertRoleArea(role);
-        return roleDeptCount; // + roleAreaCount;
+        int count = roleMapper.updateRole(role);
+        if (DataTypeEnum.PERMISSION_ORG.getKey().equals(role.getDataType())) {
+            // 删除角色与部门关联
+            roleDeptMapper.deleteRoleDeptByRoleId(role.getRoleId());
+            // 新增角色和部门信息（数据权限）
+            return insertRoleDept(role);
+        } else if (DataTypeEnum.PERMISSION_AREA.getKey().equals(role.getDataType())) {
+            // 删除角色与区域关联
+            roleAreaMapper.deleteRoleAreaByRoleId(role.getRoleId());
+            // 新增角色和区域信息（数据权限）
+            return insertRoleArea(role);
+        }
+        return count;
    }

    /**
--- a/bonus-modules/bonus-system/src/main/resources/mapper/system/SysRoleMapper.xml
+++ b/bonus-modules/bonus-system/src/main/resources/mapper/system/SysRoleMapper.xml
@ -9,7 +9,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 		<result property="roleName"           column="role_name"             />
 		<result property="roleKey"            column="role_key"              />
 		<result property="roleSort"           column="role_sort"             />
-		<result property="roleType"           column="role_type"             />
+		<result property="dataType"           column="data_type"             />
 		<result property="dataScope"          column="data_scope"            />
 		<result property="menuCheckStrictly"  column="menu_check_strictly"   />
 		<result property="deptCheckStrictly"  column="dept_check_strictly"   />
@ -26,8 +26,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 	</resultMap>

 	<sql id="selectRoleVo">
-	    select distinct r.role_id, r.role_name, r.role_key, r.role_sort, r.data_scope, r.menu_check_strictly, r.dept_check_strictly,
-            r.company_id, r.status, r.del_flag, r.create_time, r.remark, r.is_built_in, r.area_id, r.role_type
+	    select distinct r.role_id, r.role_name, r.role_key, r.role_sort, r.data_type, r.data_scope, r.menu_check_strictly, r.dept_check_strictly,
+            r.company_id, r.status, r.del_flag, r.create_time, r.remark, r.is_built_in, r.area_id
        from sys_role r
 	        left join sys_user_role ur on ur.role_id = r.role_id
 	        left join sys_user u on u.user_id = ur.user_id
@ -114,7 +114,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 			<if test="roleName != null and roleName != ''">role_name,</if>
 			<if test="roleKey != null and roleKey != ''">role_key,</if>
 			<if test="roleSort != null">role_sort,</if>
-		    <if test="roleType != null">role_type,</if>
+		    <if test="dataType != null and dataType != ''">data_type,</if>
 			<if test="dataScope != null and dataScope != ''">data_scope,</if>
 			<if test="menuCheckStrictly != null">menu_check_strictly,</if>
 			<if test="deptCheckStrictly != null">dept_check_strictly,</if>
@ -130,7 +130,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 			<if test="roleName != null and roleName != ''">#{roleName},</if>
 			<if test="roleKey != null and roleKey != ''">#{roleKey},</if>
 			<if test="roleSort != null">#{roleSort},</if>
-		    <if test="roleType != null">#{roleType},</if>
+		    <if test="dataType != null and dataType != ''">#{dataType},</if>
 			<if test="dataScope != null and dataScope != ''">#{dataScope},</if>
 			<if test="menuCheckStrictly != null">#{menuCheckStrictly},</if>
 			<if test="deptCheckStrictly != null">#{deptCheckStrictly},</if>
@ -150,7 +150,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 			<if test="roleName != null and roleName != ''">role_name = #{roleName},</if>
 			<if test="roleKey != null and roleKey != ''">role_key = #{roleKey},</if>
 			<if test="roleSort != null">role_sort = #{roleSort},</if>
-			<if test="roleType != null">role_type = #{roleType},</if>
+			<if test="dataType != null and dataType != ''">data_type = #{dataType},</if>
 			<if test="dataScope != null and dataScope != ''">data_scope = #{dataScope},</if>
 			<if test="menuCheckStrictly != null">menu_check_strictly = #{menuCheckStrictly},</if>
 			<if test="deptCheckStrictly != null">dept_check_strictly = #{deptCheckStrictly},</if>