使用切面 注解实现权限数据过滤

定义注解

/**
 * 数据权限过滤注解
 */
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface CompanyDateScope {
}

切面实现

package com.ruoyi.framework.aspectj;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.security.ShiroUtils;
import com.ruoyi.framework.aspectj.lang.annotation.CompanyDateScope;
import com.ruoyi.framework.aspectj.lang.annotation.DataScope;
import com.ruoyi.framework.web.domain.BaseEntity;
import com.ruoyi.project.system.user.domain.User;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import java.lang.reflect.Method;
@Aspect
@Component
public class CompanyDataScopeAspect {
    /**
     * 数据权限过滤关键字
     */
    public static final String DATA_SCOPE = "dataScope";
    /**
     * @param joinPoint
     * @param companyId
     */
    public static void dataScopeFilter(JoinPoint joinPoint, Long companyId) {
        String filterSql = StringUtils.format("and company_id = {}", companyId);
        Object params = joinPoint.getArgs()[0];
        if (StringUtils.isNotNull(params) && params instanceof BaseEntity) {
            BaseEntity baseEntity = (BaseEntity) params;
            baseEntity.getParams().put(DATA_SCOPE, filterSql);
        }
    }
    // 配置织入点
    @Pointcut("@annotation(com.ruoyi.framework.aspectj.lang.annotation.CompanyDateScope)")
    public void dataScopePointCut() { }
    @Before("dataScopePointCut()")
    public void doBefore(JoinPoint point) throws Throwable {
        handleDataScope(point);
    }
    protected void handleDataScope(final JoinPoint joinPoint) {
        // 获得注解
        CompanyDateScope controllerDataScope = getAnnotationLog(joinPoint);
        if (controllerDataScope == null) {
            return;
        }
        // 获取当前的用户
        User currentUser = ShiroUtils.getSysUser();
        // 如果公司id大于0说明要过滤数据
        if (currentUser != null && currentUser.getCompanyId() != 0) {
            dataScopeFilter(joinPoint, currentUser.getCompanyId());
        }
    }
    /**
     * 是否存在注解，如果存在就获取
     */
    private CompanyDateScope getAnnotationLog(JoinPoint joinPoint) {
        Signature signature = joinPoint.getSignature();
        MethodSignature methodSignature = (MethodSignature) signature;
        Method method = methodSignature.getMethod();
        if (method != null) {
            return method.getAnnotation(CompanyDateScope.class);
        }
        return null;
    }
}

在 mapper 方法上增加注解

/**
 * 产品Mapper接口
 */
public interface ProductMapper {
    ...
    @CompanyDateScope
    List<ProductVO> selectProductList(ProductQO product);
    ...
}

在 where 最后面增加过滤数据的 sql 语句

...
<select id="selectProductList" parameterType="com.ruoyi.project.api.domain.qo.ProductQO" resultMap="ProductResult">
    <include refid="selectProductVo"/>
    <where>
        <if test="name != null  and name != ''">and name like concat('%', #{name}, '%')</if>
        ${params.dataScope}
    </where>
</select>
...