product-inventory-management-after.git

			@@ -6,6 +6,8 @@
			import org.aspectj.lang.annotation.Aspect;
			import org.aspectj.lang.annotation.Before;
			import org.springframework.stereotype.Component;
			import com.ruoyi.common.constant.UserConstants;
			import com.ruoyi.common.core.text.Convert;
			import com.ruoyi.common.utils.SecurityUtils;
			import com.ruoyi.common.utils.StringUtils;
			import com.ruoyi.framework.aspectj.lang.annotation.DataScope;
			@@ -72,8 +74,7 @@
			if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
			{
			String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext());
			dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
			controllerDataScope.userAlias(), permission);
			dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(), controllerDataScope.userAlias(), permission);
			}
			}
			}
			@@ -91,28 +92,42 @@
			{
			StringBuilder sqlString = new StringBuilder();
			List<String> conditions = new ArrayList<String>();
			List<String> scopeCustomIds = new ArrayList<String>();
			user.getRoles().forEach(role -> {
			if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.equals(role.getStatus(), UserConstants.ROLE_NORMAL) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
			{
			scopeCustomIds.add(Convert.toStr(role.getRoleId()));
			}
			});

			for (SysRole role : user.getRoles())
			{
			String dataScope = role.getDataScope();
			if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
			if (conditions.contains(dataScope) \|\| StringUtils.equals(role.getStatus(), UserConstants.ROLE_DISABLE))
			{
			continue;
			}
			if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) && !role.getPermissions().contains(permission))
			if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
			{
			continue;
			}
			if (DATA_SCOPE_ALL.equals(dataScope))
			{
			sqlString = new StringBuilder();
			conditions.add(dataScope);
			break;
			}
			else if (DATA_SCOPE_CUSTOM.equals(dataScope))
			{
			sqlString.append(StringUtils.format(
			" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
			role.getRoleId()));
			if (scopeCustomIds.size() > 1)
			{
			// 多个自定数据权限使用in查询，避免多次拼接。
			sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds)));
			}
			else
			{
			sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
			}
			}
			else if (DATA_SCOPE_DEPT.equals(dataScope))
			{
			@@ -120,9 +135,7 @@
			}
			else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
			{
			sqlString.append(StringUtils.format(
			" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
			deptAlias, user.getDeptId(), user.getDeptId()));
			sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId()));
			}
			else if (DATA_SCOPE_SELF.equals(dataScope))
			{
			@@ -139,6 +152,12 @@
			conditions.add(dataScope);
			}

			// 角色都不包含传递过来的权限字符，这个时候sqlString也会为空，所以要限制一下,不查询任何数据
			if (StringUtils.isEmpty(conditions))
			{
			sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
			}

			if (StringUtils.isNotBlank(sqlString.toString()))
			{
			Object params = joinPoint.getArgs()[0];