From d3236682503cd0e7a316babaadbdbc2ca35e576f Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期三, 05 六月 2024 12:39:38 +0800
Subject: [PATCH] 优化数据权限代码
---
src/main/java/com/ruoyi/common/core/text/Convert.java | 4 ++++
src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java | 28 +++++++++++++++++++---------
src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java | 9 ++++++++-
3 files changed, 31 insertions(+), 10 deletions(-)
diff --git a/src/main/java/com/ruoyi/common/core/text/Convert.java b/src/main/java/com/ruoyi/common/core/text/Convert.java
index 8a2ad80..938d0c9 100644
--- a/src/main/java/com/ruoyi/common/core/text/Convert.java
+++ b/src/main/java/com/ruoyi/common/core/text/Convert.java
@@ -365,6 +365,10 @@
*/
public static String[] toStrArray(String str)
{
+ if (StringUtils.isEmpty(str))
+ {
+ return new String[] {};
+ }
return toStrArray(",", str);
}
diff --git a/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
index 1abba81..da6ac96 100644
--- a/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
+++ b/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
@@ -92,16 +92,22 @@
{
StringBuilder sqlString = new StringBuilder();
List<String> conditions = new ArrayList<String>();
+ List<String> scopeCustomIds = new ArrayList<String>();
+ user.getRoles().forEach(role -> {
+ if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+ {
+ scopeCustomIds.add(Convert.toStr(role.getRoleId()));
+ }
+ });
for (SysRole role : user.getRoles())
{
String dataScope = role.getDataScope();
- if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope))
+ if (conditions.contains(dataScope))
{
continue;
}
- if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions())
- && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+ if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
{
continue;
}
@@ -113,9 +119,15 @@
}
else if (DATA_SCOPE_CUSTOM.equals(dataScope))
{
- sqlString.append(StringUtils.format(
- " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
- role.getRoleId()));
+ if (scopeCustomIds.size() > 1)
+ {
+ // 澶氫釜鑷畾鏁版嵁鏉冮檺浣跨敤in鏌ヨ锛岄伩鍏嶅娆℃嫾鎺ャ��
+ sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds)));
+ }
+ else
+ {
+ sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId()));
+ }
}
else if (DATA_SCOPE_DEPT.equals(dataScope))
{
@@ -123,9 +135,7 @@
}
else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
{
- sqlString.append(StringUtils.format(
- " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
- deptAlias, user.getDeptId(), user.getDeptId()));
+ sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId()));
}
else if (DATA_SCOPE_SELF.equals(dataScope))
{
diff --git a/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java b/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java
index 5dd8bb1..bcea0a7 100644
--- a/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java
+++ b/src/main/java/com/ruoyi/framework/web/exception/GlobalExceptionHandler.java
@@ -12,9 +12,11 @@
import org.springframework.web.bind.annotation.RestControllerAdvice;
import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException;
import com.ruoyi.common.constant.HttpStatus;
+import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.exception.DemoModeException;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.html.EscapeUtil;
import com.ruoyi.framework.web.domain.AjaxResult;
/**
@@ -79,8 +81,13 @@
public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request)
{
String requestURI = request.getRequestURI();
+ String value = Convert.toStr(e.getValue());
+ if (StringUtils.isNotEmpty(value))
+ {
+ value = EscapeUtil.clean(value);
+ }
log.error("璇锋眰鍙傛暟绫诲瀷涓嶅尮閰�'{}',鍙戠敓绯荤粺寮傚父.", requestURI, e);
- return AjaxResult.error(String.format("璇锋眰鍙傛暟绫诲瀷涓嶅尮閰嶏紝鍙傛暟[%s]瑕佹眰绫诲瀷涓猴細'%s'锛屼絾杈撳叆鍊间负锛�'%s'", e.getName(), e.getRequiredType().getName(), e.getValue()));
+ return AjaxResult.error(String.format("璇锋眰鍙傛暟绫诲瀷涓嶅尮閰嶏紝鍙傛暟[%s]瑕佹眰绫诲瀷涓猴細'%s'锛屼絾杈撳叆鍊间负锛�'%s'", e.getName(), e.getRequiredType().getName(), value));
}
/**
--
Gitblit v1.9.3