通用数据级别权限的框架设计与实现(3)-数据列表的权限过滤

查看上篇文章通用数据级别权限的框架设计与实现(2)-数据权限的准备工作,我们开始数据列表的权限过滤.
原理:我们在做过滤列表时,根据用户权限自动注入到相关SQL中,实现相关过滤,如果拥有全部权限,则不生成相关SQL片段

  1. 首先我们来分析一下数据列表的SQL
  • 能看到所有数据的SQL
SELECT
    role.id,
    role. CODE,
    role. NAME
FROM
    sys_auth_role role
where 1=1
  • 根据登陆角色,看到的数据的SQL
-SELECT
    role.id,
    role. CODE,
    role. NAME
FROM
    sys_auth_role role
LEFT JOIN sys_auth_role_org_rel ror ON ror.role_id = role.id
WHERE
    1 = 1
AND ror.org_id IN (123, 123456)

两者分析,差异是表的关联,及查询的条件。我们因些通过配置来生成具体的相关SQL片段

@Data
public class AuthFiledFilter {
    /**
     * 默认左连接
     */
    private String tableRel = "left join ";
    /**
     * 关联table名称
     */
    private String salveTableName;
    /**
     * 关联table别名
     */
    private String salveTableOtherName;
    /**
     * 关联table字段
     */
    private String salveTableField;

    /**
     * 主表别名
     */
    private String masterTableOtherName;
    /**
     * 默认主表关联字段
     */
    private String masterTableField = "id";

    /**
     * 查找用户ID
     */
    private String searchUserField;

    /**
     * 获取相关的关联SQL
     *
     * @return
     */
    public String getSqlRel() {
        StringBuilder sb = new StringBuilder();
        //增加一个空格,防止与主表靠得太近
        sb.append(" ");
        //sb.append(this.getMasterTableOtherName());
        sb.append(" ");
        sb.append(this.getTableRel());
        sb.append(" ");
        sb.append(this.getSalveTableName()).append("  ").append(this.getSalveTableOtherName());
        sb.append(" on ").append(this.getSalveTableOtherName()).append(".").append(this.getSalveTableField()).append("=").append(this.getMasterTableOtherName()).append(".").append(this.getMasterTableField());
        return sb.toString();
    }

    public  String getCondictionSqlIn(List userList) {

        StringBuilder sb = new StringBuilder();
        sb.append(" and ");
        sb.append(this.buildLogicIN(this.getSalveTableOtherName() + "." + this.getSearchUserField(), userList));
        return sb.toString();
    }

    public  String getCondictionSqlEq(Object userId) {

        StringBuilder sb = new StringBuilder();
        sb.append(" and ");
        sb.append(this.getSalveTableOtherName() + "." + this.getSearchUserField()).append("=").append(userId);
        return sb.toString();
    }

    /**
     * 构造in语句,若valueList超过1000时,该函数会自动拆分成多个in语句
     *
     * @param item
     * @param valueList
     * @return item in (valueList)
     */
    public String buildLogicIN(String item, List valueList) {
        int n = (valueList.size() - 1) / 1000;
        StringBuffer rtnStr = new StringBuffer();
        Object obj = valueList.get(0);
        boolean isString = false;
        if (obj instanceof Character || obj instanceof String)
            isString = true;
        String tmpStr;
        for (int i = 0; i <= n; i++) {
            int size = i == n ? valueList.size() : (i + 1) * 1000;
            if (i > 0)
                rtnStr.append(" or ");
            rtnStr.append(item + " in (");
            if (isString) {
                StringBuffer tmpBuf = new StringBuffer();
                for (int j = i * 1000; j < size; j++) {
                    tmpStr = valueList.get(j).toString().replaceAll("'", "''");
                    tmpBuf.append(",'").append(tmpStr).append("'");
                }
                tmpStr = tmpBuf.substring(1);
            } else {
                tmpStr = valueList.subList(i * 1000, size).toString();
                tmpStr = tmpStr.substring(1, tmpStr.length() - 1);
            }
            rtnStr.append(tmpStr);
            rtnStr.append(")");
        }
        if (n > 0)
            return "(" + rtnStr.toString() + ")";
        else
            return rtnStr.toString();
    }
    }

上述类中,生成的SQL片段方法为getSqlRel,getCondictionSqlIn,getCondictionSqlEq方法。
2.我们来生成各种权限校验的规则,Key用类的对象来实现


/**
 * @description: 权限的全局配置
 * @author: starmark
 * @create: 2018-05-17 16:22
 **/
public class AuthConfig {
    //全局校验数据规则
    public static Map<String,AuthValidatorModel> authMap=new HashMap();

    /**
     * 增加权限校验对象
     * @param authValidatorModel
     */
    public static void add(AuthValidatorModel authValidatorModel){
        authMap.put(authValidatorModel.classModel,authValidatorModel);
    }

    /**
     *获取权限校验规则
     * @param classModel
     * @return
     */
    public static AuthValidatorModel get(String classModel){
        return authMap.get(classModel);
    }
}

在service类初始化时,将权限规则注入进去

public class SysAuthRoleServiceImpl   implements ISysAuthRoleService,InitializingBean {...
 /**
     * 初始化权限校验模型
     * @throws Exception
     */
    @Override
    public void afterPropertiesSet() throws Exception {
        AuthValidatorModel authValidatorModel=new AuthValidatorModel(SysAuthRole.class.getName());
        //角色user1与角色user2能看到所有数据
         authValidatorModel.getRoles().add("user1");
         authValidatorModel.getRoles().add("user2");
        //构造关联查询的对象
        AuthFiledFilter authFiledFilter=new AuthFiledFilter();
        //主表别名
        authFiledFilter.setMasterTableOtherName("role");
        //从表表名
        authFiledFilter.setSalveTableName("sys_auth_role_org_rel");
        //从表另名
        authFiledFilter.setSalveTableOtherName("ror");
        //关联字段
        authFiledFilter.setSalveTableField("role_id");
        //查找用户字段接口
        authFiledFilter.setSearchUserField("org_id");
        authValidatorModel.setAuthFiledFilter(authFiledFilter);
        AuthConfig.add(authValidatorModel);

    }
    }

上述初始化了权限校验的规则及关联字段,判断拥有角色user1及user2的能看到全部数据,其他要做过滤.

  1. 数据列表的mapper方法改造为如下:
 <select id="list" resultMap="BaseResultMap">
        select role.id,role.code,role.name
        from sys_auth_role role
        <if test="authModel != null">
            ${authModel.relSql}
        </if>
        where
        1=1
        <if test="authModel != null">
            ${authModel.condictionSql}
        </if>
    </select>
  1. 权限列表的生成authModel方法如下:

/**
 * @description: 校验工具类
 * @author: starmark
 * @create: 2018-05-17 21:24
 **/
public class AuthValidatorUtil {

    public static AuthModel getAuthModel(String classModel, boolean isIn) {
        AuthValidatorModel authValidatorModel = AuthConfig.get(classModel);
        if (authValidatorModel == null) {
            return null;
        }
        boolean isAuth = authValidatorModel.getRoles().stream().anyMatch(role -> UserUtil.containRole(role));
        if (isAuth) {
            return null;
        }
        AuthModel authModel = new AuthModel();
        authModel.setRelSql(authValidatorModel.getAuthFiledFilter().getSqlRel());
        if (isIn) {
            authModel.setCondictionSql(authValidatorModel.getAuthFiledFilter().getCondictionSqlIn(UserUtil.getOrgIds()));

        } else {
            authModel.setCondictionSql(authValidatorModel.getAuthFiledFilter().getCondictionSqlEq(UserUtil.getUserId()));
        }
        return authModel;
    }
}

上述该工具类用于做判断,看是否需要生成相关SQL

  1. 权限过滤调用的方法改写成如下:
    /**
     * 权限过滤查找相关角色
     * @return
     */
    public List<SysAuthRole> list(){
        AuthModel authModel= AuthValidatorUtil.getAuthModel(SysAuthRole.class.getName(),true);
      return   authRoleMapper.list(authModel);
    }

至此,我们列表权限过滤的架子已经搭建完成.

个人代码已经完成,如需要请打赏后通知我。谢谢.
如果你觉得该文章对你有帮助,麻烦点赞。
欢迎继续查看下篇文章-通用数据级别权限的框架设计与实现(4)-单条记录的权限控制

    原文作者:爱余星痕
    原文地址: https://www.jianshu.com/p/5d0eef2d0d42
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞