From 9b3767a954baba7bc62dd74f75c63c693eac4a2c Mon Sep 17 00:00:00 2001 From: RuoYi <yzz_ivy@163.com> Date: 星期日, 21 八月 2022 22:53:57 +0800 Subject: [PATCH] 优化多角色数据权限匹配规则 --- ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java | 13 ++++++++++--- 1 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java index f1d420e..c615712 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java @@ -11,8 +11,9 @@ import com.ruoyi.common.core.domain.entity.SysRole; import com.ruoyi.common.core.domain.entity.SysUser; import com.ruoyi.common.core.domain.model.LoginUser; -import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.SecurityUtils; +import com.ruoyi.common.utils.StringUtils; +import com.ruoyi.framework.security.context.PermissionContextHolder; /** * 数据过滤处理 @@ -70,8 +71,9 @@ // 如果是超级管理员,则不过滤数据 if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin()) { + String permission = StringUtils.defaultIfEmpty(controllerDataScope.permission(), PermissionContextHolder.getContext()); dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(), - controllerDataScope.userAlias()); + controllerDataScope.userAlias(), permission); } } } @@ -83,8 +85,9 @@ * @param user 用户 * @param deptAlias 部门别名 * @param userAlias 用户别名 + * @param permission 权限字符 */ - public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias) + public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias, String permission) { StringBuilder sqlString = new StringBuilder(); List<String> conditions = new ArrayList<String>(); @@ -96,6 +99,10 @@ { continue; } + if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) && !role.getPermissions().contains(permission)) + { + continue; + } if (DATA_SCOPE_ALL.equals(dataScope)) { sqlString = new StringBuilder(); -- Gitblit v1.9.2