首页 > 数据库技术 > 详细

mybatisplus添加数据权限过滤(自定义拦截器,sql拦截)

时间:2021-01-22 11:55:18      阅读:1281      评论:0      收藏:0      [点我收藏+]
    import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
    import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
    import lombok.AllArgsConstructor;
    import lombok.extern.slf4j.Slf4j;
    import org.apache.ibatis.executor.statement.StatementHandler;
    import org.apache.ibatis.mapping.BoundSql;
    import org.apache.ibatis.mapping.MappedStatement;
    import org.apache.ibatis.mapping.SqlCommandType;
    import org.apache.ibatis.plugin.*;
    import org.apache.ibatis.reflection.MetaObject;
    import org.apache.ibatis.reflection.SystemMetaObject;
    import org.springframework.stereotype.Component;

    import javax.sql.DataSource;
    import java.sql.Connection;
    import java.util.Properties;

    @Slf4j
    @AllArgsConstructor
    @Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})})
    @Component
    public class DataScopeInterceptor  extends AbstractSqlParserHandler implements Interceptor {
        private DataSource dataSource;

        @Override
        public Object intercept(Invocation invocation) throws Throwable {
            StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget());
            MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
            this.sqlParser(metaObject);
            // 先判断是不是SELECT操作 不是直接过滤
            MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");
            if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
                return invocation.proceed();
            }
            BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
            // 执行的SQL语句
            String originalSql = boundSql.getSql();
            // SQL语句的参数
            Object parameterObject = boundSql.getParameterObject();

                originalSql = "select * from (" + originalSql + ") temp_data_scope where temp_data_scope." + 1 + " in (" + 2 + ")";
                metaObject.setValue("delegate.boundSql.sql", originalSql);
                return invocation.proceed();
        }

        /**
         * 生成拦截对象的代理
         *
         * @param target 目标对象
         * @return 代理对象
         */
        @Override
        public Object plugin(Object target) {
            if (target instanceof StatementHandler) {
                return Plugin.wrap(target, this);
            }
            return target;
        }

        /**
         * mybatis配置的属性
         *
         * @param properties mybatis配置的属性
         */
        @Override
        public void setProperties(Properties properties) {

        }

        /**
         * 查找参数是否包括DataScope对象
         *
         * @param parameterObj 参数列表
         * @return DataScope
         */
    //    private DataScope findDataScopeObject(Object parameterObj) {
    //        if (parameterObj instanceof DataScope) {
    //            return (DataScope) parameterObj;
    //        } else if (parameterObj instanceof Map) {
    //            for (Object val : ((Map<?, ?>) parameterObj).values()) {
    //                if (val instanceof DataScope) {
    //                    return (DataScope) val;
    //                }
    //            }
    //        }
    //        return null;
    //    }
    }

以下代码添加至mybatisplusconfig

    /**
     * 数据权限插件
     *
     * @return DataScopeInterceptor
     */
    @Bean
    @ConditionalOnMissingBean
    public DataScopeInterceptor dataScopeInterceptor(DataSource dataSource) {
        return new DataScopeInterceptor(dataSource);
    }

 

mybatisplus添加数据权限过滤(自定义拦截器,sql拦截)

原文:https://www.cnblogs.com/jsfh/p/14312054.html

(0)
(0)
   
举报
评论 一句话评论(0
© 2014 bubuko.com 版权所有 鲁ICP备09046678号-4
打开技术之扣,分享程序人生!
             

鲁公网安备 37021202000002号