JeeSite数据权限
Java代码
- User user = UserUtils.getUser();
- // 使用标准查询
- DetachedCriteria dc = articleDao.createDetachedCriteria();
- dc.createAlias("office", "office").createAlias("user", "user");
- dc.add(dataScopeFilter(user, "office", "user"));
- List<Entity> list = articleDao.find(page, dc);;
- // 使用HQL查询
- String hql = "select e from Entity e join e.office o join e.user u where 1=1 ";
- hql += dataScopeFilterString(UserUtils.getUser(), "o", "u");
10. List<Entity> list2 = articleDao.find(page, hql);
Java代码
- /**
- * 数据范围过滤
- * @param dc Hibernate标准查询对象
- * @param user 当前用户对象,通过“UserUtils.getUser()”获取
- * @param officeAlias 机构表别名,例如:dc.createAlias("office", "office");
- * @param userAlias 用户表别名,传递空,忽略此参数
- * @return 标准连接条件对象
- */
- protected static Junction dataScopeFilter(User user, String officeAlias, String userAlias) {
- 10.
- 11. // 进行权限过滤,多个角色权限范围之间为或者关系。
- 12. List<String> dataScope = Lists.newArrayList();
- 13. Junction junction = Restrictions.disjunction();
- 14.
- 15. // 超级管理员,跳过权限过滤
- 16. if (!user.isAdmin()){
- 17. for (Role r : user.getRoleList()){
- 18. if (!dataScope.contains(r.getDataScope()) && StringUtils.isNotBlank(officeAlias)){
- 19. boolean isDataScopeAll = false;
- 20. if (Role.DATA_SCOPE_ALL.equals(r.getDataScope())){
- 21. isDataScopeAll = true;
- 22. }
- 23. else if (Role.DATA_SCOPE_COMPANY_AND_CHILD.equals(r.getDataScope())){
- 24. junction.add(Restrictions.eq(officeAlias+".id", user.getCompany().getId()));
- 25. junction.add(Restrictions.like(officeAlias+".parentIds", user.getCompany().getParentIds()+user.getCompany().getId()+",%"));
- 26. }
- 27. else if (Role.DATA_SCOPE_COMPANY.equals(r.getDataScope())){
- 28. junction.add(Restrictions.eq(officeAlias+".id", user.getCompany().getId()));
- 29. junction.add(Restrictions.and(Restrictions.eq(officeAlias+".parent.id", user.getCompany().getId()),
- 30. Restrictions.eq(officeAlias+".type", "2"))); // 包括本公司下的部门
- 31. }
- 32. else if (Role.DATA_SCOPE_OFFICE_AND_CHILD.equals(r.getDataScope())){
- 33. junction.add(Restrictions.eq(officeAlias+".id", user.getOffice().getId()));
- 34. junction.add(Restrictions.like(officeAlias+".parentIds", user.getOffice().getParentIds()+user.getOffice().getId()+",%"));
- 35. }
- 36. else if (Role.DATA_SCOPE_OFFICE.equals(r.getDataScope())){
- 37. junction.add(Restrictions.eq(officeAlias+".id", user.getOffice().getId()));
- 38. }
- 39. else if (Role.DATA_SCOPE_CUSTOM.equals(r.getDataScope())){
- 40. junction.add(Restrictions.in(officeAlias+".id", r.getOfficeIdList()));
- 41. }
- 42. //else if (Role.DATA_SCOPE_SELF.equals(r.getDataScope())){
- 43. if (!isDataScopeAll){
- 44. if (StringUtils.isNotBlank(userAlias)){
- 45. junction.add(Restrictions.eq(userAlias+".id", user.getId()));
- 46. }else {
- 47. junction.add(Restrictions.isNull(officeAlias+".id"));
- 48. }
- 49. }else{
- 50. // 如果包含全部权限,则去掉之前添加的所有条件,并跳出循环。
- 51. junction = Restrictions.disjunction();
- 52. break;
- 53. }
- 54. dataScope.add(r.getDataScope());
- 55. }
- 56. }
- 57. }
- 58. return junction;
59. }
- 60.
61. /**
- 62. * 数据范围过滤
- 63. * @param user 当前用户对象,通过“UserUtils.getUser()”获取
- 64. * @param officeAlias 机构表别名,例如:dc.createAlias("office", "office");
- 65. * @param userAlias 用户表别名,传递空,忽略此参数
- 66. * @return ql查询字符串
- 67. */
68. protected static String dataScopeFilterString(User user, String officeAlias, String userAlias) {
- 69. Junction junction = dataScopeFilter(user, officeAlias, userAlias);
- 70. Iterator<Criterion> it = junction.conditions().iterator();
- 71. StringBuilder ql = new StringBuilder();
- 72. ql.append(" and (");
- 73. if (it.hasNext()){
- 74. ql.append(it.next());
- 75. }
- 76. String[] strField = {".parentIds like ", ".type="}; // 需要给字段增加“单引号”的字段。
- 77. while (it.hasNext()) {
- 78. ql.append(" or (");
- 79. String s = it.next().toString();
- 80. for(String field : strField){
- 81. s = s.replaceAll(field + "(\w.*)", field + "'$1'");
- 82. }
- 83. ql.append(s).append(")");
- 84. }
- 85. ql.append(")");
- 86. return ql.toString();
87. }