增加对数据范围的支持

src/main/java/com/stylefeng/guns/common/constant/factory/ConstantFactory.java

@@ -14,6 +14,7 @@ import com.stylefeng.guns.core.util.ToolUtil;
 import org.springframework.context.annotation.DependsOn;
 import org.springframework.stereotype.Component;
 
+import java.util.ArrayList;
 import java.util.List;
 
 /**
@@ -286,4 +287,40 @@ public class ConstantFactory implements IConstantFactory {
         return LogObjectHolder.me().get().toString();
     }
 
+    /**
+     * 获取子部门id
+     */
+    @Override
+    public List<Integer> getSubDeptId(Integer deptid) {
+        Wrapper<Dept> wrapper = new EntityWrapper<>();
+        wrapper = wrapper.like("pids", "%[" + deptid + "]%");
+        List<Dept> depts = this.deptMapper.selectList(wrapper);
+
+        ArrayList<Integer> deptids = new ArrayList<>();
+
+        if(depts != null || depts.size() > 0){
+            for (Dept dept : depts) {
+                deptids.add(dept.getId());
+            }
+        }
+
+        return deptids;
+    }
+
+    /**
+     * 获取所有父部门id
+     */
+    @Override
+    public List<Integer> getParentDeptIds(Integer deptid) {
+        Dept dept = deptMapper.selectById(deptid);
+        String pids = dept.getPids();
+        String[] split = pids.split(",");
+        ArrayList<Integer> parentDeptIds = new ArrayList<>();
+        for (String s : split) {
+            parentDeptIds.add(Integer.valueOf(StrKit.removeSuffix(StrKit.removePrefix(s, "["), "]")));
+        }
+        return parentDeptIds;
+    }
+
+
 }

src/main/java/com/stylefeng/guns/common/constant/factory/IConstantFactory.java

@@ -110,4 +110,14 @@ public interface IConstantFactory {
      */
     String getCacheObject(String para);
 
+    /**
+     * 获取子部门id
+     */
+    List<Integer> getSubDeptId(Integer deptid);
+
+    /**
+     * 获取所有父部门id
+     */
+    List<Integer> getParentDeptIds(Integer deptid);
+
 }

src/main/java/com/stylefeng/guns/config/MybatisPlusConfig.java

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.plugins.PaginationInterceptor;
 import com.stylefeng.guns.common.constant.DSEnum;
 import com.stylefeng.guns.config.properties.DruidProperties;
 import com.stylefeng.guns.config.properties.MutiDataSourceProperties;
+import com.stylefeng.guns.core.datascope.DataScopeInterceptor;
 import com.stylefeng.guns.core.mutidatesource.DynamicDataSource;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -95,4 +96,12 @@ public class MybatisPlusConfig {
     public PaginationInterceptor paginationInterceptor() {
         return new PaginationInterceptor();
     }
+
+    /**
+     * 数据范围mybatis插件
+     */
+    @Bean
+    public DataScopeInterceptor dataScopeInterceptor() {
+        return new DataScopeInterceptor();
+    }
 }

src/main/java/com/stylefeng/guns/core/datascope/DataScope.java

+package com.stylefeng.guns.core.datascope;
+
+import java.util.List;
+
+/**
+ * 数据范围
+ *
+ * @author fengshuonan
+ * @date 2017-07-23 22:19
+ */
+public class DataScope {
+
+    /**
+     * 限制范围的字段名称
+     */
+    private String scopeName = "deptid";
+
+    /**
+     * 限制范围的
+     */
+    private List<Integer> deptIds;
+
+    public DataScope() {
+    }
+
+    public DataScope(List<Integer> deptIds) {
+        this.deptIds = deptIds;
+    }
+
+    public DataScope(String scopeName, List<Integer> deptIds) {
+        this.scopeName = scopeName;
+        this.deptIds = deptIds;
+    }
+
+    public List<Integer> getDeptIds() {
+        return deptIds;
+    }
+
+    public void setDeptIds(List<Integer> deptIds) {
+        this.deptIds = deptIds;
+    }
+
+    public String getScopeName() {
+        return scopeName;
+    }
+
+    public void setScopeName(String scopeName) {
+        this.scopeName = scopeName;
+    }
+}

src/main/java/com/stylefeng/guns/core/datascope/DataScopeInterceptor.java

+package com.stylefeng.guns.core.datascope;
+
+
+import com.baomidou.mybatisplus.toolkit.PluginUtils;
+import com.stylefeng.guns.core.support.CollectionKit;
+import org.apache.ibatis.executor.statement.StatementHandler;
+import org.apache.ibatis.mapping.BoundSql;
+import org.apache.ibatis.mapping.MappedStatement;
+import org.apache.ibatis.mapping.SqlCommandType;
+import org.apache.ibatis.plugin.*;
+import org.apache.ibatis.reflection.MetaObject;
+import org.apache.ibatis.reflection.SystemMetaObject;
+
+import java.sql.Connection;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * 数据范围的拦截器
+ *
+ * @author fengshuonan
+ * @date 2017-07-23 21:26
+ */
+@Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})})
+public class DataScopeInterceptor implements Interceptor {
+
+    @Override
+    public Object intercept(Invocation invocation) throws Throwable {
+        StatementHandler statementHandler = (StatementHandler) PluginUtils.realTarget(invocation.getTarget());
+        MetaObject metaStatementHandler = SystemMetaObject.forObject(statementHandler);
+        MappedStatement mappedStatement = (MappedStatement) metaStatementHandler.getValue("delegate.mappedStatement");
+
+        if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) {
+            return invocation.proceed();
+        }
+
+        BoundSql boundSql = (BoundSql) metaStatementHandler.getValue("delegate.boundSql");
+        String originalSql = boundSql.getSql();
+        Object parameterObject = boundSql.getParameterObject();
+
+        //查找参数中包含DataScope类型的参数
+        DataScope dataScope = findDataScopeObject(parameterObject);
+
+        if (dataScope == null) {
+            return invocation.proceed();
+        } else {
+            String scopeName = dataScope.getScopeName();
+            List<Integer> deptIds = dataScope.getDeptIds();
+            String join = CollectionKit.join(deptIds, ",");
+            originalSql = "select * from (" + originalSql + ") temp_data_scope where temp_data_scope." + scopeName + " in (" + join + ")";
+            metaStatementHandler.setValue("delegate.boundSql.sql", originalSql);
+            return invocation.proceed();
+        }
+    }
+
+    /**
+     * 查找对象是否包括DataScope类
+     */
+    public DataScope findDataScopeObject(Object parameterObj) {
+        if (parameterObj instanceof DataScope) {
+            return (DataScope) parameterObj;
+        } else if (parameterObj instanceof Map) {
+            for (Object val : ((Map<?, ?>) parameterObj).values()) {
+                if (val instanceof DataScope) {
+                    return (DataScope) val;
+                }
+            }
+        }
+        return null;
+    }
+
+    @Override
+    public Object plugin(Object target) {
+        return Plugin.wrap(target, this);
+    }
+
+    @Override
+    public void setProperties(Properties properties) {
+
+    }
+}

src/main/java/com/stylefeng/guns/core/shiro/ShiroKit.java

@@ -15,6 +15,8 @@
  */
 package com.stylefeng.guns.core.shiro;
 
+import com.stylefeng.guns.common.constant.Const;
+import com.stylefeng.guns.common.constant.factory.ConstantFactory;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.crypto.hash.Md5Hash;
 import org.apache.shiro.crypto.hash.SimpleHash;
@@ -22,6 +24,7 @@ import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ByteSource;
 
+import java.util.List;
 import java.util.Random;
 
 /**
@@ -267,4 +270,28 @@ public class ShiroKit {
         return "";
     }
 
+    /**
+     * 获取当前用户的部门数据范围的集合
+     */
+    public static List<Integer> getDeptDataScope() {
+        Integer deptId = getUser().getDeptId();
+        List<Integer> subDeptIds = ConstantFactory.me().getSubDeptId(deptId);
+        subDeptIds.add(deptId);
+        return subDeptIds;
+    }
+
+    /**
+     * 判断当前用户是否是超级管理员
+     */
+    public static boolean isAdmin() {
+        List<Integer> roleList = ShiroKit.getUser().getRoleList();
+        for (Integer integer : roleList) {
+            String singleRoleTip = ConstantFactory.me().getSingleRoleTip(integer);
+            if (singleRoleTip.equals(Const.ADMIN_NAME)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
 }

src/main/java/com/stylefeng/guns/modular/system/controller/UserMgrController.java

@@ -13,6 +13,7 @@ import com.stylefeng.guns.common.exception.BussinessException;
 import com.stylefeng.guns.common.persistence.dao.UserMapper;
 import com.stylefeng.guns.common.persistence.model.User;
 import com.stylefeng.guns.config.properties.GunsProperties;
+import com.stylefeng.guns.core.datascope.DataScope;
 import com.stylefeng.guns.core.db.Db;
 import com.stylefeng.guns.core.log.LogObjectHolder;
 import com.stylefeng.guns.core.shiro.ShiroKit;
@@ -98,6 +99,7 @@ public class UserMgrController extends BaseController {
         if (ToolUtil.isEmpty(userId)) {
             throw new BussinessException(BizExceptionEnum.REQUEST_NULL);
         }
+        assertAuth(userId);
         User user = this.userMapper.selectById(userId);
         model.addAttribute(user);
         model.addAttribute("roleName", ConstantFactory.me().getRoleName(user.getRoleid()));
@@ -160,7 +162,8 @@ public class UserMgrController extends BaseController {
     @Permission
     @ResponseBody
     public Object list(@RequestParam(required = false) String name, @RequestParam(required = false) String beginTime, @RequestParam(required = false) String endTime, @RequestParam(required = false) Integer deptid) {
-        List<Map<String, Object>> users = managerDao.selectUsers(name, beginTime, endTime, deptid);
+        DataScope dataScope = new DataScope(ShiroKit.getDeptDataScope());
+        List<Map<String, Object>> users = managerDao.selectUsers(dataScope, name, beginTime, endTime, deptid);
         return new UserWarpper(users).warp();
     }
 
@@ -208,6 +211,7 @@ public class UserMgrController extends BaseController {
             this.userMapper.updateById(UserFactory.createUser(user));
             return SUCCESS_TIP;
         } else {
+            assertAuth(user.getId());
             ShiroUser shiroUser = ShiroKit.getUser();
             if (shiroUser.getId().equals(user.getId())) {
                 this.userMapper.updateById(UserFactory.createUser(user));
@@ -223,7 +227,7 @@ public class UserMgrController extends BaseController {
      */
     @RequestMapping("/delete")
     @BussinessLog(value = "删除管理员", key = "userId", dict = Dict.UserDict)
-    @Permission(Const.ADMIN_NAME)
+    @Permission
     @ResponseBody
     public Tip delete(@RequestParam Integer userId) {
         if (ToolUtil.isEmpty(userId)) {
@@ -233,6 +237,7 @@ public class UserMgrController extends BaseController {
         if (userId.equals(Const.ADMIN_ID)) {
             throw new BussinessException(BizExceptionEnum.CANT_DELETE_ADMIN);
         }
+        assertAuth(userId);
         this.managerDao.setStatus(userId, ManagerStatus.DELETED.getCode());
         return SUCCESS_TIP;
     }
@@ -246,6 +251,7 @@ public class UserMgrController extends BaseController {
         if (ToolUtil.isEmpty(userId)) {
             throw new BussinessException(BizExceptionEnum.REQUEST_NULL);
         }
+        assertAuth(userId);
         return this.userMapper.selectById(userId);
     }
 
@@ -260,6 +266,7 @@ public class UserMgrController extends BaseController {
         if (ToolUtil.isEmpty(userId)) {
             throw new BussinessException(BizExceptionEnum.REQUEST_NULL);
         }
+        assertAuth(userId);
         User user = this.userMapper.selectById(userId);
         user.setSalt(ShiroKit.getRandomSalt(5));
         user.setPassword(ShiroKit.md5(Const.DEFAULT_PWD, user.getSalt()));
@@ -282,6 +289,7 @@ public class UserMgrController extends BaseController {
         if (userId.equals(Const.ADMIN_ID)) {
             throw new BussinessException(BizExceptionEnum.CANT_FREEZE_ADMIN);
         }
+        assertAuth(userId);
         this.managerDao.setStatus(userId, ManagerStatus.FREEZED.getCode());
         return SUCCESS_TIP;
     }
@@ -297,6 +305,7 @@ public class UserMgrController extends BaseController {
         if (ToolUtil.isEmpty(userId)) {
             throw new BussinessException(BizExceptionEnum.REQUEST_NULL);
         }
+        assertAuth(userId);
         this.managerDao.setStatus(userId, ManagerStatus.OK.getCode());
         return SUCCESS_TIP;
     }
@@ -316,6 +325,7 @@ public class UserMgrController extends BaseController {
         if (userId.equals(Const.ADMIN_ID)) {
             throw new BussinessException(BizExceptionEnum.CANT_CHANGE_ADMIN);
         }
+        assertAuth(userId);
         this.managerDao.setRoles(userId, roleIds);
         return SUCCESS_TIP;
     }
@@ -335,4 +345,19 @@ public class UserMgrController extends BaseController {
         }
         return pictureName;
     }
+
+    /**
+     * 判断当前登录的用户是否有操作这个用户的权限
+     */
+    private void assertAuth(Integer userId) {
+        List<Integer> deptDataScope = ShiroKit.getDeptDataScope();
+        User user = this.userMapper.selectById(userId);
+        Integer deptid = user.getDeptid();
+        if (deptDataScope.contains(deptid)) {
+            return;
+        } else {
+            throw new BussinessException(BizExceptionEnum.NO_PERMITION);
+        }
+
+    }
 }

src/main/java/com/stylefeng/guns/modular/system/dao/UserMgrDao.java

 package com.stylefeng.guns.modular.system.dao;
 
-import java.util.List;
-import java.util.Map;
-
+import com.stylefeng.guns.common.persistence.model.User;
+import com.stylefeng.guns.core.datascope.DataScope;
 import org.apache.ibatis.annotations.Param;
 
-import com.stylefeng.guns.common.persistence.model.User;
+import java.util.List;
+import java.util.Map;
 
 /**
  * 管理员的dao
@@ -38,7 +38,7 @@ public interface UserMgrDao {
      * @return
      * @date 2017年2月12日 下午9:14:34
      */
-    List<Map<String, Object>> selectUsers(@Param("name") String name, @Param("beginTime") String beginTime, @Param("endTime") String endTime, @Param("deptid") Integer deptid);
+    List<Map<String, Object>> selectUsers(@Param("dataScope") DataScope dataScope, @Param("name") String name, @Param("beginTime") String beginTime, @Param("endTime") String endTime, @Param("deptid") Integer deptid);
 
     /**
      * 设置用户的角色