forked from aixan/RuoYi-Vue
		
	优化数据权限代码
This commit is contained in:
		| @@ -92,16 +92,22 @@ public class DataScopeAspect | ||||
|     { | ||||
|         StringBuilder sqlString = new StringBuilder(); | ||||
|         List<String> conditions = new ArrayList<String>(); | ||||
|         List<String> scopeCustomIds = new ArrayList<String>(); | ||||
|         user.getRoles().forEach(role -> { | ||||
|             if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) | ||||
|             { | ||||
|                 scopeCustomIds.add(Convert.toStr(role.getRoleId())); | ||||
|             } | ||||
|         }); | ||||
|  | ||||
|         for (SysRole role : user.getRoles()) | ||||
|         { | ||||
|             String dataScope = role.getDataScope(); | ||||
|             if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) | ||||
|             if (conditions.contains(dataScope)) | ||||
|             { | ||||
|                 continue; | ||||
|             } | ||||
|             if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) | ||||
|                     && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) | ||||
|             if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) | ||||
|             { | ||||
|                 continue; | ||||
|             } | ||||
| @@ -113,9 +119,15 @@ public class DataScopeAspect | ||||
|             } | ||||
|             else if (DATA_SCOPE_CUSTOM.equals(dataScope)) | ||||
|             { | ||||
|                 sqlString.append(StringUtils.format( | ||||
|                         " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, | ||||
|                         role.getRoleId())); | ||||
|                 if (scopeCustomIds.size() > 1) | ||||
|                 { | ||||
|                     // 多个自定数据权限使用in查询,避免多次拼接。 | ||||
|                     sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds))); | ||||
|                 } | ||||
|                 else | ||||
|                 { | ||||
|                     sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId())); | ||||
|                 } | ||||
|             } | ||||
|             else if (DATA_SCOPE_DEPT.equals(dataScope)) | ||||
|             { | ||||
| @@ -123,9 +135,7 @@ public class DataScopeAspect | ||||
|             } | ||||
|             else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) | ||||
|             { | ||||
|                 sqlString.append(StringUtils.format( | ||||
|                         " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", | ||||
|                         deptAlias, user.getDeptId(), user.getDeptId())); | ||||
|                 sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId())); | ||||
|             } | ||||
|             else if (DATA_SCOPE_SELF.equals(dataScope)) | ||||
|             { | ||||
|   | ||||
| @@ -13,9 +13,11 @@ import org.springframework.web.bind.annotation.RestControllerAdvice; | ||||
| import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException; | ||||
| import com.ruoyi.common.constant.HttpStatus; | ||||
| import com.ruoyi.common.core.domain.AjaxResult; | ||||
| import com.ruoyi.common.core.text.Convert; | ||||
| import com.ruoyi.common.exception.DemoModeException; | ||||
| import com.ruoyi.common.exception.ServiceException; | ||||
| import com.ruoyi.common.utils.StringUtils; | ||||
| import com.ruoyi.common.utils.html.EscapeUtil; | ||||
|  | ||||
| /** | ||||
|  * 全局异常处理器 | ||||
| @@ -79,8 +81,13 @@ public class GlobalExceptionHandler | ||||
|     public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request) | ||||
|     { | ||||
|         String requestURI = request.getRequestURI(); | ||||
|         String value = Convert.toStr(e.getValue()); | ||||
|         if (StringUtils.isNotEmpty(value)) | ||||
|         { | ||||
|             value = EscapeUtil.clean(value); | ||||
|         } | ||||
|         log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e); | ||||
|         return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), e.getValue())); | ||||
|         return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), value)); | ||||
|     } | ||||
|  | ||||
|     /** | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 RuoYi
					RuoYi