,

src/main/java/com/chinaitop/depot/DatePermissionInterceptor.java

@@ -60,9 +60,9 @@ public class DatePermissionInterceptor implements Interceptor {
 		final BoundSql boundSql = statementHandler.getBoundSql();
 		String bouString = boundSql.getSql();// 获取执行sql 
 		
-		//sql是查询的才进行权限过滤
-	    if(mappedStatement.getSqlCommandType().toString().equals("select".toUpperCase())) {
-	    
+		//sql是查询的才进行权限过滤且不过滤t_url_config表的数据
+	    if(mappedStatement.getSqlCommandType().toString().equals("select".toUpperCase()) && 
+	    		!bouString.contains("t_url_config")) {
 			//通过本地线程获取库id
 			Object threadLocalObj = DataPolicyEngine.get();
 			String orgId = null;
@@ -70,43 +70,52 @@ public class DatePermissionInterceptor implements Interceptor {
 				orgId = ObjectUtils.toString(threadLocalObj);
 			}
 			if(orgId!=null) {
-				//解析sql中的表名
-				Statement statement = CCJSqlParserUtil.parse(bouString);
-			    Select selectStatement = (Select)statement;
-			    TablesNamesFinder tablesNamesFinder = new TablesNamesFinder();
-			    List<String> result = tablesNamesFinder.getTableList(selectStatement);
-				
-				Set<String> tableNames = new HashSet<String>();// 定义需要替换的table信息列表
-				//获取业务表信息数据
-				List<String> tableList = (List<String>)redisUtil.lGetAll("tableList").get(0);
-				for(int i=0;i<result.size();i++) {
-					for (int j = 0; j < tableList.size(); j++) {// 处理查看sql中是否有业务表
-						if (result.get(i).equals(ObjectUtils.toString(tableList.get(j)))) {// 是否存在业务表
-							tableNames.add(result.get(i));
+				//机构单独查询时使用递归查询，可以查询机构下级机构
+				if("com.chinaitop.depot.system.mapper.OrgInfoMapper.selectByExample".equals(mappedStatement.getId())) {
+					bouString = bouString.replaceAll("org_info", "(SELECT * from org_info"
+							+ " WHERE FIND_IN_SET(org_id,getChildrenOrg("+orgId+"))) org_info ");
+				}else {
+					//解析sql中的表名
+					Statement statement = CCJSqlParserUtil.parse(bouString);
+					Select selectStatement = (Select)statement;
+					TablesNamesFinder tablesNamesFinder = new TablesNamesFinder();
+					List<String> result = tablesNamesFinder.getTableList(selectStatement);
+					
+					Set<String> tableNames = new HashSet<String>();// 定义需要替换的table信息列表
+					//获取业务表信息数据
+					List<String> tableList = (List<String>)redisUtil.lGetAll("tableList").get(0);
+					for(int i=0;i<result.size();i++) {
+						for (int j = 0; j < tableList.size(); j++) {// 处理查看sql中是否有业务表
+							if (result.get(i).equals(ObjectUtils.toString(tableList.get(j)))) {// 是否存在业务表
+								tableNames.add(result.get(i));
+							}
 						}
 					}
-				}
-				
-				if (tableNames != null && tableNames.size() > 0) {// sql中存在业务表进行sql拼接数据重新检索
-					if(result.size() >= 2) {//sql中存在2张及以上表
-						for (String table : tableNames) {// 进行业务表的数据权限替换
-							table += " ";//表名后面加空格，防止两个表名一部分相似，导致替换出错
-							bouString = bouString.replaceAll(table, "(SELECT * from " + table
-									+ " WHERE org_id = '"+orgId+"') ");
-						}
-					}else {//sql中是单表
-						for (String table : tableNames) {// 进行业务表的数据权限替换
-							table += " ";//表名后面加空格，防止两个表名一部分相似，导致替换出错
-							bouString = bouString.replaceAll(table, "(SELECT * from " + table
-									+ " WHERE org_id = '"+orgId+"') "+table+" ");
+					
+					if (tableNames != null && tableNames.size() > 0) {// sql中存在业务表进行sql拼接数据重新检索
+						if(result.size() >= 2) {//sql中存在2张及以上表
+							for (String table : tableNames) {// 进行业务表的数据权限替换
+								table += " ";//表名后面加空格，防止两个表名一部分相似，导致替换出错
+								bouString = bouString.replaceAll(table, "(SELECT * from " + table
+										+ " WHERE org_id = '"+orgId+"') ");
+							}
+						}else {//sql中是单表
+							for (String table : tableNames) {// 进行业务表的数据权限替换
+								if(bouString.contains(table+" ")) {//防止是单表查询，表后面没有空格的时候替换不了
+									table += " ";//表名后面加空格，防止两个表名一部分相似，导致替换出错
+								}
+								bouString = bouString.replaceAll(table, "(SELECT * from " + table
+										+ " WHERE org_id = '"+orgId+"') "+table+" ");
+							}
 						}
+						
+						/*bouString = bouString.replaceAll(table, "(SELECT b.* from " + table
+						+ " b,user_business u WHERE b.org_id = u.org_id AND u .user_id ='"+userId+"' AND u.business_type = '"+table+"') ");*/
+						
 					}
-					
-					/*bouString = bouString.replaceAll(table, "(SELECT b.* from " + table
-							+ " b,user_business u WHERE b.org_id = u.org_id AND u .user_id ='"+userId+"' AND u.business_type = '"+table+"') ");*/
-					
 				}
 				
+				
 				//metaStatementHandler.setValue("delegate.boundSql.sql", bouString);
 				
 				Field field = getField(boundSql, "sql");