DatePermissionInterceptor.java 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
  1. package com.chinaitop.depot;
  2. import com.chinaitop.depot.utils.DataPolicyEngine;
  3. import com.chinaitop.depot.utils.RedisUtil;
  4. import net.sf.jsqlparser.parser.CCJSqlParserUtil;
  5. import net.sf.jsqlparser.statement.Statement;
  6. import net.sf.jsqlparser.statement.select.Select;
  7. import net.sf.jsqlparser.util.TablesNamesFinder;
  8. import org.apache.commons.lang.ObjectUtils;
  9. import org.apache.ibatis.executor.statement.StatementHandler;
  10. import org.apache.ibatis.mapping.BoundSql;
  11. import org.apache.ibatis.mapping.MappedStatement;
  12. import org.apache.ibatis.plugin.*;
  13. import org.apache.ibatis.reflection.DefaultReflectorFactory;
  14. import org.apache.ibatis.reflection.MetaObject;
  15. import org.apache.ibatis.reflection.ReflectorFactory;
  16. import org.apache.ibatis.reflection.factory.DefaultObjectFactory;
  17. import org.apache.ibatis.reflection.factory.ObjectFactory;
  18. import org.apache.ibatis.reflection.wrapper.DefaultObjectWrapperFactory;
  19. import org.apache.ibatis.reflection.wrapper.ObjectWrapperFactory;
  20. import org.springframework.beans.factory.annotation.Autowired;
  21. import org.springframework.stereotype.Component;
  22. import java.lang.reflect.Field;
  23. import java.sql.Connection;
  24. import java.util.HashSet;
  25. import java.util.List;
  26. import java.util.Properties;
  27. import java.util.Set;
  28. /**
  29. * Sql执行时间记录拦截器
  30. */
  31. @Intercepts({ @Signature(type = StatementHandler.class, method = "prepare", args = { Connection.class, Integer.class })})
  32. @Component
  33. public class DatePermissionInterceptor implements Interceptor {
  34. private static final ObjectFactory DEFAULT_OBJECT_FACTORY = new DefaultObjectFactory();
  35. private static final ObjectWrapperFactory DEFAULT_OBJECT_WRAPPER_FACTORY = new DefaultObjectWrapperFactory();
  36. private static final ReflectorFactory DEFAULT_REFLECTOR_FACTORY = new DefaultReflectorFactory();
  37. @Autowired
  38. private RedisUtil redisUtil;
  39. @Override
  40. public Object intercept(Invocation invocation) throws Throwable {
  41. StatementHandler statementHandler = (StatementHandler) invocation.getTarget();
  42. MetaObject metaStatementHandler = MetaObject.forObject(statementHandler, DEFAULT_OBJECT_FACTORY,
  43. DEFAULT_OBJECT_WRAPPER_FACTORY, DEFAULT_REFLECTOR_FACTORY);
  44. MappedStatement mappedStatement = (MappedStatement) metaStatementHandler.getValue("delegate.mappedStatement");
  45. final BoundSql boundSql = statementHandler.getBoundSql();
  46. String bouString = boundSql.getSql();// 获取执行sql
  47. //sql是查询的才进行权限过滤且不过滤t_url_config表的数据
  48. if(mappedStatement.getSqlCommandType().toString().equals("select".toUpperCase()) &&
  49. !bouString.contains("t_url_config")) {
  50. //通过本地线程获取库id
  51. Object threadLocalObj = DataPolicyEngine.get();
  52. String orgId = null;
  53. if(threadLocalObj != null) {
  54. orgId = ObjectUtils.toString(threadLocalObj);
  55. }
  56. if(orgId!=null) {
  57. //机构单独查询时使用递归查询,可以查询机构下级机构
  58. if("com.chinaitop.depot.system.mapper.OrgInfoMapper.selectByExample".equals(mappedStatement.getId())) {
  59. bouString = bouString.replaceAll("org_info", "(SELECT * from org_info"
  60. + " WHERE FIND_IN_SET(org_id,getChildrenOrg("+orgId+"))) org_info ");
  61. }else if(!"com.chinaitop.depot.business.mapper.RoleInfoMapper.selectByPrimaryKey".equals(mappedStatement.getId()) &&
  62. !"com.chinaitop.depot.business.mapper.UserRoleMapper.selectByExample".equals(mappedStatement.getId()) &&
  63. !"com.chinaitop.depot.business.mapper.UserInfoMapper.selectByPrimaryKey".equals(mappedStatement.getId()) &&
  64. !"com.chinaitop.depot.business.mapper.OrgInfoMapper.selectByPrimaryKey".equals(mappedStatement.getId()) &&
  65. !"com.chinaitop.depot.business.mapper.OrgInfoMapper.selectByExample".equals(mappedStatement.getId()) &&
  66. !"com.chinaitop.depot.business.mapper.UserInfoMapper.selectByExample".equals(mappedStatement.getId()) &&
  67. !"com.chinaitop.depot.business.mapper.BusinessStoreWareDetailMapper.selectByExample".equals(mappedStatement.getId()) &&
  68. !"com.chinaitop.depot.business.mapper.BusinessDeliveryStorageNoticeMapper.selectByPrimaryKey".equals(mappedStatement.getId()) &&
  69. !"com.chinaitop.depot.business.mapper.BusinessDeliveryStorageNoticeMapper.selectByExample_COUNT".equals(mappedStatement.getId()) &&
  70. !"com.chinaitop.depot.business.mapper.BusinessDeliveryStorageNoticeMapper.selectByExample".equals(mappedStatement.getId()) &&
  71. !"com.chinaitop.depot.business.mapper.BusinessNoticeReceiveMapper.getUserRole_COUNT".equals(mappedStatement.getId()) &&
  72. !"com.chinaitop.depot.business.mapper.BusinessMovelibraryMapper.selectList".equals(mappedStatement.getId())&&
  73. !"com.chinaitop.depot.system.mapper.SysCodeMapper.selectByPrimaryKey".equals(mappedStatement.getId())&&
  74. !"com.chinaitop.depot.rp.mapper.BusinessRpReportMapper.selectRecListByPageParam".equals(mappedStatement.getId())&&
  75. !"com.chinaitop.depot.rp.mapper.BusinessRpReportMapper.selectByPageParam".equals(mappedStatement.getId())
  76. ){
  77. //解析sql中的表名
  78. Statement statement = CCJSqlParserUtil.parse(bouString);
  79. Select selectStatement = (Select)statement;
  80. TablesNamesFinder tablesNamesFinder = new TablesNamesFinder();
  81. List<String> result = tablesNamesFinder.getTableList(selectStatement);
  82. Set<String> tableNames = new HashSet<String>();// 定义需要替换的table信息列表
  83. //获取业务表信息数据
  84. List<String> tableList = (List<String>)redisUtil.lGetAll("tableList").get(0);
  85. for(int i=0;i<result.size();i++) {
  86. for (int j = 0; j < tableList.size(); j++) {// 处理查看sql中是否有业务表
  87. if (result.get(i).equals(ObjectUtils.toString(tableList.get(j)))) {// 是否存在业务表
  88. tableNames.add(result.get(i));
  89. }
  90. }
  91. }
  92. if (tableNames != null && tableNames.size() > 0) {// sql中存在业务表进行sql拼接数据重新检索
  93. if(result.size() >= 2) {//sql中存在2张及以上表
  94. for (String table : tableNames) {// 进行业务表的数据权限替换
  95. table += " ";//表名后面加空格,防止两个表名一部分相似,导致替换出错
  96. bouString = bouString.replaceAll(table, "(SELECT * from " + table
  97. + " WHERE org_id = '"+orgId+"') ");
  98. }
  99. }else {//sql中是单表
  100. for (String table : tableNames) {// 进行业务表的数据权限替换
  101. if(bouString.contains(table+" ")) {//防止是单表查询,表后面没有空格的时候替换不了
  102. table += " ";//表名后面加空格,防止两个表名一部分相似,导致替换出错
  103. }
  104. bouString = bouString.replaceAll(table, "(SELECT * from " + table
  105. + " WHERE org_id = '"+orgId+"') "+table+" ");
  106. }
  107. }
  108. /*bouString = bouString.replaceAll(table, "(SELECT b.* from " + table
  109. + " b,user_business u WHERE b.org_id = u.org_id AND u .user_id ='"+userId+"' AND u.business_type = '"+table+"') ");*/
  110. }
  111. }
  112. //metaStatementHandler.setValue("delegate.boundSql.sql", bouString);
  113. Field field = getField(boundSql, "sql");
  114. if (field != null) {
  115. try {
  116. field.setAccessible(true);
  117. field.set(boundSql, bouString);
  118. } catch (IllegalArgumentException e) {
  119. // TODO Auto-generated catch block
  120. e.printStackTrace();
  121. } catch (IllegalAccessException e) {
  122. // TODO Auto-generated catch block
  123. e.printStackTrace();
  124. }
  125. }
  126. }
  127. }
  128. return invocation.proceed();
  129. }
  130. private static Field getField(Object obj, String fieldName) {
  131. Field field = null;
  132. for (Class<?> clazz = obj.getClass(); clazz != Object.class; clazz = clazz.getSuperclass()) {
  133. try {
  134. field = clazz.getDeclaredField(fieldName);
  135. break;
  136. } catch (NoSuchFieldException e) {
  137. // 这里不用做处理,子类没有该字段可能对应的父类有,都没有就返回null。
  138. }
  139. }
  140. return field;
  141. }
  142. @Override
  143. public Object plugin(Object target) {
  144. return Plugin.wrap(target, this);
  145. }
  146. @Override
  147. public void setProperties(Properties properties) {
  148. }
  149. }