diff --git a/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java b/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java index 5d8bb6ce..957e4474 100644 --- a/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java +++ b/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java @@ -18,6 +18,7 @@ import com.baomidou.mybatisplus.core.metadata.TableInfoHelper; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import net.sf.jsqlparser.expression.*; +import net.sf.jsqlparser.expression.operators.conditional.AndExpression; import net.sf.jsqlparser.expression.operators.conditional.OrExpression; import net.sf.jsqlparser.expression.operators.relational.EqualsTo; import net.sf.jsqlparser.expression.operators.relational.ExpressionList; @@ -134,7 +135,8 @@ public class DeptDataPermissionRule implements DataPermissionRule { // 情况三,拼接 Dept 和 User 的条件,最后组合 Expression deptExpression = buildDeptExpression(tableName, tableAlias, deptDataPermission.getDeptIds()); Expression userExpression = buildUserExpression(tableName, tableAlias, deptDataPermission.getSelf(), loginUser.getId()); - if (deptExpression == null && userExpression == null) { + Expression selfDeptExpression = selfDeptExpression(tableName, tableAlias, deptDataPermission.getSelf(), deptDataPermission.getDeptId()); + if (deptExpression == null && userExpression == null && selfDeptExpression == null) { // TODO 芋艿:获得不到条件的时候,暂时不抛出异常,而是不返回数据 log.warn("[getExpression][LoginUser({}) Table({}/{}) DeptDataPermission({}) 构建的条件为空]", JsonUtils.toJsonString(loginUser), tableName, tableAlias, JsonUtils.toJsonString(deptDataPermission)); @@ -143,13 +145,24 @@ public class DeptDataPermissionRule implements DataPermissionRule { return EXPRESSION_NULL; } if (deptExpression == null) { - return userExpression; + + if (userExpression == null) { + return selfDeptExpression; + }else if (selfDeptExpression == null) { + return userExpression; + }else { + return new Parenthesis(new AndExpression(userExpression, selfDeptExpression)); + } } if (userExpression == null) { return deptExpression; } - // 目前,如果有指定部门 + 可查看自己,采用 OR 条件。即,WHERE (dept_id IN ? OR user_id = ?) - return new Parenthesis(new OrExpression(deptExpression, userExpression)); + if (selfDeptExpression == null) { + // 目前,如果有指定部门 + 可查看自己,采用 OR 条件。即,WHERE (dept_id IN ? OR user_id = ? ) + return new Parenthesis(new OrExpression(deptExpression, userExpression)); + } + // 目前,如果有指定部门 + 可查看自己,采用 OR 条件。即,WHERE (dept_id IN ? OR (user_id = ? AND dept_id = ? )) + return new Parenthesis(new OrExpression(deptExpression, new AndExpression(userExpression, selfDeptExpression))); } private Expression buildDeptExpression(String tableName, Alias tableAlias, Set deptIds) { @@ -180,6 +193,19 @@ public class DeptDataPermissionRule implements DataPermissionRule { return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(userId)); } + private Expression selfDeptExpression(String tableName, Alias tableAlias, Boolean self, Long deptId) { + // 如果不查看自己,则无需作为条件 + if (Boolean.FALSE.equals(self)) { + return null; + } + String columnName = deptColumns.get(tableName); + if (StrUtil.isEmpty(columnName)) { + return null; + } + // 拼接条件 + return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(deptId)); + } + // ==================== 添加配置 ==================== public void addDeptColumn(Class entityClass) {