From bdda36048f9d29ad34ce36fcc3249b88e1564ec8 Mon Sep 17 00:00:00 2001
From: furongxin <419481438@qq.com>
Date: Fri, 1 Nov 2024 17:02:32 +0800
Subject: [PATCH] =?UTF-8?q?feat(data-permission):=20=E5=AE=8C=E5=96=84?=
 =?UTF-8?q?=E9=83=A8=E9=97=A8=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E8=A7=84?=
 =?UTF-8?q?=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

-增加自定义部门条件方法，处理特定场景下的数据权限
- 优化条件组合逻辑，支持更多复杂的查询场景
- 添加注释说明，提高代码可读性和可维护性
---
 .../rule/dept/DeptDataPermissionRule.java     | 34 ++++++++++++++++---
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java b/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java
index 5d8bb6ce..957e4474 100644
--- a/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java
+++ b/yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java
@@ -18,6 +18,7 @@ import com.baomidou.mybatisplus.core.metadata.TableInfoHelper;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import net.sf.jsqlparser.expression.*;
+import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
 import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
 import net.sf.jsqlparser.expression.operators.relational.EqualsTo;
 import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
@@ -134,7 +135,8 @@ public class DeptDataPermissionRule implements DataPermissionRule {
         // 情况三，拼接 Dept 和 User 的条件，最后组合
         Expression deptExpression = buildDeptExpression(tableName, tableAlias, deptDataPermission.getDeptIds());
         Expression userExpression = buildUserExpression(tableName, tableAlias, deptDataPermission.getSelf(), loginUser.getId());
-        if (deptExpression == null && userExpression == null) {
+        Expression selfDeptExpression = selfDeptExpression(tableName, tableAlias, deptDataPermission.getSelf(), deptDataPermission.getDeptId());
+        if (deptExpression == null && userExpression == null && selfDeptExpression == null) {
             // TODO 芋艿：获得不到条件的时候，暂时不抛出异常，而是不返回数据
             log.warn("[getExpression][LoginUser({}) Table({}/{}) DeptDataPermission({}) 构建的条件为空]",
                     JsonUtils.toJsonString(loginUser), tableName, tableAlias, JsonUtils.toJsonString(deptDataPermission));
@@ -143,13 +145,24 @@ public class DeptDataPermissionRule implements DataPermissionRule {
             return EXPRESSION_NULL;
         }
         if (deptExpression == null) {
-            return userExpression;
+
+            if (userExpression == null) {
+                return selfDeptExpression;
+            }else if (selfDeptExpression == null) {
+                return userExpression;
+            }else {
+                return new Parenthesis(new AndExpression(userExpression, selfDeptExpression));
+            }
         }
         if (userExpression == null) {
             return deptExpression;
         }
-        // 目前，如果有指定部门 + 可查看自己，采用 OR 条件。即，WHERE (dept_id IN ? OR user_id = ?)
-        return new Parenthesis(new OrExpression(deptExpression, userExpression));
+        if (selfDeptExpression == null) {
+            // 目前，如果有指定部门 + 可查看自己，采用 OR 条件。即，WHERE (dept_id IN ? OR user_id = ? )
+            return new Parenthesis(new OrExpression(deptExpression, userExpression));
+        }
+        // 目前，如果有指定部门 + 可查看自己，采用 OR 条件。即，WHERE (dept_id IN ? OR (user_id = ? AND dept_id = ? ))
+        return new Parenthesis(new OrExpression(deptExpression, new AndExpression(userExpression, selfDeptExpression)));
     }
 
     private Expression buildDeptExpression(String tableName, Alias tableAlias, Set<Long> deptIds) {
@@ -180,6 +193,19 @@ public class DeptDataPermissionRule implements DataPermissionRule {
         return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(userId));
     }
 
+    private Expression selfDeptExpression(String tableName, Alias tableAlias, Boolean self, Long deptId) {
+        // 如果不查看自己，则无需作为条件
+        if (Boolean.FALSE.equals(self)) {
+            return null;
+        }
+        String columnName = deptColumns.get(tableName);
+        if (StrUtil.isEmpty(columnName)) {
+            return null;
+        }
+        // 拼接条件
+        return new EqualsTo(MyBatisUtils.buildColumn(tableName, tableAlias, columnName), new LongValue(deptId));
+    }
+
     // ==================== 添加配置 ====================
 
     public void addDeptColumn(Class<? extends BaseDO> entityClass) {