用mybatis 拦截器实现数据权限
来源:互联网 发布:淘宝的需求分析报告 编辑:程序博客网 时间:2024/05/21 06:46
@Intercepts( { @Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class,ResultHandler.class }) })public class DataAuthorityInterceptor implements Interceptor{@Overridepublic Object intercept(Invocation invocation) throws Throwable {MappedStatement mappedStatement = (MappedStatement) invocation.getArgs()[0];Object parameter = invocation.getArgs()[1];BoundSql boundSql = mappedStatement.getBoundSql(parameter);String originalSql = boundSql.getSql().trim();Object parameterObject = boundSql.getParameterObject();String check_user=null;if(parameterObject instanceof HashMap){try{check_user=(String)((HashMap)parameterObject).get("check_user");}catch(Exception e){}}if(check_user!=null){//获取角色String getRoleSql="select a.grpcname from TBLGROUPINFO a,tblusergroup b where a.grpid=b.grpid and b.workid=?";Connection connection=mappedStatement.getConfiguration().getEnvironment().getDataSource().getConnection() ; PreparedStatement countStmt = connection.prepareStatement(getRoleSql); countStmt.setString(1, check_user); ResultSet rs = countStmt.executeQuery(); String role=null; if (rs.next()) { role=rs.getString(1); } rs.close(); countStmt.close(); connection.close(); if(role!=null){ if(role.equals("新沂管理员")||role.equals("系统管理员")){ //查看全部 }else if(role.equals("风险员")){ if(originalSql.toLowerCase().indexOf("checker_userid")!=-1){ String usersSql="select a.userid from tbldepartment_user a where a.departmentcode=(select b.departmentcode from tbldepartment_user b where b.userid='"+check_user+"')"; String riskSql="select a.* from ("+originalSql+")a where a.checker_userid in ("+usersSql+")"; BoundSql newBoundSql = copyFromBoundSql(mappedStatement,boundSql, riskSql); ParameterMap map=mappedStatement.getParameterMap(); //ParameterMapping mapping=new ParameterMapping.Builder(mappedStatement.getConfiguration(), check_user, String.class).build(); //map.getParameterMappings().add(mapping); MappedStatement newMs = copyFromMappedStatement(mappedStatement, new BoundSqlSqlSource(newBoundSql),map); invocation.getArgs()[0] = newMs; } }else if(role.equals("支行副行长")||role.equals("客户经理")){ if(originalSql.toLowerCase().indexOf("checker_userid")!=-1){ String selfSql="select a.* from ("+originalSql+")a where a.checker_userid='"+check_user+"'"; BoundSql newBoundSql = copyFromBoundSql(mappedStatement,boundSql, selfSql); ParameterMap map=mappedStatement.getParameterMap(); MappedStatement newMs = copyFromMappedStatement(mappedStatement, new BoundSqlSqlSource(newBoundSql),map); invocation.getArgs()[0] = newMs; } }else{ throw new RuntimeException("角色错误"); } }}Object obj = invocation.proceed();return obj;}public class BoundSqlSqlSource implements SqlSource {BoundSql boundSql;public BoundSqlSqlSource(BoundSql boundSql) {this.boundSql = boundSql;}public BoundSql getBoundSql(Object parameterObject) {return boundSql;}}/** * 复制MappedStatement对象 */private MappedStatement copyFromMappedStatement(MappedStatement ms,SqlSource newSqlSource,ParameterMap parameterMap) {Builder builder = new Builder(ms.getConfiguration(), ms.getId(),newSqlSource, ms.getSqlCommandType());builder.resource(ms.getResource());builder.fetchSize(ms.getFetchSize());builder.statementType(ms.getStatementType());builder.keyGenerator(ms.getKeyGenerator());// builder.keyProperty(ms.getKeyProperty());builder.timeout(ms.getTimeout());builder.parameterMap(parameterMap);builder.resultMaps(ms.getResultMaps());builder.resultSetType(ms.getResultSetType());builder.cache(ms.getCache());builder.flushCacheRequired(ms.isFlushCacheRequired());builder.useCache(ms.isUseCache());return builder.build();}/** * 复制BoundSql对象 */private BoundSql copyFromBoundSql(MappedStatement ms, BoundSql boundSql,String sql) {BoundSql newBoundSql = new BoundSql(ms.getConfiguration(), sql,boundSql.getParameterMappings(), boundSql.getParameterObject());for (ParameterMapping mapping : boundSql.getParameterMappings()) {String prop = mapping.getProperty();if (boundSql.hasAdditionalParameter(prop)) {newBoundSql.setAdditionalParameter(prop, boundSql.getAdditionalParameter(prop));}}return newBoundSql;}@Overridepublic Object plugin(Object arg0) {return Plugin.wrap(arg0, this);}@Overridepublic void setProperties(Properties arg0) {}}上面是拦截器代码,思路很简单,就是根据业务特性,按不同的角色拼装sql语句。
0 0
- 用mybatis 拦截器实现数据权限
- 数据权限实现(Mybatis拦截器+JSqlParser)
- Mybatis 拦截器实现数据行权限
- 用struts2拦截器实现权限检查
- 用struts2拦截器实现权限检查
- 用拦截器,注解实现权限
- MyBatis拦截器实现分页
- Mybatis SQL拦截器实现
- Mybatis拦截器实现分页
- Mybatis拦截器实现分页
- springboot 实现拦截器权限过滤,以及用拦截器实现操作日志功能
- springboot 实现拦截器权限过滤,以及用拦截器实现操作日志功能(二)
- Mybatis学习- 拦截器-实现分页
- mybatis拦截器实现原理解析
- Mybatis通过拦截器实现分页查询
- 通过Mybatis拦截器实现分页
- MyBatis 拦截器 (实现分页功能)
- mybatis实现拦截器的方法
- 【SVN】关于 The OPTIONS request returned invalid XML in the response: XML parse error 的 解决方案
- android通信机制学习(一)
- Python3:好玩游戏的物品清单 和 列表到字典的函数
- google搜索技巧
- 间隔一段时间进行后台定位
- 用mybatis 拦截器实现数据权限
- 支持我么
- ios 表格 实现自定义下拉刷新
- 每天学习openstack(6)
- 用栈堆的思路解决js中赋值的问题--用一道js题说来
- c风格数组需要释放吗
- PHP设计模式(二):抽象类和接口
- 【软件测试】白盒测试与黑盒测试的区别(不同)
- 水平分表和垂直分表