mybatisplus添加数据权限过滤(自定义拦截器,sql拦截)
import com.baomidou.mybatisplus.core.toolkit.PluginUtils; import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.ibatis.executor.statement.StatementHandler; import org.apache.ibatis.mapping.BoundSql; import org.apache.ibatis.mapping.MappedStatement; import org.apache.ibatis.mapping.SqlCommandType; import org.apache.ibatis.plugin.*; import org.apache.ibatis.reflection.MetaObject; import org.apache.ibatis.reflection.SystemMetaObject; import org.springframework.stereotype.Component; import javax.sql.DataSource; import java.sql.Connection; import java.util.Properties; @Slf4j @AllArgsConstructor @Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})}) @Component public class DataScopeInterceptor extends AbstractSqlParserHandler implements Interceptor { private DataSource dataSource; @Override public Object intercept(Invocation invocation) throws Throwable { StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget()); MetaObject metaObject = SystemMetaObject.forObject(statementHandler); this.sqlParser(metaObject); // 先判断是不是SELECT操作 不是直接过滤 MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement"); if (!SqlCommandType.SELECT.equals(mappedStatement.getSqlCommandType())) { return invocation.proceed(); } BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql"); // 执行的SQL语句 String originalSql = boundSql.getSql(); // SQL语句的参数 Object parameterObject = boundSql.getParameterObject(); originalSql = "select * from (" + originalSql + ") temp_data_scope where temp_data_scope." + 1 + " in (" + 2 + ")"; metaObject.setValue("delegate.boundSql.sql", originalSql); return invocation.proceed(); } /** * 生成拦截对象的代理 * * @param target 目标对象 * @return 代理对象 */ @Override public Object plugin(Object target) { if (target instanceof StatementHandler) { return Plugin.wrap(target, this); } return target; } /** * mybatis配置的属性 * * @param properties mybatis配置的属性 */ @Override public void setProperties(Properties properties) { } /** * 查找参数是否包括DataScope对象 * * @param parameterObj 参数列表 * @return DataScope */ // private DataScope findDataScopeObject(Object parameterObj) { // if (parameterObj instanceof DataScope) { // return (DataScope) parameterObj; // } else if (parameterObj instanceof Map) { // for (Object val : ((Map<?, ?>) parameterObj).values()) { // if (val instanceof DataScope) { // return (DataScope) val; // } // } // } // return null; // } }
以下代码添加至mybatisplusconfig
/** * 数据权限插件 * * @return DataScopeInterceptor */ @Bean @ConditionalOnMissingBean public DataScopeInterceptor dataScopeInterceptor(DataSource dataSource) { return new DataScopeInterceptor(dataSource); }
