注解类:
@Retention(RetentionPolicy.RUNTIME) public @interface DataAuthValid { //位置 public int index() default 0; //字段 id //public String id() default "id"; //字段 id public String orgId() default "org_id"; //mapper @SuppressWarnings("rawtypes") public Class<? extends Mapper> mapper(); }
AOP切面:
@Aspect @Component @Order(1) public class DataAuthAop { private static String types = "java.lang.String,java.lang.Long,long"; @Before("@annotation(dataAuth)") public void beforeMethod(JoinPoint point,DataAuthValid dataAuth) throws Exception { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); Map<String, Object> payloadMap = (Map<String, Object>) request.getAttribute("payloadMap"); Long companyid = Long.parseLong(payloadMap.get("companyid")+""); if(companyid != 1) { Object[] args = point.getArgs(); Object obj = args[dataAuth.index()]; String ids = null; String typeName = obj.getClass().getTypeName(); if(types.contains(typeName)) { ids = obj + ""; }else { Field[] fields = obj.getClass().getDeclaredFields(); for (Field f : fields) { f.setAccessible(true); if("id".equals(f.getName())) { Long id = (Long) f.get(obj); ids = id + ""; } } } String[] idArr = ids.split(","); for (String id : idArr) { Class cla = dataAuth.mapper(); Mapper mapper = (Mapper) SpringBeanFactoryUtils.getApplicationContext().getBean(cla); Object object = mapper.selectByPrimaryKey(Long.valueOf(id)); Field field = obj.getClass().getDeclaredField(dataAuth.orgId()); field.setAccessible(true); Long orgId = (Long)field.get(obj); if(!companyid.equals(orgId)) { throw new RuntimeException(); } } } } }
使用:
