From d03d47ec0816fe7dc46032131af008e256797f9e Mon Sep 17 00:00:00 2001
From: lorne <1991wangliang@gmail.com>
Date: Wed, 22 Oct 2025 16:21:13 +0800
Subject: [PATCH] #157
---
.../example-app-cmd-domain/pom.xml | 2 +-
.../example-app/example-app-cmd-meta/pom.xml | 2 +-
example/example-app/example-app-query/pom.xml | 2 +-
example/example-app/pom.xml | 2 +-
.../example-domain-leave/pom.xml | 2 +-
.../example-domain-user/pom.xml | 2 +-
example/example-domain/pom.xml | 2 +-
.../example-infra/example-infra-flow/pom.xml | 2 +-
.../example-infra/example-infra-jpa/pom.xml | 2 +-
.../example-infra-security/pom.xml | 2 +-
example/example-infra/pom.xml | 2 +-
example/example-interface/pom.xml | 2 +-
example/example-server/pom.xml | 2 +-
example/pom.xml | 2 +-
pom.xml | 2 +-
springboot-starter-data-authorization/pom.xml | 2 +-
.../enhancer/DataPermissionSQLEnhancer.java | 53 ++++++++
.../DataAuthorizationContextTest.java | 116 ++++++------------
.../src/test/resources/application.properties | 3 +
springboot-starter-data-fast/pom.xml | 2 +-
springboot-starter-flow/pom.xml | 2 +-
springboot-starter-security/pom.xml | 2 +-
springboot-starter/pom.xml | 2 +-
.../src/main/resources/banner.txt | 2 +-
24 files changed, 116 insertions(+), 98 deletions(-)
diff --git a/example/example-app/example-app-cmd-domain/pom.xml b/example/example-app/example-app-cmd-domain/pom.xml
index 344b0cad..f9f12483 100644
--- a/example/example-app/example-app-cmd-domain/pom.xml
+++ b/example/example-app/example-app-cmd-domain/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-app
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-app/example-app-cmd-meta/pom.xml b/example/example-app/example-app-cmd-meta/pom.xml
index c03f4a5e..685e82dd 100644
--- a/example/example-app/example-app-cmd-meta/pom.xml
+++ b/example/example-app/example-app-cmd-meta/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-app
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-app/example-app-query/pom.xml b/example/example-app/example-app-query/pom.xml
index 2b8ba334..0e9a3851 100644
--- a/example/example-app/example-app-query/pom.xml
+++ b/example/example-app/example-app-query/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-app
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-app/pom.xml b/example/example-app/pom.xml
index 3da4db85..e2625528 100644
--- a/example/example-app/pom.xml
+++ b/example/example-app/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-example
- 3.4.18
+ 3.4.19
../pom.xml
pom
diff --git a/example/example-domain/example-domain-leave/pom.xml b/example/example-domain/example-domain-leave/pom.xml
index 8a8a1382..4876a6a4 100644
--- a/example/example-domain/example-domain-leave/pom.xml
+++ b/example/example-domain/example-domain-leave/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-domain
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-domain/example-domain-user/pom.xml b/example/example-domain/example-domain-user/pom.xml
index af52e561..645fde85 100644
--- a/example/example-domain/example-domain-user/pom.xml
+++ b/example/example-domain/example-domain-user/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-domain
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-domain/pom.xml b/example/example-domain/pom.xml
index 4355b455..2de1ad46 100644
--- a/example/example-domain/pom.xml
+++ b/example/example-domain/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
springboot-example
- 3.4.18
+ 3.4.19
../pom.xml
4.0.0
diff --git a/example/example-infra/example-infra-flow/pom.xml b/example/example-infra/example-infra-flow/pom.xml
index 2e46ce47..bc125448 100644
--- a/example/example-infra/example-infra-flow/pom.xml
+++ b/example/example-infra/example-infra-flow/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
example-infra
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-infra/example-infra-jpa/pom.xml b/example/example-infra/example-infra-jpa/pom.xml
index 908ef94f..02bee0bf 100644
--- a/example/example-infra/example-infra-jpa/pom.xml
+++ b/example/example-infra/example-infra-jpa/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
example-infra
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-infra/example-infra-security/pom.xml b/example/example-infra/example-infra-security/pom.xml
index 3ee73db4..76e81571 100644
--- a/example/example-infra/example-infra-security/pom.xml
+++ b/example/example-infra/example-infra-security/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
example-infra
- 3.4.18
+ 3.4.19
../pom.xml
diff --git a/example/example-infra/pom.xml b/example/example-infra/pom.xml
index d5890355..393b46bb 100644
--- a/example/example-infra/pom.xml
+++ b/example/example-infra/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-example
- 3.4.18
+ 3.4.19
../pom.xml
pom
diff --git a/example/example-interface/pom.xml b/example/example-interface/pom.xml
index 1aa9bbe8..4c15b78f 100644
--- a/example/example-interface/pom.xml
+++ b/example/example-interface/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-example
- 3.4.18
+ 3.4.19
example-interface
diff --git a/example/example-server/pom.xml b/example/example-server/pom.xml
index 20a58b96..fe194286 100644
--- a/example/example-server/pom.xml
+++ b/example/example-server/pom.xml
@@ -5,7 +5,7 @@
springboot-example
com.codingapi.springboot
- 3.4.18
+ 3.4.19
4.0.0
diff --git a/example/pom.xml b/example/pom.xml
index 4d40f07b..7b788eff 100644
--- a/example/pom.xml
+++ b/example/pom.xml
@@ -19,7 +19,7 @@
springboot-example
- 3.4.18
+ 3.4.19
springboot-example
springboot-example project for Spring Boot
diff --git a/pom.xml b/pom.xml
index ae2f517e..a0bf38eb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
com.codingapi.springboot
springboot-parent
- 3.4.18
+ 3.4.19
https://github.com/codingapi/springboot-framewrok
springboot-parent
diff --git a/springboot-starter-data-authorization/pom.xml b/springboot-starter-data-authorization/pom.xml
index e77a4b89..22e5952c 100644
--- a/springboot-starter-data-authorization/pom.xml
+++ b/springboot-starter-data-authorization/pom.xml
@@ -6,7 +6,7 @@
com.codingapi.springboot
springboot-parent
- 3.4.18
+ 3.4.19
springboot-starter-data-authorization
diff --git a/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java b/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
index 3c39d992..f0908b7e 100644
--- a/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
+++ b/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
@@ -3,15 +3,25 @@
import com.codingapi.springboot.authorization.handler.Condition;
import com.codingapi.springboot.authorization.handler.RowHandler;
+import net.sf.jsqlparser.expression.BinaryExpression;
import net.sf.jsqlparser.expression.Expression;
+import net.sf.jsqlparser.expression.ExpressionVisitorAdapter;
+import net.sf.jsqlparser.expression.SignedExpression;
+import net.sf.jsqlparser.expression.operators.arithmetic.Subtraction;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
+import net.sf.jsqlparser.expression.operators.relational.ExpressionList;
+import net.sf.jsqlparser.expression.operators.relational.InExpression;
+import net.sf.jsqlparser.expression.operators.relational.LikeExpression;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.schema.Table;
import net.sf.jsqlparser.statement.Statement;
import net.sf.jsqlparser.statement.select.*;
+import net.sf.jsqlparser.util.TablesNamesFinder;
import java.sql.SQLException;
import java.util.List;
+import java.util.Set;
/**
* 数据权限 SQL 增强器
@@ -100,9 +110,52 @@ private void enhanceDataPermissionInSelect(PlainSelect plainSelect) throws Excep
}
}
}
+
+ Expression expression = plainSelect.getWhere();
+ this.handlerSubSelect(expression);
}
+ private void handlerSubSelect(Expression expression) throws Exception {
+ if(expression!=null){
+ if(expression instanceof AndExpression){
+ AndExpression andExpression = (AndExpression) expression;
+ Expression leftExpression = andExpression.getLeftExpression();
+ Expression rightExpression = andExpression.getRightExpression();
+
+ this.handlerSubSelect(leftExpression);
+ this.handlerSubSelect(rightExpression);
+
+ }
+ if(expression instanceof OrExpression){
+ OrExpression orExpression = (OrExpression) expression;
+ Expression leftExpression = orExpression.getLeftExpression();
+ Expression rightExpression = orExpression.getRightExpression();
+
+ this.handlerSubSelect(leftExpression);
+ this.handlerSubSelect(rightExpression);
+ }
+
+ if(expression instanceof InExpression){
+ InExpression inExpression = (InExpression) expression;
+ Expression leftExpression = inExpression.getLeftExpression();
+ Expression rightExpression = inExpression.getRightExpression();
+
+ this.handlerSubSelect(leftExpression);
+ this.handlerSubSelect(rightExpression);
+ }
+
+ if(expression instanceof ParenthesedSelect){
+ ParenthesedSelect parenthesedSelect = (ParenthesedSelect) expression;
+ this.enhanceDataPermissionInSelect(parenthesedSelect.getPlainSelect());
+ }
+
+ if(expression instanceof PlainSelect){
+ this.enhanceDataPermissionInSelect((PlainSelect) expression);
+ }
+ }
+ }
+
// 注入数据权限条件
private void injectDataPermissionCondition(PlainSelect plainSelect, Table table, Expression where) throws Exception {
String tableName = table.getName();
diff --git a/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java b/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java
index 3dd25040..d6e1f707 100644
--- a/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java
+++ b/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java
@@ -1,13 +1,11 @@
package com.codingapi.springboot.authorization;
import com.codingapi.springboot.authorization.current.CurrentUser;
-import com.codingapi.springboot.authorization.enhancer.DataPermissionSQLEnhancer;
import com.codingapi.springboot.authorization.entity.Depart;
import com.codingapi.springboot.authorization.entity.Unit;
import com.codingapi.springboot.authorization.entity.User;
import com.codingapi.springboot.authorization.filter.DefaultDataAuthorizationFilter;
import com.codingapi.springboot.authorization.handler.Condition;
-import com.codingapi.springboot.authorization.handler.RowHandler;
import com.codingapi.springboot.authorization.interceptor.SQLRunningContext;
import com.codingapi.springboot.authorization.mask.ColumnMaskContext;
import com.codingapi.springboot.authorization.mask.impl.BankCardMask;
@@ -17,14 +15,6 @@
import com.codingapi.springboot.authorization.repository.UnitRepository;
import com.codingapi.springboot.authorization.repository.UserRepository;
import lombok.extern.slf4j.Slf4j;
-import net.sf.jsqlparser.expression.Expression;
-import net.sf.jsqlparser.parser.CCJSqlParserUtil;
-import net.sf.jsqlparser.schema.Column;
-import net.sf.jsqlparser.statement.Statement;
-import net.sf.jsqlparser.statement.select.PlainSelect;
-import net.sf.jsqlparser.statement.select.Select;
-import net.sf.jsqlparser.statement.select.SelectItem;
-import net.sf.jsqlparser.statement.select.SelectItemVisitor;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
@@ -37,7 +27,6 @@
import org.springframework.test.annotation.Rollback;
import java.time.LocalDate;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -281,73 +270,43 @@ public boolean supportColumnAuthorization(String tableName, String columnName, O
}
-// @Test
+ @Test
@Order(4)
- void test4() throws Exception{
- String sql = "SELECT\n" +
- "\tt.* \n" +
- "FROM\n" +
- "\t(\n" +
- "\t\tSELECT\n" +
- "\t\t\tUNYiV.id AS '历史工作经历编号',\n" +
- "\t\t\tUNYiV.company_name AS '历史工作单位',\n" +
- "\t\t\tUNYiV.depart_name AS '历史工作部门',\n" +
- "\t\t\tUNYiV.post_name AS '历史工作岗位',\n" +
- "\t\t\tUNYiV.start_date AS '开始时间',\n" +
- "\t\t\tUNYiV.end_date AS '结束时间',\n" +
- "\t\t\towasH.员工编号 AS '员工编号',\n" +
- "\t\t\towasH.员工姓名 AS '员工姓名',\n" +
- "\t\t\towasH.员工生日 AS '员工生日',\n" +
- "\t\t\towasH.员工地址 AS '员工地址',\n" +
- "\t\t\towasH.身份证号码 AS '身份证号码',\n" +
- "\t\t\towasH.手机号 AS '手机号',\n" +
- "\t\t\towasH.部门编号 AS '部门编号',\n" +
- "\t\t\towasH.岗位编号 AS '岗位编号',\n" +
- "\t\t\towasH.任现职编号 AS '任现职编号',\n" +
- "\t\t\towasH.社团编号 AS '社团编号',\n" +
- "\t\t\towasH.社团名称 AS '社团名称',\n" +
- "\t\t\towasH.创建时间 AS '创建时间' \n" +
- "\t\tFROM\n" +
- "\t\t\tt_work AS pehMS,\n" +
- "\t\t\tt_employee AS OGwG7,\n" +
- "\t\t\tt_work_history AS UNYiV,\n" +
- "\t\t\t(\n" +
- "\t\t\t\tSELECT\n" +
- "\t\t\t\t\tWXJj8.id AS '员工编号',\n" +
- "\t\t\t\t\tWXJj8.NAME AS '员工姓名',\n" +
- "\t\t\t\t\tWXJj8.birth_date AS '员工生日',\n" +
- "\t\t\t\t\tWXJj8.address AS '员工地址',\n" +
- "\t\t\t\t\tWXJj8.id_card AS '身份证号码',\n" +
- "\t\t\t\t\tWXJj8.phone AS '手机号',\n" +
- "\t\t\t\t\tWXJj8.depart_id AS '部门编号',\n" +
- "\t\t\t\t\tWXJj8.post_id AS '岗位编号',\n" +
- "\t\t\t\t\tWXJj8.work_id AS '任现职编号',\n" +
- "\t\t\t\t\trnGD4.id AS '社团编号',\n" +
- "\t\t\t\t\trnGD4.NAME AS '社团名称',\n" +
- "\t\t\t\t\trnGD4.create_date AS '创建时间' \n" +
- "\t\t\t\tFROM\n" +
- "\t\t\t\t\tt_employee AS WXJj8,\n" +
- "\t\t\t\t\tt_league_employee AS dEj96,\n" +
- "\t\t\t\t\tt_league AS rnGD4 \n" +
- "\t\t\t\tWHERE\n" +
- "\t\t\t\t\trnGD4.id < 100 \n" +
- "\t\t\t\t\tAND dEj96.employee_id = WXJj8.id \n" +
- "\t\t\t\t\tAND dEj96.league_id = rnGD4.id \n" +
- "\t\t\t\t\tAND 1 = 1 \n" +
- "\t\t\t) AS owasH \n" +
- "\t\tWHERE\n" +
- "\t\t\tUNYiV.employee_id = OGwG7.id \n" +
- "\t\t\tAND OGwG7.work_id = pehMS.id \n" +
- "\t\t\tAND owasH.任现职编号 = pehMS.id \n" +
- "\t\t\tAND 1 = 1 \n" +
- "\t) AS t , t_employee AS e where t.员工编号 = e.id and e.id = 1";
+ void test4() throws Exception {
+
+ unitRepository.deleteAll();
+ departRepository.deleteAll();
+ userRepository.deleteAll();
+
+ Unit rootUnit = new Unit("Coding总公司");
+ unitRepository.save(rootUnit);
+
+ Unit sdUnit = new Unit("Coding山东分公司", rootUnit.getId());
+ unitRepository.save(sdUnit);
+
+ Depart jgbDepart = new Depart("Coding架构部", rootUnit.getId());
+ departRepository.save(jgbDepart);
+
+ Depart xmbDepart = new Depart("Coding项目部", sdUnit.getId());
+ departRepository.save(xmbDepart);
+
+ User lorne = new User("lorne", LocalDate.parse("1991-01-01"), "beijing", "110105199003078999", "13812345678", jgbDepart);
+ User bob = new User("bob", LocalDate.parse("1991-01-01"), "beijing", "110105199003078999", "13812345678", xmbDepart);
+ User tom = new User("tom", LocalDate.parse("1991-01-01"), "beijing", "110105199003078999", "13812345678", xmbDepart);
+
+ userRepository.save(lorne);
+ userRepository.save(bob);
+ userRepository.save(tom);
+
+ String sql = "select * from t_user where phone like '%1%' and id > 1 and depart_id in (select id from t_depart where id > 0)";
DataAuthorizationContext.getInstance().clearDataAuthorizationFilters();
DataAuthorizationContext.getInstance().addDataAuthorizationFilter(new DefaultDataAuthorizationFilter() {
@Override
public Condition rowAuthorization(String tableName, String tableAlias) {
- return super.rowAuthorization(tableName, tableAlias);
+ String conditionTemplate = "%s.id > -100 ";
+ return Condition.formatCondition(conditionTemplate, tableAlias);
}
@Override
@@ -358,21 +317,24 @@ public T columnAuthorization(String tableName, String columnName, T value) {
@Override
public boolean supportColumnAuthorization(String tableName, String columnName, Object value) {
- return true;
+ if ("t_depart".equalsIgnoreCase(tableName)) {
+ return true;
+ }
+ return false;
}
@Override
public boolean supportRowAuthorization(String tableName, String tableAlias) {
- return true;
+ if ("t_depart".equalsIgnoreCase(tableName)) {
+ return true;
+ }
+ return false;
}
});
-
List> data = jdbcTemplate.queryForList(sql);
-// System.out.println(data);
+ System.out.println(data);
}
-
-
}
diff --git a/springboot-starter-data-authorization/src/test/resources/application.properties b/springboot-starter-data-authorization/src/test/resources/application.properties
index 4e944839..34d559bb 100644
--- a/springboot-starter-data-authorization/src/test/resources/application.properties
+++ b/springboot-starter-data-authorization/src/test/resources/application.properties
@@ -11,3 +11,6 @@ spring.jpa.show-sql=true
#spring.datasource.password=lorne4j#2024
logging.level.com.codingapi.springboot.authorization=debug
+
+
+codingapi.data-authorization.show-sql=true
\ No newline at end of file
diff --git a/springboot-starter-data-fast/pom.xml b/springboot-starter-data-fast/pom.xml
index da4ca7d6..7f8b67c6 100644
--- a/springboot-starter-data-fast/pom.xml
+++ b/springboot-starter-data-fast/pom.xml
@@ -5,7 +5,7 @@
springboot-parent
com.codingapi.springboot
- 3.4.18
+ 3.4.19
4.0.0
diff --git a/springboot-starter-flow/pom.xml b/springboot-starter-flow/pom.xml
index c05de3c1..f64c8a30 100644
--- a/springboot-starter-flow/pom.xml
+++ b/springboot-starter-flow/pom.xml
@@ -6,7 +6,7 @@
springboot-parent
com.codingapi.springboot
- 3.4.18
+ 3.4.19
springboot-starter-flow
diff --git a/springboot-starter-security/pom.xml b/springboot-starter-security/pom.xml
index 94a1b233..71896343 100644
--- a/springboot-starter-security/pom.xml
+++ b/springboot-starter-security/pom.xml
@@ -6,7 +6,7 @@
springboot-parent
com.codingapi.springboot
- 3.4.18
+ 3.4.19
springboot-starter-security
diff --git a/springboot-starter/pom.xml b/springboot-starter/pom.xml
index 02e01b57..88baa57b 100644
--- a/springboot-starter/pom.xml
+++ b/springboot-starter/pom.xml
@@ -5,7 +5,7 @@
com.codingapi.springboot
springboot-parent
- 3.4.18
+ 3.4.19
springboot-starter
diff --git a/springboot-starter/src/main/resources/banner.txt b/springboot-starter/src/main/resources/banner.txt
index 68aafec4..8de2acda 100644
--- a/springboot-starter/src/main/resources/banner.txt
+++ b/springboot-starter/src/main/resources/banner.txt
@@ -1,4 +1,4 @@
------------------------------------------------------
-CodingApi SpringBoot-Starter 3.4.18
+CodingApi SpringBoot-Starter 3.4.19
springboot version (${spring-boot.version})
------------------------------------------------------