Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix data permission in #1067

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fix data permission in #1067

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a79559d
fix PermissionData logic
liudonghua123 Apr 7, 2020
66db73b
refactor data rule
liudonghua123 Apr 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 5 additions & 5 deletions ...ot/jeecg-boot-base-common/src/main/java/org/jeecg/common/system/query/QueryGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -483,11 +483,11 @@ private static void addRuleToQueryWrapper(SysPermissionDataRuleModel dataRule, S
}

public static String converRuleValue(String ruleValue) {
String value = JwtUtil.getSessionData(ruleValue);
if(oConvertUtils.isEmpty(value)) {
value = JwtUtil.getUserSystemData(ruleValue,null);
}
return value!= null ? value : ruleValue;
// 从session中替换占位符的值
ruleValue = JwtUtil.getSessionData(ruleValue);
// 从当前用户信息中替换占位符的值
ruleValue = JwtUtil.getUserSystemData(ruleValue, null);
return ruleValue;
}

public static String getSqlRuleValue(String sqlRule){
Expand Down
178 changes: 94 additions & 84 deletions jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/common/system/util/JwtUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,14 @@
import com.google.common.base.Joiner;

import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.shiro.SecurityUtils;
import org.jeecg.common.constant.DataBaseConstant;
import org.jeecg.common.exception.JeecgBootException;
Expand Down Expand Up @@ -93,110 +98,115 @@ public static String getUserNameByToken(HttpServletRequest request) throws Jeecg
}
return username;
}

/**
* 从session中获取变量
* 从session中获取变量
*
* @param key
* @return
*/
public static String getSessionData(String key) {
//${myVar}%
//得到${} 后面的值
String moshi = "";
if(key.indexOf("}")!=-1){
moshi = key.substring(key.indexOf("}")+1);
}
String returnValue = null;
if (key.contains("#{")) {
key = key.substring(2,key.indexOf("}"));
}
if (oConvertUtils.isNotEmpty(key)) {
HttpSession session = SpringContextUtils.getHttpServletRequest().getSession();
returnValue = (String) session.getAttribute(key);
Matcher m = Pattern.compile(".*?#\\{(.+?)\\}.*?").matcher(key);
Set<String> mappedKeys = new HashSet<>();
while (m.find()) {
mappedKeys.add(m.group(1));
}
HttpSession session = SpringContextUtils.getHttpServletRequest().getSession();
for(String mappedKey: mappedKeys) {
String value = (String) session.getAttribute(mappedKey);
if (value != null) {
key = key.replaceAll(String.format("#\\{%s\\}", mappedKey), value);
}
}
//结果加上${} 后面的值
if(returnValue!=null){returnValue = returnValue + moshi;}
return returnValue;
return key;
}

/**
* 从当前用户中获取变量
* 从当前用户中获取变量
*
* @param key
* @param user
* @return
*/
//TODO 急待改造 sckjkdsjsfjdk
public static String getUserSystemData(String key,SysUserCacheInfo user) {
if(user==null) {
// TODO 急待改造 sckjkdsjsfjdk
public static String getUserSystemData(String key, SysUserCacheInfo user) {
if (user == null) {
user = JeecgDataAutorUtils.loadUserInfo();
}
//#{sys_user_code}%

// 获取登录用户信息
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();

String moshi = "";
if(key.indexOf("}")!=-1){
moshi = key.substring(key.indexOf("}")+1);
}
String returnValue = null;
//针对特殊标示处理#{sysOrgCode},判断替换
if (key.contains("#{")) {
key = key.substring(2,key.indexOf("}"));

Map<String, String> mappedValues = new HashMap<>();
String value = null;
if (user == null) {
value = sysUser.getUsername();
} else {
key = key;
}
//替换为系统登录用户帐号
if (key.equals(DataBaseConstant.SYS_USER_CODE)|| key.equals(DataBaseConstant.SYS_USER_CODE_TABLE)) {
if(user==null) {
returnValue = sysUser.getUsername();
}else {
returnValue = user.getSysUserCode();
}
}
//替换为系统登录用户真实名字
else if (key.equals(DataBaseConstant.SYS_USER_NAME)|| key.equals(DataBaseConstant.SYS_USER_NAME_TABLE)) {
if(user==null) {
returnValue = sysUser.getRealname();
}else {
returnValue = user.getSysUserName();
}
}

//替换为系统用户登录所使用的机构编码
else if (key.equals(DataBaseConstant.SYS_ORG_CODE)|| key.equals(DataBaseConstant.SYS_ORG_CODE_TABLE)) {
if(user==null) {
returnValue = sysUser.getOrgCode();
}else {
returnValue = user.getSysOrgCode();
}
}
//替换为系统用户所拥有的所有机构编码
else if (key.equals(DataBaseConstant.SYS_MULTI_ORG_CODE)|| key.equals(DataBaseConstant.SYS_MULTI_ORG_CODE_TABLE)) {
if(user.isOneDepart()) {
returnValue = user.getSysMultiOrgCode().get(0);
}else {
returnValue = Joiner.on(",").join(user.getSysMultiOrgCode());
}
}
//替换为当前系统时间(年月日)
else if (key.equals(DataBaseConstant.SYS_DATE)|| key.equals(DataBaseConstant.SYS_DATE_TABLE)) {
returnValue = user.getSysDate();
value = user.getSysUserCode();
}
// 替换为系统登录用户帐号
mappedValues.put(DataBaseConstant.SYS_USER_CODE, value);
mappedValues.put(DataBaseConstant.SYS_USER_CODE_TABLE, value);
// 替换为系统登录用户真实名字
if (user == null) {
value = sysUser.getRealname();
} else {
value = user.getSysUserName();
}
//替换为当前系统时间(年月日时分秒)
else if (key.equals(DataBaseConstant.SYS_TIME)|| key.equals(DataBaseConstant.SYS_TIME_TABLE)) {
returnValue = user.getSysTime();
mappedValues.put(DataBaseConstant.SYS_USER_NAME, value);
mappedValues.put(DataBaseConstant.SYS_USER_NAME_TABLE, value);

// 替换为系统用户登录所使用的机构编码
if (user == null) {
value = sysUser.getOrgCode();
} else {
value = user.getSysOrgCode();
}
//流程状态默认值(默认未发起)
else if (key.equals(DataBaseConstant.BPM_STATUS)|| key.equals(DataBaseConstant.BPM_STATUS_TABLE)) {
returnValue = "1";
mappedValues.put(DataBaseConstant.SYS_ORG_CODE, value);
mappedValues.put(DataBaseConstant.SYS_ORG_CODE_TABLE, value);

// 替换为系统用户所拥有的所有机构编码
if (user.isOneDepart()) {
value = user.getSysMultiOrgCode().get(0);
} else {
value = Joiner.on(",").join(user.getSysMultiOrgCode());
}
if(returnValue!=null){returnValue = returnValue + moshi;}
return returnValue;
mappedValues.put(DataBaseConstant.SYS_MULTI_ORG_CODE, value);
mappedValues.put(DataBaseConstant.SYS_MULTI_ORG_CODE_TABLE, value);

// 替换为当前系统时间(年月日)
value = user.getSysDate();
mappedValues.put(DataBaseConstant.SYS_DATE, value);
mappedValues.put(DataBaseConstant.SYS_DATE_TABLE, value);

// 替换为当前系统时间(年月日时分秒)
value = user.getSysTime();
mappedValues.put(DataBaseConstant.SYS_TIME, value);
mappedValues.put(DataBaseConstant.SYS_TIME_TABLE, value);

// 流程状态默认值(默认未发起)
value = "1";
mappedValues.put(DataBaseConstant.BPM_STATUS, value);
mappedValues.put(DataBaseConstant.BPM_STATUS_TABLE, value);

// 替换形如#{key}的值
// for (String mappedKey : mappedValues.keySet()) {
// key = key.replaceAll(String.format("#\\{%s\\}", mappedKey), mappedValues.get(mappedKey));
// }
// 优化替换逻辑
Matcher m = Pattern.compile(".*?#\\{(.+?)\\}.*?").matcher(key);
Set<String> mappedKeys = new HashSet<>();
while (m.find()) {
mappedKeys.add(m.group(1));
}
for (String mappedKey : mappedKeys) {
key = key.replaceAll(String.format("#\\{%s\\}", mappedKey), mappedValues.get(mappedKey));
}
return key;
}

public static void main(String[] args) {
String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NjUzMzY1MTMsInVzZXJuYW1lIjoiYWRtaW4ifQ.xjhud_tWCNYBOg_aRlMgOdlZoWFFKB_givNElHNw3X0";
System.out.println(JwtUtil.getUsername(token));
String token =
"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NjUzMzY1MTMsInVzZXJuYW1lIjoiYWRtaW4ifQ.xjhud_tWCNYBOg_aRlMgOdlZoWFFKB_givNElHNw3X0";
System.out.println(JwtUtil.getUsername(token));
}
}