Mybatis拦截器实现数据权限的示例代码

在我们日常开发过程中，通常会涉及到数据权限问题，下面以我们常见的一种场景举例：

一个公司有很多部门，每个人所处的部门和角色也不同，所以数据权限也可能不同，比如超级管理员可以查看某张

表的素有信息，部门领导可以查看该部门下的相关信息，部门普通人员只可以查看个人相关信息，而且由于角色的

不同，各个角色所能查看到的数据库字段也可能不相同，那么此处就涉及到了数据权限相关的问题。那么我们该如

何处理数据权限相关的问题呢？我们提供一种通过Mybatis拦截器实现的方式，下面我们来具体实现一下

pom.xml依赖

				?

									<parent>

									    <groupId>org.springframework.boot</groupId>

									    <artifactId>spring-boot-starter-parent</artifactId>

									    <version>2.1.13.RELEASE</version>

									</parent>

									<properties>

									    <java.version>1.8</java.version>

									    <mybatis-plus.version>3.2.0</mybatis-plus.version>

									</properties>

									<dependencies>

									    <dependency>

									        <groupId>org.springframework.boot</groupId>

									        <artifactId>spring-boot-starter-web</artifactId>

									    </dependency>

									    <dependency>

									        <groupId>mysql</groupId>

									        <artifactId>mysql-connector-java</artifactId>

									    </dependency>

									    <dependency>

									        <groupId>com.baomidou</groupId>

									        <artifactId>mybatis-plus-boot-starter</artifactId>

									        <version>${mybatis-plus.version}</version>

									    </dependency>

									    <dependency>

									        <groupId>org.projectlombok</groupId>

									        <artifactId>lombok</artifactId>

									    </dependency>

									</dependencies>

application.yml文件

				?

									server:

									  port: 80

									spring:

									  application:

									    name: data-scope

									  datasource:

									    url: jdbc:mysql://localhost:3306/test?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=UTC

									    username: root

									    password: 123456

									    druid:

									      # 验证连接是否有效。此参数必须设置为非空字符串，下面三项设置成true才能生效

									      validation-query: SELECT 1

									      # 连接是否被空闲连接回收器(如果有)进行检验. 如果检测失败, 则连接将被从池中去除

									      test-while-idle: true

									      # 是否在从池中取出连接前进行检验, 如果检验失败, 则从池中去除连接并尝试取出另一个

									      test-on-borrow: true

									      # 是否在归还到池中前进行检验

									      test-on-return: false

									      # 连接在池中最小生存的时间，单位是毫秒

									      min-evictable-idle-time-millis: 30000

									#mybatis配置

									mybatis-plus:

									  type-aliases-package: com.mk.entity

									  mapper-locations: classpath:mapper/**/*.xml

									  global-config:

									    db-config:

									      id-type: auto

									      field-strategy: not_empty

									      logic-delete-value: 1

									      logic-not-delete-value: 0

									  configuration:

									    map-underscore-to-camel-case: true

									    cache-enabled: false

									    call-setters-on-nulls: true

									    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl

代码实现

DataScode.java

				?

									@Data

									public class DataScope {

									    // sql过滤条件

									    String sqlCondition;

									    // 需要过滤的结果字段

									    String[] filterFields;

									}

MybatisPlusConfig.java

				?

									@Configuration

									public class MybatisPlusConfig {

									    @Bean

									    @ConditionalOnMissingBean

									    public DataScopeInterceptor dataScopeInterceptor() {

									        return new DataScopeInterceptor();

									    }

									    @Bean

									    public PaginationInterceptor paginationInterceptor() {

									        PaginationInterceptor page = new PaginationInterceptor();

									        page.setDialectType(DbType.MYSQL.getDb());

									        return page;

									    }

									    @Bean

									    public ConfigurationCustomizer mybatisConfigurationCustomizer(){

									        return new ConfigurationCustomizer() {

									            @Override

									            public void customize(MybatisConfiguration configuration) {

									                configuration.setObjectWrapperFactory(new MybatisMapWrapperFactory());

									            }

									        };

									    }

									}

DataScopeInterceptor.java

				?

									@Slf4j

									@Intercepts({@Signature(type = Executor.class, method = "query",

									        args = {MappedStatement.class, Object.class, RowBounds.class,ResultHandler.class})})

									public class DataScopeInterceptor implements Interceptor {

									    @Override

									    public Object intercept(Invocation invocation) throws Throwable {

									        log.info("执行intercept方法：{}", invocation.toString());

									        Object[] args = invocation.getArgs();

									        MappedStatement ms = (MappedStatement) args[0];

									        Object parameterObject = args[1];

									        // 查找参数中包含DataScope类型的参数

									        DataScope dataScope = findDataScopeObject(parameterObject);

									        if (dataScope == null) {

									            return invocation.proceed();

									        }

									        if (!ObjectUtils.isEmpty(dataScope.getSqlCondition())) {

									            // id为执行的mapper方法的全路径名，如com.mapper.UserMapper

									            String id = ms.getId();

									            // sql语句类型 select、delete、insert、update

									            String sqlCommandType = ms.getSqlCommandType().toString();

									            // 仅拦截 select 查询

									            if (!sqlCommandType.equals(SqlCommandType.SELECT.toString())) {

									                return invocation.proceed();

									            }

									            BoundSql boundSql = ms.getBoundSql(parameterObject);

									            String origSql = boundSql.getSql();

									            log.info("原始SQL: {}", origSql);

									            // 组装新的 sql

									            String newSql = String.format("%s%s%s%s", "select * from (", origSql, ") ", dataScope.getSqlCondition());

									            // 重新new一个查询语句对象

									            BoundSql newBoundSql = new BoundSql(ms.getConfiguration(), newSql,

									                    boundSql.getParameterMappings(), boundSql.getParameterObject());

									            // 把新的查询放到statement里

									            MappedStatement newMs = newMappedStatement(ms, new BoundSqlSqlSource(newBoundSql));

									            for (ParameterMapping mapping : boundSql.getParameterMappings()) {

									                String prop = mapping.getProperty();

									                if (boundSql.hasAdditionalParameter(prop)) {

									                    newBoundSql.setAdditionalParameter(prop, boundSql.getAdditionalParameter(prop));

									                }

									            }

									            Object[] queryArgs = invocation.getArgs();

									            queryArgs[0] = newMs;

									            log.info("改写的SQL: {}", newSql);

									        }

									        Object result = invocation.proceed();

									        return handleReslut(result, Arrays.asList(dataScope.getFilterFields()));

									    }

									    /**

									     * 定义一个内部辅助类，作用是包装 SQL

									     */

									    class BoundSqlSqlSource implements SqlSource {

									        private BoundSql boundSql;

									        public BoundSqlSqlSource(BoundSql boundSql) {

									            this.boundSql = boundSql;

									        }

									        public BoundSql getBoundSql(Object parameterObject) {

									            return boundSql;

									        }

									    }

									    private MappedStatement newMappedStatement (MappedStatement ms, SqlSource newSqlSource) {

									        MappedStatement.Builder builder = new

									                MappedStatement.Builder(ms.getConfiguration(), ms.getId(), newSqlSource, ms.getSqlCommandType());

									        builder.resource(ms.getResource());

									        builder.fetchSize(ms.getFetchSize());

									        builder.statementType(ms.getStatementType());

									        builder.keyGenerator(ms.getKeyGenerator());

									        if (ms.getKeyProperties() != null && ms.getKeyProperties().length > 0) {

									            builder.keyProperty(ms.getKeyProperties()[0]);

									        }

									        builder.timeout(ms.getTimeout());

									        builder.parameterMap(ms.getParameterMap());

									        builder.resultMaps(ms.getResultMaps());

									        builder.resultSetType(ms.getResultSetType());

									        builder.cache(ms.getCache());

									        builder.flushCacheRequired(ms.isFlushCacheRequired());

									        builder.useCache(ms.isUseCache());

									        return builder.build();

									    }

									    @Override

									    public Object plugin(Object target) {

									        log.info("plugin方法：{}", target);

									        if (target instanceof Executor) {

									            return Plugin.wrap(target, this);

									        }

									        return target;

									    }

									    @Override

									    public void setProperties(Properties properties) {

									        // 获取属性

									        // String value1 = properties.getProperty("prop1");

									        log.info("properties方法：{}", properties.toString());

									    }

									    /**

									     * 查找参数是否包括DataScope对象

									     *

									     * @param parameterObj 参数列表

									     * @return DataScope

									     */

									    private DataScope findDataScopeObject(Object parameterObj) {

									        if (parameterObj instanceof DataScope) {

									            return (DataScope) parameterObj;

									        } else if (parameterObj instanceof Map) {

									            for (Object val : ((Map<?, ?>) parameterObj).values()) {

									                if (val instanceof DataScope) {

									                    return (DataScope) val;

									                }

									            }

									        }

									        return null;

									    }

									    public Object handleReslut(Object returnValue, List<String> filterFields){

									        if(returnValue != null && !ObjectUtils.isEmpty(filterFields)){

									            if (returnValue instanceof ArrayList<?>){

									                List<?> list = (ArrayList<?>) returnValue;

									                List<Object> newList  = new ArrayList<Object>();

									                if (1 <= list.size()) {

									                    for(Object object:list){

									                        if (object instanceof Map) {

									                            Map map = (Map) object;

									                            for (String key : filterFields) {

									                                map.remove(key);

									                            }

									                            newList.add(map);

									                        } else {

									                            newList.add(decrypt(filterFields, object));

									                        }

									                    }

									                    returnValue = newList;

									                }

									            } else {

									                if (returnValue instanceof Map) {

									                    Map map = (Map) returnValue;

									                    for (String key : filterFields) {

									                        map.remove(key);

									                    }

									                } else {

									                    returnValue = decrypt(filterFields, returnValue);

									                }

									            }

									        }

									        return returnValue;

									    }

									    public static <T> T decrypt(List<String> filterFields, T t) {

									        Field[] declaredFields = t.getClass().getDeclaredFields();

									        try {

									            if (declaredFields != null && declaredFields.length > 0) {

									                for (Field field : declaredFields) {

									                    if (filterFields.contains(field.getName())) {

									                        field.setAccessible(true);

									                        field.set(t, null);

									                        field.setAccessible(false);

									                    }

									                }

									            }

									        } catch (IllegalAccessException e) {

									            throw new RuntimeException(e);

									        }

									        return t;

									    }

									}

SalariesMapper.xml

				?

									<mapper namespace="com.mk.mapper.SalariesMapper">

									    <select id="pageList" resultType="com.mk.entity.Salaries">

									        SELECT * from salaries where salary between #{start} and #{end}

									    </select>

									    <select id="getByEmpNo" resultType="java.util.Map">

									        select * from salaries where emp_no = #{empNo} limit 0,1

									    </select>

									</mapper>

SalariesMapper.java

				?

									@Mapper

									public interface SalariesMapper extends BaseMapper<Salaries> {

									    List<Salaries> pageList(DataScope dataScope, @Param("start") int start,  @Param("end") int end, Page<Salaries> page);

									    Map<String, Object> getByEmpNo(DataScope dataScope, @Param("empNo") int empNo);

									}

SalariesService.java

				?

									@Service

									public class SalariesService extends ServiceImpl<SalariesMapper, Salaries> {

									    @Autowired

									    private SalariesMapper salariesMapper;

									    public List<Salaries> getList(){

									        Page<Salaries> page = new Page<>(1, 10);

									        DataScope dataScope = new DataScope();

									        // 设置查询条件

									        dataScope.setSqlCondition("s where 1=1 and s.emp_no = '10001'");

									        // 将结果集过滤掉salary和toDate字段

									        dataScope.setFilterFields(new String[]{"salary", "toDate"});

									        return salariesMapper.pageList(dataScope, 60000, 70000, page);

									    }

									    public Map<String, Object> getByEmpNo() {

									        DataScope dataScope = new DataScope();

									        // 将结果集过滤掉salary和toDate字段

									        dataScope.setFilterFields(new String[]{"salary", "toDate"});

									        return salariesMapper.getByEmpNo(dataScope, 10001);

									    }

									}