数据权限的开发示例

适用版本：3.4.5+；

1.需要配合配置用户权限设置或者角色权限设置使用；用户管理-员工/角色管理-编辑-权限设置
2.示例中用户权限优先级大于角色权限
3.示例中获取权限数据，并设置到queryFilter，最后由系统生成对应的查询语句
4.设置需要传入数据表存储用户id或者组织id的字段名

package com.lc.ibps.form.provider;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Map;

import javax.annotation.Resource;

import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.api.base.query.QueryFilter;
import com.lc.ibps.api.base.query.QueryOP;
import com.lc.ibps.api.org.constant.PartyRightsType;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.JacksonUtil;
import com.lc.ibps.cloud.entity.APIPageList;
import com.lc.ibps.cloud.entity.APIRequest;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.provider.GenericProvider;
import com.lc.ibps.form.form.persistence.entity.FormDefPo;
import com.lc.ibps.form.form.repository.FormDefRepository;
import com.lc.ibps.form.util.PartyRightsUtil;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import jodd.util.StringUtil;

@Api(tags = "权限脚本例子", value = "权限脚本例子")
@Validated
@RequestMapping(value = "/rights/demo")
@RestController
public class RightsDemoProvider extends GenericProvider {

    @Resource
    private FormDefRepository formDefRepository;

    @ApiOperation(value = "表单管理列表(分页条件查询)数据", notes = "表单管理列表(分页条件查询)数据")
    @RequestMapping(value = "/query", method = RequestMethod.POST)
    public APIResult<APIPageList<FormDefPo>> query(@ApiParam(name = "request", value = "传入查询请求json字符串",
        required = true) @RequestBody(required = true) APIRequest request) {
        APIResult<APIPageList<FormDefPo>> result = new APIResult<>();
        try {
            QueryFilter queryFilter = getQueryFilter(request);

            // 获取用户的权限信息，并设置到queryFilter里面
            handleRights(queryFilter, "formDef.create_by_", null);

            formDefRepository.setSkipInternal();
            List<FormDefPo> formDefPos = formDefRepository.query(queryFilter);
            formDefRepository.removeSkipInternal();

            APIPageList<FormDefPo> data = getAPIPageList(formDefPos);
            result.setData(data);
        } catch (Exception e) {
            setExceptionResult(result, StateEnum.ERROR_FORM.getCode(), StateEnum.ERROR_FORM.getText(), e);
        }
        return result;
    }

    /**
     * 添加权限过滤
     *
     * @param queryFilter
     * @param userIdfield 用户id数据库字段名
     * @param orgIdfield 组织id数据库字段名
     */
    public void handleRights(QueryFilter queryFilter, String userIdfield, String orgIdfield) {
        Map<String, Object> rightsMap = PartyRightsUtil.getRightsMap();
        Object userRightsObj = rightsMap.get("userRightses");
        Object roleRightsObj = rightsMap.get("roleRightses");
        List<String> userIds = new ArrayList<>();
        // 用户权限优先级大于组织权限
        if (BeanUtils.isNotEmpty(userRightsObj)) {
            List<?> rightses = (List<?>)userRightsObj;
            calc(queryFilter, userIdfield, orgIdfield, userIds, rightses);
        } else if (BeanUtils.isNotEmpty(roleRightsObj)) {
            List<?> rightses = (List<?>)roleRightsObj;
            calc(queryFilter, userIdfield, orgIdfield, userIds, rightses);
        }
    }

    /**
     * 计算并设置queryFilter
     *
     * @param queryFilter
     * @param userIdfield
     * @param orgIdfield
     * @param userIds
     * @param rightses 
     */
    @SuppressWarnings("unchecked")
    private void calc(QueryFilter queryFilter, String userIdfield, String orgIdfield, List<String> userIds, List<?> rightses) {
        // 遍历权限数据
        for (Object obj : rightses) {
            Map<String, Object> partyUserRightsPo = JacksonUtil.toMap(JacksonUtil.toJsonString(obj));
            if (PartyRightsType.ALL.getValue().equals(partyUserRightsPo.get("dimension"))) {
                // 所有权限可以不管
            } else if (PartyRightsType.NONE.getValue().equals(partyUserRightsPo.get("dimension"))) {
                queryFilter.addFilterWithRealValue("1", 1, 1, QueryOP.NOT_EQUAL); // 无权限
            } else {
                userIds.addAll((List<String>)partyUserRightsPo.get("ids"));
                if (BeanUtils.isEmpty(userIds)) {
                    queryFilter.addFilterWithRealValue("1", 1, 1, QueryOP.NOT_EQUAL); //没有值，当没有权限处理
                    continue;
                }
                userIds = new ArrayList<>(new HashSet<String>(userIds));
                if ("user".equalsIgnoreCase((String)partyUserRightsPo.get("objectNature")) && StringUtil.isNotBlank(userIdfield)) {
                    queryFilter.addFilterWithRealValue(userIdfield, userIds, userIds, QueryOP.IN);
                } else if ("org".equalsIgnoreCase((String)partyUserRightsPo.get("objectNature")) && StringUtil.isNotBlank(orgIdfield)) {
                    queryFilter.addFilterWithRealValue(orgIdfield, userIds, userIds, QueryOP.IN);
                }
            }
        }
    }

}