数据权限

sp-core/sp-base/pom.xml

@@ -190,6 +190,7 @@
 		<dependency>
 			<groupId>mysql</groupId>
 			<artifactId>mysql-connector-java</artifactId>
+
 		</dependency>
 		
 		<!-- 阿里 druid 连接池  -->

sp-core/sp-base/src/main/java/com/pj/current/mybatis/DataScope.java

@@ -1,4 +1,14 @@
 package com.pj.current.mybatis;
 
-public interface DataScope {
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface DataScope {
+    //需要拦截的sql字段
+    String value();
+
 }

sp-core/sp-base/src/main/java/com/pj/current/mybatis/DataScopePermissionHandler.java

@@ -1,17 +1,106 @@
-//package com.pj.current.mybatis;
-//
-//import com.baomidou.mybatisplus.extension.plugins.handler.DataPermissionHandler;
-//import lombok.extern.slf4j.Slf4j;
-//import net.sf.jsqlparser.expression.Expression;
-//import org.aspectj.lang.annotation.Aspect;
-//import org.springframework.stereotype.Component;
-//
-//@Aspect
-//@Slf4j
-//@Component
-//public class DataScopePermissionHandler  implements DataPermissionHandler {
-//    @Override
-//    public Expression getSqlSegment(Expression where, String mappedStatementId) {
-//        return null;
-//    }
-//}
+package com.pj.current.mybatis;
+
+import cn.hutool.core.util.ReflectUtil;
+import com.pj.current.dto.APPLoginUserInfo;
+import com.pj.current.dto.PCLoginUserInfo;
+import com.pj.current.satoken.StpAPPUserUtil;
+import com.pj.current.satoken.StpUserUtil;
+import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.expression.Expression;
+import org.apache.ibatis.executor.statement.RoutingStatementHandler;
+import org.apache.ibatis.executor.statement.StatementHandler;
+import org.apache.ibatis.mapping.BoundSql;
+import org.apache.ibatis.mapping.MappedStatement;
+import org.apache.ibatis.plugin.Interceptor;
+import org.apache.ibatis.plugin.Intercepts;
+import org.apache.ibatis.plugin.Invocation;
+import org.apache.ibatis.plugin.Signature;
+import org.springframework.stereotype.Component;
+
+import java.lang.reflect.Method;
+import java.sql.Connection;
+import java.util.Properties;
+
+@Slf4j
+@Intercepts(
+        {@Signature(method = "prepare", type = StatementHandler.class, args = {Connection.class, Integer.class})})
+@Component
+
+public class DataScopePermissionHandler implements Interceptor {
+
+    @Override
+    public Object intercept(Invocation invocation) throws Throwable {
+        if (invocation.getTarget() instanceof RoutingStatementHandler) {
+            //获取路由RoutingStatementHandler
+            RoutingStatementHandler statementHandler = (RoutingStatementHandler) invocation.getTarget();
+            //获取StatementHandler
+            StatementHandler delegate = (StatementHandler) ReflectUtil.getFieldValue(statementHandler, "delegate");
+
+            //获取sql
+            BoundSql boundSql = delegate.getBoundSql();
+
+            //获取mapper接口
+            MappedStatement mappedStatement = (MappedStatement) ReflectUtil.getFieldValue(delegate, "mappedStatement");
+            //获取mapper类文件
+            Class<?> clazz = Class.forName(mappedStatement.getId().substring(0, mappedStatement.getId().lastIndexOf(".")));
+            //获取mapper执行方法名
+            int length = mappedStatement.getId().length();
+            String mName = mappedStatement.getId().substring(mappedStatement.getId().lastIndexOf(".") + 1, length);
+
+            //遍历方法
+            for (Method method : clazz.getDeclaredMethods()) {
+                //方法是否含有DataScope注解，如果含有注解则将数据结果过滤
+                if (method.isAnnotationPresent(DataScope.class)) {
+                    DataScope requiredPermission = method.getAnnotation(DataScope.class);
+                    //判断是否为select语句
+                    Long tradeAreaId = getTradeAreaId();
+                    if (tradeAreaId == -1) {
+                        break;
+                    }
+                    String sql = boundSql.getSql();
+
+                    //根据用户权限拼接sql
+                    String column = requiredPermission.value();
+                    String checkSql=sql.toLowerCase();
+                    if (checkSql.contains("select count(0) from")){
+                        if (checkSql.contains("where")){
+                            sql=sql+" and "+column+" = "+tradeAreaId;
+                        }else {
+                            sql=sql+" where "+column+" = "+tradeAreaId;
+                        }
+                    }else {
+                        sql = "select * from (" + sql + " ) as p where p." + column + " = " + tradeAreaId;
+                    }
+                    //将sql注入boundSql
+                    ReflectUtil.setFieldValue(boundSql, "sql", sql);
+                    break;
+                }
+            }
+        }
+        return invocation.proceed();
+    }
+
+    private Long getTradeAreaId() {
+        PCLoginUserInfo pcLoginUserInfo = StpUserUtil.getPCLoginInfo();
+        if (pcLoginUserInfo != null) {
+            return pcLoginUserInfo.getTradeAreaId();
+        }
+        APPLoginUserInfo appLoginUserInfo = StpAPPUserUtil.getAPPLoginInfo();
+        if (appLoginUserInfo != null) {
+            return appLoginUserInfo.getTradeAreaId();
+        }
+        return 0L;
+
+    }
+
+
+    @Override
+    public Object plugin(Object target) {
+        return Interceptor.super.plugin(target);
+    }
+
+    @Override
+    public void setProperties(Properties properties) {
+        Interceptor.super.setProperties(properties);
+    }
+}

sp-core/sp-base/src/main/java/com/pj/retry/FeignConfig.java

@@ -1,23 +0,0 @@
-package com.pj.retry;
-
-import feign.Retryer;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-
-/**
- * @Author Mechrevo
- * @Date 2023 09 05 13 56
- **/
-@Configuration
-public class FeignConfig {
-
-    @Bean
-    public Retryer feignRetryer(){
-        return Retryer.NEVER_RETRY;
-    }
-
-
-
-
-}

sp-service/level-one-server/src/main/java/com/pj/tb_order/TbOrderController.java

@@ -3,6 +3,7 @@ package com.pj.tb_order;
 import java.util.List;
 
 import com.pj.api.dto.HtPassCardDTO;
+import com.pj.current.mybatis.DataScope;
 import com.pj.utils.so.SoMap;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -62,6 +63,7 @@ public class TbOrderController {
 	/** 查集合 - 根据条件（参数为空时代表忽略指定条件） */
 	@RequestMapping("getList")
 	@SaCheckPermission(TbOrder.PERMISSION_CODE)
+
 	public AjaxJson getList() {
 		SoMap so = SoMap.getRequestSoMap();
 		List<TbOrder> list = tbOrderService.getList(so.startPage());

sp-service/level-one-server/src/main/java/com/pj/tb_order/TbOrderMapper.java

@@ -2,6 +2,7 @@ package com.pj.tb_order;
 
 import java.util.List;
 
+import com.pj.current.mybatis.DataScope;
 import com.pj.tb_order.vo.ConfirmVo;
 import org.apache.ibatis.annotations.Mapper;
 
@@ -25,6 +26,7 @@ public interface TbOrderMapper extends BaseMapper <TbOrder> {
 	 * @param so 参数集合
 	 * @return 数据列表
 	 */
+	@DataScope("trade_area_id")
 	List<TbOrder> getList(SoMap so);
 
 	ConfirmVo getConfirmStatus(Long orderId);

sp-service/sp-admin/src/main/java/com/pj/project/app_user/AppUserService.java

@@ -276,7 +276,7 @@ public class AppUserService extends ServiceImpl<AppUserMapper, AppUser> implemen
         if (!matches) {
             loginLog.setStatus("1");
             appUserLoginLogService.save(loginLog);
-            return AjaxJson.getError("密码校验错误,请检查!");
+            return AjaxJson.getError("用户名或密码错误,请检查!");
         }
         //判断是否停用
         if (appUser.getStatus().equals("0")) {
@@ -589,7 +589,7 @@ public class AppUserService extends ServiceImpl<AppUserMapper, AppUser> implemen
      */
     public void createUser(AppUserCreateDTO createDTO) {
         log.info("创建账号:{}",JSONUtil.toJsonStr(createDTO));
-        String phone = createDTO.getPhone();
+        String phone = createDTO.getPhone().trim();
         AppUser appUser = this.findByPhone(phone);
         if (appUser != null) {
             return;