回调select_admin字段

authorize-api-service/src/main/java/com/xy/entity/SysRole.java

@@ -45,9 +45,4 @@ public class SysRole extends BaseEntity2<SysRole> {
      */
     private Boolean status;
 
-    /**
-     * 是否预留角色
-     */
-    private Boolean isLeave;
-
 }

authorize-api-service/src/main/java/com/xy/entity/SysRoleMenu.java

@@ -34,4 +34,9 @@ public class SysRoleMenu extends BaseEntity<SysRoleMenu> {
      * 系统ID
      */
     private Long sysId;
+
+    /**
+     * 管理员查询权限;true=管理员查询权限查询某系统所有数据 false=普通查询权限查询某系统自身数据
+     */
+    private Boolean selectAdmin;
 }

authorize-api-service/src/main/java/com/xy/redis/RedisCache.java

@@ -1,5 +1,7 @@
 package com.xy.redis;
 
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.toolkit.support.SFunction;
 import com.xy.collections.list.JArrayList;
 import com.xy.collections.list.JList;
 import com.xy.collections.map.JMap;
@@ -89,6 +91,7 @@ public class RedisCache extends AuthorizeUtils {
                 .innerJoin(SysRoleMenu.class, SysRoleMenu::getMenuId, SysMenu::getId)
                 .selectAs(cb -> cb
                         .add(SysRoleMenu::getRoleId)
+                        .add(SysRoleMenu::getSelectAdmin)
                 )
                 .in(SysRoleMenu::getRoleId, sysRoleIds)
                 .end();
@@ -129,4 +132,20 @@ public class RedisCache extends AuthorizeUtils {
         return request.getRequestURI();
     }
 
+    /**
+     * 判断数据查询权限
+     *
+     * @param lambdaQueryWrapper 查询构造器
+     * @param function           普通查询权限时，条件lambda引用字段
+     * @return true=管理员数据查询权限 false=普通查询权限
+     */
+    public static <T> boolean getDataAuth(Long systemId, LambdaQueryWrapper<T> lambdaQueryWrapper, SFunction<T, ?> function) {
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+        boolean dataAuth = authByData(systemId, request.getRequestURI());
+        if (!dataAuth) {
+            lambdaQueryWrapper.eq(function, getLoginId(Long.class));
+            return false;
+        }
+        return true;
+    }
 }

authorize-api-service/src/main/java/com/xy/service/impl/AuthorizeServiceImpl.java

@@ -76,6 +76,13 @@ public class AuthorizeServiceImpl implements AuthorizeService {
         return R.ok(b);
     }
 
+    @Override
+    @ApiOperation("数据鉴权")
+    public R<Boolean> authByData(AuthorizeDto authorizeDto) {
+        boolean b = RedisCache.authByData(authorizeDto.getSystemId(), authorizeDto.getUri());
+        return R.ok(b);
+    }
+
     @Override
     @ApiOperation("获取登录id")
     public R<Object> getLoginId() {

authorize-api-service/src/main/java/com/xy/service/impl/SysMenuServiceImpl.java

@@ -100,6 +100,7 @@ public class SysMenuServiceImpl extends ServiceImpl<SysMenuMapper, SysMenu> impl
         SysRole sysRole = sysRoleMapper.selectOne(new LambdaQueryWrapper<SysRole>().eq(SysRole::getSysId, save.getSysId()).eq(SysRole::getCode, CommConsts.ADMIN_ROLE_CODE));
         SysRoleMenu sysRoleMenu = new SysRoleMenu()
                 .createId()
+                .setSelectAdmin(true)
                 .setMenuId(sysMenu.getId())
                 .setRoleId(sysRole.getId());
         sysRoleMenuMapper.insert(sysRoleMenu);

authorize-api/src/main/java/com/xy/dto/SysMenuDto.java

@@ -162,6 +162,9 @@ public class SysMenuDto {
         @ApiModelProperty("图标")
         private String icon;
 
+        @ApiModelProperty("管理员查询权限")
+        private Boolean selectAdmin;
+
         @ApiModelProperty("子级集合")
         private List<Vo> sonSysMenu;
     }

authorize-api/src/main/java/com/xy/service/AuthorizeService.java

@@ -83,6 +83,14 @@ public interface AuthorizeService {
     @PostMapping("authByInterface")
     R<Boolean> authByInterface(@RequestBody AuthorizeDto authorizeDto);
 
+    /**
+     * 数据鉴权
+     *
+     * @return
+     */
+    @PostMapping("authByData")
+    R<Boolean> authByData(@RequestBody AuthorizeDto authorizeDto);
+
     /**
      * 获取登录id
      *

authorize-sdk/src/main/java/com/xy/entity/SysMenuJoinSysRoleMenu.java

@@ -96,4 +96,9 @@ public class SysMenuJoinSysRoleMenu implements Serializable {
      * 图标
      */
     private String icon;
+
+    /**
+     * 管理员查询权限;true=管理员查询权限查询某系统所有数据 false=普通查询权限查询某系统自身数据
+     */
+    private Boolean selectAdmin;
 }

authorize-sdk/src/main/java/com/xy/utils/AuthorizeUtils.java

@@ -523,6 +523,56 @@ public class AuthorizeUtils {
         return authByInterface(getToken(), systemId, uri);
     }
 
+    /**
+     * 数据鉴权
+     *
+     * @param token    token
+     * @param systemId 系统id
+     * @param uri      接口uri
+     * @return
+     */
+    public static boolean authByData(String token, Long systemId, String uri) {
+        {
+            //远程调用
+            AuthorizeConfig authorizeConfig = getAuthorizeConfig();
+            if (!authorizeConfig.getIsNative()) {
+                JSONObject jsonObject = new JSONObject().set("systemId", systemId).set("uri", uri);
+                Object obj = send("/authorize/authByData", token, jsonObject);
+                if (obj == null) {
+                    return false;
+                }
+                return Boolean.valueOf(obj.toString());
+            }
+        }
+        //获取redis缓存
+        List<AuthorizeUtils.CacheEntity> cacheEntities = getRedisService().getMap(getKey(getLoginId(token, Long.class)), systemId.toString());
+        if (!Emptys.check(cacheEntities)) {
+            return false;
+        }
+        //遍历角色
+        for (AuthorizeUtils.CacheEntity cacheEntity : cacheEntities) {
+            //根据 接口uri和管理员数据查询权限=true 查找角色菜单，找到则有管理员数据查询权限，反之普通查询权限
+            SysMenuJoinSysRoleMenu sysMenuJoinSysRoleMenu = new JArrayList<>(cacheEntity.getList()).filter()
+                    .like(SysMenuJoinSysRoleMenu::getInterfaceUri, uri)
+                    .eq(SysMenuJoinSysRoleMenu::getSelectAdmin, true)
+                    .object();
+            if (sysMenuJoinSysRoleMenu != null) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 数据鉴权
+     *
+     * @param uri
+     * @return
+     */
+    public static boolean authByData(Long systemId, String uri) {
+        return authByData(getToken(), systemId, uri);
+    }
+
     @Data
     @Accessors(chain = true)
     public static class CacheEntity implements Serializable {

doc/init.sql

@@ -94,67 +94,67 @@ values(28, 24, 1, 'system_value_edit', '编辑系统属性', 2, '/sys-system-val
 
 -- 新增角色菜单关联
 delete from sys_role_menu where id in(10000, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 100, 101, 300);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(10000, 1, 10000, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(1, 1, 1, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(2, 1, 2, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(3, 1, 3, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(4, 1, 4, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(5, 1, 5, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(6, 1, 6, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(7, 1, 7, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(8, 1, 8, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(9, 1, 9, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(10, 1, 10, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(11, 1, 11, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(12, 1, 12, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(13, 1, 13, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(14, 1, 14, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(15, 1, 15, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(16, 1, 16, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(17, 1, 17, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(18, 1, 18, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(19, 1, 19, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(20, 1, 20, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(21, 1, 21, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(22, 1, 22, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(23, 1, 23, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(24, 1, 24, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(25, 1, 25, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(26, 1, 26, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(27, 1, 27, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(28, 1, 28, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(100, 1, 100, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(101, 1, 101, 1);
-insert into sys_role_menu(id, role_id, menu_id, sys_id)
-values(300, 1, 300, 1);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(10000, 1, 10000, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(1, 1, 1, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(2, 1, 2, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(3, 1, 3, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(4, 1, 4, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(5, 1, 5, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(6, 1, 6, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(7, 1, 7, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(8, 1, 8, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(9, 1, 9, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(10, 1, 10, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(11, 1, 11, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(12, 1, 12, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(13, 1, 13, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(14, 1, 14, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(15, 1, 15, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(16, 1, 16, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(17, 1, 17, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(18, 1, 18, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(19, 1, 19, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(20, 1, 20, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(21, 1, 21, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(22, 1, 22, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(23, 1, 23, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(24, 1, 24, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(25, 1, 25, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(26, 1, 26, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(27, 1, 27, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(28, 1, 28, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(100, 1, 100, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(101, 1, 101, 1, true);
+insert into sys_role_menu(id, role_id, menu_id, sys_id, select_admin)
+values(300, 1, 300, 1, true);