From 0680d1ed1f79655d553618e0e1c007bcf07f4d7a Mon Sep 17 00:00:00 2001 From: RuoYi Date: Wed, 5 Jun 2024 12:48:37 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=95=B0=E6=8D=AE=E6=9D=83?= =?UTF-8?q?=E9=99=90=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/ruoyi/common/core/text/Convert.java | 4 +++ .../datascope/aspect/DataScopeAspect.java | 28 +++++++++++++------ .../handler/GlobalExceptionHandler.java | 27 +++++++++++------- 3 files changed, 40 insertions(+), 19 deletions(-) diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/text/Convert.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/text/Convert.java index 2176e12a9..7d8894ca8 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/text/Convert.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/text/Convert.java @@ -364,6 +364,10 @@ public class Convert */ public static String[] toStrArray(String str) { + if (StringUtils.isEmpty(str)) + { + return new String[] {}; + } return toStrArray(",", str); } diff --git a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java index dde9196d1..586fa13ce 100644 --- a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java +++ b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java @@ -92,16 +92,22 @@ public class DataScopeAspect { StringBuilder sqlString = new StringBuilder(); List conditions = new ArrayList(); + List scopeCustomIds = new ArrayList(); + user.getRoles().forEach(role -> { + if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) + { + scopeCustomIds.add(Convert.toStr(role.getRoleId())); + } + }); for (SysRole role : user.getRoles()) { String dataScope = role.getDataScope(); - if (!DATA_SCOPE_CUSTOM.equals(dataScope) && conditions.contains(dataScope)) + if (conditions.contains(dataScope)) { continue; } - if (StringUtils.isNotEmpty(permission) && StringUtils.isNotEmpty(role.getPermissions()) - && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) + if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))) { continue; } @@ -113,9 +119,15 @@ public class DataScopeAspect } else if (DATA_SCOPE_CUSTOM.equals(dataScope)) { - sqlString.append(StringUtils.format( - " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, - role.getRoleId())); + if (scopeCustomIds.size() > 1) + { + // 多个自定数据权限使用in查询,避免多次拼接。 + sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in ({}) ) ", deptAlias, String.join(",", scopeCustomIds))); + } + else + { + sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias, role.getRoleId())); + } } else if (DATA_SCOPE_DEPT.equals(dataScope)) { @@ -123,9 +135,7 @@ public class DataScopeAspect } else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) { - sqlString.append(StringUtils.format( - " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", - deptAlias, user.getDeptId(), user.getDeptId())); + sqlString.append(StringUtils.format(" OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )", deptAlias, user.getDeptId(), user.getDeptId())); } else if (DATA_SCOPE_SELF.equals(dataScope)) { diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/GlobalExceptionHandler.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/GlobalExceptionHandler.java index 6e7e95e05..476638c4d 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/GlobalExceptionHandler.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/GlobalExceptionHandler.java @@ -1,13 +1,6 @@ package com.ruoyi.common.security.handler; -import com.ruoyi.common.core.constant.HttpStatus; -import com.ruoyi.common.core.exception.DemoModeException; -import com.ruoyi.common.core.exception.InnerAuthException; -import com.ruoyi.common.core.exception.ServiceException; -import com.ruoyi.common.core.exception.auth.NotPermissionException; -import com.ruoyi.common.core.exception.auth.NotRoleException; -import com.ruoyi.common.core.utils.StringUtils; -import com.ruoyi.common.core.web.domain.AjaxResult; +import javax.servlet.http.HttpServletRequest; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.validation.BindException; @@ -17,7 +10,16 @@ import org.springframework.web.bind.MissingPathVariableException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RestControllerAdvice; import org.springframework.web.method.annotation.MethodArgumentTypeMismatchException; -import javax.servlet.http.HttpServletRequest; +import com.ruoyi.common.core.constant.HttpStatus; +import com.ruoyi.common.core.exception.DemoModeException; +import com.ruoyi.common.core.exception.InnerAuthException; +import com.ruoyi.common.core.exception.ServiceException; +import com.ruoyi.common.core.exception.auth.NotPermissionException; +import com.ruoyi.common.core.exception.auth.NotRoleException; +import com.ruoyi.common.core.text.Convert; +import com.ruoyi.common.core.utils.StringUtils; +import com.ruoyi.common.core.utils.html.EscapeUtil; +import com.ruoyi.common.core.web.domain.AjaxResult; /** * 全局异常处理器 @@ -91,8 +93,13 @@ public class GlobalExceptionHandler public AjaxResult handleMethodArgumentTypeMismatchException(MethodArgumentTypeMismatchException e, HttpServletRequest request) { String requestURI = request.getRequestURI(); + String value = Convert.toStr(e.getValue()); + if (StringUtils.isNotEmpty(value)) + { + value = EscapeUtil.clean(value); + } log.error("请求参数类型不匹配'{}',发生系统异常.", requestURI, e); - return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), e.getValue())); + return AjaxResult.error(String.format("请求参数类型不匹配,参数[%s]要求类型为:'%s',但输入值为:'%s'", e.getName(), e.getRequiredType().getName(), value)); } /**