涉及知识点
- guns 脚手架
- ibatis及其插件拦截器
部门&员工&订单情况
部门_员工_订单
实现目标-查询记录范围
销售员(销售员1):只能看自己的订单
部门主管(腾飞):可以查看本部门所有订单
财务:查看所有部门下的所有订单
总经理:查看所有部门下的所有订单
用角色控制菜单权限,用特定的角色控制user的职位(查看数据的范围)
增删改等是菜单权限控制(包括按钮权限等非菜单控制权限)
插件角色&user用户
创建角色
--部门主管_查看部门所有order数据
--总部管理_查看所有部分order数据
INSERT INTO `guns`.`sys_role` (`role_id`, `pid`, `name`, `description`, `sort`, `version`, `create_time`, `update_time`, `create_user`, `update_user`) VALUES ('1344163803214602241', '0', '部门主管_查看部门所有order数据', 'dept_admin', '30', NULL, '2020-12-30 14:09:59', '2020-12-30 14:56:31', '1338373521894236162', '1');
INSERT INTO `guns`.`sys_role` (`role_id`, `pid`, `name`, `description`, `sort`, `version`, `create_time`, `update_time`, `create_user`, `update_user`) VALUES ('1344175433310756866', '0', '总部管理_查看所有部分order数据', 'deptAll_admin', '40', NULL, '2020-12-30 14:56:12', NULL, '1', NULL);
例子:销售管理-主管(“腾飞”)设置的角色sale、dept_admin
创建用户
也用DataScope控制部门的order
参考UserMgrController查询list的方式进行处理
image.png
ibatis 插件--先阅读代码DataScopeInterceptor,实现过虑user情况,发现需要返回字段中要求deptId
拦截器的特殊debug情况
在没用看到 as的情况下还真不懂的是临时表的别名(之前习惯别名都是a 或b之类,没看明白,特别记录一下笔记)
image.png
#比如拦截的代码是originalSql
select * from (select
a.order_id AS "orderId", a.shop_id AS "shopId", a.product_id AS "productId", a.order_time AS "orderTime", a.order_process_status AS "orderProcessStatus", a.pay_agent AS "payAgent", a.payed_to_agent AS "payedToAgent", a.short_message_num AS "shortMessageNum", a.short_message_unit AS "shortMessageUnit" , a.actual_payment AS "actualPayment", a.receivables AS "receivables", a.pay_pic_url AS "payPicUrl", a.receive_time AS "receiveTime"
, a.gift AS "gift", a.gift_detail AS "giftDetail", a.check_user_id AS "checkUserId", a.contract_sign_time AS "contractSignTime", a.finance_pay_type AS "financePayType", a.finance_payment_account AS "financePaymentAccount", a.finance_bill_type AS "financeBillType", a.finance_bill_detail AS "financeBillDetail"
, a.create_time AS "createTime", a.create_user AS "createUser", a.update_time AS "updateTime", b.dept_id AS "deptid"
from lm_order a,sys_user b where a.create_user = b.user_id) temp_data_scope where temp_data_scope.deptid in (25)
#
SELECT * from (SELECT * FROM sys_user) temp_table WHERE temp_table.dept_id IN (25)
SELECT * from (SELECT * FROM sys_user) as temp_table WHERE temp_table.dept_id IN (27)
OrderMapper.xml中的sql脚本-要如何实现?
实现目标
#navicat测试脚本
SELECT b.dept_id,b.account,a.* from lm_order a,sys_user b where a.create_user = b.user_id
#即
SELECT a.* from lm_order a,sys_user b where a.create_user = b.user_id and dept_id =25
原来OrderMapper.xml
image.png
修改后的OrderMapper.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="cn.stylefeng.guns.modular.sale.mapper.OrderMapper">
<!-- 通用查询映射结果 -->
<resultMap id="BaseResultMap" type="cn.stylefeng.guns.modular.sale.entity.Order">
<id column="order_id" property="orderId" />
<result column="shop_id" property="shopId" />
<result column="product_id" property="productId" />
<result column="order_time" property="orderTime" />
<result column="order_process_status" property="orderProcessStatus" />
<result column="pay_agent" property="payAgent" />
<result column="payed_to_agent" property="payedToAgent" />
<result column="short_message_num" property="shortMessageNum" />
<result column="short_message_unit" property="shortMessageUnit" />
<result column="actual_payment" property="actualPayment" />
<result column="receivables" property="receivables" />
<result column="pay_pic_url" property="payPicUrl" />
<result column="receive_time" property="receiveTime" />
<result column="gift" property="gift" />
<result column="gift_detail" property="giftDetail" />
<result column="check_user_id" property="checkUserId" />
<result column="contract_sign_time" property="contractSignTime" />
<result column="finance_pay_type" property="financePayType" />
<result column="finance_payment_account" property="financePaymentAccount" />
<result column="finance_bill_type" property="financeBillType" />
<result column="finance_bill_detail" property="financeBillDetail" />
<result column="create_time" property="createTime" />
<result column="create_user" property="createUser" />
<result column="update_time" property="updateTime" />
</resultMap>
<!-- 通用查询结果列 -->
<sql id="Base_Column_List">
a.order_id AS "orderId", a.shop_id AS "shopId", a.product_id AS "productId", a.order_time AS "orderTime", a.order_process_status AS "orderProcessStatus", a.pay_agent AS "payAgent", a.payed_to_agent AS "payedToAgent", a.short_message_num AS "shortMessageNum", a.short_message_unit AS "shortMessageUnit" , a.actual_payment AS "actualPayment", a.receivables AS "receivables", a.pay_pic_url AS "payPicUrl", a.receive_time AS "receiveTime"
, a.gift AS "gift", a.gift_detail AS "giftDetail", a.check_user_id AS "checkUserId", a.contract_sign_time AS "contractSignTime", a.finance_pay_type AS "financePayType", a.finance_payment_account AS "financePaymentAccount", a.finance_bill_type AS "financeBillType", a.finance_bill_detail AS "financeBillDetail"
, a.create_time AS "createTime", a.create_user AS "createUser", a.update_time AS "updateTime", b.dept_id AS "deptid"
</sql>
<!-- 添加部门过虑前 :from lm_order where 1 = 1-->
<!--部门国立后 :from lm_order a,sys_user b where a.create_user = b.user_id-->
<!--主要的是采用需要返回b.dept_id AS "deptid-->
<select id="getOrders" resultType="map">
select
<include refid="Base_Column_List"/>
from lm_order a,sys_user b where a.create_user = b.user_id
<if test="beginTime != null and beginTime !='' and endTime != null and endTime != ''">
and (create_time between CONCAT(#{beginTime},' 00:00:00') and CONCAT(#{endTime},' 23:59:59'))
</if>
<if test="createUser != null and createUser !=''">
and a.create_user like CONCAT('%',#{createUser},'%')
</if>
<if test="payType != null and payType !=''">
and finance_pay_type like CONCAT('%',#{payType},'%')
</if>
<if test="orderProcess != null and orderProcess !=''">
and order_process_status like CONCAT('%',#{orderProcess},'%')
</if>
</select>
</mapper>
OrderController的list部分代码
/**
* 查询 订单 表/order/list
*/
@RequestMapping("/list")
@Permission //@Permission(Const.ADMIN_NAME)
@ResponseBody
public Object list(@RequestParam(required = false) String beginTime,
@RequestParam(required = false) String endTime,
@RequestParam(required = false) String createUser,
@RequestParam(required = false) String payType,
@RequestParam(required = false) String orderProcess
) {
//获取分页参数
Page page = LayuiPageFactory.defaultPage();
//ShiroKit.getDeptDataScope()
//根据条件查询操作日志
DataScope dataScope = null;
if (ShiroKit.isAdmin() ||ShiroKit.isAllDept_Admin()){//所有部门,所有订单
createUser = null;
dataScope = null;
}else if (ShiroKit.isDept_Admin()){//部门所有订单
createUser = null;
dataScope = new DataScope(ShiroKit.getDeptDataScope());
}else {//普通员工只能查自己的订单
createUser = ShiroKit.getUser().getId()+"";
}
List<Map<String, Object>> result = orderService.getOders(dataScope,page, beginTime, endTime, createUser, payType,orderProcess);
page.setRecords(new OrderWrapper(result).wrap());
return LayuiPageFactory.createPageInfo(page);
}
ShiroKit权限控制添加2个方法
/**
* 判断当前用户是否是部门管理员
*/
public static boolean isDept_Admin() {
List<Long> roleList = ShiroKit.getUser().getRoleList();
for (Long integer : roleList) {
String singleRoleTip = ConstantFactory.me().getSingleRoleTip(integer);
if (singleRoleTip.equals("dept_admin")) {
return true;
}
}
return false;
}
/**
* 判断当前用户是否是all部门管理员
*/
public static boolean isAllDept_Admin() {
List<Long> roleList = ShiroKit.getUser().getRoleList();
for (Long integer : roleList) {
String singleRoleTip = ConstantFactory.me().getSingleRoleTip(integer);
if (singleRoleTip.equals("deptAll_admin")) {
return true;
}
}
return false;
}
网友评论