#157

xlorne · xlorne · commit 155c10b7f18f · 2025-10-22T16:24:34.000+08:00
diff --git a/pom.xml b/pom.xml
@@ -15,7 +15,7 @@
 
     <groupId>com.codingapi.springboot</groupId>
     <artifactId>springboot-parent</artifactId>
-    <version>2.10.18</version>
+    <version>2.10.19</version>
 
     <url>https://github.com/codingapi/springboot-framewrok</url>
     <name>springboot-parent</name>
diff --git a/springboot-starter-data-authorization/pom.xml b/springboot-starter-data-authorization/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.18</version>
+        <version>2.10.19</version>
     </parent>
 
     <name>springboot-starter-data-authorization</name>
diff --git a/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java b/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
@@ -5,6 +5,8 @@
 import com.codingapi.springboot.authorization.handler.RowHandler;
 import net.sf.jsqlparser.expression.Expression;
 import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.expression.operators.conditional.OrExpression;
+import net.sf.jsqlparser.expression.operators.relational.InExpression;
 import net.sf.jsqlparser.parser.CCJSqlParserUtil;
 import net.sf.jsqlparser.schema.Table;
 import net.sf.jsqlparser.statement.Statement;
@@ -100,6 +102,49 @@ private void enhanceDataPermissionInSelect(PlainSelect plainSelect) throws Excep
                 }
             }
         }
+
+        Expression expression =  plainSelect.getWhere();
+        this.handlerSubSelect(expression);
+    }
+
+    private void handlerSubSelect(Expression expression) throws Exception {
+        if(expression!=null){
+            if(expression instanceof AndExpression){
+                AndExpression andExpression = (AndExpression) expression;
+                Expression leftExpression =  andExpression.getLeftExpression();
+                Expression rightExpression =  andExpression.getRightExpression();
+
+                this.handlerSubSelect(leftExpression);
+                this.handlerSubSelect(rightExpression);
+
+            }
+            if(expression instanceof OrExpression){
+                OrExpression orExpression = (OrExpression) expression;
+                Expression leftExpression =  orExpression.getLeftExpression();
+                Expression rightExpression =  orExpression.getRightExpression();
+
+                this.handlerSubSelect(leftExpression);
+                this.handlerSubSelect(rightExpression);
+            }
+
+            if(expression instanceof InExpression){
+                InExpression inExpression = (InExpression) expression;
+                Expression leftExpression =  inExpression.getLeftExpression();
+                Expression rightExpression =  inExpression.getRightExpression();
+
+                this.handlerSubSelect(leftExpression);
+                this.handlerSubSelect(rightExpression);
+            }
+
+            if(expression instanceof ParenthesedSelect){
+                ParenthesedSelect  parenthesedSelect = (ParenthesedSelect) expression;
+                this.enhanceDataPermissionInSelect(parenthesedSelect.getPlainSelect());
+            }
+
+            if(expression instanceof PlainSelect){
+                this.enhanceDataPermissionInSelect((PlainSelect) expression);
+            }
+        }
     }
 
 
diff --git a/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java b/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java
@@ -1,13 +1,11 @@
 package com.codingapi.springboot.authorization;
 
 import com.codingapi.springboot.authorization.current.CurrentUser;
-import com.codingapi.springboot.authorization.enhancer.DataPermissionSQLEnhancer;
 import com.codingapi.springboot.authorization.entity.Depart;
 import com.codingapi.springboot.authorization.entity.Unit;
 import com.codingapi.springboot.authorization.entity.User;
 import com.codingapi.springboot.authorization.filter.DefaultDataAuthorizationFilter;
 import com.codingapi.springboot.authorization.handler.Condition;
-import com.codingapi.springboot.authorization.handler.RowHandler;
 import com.codingapi.springboot.authorization.interceptor.SQLRunningContext;
 import com.codingapi.springboot.authorization.mask.ColumnMaskContext;
 import com.codingapi.springboot.authorization.mask.impl.BankCardMask;
@@ -17,14 +15,6 @@
 import com.codingapi.springboot.authorization.repository.UnitRepository;
 import com.codingapi.springboot.authorization.repository.UserRepository;
 import lombok.extern.slf4j.Slf4j;
-import net.sf.jsqlparser.expression.Expression;
-import net.sf.jsqlparser.parser.CCJSqlParserUtil;
-import net.sf.jsqlparser.schema.Column;
-import net.sf.jsqlparser.statement.Statement;
-import net.sf.jsqlparser.statement.select.PlainSelect;
-import net.sf.jsqlparser.statement.select.Select;
-import net.sf.jsqlparser.statement.select.SelectItem;
-import net.sf.jsqlparser.statement.select.SelectItemVisitor;
 import org.junit.jupiter.api.MethodOrderer;
 import org.junit.jupiter.api.Order;
 import org.junit.jupiter.api.Test;
@@ -37,7 +27,6 @@
 import org.springframework.test.annotation.Rollback;
 
 import java.time.LocalDate;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -280,74 +269,43 @@ public boolean supportColumnAuthorization(String tableName, String columnName, O
 
     }
 
-
-//    @Test
+    @Test
     @Order(4)
-    void test4() throws Exception{
-        String sql = "SELECT\n" +
-                "\tt.* \n" +
-                "FROM\n" +
-                "\t(\n" +
-                "\t\tSELECT\n" +
-                "\t\t\tUNYiV.id AS '历史工作经历编号',\n" +
-                "\t\t\tUNYiV.company_name AS '历史工作单位',\n" +
-                "\t\t\tUNYiV.depart_name AS '历史工作部门',\n" +
-                "\t\t\tUNYiV.post_name AS '历史工作岗位',\n" +
-                "\t\t\tUNYiV.start_date AS '开始时间',\n" +
-                "\t\t\tUNYiV.end_date AS '结束时间',\n" +
-                "\t\t\towasH.员工编号 AS '员工编号',\n" +
-                "\t\t\towasH.员工姓名 AS '员工姓名',\n" +
-                "\t\t\towasH.员工生日 AS '员工生日',\n" +
-                "\t\t\towasH.员工地址 AS '员工地址',\n" +
-                "\t\t\towasH.身份证号码 AS '身份证号码',\n" +
-                "\t\t\towasH.手机号 AS '手机号',\n" +
-                "\t\t\towasH.部门编号 AS '部门编号',\n" +
-                "\t\t\towasH.岗位编号 AS '岗位编号',\n" +
-                "\t\t\towasH.任现职编号 AS '任现职编号',\n" +
-                "\t\t\towasH.社团编号 AS '社团编号',\n" +
-                "\t\t\towasH.社团名称 AS '社团名称',\n" +
-                "\t\t\towasH.创建时间 AS '创建时间' \n" +
-                "\t\tFROM\n" +
-                "\t\t\tt_work AS pehMS,\n" +
-                "\t\t\tt_employee AS OGwG7,\n" +
-                "\t\t\tt_work_history AS UNYiV,\n" +
-                "\t\t\t(\n" +
-                "\t\t\t\tSELECT\n" +
-                "\t\t\t\t\tWXJj8.id AS '员工编号',\n" +
-                "\t\t\t\t\tWXJj8.NAME AS '员工姓名',\n" +
-                "\t\t\t\t\tWXJj8.birth_date AS '员工生日',\n" +
-                "\t\t\t\t\tWXJj8.address AS '员工地址',\n" +
-                "\t\t\t\t\tWXJj8.id_card AS '身份证号码',\n" +
-                "\t\t\t\t\tWXJj8.phone AS '手机号',\n" +
-                "\t\t\t\t\tWXJj8.depart_id AS '部门编号',\n" +
-                "\t\t\t\t\tWXJj8.post_id AS '岗位编号',\n" +
-                "\t\t\t\t\tWXJj8.work_id AS '任现职编号',\n" +
-                "\t\t\t\t\trnGD4.id AS '社团编号',\n" +
-                "\t\t\t\t\trnGD4.NAME AS '社团名称',\n" +
-                "\t\t\t\t\trnGD4.create_date AS '创建时间' \n" +
-                "\t\t\t\tFROM\n" +
-                "\t\t\t\t\tt_employee AS WXJj8,\n" +
-                "\t\t\t\t\tt_league_employee AS dEj96,\n" +
-                "\t\t\t\t\tt_league AS rnGD4 \n" +
-                "\t\t\t\tWHERE\n" +
-                "\t\t\t\t\trnGD4.id < 100 \n" +
-                "\t\t\t\t\tAND dEj96.employee_id = WXJj8.id \n" +
-                "\t\t\t\t\tAND dEj96.league_id = rnGD4.id \n" +
-                "\t\t\t\t\tAND 1 = 1 \n" +
-                "\t\t\t) AS owasH \n" +
-                "\t\tWHERE\n" +
-                "\t\t\tUNYiV.employee_id = OGwG7.id \n" +
-                "\t\t\tAND OGwG7.work_id = pehMS.id \n" +
-                "\t\t\tAND owasH.任现职编号 = pehMS.id \n" +
-                "\t\t\tAND 1 = 1 \n" +
-                "\t) AS t , t_employee AS e where t.员工编号 = e.id and e.id = 1";
+    void test4() throws Exception {
+
+        unitRepository.deleteAll();
+        departRepository.deleteAll();
+        userRepository.deleteAll();
+
+        Unit rootUnit = new Unit("Coding总公司");
+        unitRepository.save(rootUnit);
+
+        Unit sdUnit = new Unit("Coding山东分公司", rootUnit.getId());
+        unitRepository.save(sdUnit);
+
+        Depart jgbDepart = new Depart("Coding架构部", rootUnit.getId());
+        departRepository.save(jgbDepart);
+
+        Depart xmbDepart = new Depart("Coding项目部", sdUnit.getId());
+        departRepository.save(xmbDepart);
+
+        User lorne = new User("lorne", LocalDate.parse("1991-01-01"), "beijing", "110105199003078999", "13812345678", jgbDepart);
+        User bob = new User("bob", LocalDate.parse("1991-01-01"), "beijing", "110105199003078999", "13812345678", xmbDepart);
+        User tom = new User("tom", LocalDate.parse("1991-01-01"), "beijing", "110105199003078999", "13812345678", xmbDepart);
+
+        userRepository.save(lorne);
+        userRepository.save(bob);
+        userRepository.save(tom);
+
+        String sql = "select * from t_user where phone like '%1%' and id > 1 and depart_id in (select id from t_depart where id > 0)";
 
 
         DataAuthorizationContext.getInstance().clearDataAuthorizationFilters();
         DataAuthorizationContext.getInstance().addDataAuthorizationFilter(new DefaultDataAuthorizationFilter() {
             @Override
             public Condition rowAuthorization(String tableName, String tableAlias) {
-                return super.rowAuthorization(tableName, tableAlias);
+                String conditionTemplate = "%s.id > -100 ";
+                return Condition.formatCondition(conditionTemplate, tableAlias);
             }
 
             @Override
@@ -358,18 +316,23 @@ public <T> T columnAuthorization(String tableName, String columnName, T value) {
 
             @Override
             public boolean supportColumnAuthorization(String tableName, String columnName, Object value) {
-                return true;
+                if ("t_depart".equalsIgnoreCase(tableName)) {
+                    return true;
+                }
+                return false;
             }
 
             @Override
             public boolean supportRowAuthorization(String tableName, String tableAlias) {
-                return true;
+                if ("t_depart".equalsIgnoreCase(tableName)) {
+                    return true;
+                }
+                return false;
             }
         });
 
-
         List<Map<String, Object>> data = jdbcTemplate.queryForList(sql);
-//        System.out.println(data);
+        System.out.println(data);
     }
 
 
diff --git a/springboot-starter-data-authorization/src/test/resources/application.properties b/springboot-starter-data-authorization/src/test/resources/application.properties
@@ -11,3 +11,5 @@ spring.jpa.show-sql=true
 #spring.datasource.password=lorne4j#2024
 
 logging.level.com.codingapi.springboot.authorization=debug
+
+codingapi.data-authorization.show-sql=true
diff --git a/springboot-starter-data-fast/pom.xml b/springboot-starter-data-fast/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.18</version>
+        <version>2.10.19</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/springboot-starter-flow/pom.xml b/springboot-starter-flow/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.18</version>
+        <version>2.10.19</version>
     </parent>
 
     <name>springboot-starter-flow</name>
diff --git a/springboot-starter-security/pom.xml b/springboot-starter-security/pom.xml
@@ -6,7 +6,7 @@
     <parent>
         <artifactId>springboot-parent</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>2.10.18</version>
+        <version>2.10.19</version>
     </parent>
 
     <artifactId>springboot-starter-security</artifactId>
diff --git a/springboot-starter/pom.xml b/springboot-starter/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>2.10.18</version>
+        <version>2.10.19</version>
     </parent>
     <artifactId>springboot-starter</artifactId>
 
diff --git a/springboot-starter/src/main/resources/META-INF/banner.txt b/springboot-starter/src/main/resources/META-INF/banner.txt
@@ -1,4 +1,4 @@
 ------------------------------------------------------
-CodingApi SpringBoot-Starter 2.10.18
+CodingApi SpringBoot-Starter 2.10.19
 springboot version (${spring-boot.version})
 ------------------------------------------------------
