java source code of DataPermissionInterceptor

FEBS-Cloud-master
- febs-apm
  - prometheus-grafana
    - alertmanager.yml
    - memory_over.yml
    - prometheus.yml
    - server_down.yml
    - more_rules.yml
    - docker-compose.yml
  - pom.xml
  - skywalking-elk
    - skywalking_application.yml
    - elasticsearch.yml
    - docker-compose.yml
  - .DS_Store
  - febs-admin
    - src
      - main
        resources
        bootstrap.yml
        logback-spring.xml
        banner.txt
        java
        cc
        mrbird
        febs
        monitor
        admin
        configure
        FebsSecurityConfigure.java
        runner
        StartedUpRunner.java
        FebsAdminApplication.java
    - pom.xml
    - .DS_Store
    - run.sh
    - Dockerfile
- .github
  - FUNDING.yml
  - issue_template.md
- febs-tx-manager
  - src
    - main
      - resources
        bootstrap.yml
        logback-spring.xml
        banner.txt
      - .DS_Store
      - java
        cc
        mrbird
        febs
        tx
        manager
        FebsTxManagerApplication.java
        runner
        StartedUpRunner.java
    - .DS_Store
  - pom.xml
  - .DS_Store
  - run.sh
  - Dockerfile
- images
  - febs-cloud.svg
  - SkywalkingAPM.svg
  - PrometheusAPM.svg
  - QQ.jpg
- Readme.md
- LICENSE
- febs-auth
  - src
    - main
      - resources
        ValidationMessages.properties
        templates
        fail.html
        result.html
        login.html
        febs-auth.properties
        bootstrap.yml
        logback-spring.xml
        banner.txt
        static
        resource
        jQuery-2.1.4.min.js
        favicon.ico
        login.min.js
        login.min.css
        mapper
        MenuMapper.xml
        UserMapper.xml
      - java
        cc
        mrbird
        febs
        auth
        entity
        OauthClientDetails.java
        BindUser.java
        UserConnection.java
        properties
        FebsAuthProperties.java
        FebsValidateCodeProperties.java
        configure
        FebsSecurityConfigure.java
        FebsAuthorizationServerConfigure.java
        service
        impl
        RedisClientDetailsService.java
        ValidateCodeServiceImpl.java
        UserConnectionServiceImpl.java
        SocialLoginServiceImpl.java
        FebsUserDetailServiceImpl.java
        OauthClientDetailsServiceImpl.java
        UserConnectionService.java
        OauthClientDetailsService.java
        SocialLoginService.java
        ValidateCodeService.java
        runner
        StartedUpRunner.java
        translator
        FebsWebResponseExceptionTranslator.java
        manager
        UserManager.java
        handler
        FebsWebLoginSuccessHandler.java
        FebsWebLoginFailureHandler.java
        GlobalExceptionHandler.java
        FebsAuthApplication.java
        filter
        ValidateCodeFilter.java
        mapper
        MenuMapper.java
        OauthClientDetailsMapper.java
        UserMapper.java
        UserConnectionMapper.java
        UserRoleMapper.java
        controller
        OauthClientDetailsController.java
        SecurityController.java
        SocialLoginController.java
  - pom.xml
  - .DS_Store
  - run.sh
  - Dockerfile
- febs-gateway
  - src
    - main
      - resources
        ip2region
        bootstrap.yml
        logback-spring.xml
        banner.txt
        static
        robots.txt
        favicon.ico
        manifest.json
        index.html
      - java
        cc
        mrbird
        febs
        gateway
        common
        configure
        FebsGatewayErrorConfigure.java
        runner
        StartedUpRunner.java
        handler
        FebsGatewayExceptionHandler.java
        filter
        FebsGatewayRequestFilter.java
        controller
        FallbackController.java
        IndexController.java
        FebsGatewayApplication.java
        enhance
        utils
        PageableExecutionUtil.java
        RouteEnhanceCacheUtil.java
        AddressUtil.java
        entity
        RateLimitLog.java
        RateLimitRule.java
        RouteLog.java
        BlockLog.java
        BlackList.java
        RouteUser.java
        configure
        FebsRouteEnhanceConfigure.java
        service
        impl
        RateLimitRuleServiceImpl.java
        RouteUserServiceImpl.java
        RateLimitLogServiceImpl.java
        RouteEnhanceCacheServiceImpl.java
        RouteLogServiceImpl.java
        RouteEnhanceServiceImpl.java
        BlackListServiceImpl.java
        BlockLogServiceImpl.java
        BlackListService.java
        RateLimitRuleService.java
        RateLimitLogService.java
        BlockLogService.java
        RouteEnhanceCacheService.java
        RouteUserService.java
        RouteLogService.java
        RouteEnhanceService.java
        runner
        FebsRouteEnhanceRunner.java
        auth
        SecurityContextRepository.java
        AuthenticationManager.java
        WebFluxSecurityCorsFilter.java
        SecurityConfigure.java
        JwtTokenHelper.java
        mapper
        RouteUserMapper.java
        RateLimitRuleMapper.java
        BlockLogMapper.java
        RateLimitLogMapper.java
        BlackListMapper.java
        RouteLogMapper.java
        controller
        BlockLogController.java
        RouteLoginController.java
        RateLimitRuleController.java
        RouteUserController.java
        RouteLogController.java
        BlackListController.java
        RateLimitLogController.java
  - pom.xml
  - .DS_Store
  - run.sh
  - Dockerfile
- febs-server
  - febs-server-system
    - src
      - main
        resources
        ValidationMessages.properties
        ip2region
        spy.properties
        febs-server-system.properties
        bootstrap.yml
        logback-spring.xml
        banner.txt
        mapper
        LoginLogMapper.xml
        MenuMapper.xml
        UserMapper.xml
        RoleMapper.xml
        java
        cc
        mrbird
        febs
        server
        .DS_Store
        system
        utils
        AddressUtil.java
        FebsServerSystemApplication.java
        properties
        FebsServerSystemProperties.java
        .DS_Store
        configure
        FebsWebConfigure.java
        P6spySqlFormatConfigure.java
        service
        impl
        LoginLogServiceImpl.java
        DeptServiceImpl.java
        UserDataPermissionServiceImpl.java
        RoleServiceImpl.java
        EximportServiceImpl.java
        DataPermissionTestServiceImpl.java
        LogServiceImpl.java
        MenuServiceImpl.java
        RoleMenuServiceImpl.java
        UserServiceImpl.java
        UserRoleServiceImpl.java
        TradeLogServiceImpl.java
        IDeptService.java
        ITradeLogService.java
        ILoginLogService.java
        IMenuService.java
        ILogService.java
        IRoleMenuService.java
        IRoleService.java
        IUserRoleService.java
        IDataPermissionTestService.java
        IUserService.java
        IUserDataPermissionService.java
        IEximportService.java
        runner
        StartedUpRunner.java
        annotation
        ControllerEndpoint.java
        aspect
        BaseAspectSupport.java
        ControllerEndpointAspect.java
        handler
        GlobalExceptionHandler.java
        mapper
        DeptMapper.java
        RoleMapper.java
        TradeLogMapper.java
        MenuMapper.java
        LogMapper.java
        UserMapper.java
        RoleMenuMapper.java
        UserDataPermissionMapper.java
        UserRoleMapper.java
        DataPermissionTestMapper.java
        EximportMapper.java
        LoginLogMapper.java
        controller
        UserController.java
        MenuController.java
        RoleController.java
        LoginLogController.java
        DataPermissionTestController.java
        LogController.java
        DeptController.java
        TestController.java
        EximportController.java
    - pom.xml
    - .DS_Store
    - run.sh
    - Dockerfile
  - febs-server-test
    - src
      - main
        resources
        ValidationMessages.properties
        bootstrap.yml
        logback-spring.xml
        banner.txt
        java
        cc
        mrbird
        febs
        server
        test
        FebsServerTestApplication.java
        feign
        IRemoteUserService.java
        fallback
        RemoteUserServiceFallback.java
        RemoteTradeLogServiceFallback.java
        IRemoteTradeLogService.java
        service
        impl
        TradeLogServiceImpl.java
        ITradeLogService.java
        runner
        StartedUpRunner.java
        handler
        GlobalExceptionHandler.java
        mapper
        TradeLogMapper.java
        controller
        TestController.java
    - pom.xml
    - .DS_Store
    - run.sh
    - Dockerfile
  - pom.xml
  - febs-server-job
    - src
      - main
        resources
        ValidationMessages.properties
        bootstrap.yml
        logback-spring.xml
        banner.txt
        mapper
        JobMapper.xml
        java
        cc
        mrbird
        febs
        server
        job
        utils
        SpringContextUtil.java
        entity
        Job.java
        JobLog.java
        task
        TaskList.java
        FebsServerJobApplication.java
        validator
        CronValidator.java
        configure
        FebsJobConfigure.java
        helper
        ScheduleJob.java
        ScheduleRunnable.java
        ScheduleUtils.java
        service
        impl
        JobServiceImpl.java
        JobLogServiceImpl.java
        IJobService.java
        IJobLogService.java
        runner
        StartedUpRunner.java
        annotation
        IsCron.java
        handler
        GlobalExceptionHandler.java
        mapper
        JobLogMapper.java
        JobMapper.java
        controller
        JobController.java
        JobLogController.java
    - pom.xml
    - .DS_Store
    - run.sh
    - Dockerfile
  - .DS_Store
  - febs-server-generator
    - src
      - main
        resources
        ValidationMessages.properties
        generator
        templates
        mapperXml.ftl
        controller.ftl
        entity.ftl
        mapper.ftl
        service.ftl
        serviceImpl.ftl
        bootstrap.yml
        logback-spring.xml
        banner.txt
        mapper
        GeneratorMapper.xml
        java
        cc
        mrbird
        febs
        server
        generator
        entity
        FieldType.java
        FebsServerGeneratorApplication.java
        helper
        GeneratorHelper.java
        service
        impl
        GeneratorConfigServiceImpl.java
        GeneratorServiceImpl.java
        IGeneratorService.java
        IGeneratorConfigService.java
        runner
        StartedUpRunner.java
        handler
        GlobalExceptionHandler.java
        mapper
        GeneratorConfigMapper.java
        GeneratorMapper.java
        controller
        GeneratorController.java
        GeneratorConfigController.java
    - pom.xml
    - .DS_Store
    - run.sh
    - Dockerfile
- febs-common
  - febs-common-redis-starter
    - src
      - main
        resources
        META-INF
        spring.factories
        java
        cc
        mrbird
        febs
        common
        redis
        properties
        FebsLettuceRedisProperties.java
        configure
        FebsLettuceRedisAutoConfigure.java
        service
        RedisService.java
    - pom.xml
    - .DS_Store
  - febs-common-core
    - src
      - main
        java
        cc
        mrbird
        febs
        common
        core
        utils
        FileUtil.java
        DateUtil.java
        FebsUtil.java
        TreeUtil.java
        SortUtil.java
        entity
        FebsAuthUser.java
        FebsResponse.java
        constant
        GrantTypeConstant.java
        EndpointConstant.java
        SocialConstant.java
        GeneratorConstant.java
        RegexpConstant.java
        FebsServerConstant.java
        ImageTypeConstant.java
        ParamsConstant.java
        PageConstant.java
        StringConstant.java
        FebsConstant.java
        QueryRequest.java
        router
        VueRouter.java
        RouterMeta.java
        Tree.java
        DeptTree.java
        MenuTree.java
        CurrentUser.java
        system
        RoleMenu.java
        LoginLog.java
        UserRole.java
        DataPermissionTest.java
        UserDataPermission.java
        Log.java
        Menu.java
        Eximport.java
        Dept.java
        SystemUser.java
        Role.java
        GeneratorConfig.java
        TradeLog.java
        Column.java
        Table.java
        auth
        OauthCliendetails.java
        validator
        MobileValidator.java
        .DS_Store
        exception
        FebsException.java
        FileDownloadException.java
        ValidateCodeException.java
        converter
        TimeConverter.java
        annotation
        Helper.java
        IsMobile.java
        Fallback.java
        handler
        BaseExceptionHandler.java
    - pom.xml
    - .DS_Store
  - febs-common-doc-starter
    - src
      - main
        resources
        META-INF
        spring.factories
        java
        cc
        mrbird
        febs
        common
        doc
        starter
        properties
        FebsDocProperties.java
        configure
        FebsDocAutoConfigure.java
    - pom.xml
    - .DS_Store
  - pom.xml
  - .DS_Store
  - febs-common-security-starter
    - src
      - main
        resources
        META-INF
        spring.factories
        spring-configuration-metadata.json
        java
        cc
        mrbird
        febs
        common
        security
        starter
        properties
        FebsCloudSecurityProperties.java
        configure
        FebsCloudSecurityInteceptorConfigure.java
        FebsCloudSecurityAutoConfigure.java
        FebsCloudResourceServerConfigure.java
        interceptor
        FebsServerProtectInterceptor.java
        annotation
        EnableFebsCloudResourceServer.java
        handler
        FebsAccessDeniedHandler.java
        FebsAuthExceptionEntryPoint.java
    - pom.xml
  - febs-common-datasource-starter
    - src
      - main
        resources
        META-INF
        spring.factories
        java
        cc
        mrbird
        febs
        common
        datasource
        starter
        configure
        FebsDataSourceAutoConfigure.java
        inteceptor
        DataPermissionInterceptor.java
        annotation
        DataPermission.java
    - pom.xml
    - .DS_Store
  - febs-common-doc-gateway-starter
    - src
      - main
        resources
        META-INF
        spring.factories
        java
        cc
        mrbird
        febs
        common
        doc
        gateway
        properties
        FebsDocGatewayProperties.java
        configure
        FebsDocGatewayResourceConfigure.java
        FebsDocGatewayAutoConfigure.java
        handler
        FebsDocGatewayHandler.java
        filter
        FebsDocGatewayHeaderFilter.java
    - pom.xml
  - febs-common-doc
    - pom.xml
    - .DS_Store
- febs-cloud
  - sql
    - febs_cloud_job.sql
    - febs_cloud_base.sql
    - febs_nacos.sql
    - febs_cloud_route.sql
  - pom.xml
  - postman
    - Readme.md
    - FEBS-Cloud.postman_collection.json
  - docker compose
    - nacos
      - docker-compose.yml
    - febs-cloud
      - docker-compose.yml
    - third-part
      - docker-compose.yml
- .gitignore

package cc.mrbird.febs.common.datasource.starter.inteceptor;

import cc.mrbird.febs.common.core.entity.CurrentUser;
import cc.mrbird.febs.common.core.utils.FebsUtil;
import cc.mrbird.febs.common.datasource.starter.annotation.DataPermission;
import com.baomidou.mybatisplus.core.toolkit.PluginUtils;
import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler;
import lombok.extern.slf4j.Slf4j;
import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
import net.sf.jsqlparser.parser.CCJSqlParserManager;
import net.sf.jsqlparser.parser.CCJSqlParserUtil;
import net.sf.jsqlparser.schema.Table;
import net.sf.jsqlparser.statement.select.PlainSelect;
import net.sf.jsqlparser.statement.select.Select;
import org.apache.commons.lang3.StringUtils;
import org.apache.ibatis.executor.statement.StatementHandler;
import org.apache.ibatis.mapping.BoundSql;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.SqlCommandType;
import org.apache.ibatis.plugin.*;
import org.apache.ibatis.reflection.MetaObject;
import org.apache.ibatis.reflection.SystemMetaObject;

import java.io.StringReader;
import java.sql.Connection;
import java.util.Properties;

/**
 * @author MrBird
 */
@Slf4j
@Intercepts({@Signature(type = StatementHandler.class, method = "prepare", args = {Connection.class, Integer.class})})
public class DataPermissionInterceptor extends AbstractSqlParserHandler implements Interceptor {

    @Override
    public Object intercept(Invocation invocation) throws Throwable {
        StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget());
        MetaObject metaObject = SystemMetaObject.forObject(statementHandler);
        this.sqlParser(metaObject);
        MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement");

        BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql");
        Object paramObj = boundSql.getParameterObject();
        // 数据权限只针对查询语句
        if (SqlCommandType.SELECT == mappedStatement.getSqlCommandType()) {
            DataPermission dataPermission = getDataPermission(mappedStatement);
            if (shouldFilter(mappedStatement, dataPermission)) {
                String id = mappedStatement.getId();
                log.info("\n 数据权限过滤 method -> {}", id);
                String originSql = boundSql.getSql();
                String dataPermissionSql = dataPermissionSql(originSql, dataPermission);
                metaObject.setValue("delegate.boundSql.sql", dataPermissionSql);
                log.info("\n originSql -> {} \n dataPermissionSql: {}", originSql, dataPermissionSql);
            }
        }
        return invocation.proceed();
    }

    @Override
    public Object plugin(Object target) {
        if (target instanceof StatementHandler) {
            return Plugin.wrap(target, this);
        }
        return target;
    }

    @Override
    public void setProperties(Properties properties) {
    }

    private String dataPermissionSql(String originSql, DataPermission dataPermission) {
        try {
            if (StringUtils.isBlank(dataPermission.field())) {
                return originSql;
            }
            CurrentUser user = FebsUtil.getCurrentUser();
            if (user == null) {
                return originSql;
            }
            CCJSqlParserManager parserManager = new CCJSqlParserManager();
            Select select = (Select) parserManager.parse(new StringReader(originSql));
            PlainSelect plainSelect = (PlainSelect) select.getSelectBody();
            Table fromItem = (Table) plainSelect.getFromItem();

            String selectTableName = fromItem.getAlias() == null ? fromItem.getName() : fromItem.getAlias().getName();
            String dataPermissionSql = String.format("%s.%s in (%s)", selectTableName, dataPermission.field(), StringUtils.defaultIfBlank(user.getDeptIds(), "'WITHOUT PERMISSIONS'"));

            if (plainSelect.getWhere() == null) {
                plainSelect.setWhere(CCJSqlParserUtil.parseCondExpression(dataPermissionSql));
            } else {
                plainSelect.setWhere(new AndExpression(plainSelect.getWhere(), CCJSqlParserUtil.parseCondExpression(dataPermissionSql)));
            }
            return select.toString();
        } catch (Exception e) {
            log.warn("get data permission sql fail: {}", e.getMessage());
            return originSql;
        }
    }

    private DataPermission getDataPermission(MappedStatement mappedStatement) {
        String mappedStatementId = mappedStatement.getId();
        DataPermission dataPermission = null;
        try {
            String className = mappedStatementId.substring(0, mappedStatementId.lastIndexOf("."));
            final Class<?> clazz = Class.forName(className);
            if (clazz.isAnnotationPresent(DataPermission.class)) {
                dataPermission = clazz.getAnnotation(DataPermission.class);
            }
        } catch (Exception ignore) {
        }
        return dataPermission;
    }

    private Boolean shouldFilter(MappedStatement mappedStatement, DataPermission dataPermission) {
        if (dataPermission != null) {
            String methodName = StringUtils.substringAfterLast(mappedStatement.getId(), ".");
            String methodPrefix = dataPermission.methodPrefix();
            if (StringUtils.isNotBlank(methodPrefix) && StringUtils.startsWith(methodName, methodPrefix)) {
                return Boolean.TRUE;
            }
            String[] methods = dataPermission.methods();
            for (String method : methods) {
                if (StringUtils.equals(method, methodName)) {
                    return Boolean.TRUE;
                }
            }
        }
        return Boolean.FALSE;
    }
}