If you understand and transform in detail according to the data permissions and graphics

Others 2023-09-03 10:17:05 views: null

data permission

The so-called data permission is to view different list data according to the login users of different roles

According to the data permission

Ruoyi's data permissions are also implemented based on roles , and it supports five permission modes, arranged at a time according to the size of permissions:

  • All data permissions, indicating that you have the data permissions of all departments ·
  • Customized data permissions, indicating that you have the data permissions of several specified departments
  • The data authority of this department means that only the data authority of the department to which the user belongs (excluding sub-departments)
  • This department and the following data permission means that only the user's department and all sub-departments have data permissions
  • Only the user's data permission means that only the user has the data permission of the user himself

Page settings data permissions

According to page data permissions
If you set the data permissions, not only the page needs to be set, but also the backend. It is useless to only set the page without setting the backend! !, for this, there will be a detailed explanation later

Backend setting data permissions

If it is very simple to set the data permission according to the backend, you can use the @DataScope annotation to realize the data permission.
There are three attributes under the @DataScope annotation: deptAlias, userAlias, permission
@DataScope annotation

Notice:

The deptAlias ​​and userAlias ​​attributes of this annotation require the database to have dept_id or user_id and splice ${params.dataScope} after the SQL, and the entity class needs to inherit the BaseEntity class .So it cannot support mybatis-Plus
SQL
Because the essence of data permissions is still splicing SQL, and params.dataScope is the splicing reserved by the framework. And params is in BaseEntity
BaseEntity class

departments

Set data permissions according to department

  1. First, set the data permissions of this department or the data permissions of this department and below in role management
    insert image description here
  2. Then add @DataScope(deptAlias ​​= "t1") to the backend interface implementation class. This t1 is the alias of the data table you want to query. If it is a single table query, you can not set the value, just @DataScope(deptAlias) directly .
    insert image description here
    3. View data on the page

admin view (admin can view all data):

insert image description here

Switch supplier account (custom data permission set by supplier, can see supplier and construction party data):

insert image description here
insert image description here

Switch service provider account (service provider can only see service provider data):

insert image description here
insert image description here

userAlias

userAlias ​​is the same as deptAlias ​​so I won’t be too verbose here (user_id must exist in the main table)

* permission

Let’s focus on permission. The definition of permission is the permission character (used to match multiple roles to meet the required permissions). By default, it is obtained according to the permission annotation @ss. Multiple permissions are separated by commas. If the annotation is not written, the default is
insert image description here
I modified the authority of your role here because of our business needs. For example, if a project is created by department a, this project should only be seen by department a. The project needs an approver, and this approver is under department b or Others, so if the login person is an approver, you should also see that our approver field is approval_id, and there may be handlers or other people, so I modified the permission attribute so that it can also be automatically spliced ​​​​in the system Behind the Data Permissions
insert image description here

if ( StringUtils.isNotEmpty(permission) && !permission.equals(PermissionContextHolder.getContext())){
    
    
       //自定义筛选字段
       sqlString.append(StringUtils.format(" OR {} = {}", permission, user.getUserId()));
}

Implementation class:
insert image description here
automatic splicing:
insert image description here
not only splicing department permissions, but also splicing the permissions of our custom fields, and as long as one of or is satisfied, the data can be queried so
insert image description here
that the original supplier created by the supplier can only see the data, because the login person is an approver for this item and can also see data

DataScopeAspect


DataScopeAspect is the aspect class of @DataScope, and it is also the core dataScopeFilter method to realize splicing permission SQL according to the framework. It is the main method
insert image description here
. The constants in it are the different data permissions we set on the page.
insert image description here
If there is no dept_id or user_id in the table, for example, only createdBy The creator id, if you really need to modify it, you can also change the user_id in the SQL here to the createdBy field you want

Note: All the above data and names have been processed and do not involve company secrets

Guess you like

Origin blog.csdn.net/weixin_46573158/article/details/128147561
Recommended
Ranking
Synchronized reentrant lock Analysis
Icons Cube4Nano professional external sound card equipment rack, audio and video conference playback and recording settings
.Gitignore common template
[java]-Algorithms and Data Structures-Chapter 6-Recursion
JavaWeb-case student information
Python: Convert decimal numbers to binary, octal, and hexadecimal numbers
ASP.NET MVC4 project to build (a)
Use Hexo to build your own blog
Editor fast bond
An article takes you to use SpringBoot to implement timing tasks
Daily
More
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)

Code World

© 2018 codetd.com