fix DataAuthorization

xlorne · xlorne · commit ac3e405caf4d · 2024-12-18T18:09:44.000+08:00
diff --git a/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/DataAuthorizationContext.java b/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/DataAuthorizationContext.java
@@ -33,10 +33,10 @@ public void clearDataAuthorizationFilters() {
 
     public <T> T columnAuthorization(SQLInterceptState interceptState, String tableName, String columnName, T value) {
         if (interceptState != null && interceptState.hasIntercept()) {
-            String realTableName = interceptState.getTableName(tableName);
+//            String realTableName = interceptState.getTableName(tableName);
             for (DataAuthorizationFilter filter : filters) {
-                if (filter.supportColumnAuthorization(realTableName, columnName, value)) {
-                    return filter.columnAuthorization(realTableName, columnName, value);
+                if (filter.supportColumnAuthorization(tableName, columnName, value)) {
+                    return filter.columnAuthorization(tableName, columnName, value);
                 }
             }
         }
diff --git a/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java b/springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
@@ -46,6 +46,7 @@ public String getNewSQL() throws SQLException {
                 PlainSelect plainSelect = select.getPlainSelect();
 
                 this.enhanceDataPermissionInSelect(plainSelect);
+                System.out.println(tableAlias);
                 return statement.toString();
             }
         } catch (Exception e) {
@@ -54,27 +55,32 @@ public String getNewSQL() throws SQLException {
         return sql;
     }
 
+
     // 增强 SELECT 语句
     private void enhanceDataPermissionInSelect(PlainSelect plainSelect) throws Exception {
-        this.applyDataPermissionToSubquery(plainSelect);
-
         FromItem fromItem = plainSelect.getFromItem();
 
-        // 处理主 FROM 项（如果是子查询）
+        // FROM 项是表
+        if (fromItem instanceof Table) {
+            Table table = (Table) fromItem;
+            this.injectDataPermissionCondition(plainSelect, table, plainSelect.getWhere());
+        }
+
+        // FROM是子查询
         if (fromItem instanceof Select) {
-            this.applyDataPermissionToSubquery((Select) fromItem);
+            PlainSelect subPlainSelect = ((Select) fromItem).getPlainSelect();
+            this.enhanceDataPermissionInSelect(subPlainSelect);
         }
-        Expression where = plainSelect.getWhere();
 
         // 处理JOIN或关联子查询
         if (plainSelect.getJoins() != null) {
             for (Join join : plainSelect.getJoins()) {
                 if (join.getRightItem() instanceof Select) {
-                    PlainSelect subPlainSelect =  ((Select) join.getRightItem()).getPlainSelect();
+                    PlainSelect subPlainSelect = ((Select) join.getRightItem()).getPlainSelect();
                     this.enhanceDataPermissionInSelect(subPlainSelect);
                 }
-                if(join.getRightItem() instanceof Table){
-                    injectDataPermissionCondition(plainSelect, (Table) join.getRightItem(), where);
+                if (join.getRightItem() instanceof Table) {
+                    injectDataPermissionCondition(plainSelect, (Table) join.getRightItem(), plainSelect.getWhere());
                 }
             }
         }
@@ -97,16 +103,4 @@ private void injectDataPermissionCondition(PlainSelect plainSelect, Table table,
         }
     }
 
-    // 处理子查询
-    private void applyDataPermissionToSubquery(Select subSelect) throws Exception {
-        PlainSelect selectBody = subSelect.getPlainSelect();
-        if (selectBody != null) {
-            // 获取 WHERE 子句
-            Expression where = selectBody.getWhere();
-            FromItem fromItem = selectBody.getFromItem();
-            if (fromItem instanceof Table) {
-                injectDataPermissionCondition(selectBody, (Table) fromItem, where);
-            }
-        }
-    }
 }
diff --git a/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java b/springboot-starter-data-authorization/src/test/java/com/codingapi/springboot/authorization/DataAuthorizationContextTest.java
@@ -15,6 +15,14 @@
 import com.codingapi.springboot.authorization.repository.UnitRepository;
 import com.codingapi.springboot.authorization.repository.UserRepository;
 import lombok.extern.slf4j.Slf4j;
+import net.sf.jsqlparser.expression.Expression;
+import net.sf.jsqlparser.parser.CCJSqlParserUtil;
+import net.sf.jsqlparser.schema.Column;
+import net.sf.jsqlparser.statement.Statement;
+import net.sf.jsqlparser.statement.select.PlainSelect;
+import net.sf.jsqlparser.statement.select.Select;
+import net.sf.jsqlparser.statement.select.SelectItem;
+import net.sf.jsqlparser.statement.select.SelectItemVisitor;
 import org.junit.jupiter.api.MethodOrderer;
 import org.junit.jupiter.api.Order;
 import org.junit.jupiter.api.Test;
@@ -27,6 +35,7 @@
 import org.springframework.test.annotation.Rollback;
 
 import java.time.LocalDate;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -216,6 +225,10 @@ public boolean supportColumnAuthorization(String tableName, String columnName, O
     @Order(3)
     void test3() {
 
+        unitRepository.deleteAll();
+        departRepository.deleteAll();
+        userRepository.deleteAll();
+
         ColumnMaskContext.getInstance().addColumnMask(new IDCardMask());
         ColumnMaskContext.getInstance().addColumnMask(new PhoneMask());
         ColumnMaskContext.getInstance().addColumnMask(new BankCardMask());
@@ -266,9 +279,9 @@ public boolean supportColumnAuthorization(String tableName, String columnName, O
     }
 
 
-    @Test
-    @Order(4)
-    void test4() {
+//    @Test
+//    @Order(4)
+    void test4() throws Exception{
         String sql = "SELECT\n" +
                 "\tUNYiV.id AS '历史工作经历编号',\n" +
                 "\tUNYiV.company_name AS '历史工作单位',\n" +
@@ -311,7 +324,8 @@ void test4() {
                 "\t\t\tt_league_employee AS dEj96,\n" +
                 "\t\t\tt_league AS rnGD4 \n" +
                 "\t\tWHERE\n" +
-                "\t\t\tdEj96.employee_id = WXJj8.id \n" +
+                "\t\t\trnGD4.id < 100 \n" +
+                "\t\t\tAND dEj96.employee_id = WXJj8.id \n" +
                 "\t\t\tAND dEj96.league_id = rnGD4.id \n" +
                 "\t\t\tAND 1 = 1 \n" +
                 "\t) AS owasH \n" +
@@ -321,6 +335,7 @@ void test4() {
                 "\tAND owasH.任现职编号 = pehMS.id \n" +
                 "\tAND 1 = 1";
 
+
         DataAuthorizationContext.getInstance().clearDataAuthorizationFilters();
         DataAuthorizationContext.getInstance().addDataAuthorizationFilter(new DefaultDataAuthorizationFilter() {
             @Override
@@ -330,7 +345,7 @@ public Condition rowAuthorization(String tableName, String tableAlias) {
 
             @Override
             public <T> T columnAuthorization(String tableName, String columnName, T value) {
-                System.out.println(tableName + " " + columnName + " " + value);
+                System.out.println("tableName:" + tableName + ",columnName:" + columnName + ",value:" + value);
                 return value;
             }
 
diff --git a/springboot-starter-data-authorization/src/test/resources/application.properties b/springboot-starter-data-authorization/src/test/resources/application.properties
@@ -1,13 +1,13 @@
 
-#spring.datasource.driver-class-name=com.codingapi.springboot.authorization.jdbc.AuthorizationJdbcDriver
-#spring.datasource.url=jdbc:h2:file:./test.db
-#spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
-#spring.jpa.hibernate.ddl-auto=create-drop
-#spring.jpa.show-sql=true
-
 spring.datasource.driver-class-name=com.codingapi.springboot.authorization.jdbc.AuthorizationJdbcDriver
-spring.datasource.url=jdbc:mysql://localhost:3306/example?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
-spring.datasource.username=root
-spring.datasource.password=lorne4j#2024
+spring.datasource.url=jdbc:h2:file:./test.db
+spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
+spring.jpa.hibernate.ddl-auto=create-drop
+spring.jpa.show-sql=true
+
+#spring.datasource.driver-class-name=com.codingapi.springboot.authorization.jdbc.AuthorizationJdbcDriver
+#spring.datasource.url=jdbc:mysql://localhost:3306/example?createDatabaseIfNotExist=true&useUnicode=true&characterEncoding=utf-8&useSSL=false&serverTimezone=Asia/Shanghai&allowPublicKeyRetrieval=true
+#spring.datasource.username=root
+#spring.datasource.password=lorne4j#2024
 
 logging.level.com.codingapi.springboot.authorization=debug

Original file line number	Diff line number	Diff line change
`@@ -33,10 +33,10 @@ public void clearDataAuthorizationFilters() {`
`33`	`33`
`34`	`34`	`public <T> T columnAuthorization(SQLInterceptState interceptState, String tableName, String columnName, T value) {`
`35`	`35`	`if (interceptState != null && interceptState.hasIntercept()) {`
`36`		`- String realTableName = interceptState.getTableName(tableName);`
	`36`	`+// String realTableName = interceptState.getTableName(tableName);`
`37`	`37`	`for (DataAuthorizationFilter filter : filters) {`
`38`		`- if (filter.supportColumnAuthorization(realTableName, columnName, value)) {`
`39`		`- return filter.columnAuthorization(realTableName, columnName, value);`
	`38`	`+ if (filter.supportColumnAuthorization(tableName, columnName, value)) {`
	`39`	`+ return filter.columnAuthorization(tableName, columnName, value);`
`40`	`40`	`}`
`41`	`41`	`}`
`42`	`42`	`}`