1.使用場景: 共享部門共享用戶的數據權限的公共處理問題,主要還是為了代碼中時時獲取當前登陸人信息,然后帶入SQL語句中拼接查詢
2.怎么使用?
1) bean繼承了BaseEntity類,該類中有
/** * 自定義SQL(SQL標識,SQL內容) */ protected Map<String, String> sqlMap; @JsonIgnore @XmlTransient public Map<String, String> getSqlMap() { if (sqlMap == null){ sqlMap = Maps.newHashMap(); } return sqlMap; } public void setSqlMap(Map<String, String> sqlMap) { this.sqlMap = sqlMap; }
2)XML中如何寫?
<select id="findList" resultType="ModelInfo"> SELECT <include refid="modelInfoColumns"/> FROM dm_model a <include refid="modelInfoJoins"/> <where> <if test="name != null and name != ''"> AND a.name LIKE <if test="dbName == 'oracle'">'%'||#{name}||'%'</if> <if test="dbName == 'mssql'">'%'+#{name}+'%'</if> <if test="dbName == 'mysql'">concat('%',#{name},'%')</if> </if> <!-- <if test="classificationId != null and classificationId != ''"> AND a.classification_id = #{classificationId} </if> --> <if test="modelInfoType != null and modelInfoType.id != null and modelInfoType.id != ''"> AND (s.id = #{modelInfoType.id} OR s.parent_ids LIKE <if test="dbName == 'oracle'">'%,'||#{modelInfoType.id}||',%')</if> <if test="dbName == 'mssql'">'%,'+#{modelInfoType.id}+',%')</if> <if test="dbName == 'mysql'">CONCAT('%,', #{modelInfoType.id}, ',%'))</if> </if> <if test="status != null and status != ''"> AND a.status = #{status} </if> <!-- 數據范圍過濾 --> ${sqlMap.dsf} </where> <choose> <when test="page !=null and page.orderBy != null and page.orderBy != ''"> ORDER BY ${page.orderBy} </when> <otherwise> ORDER BY a.update_date DESC </otherwise> </choose> </select>
3)BaseService中:
private static String sqlString(BaseEntity<?> entity,String visibleDept, String visibleUser, String appProcessState, User user, String type) { String sqlString = ""; // 如果是超級管理員,則不過濾數據 // if ((type==null && !user.isAdmin())||("rest".equals(type) && !user.isAdmin())){ if ((type==null ||"rest".equals(type) || "km".equals(type)) && !user.isAdmin() && !user.getRoleNames().contains("系統管理員")/*&& !UserUtils.isUserHaveRole(user.getId(), "sysamdin")*/){ sqlString = "and ((case "; sqlString += " when "+visibleDept+" is not null and "+visibleUser+" is not null and ("+visibleUser+" like '%"+ user.getId() + "%' or "+visibleUser+" like '%,"+ user.getId() + "%' or "+visibleUser+" like '%"+ user.getId() + ",%') then 1" + " when "+visibleDept+" is not null and "+visibleUser+" is null and ("+visibleDept+" like '%"+ user.getOffice().getId() + "%' or "+visibleDept+" like '%,"+ user.getOffice().getId() + "%' or "+visibleDept+" like '%"+ user.getOffice().getId() + ",%') then 1" + " when "+visibleDept+" is null and "+visibleUser+" is null then 1" + " else 0 end)=1 "+appProcessState; if (type == null) { sqlString += " OR EXISTS (SELECT 1 FROM sys_user WHERE id='" + user.getId() + "' and id=a.create_by)"; }else if("km".equals(type)){ sqlString += " OR EXISTS (SELECT 1 FROM sys_user WHERE id='" + user.getId() + "' and id=a.create_by "+ appProcessState +")"; } sqlString += ")"; } return sqlString; }
這里需注意,由於sql比較長,要注意and和or的優先級,有時在和mapper中sql拼接完成后並不是自己想要的結果
在自己模塊中調用
modelInfo.getSqlMap().put("dsf", visibledataScopeFilter(modelInfo, "a.share_depts",
"a.share_users", "and a.status='3'"));