SoFunction
Updated on 2025-03-06

Detailed explanation of MybatisPlus' example of implementing data permission isolation

introduction

Mybatis Plus has made non-invasive enhancements to Mybatis, which is very useful. Today I will introduce to you one of its practical functions: the data permission plug-in.

rely

First, import the maven dependency of Mybatis Plus, I am using version 3.5.3.2.

<properties>
    <>3.5.3.2</>
</properties>

<dependency>
    <groupId></groupId>
    <artifactId>mybatis-plus-boot-starter</artifactId>
    <version>${}</version>
</dependency>

Data permission interceptor

Write a custom permission annotation, which is used to annotate the intercepted method. The table alias and table fields for data permissions can be configured on the annotation, which will be used when splicing SQL.

import ;
import ;
import ;
import ;

@Target({, })
@Retention()
public @interface MyDataScope {
    /**
      * Table alias settings
      */
    String alias() default "";
    
    /**
      * Data permission table field name
      */
    String dataId() default "";
}

Next is to write the most core interceptor processing logic. Create an interface implementation class to implement the DataPermissionHandler interface of Mybatis Plus. The interface method of DataPermissionHandler has two parameters.

  • Expression where. The where parameter is the where condition expression of SQL defined by the mapper interface in the XML. In the intercept processor, we can add some and or or conditions to the where condition expression.
  • String mappedStatementId. The mappedStatementId parameter is the fully qualified name of the mapper interface method. Through it, we can get the Class class name and interface method name of the mapper interface.

The interface method of DataPermissionHandler getSqlSegment will return a result of Expression type, that is, through the interceptor method, we modify the original where condition expression and return it to Mybatis Plus and take effect when the code is run.

In the interceptor method, we also used the MyDataScope annotation we customized at the beginning. We can directly return the original where condition expression without the mapper method marked by the MyDataScope annotation.

import ;
import ;
import ;
import ;
import .slf4j.Slf4j;
import ;
import ;
import ;
import ;

import ;
import ;

import static ;

@Slf4j
public class MyDataScopeHandler implements DataPermissionHandler {
    /**
      * Get data permissions SQL fragment expressions
      * @param where SQL Where conditional expressions to be executed
      * @param mappedStatementId Mybatis MappedStatement Id Based on this parameter, you can determine the specific execution method
      * @return Data permissions SQL fragment expressions
      */
    @Override
    public Expression getSqlSegment(Expression where, String mappedStatementId) {
        try {
            String className = (0, ("."));
            String methodName = ((".") + 1);
            Method[] methods = (className).getMethods();
            for (Method m : methods) {
                if ((()) || !().equals(methodName)) {
                    continue;
                }
                MyDataScope annotation = ();
                if ((annotation)) {
                    return where;
                }
                String sqlSegment = getSqlSegment(annotation);
                return (sqlSegment) ? where : getExpression(where, sqlSegment);
            }
        } catch (ClassNotFoundException e) {
            ((), e);
        }
        return null;
    }

    /**
      * Splicing requires additional data permissions added in business SQL SQL
      * @param annotation
      * @return Data permissions SQL
      */
    private String getSqlSegment(MyDataScope annotation) {
        LoginUser loginUser = getLoginUser();
        String userType = ().getUserType();
        Long userId = ().getUserId();
        String sqlSegment = "";
        if ((userType)) {
            return sqlSegment;
        }
        if ("0".equals(userType)) {
            return sqlSegment;
        } else {
            sqlSegment = (" {}.{} IN (SELECT project_id FROM sys_user where user_id = '{}') ",
                    (), (), userId);
        }
        return sqlSegment;
    }

    /**
      * Append data permissions SQL statements to data permissions SQL fragment expressions
      * @param where SQL Where conditional expressions to be executed
      * @param sqlSegment Data Permissions SQL Snippet
      * @return
      */
    private Expression getExpression(Expression where, String sqlSegment) {
        try {
            Expression sqlSegmentExpression = (sqlSegment);
            return (null != where) ? new AndExpression(where, sqlSegmentExpression) : sqlSegmentExpression;
        } catch (JSQLParserException e) {
            ((), e);
        }
        return null;
    }
}

Interceptor configuration

Configure Mybatis Plus interceptor, and pass the data permission handler as a parameter to the interceptor construction method.

import ;
import ;
import ;
import ;

@Configuration
public class MybatisPlusConfig {
    @Bean
    public MybatisPlusInterceptor mybatisPlusInterceptor() {
        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
        (new DataPermissionInterceptor(new MyDataScopeHandler()));
        return interceptor;
    }
}

use

When using it, mark MyDataScope annotation on the mapper interface method and mark the annotation with table alias and table fields.

public interface MyMapper {
    @MyDataScope(alias = "a", dataId = "id")
    List findList();
}

This is the end of this article about the detailed explanation of MybatisPlus' example implementation of data permission isolation. For more related content on MybatisPlus' data permission isolation, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!