Data Permission Plugin
DataPermissionInterceptor is a plugin provided by MyBatis-Plus for implementing data permission control. It intercepts executed SQL statements and dynamically appends permission-related SQL fragments to control user data access.
Plugin Principle
DataPermissionInterceptor operates similarly to the tenant plugin. It intercepts SQL statements before execution and dynamically adds permission-related SQL fragments based on user permissions. This ensures only data accessible to the user will be queried.
Plugin Source and Test Cases
- Plugin Source: DataPermissionInterceptor
- Test Cases: DataPermissionInterceptorTest
Core Code
Below is the core logic for assembling SQL fragments:
new DataPermissionInterceptor(new MultiDataPermissionHandler() {
@Override public Expression getSqlSegment(final Table table, final Expression where, final String mappedStatementId) { try { String sqlSegment = sqlSegmentMap.get(mappedStatementId, table.getName()); if (sqlSegment == null) { logger.info("{} {} AS {} : NOT FOUND", mappedStatementId, table.getName(), table.getAlias()); return null; } Expression sqlSegmentExpression = CCJSqlParserUtil.parseCondExpression(sqlSegment); logger.info("{} {} AS {} : {}", mappedStatementId, table.getName(), table.getAlias(), sqlSegmentExpression.toString()); return sqlSegmentExpression; } catch (JSQLParserException e) { e.printStackTrace(); } return null; }});
JSQLParser
JSQLParser is an open-source SQL parsing library that facilitates parsing and modifying SQL statements. It is a key tool for implementing permission logic in this plugin, as MyBatis-Plus’s data permission feature relies on JSQLParser’s parsing capabilities.
The following example demonstrates how to use JSQLParser to modify SQL:
// Example SQLString sql = "SELECT * FROM user WHERE status = 'active'";Expression expression;
try { expression = CCJSqlParserUtil.parseCondExpression("status = 'inactive'"); PlainSelect select = (PlainSelect) ((Select) CCJSqlParserUtil.parse(sql)).getSelectBody(); select.setWhere(expression);
System.out.println(select); // Output: SELECT * FROM user WHERE status = 'inactive'} catch (JSQLParserException e) { e.printStackTrace();}
Usage Guide
Step 1: Implement Data Permission Logic
Customize MultiDataPermissionHandler
to implement specific business logic.
public class CustomDataPermissionHandler extends MultiDataPermissionHandler { @Override public Expression getSqlSegment(Table table, Expression where, String mappedStatementId) { // Implement custom data permission logic here try { String sqlSegment = "..."; // Permission-related SQL fragment return CCJSqlParserUtil.parseCondExpression(sqlSegment); } catch (JSQLParserException e) { e.printStackTrace(); return null; } }}
Step 2: Register the Data Permission Interceptor
Register the custom handler with DataPermissionInterceptor
.
// In MyBatis configurationInterceptor dataPermissionInterceptor = new DataPermissionInterceptor(new CustomDataPermissionHandler());mybatisConfiguration.addInterceptor(dataPermissionInterceptor);
By using DataPermissionInterceptor, you can easily implement data permission control in MyBatis-Plus applications, ensuring users only access data within their authorized scope, thereby enhancing data security.