Data Permission Plugin

DataPermissionInterceptor is a plugin provided by MyBatis-Plus for implementing data permission control. It intercepts executed SQL statements and dynamically appends permission-related SQL fragments to control user data access.

Plugin Principle

The working principle of DataPermissionInterceptor is similar to the tenant plugin. It intercepts SQL statements before execution and dynamically adds permission-related SQL fragments based on user permissions. This ensures that only data accessible to the user is queried.

Plugin Location and Test Cases

Plugin Location: DataPermissionInterceptor
Test Cases: DataPermissionInterceptorTest

Core Code

The following is the core logic code for assembling SQL fragments:

new DataPermissionInterceptor(new MultiDataPermissionHandler() {

    @Override
    public Expression getSqlSegment(final Table table, final Expression where, final String mappedStatementId) {
        try {
            String sqlSegment = sqlSegmentMap.get(mappedStatementId, table.getName());
            if (sqlSegment == null) {
                logger.info("{} {} AS {} : NOT FOUND", mappedStatementId, table.getName(), table.getAlias());
                return null;
            }
            Expression sqlSegmentExpression = CCJSqlParserUtil.parseCondExpression(sqlSegment);
            logger.info("{} {} AS {} : {}", mappedStatementId, table.getName(), table.getAlias(), sqlSegmentExpression.toString());
            return sqlSegmentExpression;
        } catch (JSQLParserException e) {
            e.printStackTrace();
        }
        return null;
    }
});

JSQLParser

JSQLParser is an open-source SQL parsing library that facilitates parsing and modifying SQL statements. It is a key tool for implementing permission logic in the plugin, as MyBatis-Plus’s data permission feature relies on JSQLParser’s parsing capabilities.

The following example demonstrates how to use JSQLParser to modify SQL:

// Example SQL
String sql = "SELECT * FROM user WHERE status = 'active'";
Expression expression;

try {
    expression = CCJSqlParserUtil.parseCondExpression("status = 'inactive'");
    PlainSelect select = (PlainSelect) ((Select) CCJSqlParserUtil.parse(sql)).getSelectBody();
    select.setWhere(expression);

    System.out.println(select); // Output: SELECT * FROM user WHERE status = 'inactive'
} catch (JSQLParserException e) {
    e.printStackTrace();
}

Usage

Step 1: Implement Data Permission Logic

Customize MultiDataPermissionHandler to implement your specific business logic.

public class CustomDataPermissionHandler extends MultiDataPermissionHandler {
    @Override
    public Expression getSqlSegment(Table table, Expression where, String mappedStatementId) {
        // Implement your custom data permission logic here
        try {
            String sqlSegment = "..."; // Data permission-related SQL fragment
            return CCJSqlParserUtil.parseCondExpression(sqlSegment);
        } catch (JSQLParserException e) {
            e.printStackTrace();
            return null;
        }
    }
}

Step 2: Register Data Permission Interceptor

// In MyBatis configuration
Interceptor dataPermissionInterceptor = new DataPermissionInterceptor(new CustomDataPermissionHandler());
mybatisConfiguration.addInterceptor(dataPermissionInterceptor);

By using DataPermissionInterceptor, you can easily implement data permission control in your MyBatis-Plus application, ensuring users can only access data within their permission scope, thereby enhancing data security.

Power by Astro Starlight | Sponsored by JetBrains