Skip to content

Data Permission Plugin

DataPermissionInterceptor is a plugin provided by MyBatis-Plus for implementing data permission control. It intercepts executed SQL statements and dynamically appends permission-related SQL fragments to control user data access.

Plugin Principle

The working principle of DataPermissionInterceptor is similar to the tenant plugin. It intercepts SQL statements before execution and dynamically adds permission-related SQL fragments based on user permissions. This ensures that only data accessible to the user is queried.

Plugin Location and Test Cases

Core Code

The following is the core logic code for assembling SQL fragments:

new DataPermissionInterceptor(new MultiDataPermissionHandler() {
@Override
public Expression getSqlSegment(final Table table, final Expression where, final String mappedStatementId) {
try {
String sqlSegment = sqlSegmentMap.get(mappedStatementId, table.getName());
if (sqlSegment == null) {
logger.info("{} {} AS {} : NOT FOUND", mappedStatementId, table.getName(), table.getAlias());
return null;
}
Expression sqlSegmentExpression = CCJSqlParserUtil.parseCondExpression(sqlSegment);
logger.info("{} {} AS {} : {}", mappedStatementId, table.getName(), table.getAlias(), sqlSegmentExpression.toString());
return sqlSegmentExpression;
} catch (JSQLParserException e) {
e.printStackTrace();
}
return null;
}
});

JSQLParser

JSQLParser is an open-source SQL parsing library that facilitates parsing and modifying SQL statements. It is a key tool for implementing permission logic in the plugin, as MyBatis-Plus’s data permission feature relies on JSQLParser’s parsing capabilities.

The following example demonstrates how to use JSQLParser to modify SQL:

// Example SQL
String sql = "SELECT * FROM user WHERE status = 'active'";
Expression expression;
try {
expression = CCJSqlParserUtil.parseCondExpression("status = 'inactive'");
PlainSelect select = (PlainSelect) ((Select) CCJSqlParserUtil.parse(sql)).getSelectBody();
select.setWhere(expression);
System.out.println(select); // Output: SELECT * FROM user WHERE status = 'inactive'
} catch (JSQLParserException e) {
e.printStackTrace();
}

Usage

Step 1: Implement Data Permission Logic

Customize MultiDataPermissionHandler to implement your specific business logic.

public class CustomDataPermissionHandler extends MultiDataPermissionHandler {
@Override
public Expression getSqlSegment(Table table, Expression where, String mappedStatementId) {
// Implement your custom data permission logic here
try {
String sqlSegment = "..."; // Data permission-related SQL fragment
return CCJSqlParserUtil.parseCondExpression(sqlSegment);
} catch (JSQLParserException e) {
e.printStackTrace();
return null;
}
}
}

Step 2: Register Data Permission Interceptor

Register your custom handler with DataPermissionInterceptor.

// In MyBatis configuration
Interceptor dataPermissionInterceptor = new DataPermissionInterceptor(new CustomDataPermissionHandler());
mybatisConfiguration.addInterceptor(dataPermissionInterceptor);

By using DataPermissionInterceptor, you can easily implement data permission control in your MyBatis-Plus application, ensuring users can only access data within their permission scope, thereby enhancing data security.

Baomidou

© 2016-2025 Baomidou™. All Rights Reserved.

Power by Astro Starlight | Sponsored by JetBrains

渝ICP备2021000141号-1 | 渝公网安备50011302222097