Skip to content

Data Permission Plugin

DataPermissionInterceptor is a plugin provided by MyBatis-Plus for implementing data permission control. It intercepts executed SQL statements and dynamically appends permission-related SQL fragments to control user data access.

Plugin Principle

DataPermissionInterceptor operates similarly to the tenant plugin. It intercepts SQL statements before execution and dynamically adds permission-related SQL fragments based on user permissions. This ensures only data accessible to the user will be queried.

Plugin Source and Test Cases

Core Code

Below is the core logic for assembling SQL fragments:

new DataPermissionInterceptor(new MultiDataPermissionHandler() {
@Override
public Expression getSqlSegment(final Table table, final Expression where, final String mappedStatementId) {
try {
String sqlSegment = sqlSegmentMap.get(mappedStatementId, table.getName());
if (sqlSegment == null) {
logger.info("{} {} AS {} : NOT FOUND", mappedStatementId, table.getName(), table.getAlias());
return null;
}
Expression sqlSegmentExpression = CCJSqlParserUtil.parseCondExpression(sqlSegment);
logger.info("{} {} AS {} : {}", mappedStatementId, table.getName(), table.getAlias(), sqlSegmentExpression.toString());
return sqlSegmentExpression;
} catch (JSQLParserException e) {
e.printStackTrace();
}
return null;
}
});

JSQLParser

JSQLParser is an open-source SQL parsing library that facilitates parsing and modifying SQL statements. It is a key tool for implementing permission logic in this plugin, as MyBatis-Plus’s data permission feature relies on JSQLParser’s parsing capabilities.

The following example demonstrates how to use JSQLParser to modify SQL:

// Example SQL
String sql = "SELECT * FROM user WHERE status = 'active'";
Expression expression;
try {
expression = CCJSqlParserUtil.parseCondExpression("status = 'inactive'");
PlainSelect select = (PlainSelect) ((Select) CCJSqlParserUtil.parse(sql)).getSelectBody();
select.setWhere(expression);
System.out.println(select); // Output: SELECT * FROM user WHERE status = 'inactive'
} catch (JSQLParserException e) {
e.printStackTrace();
}

Usage Guide

Step 1: Implement Data Permission Logic

Customize MultiDataPermissionHandler to implement specific business logic.

public class CustomDataPermissionHandler extends MultiDataPermissionHandler {
@Override
public Expression getSqlSegment(Table table, Expression where, String mappedStatementId) {
// Implement custom data permission logic here
try {
String sqlSegment = "..."; // Permission-related SQL fragment
return CCJSqlParserUtil.parseCondExpression(sqlSegment);
} catch (JSQLParserException e) {
e.printStackTrace();
return null;
}
}
}

Step 2: Register the Data Permission Interceptor

Register the custom handler with DataPermissionInterceptor.

// In MyBatis configuration
Interceptor dataPermissionInterceptor = new DataPermissionInterceptor(new CustomDataPermissionHandler());
mybatisConfiguration.addInterceptor(dataPermissionInterceptor);

By using DataPermissionInterceptor, you can easily implement data permission control in MyBatis-Plus applications, ensuring users only access data within their authorized scope, thereby enhancing data security.

Baomidou

© 2016-2025 Baomidou™. All Rights Reserved.

Power by Astro Starlight | Sponsored by JetBrains

渝ICP备2021000141号-1 | 渝公网安备50011302222097