Pre Merge pull request !401 from D哥/N/A

优化数据权限控制逻辑，放开permission限制
支持Excel导出对象的多个子列表
2025-12-04 09:36:01 +00:00 · 2025-12-04 17:35:47 +08:00 · 2025-12-04 16:48:19 +08:00 · 2025-12-04 16:43:11 +08:00 · 2025-12-04 16:42:55 +08:00 · 2025-12-04 13:15:50 +08:00
7 changed files with 59 additions and 31 deletions
--- a/pom.xml
+++ b/pom.xml
@ -35,7 +35,7 @@
        <springdoc.version>1.6.9</springdoc.version>
        <transmittable-thread-local.version>2.14.4</transmittable-thread-local.version>
        <!-- override dependency version -->
-        <tomcat.version>9.0.108</tomcat.version>
+        <tomcat.version>9.0.112</tomcat.version>
        <logback.version>1.2.13</logback.version>
        <spring-framework.version>5.3.39</spring-framework.version>
    </properties>
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
@ -87,6 +87,16 @@ public class Constants
     */
    public static final String LOGIN_FAIL = "Error";

+    /**
+     * 所有权限标识
+     */
+    public static final String ALL_PERMISSION = "*:*:*";
+
+    /**
+     * 管理员角色权限标识
+     */
+    public static final String SUPER_ADMIN = "admin";
+
    /**
     * 当前记录起始索引
     */
--- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
+++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
@ -147,12 +147,12 @@ public class ExcelUtil<T>
    /**
     * 对象的子列表方法
     */
-    private Map<String, Method> subMethods = new HashMap<>();
+    private Map<String, Method> subMethods;

    /**
     * 对象的子列表属性
     */
-    private Map<String, List<Field>> subFieldsMap = new HashMap<>();
+    private Map<String, List<Field>> subFieldsMap;

    /**
     * 统计列表
@ -225,7 +225,10 @@ public class ExcelUtil<T>
            int titleLastCol = this.fields.size() - 1;
            if (isSubList())
            {
-                titleLastCol = titleLastCol + subFieldsMap.values().size() - 1;
+                for (List<Field> currentSubFields : subFieldsMap.values())
+                {
+                    titleLastCol = titleLastCol + currentSubFields.size() - 1;
+                }
            }
            Row titleRow = sheet.createRow(rownum == 0 ? rownum++ : 0);
            titleRow.setHeightInPoints(30);
@ -587,7 +590,6 @@ public class ExcelUtil<T>
     * 填充excel数据
     * 
     * @param index 序号
-     * @param row 单元格行
     */
    @SuppressWarnings("unchecked")
    public void fillExcelData(int index)
@ -611,10 +613,10 @@ public class ExcelUtil<T>
                    try
                    {
                        Collection<?> subList = (Collection<?>) getTargetValue(vo, field, excel);
+                        List<Field> currentSubFields = subFieldsMap.get(field.getName());
                        if (subList != null && !subList.isEmpty())
                        {
                            int subIndex = 0;
-                            List<Field> currentSubFields = subFieldsMap.get(field.getName());
                            for (Object subVo : subList)
                            {
                                Row subRow = sheet.getRow(currentRowNum + subIndex);
@ -631,8 +633,8 @@ public class ExcelUtil<T>
                                }
                                subIndex++;
                            }
-                            column += currentSubFields.size();
                        }
+                        column += currentSubFields.size();
                    }
                    catch (Exception e)
                    {
@ -1349,6 +1351,8 @@ public class ExcelUtil<T>
    {
        List<Object[]> fields = new ArrayList<Object[]>();
        List<Field> tempFields = new ArrayList<>();
+        subFieldsMap = new HashMap<>();
+        subMethods = new HashMap<>();
        tempFields.addAll(Arrays.asList(clazz.getSuperclass().getDeclaredFields()));
        tempFields.addAll(Arrays.asList(clazz.getDeclaredFields()));
        if (StringUtils.isNotEmpty(includeFields))
--- a/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java
+++ b/ruoyi-common/ruoyi-common-datascope/src/main/java/com/ruoyi/common/datascope/aspect/DataScopeAspect.java
@ -94,7 +94,7 @@ public class DataScopeAspect
        List<String> conditions = new ArrayList<String>();
        List<String> scopeCustomIds = new ArrayList<String>();
        user.getRoles().forEach(role -> {
-            if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.equals(role.getStatus(), UserConstants.ROLE_NORMAL) && StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+            if (DATA_SCOPE_CUSTOM.equals(role.getDataScope()) && StringUtils.equals(role.getStatus(), UserConstants.ROLE_NORMAL) && (StringUtils.isEmpty(permission) || StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission))))
            {
                scopeCustomIds.add(Convert.toStr(role.getRoleId()));
            }
@ -107,15 +107,16 @@ public class DataScopeAspect
            {
                continue;
            }
-            if (!StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
+            if (StringUtils.isNotEmpty(permission) && !StringUtils.containsAny(role.getPermissions(), Convert.toStrArray(permission)))
            {
                continue;
            }
            if (DATA_SCOPE_ALL.equals(dataScope))
            {
+                // 全部数据权限，不添加额外条件
                sqlString = new StringBuilder();
-                conditions.add(dataScope);
-                break;
+                conditions.clear();
+                return;
            }
            else if (DATA_SCOPE_CUSTOM.equals(dataScope))
            {
@ -143,28 +144,28 @@ public class DataScopeAspect
                {
                    sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
                }
-                else
-                {
-                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
-                    sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
-                }
+                // 当没有 userAlias 时，不添加任何条件
            }
            conditions.add(dataScope);
        }

-        // 角色都不包含传递过来的权限字符，这个时候sqlString也会为空，所以要限制一下,不查询任何数据
+        // 角色都不包含传递过来的权限字符，这个时候不添加任何条件
        if (StringUtils.isEmpty(conditions))
        {
-            sqlString.append(StringUtils.format(" OR {}.dept_id = 0 ", deptAlias));
+            sqlString = new StringBuilder();
        }

-        if (StringUtils.isNotBlank(sqlString.toString()))
+        String sql = sqlString.toString().trim();
+        if (sql.startsWith("OR ")) {
+            sql = sql.substring(3);
+        }
+        if (StringUtils.isNotBlank(sql))
        {
            Object params = joinPoint.getArgs()[0];
-            if (StringUtils.isNotNull(params) && params instanceof BaseEntity)
+            if (params instanceof BaseEntity)
            {
                BaseEntity baseEntity = (BaseEntity) params;
-                baseEntity.getParams().put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
+                baseEntity.getParams().put(DATA_SCOPE, " AND (" + sql + ")");
            }
        }
    }
--- a/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/aspect/LogAspect.java
+++ b/ruoyi-common/ruoyi-common-log/src/main/java/com/ruoyi/common/log/aspect/LogAspect.java
@ -48,6 +48,9 @@ public class LogAspect
    /** 计算操作消耗时间 */
    private static final ThreadLocal<Long> TIME_THREADLOCAL = new NamedThreadLocal<Long>("Cost Time");

+    /** 参数最大长度限制 */
+    private static final int PARAM_MAX_LENGTH = 2000;
+
    @Autowired
    private AsyncLogService asyncLogService;

@ -166,16 +169,16 @@ public class LogAspect
     */
    private void setRequestValue(JoinPoint joinPoint, SysOperLog operLog, String[] excludeParamNames) throws Exception
    {
-        Map<?, ?> paramsMap = ServletUtils.getParamMap(ServletUtils.getRequest());
        String requestMethod = operLog.getRequestMethod();
+        Map<?, ?> paramsMap = ServletUtils.getParamMap(ServletUtils.getRequest());
        if (StringUtils.isEmpty(paramsMap) && StringUtils.equalsAny(requestMethod, HttpMethod.PUT.name(), HttpMethod.POST.name(), HttpMethod.DELETE.name()))
        {
            String params = argsArrayToString(joinPoint.getArgs(), excludeParamNames);
-            operLog.setOperParam(StringUtils.substring(params, 0, 2000));
+            operLog.setOperParam(params);
        }
        else
        {
-            operLog.setOperParam(StringUtils.substring(JSON.toJSONString(paramsMap, excludePropertyPreFilter(excludeParamNames)), 0, 2000));
+            operLog.setOperParam(StringUtils.substring(JSON.toJSONString(paramsMap, excludePropertyPreFilter(excludeParamNames)), 0, PARAM_MAX_LENGTH));
        }
    }

@ -184,7 +187,7 @@ public class LogAspect
     */
    private String argsArrayToString(Object[] paramsArray, String[] excludeParamNames)
    {
-        String params = "";
+        StringBuilder params = new StringBuilder();
        if (paramsArray != null && paramsArray.length > 0)
        {
            for (Object o : paramsArray)
@ -194,15 +197,20 @@ public class LogAspect
                    try
                    {
                        String jsonObj = JSON.toJSONString(o, excludePropertyPreFilter(excludeParamNames));
-                        params += jsonObj.toString() + " ";
+                        params.append(jsonObj).append(" ");
+                        if (params.length() >= PARAM_MAX_LENGTH)
+                        {
+                            return StringUtils.substring(params.toString(), 0, PARAM_MAX_LENGTH);
+                        }
                    }
                    catch (Exception e)
                    {
+                        log.error("请求参数拼装异常 msg:{}, 参数:{}", e.getMessage(), paramsArray, e);
                    }
                }
            }
        }
-        return params.trim();
+        return params.toString();
    }

    /**
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysPermissionServiceImpl.java
@ -6,6 +6,7 @@ import java.util.Set;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.CollectionUtils;
+import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.constant.UserConstants;
 import com.ruoyi.common.core.utils.StringUtils;
 import com.ruoyi.system.api.domain.SysRole;
@ -41,7 +42,7 @@ public class SysPermissionServiceImpl implements ISysPermissionService
        // 管理员拥有所有权限
        if (user.isAdmin())
        {
-            roles.add("admin");
+            roles.add(Constants.SUPER_ADMIN);
        }
        else
        {
@ -63,7 +64,7 @@ public class SysPermissionServiceImpl implements ISysPermissionService
        // 管理员拥有所有权限
        if (user.isAdmin())
        {
-            perms.add("*:*:*");
+            perms.add(Constants.ALL_PERMISSION);
        }
        else
        {
--- a/ruoyi-ui/src/views/tool/build/index.vue
+++ b/ruoyi-ui/src/views/tool/build/index.vue
@ -153,6 +153,7 @@ import DraggableItem from './DraggableItem'

 let oldActiveId
 let tempActiveData
+let clipboard = null

 export default {
  components: {
@ -211,7 +212,7 @@ export default {
    }
  },
  mounted() {
-    const clipboard = new ClipboardJS('#copyNode', {
+    clipboard = new ClipboardJS('#copyNode', {
      text: trigger => {
        const codeStr = this.generateCode()
        this.$notify({
@ -226,6 +227,9 @@ export default {
      this.$message.error('代码复制失败')
    })
  },
+  beforeDestroy() {
+    clipboard.destroy()
+  },
  methods: {
    activeFormItem(element) {
      this.activeData = element
Author	SHA1	Message	Date
D哥	b692b38edf	Pre Merge pull request !401 from D哥/N/A	2025-12-04 09:36:01 +00:00
RuoYi	f53b783049	优化数据权限控制逻辑，放开permission限制	2025-12-04 17:35:47 +08:00
RuoYi	97f30a5415	支持Excel导出对象的多个子列表	2025-12-04 16:48:19 +08:00
RuoYi	ad1d009165	升级tomcat到最新版本9.0.112	2025-12-04 16:43:11 +08:00
RuoYi	90cbabb7a7	优化代码	2025-12-04 16:42:55 +08:00
RuoYi	1c4dbb1e46	优化表单构建关闭页签销毁复制插件	2025-12-04 13:15:50 +08:00
D哥	6fb42d117e	解决数据权限过滤处理逻辑中，莫名其妙添加AND (d.dept_id = 0)的问题解决数据权限过滤处理逻辑中，莫名其妙添加AND (d.dept_id = 0)的问题。修改前生成sql语句： SELECT d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time, d.tenant_id FROM sys_dept d WHERE d.del_flag = '0' AND (d.dept_id = 0) ORDER BY d.parent_id, d.order_num 修改后生成sql语句： SELECT d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time, d.tenant_id FROM sys_dept d WHERE d.del_flag = '0' ORDER BY d.parent_id, d.order_num Signed-off-by: D哥 <12271764+darrenteng@user.noreply.gitee.com>	2025-03-21 07:27:12 +00:00