youhua

ruoyi-api/src/main/java/com/ruoyi/api/app/DapingController.java

@@ -6,9 +6,11 @@ import com.ruoyi.common.core.page.R;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import java.util.List;
+import java.util.Map;
 
 /**
  * 大屏的接口
@@ -22,13 +24,13 @@ public class DapingController {
     private DapingService dapingService;
 
     @RequestMapping("/station/info")
-    public List<WaterPhotoInfo> getStationInfo(){
+    public R getStationInfo(@RequestParam Map<String,Object> params){
-        return dapingService.getStationInfo();
+        return dapingService.getStationInfo(params);
     }
 
     @RequestMapping("/station/waterLevel")
-    public List<WaterPhotoInfo> getStationWaterLevel(){
+    public R getStationWaterLevel(@RequestParam Map<String,Object> params){
-        return dapingService.getStationWaterLevel();
+        return dapingService.getStationWaterLevel(params);
     }
 
     @RequestMapping("/station/waterLevelTrend")
@@ -37,13 +39,13 @@ public class DapingController {
     }
 
     @RequestMapping("/station/status")
-    public R getStationByStatus(){
+    public R getStationByStatus(@RequestParam Map<String,Object> params){
-        return dapingService.getStationByStatus();
+        return dapingService.getStationByStatus(params);
     }
 
     @RequestMapping("/station/count")
-    public R getCount(){
+    public R getCount(@RequestParam Map<String,Object> params){
-        return dapingService.getCount();
+        return dapingService.getCount(params);
     }
 
 }

ruoyi-api/src/main/java/com/ruoyi/api/mapper/DapingMapper.java

@@ -17,13 +17,13 @@ public interface DapingMapper extends BaseMapper<WaterPhotoInfo> {
      * 大屏查询查询站点信息
      * @return
      */
-    List<WaterPhotoInfo> selectStationInfo();
+    List<WaterPhotoInfo> selectStationInfo(@Param("params") Map<String,Object> params);
 
     /**
      * 实时水位
      * @return
      */
-    List<WaterPhotoInfo> selectWaterLevel();
+    List<WaterPhotoInfo> selectWaterLevel(@Param("params") Map<String,Object> params);
 
     /**
      * 水位趋势
@@ -41,13 +41,13 @@ public interface DapingMapper extends BaseMapper<WaterPhotoInfo> {
      * 在线
      * @return
      */
-    Map<String,Object> selectStationByOnlineStatus();
+    Map<String,Object> selectStationByOnlineStatus(@Param("params") Map<String,Object> params);
 
     /**
      * 不在线
      * @return
      */
-    Map<String,Object> selectStationByOfflineStatus();
+    Map<String,Object> selectStationByOfflineStatus(@Param("params") Map<String,Object> params);
 
     /**
      * 查询所有的区域
@@ -63,5 +63,5 @@ public interface DapingMapper extends BaseMapper<WaterPhotoInfo> {
      * @param aleaId
      * @return
      */
-    Integer selectZXAndLXCount(@Param("status") Integer status,@Param("aleaId") Integer aleaId);
+    Integer selectZXAndLXCount(@Param("params") Map<String,Object> params);
 }

ruoyi-api/src/main/java/com/ruoyi/api/service/DapingService.java

@@ -5,19 +5,20 @@ import com.ruoyi.code.camera.domain.WaterPhotoInfo;
 import com.ruoyi.common.core.page.R;
 
 import java.util.List;
+import java.util.Map;
 
 public interface DapingService extends IService<WaterPhotoInfo> {
     /**
      * 大屏查询查询站点信息
      * @return
      */
-    List<WaterPhotoInfo> getStationInfo();
+    R getStationInfo(Map<String,Object> params);
 
     /**
      * 实时水位
      * @return
      */
-    List<WaterPhotoInfo> getStationWaterLevel();
+    R getStationWaterLevel(Map<String,Object> params);
     /**
      * 水位趋势
      * @return
@@ -28,10 +29,10 @@ public interface DapingService extends IService<WaterPhotoInfo> {
      * 查询状态
      * @return
      */
-    R getStationByStatus();
+    R getStationByStatus(Map<String,Object> params);
 
     /**
      * 水位计分布
      */
-    R getCount();
+    R getCount(Map<String,Object> params);
 }

ruoyi-api/src/main/java/com/ruoyi/api/service/impl/DapingServiceImpl.java

@@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.ruoyi.api.mapper.DapingMapper;
 import com.ruoyi.api.service.DapingService;
 import com.ruoyi.code.camera.domain.WaterPhotoInfo;
+import com.ruoyi.common.annotation.DeptDataScope;
 import com.ruoyi.common.core.page.R;
 import com.ruoyi.common.utils.StringUtils;
 import org.springframework.stereotype.Service;
@@ -21,8 +22,9 @@ public class DapingServiceImpl extends ServiceImpl<DapingMapper, WaterPhotoInfo>
      * @return
      */
     @Override
-    public List<WaterPhotoInfo> getStationInfo() {
+    @DeptDataScope(deptAlias="s")
-        return baseMapper.selectStationInfo().stream().filter(waterPhotoInfo -> {
+    public R getStationInfo(Map<String,Object> params) {
+        List<WaterPhotoInfo> list = baseMapper.selectStationInfo(params).stream().filter(waterPhotoInfo -> {
             String imgName = waterPhotoInfo.getImgName();
             if(StringUtils.isNotBlank(imgName)) {
                 String img = imgName.replace("\\", "/");
@@ -30,6 +32,8 @@ public class DapingServiceImpl extends ServiceImpl<DapingMapper, WaterPhotoInfo>
             }
             return true;
         }).collect(Collectors.toList());
+
+        return R.ok().put("data",list);
     }
 
     /**
@@ -37,8 +41,10 @@ public class DapingServiceImpl extends ServiceImpl<DapingMapper, WaterPhotoInfo>
      * @return
      */
     @Override
-    public List<WaterPhotoInfo> getStationWaterLevel() {
+    @DeptDataScope(deptAlias="s")
-        return baseMapper.selectWaterLevel();
+    public R getStationWaterLevel(Map<String,Object> params) {
+        List<WaterPhotoInfo> list = baseMapper.selectWaterLevel(params);
+        return R.ok().put("data",list);
     }
     /**
      * 水位趋势
@@ -87,9 +93,10 @@ public class DapingServiceImpl extends ServiceImpl<DapingMapper, WaterPhotoInfo>
     }
 
     @Override
-    public R getStationByStatus() {
+    @DeptDataScope(deptAlias="s")
-        Map<String, Object> map1 = baseMapper.selectStationByOnlineStatus();
+    public R getStationByStatus(Map<String,Object> params) {
-        Map<String, Object> map2 = baseMapper.selectStationByOfflineStatus();
+        Map<String, Object> map1 = baseMapper.selectStationByOnlineStatus(params);
+        Map<String, Object> map2 = baseMapper.selectStationByOfflineStatus(params);
         List<Map<String, Object>> resultList = new ArrayList<>();
         resultList.add(map1);
         resultList.add(map2);
@@ -97,7 +104,8 @@ public class DapingServiceImpl extends ServiceImpl<DapingMapper, WaterPhotoInfo>
     }
 
     @Override
-    public R getCount() {
+    @DeptDataScope(deptAlias="s")
+    public R getCount(Map<String,Object> params) {
         List<Map<String, Object>> map = baseMapper.selectAllAlea();
         Map<String, Object> result = new HashMap<>();
         // 区域名称
@@ -109,9 +117,12 @@ public class DapingServiceImpl extends ServiceImpl<DapingMapper, WaterPhotoInfo>
         for (Map<String, Object> m : map) {
             Integer aleaId = (Integer)m.get("alea_id");
             // 查询各个区域在线的设备
-            Integer zxCount = baseMapper.selectZXAndLXCount(1,aleaId);
+            params.put("aleaId",aleaId);
+            params.put("status",1);
+            Integer zxCount = baseMapper.selectZXAndLXCount(params);
             // 查询各个区域离线的设备
-            Integer lxCount = baseMapper.selectZXAndLXCount(0,aleaId);
+            params.put("status",0);
+            Integer lxCount = baseMapper.selectZXAndLXCount(params);
             zx.add(zxCount);
             lx.add(lxCount);
             stnms.add((String) m.get("alea_name"));

ruoyi-api/src/main/resources/mapper/api/DapingMapper.xml

@@ -17,6 +17,7 @@
             sc_station_info s
                 inner join sc_water_current_data c on c.stnm_id = s.id
         where s.del_flag='0'
+            ${params.dataScope}
     </select>
     <select id="selectWaterLevel" resultType="com.ruoyi.code.camera.domain.WaterPhotoInfo">
         SELECT
@@ -29,6 +30,7 @@
             sc_station_info s
         LEFT JOIN sc_water_current_data w ON w.stnm_id = s.id
         where s.del_flag='0'
+            ${params.dataScope}
     </select>
     <select id="selectWaterLevelTrend" resultType="com.ruoyi.code.camera.domain.WaterPhotoInfo">
         select tms.tm,d.id, d.stnm, ifnull(d.value,0) value
@@ -75,10 +77,16 @@
         </if>
     </select>
     <select id="selectStationByOnlineStatus" resultType="java.util.Map">
-        select count(1) as value , '在线' as name from camera where status = '1' and first_time is not null and del_flag='0'
+        select count(1) as value , '在线' as name from camera a
+        left join sc_station_info s on a.devsn = s.camera_sn
+        where a.status = '1' and a.first_time is not null and a.del_flag='0'
+        ${params.dataScope}
     </select>
     <select id="selectStationByOfflineStatus" resultType="java.util.Map">
-        select count(1) as value , '不在线' as name from camera where status = '0' and first_time is not null and del_flag='0'
+        select count(1) as value , '不在线' as name from camera a
+            left join sc_station_info s on a.devsn = s.camera_sn
+        where a.status = '0' and a.first_time is not null and a.del_flag='0'
+            ${params.dataScope}
     </select>
 
     <select id="selectAllAlea" resultType="java.util.Map">
@@ -89,9 +97,13 @@
         SELECT
             count( 1 )
         FROM
-            camera
+            camera a
+        left join sc_station_info s on a.devsn = s.camera_sn
         WHERE
-            `status` = #{status} and del_flag='0'
+            a.status = #{params.status} and a.del_flag='0'
-          AND devsn IN ( SELECT camera_sn FROM sc_station_info WHERE del_flag = '0' AND alea_id = #{aleaId} )
+          AND a.devsn IN (
+              SELECT camera_sn FROM sc_station_info WHERE del_flag = '0' AND alea_id = #{params.aleaId}
+              ${params.dataScope}
+        )
     </select>
 </mapper>

ruoyi-code/src/main/java/com/ruoyi/code/camera/controller/CameraController.java

@@ -6,6 +6,7 @@ import com.ruoyi.code.camera.domain.Camera;
 import com.ruoyi.code.camera.domain.CameraParams;
 import com.ruoyi.code.camera.domain.LogInfo;
 import com.ruoyi.code.camera.service.ICameraService;
+import com.ruoyi.common.annotation.DataScope;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.page.R;

ruoyi-code/src/main/java/com/ruoyi/code/camera/service/impl/CameraServiceImpl.java

@@ -7,6 +7,8 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.ruoyi.code.camera.domain.CameraBrand;
 import com.ruoyi.code.camera.service.ICameraBrandService;
 import com.ruoyi.code.sctaationinfo.domain.ScStationInfo;
+import com.ruoyi.common.annotation.DataScope;
+import com.ruoyi.common.annotation.DeptDataScope;
 import com.ruoyi.common.config.RuoYiConfig;
 import com.ruoyi.common.core.page.R;
 import com.ruoyi.common.utils.Query;
@@ -40,14 +42,15 @@ public class CameraServiceImpl extends ServiceImpl<CameraMapper, Camera> impleme
 
     @Autowired
     private ICameraBrandService iCameraBrandService;
+
     @Override
+    @DeptDataScope(deptAlias="s")
     public R queryPage(Map<String, Object> params) {
         IPage<Camera> page = baseMapper.queryPage(
                 new Query<Camera>().getPage(params),
                 params
 
         );
-
         return R.ok().put("count", page.getTotal()).put("data", page.getRecords());
     }
 

ruoyi-code/src/main/java/com/ruoyi/code/camera/service/impl/WaterPhotoInfoServiceImpl.java

@@ -10,6 +10,7 @@ import com.ruoyi.code.camera.mapper.WaterPhotoInfoMapper;
 import com.ruoyi.code.camera.service.IWaterPhotoInfoService;
 import com.ruoyi.code.sctaationinfo.domain.ScStationInfo;
 import com.ruoyi.code.sctaationinfo.service.IScStationInfoService;
+import com.ruoyi.common.annotation.DeptDataScope;
 import com.ruoyi.common.core.page.R;
 import com.ruoyi.common.exception.RYException;
 import com.ruoyi.common.utils.DateUtils;
@@ -34,6 +35,7 @@ public class WaterPhotoInfoServiceImpl extends ServiceImpl<WaterPhotoInfoMapper,
     private IScStationInfoService scStationInfoService;
 
     @Override
+    @DeptDataScope(deptAlias = "s")
     public R queryPage(Map<String, Object> params) {
             String startTime = (String) params.get("startTime");
             String endTime = (String) params.get("endTime");
@@ -56,6 +58,7 @@ public class WaterPhotoInfoServiceImpl extends ServiceImpl<WaterPhotoInfoMapper,
     }
 
     @Override
+    @DeptDataScope(deptAlias = "s")
     public R getScWaterCurrentDataList(Map<String, Object> params) {
         IPage<WaterPhotoInfo> page = baseMapper.selectWaterCurrentDataList(
                 new Query<WaterPhotoInfo>().getPage(params),

ruoyi-code/src/main/java/com/ruoyi/code/sctaationinfo/controller/ScStationInfoController.java

@@ -40,8 +40,8 @@ public class ScStationInfoController extends BaseController
     }
 
     @RequestMapping("/listAll")
-    public R listAll(){
+    public R listAll(@RequestParam Map<String, Object> params){
-        return scStationInfoService.listAll();
+        return scStationInfoService.listAll(params);
     }
 
     /**

ruoyi-code/src/main/java/com/ruoyi/code/sctaationinfo/service/IScStationInfoService.java

@@ -19,5 +19,5 @@ public interface IScStationInfoService extends IService<ScStationInfo>
      */
     R queryPage(Map<String, Object> params);
 
-    R listAll();
+    R listAll(Map<String, Object> params);
 }

ruoyi-code/src/main/java/com/ruoyi/code/sctaationinfo/service/impl/ScStationInfoServiceImpl.java

@@ -1,15 +1,19 @@
 package com.ruoyi.code.sctaationinfo.service.impl;
 
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.ruoyi.code.sctaationinfo.domain.ScStationInfo;
 import com.ruoyi.code.sctaationinfo.mapper.ScStationInfoMapper;
 import com.ruoyi.code.sctaationinfo.service.IScStationInfoService;
+import com.ruoyi.common.annotation.DeptDataScope;
 import com.ruoyi.common.core.page.R;
 import com.ruoyi.common.utils.Query;
+import com.ruoyi.common.utils.StringUtils;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
 import java.util.Map;
 
 
@@ -23,6 +27,7 @@ import java.util.Map;
 public class ScStationInfoServiceImpl extends ServiceImpl<ScStationInfoMapper, ScStationInfo> implements IScStationInfoService
 {
     @Override
+    @DeptDataScope(deptAlias="a")
     public R queryPage(Map<String, Object> params) {
         IPage<ScStationInfo> page = baseMapper.queryPage(
                 new Query<ScStationInfo>().getPage(params),
@@ -33,10 +38,14 @@ public class ScStationInfoServiceImpl extends ServiceImpl<ScStationInfoMapper, S
     }
 
     @Override
-    public R listAll() {
+    @DeptDataScope
-        LambdaQueryWrapper<ScStationInfo> wrapper = new LambdaQueryWrapper<>();
+    public R listAll(Map<String, Object> params) {
-        wrapper.select(ScStationInfo::getStnm,ScStationInfo::getId);
+        String sql = (String)params.get("dataScope");
-        return R.ok().put("data",baseMapper.selectList(wrapper));
+        List<ScStationInfo> list = list(
+                new QueryWrapper<ScStationInfo>()
+                        .eq("del_flag","0")
+                        .last(StringUtils.isNotBlank(sql),sql));
+        return R.ok().put("data",list);
     }
 
 

ruoyi-code/src/main/resources/mapper/camera/CameraMapper.xml

@@ -22,16 +22,17 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
     </select>
 
     <select id="queryPage" resultType="com.ruoyi.code.camera.domain.Camera">
-        select * from camera
+        select c.* from camera c
-
+        left join sc_station_info s on c.devsn = s.camera_sn
         <where>
-            del_flag='0'
+            c.del_flag='0' and s.del_flag='0'
             <if test="params.devsn!= null and params.devsn != ''">
                 and devsn like concat('%',#{params.devsn},'%')
             </if>
             <if test="params.name != null and params.name != ''">
                 and name like concat('%',#{params.name},'%')
             </if>
+            ${params.dataScope}
         </where>
     </select>
 </mapper>

ruoyi-code/src/main/resources/mapper/camera/WaterPhotoInfoMapper.xml

@@ -18,6 +18,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
                <if test="params.stcd !=null and params.stcd !=''">and c.name like concat('%',#{params.stcd},'%')</if>
                <if test="params.startTime != null and params.startTime !=''"> and w.tm &gt;= #{params.startTime }</if>
                <if test="params.endTime != null and params.endTime !=''"> and w.tm &lt;= #{params.endTime}</if>
+               ${params.dataScope}
            </where>
     order by w.tm desc
     </select>
@@ -37,6 +38,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
            s.del_flag='0' and c.del_flag='0'
            <if test="params.stnm !=null and params.stnm !=''">and s.stnm like concat('%',#{params.stnm},'%')</if>
            <if test="params.stcd !=null and params.stcd !=''">and c.name like concat('%',#{params.name},'%')</if>
+            ${params.dataScope}
        </where>
     </select>
     <select id="selectWaterData" resultType="com.ruoyi.code.camera.domain.YcData">

ruoyi-code/src/main/resources/mapper/scStationInfo/ScStationInfoMapper.xml

@@ -7,13 +7,14 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
     <select id="queryPage" resultType="com.ruoyi.code.sctaationinfo.domain.ScStationInfo">
         select a.* , b.name camera_name from sc_station_info a
         left join camera b on a.camera_sn = b.devsn
-        where a.del_flag='0'
+        where a.del_flag='0' and b.del_flag='0'
         <if test="params.stnm != null and params.stnm != ''">
             and a.stnm like concat('%',#{params.stnm},'%')
         </if>
         <if test="params.cameraName != null and params.cameraName != ''">
             and b.name like concat('%',#{params.cameraName},'%')
         </if>
+        ${params.dataScope}
         order by a.id desc
     </select>
 </mapper>

ruoyi-common/src/main/java/com/ruoyi/common/annotation/DeptDataScope.java

@@ -0,0 +1,24 @@
+package com.ruoyi.common.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * 数据权限过滤注解
+ *
+ * @author ruoyi
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface DeptDataScope
+{
+    /**
+     * 部门表的别名
+     */
+    public String deptAlias() default "";
+
+    /**
+     * 用户表的别名
+     */
+    public String userAlias() default "";
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DeptDataScopeAspect.java

@@ -0,0 +1,166 @@
+package com.ruoyi.framework.aspectj;
+
+import com.ruoyi.common.annotation.DataScope;
+import com.ruoyi.common.annotation.DeptDataScope;
+import com.ruoyi.common.core.domain.BaseEntity;
+import com.ruoyi.common.core.domain.entity.SysRole;
+import com.ruoyi.common.core.domain.entity.SysUser;
+import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.utils.StringUtils;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.springframework.stereotype.Component;
+
+import java.util.Map;
+
+/**
+ * 数据过滤处理
+ *
+ * @author ruoyi
+ */
+@Aspect
+@Component
+public class DeptDataScopeAspect
+{
+    /**
+     * 全部数据权限
+     */
+    public static final String DATA_SCOPE_ALL = "1";
+
+    /**
+     * 自定数据权限
+     */
+    public static final String DATA_SCOPE_CUSTOM = "2";
+
+    /**
+     * 部门数据权限
+     */
+    public static final String DATA_SCOPE_DEPT = "3";
+
+    /**
+     * 部门及以下数据权限
+     */
+    public static final String DATA_SCOPE_DEPT_AND_CHILD = "4";
+
+    /**
+     * 仅本人数据权限
+     */
+    public static final String DATA_SCOPE_SELF = "5";
+
+    /**
+     * 数据权限过滤关键字
+     */
+    public static final String DATA_SCOPE = "dataScope";
+
+    @Before("@annotation(controllerDataScope)")
+    public void doBefore(JoinPoint point, DeptDataScope controllerDataScope) throws Throwable
+    {
+        clearDataScope(point);
+        handleDataScope(point, controllerDataScope);
+    }
+
+    protected void handleDataScope(final JoinPoint joinPoint, DeptDataScope controllerDataScope)
+    {
+        // 获取当前的用户
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (StringUtils.isNotNull(loginUser))
+        {
+            SysUser currentUser = loginUser.getUser();
+            // 如果是超级管理员，则不过滤数据
+            if (StringUtils.isNotNull(currentUser) && !currentUser.isAdmin())
+            {
+                dataScopeFilter(joinPoint, currentUser, controllerDataScope.deptAlias(),
+                        controllerDataScope.userAlias());
+            }
+        }
+    }
+
+    /**
+     * 数据范围过滤
+     *
+     * @param joinPoint 切点
+     * @param user 用户
+     * @param userAlias 别名
+     */
+    public static void dataScopeFilter(JoinPoint joinPoint, SysUser user, String deptAlias, String userAlias)
+    {
+        StringBuilder sqlString = new StringBuilder();
+
+
+        for (SysRole role : user.getRoles())
+        {
+            String dataScope = role.getDataScope();
+            if (DATA_SCOPE_ALL.equals(dataScope))
+            {
+                sqlString = new StringBuilder();
+                break;
+            }
+            else if (DATA_SCOPE_CUSTOM.equals(dataScope))
+            {
+                if(StringUtils.isNotBlank(deptAlias)){
+                    sqlString.append(StringUtils.format(
+                            " OR {}.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", deptAlias,
+                            role.getRoleId()));
+                }else{
+                    sqlString.append(StringUtils.format(
+                            " OR dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id = {} ) ", role.getRoleId()));
+                }
+            }
+            else if (DATA_SCOPE_DEPT.equals(dataScope))
+            {
+                if(StringUtils.isNotBlank(deptAlias)){
+                    sqlString.append(StringUtils.format(" OR {}.dept_id = {} ", deptAlias, user.getDeptId()));
+                }else{
+                    sqlString.append(StringUtils.format(" OR dept_id = {} ", user.getDeptId()));
+                }
+            }
+            else if (DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope))
+            {
+                if(StringUtils.isNotBlank(deptAlias)){
+                    sqlString.append(StringUtils.format(
+                            " OR {}.dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
+                            deptAlias, user.getDeptId(), user.getDeptId()));
+                }else{
+                    sqlString.append(StringUtils.format(
+                            " OR dept_id IN ( SELECT dept_id FROM sys_dept WHERE dept_id = {} or find_in_set( {} , ancestors ) )",
+                            user.getDeptId(), user.getDeptId()));
+                }
+            }
+            else if (DATA_SCOPE_SELF.equals(dataScope))
+            {
+                if (StringUtils.isNotBlank(userAlias))
+                {
+                    sqlString.append(StringUtils.format(" OR {}.user_id = {} ", userAlias, user.getUserId()));
+                }
+                else
+                {
+                    // 数据权限为仅本人且没有userAlias别名不查询任何数据
+                    sqlString.append(" OR 1=0 ");
+                }
+            }
+        }
+
+        if (StringUtils.isNotBlank(sqlString.toString()))
+        {
+            Map<String,Object> params = (Map<String, Object>) joinPoint.getArgs()[0];
+            if (params != null)
+            {
+                params.put(DATA_SCOPE, " AND (" + sqlString.substring(4) + ")");
+            }
+        }
+    }
+
+    /**
+     * 拼接权限sql前先清空params.dataScope参数防止注入
+     */
+    private void clearDataScope(final JoinPoint joinPoint)
+    {
+        Map<String,Object> params = (Map<String, Object>) joinPoint.getArgs()[0];
+        if (params != null)
+        {
+            params.put(DATA_SCOPE, "");
+        }
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -112,7 +112,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .antMatchers("/webjars/**").anonymous()
                 .antMatchers("/*/api-docs").anonymous()
                 .antMatchers("/druid/**").anonymous()
-                .antMatchers("/api/**").anonymous()
+//                .antMatchers("/api/**").anonymous()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
                 .and()