diff --git a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java index 1f967e19..76b9d509 100644 --- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java +++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/query/QueryGenerator.java @@ -861,7 +861,9 @@ public class QueryGenerator { return null; } Set varParams = new HashSet(); - String regex = "\\#\\{\\w+\\}"; + //update-begin---author:chenrui ---date:20250108 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ + String regex = "#\\{\\[*\\w+]*}"; + //update-end---author:chenrui ---date:20250108 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ Pattern p = Pattern.compile(regex); Matcher m = p.matcher(sql); diff --git a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java index bdd73c78..73c7642f 100644 --- a/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java +++ b/jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java @@ -6,16 +6,6 @@ import com.auth0.jwt.algorithms.Algorithm; import com.auth0.jwt.exceptions.JWTDecodeException; import com.auth0.jwt.interfaces.DecodedJWT; import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.common.base.Joiner; - -import java.io.IOException; -import java.io.OutputStream; -import java.util.Date; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - import lombok.extern.slf4j.Slf4j; import org.apache.shiro.SecurityUtils; import org.jeecg.common.api.vo.Result; @@ -30,6 +20,16 @@ import org.jeecg.common.util.DateUtils; import org.jeecg.common.util.SpringContextUtils; import org.jeecg.common.util.oConvertUtils; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.OutputStream; +import java.util.Date; +import java.util.Objects; +import java.util.stream.Collectors; + /** * @Author Scott * @Date 2018-07-12 14:23 @@ -197,6 +197,14 @@ public class JwtUtil { } else { key = key; } + //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ + // 是否存在字符串标志 + boolean multiStr = false; + if(oConvertUtils.isNotEmpty(key) && key.trim().matches("^\\[\\w+]$")){ + key = key.substring(1,key.length()-1); + multiStr = true; + } + //update-end---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ //替换为当前系统时间(年月日) if (key.equals(DataBaseConstant.SYS_DATE)|| key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) { returnValue = DateUtils.formatDate(); @@ -265,11 +273,22 @@ public class JwtUtil { if(user==null){ //TODO 暂时使用用户登录部门,存在逻辑缺陷,不是用户所拥有的部门 returnValue = sysUser.getOrgCode(); + //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ + returnValue = multiStr ? "'" + returnValue + "'" : returnValue; + //update-end---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ }else{ if(user.isOneDepart()) { returnValue = user.getSysMultiOrgCode().get(0); + //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ + returnValue = multiStr ? "'" + returnValue + "'" : returnValue; + //update-end---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ }else { - returnValue = Joiner.on(",").join(user.getSysMultiOrgCode()); + //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ + returnValue = user.getSysMultiOrgCode().stream() + .filter(Objects::nonNull) + .map(orgCode -> "'" + orgCode + "'") + .collect(Collectors.joining(", ")); + //update-end---author:chenrui ---date:20250107 for:[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------ } } }