This article was first published on my blog:/post/
1. Overview
DataPermissionInterceptor is an interceptor plug-in in MyBatis-Plus, used to implement the data permission function. It intercepts the query, deletes and modifyes SQL and obtains the SQL to be executed, and parses out the tables and original conditions in the SQL. Through a DataPermissionHandler interface, it calls back and forth to obtain the data permission conditions of each table, and then splices it with the original conditions to form a new SQL, and executes the rewritten new SQL to realize the data permission function. Because the addition operation does not require data permission control, the addition situation is not handled.
The implementation of this class is relatively simple, because for data permissions, the parsing logic of more complex query SQL has basically been completed by the parent class. For details, see:BaseMultiTableInnerInterceptor source code interpretationAs a subclass, this class can just query SQL and call the parent class for parsing and rewriting. For the deleted and updated SQL, it only processes the where conditions of delete and update itself, and it is a single table operation. Therefore, for deletion and update, it is just a simple splicing of the original conditions of the table and the data permission conditions.
This article is based on the source code of MyBatis-Plus version 3.5.9 and forks the code:/changelzj/mybatis-plus/tree/lzj-3.5.9
public class DataPermissionInterceptor extends BaseMultiTableInnerInterceptor implements InnerInterceptor {
private DataPermissionHandler dataPermissionHandler;
@SuppressWarnings("RedundantThrows")
@Override
public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException {...}
@Override
public void beforePrepare(StatementHandler sh, Connection connection, Integer transactionTimeout) {...}
@Override
protected void processSelect(Select select, int index, String sql, Object obj) {...}
protected void setWhere(PlainSelect plainSelect, String whereSegment) {...}
@Override
protected void processUpdate(Update update, int index, String sql, Object obj) {...}
@Override
protected void processDelete(Delete delete, int index, String sql, Object obj) {...}
protected Expression getUpdateOrDeleteExpression(final Table table, final Expression where, final String whereSegment) {...}
@Override
public Expression buildTableExpression(final Table table, final Expression where, final String whereSegment) {...}
}
2. Source code interpretation
2.1 beforeQuery
The methodInnerInterceptorThe interface inherits, which is the starting point for parsing and querying SQL. MyBatis-Plus is the implementation when executing.InnerInterceptorIf the corresponding methods in the interface class callback are passed, the SQL to be executed will be passed and the rewrite SQL will be received to implement the modification of SQL, intercepted and called before querying SQL execution.beforeQuery(),beforeQuery()Go to call againparserSingle()
parserSingle()It is indirectly inherited from the parent class BaseMultiTableInnerInterceptor from the JsqlParserSupport abstract class. The function of the JsqlParserSupport class is very simple. Its function is to determine which type of SQL is added, deleted, modified and checked, and then call the corresponding method to start parsing.
When calledparserSingle()When passing in SQL, it will be in JsqlParserSupportprocessParser()In the method, first determine which Statement it is, and then force it to specific Select, Update, Delete, and Insert objects, and then call the indirect inheritance and rewritten by this class.processSelect()Method and pass in Select object.
processSelect()The method will call the parent class againprocessSelectBody()Perform the query SQL, and then call the parent class for each table and existing conditions parsed.builderExpression()Then call againbuildTableExpression()Get the data permission filtering conditions corresponding to the current table and then splice them with the existing conditions.
@SuppressWarnings("RedundantThrows")
@Override
public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException {
if ((())) {
return;
}
mpBs = (boundSql);
(parserSingle((), ()));
}
2.2 beforePrepare
The method andbeforeQuery()Same, fromInnerInterceptorInherited from the interface, because adding and modifying SQL must be precompiled, so this method can be used as the starting point for parsing, deleting and modifying SQL. The difference isbeforePrepare()The call isJsqlParserSupportInherited fromparserMulti(), because the query statement can only be executed one at a time, but the addition, deletion and modification statement can be executed multiple times at a time with semicolon intervals, so it needs to be calledparserMulti()Loop apart multiple statements, then judge and force them into specific Select, Update, Delete, and Insert objects, and then call the indirect inheritance and rewritten by this class respectively.processDelete()、processUpdate()Methods and pass in Delete and Update objects respectively, then directly parse the table to be deleted and updated and the existing delete update conditions, and call the parent classandExpression()Then invokebuildTableExpression()To splice data permission filtering conditions.
@Override
public void beforePrepare(StatementHandler sh, Connection connection, Integer transactionTimeout) {
mpSh = (sh);
MappedStatement ms = ();
SqlCommandType sct = ();
if (sct == || sct == ) {
if ((())) {
return;
}
mpBs = ();
(parserMulti((), ()));
}
}
2.3 processSelect
Start a parse of query SQL, the current version isif (dataPermissionHandler instanceof MultiDataPermissionHandler)The logic of the new version, call firstprocessSelectBody()Perform parsing, and calling the structure in WITHprocessSelectBody()Later, a separate analysis logic for queries in WITH was organized. The old version should directly obtain the conditions after where and pass them directly to the dataPermissionHandler, and append the where in the dataPermissionHandler. The new version code passes the parsed table to the dataPermissionHandler, and the data permission conditions that return the table are passed in the table name.
@Override
protected void processSelect(Select select, int index, String sql, Object obj) {
if (dataPermissionHandler == null) {
return;
}
if (dataPermissionHandler instance of MultiDataPermissionHandler) {
// Reference modifications
final String whereSegment = (String) obj;
processSelectBody(select, whereSegment);
List<WithItem> withItemsList = ();
if (!(withItemsList)) {
(withItem -> processSelectBody(withItem, whereSegment));
}
} else {
// Compatible with the original old version of DataPermissionHandler scenario
if (select instance of PlainSelect) {
((PlainSelect) select, (String) obj);
} else if (select instanceof SetOperationList) {
SetOperationList setOperationList = (SetOperationList) select;
List<Select> selectBodyList = ();
(s -> ((PlainSelect) s, (String) obj));
}
}
}2.4 setWhere
This code should be used for the old version, and it has not been reached
/**
* Set where conditions
*
* @param plainSelect query object
* @param whereSegment Query conditional fragment
*/
protected void setWhere(PlainSelect plainSelect, String whereSegment) {
if (dataPermissionHandler == null) {
return;
}
// Compatible with old version of data permission processing
final Expression sqlSegment = ((), whereSegment);
if (null != sqlSegment) {
(sqlSegment);
}
}2.5 processUpdate
/**
* update statement processing
*/
@Override
protected void processUpdate(Update update, int index, String sql, Object obj) {
final Expression sqlSegment = getUpdateOrDeleteExpression((), (), (String) obj);
if (null != sqlSegment) {
(sqlSegment);
}
}2.6 processDelete
/**
* delete statement processing
*/
@Override
protected void processDelete(Delete delete, int index, String sql, Object obj) {
final Expression sqlSegment = getUpdateOrDeleteExpression((), (), (String) obj);
if (null != sqlSegment) {
(sqlSegment);
}
}2.7 getUpdateOrDeleteExpression
For SQL updated and deleted, unlike queries, when the updated value is a subquery or the value of the updated delete condition is a subquery, the table in this subquery will not be appended. Only the conditions themselves for the entire update or delete statement and the data permission filtering conditions to be appended are AND and OR spliced. Therefore, the table name and WHERE conditions will be called directly to the parent class.andExpression(table, where, whereSegment)When splicing, the return value of the method is the result after splicing, and it is returned directly.
protected Expression getUpdateOrDeleteExpression(final Table table, final Expression where, final String whereSegment) {
if (dataPermissionHandler == null) {
return null;
}
if (dataPermissionHandler instance of MultiDataPermissionHandler) {
return andExpression(table, where, whereSegment);
} else {
// Compatible with old version of data permission processing
return (where, whereSegment);
}
}2.8 buildTableExpression
Pass in the table name and return the data permission filtering conditions to be appended to the table. Which table needs what data permission conditions, the callback will be passed.()Let the implementation class of DataPermissionHandler be determined based on the specific business
@Override
public Expression buildTableExpression(final Table table, final Expression where, final String whereSegment) {
if (dataPermissionHandler == null) {
return null;
}
// Only the new version of the data permission processor will execute here
final MultiDataPermissionHandler handler = (MultiDataPermissionHandler) dataPermissionHandler;
return (table, where, whereSegment);
}