codingapi
diff --git a/‎example/example-application/pom.xml
Lines changed: 1 addition & 1 deletion b/‎example/example-application/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/example-domain/pom.xml
Lines changed: 1 addition & 1 deletion b/‎example/example-domain/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/example-infra-flow/pom.xml
Lines changed: 1 addition & 1 deletion b/‎example/example-infra-flow/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/example-infra-jpa/pom.xml
Lines changed: 1 addition & 1 deletion b/‎example/example-infra-jpa/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/example-server/pom.xml
Lines changed: 1 addition & 1 deletion b/‎example/example-server/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎example/pom.xml
Lines changed: 1 addition & 1 deletion b/‎example/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎pom.xml
Lines changed: 1 addition & 1 deletion b/‎pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎springboot-starter-data-authorization/pom.xml
Lines changed: 1 addition & 1 deletion b/‎springboot-starter-data-authorization/pom.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/DataAuthorizationConfiguration.java
Lines changed: 8 additions & 0 deletions b/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/DataAuthorizationConfiguration.java
Lines changed: 8 additions & 0 deletions
diff --git a/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/DataAuthorizationContext.java
Lines changed: 6 additions & 5 deletions b/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/DataAuthorizationContext.java
Lines changed: 6 additions & 5 deletions
diff --git a/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/analyzer/SelectSQLAnalyzer.java
Lines changed: 0 additions & 120 deletions b/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/analyzer/SelectSQLAnalyzer.java
Lines changed: 0 additions & 120 deletions
diff --git a/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
Lines changed: 110 additions & 0 deletions b/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/enhancer/DataPermissionSQLEnhancer.java
Lines changed: 110 additions & 0 deletions
diff --git a/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/interceptor/DataPermissionSQL.java
Lines changed: 19 additions & 0 deletions b/‎springboot-starter-data-authorization/src/main/java/com/codingapi/springboot/authorization/interceptor/DataPermissionSQL.java
Lines changed: 19 additions & 0 deletions
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-example</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>3.3.42</version>
+        <version>3.3.43</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-example</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>3.3.42</version>
+        <version>3.3.43</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-example</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>3.3.42</version>
+        <version>3.3.43</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-example</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>3.3.42</version>
+        <version>3.3.43</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>springboot-example</artifactId>
         <groupId>com.codingapi.springboot</groupId>
-        <version>3.3.42</version>
+        <version>3.3.43</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
 
@@ -17,7 +17,7 @@
     </parent>
 
     <artifactId>springboot-example</artifactId>
-    <version>3.3.42</version>
+    <version>3.3.43</version>
 
     <name>springboot-example</name>
     <description>springboot-example project for Spring Boot</description>
 
@@ -15,7 +15,7 @@
 
     <groupId>com.codingapi.springboot</groupId>
     <artifactId>springboot-parent</artifactId>
-    <version>3.3.42</version>
+    <version>3.3.43</version>
 
     <url>https://github.com/codingapi/springboot-framewrok</url>
     <name>springboot-parent</name>
 
@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.codingapi.springboot</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>3.3.42</version>
+        <version>3.3.43</version>
     </parent>
 
     <artifactId>springboot-starter-data-authorization</artifactId>
 
@@ -5,11 +5,13 @@
 import com.codingapi.springboot.authorization.handler.ColumnHandler;
 import com.codingapi.springboot.authorization.handler.RowHandler;
 import com.codingapi.springboot.authorization.interceptor.SQLInterceptor;
+import com.codingapi.springboot.authorization.properties.DataAuthorizationProperty;
 import com.codingapi.springboot.authorization.register.ConditionHandlerRegister;
 import com.codingapi.springboot.authorization.register.DataAuthorizationContextRegister;
 import com.codingapi.springboot.authorization.register.ResultSetHandlerRegister;
 import com.codingapi.springboot.authorization.register.SQLInterceptorRegister;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -18,6 +20,12 @@
 @Configuration
 public class DataAuthorizationConfiguration {
 
+    @Bean
+    @ConfigurationProperties(prefix = "codingapi.data-authorization")
+    public DataAuthorizationProperty dataAuthorizationProperty(){
+        return new DataAuthorizationProperty();
+    }
+
     @Bean
     public ConditionHandlerRegister conditionHandlerRegister(@Autowired(required = false) RowHandler rowHandler) {
         return new ConditionHandlerRegister(rowHandler);
 
@@ -27,23 +27,24 @@ public void addDataAuthorizationFilter(DataAuthorizationFilter filter) {
         this.filters.add(filter);
     }
 
-    public void clearDataAuthorizationFilters(){
+    public void clearDataAuthorizationFilters() {
         this.filters.clear();
     }
 
     public <T> T columnAuthorization(SQLInterceptState interceptState, String tableName, String columnName, T value) {
-        if (interceptState != null && interceptState.hasIntercept() && StringUtils.hasText(tableName)) {
+        if (interceptState != null && interceptState.hasIntercept()) {
+            String realTableName = interceptState.getTableName(tableName);
             for (DataAuthorizationFilter filter : filters) {
-                if (filter.supportColumnAuthorization(tableName, columnName, value)) {
-                    return filter.columnAuthorization(tableName, columnName, value);
+                if (filter.supportColumnAuthorization(realTableName, columnName, value)) {
+                    return filter.columnAuthorization(realTableName, columnName, value);
                 }
             }
         }
         return value;
     }
 
     public Condition rowAuthorization(String tableName, String tableAlias) {
-        if(StringUtils.hasText(tableName) && StringUtils.hasText(tableAlias)) {
+        if (StringUtils.hasText(tableName) && StringUtils.hasText(tableAlias)) {
             for (DataAuthorizationFilter filter : filters) {
                 if (filter.supportRowAuthorization(tableName, tableAlias)) {
                     return filter.rowAuthorization(tableName, tableAlias);
 
@@ -0,0 +1,110 @@
+package com.codingapi.springboot.authorization.enhancer;
+
+import com.codingapi.springboot.authorization.handler.Condition;
+import com.codingapi.springboot.authorization.handler.RowHandler;
+import lombok.Getter;
+import net.sf.jsqlparser.expression.Expression;
+import net.sf.jsqlparser.expression.operators.conditional.AndExpression;
+import net.sf.jsqlparser.parser.CCJSqlParserUtil;
+import net.sf.jsqlparser.schema.Table;
+import net.sf.jsqlparser.statement.Statement;
+import net.sf.jsqlparser.statement.select.FromItem;
+import net.sf.jsqlparser.statement.select.Join;
+import net.sf.jsqlparser.statement.select.PlainSelect;
+import net.sf.jsqlparser.statement.select.Select;
+
+import java.sql.SQLException;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 数据权限 SQL 增强器
+ */
+public class DataPermissionSQLEnhancer {
+
+    private final String sql;
+    private final RowHandler rowHandler;
+
+    @Getter
+    private final Map<String, String> tableAlias;
+
+    // 构造函数
+    public DataPermissionSQLEnhancer(String sql, RowHandler rowHandler) {
+        // 如何sql中存在? 则在?后面添加空格
+        this.sql = sql.replaceAll("\\?", " ? ");
+        this.rowHandler = rowHandler;
+        this.tableAlias = new HashMap<>();
+    }
+
+    // 获取增强后的SQL
+    public String getNewSQL() throws SQLException {
+        try {
+            Statement statement = CCJSqlParserUtil.parse(sql);
+            if (statement instanceof Select) {
+                Select select = (Select) statement;
+                PlainSelect plainSelect = select.getPlainSelect();
+
+                this.enhanceDataPermissionInSelect(plainSelect);
+                return statement.toString();
+            }
+        } catch (Exception e) {
+            throw new SQLException(e);
+        }
+        return sql;
+    }
+
+    // 增强 SELECT 语句
+    private void enhanceDataPermissionInSelect(PlainSelect plainSelect) throws Exception {
+        this.applyDataPermissionToSubquery(plainSelect);
+
+        FromItem fromItem = plainSelect.getFromItem();
+
+        // 处理主 FROM 项（如果是子查询）
+        if (fromItem instanceof Select) {
+            this.applyDataPermissionToSubquery((Select) fromItem);
+        }
+        Expression where = plainSelect.getWhere();
+
+        // 处理JOIN或关联子查询
+        if (plainSelect.getJoins() != null) {
+            for (Join join : plainSelect.getJoins()) {
+                if (join.getRightItem() instanceof Select) {
+                    this.applyDataPermissionToSubquery((Select) join.getRightItem());
+                }
+                if(join.getRightItem() instanceof Table){
+                    injectDataPermissionCondition(plainSelect, (Table) join.getRightItem(), where);
+                }
+            }
+        }
+    }
+
+    // 注入数据权限条件
+    private void injectDataPermissionCondition(PlainSelect plainSelect, Table table, Expression where) throws Exception {
+        String tableName = table.getName();
+        String aliaName = table.getAlias() != null ? table.getAlias().getName() : tableName;
+        tableAlias.put(aliaName, tableName);
+        Condition condition = rowHandler.handler(plainSelect.toString(), tableName, aliaName);
+        if (condition != null) {
+            // 添加自定义条件
+            Expression customExpression = CCJSqlParserUtil.parseCondExpression(condition.getCondition());
+            if (where != null) {
+                plainSelect.setWhere(new AndExpression(customExpression, where));
+            } else {
+                plainSelect.setWhere(customExpression);
+            }
+        }
+    }
+
+    // 处理子查询
+    private void applyDataPermissionToSubquery(Select subSelect) throws Exception {
+        PlainSelect selectBody = subSelect.getPlainSelect();
+        if (selectBody != null) {
+            // 获取 WHERE 子句
+            Expression where = selectBody.getWhere();
+            FromItem fromItem = selectBody.getFromItem();
+            if (fromItem instanceof Table) {
+                injectDataPermissionCondition(selectBody, (Table) fromItem, where);
+            }
+        }
+    }
+}
@@ -0,0 +1,19 @@
+package com.codingapi.springboot.authorization.interceptor;
+
+import lombok.Getter;
+
+import java.util.Map;
+
+@Getter
+public class DataPermissionSQL {
+
+    private final String sql;
+    private final String newSql;
+    private final Map<String,String> tableAlias;
+
+    public DataPermissionSQL(String sql, String newSql, Map<String, String> tableAlias) {
+        this.sql = sql;
+        this.newSql = newSql;
+        this.tableAlias = tableAlias;
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -27,23 +27,24 @@ public void addDataAuthorizationFilter(DataAuthorizationFilter filter) {`
`27`	`27`	`this.filters.add(filter);`
`28`	`28`	`}`
`29`	`29`
`30`		`- public void clearDataAuthorizationFilters(){`
	`30`	`+ public void clearDataAuthorizationFilters() {`
`31`	`31`	`this.filters.clear();`
`32`	`32`	`}`
`33`	`33`
`34`	`34`	`public <T> T columnAuthorization(SQLInterceptState interceptState, String tableName, String columnName, T value) {`
`35`		`- if (interceptState != null && interceptState.hasIntercept() && StringUtils.hasText(tableName)) {`
	`35`	`+ if (interceptState != null && interceptState.hasIntercept()) {`
	`36`	`+ String realTableName = interceptState.getTableName(tableName);`
`36`	`37`	`for (DataAuthorizationFilter filter : filters) {`
`37`		`- if (filter.supportColumnAuthorization(tableName, columnName, value)) {`
`38`		`- return filter.columnAuthorization(tableName, columnName, value);`
	`38`	`+ if (filter.supportColumnAuthorization(realTableName, columnName, value)) {`
	`39`	`+ return filter.columnAuthorization(realTableName, columnName, value);`
`39`	`40`	`}`
`40`	`41`	`}`
`41`	`42`	`}`
`42`	`43`	`return value;`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`public Condition rowAuthorization(String tableName, String tableAlias) {`
`46`		`- if(StringUtils.hasText(tableName) && StringUtils.hasText(tableAlias)) {`
	`47`	`+ if (StringUtils.hasText(tableName) && StringUtils.hasText(tableAlias)) {`
`47`	`48`	`for (DataAuthorizationFilter filter : filters) {`
`48`	`49`	`if (filter.supportRowAuthorization(tableName, tableAlias)) {`
`49`	`50`	`return filter.rowAuthorization(tableName, tableAlias);`