2022-9-9 14:23:00 分析系统调整

PAS/src/main/java/cn/cslg/pas/common/config/InnerInterceptor/LizzMybatisIntercepts.java

@@ -1,12 +1,11 @@
 package cn.cslg.pas.common.config.InnerInterceptor;
 
+import cn.cslg.pas.common.model.DataSource;
 import cn.cslg.pas.common.model.PersonnelVO;
 import cn.cslg.pas.common.utils.CacheUtils;
-import cn.cslg.pas.common.utils.RedisUtil;
 import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
 import cn.cslg.pas.common.utils.SecurityUtils.SecurityUtils;
 import cn.cslg.pas.common.utils.auth.TreeUtils;
-import cn.cslg.pas.common.model.DataSource;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
@@ -30,99 +29,99 @@ import org.springframework.context.annotation.Lazy;
 import java.lang.reflect.Field;
 import java.sql.Connection;
 import java.sql.SQLException;
-import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Properties;
 
 @Slf4j
 public class LizzMybatisIntercepts implements InnerInterceptor {
     @Lazy//懒加载，当调用时注入
     @Autowired
-    private  CacheUtils cacheUtils ;
+    private CacheUtils cacheUtils;
     @Lazy//懒加载，当调用时注入
     @Autowired
-    private LoginUtils loginUtils ;
+    private LoginUtils loginUtils;
 
     @Value("${authorUrl}")
     private String url;
+
     @SneakyThrows
     @Override
     public boolean willDoQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException {
-
-        try{
-          //获得原始sql
-        String Localsql = boundSql.getSql();
-        Map<String,Object> maps= SecurityUtils.getDataScope(); //获得线程里保存的functionId
-        if (maps != null) {
-            SecurityUtils.cleanDataScope(); //当第一次进来后删除线程保存的functionId,避免后续使用的查询sql进来
-            String token = maps.get("token").toString();
-            //查询数据规则
-            //设定formdata类型参数
-            RequestBody requestBody = new FormBody.Builder()
-                    .add("loginId", maps.get("loginId").toString())
-                    .add("functionId", maps.get("functionId").toString())
-                    .build();
-            //建立连接
-            OkHttpClient okHttpClient = new OkHttpClient();
-            Request request = new Request.Builder()
-                    .url(url + "/permission/api/data/queryDataRule")
-                    .post(requestBody)
-                    .addHeader("Cookie", token)
-                    .build();
-            //获得请求返回
-            String resBody = okHttpClient.newCall(request).execute().body().string();
-            //处理请求返回
-            JSONArray jsonArray = JSONArray.parseArray(resBody);
-            if (!(jsonArray.get(0).equals("0") || jsonArray.get(0).equals("-1"))) {
-                String sqls = "";
-                // 查询字典数据
+        try {
+            //获得原始sql
+            String Localsql = boundSql.getSql();
+            Map<String, Object> maps = SecurityUtils.getDataScope(); //获得线程里保存的functionId
+            if (maps != null) {
+                SecurityUtils.cleanDataScope(); //当第一次进来后删除线程保存的functionId,避免后续使用的查询sql进来
+                String token = maps.get("token").toString();
+                //查询数据规则
                 //设定formdata类型参数
-                RequestBody reBodySource = new FormBody.Builder()
-                        .add("tableName", "local")
+                RequestBody requestBody = new FormBody.Builder()
+                        .add("loginId", maps.get("loginId").toString())
+                        .add("functionId", maps.get("functionId").toString())
                         .build();
                 //建立连接
-                OkHttpClient okHttpClientSou = new OkHttpClient();
-                Request requestSou = new Request.Builder()
-                        .url(url + "/permission/api/data/getDataSource")
-                        .post(reBodySource)
+                OkHttpClient okHttpClient = new OkHttpClient();
+                Request request = new Request.Builder()
+                        .url(url + "/permission/api/data/queryDataRule")
+                        .post(requestBody)
                         .addHeader("Cookie", token)
                         .build();
                 //获得请求返回
-                String resSource = okHttpClientSou.newCall(requestSou).execute().body().string();
-
-                JSONArray jsonArray1 = JSON.parseArray(resSource);
-                // 获得字典
-                List<DataSource> dataSources = jsonArray1.toJavaList(DataSource.class);
-                //拼接所有角色的限制条件
-                if (jsonArray.size() > 0) {
-                    PersonnelVO personnelVO = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
-                    for (int i = 0; i < jsonArray.size(); i++) {
-                        String sql1 = TreeUtils.reSql(JSONObject.parseObject(jsonArray.get(i).toString()), dataSources, personnelVO);
-                        if (!sql1.equals("")) {
-                            sqls += jsonArray.size() != i + 1 ? sql1 + " OR " : sql1;
+                String resBody = Objects.requireNonNull(okHttpClient.newCall(request).execute().body()).string();
+                //处理请求返回
+                JSONArray jsonArray = JSONArray.parseArray(resBody);
+                if (!(jsonArray.get(0).equals("0") || jsonArray.get(0).equals("-1"))) {
+                    StringBuilder sqls = new StringBuilder();
+                    // 查询字典数据
+                    //设定formdata类型参数
+                    RequestBody reBodySource = new FormBody.Builder()
+                            .add("tableName", "local")
+                            .build();
+                    //建立连接
+                    OkHttpClient okHttpClientSou = new OkHttpClient();
+                    Request requestSou = new Request.Builder()
+                            .url(url + "/permission/api/data/getDataSource")
+                            .post(reBodySource)
+                            .addHeader("Cookie", token)
+                            .build();
+                    //获得请求返回
+                    String resSource = Objects.requireNonNull(okHttpClientSou.newCall(requestSou).execute().body()).string();
+
+                    JSONArray jsonArray1 = JSON.parseArray(resSource);
+                    // 获得字典
+                    List<DataSource> dataSources = jsonArray1.toJavaList(DataSource.class);
+                    //拼接所有角色的限制条件
+                    if (jsonArray.size() > 0) {
+                        PersonnelVO personnelVO = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
+                        for (int i = 0; i < jsonArray.size(); i++) {
+                            String sql1 = TreeUtils.reSql(JSONObject.parseObject(jsonArray.get(i).toString()), dataSources, personnelVO);
+                            if (!sql1.equals("")) {
+                                sqls.append(jsonArray.size() != i + 1 ? sql1 + " OR " : sql1);
+                            }
                         }
-                    }
-                    // 根据sql语句结构，将拼接sql放入合适的位置
-                    if (Localsql.contains("order by")) {
-                        Localsql = Localsql.replace("order by", "And (" + sqls + ") order by");
-                    } else {
-                        Localsql += " And (" + sqls + ")";
-                    }
-                    //将限制条件拼接到sql语句
+                        // 根据sql语句结构，将拼接sql放入合适的位置
+                        if (Localsql.contains("order by")) {
+                            Localsql = Localsql.replace("order by", "And (" + sqls + ") order by");
+                        } else {
+                            Localsql += " And (" + sqls + ")";
+                        }
+                        //将限制条件拼接到sql语句
 
-                    Field field = boundSql.getClass().getDeclaredField("sql");//反射获得boundsql的sql属性并改变sql参数
-                    field.setAccessible(true); //属性设为可见（反射不安全的原因）
-                    field.set(boundSql, Localsql);
+                        Field field = boundSql.getClass().getDeclaredField("sql");//反射获得boundsql的sql属性并改变sql参数
+                        field.setAccessible(true); //属性设为可见（反射不安全的原因）
+                        field.set(boundSql, Localsql);
+                    }
                 }
             }
-        }
-        return true;
-        }
-     finally {
-         SecurityUtils.cleanDataScope();//无论是否进行成功最后都要删除线程里的保存的参数
 
-     }
+            return true;
+        } finally {
+            SecurityUtils.cleanDataScope();//无论是否进行成功最后都要删除线程里的保存的参数
+
+        }
     }
 
     @Override

PAS/src/main/java/cn/cslg/pas/common/core/annotation/Permission.java

@@ -4,7 +4,6 @@ import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
-import java.util.List;
 
 @Target({ElementType.METHOD})
 @Retention(RetentionPolicy.RUNTIME)

PAS/src/main/java/cn/cslg/pas/common/utils/SecurityUtils/LoginUtils.java

@@ -1,6 +1,7 @@
 package cn.cslg.pas.common.utils.SecurityUtils;
 
 import cn.cslg.pas.common.utils.RedisUtil;
+import cn.cslg.pas.common.utils.StringUtils;
 import cn.hutool.core.io.FileUtil;
 import io.swagger.v3.oas.models.security.SecurityScheme;
 import lombok.extern.slf4j.Slf4j;
@@ -15,22 +16,32 @@ import org.thymeleaf.expression.Ids;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.io.File;
+import java.util.List;
+
 @Component
 public class LoginUtils {
     @Resource
-     private RedisUtil redisUtil;
+    private RedisUtil redisUtil;
+
     public static String getToken() {
         RequestAttributes ra = RequestContextHolder.getRequestAttributes();
         ServletRequestAttributes sra = (ServletRequestAttributes) ra;
         HttpServletRequest httpRequest = sra.getRequest();
-        String tem =httpRequest.getHeader("Cookie");
-        return tem;
+        String tem = httpRequest.getHeader("Cookie");
+        List<String> lst = StringUtils.changeStringToString(tem, ";");
+        final String[] token = {null};
+        lst.forEach(item -> {
+            if (item.contains("token")) {
+                token[0] = item;
+            }
+        });
+        return token[0].replaceAll(" ", "");
     }
-    public  Integer getId() {
-    String oriToken=LoginUtils.getToken();
-        String q= "token:login:"+oriToken.replace("=",":");
-        String IdS= redisUtil.get(q);
-        Integer id =Integer.parseInt(IdS);
-           return id;
+
+    public Integer getId() {
+        String oriToken = LoginUtils.getToken();
+        String q = "token:login:" + oriToken.replace("=", ":");
+        String IdS = redisUtil.get(q);
+        return Integer.parseInt(IdS);
     }
 }

PAS/src/main/java/cn/cslg/pas/common/utils/SecurityUtils/SecurityUtils.java

@@ -4,27 +4,29 @@ import org.springframework.stereotype.Component;
 
 import java.util.Map;
 
-    @Component
+@Component
 public class SecurityUtils {
 
-    protected static final ThreadLocal<Map<String,Object>> threadLocal = new ThreadLocal();
+    protected static final ThreadLocal<Map<String, Object>> threadLocal = new ThreadLocal<>();
+
     /**
      * 设置权限标识
-     * @param params
      */
-    public static void startDataScope(Map<String,Object> params){
+    public static void startDataScope(Map<String, Object> params) {
         threadLocal.set(params);
     }
+
     /**
      * 获取权限标识
      */
-    public static Map<String, Object> getDataScope(){
+    public static Map<String, Object> getDataScope() {
         return threadLocal.get();
     }
+
     /**
      * 清除权限标识
      */
-    public static void cleanDataScope(){
+    public static void cleanDataScope() {
         threadLocal.remove();
     }
 

PAS/src/main/java/cn/cslg/pas/common/utils/auth/AuthAop.java

@@ -8,7 +8,10 @@ import cn.cslg.pas.common.utils.SecurityUtils.LoginUtils;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
-import okhttp3.*;
+import okhttp3.FormBody;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.*;
@@ -16,15 +19,12 @@ import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.script.ScriptEngine;
 import javax.script.ScriptEngineManager;
-import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.List;
+import java.util.Objects;
 
 
 @Aspect
@@ -47,7 +47,7 @@ public class AuthAop {
 
     @Before("annotationPointcut()")
     public void beforePointcut(JoinPoint joinPoint) {
-        // 此处进入到方法前  可以实现一些业务逻辑
+        //此处进入到方法前  可以实现一些业务逻辑
         //获取目标对象方法参数
 
     }
@@ -60,11 +60,6 @@ public class AuthAop {
         Method method = ms.getMethod();
         checkAuth myAnnotation = method.getAnnotation(checkAuth.class);
         String functionId = myAnnotation.FunId();
-        //RequestContextHolder：持有上下文的Request容器,获取到当前请求的request
-        RequestAttributes ra = RequestContextHolder.getRequestAttributes();
-        ServletRequestAttributes sra = (ServletRequestAttributes) ra;
-        HttpServletRequest httpRequest = sra.getRequest();
-        String tem = httpRequest.getHeader("Cookie");//获得请求里的token
         Object[] args = joinPoint.getArgs();
         //根据登录人的id以及功能id获得计算逻辑
         RequestBody requestBody = new FormBody.Builder()
@@ -75,10 +70,10 @@ public class AuthAop {
 
         Request request = new Request.Builder()
                 .url(url + "/permission/api/data/queryDataRule")
-                .addHeader("Cookie", tem)
+                .addHeader("Cookie", LoginUtils.getToken())
                 .post(requestBody)
                 .build();
-        String resBody = okHttpClient.newCall(request).execute().body().string();
+        String resBody = Objects.requireNonNull(okHttpClient.newCall(request).execute().body()).string();
         JSONArray jsonArray = JSONArray.parseArray(resBody);
         if (jsonArray.get(0).toString().equals("-1")) {
             return Response.error("没有该功能");
@@ -100,21 +95,21 @@ public class AuthAop {
                     .addHeader("Cookie", LoginUtils.getToken())
                     .build();
             //获得请求返回
-            String resSource = okHttpClientSou.newCall(requestSou).execute().body().string();
+            String resSource = Objects.requireNonNull(okHttpClientSou.newCall(requestSou).execute().body()).string();
 
             JSONArray jsonArray1 = JSON.parseArray(resSource);
             // 获得字典
             List<DataSource> dataSources = jsonArray1.toJavaList(DataSource.class);
             PersonnelVO personnelVO = cacheUtils.getLoginUserPersonnel(loginUtils.getId());
-            String sqls = "";
+            StringBuilder sqlStr = new StringBuilder();
             for (int i = 0; i < jsonArray.size(); i++) {
                 String sql = TreeUtils.reCompute(JSONObject.parseObject(jsonArray.get(i).toString()), args, dataSources, personnelVO);
-                sqls += jsonArray.size() != i + 1 ? sql + " || " : sql;
+                sqlStr.append(jsonArray.size() != i + 1 ? sql + " || " : sql);
             }
             //js引擎进行判断
             ScriptEngineManager manager = new ScriptEngineManager();
             ScriptEngine engine = manager.getEngineByName("javascript");//根据名字获得引擎
-            Object result = engine.eval(sqls);//进行判断
+            Object result = engine.eval(sqlStr.toString());//进行判断
             isPass = (Boolean) result;
         }
 
@@ -129,15 +124,13 @@ public class AuthAop {
 
     /**
      * 在切入点return内容之后切入内容（可以用来对处理返回值做一些加工处理）
-     *
-     * @param joinPoint
+     * @param joinPoint 切点
      */
     @AfterReturning("annotationPointcut()")
     public void doAfterReturning(JoinPoint joinPoint) {
     }
 
     private void checkToken(String token) {
-
     }
 }
 

PAS/src/main/java/cn/cslg/pas/common/utils/auth/TreeUtils.java

@@ -2,14 +2,9 @@ package cn.cslg.pas.common.utils.auth;
 
 import cn.cslg.pas.common.model.DataSource;
 import cn.cslg.pas.common.model.PersonnelVO;
-import cn.cslg.pas.common.utils.CacheUtils;
-import cn.cslg.pas.common.utils.RedisUtil;
 import com.alibaba.fastjson.JSONObject;
-import org.apache.poi.ss.formula.functions.T;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import javax.annotation.Resource;
 import java.lang.reflect.Field;
 import java.util.List;
 
@@ -17,309 +12,291 @@ import java.util.List;
 public class TreeUtils {
     /**
      * 将二叉树json对象转为sql where后的条件语句
-     *liRJ
-     * @param jsonObject 要处理的jsonObject对象
+     * liRJ
+     *
+     * @param jsonObject  要处理的jsonObject对象
      * @param dataSource  要使用的数据字典
      * @param personnelVO 登录人的信息
      * @return 拼接的sql
      */
     // 处理sql语句，返回拼接sql
-    public static   String reSql(JSONObject jsonObject,List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
-        String sql ="";
+    public static String reSql(JSONObject jsonObject, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        String sql;
         //判断是否为逻辑
-        if (jsonObject.get("nodeType").equals("logic")){
-            sql ="";
+        if (jsonObject.get("nodeType").equals("logic")) {
+            sql = "";
         }
         //符合二叉树形式
-       else if (jsonObject.containsKey("left")&&jsonObject.containsKey("right")){
-      sql=  recursionTree(jsonObject,dataSource,personnelVO);}
-       // 不符合二叉树形式（单条数据）
-       else{
-           String field =jsonObject.get("field").toString();
-           String value=distinguishFields(jsonObject.get("value").toString(),dataSource,personnelVO);
-           if(jsonObject.get("opr").toString().equals("FIND_IN_SET")){
-               sql ="FIND_IN_SET("+value+","+field+")";
-           }
-           else{
-               sql = field+" "+jsonObject.get("opr").toString()+" "+value;}
-       }
+        else if (jsonObject.containsKey("left") && jsonObject.containsKey("right")) {
+            sql = recursionTree(jsonObject, dataSource, personnelVO);
+        }
+        // 不符合二叉树形式（单条数据）
+        else {
+            String field = jsonObject.get("field").toString();
+            String value = distinguishFields(jsonObject.get("value").toString(), dataSource, personnelVO);
+            if (jsonObject.get("opr").toString().equals("FIND_IN_SET")) {
+                sql = "FIND_IN_SET(" + value + "," + field + ")";
+            } else {
+                sql = field + " " + jsonObject.get("opr").toString() + " " + value;
+            }
+        }
 
         return sql;
     }
 
     /**
      * 将二叉树json对象转为sql where后的条件语句
-     *liRJ
-     * @param jsonObject 要处理的jsonObject对象
+     * liRJ
+     *
+     * @param jsonObject  要处理的jsonObject对象
      * @param dataSource  要使用的数据字典
      * @param personnelVO 登录人的信息
      * @return 拼接的sql
      */
-    public static   String reCompute(JSONObject jsonObject,Object[] object,List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
-        String sql="";
-         //判断是否为sql类型规则
-           if (jsonObject.get("nodeType").equals("sql")){
-               sql ="1==1";
-           }
-
-         //判断是否为单条数据
-      else if (jsonObject.containsKey("left")&&jsonObject.containsKey("right")){
-            sql=  cRecursionTree(jsonObject,object,dataSource,personnelVO);}
+    public static String reCompute(JSONObject jsonObject, Object[] object, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        String sql;
+        //判断是否为sql类型规则
+        if (jsonObject.get("nodeType").equals("sql")) {
+            sql = "1==1";
+        }
+        //判断是否为单条数据
+        else if (jsonObject.containsKey("left") && jsonObject.containsKey("right")) {
+            sql = cRecursionTree(jsonObject, object, dataSource, personnelVO);
+        }
         // 不为sql类型的二叉树形式
-        else{
-            String field = distinguishFields(jsonObject.get("field").toString(),object,dataSource,personnelVO);
-            String value= distinguishValues(jsonObject.get("value").toString(),object);
-            String opr = distinguishLogic(jsonObject.getString("nodeType"),jsonObject.getString("opr"));
-            sql = ArryEqlToString(field,value,opr);
+        else {
+            String field = distinguishFields(jsonObject.get("field").toString(), object, dataSource, personnelVO);
+            String value = distinguishValues(jsonObject.get("value").toString(), object);
+            String opr = distinguishLogic(jsonObject.getString("nodeType"), jsonObject.getString("opr"));
+            sql = arrayEqlToString(field, value, opr);
         }
-        return sql;
 
+        return sql;
     }
 
     /**
      * 递归将二叉树转换为字符串
-     *liRJ
-     * @param jsonObject jsaonObject
-     * @return
+     * liRJ
+     *
+     * @param jsonObject jsonObject
      */
-    public static  String recursionTree(JSONObject jsonObject, List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
-        String str1 = "";
-        String str2 = "";
-        JSONObject jsonLeft =jsonObject.getJSONObject("left");
-        JSONObject jsonRight =jsonObject.getJSONObject("right");
+    public static String recursionTree(JSONObject jsonObject, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        String str1;
+        String str2;
+        JSONObject jsonLeft = jsonObject.getJSONObject("left");
+        JSONObject jsonRight = jsonObject.getJSONObject("right");
         //判断是否含有left分支
-        if(jsonLeft.containsKey("left")){
-            str1 = recursionTree(jsonLeft,dataSource,personnelVO);//递归
-        }
-        else{
-            String field =jsonLeft.get("field").toString();
-            String value=distinguishFields(jsonLeft.get("value").toString(),dataSource,personnelVO); //没有的话解析字符串拼接成子sql
-            if(jsonLeft.get("opr").toString().equals("FIND_IN_SET")){
-                str1 ="FIND_IN_SET("+value+","+field+")";
+        if (jsonLeft.containsKey("left")) {
+            str1 = recursionTree(jsonLeft, dataSource, personnelVO);//递归
+        } else {
+            String field = jsonLeft.get("field").toString();
+            String value = distinguishFields(jsonLeft.get("value").toString(), dataSource, personnelVO); //没有的话解析字符串拼接成子sql
+            if (jsonLeft.get("opr").toString().equals("FIND_IN_SET")) {
+                str1 = "FIND_IN_SET(" + value + "," + field + ")";
+            } else {
+                str1 = field + " " + jsonLeft.get("opr").toString() + " " + value;
             }
-            else{
-            str1 = field+" "+jsonLeft.get("opr").toString()+" "+value;}
         }
-
         //同上部分处理left分支
-        if(jsonRight.containsKey("right")){
-            str2= recursionTree( jsonRight,dataSource,personnelVO);
-        }
-        else{
-            String field =jsonRight.get("field").toString();
-            String value=distinguishFields(jsonRight.get("value").toString(),dataSource,personnelVO);
-            if(jsonRight.get("opr").toString().equals("FIND_IN_SET")){
-                str2 ="FIND_IN_SET("+value+","+field+")";
+        if (jsonRight.containsKey("right")) {
+            str2 = recursionTree(jsonRight, dataSource, personnelVO);
+        } else {
+            String field = jsonRight.get("field").toString();
+            String value = distinguishFields(jsonRight.get("value").toString(), dataSource, personnelVO);
+            if (jsonRight.get("opr").toString().equals("FIND_IN_SET")) {
+                str2 = "FIND_IN_SET(" + value + "," + field + ")";
+            } else {
+                str2 = field + " " + jsonRight.get("opr").toString() + " " + value;
             }
-            else{
-                str2 = field+" "+jsonRight.get("opr").toString()+" "+value;}
-
-        }
-        String sql ="("+ str1+") "+ jsonObject.get("logicOpr")+" ("+str2+")";
-        return sql;
-    };
-
-     //json规则判断
-    public static  String cRecursionTree(JSONObject jsonObject, Object[] object, List<DataSource> dataSource,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
-        String str1 = "";
-        String str2 = "";
-        JSONObject jsonLeft =jsonObject.getJSONObject("left");
-        JSONObject jsonRight =jsonObject.getJSONObject("right");
-        if(jsonLeft.containsKey("left")){
-            str1 = cRecursionTree(jsonLeft,object,dataSource,personnelVO);
-        }
-        else{
-            String field = distinguishFields(jsonLeft.get("field").toString(),object,dataSource,personnelVO);
-            String value= distinguishValues(jsonLeft.get("value").toString(),object);
-            String opr = distinguishLogic(jsonLeft.getString("nodeType"),jsonLeft.getString("opr"));
-            str1 = ArryEqlToString(field,value,opr);
         }
-        if(jsonRight.containsKey("right")){
-            str2= cRecursionTree( jsonRight,object,dataSource,personnelVO);
-        }
-        else{
-            String field =distinguishFields(jsonRight.get("field").toString(),object,dataSource,personnelVO);
-            String value=distinguishValues(jsonRight.get("value").toString(),object);
-            String opr = distinguishLogic(jsonRight.getString("nodeType"),jsonRight.getString("opr"));
-            str2 = ArryEqlToString(field,value,opr);
-        }
-        String sql ="("+ str1+") "+distinguishLogic(jsonObject.getString("nodeType"),jsonObject.getString("logicOpr"))+" ("+str2+")";
-
-        return sql;
-    };
 
-    //对field和value部分进行计算 sql查询
-    public static String distinguishFields(String field, List<DataSource> dataSources,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
-     //获得登录用户部门列表信息
-     List<PersonnelVO.DP> dps =personnelVO.getDpList();
-     //获得登录用户角色列表信息
-     List<PersonnelVO.PerRole> perRoles =personnelVO.getRList();
-        String tem ="";
-        String reField =field;
-        //如果参数是sql语句
-        if(field.contains("select")){
-            for(DataSource dataSource :dataSources) {
-                String sourceField=dataSource.getDataSourceField();
-if(field.contains("local."+sourceField)){
-    // 判断是否是部门信息
-    if(sourceField.contains("DP.")){
-        // 分割字符串获得部门字段
-        String Fields= sourceField.split("\\.")[1];
-        // 遍历部门信息，用反射将对应字段转换成（*,*,...)格式
-        for(PersonnelVO.DP dp : dps){
-            Class DPClass =dp.getClass();
-            Field dataField = DPClass.getDeclaredField(Fields);
-            dataField.setAccessible(true);
-            tem =dataField.get(dp).toString()+"," ;
+        return "(" + str1 + ") " + jsonObject.get("logicOpr") + " (" + str2 + ")";
+    }
 
+    //json规则判断
+    public static String cRecursionTree(JSONObject jsonObject, Object[] object, List<DataSource> dataSource, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        String str1;
+        String str2;
+        JSONObject jsonLeft = jsonObject.getJSONObject("left");
+        JSONObject jsonRight = jsonObject.getJSONObject("right");
+        if (jsonLeft.containsKey("left")) {
+            str1 = cRecursionTree(jsonLeft, object, dataSource, personnelVO);
+        } else {
+            String field = distinguishFields(jsonLeft.get("field").toString(), object, dataSource, personnelVO);
+            String value = distinguishValues(jsonLeft.get("value").toString(), object);
+            String opr = distinguishLogic(jsonLeft.getString("nodeType"), jsonLeft.getString("opr"));
+            str1 = arrayEqlToString(field, value, opr);
         }
-    reField = sourceField.replace("local."+sourceField,"("+tem.substring(0,tem.length() - 1)+")") ;
-    }
-    //判断是否是角色信息(处理过程同部门信息处理过程)
-    else if(sourceField.contains("PerRole.")){
-        String Fields= sourceField.split("\\.")[1];
-        for(PersonnelVO.PerRole perRole : perRoles){
-            Class DPClass =perRole.getClass();
-            Field dataField = DPClass.getDeclaredField(Fields);
-            dataField.setAccessible(true);
-            tem =dataField.get(perRole).toString()+"," ;
+        if (jsonRight.containsKey("right")) {
+            str2 = cRecursionTree(jsonRight, object, dataSource, personnelVO);
+        } else {
+            String field = distinguishFields(jsonRight.get("field").toString(), object, dataSource, personnelVO);
+            String value = distinguishValues(jsonRight.get("value").toString(), object);
+            String opr = distinguishLogic(jsonRight.getString("nodeType"), jsonRight.getString("opr"));
+            str2 = arrayEqlToString(field, value, opr);
         }
-        reField = sourceField.replace("local."+sourceField,"("+tem.substring(0,tem.length() - 1)+")") ;
 
-
-    }
-    else{
-        Class personClass =personnelVO.getClass();
-        Field dataField = personClass.getDeclaredField(sourceField);
-        dataField.setAccessible(true);
-        reField = field.replace("local."+sourceField,dataField.get(personnelVO).toString());
+        return "(" + str1 + ") " + distinguishLogic(jsonObject.getString("nodeType"), jsonObject.getString("logicOpr")) + " (" + str2 + ")";
     }
 
-
-
-} }
-
+    //对field和value部分进行计算 sql查询
+    public static String distinguishFields(String field, List<DataSource> dataSources, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        //获得登录用户部门列表信息
+        List<PersonnelVO.DP> dps = personnelVO.getDpList();
+        //获得登录用户角色列表信息
+        List<PersonnelVO.PerRole> perRoles = personnelVO.getRList();
+        String tem = "";
+        String reField = field;
+        //如果参数是sql语句
+        if (field.contains("select")) {
+            for (DataSource dataSource : dataSources) {
+                String sourceField = dataSource.getDataSourceField();
+                if (field.contains("local." + sourceField)) {
+                    // 判断是否是部门信息
+                    if (sourceField.contains("DP.")) {
+                        // 分割字符串获得部门字段
+                        String Fields = sourceField.split("\\.")[1];
+                        // 遍历部门信息，用反射将对应字段转换成（*,*,...)格式
+                        for (PersonnelVO.DP dp : dps) {
+                            Class<?> DPClass = dp.getClass();
+                            Field dataField = DPClass.getDeclaredField(Fields);
+                            dataField.setAccessible(true);
+                            tem = dataField.get(dp).toString() + ",";
+
+                        }
+                        reField = sourceField.replace("local." + sourceField, "(" + tem.substring(0, tem.length() - 1) + ")");
+                    }
+                    //判断是否是角色信息(处理过程同部门信息处理过程)
+                    else if (sourceField.contains("PerRole.")) {
+                        String Fields = sourceField.split("\\.")[1];
+                        for (PersonnelVO.PerRole perRole : perRoles) {
+                            Class<?> DPClass = perRole.getClass();
+                            Field dataField = DPClass.getDeclaredField(Fields);
+                            dataField.setAccessible(true);
+                            tem = dataField.get(perRole).toString() + ",";
+                        }
+                        reField = sourceField.replace("local." + sourceField, "(" + tem.substring(0, tem.length() - 1) + ")");
+                    } else {
+                        Class<?> personClass = personnelVO.getClass();
+                        Field dataField = personClass.getDeclaredField(sourceField);
+                        dataField.setAccessible(true);
+                        reField = field.replace("local." + sourceField, dataField.get(personnelVO).toString());
+                    }
+                }
+            }
         }
         //遍历字典数据
-        for(DataSource dataSource :dataSources){
+        for (DataSource dataSource : dataSources) {
             // 如果匹配上字典字段则进行处理
-            if(field.equals(dataSource.getDataSourceField())){
+            if (field.equals(dataSource.getDataSourceField())) {
                 // 判断是否是部门信息
-                if(field.contains("DP.")){
+                if (field.contains("DP.")) {
                     // 分割字符串获得部门字段
-          String Fields= field.split("\\.")[1];
-          // 遍历部门信息，用反射将对应字段转换成（*,*,...)格式
-          for(PersonnelVO.DP dp : dps){
-              Class DPClass =dp.getClass();
-              Field dataField = DPClass.getDeclaredField(Fields);
-              dataField.setAccessible(true);
-              tem =dataField.get(dp).toString()+"," ;
+                    String Fields = field.split("\\.")[1];
+                    // 遍历部门信息，用反射将对应字段转换成（*,*,...)格式
+                    for (PersonnelVO.DP dp : dps) {
+                        Class<?> DPClass = dp.getClass();
+                        Field dataField = DPClass.getDeclaredField(Fields);
+                        dataField.setAccessible(true);
+                        tem = dataField.get(dp).toString() + ",";
 
-          }
-reField = "("+tem.substring(0,tem.length() - 1)+")";
+                    }
+                    reField = "(" + tem.substring(0, tem.length() - 1) + ")";
                 }
                 //判断是否是角色信息(处理过程同部门信息处理过程)
-                else if(field.contains("PerRole.")){
-                    String Fields= field.split("\\.")[1];
-                    for(PersonnelVO.PerRole perRole : perRoles){
-                        Class DPClass =perRole.getClass();
+                else if (field.contains("PerRole.")) {
+                    String Fields = field.split("\\.")[1];
+                    for (PersonnelVO.PerRole perRole : perRoles) {
+                        Class<?> DPClass = perRole.getClass();
                         Field dataField = DPClass.getDeclaredField(Fields);
                         dataField.setAccessible(true);
-                        tem =dataField.get(perRole).toString()+"," ;
+                        tem = dataField.get(perRole).toString() + ",";
                     }
-                    reField = "("+tem.substring(0,tem.length() - 1)+")";
-
-
-                }
-                else{
-                Class personClass =personnelVO.getClass();
-                Field dataField = personClass.getDeclaredField(field);
-                dataField.setAccessible(true);
-                reField =dataField.get(personnelVO).toString();
+                    reField = "(" + tem.substring(0, tem.length() - 1) + ")";
+                } else {
+                    Class<?> personClass = personnelVO.getClass();
+                    Field dataField = personClass.getDeclaredField(field);
+                    dataField.setAccessible(true);
+                    reField = dataField.get(personnelVO).toString();
                     break;
                 }
-
-
-            }}
+            }
+        }
 
         return reField;
     }
 
     //对field部分进行计算
-    public static String distinguishFields(String field, Object[] object,List<DataSource> dataSources,PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
-        String reField ="'"+field+"'";
+    public static String distinguishFields(String field, Object[] object, List<DataSource> dataSources, PersonnelVO personnelVO) throws NoSuchFieldException, IllegalAccessException {
+        String reField = "'" + field + "'";
         //反射获方法的参数值
-        Class jsonClass = object[0].getClass();
-        for(Field field1: jsonClass.getDeclaredFields()){
-           if(field1.getName().equals(field)){     //判断field的值是否和参数名一样，一样的话变为参数值
-               Field dataField = jsonClass.getDeclaredField(field);
-               dataField.setAccessible(true);//设置data属性为可访问的
-               String  fie=dataField.get(object[0]).toString();
-               reField ="'"+fie+"'";
-               break;
-           }
+        Class<?> jsonClass = object[0].getClass();
+        for (Field field1 : jsonClass.getDeclaredFields()) {
+            if (field1.getName().equals(field)) {     //判断field的值是否和参数名一样，一样的话变为参数值
+                Field dataField = jsonClass.getDeclaredField(field);
+                dataField.setAccessible(true);//设置data属性为可访问的
+                String fie = dataField.get(object[0]).toString();
+                reField = "'" + fie + "'";
+                break;
+            }
         }
         //获得登录用户部门列表信息
-        List<PersonnelVO.DP> dps =personnelVO.getDpList();
+        List<PersonnelVO.DP> dps = personnelVO.getDpList();
         //获得登录用户角色列表信息
-        List<PersonnelVO.PerRole> perRoles =personnelVO.getRList();
-        String tem ="";
+        List<PersonnelVO.PerRole> perRoles = personnelVO.getRList();
+        String tem = "";
         //遍历字典数据
-        for(DataSource dataSource :dataSources){
+        for (DataSource dataSource : dataSources) {
             // 如果匹配上字典字段则进行处理
-            if(field.equals(dataSource.getDataSourceField())){
+            if (field.equals(dataSource.getDataSourceField())) {
                 // 判断是否是部门信息
-                if(field.contains("DP.")){
+                if (field.contains("DP.")) {
                     // 分割字符串获得部门字段
-                    String Fields= field.split("\\.")[1];
+                    String Fields = field.split("\\.")[1];
                     // 遍历部门信息，用反射将对应字段转换成（*,*,...)格式
-                    for(PersonnelVO.DP dp : dps){
-                        Class DPClass =dp.getClass();
+                    for (PersonnelVO.DP dp : dps) {
+                        Class<?> DPClass = dp.getClass();
                         Field dataField = DPClass.getDeclaredField(Fields);
                         dataField.setAccessible(true);
-                        tem =dataField.get(dp).toString()+"," ;
+                        tem = dataField.get(dp).toString() + ",";
 
                     }
-                    reField = tem.substring(0,tem.length() - 1);
+                    reField = tem.substring(0, tem.length() - 1);
                 }
                 //判断是否是角色信息(处理过程同部门信息处理过程)
-                else if(field.contains("PerRole.")){
-                    String Fields= field.split("\\.")[1];
-                    for(PersonnelVO.PerRole perRole : perRoles){
-                        Class DPClass =perRole.getClass();
+                else if (field.contains("PerRole.")) {
+                    String Fields = field.split("\\.")[1];
+                    for (PersonnelVO.PerRole perRole : perRoles) {
+                        Class<?> DPClass = perRole.getClass();
                         Field dataField = DPClass.getDeclaredField(Fields);
                         dataField.setAccessible(true);
-                        tem =dataField.get(perRole).toString()+"," ;
+                        tem = dataField.get(perRole).toString() + ",";
                     }
-                    reField = tem.substring(0,tem.length() - 1);
-
-
-                }
-                else{
-                    Class personClass =personnelVO.getClass();
+                    reField = tem.substring(0, tem.length() - 1);
+                } else {
+                    Class<?> personClass = personnelVO.getClass();
                     Field dataField = personClass.getDeclaredField(field);
                     dataField.setAccessible(true);
-                    reField ="'"+dataField.get(personnelVO).toString()+"'";
+                    reField = "'" + dataField.get(personnelVO).toString() + "'";
                     break;
                 }
-
-
-            }}
+            }
+        }
 
         return reField;
     }
 
     //对value部分进行计算
     public static String distinguishValues(String value, Object[] object) throws NoSuchFieldException, IllegalAccessException {
-        String reValue =""+value+"";
+        String reValue = "" + value + "";
         //反射获得参数值
-        Class jsonClass = object[0].getClass();
-        for(Field field1: jsonClass.getDeclaredFields()){
-            if(field1.getName().equals(value)){     //判断value的值是否和参数名一样，一样的话变为参数值
+        Class<?> jsonClass = object[0].getClass();
+        for (Field field1 : jsonClass.getDeclaredFields()) {
+            if (field1.getName().equals(value)) {     //判断value的值是否和参数名一样，一样的话变为参数值
                 Field dataField = jsonClass.getDeclaredField(value);
                 dataField.setAccessible(true);//设置data属性为可访问的
-                String  fie=dataField.get(object[0]).toString();
-                reValue ="'"+fie+"'";
+                String fie = dataField.get(object[0]).toString();
+                reValue = "'" + fie + "'";
                 break;
             }
         }
@@ -328,9 +305,9 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
     }
 
     //对应改变运算逻辑
-    public static  String distinguishLogic(String nodeType ,String opr) {
-        if(nodeType .equals("logic")){
-            switch (opr){
+    public static String distinguishLogic(String nodeType, String opr) {
+        if (nodeType.equals("logic")) {
+            switch (opr) {
                 case "=":
                     opr = "==";
                     break;
@@ -342,22 +319,21 @@ reField = "("+tem.substring(0,tem.length() - 1)+")";
                     break;
             }
         }
-            return  opr;
 
+        return opr;
     }
 
     // 将x,y=z,w 形式改为 x=z||x=w||y=z||y=w形式
-    public static  String ArryEqlToString(String field,String value,String opr){
-         String reStr ="";
-        String[] fields =field.split(",");
-        String[] values =value.split(",");
-        for (int i=0; i<fields.length;i++) {
-            for(int t=0; t<values.length;t++){
-            reStr+= i==fields.length-1&&t==values.length-1? fields[i]+opr+values[t]:fields[i]+opr+values[t]+"||";
-
+    public static String arrayEqlToString(String field, String value, String opr) {
+        StringBuilder reStr = new StringBuilder();
+        String[] fields = field.split(",");
+        String[] values = value.split(",");
+        for (int i = 0; i < fields.length; i++) {
+            for (int t = 0; t < values.length; t++) {
+                reStr.append(i == fields.length - 1 && t == values.length - 1 ? fields[i] + opr + values[t] : fields[i] + opr + values[t] + "||");
             }
-
         }
-        return  reStr;
+
+        return reStr.toString();
     }
 }

PAS/src/main/java/cn/cslg/pas/common/utils/auth/checkAuth.java

@@ -5,13 +5,13 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 
-@Retention(RetentionPolicy.RUNTIME)
-@Documented
 /**
  * @author LRJ
  * @date 2022-8-23
  * @description 数据权限(增删改)条件判断注解
  */
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
 public @interface checkAuth {
     String FunId() default "0";
 

PAS/src/main/java/cn/cslg/pas/controller/ReportTemplateController.java

@@ -1,19 +1,17 @@
 package cn.cslg.pas.controller;
 
 
-import cn.cslg.pas.common.core.annotation.Permission;
 import cn.cslg.pas.common.core.base.Constants;
+import cn.cslg.pas.common.model.vo.TemplateConditionVO;
 import cn.cslg.pas.common.utils.Response;
 import cn.cslg.pas.common.utils.auth.checkAuth;
 import cn.cslg.pas.domain.ReportTemplate;
-import cn.cslg.pas.common.model.vo.TemplateConditionVO;
 import cn.cslg.pas.service.ReportTemplateService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.web.bind.annotation.*;
-
 import org.springframework.web.multipart.MultipartFile;
 
 /**
@@ -29,9 +27,8 @@ import org.springframework.web.multipart.MultipartFile;
 @RequestMapping(Constants.API_VERSION_V2 + "/report/template")
 @RequiredArgsConstructor(onConstructor_ = {@Lazy})
 public class ReportTemplateController {
-
     private final ReportTemplateService reportTemplateService;
-    @checkAuth(FunId = "/workspace/folder/analyticSystem/templateManager/check")
+
     @GetMapping("list")
     @Operation(summary = "模板列表")
     public String getList(TemplateConditionVO params) {
@@ -58,7 +55,7 @@ public class ReportTemplateController {
         return reportTemplateService.edit(file, reportTemplate);
     }
 
-    @checkAuth(FunId = "/workspace/folder/analyticSystem/templateManag")
+    @checkAuth(FunId = "/workspace/folder/analyticSystem/templateManager/delete")
     @PostMapping("delete")
     @Operation(summary = "删除模板")
     public String delete(Integer id) {