feat: implement data permission rules and context management with cac…

…hing support

app/Http/Admin/Controller/Permission/DepartmentController.php

@@ -56,7 +56,7 @@ public function __construct(
     public function pageList(): Result
     {
         return $this->success([
-            'list' => $this->service->getList($this->getRequestData())
+            'list' => $this->service->getList($this->getRequestData()),
         ]);
     }
 

app/Http/Admin/Controller/Permission/PositionController.php

@@ -118,4 +118,4 @@ public function delete(): Result
         $this->service->deleteById($this->getRequestData());
         return $this->success();
     }
-} 
+}

app/Http/Admin/Request/Permission/PositionRequest.php

@@ -55,4 +55,4 @@ public function attributes(): array
             'dept_id' => '部门ID',
         ];
     }
-} 
+}

app/Library/DataPermission/Aspects/DataScopeAspect.php

@@ -1,8 +1,19 @@
 <?php
 
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  [email protected]
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
+
 namespace App\Library\DataPermission\Aspects;
 
 use App\Library\DataPermission\Attribute\DataScope;
+use App\Library\DataPermission\Context as DataPermissionContext;
 use Hyperf\Context\Context;
 use Hyperf\Database\Query\Builder;
 use Hyperf\Di\Annotation\Aspect;
@@ -12,37 +23,36 @@
 #[Aspect]
 final class DataScopeAspect extends AbstractAspect
 {
-
     public const CONTEXT_KEY = 'data_permission';
 
     public array $annotations = [
-        DataScope::class
+        DataScope::class,
     ];
 
     public array $classes = [
-        Builder::class.'::update',
-        Builder::class.'::delete',
-        Builder::class.'::runSelect',
+        Builder::class . '::update',
+        Builder::class . '::delete',
+        Builder::class . '::runSelect',
     ];
 
     public function process(ProceedingJoinPoint $proceedingJoinPoint)
     {
         if (
-            isset($proceedingJoinPoint->getAnnotationMetadata()->class[DataScope::class]) ||
-            isset($proceedingJoinPoint->getAnnotationMetadata()->method[DataScope::class])
-        ){
+            isset($proceedingJoinPoint->getAnnotationMetadata()->class[DataScope::class])
+            || isset($proceedingJoinPoint->getAnnotationMetadata()->method[DataScope::class])
+        ) {
             return $this->handleDataScope($proceedingJoinPoint);
         }
 
-        if ($proceedingJoinPoint->className === Builder::class){
-            if ($proceedingJoinPoint->methodName==='runSelect'){
+        if ($proceedingJoinPoint->className === Builder::class) {
+            if ($proceedingJoinPoint->methodName === 'runSelect') {
                 return $this->handleSelect($proceedingJoinPoint);
             }
-            if ($proceedingJoinPoint->methodName==='delete'){
+            if ($proceedingJoinPoint->methodName === 'delete') {
                 return $this->handleDelete($proceedingJoinPoint);
             }
-            if ($proceedingJoinPoint->methodName==='update'){
-               return $this->handleUpdate($proceedingJoinPoint);
+            if ($proceedingJoinPoint->methodName === 'update') {
+                return $this->handleUpdate($proceedingJoinPoint);
             }
         }
         return $proceedingJoinPoint->process();
@@ -64,18 +74,27 @@ protected function handleSelect(ProceedingJoinPoint $proceedingJoinPoint)
          * @var Builder $builder
          */
         $builder = $proceedingJoinPoint->getInstance();
-        if (Context::has(self::CONTEXT_KEY)){
+        if (Context::has(self::CONTEXT_KEY)) {
             // todo 做数据权限处理
         }
         return $proceedingJoinPoint->process();
     }
 
-
     protected function handleDataScope(ProceedingJoinPoint $proceedingJoinPoint)
     {
         Context::set(self::CONTEXT_KEY, 1);
-        $result =  $proceedingJoinPoint->process();
+        /**
+         * @var DataScope $attribute
+         */
+        $attribute = $proceedingJoinPoint->getAnnotationMetadata()->class[DataScope::class];
+        if ($attribute === null) {
+            $attribute = $proceedingJoinPoint->getAnnotationMetadata()->method[DataScope::class];
+        }
+        DataPermissionContext::setDeptColumn($attribute->getDeptColumn());
+        DataPermissionContext::setCreatedByColumn($attribute->getCreatedByColumn());
+        DataPermissionContext::setScopeType($attribute->getScopeType());
+        $result = $proceedingJoinPoint->process();
         Context::destroy(self::CONTEXT_KEY);
         return $result;
     }
-}
+}

app/Library/DataPermission/Attribute/DataScope.php

@@ -1,12 +1,41 @@
 <?php
 
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  [email protected]
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
+
 namespace App\Library\DataPermission\Attribute;
 
-use Attribute;
+use App\Library\DataPermission\ScopeType;
 use Hyperf\Di\Annotation\AbstractAnnotation;
 
-#[Attribute(Attribute::TARGET_CLASS|Attribute::TARGET_METHOD)]
+#[\Attribute(\Attribute::TARGET_CLASS | \Attribute::TARGET_METHOD)]
 final class DataScope extends AbstractAnnotation
 {
+    public function __construct(
+        private readonly string $deptColumn = 'dept_id',
+        private readonly string $createdByColumn = 'created_by',
+        private readonly ScopeType $scopeType = ScopeType::DEPT_CREATED_BY,
+    ) {}
+
+    public function getDeptColumn(): string
+    {
+        return $this->deptColumn;
+    }
+
+    public function getCreatedByColumn(): string
+    {
+        return $this->createdByColumn;
+    }
 
-}
+    public function getScopeType(): ScopeType
+    {
+        return $this->scopeType;
+    }
+}

app/Library/DataPermission/Context.php

@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  [email protected]
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
+
+namespace App\Library\DataPermission;
+
+use Hyperf\Context\Context as Ctx;
+
+final class Context
+{
+    private const DEPT_COLUMN_KEY = 'data_permission_dept_column';
+
+    private const CREATED_BY_COLUMN_KEY = 'data_permission_created_by_column';
+
+    private const SCOPE_TYPE_KEY = 'data_permission_scope_type';
+
+    public static function getDeptColumn(): string
+    {
+        return Ctx::get(self::DEPT_COLUMN_KEY, 'dept_id');
+    }
+
+    public static function setDeptColumn(string $column = 'dept_id'): void
+    {
+        Ctx::set(self::DEPT_COLUMN_KEY, $column);
+    }
+
+    public static function getCreatedByColumn(): string
+    {
+        return Ctx::get(self::CREATED_BY_COLUMN_KEY, 'created_by');
+    }
+
+    public static function setCreatedByColumn(string $column = 'created_by'): void
+    {
+        Ctx::set(self::CREATED_BY_COLUMN_KEY, $column);
+    }
+
+    public static function setScopeType(ScopeType $scopeType): void
+    {
+        Ctx::set(self::SCOPE_TYPE_KEY, $scopeType);
+    }
+
+    public static function getScopeType(): ScopeType
+    {
+        return Ctx::get(self::SCOPE_TYPE_KEY, ScopeType::DEPT_CREATED_BY);
+    }
+}

app/Library/DataPermission/Factory.php

@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  [email protected]
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
+
+namespace App\Library\DataPermission;
+
+use App\Library\DataPermission\Rule\Rule;
+use App\Model\DataPermission\Policy;
+use App\Model\Permission\User;
+use Hyperf\Database\Query\Builder;
+
+final class Factory
+{
+    public function __construct(
+        private readonly Rule $rule
+    ) {}
+
+    public function build(
+        Builder $builder,
+        User $user,
+    ): void {
+        if ($user->isSuperAdmin()) {
+            return;
+        }
+        if (($policy = $user->getPolicy()) === null) {
+            return;
+        }
+        $scopeType = Context::getScopeType();
+        switch ($scopeType) {
+            case ScopeType::CREATED_BY:
+                self::handleCreatedBy($user, $policy, $builder);
+                break;
+            case ScopeType::DEPT:
+                self::handleDept($user, $policy, $builder);
+                break;
+            case ScopeType::DEPT_CREATED_BY:
+                self::handleDeptCreatedBy($user, $policy, $builder);
+                break;
+            case ScopeType::DEPT_OR_CREATED_BY:
+                self::handleDeptOrCreatedBy($user, $policy, $builder);
+                break;
+        }
+    }
+
+    private function handleCreatedBy(User $user, Policy $policy, Builder $builder): void
+    {
+        $createdByList = $this->rule->getCreatedByList($user, $policy);
+        $builder->whereIn(Context::getCreatedByColumn(), $createdByList);
+    }
+
+    private function handleDept(User $user, Policy $policy, Builder $builder): void
+    {
+        $deptList = $this->rule->getDeptIds($user, $policy);
+        $builder->whereIn(Context::getDeptColumn(), $deptList);
+    }
+
+    private function handleDeptCreatedBy(User $user, Policy $policy, Builder $builder): void
+    {
+        $createdByList = $this->rule->getCreatedByList($user, $policy);
+        $deptList = $this->rule->getDeptIds($user, $policy);
+        $builder->whereIn(Context::getCreatedByColumn(), $createdByList)
+            ->whereIn(Context::getDeptColumn(), $deptList);
+    }
+
+    private function handleDeptOrCreatedBy(User $user, Policy $policy, Builder $builder): void
+    {
+        $createdByList = $this->rule->getCreatedByList($user, $policy);
+        $deptList = $this->rule->getDeptIds($user, $policy);
+        $builder->where(static function (Builder $query) use ($createdByList, $deptList) {
+            $query->whereIn(Context::getCreatedByColumn(), $createdByList)
+                ->orWhereIn(Context::getDeptColumn(), $deptList);
+        });
+    }
+}

app/Library/DataPermission/Manager.php

@@ -1,8 +1,15 @@
 <?php
 
-namespace App\Library\DataPermission;
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  [email protected]
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
 
-final class Manager
-{
+namespace App\Library\DataPermission;
 
-}
+final class Manager {}

app/Library/DataPermission/Rule/CustomFuncFactory.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of MineAdmin.
+ *
+ * @link     https://www.mineadmin.com
+ * @document https://doc.mineadmin.com
+ * @contact  [email protected]
+ * @license  https://github.com/mineadmin/MineAdmin/blob/master/LICENSE
+ */
+
+namespace App\Library\DataPermission\Rule;
+
+final class CustomFuncFactory
+{
+    /**
+     * @var array<string,\Closure>
+     */
+    private static array $customFunc = [];
+
+    public static function registerCustomFunc(string $name, \Closure $func): void
+    {
+        self::$customFunc[$name] = $func;
+    }
+
+    public static function getCustomFunc(string $name): \Closure
+    {
+        if (isset(self::$customFunc[$name])) {
+            return self::$customFunc[$name];
+        }
+        throw new \RuntimeException('Custom func not found');
+    }
+}