Implementing Data Permission Interceptor in MyBatis-Plus Using Annotations
This article explains how to create a custom annotation and a MyBatis-Plus interceptor that automatically adds data‑permission WHERE clauses based on the current user's role, covering both a basic implementation and an advanced version with role‑based scope handling.
The article demonstrates a solution for adding data‑permission filtering in MyBatis‑Plus by using a custom annotation and an interceptor that modifies the SQL before execution, ensuring that only the required interfaces are intercepted.
Steps to implement:
Create a custom annotation class @interface UserDataPermission {}
Implement an interceptor class that extends JsqlParserSupport and implements InnerInterceptor , overriding beforeQuery and processSelect to inject WHERE conditions.
Develop a handler class ( MyDataPermissionHandler ) that builds the appropriate SQL segment based on the current user and role.
Register the interceptor in the MyBatis‑Plus plugin configuration.
Basic code examples:
Custom annotation:
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
public @interface UserDataPermission {}Interceptor implementation (simplified):
public class MyDataPermissionInterceptor extends JsqlParserSupport implements InnerInterceptor {
private MyDataPermissionHandler dataPermissionHandler;
@Override
public void beforeQuery(Executor executor, MappedStatement ms, Object parameter, RowBounds rowBounds, ResultHandler resultHandler, BoundSql boundSql) throws SQLException {
if (InterceptorIgnoreHelper.willIgnoreDataPermission(ms.getId())) return;
PluginUtils.MPBoundSql mpBs = PluginUtils.mpBoundSql(boundSql);
mpBs.sql(this.parserSingle(mpBs.sql(), ms.getId()));
}
@Override
protected void processSelect(Select select, int index, String sql, Object obj) {
// modify SELECT ...
}
private void setWhere(PlainSelect plainSelect, String whereSegment) {
// build where clause
}
}Handler example (basic version):
public class MyDataPermissionHandler {
public Expression getSqlSegment(PlainSelect plainSelect, String whereSegment) {
// obtain current user, build equality expression on creator_code
}
}Registering the interceptor:
@Bean
public MybatisPlusInterceptor mybatisPlusInterceptor() {
MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
MyDataPermissionInterceptor dataPermissionInterceptor = new MyDataPermissionInterceptor();
dataPermissionInterceptor.setDataPermissionHandler(new MyDataPermissionHandler());
interceptor.addInnerInterceptor(dataPermissionInterceptor);
interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
return interceptor;
}Advanced version adds role‑based scope handling. It defines DataScope and DataPermission enums, retrieves the current user's roles via remote services, and constructs different WHERE clauses (ALL, DEPT, MYSELF) using AndExpression , InExpression , or EqualsTo as appropriate.
Usage: annotate mapper methods with @UserDataPermission to enable automatic data‑permission filtering.
Key reminders:
Ensure the interceptor is added to the MyBatis‑Plus plugin.
The filtering field (e.g., creator_code ) must exist in the target tables.
Code Ape Tech Column
Former Ant Group P8 engineer, pure technologist, sharing full‑stack Java, job interview and career advice through a column. Site: java-family.cn
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.