Oracle 函数 “数据控制，指定某些人只能查看他权限范围内的信息”

Posted 2020-10-14 DSHORE

 1 create or replace function work_plan_mask (p_schema VARCHAR2,p_table VARCHAR2)
 2 
 3  return Varchar2 AS  -- 数据控制，指定某些人只能查看他权限范围内的信息
 4   
 5     v_predicate  VARCHAR2(1000) := ‘1=2‘;
 6     v_personcode Personnel.Person_Code%TYPE := SYS_CONTEXT(get_context_name,‘PERSON_CODE‘);
 7     v_user_name work_plan.reporter%type := SYS_CONTEXT(get_context_name,‘APP_USER_NAME‘);  -- 获取当前账号
 8     v_number     NUMBER;
 9     
10     cursor get_work_plan_role is
11          select count(*)
12          from application_roles
13          WHERE role_name = ‘work_plan_search‘ AND username = v_user_name; -- work_plan_search：系统里（给了权限）的角色
14 
15 BEGIN
16   
17     IF v_personcode in(‘00013‘,‘00016‘) THEN -- 指定这几个人可看
18     RETURN ‘1=1‘; -- 返回 true
19     END IF;
20     
21     insert into person_code_temp -- 将下面查询出来的结果插入person_code_temp(临时表)表中
22       SELECT p.PERSON_CODE   -- 树状查询 (查出当前编号以及下一级、下下一级...等 编号，比如：总经理以及所有下属的编号)
23       FROM PERSONNEL p
24       CONNECT BY  p.MANAGER = PRIOR p.PERSON_CODE
25       START WITH p.PERSON_CODE = v_personcode;
26   
27     open get_work_plan_role;
28     fetch get_work_plan_role into v_number;
29     close get_work_plan_role;
30   
31     v_predicate := ‘reporter = ‘‘‘ || v_user_name || ‘‘‘ OR ‘ || v_number || ‘ > 0 ‘ ||
32                  ‘ OR INSERT_USER = ‘‘‘ || v_user_name || ‘‘‘‘ || 
33                  ‘ OR INSERT_USER IN ( SELECT get_username(P.PERSON_CODE) FROM person_code_temp P)‘;
34 
35   RETURN v_predicate;
36 end work_plan_mask;

 

这个函数 SYS_CONTEXT()，可以参考 http://blog.csdn.net/rfb0204421/article/details/7861332  或  http://blog.csdn.net/kadwf123/article/details/8065673