mirror of
https://codeup.aliyun.com/67762337eccfc218f6110e0e/per-boe/java-servers.git
synced 2025-12-20 00:06:53 +08:00
加了权限验证
This commit is contained in:
daihh
@@ -19,6 +19,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
|||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
import com.xboe.TempFilterConfig;
|
||||||
import com.xboe.account.entity.Account;
|
import com.xboe.account.entity.Account;
|
||||||
import com.xboe.common.PageList;
|
import com.xboe.common.PageList;
|
||||||
import com.xboe.common.Pagination;
|
import com.xboe.common.Pagination;
|
||||||
@@ -26,6 +27,8 @@ import com.xboe.core.CurrentUser;
|
|||||||
import com.xboe.core.JsonResponse;
|
import com.xboe.core.JsonResponse;
|
||||||
import com.xboe.core.api.ApiBaseController;
|
import com.xboe.core.api.ApiBaseController;
|
||||||
import com.xboe.core.log.AutoLog;
|
import com.xboe.core.log.AutoLog;
|
||||||
|
import com.xboe.core.orm.FieldFilters;
|
||||||
|
import com.xboe.data.outside.IOutSideDataService;
|
||||||
import com.xboe.externalinterface.system.service.IFwUserService;
|
import com.xboe.externalinterface.system.service.IFwUserService;
|
||||||
import com.xboe.module.assistance.service.IEmailService;
|
import com.xboe.module.assistance.service.IEmailService;
|
||||||
import com.xboe.module.course.dto.CourseExportDto;
|
import com.xboe.module.course.dto.CourseExportDto;
|
||||||
@@ -95,9 +98,12 @@ public class CourseManageApi extends ApiBaseController{
|
|||||||
@Resource
|
@Resource
|
||||||
private IUserService userService;
|
private IUserService userService;
|
||||||
|
|
||||||
@Autowired
|
@Resource
|
||||||
private ICourseHRBPAuditService hrbpAuditService;
|
private ICourseHRBPAuditService hrbpAuditService;
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
IOutSideDataService outSideDataService;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 管理列表的查询
|
* 管理列表的查询
|
||||||
* @param pager
|
* @param pager
|
||||||
@@ -107,8 +113,23 @@ public class CourseManageApi extends ApiBaseController{
|
|||||||
@PostMapping("/pagelist")
|
@PostMapping("/pagelist")
|
||||||
public JsonResponse<PageList<Course>> findPage(Pagination pager,CourseQueryDto dto){
|
public JsonResponse<PageList<Course>> findPage(Pagination pager,CourseQueryDto dto){
|
||||||
|
|
||||||
|
//增加权限的过滤,只要看到自己或有权限的机构的
|
||||||
|
try {
|
||||||
|
List<String> orgIds = outSideDataService.getOrgIds();
|
||||||
|
String ids= StringUtils.join(orgIds,",");
|
||||||
|
String aid=getCurrent().getAccountId();
|
||||||
|
//如果前端查询当前人的,这里去掉
|
||||||
|
if(StringUtils.isNotBlank( dto.getAid())) {
|
||||||
|
dto.setAid(null);
|
||||||
|
}
|
||||||
|
dto.setOrgAid(aid);
|
||||||
|
dto.setOrgIds(ids);
|
||||||
PageList<Course> coursePageList = courseService.findPage(pager.getPageIndex(), pager.getPageSize(),dto);
|
PageList<Course> coursePageList = courseService.findPage(pager.getPageIndex(), pager.getPageSize(),dto);
|
||||||
return success(coursePageList);
|
return success(coursePageList);
|
||||||
|
}catch(Exception e) {
|
||||||
|
log.error("管理课程列表查询错误",e);
|
||||||
|
return error("查询失败",e.getMessage());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -98,7 +98,10 @@ public class CourseQueryDto {
|
|||||||
private Integer openCourse;
|
private Integer openCourse;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 表资源归属的in查询
|
* 表资源归属的in查询,多个使用逗号分隔
|
||||||
* */
|
* */
|
||||||
private String orgId;
|
private String orgIds;
|
||||||
|
|
||||||
|
/**用户权限的查询*/
|
||||||
|
private String orgAid;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -17,6 +17,7 @@ import org.springframework.stereotype.Service;
|
|||||||
import org.springframework.transaction.annotation.Propagation;
|
import org.springframework.transaction.annotation.Propagation;
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
import org.springframework.transaction.annotation.Transactional;
|
||||||
|
|
||||||
|
import com.xboe.TempFilterConfig;
|
||||||
import com.xboe.account.service.IAccountService;
|
import com.xboe.account.service.IAccountService;
|
||||||
import com.xboe.common.OrderCondition;
|
import com.xboe.common.OrderCondition;
|
||||||
import com.xboe.common.PageList;
|
import com.xboe.common.PageList;
|
||||||
@@ -200,19 +201,10 @@ public class CourseServiceImpl implements ICourseService {
|
|||||||
filters.add(FieldFilters.eq("sysType1",dto.getSysType1()));
|
filters.add(FieldFilters.eq("sysType1",dto.getSysType1()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if(dto.getPublish()!=null){
|
if(dto.getPublish()!=null){
|
||||||
filters.add(FieldFilters.eq("published",dto.getPublish()));
|
filters.add(FieldFilters.eq("published",dto.getPublish()));
|
||||||
}
|
}
|
||||||
if(StringUtil.isNotBlank(dto.getOrgId())){
|
|
||||||
if(dto.getOrgId().contains(",")){
|
|
||||||
String[] split = dto.getOrgId().split(",");
|
|
||||||
List<String> strings = Arrays.asList(split);
|
|
||||||
filters.add(FieldFilters.in("orgId",strings));
|
|
||||||
}else {
|
|
||||||
filters.add(FieldFilters.eq("orgId",dto.getOrgId()));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return filters;
|
return filters;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -250,6 +242,25 @@ public class CourseServiceImpl implements ICourseService {
|
|||||||
@Override
|
@Override
|
||||||
public PageList<Course> findPage(int pageIndex, int pageSize, CourseQueryDto dto) {
|
public PageList<Course> findPage(int pageIndex, int pageSize, CourseQueryDto dto) {
|
||||||
List<IFieldFilter> filters = createFilters(dto);
|
List<IFieldFilter> filters = createFilters(dto);
|
||||||
|
|
||||||
|
//有权限的查询,也同时查询出创建人的数据,在权限上
|
||||||
|
if(TempFilterConfig.Manager_CourseFile_ByOrgIds && StringUtils.isNotBlank(dto.getOrgAid())) {
|
||||||
|
if(StringUtil.isNotBlank(dto.getOrgIds())){
|
||||||
|
if(dto.getOrgIds().contains(",")){
|
||||||
|
String[] split = dto.getOrgIds().split(",");
|
||||||
|
List<String> strings = Arrays.asList(split);
|
||||||
|
//filters.add(FieldFilters.in("orgId",strings));
|
||||||
|
filters.add(FieldFilters.or(FieldFilters.in("orgId",strings),FieldFilters.eq("sysCreateAid",dto.getOrgAid())));
|
||||||
|
}else {
|
||||||
|
//filters.add(FieldFilters.eq("orgId",dto.getOrgIds()));
|
||||||
|
filters.add(FieldFilters.or(FieldFilters.eq("orgId",dto.getOrgIds()),FieldFilters.eq("sysCreateAid",dto.getOrgAid())));
|
||||||
|
}
|
||||||
|
}else {
|
||||||
|
//没有机构权限,只能查出自己创建的
|
||||||
|
filters.add(FieldFilters.eq("sysCreateAid",dto.getOrgAid()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//自动添加过滤已删除
|
//自动添加过滤已删除
|
||||||
filters.add(FieldFilters.eq("deleted",false));
|
filters.add(FieldFilters.eq("deleted",false));
|
||||||
OrderCondition oc=null;
|
OrderCondition oc=null;
|
||||||
|
|||||||
Reference in New Issue
Block a user