加了权限验证

servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseManageApi.java

@@ -19,6 +19,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.xboe.TempFilterConfig;
 import com.xboe.account.entity.Account;
 import com.xboe.common.PageList;
 import com.xboe.common.Pagination;
@@ -26,6 +27,8 @@ import com.xboe.core.CurrentUser;
 import com.xboe.core.JsonResponse;
 import com.xboe.core.api.ApiBaseController;
 import com.xboe.core.log.AutoLog;
+import com.xboe.core.orm.FieldFilters;
+import com.xboe.data.outside.IOutSideDataService;
 import com.xboe.externalinterface.system.service.IFwUserService;
 import com.xboe.module.assistance.service.IEmailService;
 import com.xboe.module.course.dto.CourseExportDto;
@@ -95,9 +98,12 @@ public class CourseManageApi extends ApiBaseController{
 	@Resource
 	private IUserService userService;
 	
-	@Autowired
+	@Resource
 	private ICourseHRBPAuditService hrbpAuditService;
 	
+	@Resource
+	IOutSideDataService outSideDataService;
+	
 	/**
 	 * 管理列表的查询
 	 * @param pager
@@ -107,8 +113,23 @@ public class CourseManageApi extends ApiBaseController{
 	@PostMapping("/pagelist")
 	public JsonResponse<PageList<Course>> findPage(Pagination pager,CourseQueryDto dto){
 		
-		PageList<Course> coursePageList = courseService.findPage(pager.getPageIndex(), pager.getPageSize(),dto);
-		return success(coursePageList);
+		//增加权限的过滤,只要看到自己或有权限的机构的
+        try {
+	        List<String> orgIds = outSideDataService.getOrgIds();
+	        String ids= StringUtils.join(orgIds,",");
+	        String aid=getCurrent().getAccountId();
+	        //如果前端查询当前人的，这里去掉
+	        if(StringUtils.isNotBlank( dto.getAid())) {
+	        	dto.setAid(null);
+	        }
+	        dto.setOrgAid(aid);
+	        dto.setOrgIds(ids);
+	        PageList<Course> coursePageList = courseService.findPage(pager.getPageIndex(), pager.getPageSize(),dto);
+			return success(coursePageList);
+        }catch(Exception e) {
+        	log.error("管理课程列表查询错误",e);
+        	return error("查询失败",e.getMessage());
+        }
 		
 	}
 	

servers/boe-server-all/src/main/java/com/xboe/module/course/dto/CourseQueryDto.java

@@ -98,7 +98,10 @@ public class CourseQueryDto {
     private Integer openCourse;
 
     /**
-     * 表资源归属的in查询
+     * 表资源归属的in查询,多个使用逗号分隔
      * */
-    private String orgId;
+    private String orgIds;
+    
+    /**用户权限的查询*/
+    private String orgAid;
 }

servers/boe-server-all/src/main/java/com/xboe/module/course/service/impl/CourseServiceImpl.java

@@ -17,6 +17,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.xboe.TempFilterConfig;
 import com.xboe.account.service.IAccountService;
 import com.xboe.common.OrderCondition;
 import com.xboe.common.PageList;
@@ -199,20 +200,11 @@ public class CourseServiceImpl implements ICourseService {
         if(StringUtils.isNotBlank(dto.getSysType1())){
         	filters.add(FieldFilters.eq("sysType1",dto.getSysType1()));
         }
-
         
         if(dto.getPublish()!=null){
         	filters.add(FieldFilters.eq("published",dto.getPublish()));
         }
-        if(StringUtil.isNotBlank(dto.getOrgId())){
-        	if(dto.getOrgId().contains(",")){
-				String[] split = dto.getOrgId().split(",");
-				List<String> strings = Arrays.asList(split);
-        		filters.add(FieldFilters.in("orgId",strings));
-			}else {
-        		filters.add(FieldFilters.eq("orgId",dto.getOrgId()));
-			}
-		}
+        
         return filters;
     }
 
@@ -250,6 +242,25 @@ public class CourseServiceImpl implements ICourseService {
 	@Override
 	public PageList<Course> findPage(int pageIndex, int pageSize, CourseQueryDto dto) {
 		List<IFieldFilter> filters = createFilters(dto);
+		
+		//有权限的查询，也同时查询出创建人的数据，在权限上
+        if(TempFilterConfig.Manager_CourseFile_ByOrgIds && StringUtils.isNotBlank(dto.getOrgAid())) {
+	        if(StringUtil.isNotBlank(dto.getOrgIds())){
+	        	if(dto.getOrgIds().contains(",")){
+					String[] split = dto.getOrgIds().split(",");
+					List<String> strings = Arrays.asList(split);
+					//filters.add(FieldFilters.in("orgId",strings));
+	        		filters.add(FieldFilters.or(FieldFilters.in("orgId",strings),FieldFilters.eq("sysCreateAid",dto.getOrgAid())));
+				}else {
+	        		//filters.add(FieldFilters.eq("orgId",dto.getOrgIds()));
+	        		filters.add(FieldFilters.or(FieldFilters.eq("orgId",dto.getOrgIds()),FieldFilters.eq("sysCreateAid",dto.getOrgAid())));
+				}
+			}else {
+				//没有机构权限，只能查出自己创建的
+				filters.add(FieldFilters.eq("sysCreateAid",dto.getOrgAid()));
+			}
+        }
+		
 		//自动添加过滤已删除
 		filters.add(FieldFilters.eq("deleted",false));
 		OrderCondition oc=null;