课件查询的权限控制问题

2025-12-11 03:46:50 +08:00 · 2023-03-07 16:53:09 +08:00
parent 7e26c9935f
commit 830b09bd78
1 changed files with 26 additions and 6 deletions
--- a/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseFileApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseFileApi.java
@@ -174,13 +174,33 @@ public class CourseFileApi extends ApiBaseController {
        }

        //默认是查询自己的课件。
-        if (self == null) {
-            self = false;
-        }
-        if (self) {
-            filters.add(FieldFilters.eq("sysCreateAid", getCurrent().getAccountId()));
-        }
+//        if (self == null) {
+//            self = false;
+//        }
+//        if (self) {
+//            filters.add(FieldFilters.eq("sysCreateAid", getCurrent().getAccountId()));
+//        }
        //
+        //增加权限的过滤,只要看到自己或有权限的机构的
+        if(TempFilterConfig.Manager_CourseFile_ByOrgIds) {
+        	UserOrgIds userOrgIds=outSideDataService.getOrgIds();
+	        List<String> orgIds = userOrgIds.getIds();
+	        String aid=getCurrent().getAccountId();
+	        //如果是超级管理员，就不按机构过滤了
+	        boolean  isSystemAdmin=false;
+	        if(userOrgIds.getPermissions().containsKey(UserOrgIds.IsSystemAdminKey)) {
+	        	isSystemAdmin=userOrgIds.getPermissions().get(UserOrgIds.IsSystemAdminKey);
+	        }
+	        if(!isSystemAdmin) {
+	        	 if(!orgIds.isEmpty()){
+	 	        	//filters.add(FieldFilters.in("orgId", orgIds));
+	 	        	filters.add(FieldFilters.or(FieldFilters.eq("sysCreateAid", aid),FieldFilters.in("orgId", orgIds)));
+	 	        }else {
+	 	        	filters.add(FieldFilters.eq("sysCreateAid", aid));
+	 	        }
+	        }
+	       
+        }
        PageList<CourseFile> courseFilePageList = courseFileService.queryPage(pager.getPageIndex(), pager.getPageSize(), OrderCondition.desc("id"), filters);
        return success(courseFilePageList);
    }