数据权限校验

purchase-admin/src/main/java/com/ozs/web/controller/plan/MonthlyReconciliationController.java

@@ -9,7 +9,9 @@ import com.ozs.common.constant.Constants;
 import com.ozs.common.constant.ModularConstans;
 import com.ozs.common.core.controller.BaseController;
 import com.ozs.common.core.domain.AjaxResult;
+import com.ozs.common.core.domain.entity.SysDept;
 import com.ozs.common.core.domain.entity.SysDictData;
+import com.ozs.common.core.domain.entity.SysRole;
 import com.ozs.common.enums.BusinessType;
 import com.ozs.common.enums.SysFileRefEnum;
 import com.ozs.plan.doman.MonthlyReconciliation;
@@ -31,6 +33,7 @@ import org.springframework.util.ObjectUtils;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.constraints.NotEmpty;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
@@ -69,14 +72,54 @@ public class MonthlyReconciliationController extends BaseController {
         if (!StringUtils.isBlank(vo.getPurchaseServices())) {
             lw.eq(MonthlyReconciliation::getPurchaseServices, vo.getPurchaseServices());
         }
-        if(!ObjectUtils.isEmpty(vo.getStartTime())){
-            lw.ge(MonthlyReconciliation::getPlanDemandSubTime,vo.getStartTime());
+        if (!ObjectUtils.isEmpty(vo.getStartTime())) {
+            lw.ge(MonthlyReconciliation::getPlanDemandSubTime, vo.getStartTime());
         }
-        if(!ObjectUtils.isEmpty(vo.getStartTime())){
-            lw.le(MonthlyReconciliation::getPlanDemandSubTime,vo.getEntTime());
+        if (!ObjectUtils.isEmpty(vo.getStartTime())) {
+            lw.le(MonthlyReconciliation::getPlanDemandSubTime, vo.getEntTime());
         }
+
+        // 添加数据权限
+        List<String> roleKeys = getLoginUser().getUser().getRoles().stream().map(SysRole::getRoleKey).collect(Collectors.toList());
+        if (roleKeys.contains(Constants.DEMAND_UNIT)) {
+            // 需求单位
+            /*（purchase_dept_id = 当前用户deptID） */
+            lw.eq(MonthlyReconciliation::getPurchaseDeptId, getDeptId());
+        } else if (roleKeys.contains(Constants.PURCHASING_MANAGEMENT)
+                || roleKeys.contains(Constants.PURCHASE_SERVICES)) {
+            // 采购管理部门  或  采购办
+            /*  (purchase_dept_id = 当前用户deptID  AND  is_excess = 0)
+                OR
+                (purchase_dept_id IN (当前用户 子deptId 集合) and AND  is_excess = 1)
+             */
+            SysDept sysDept = new SysDept();
+            sysDept.setParentId(getDeptId());
+            sysDept.setStatus("0");
+            List<Long> childDeptIds = iSysDeptService.selectDeptList(sysDept)
+                    .stream()
+                    .map(SysDept::getDeptId)
+                    .collect(Collectors.toList());
+            if(ObjectUtils.isEmpty(childDeptIds)){
+                lw.and((wrapper) -> {
+                    wrapper.eq(MonthlyReconciliation::getIsExcess, 0);
+                    wrapper.eq(MonthlyReconciliation::getPurchaseDeptId, getDeptId());
+                });
+            }else {
+                lw.and((wrapper) -> {
+                    wrapper.eq(MonthlyReconciliation::getIsExcess, 0);
+                    wrapper.eq(MonthlyReconciliation::getPurchaseDeptId, getDeptId());
+                })
+                        .or((wrapper) -> {
+                            wrapper.eq(MonthlyReconciliation::getIsExcess, 1);
+                            wrapper.in(MonthlyReconciliation::getPurchaseDeptId, getDeptId());
+                        });
+            }
+        }
+
+//
+//                    .or(lw.in(MonthlyReconciliation::getPurchaseDeptId, Arrays.asList()).eq());
         IPage<MonthlyReconciliation> page = monthlyReconciliationService.page(new Page<>(vo.getPageNum(), vo.getPageSize()), lw);
-        if (!ObjectUtils.isEmpty(page.getRecords()) && page.getRecords().size() >0) {
+        if (!ObjectUtils.isEmpty(page.getRecords()) && page.getRecords().size() > 0) {
             page.setRecords(page.getRecords().stream().map(dto -> {
                 // 采购单位名称
                 Map<String, Object> stringObjectMap = iSysDeptService.selectDeptById(dto.getPurchaseDeptId());
@@ -89,7 +132,7 @@ public class MonthlyReconciliationController extends BaseController {
                 if (!ObjectUtils.isEmpty(data)) {
                     List<SysDictData> collect = data.stream()
                             .filter(d -> d.getDictValue().equals(dto.getPurchaseServices())).collect(Collectors.toList());
-                    if(!ObjectUtils.isEmpty(collect)){
+                    if (!ObjectUtils.isEmpty(collect)) {
                         dto.setPurchaseServicesName(collect.get(0).getDictLabel());
                     }
                 }
@@ -131,7 +174,7 @@ public class MonthlyReconciliationController extends BaseController {
             if (!ObjectUtils.isEmpty(data)) {
                 List<SysDictData> collect = data.stream()
                         .filter(d -> d.getDictValue().equals(vo.getPurchaseServices())).collect(Collectors.toList());
-                if(!ObjectUtils.isEmpty(collect)){
+                if (!ObjectUtils.isEmpty(collect)) {
                     vo.setPurchaseServicesName(collect.get(0).getDictLabel());
                 }
             }

purchase-admin/src/main/resources/application-test.yml

@@ -15,7 +15,7 @@ purchase:
   # 验证码类型 math 数组计算 char 字符验证
   captchaType: math
   # 全部用户是否开启接口权限校验，排除admin用户
-  permissionsEnable: false
+  permissionsEnable: true
 
 # 开发环境配置
 server:

purchase-common/src/main/java/com/ozs/common/constant/Constants.java

@@ -147,4 +147,12 @@ public class Constants {
 
     // 采购服务站
     public static final String PURCHASE_SERVICES = "purchase_services";
+
+
+    // 需求单位
+    public static final String DEMAND_UNIT ="demand_unit";
+    // 采购管理部门
+    public static final String PURCHASING_MANAGEMENT ="purchasing_management";
+    // 采购办
+    public static final String PROCUREMENT_OFFICE ="procurement_office";
 }