权限控制

src/main/java/cn/cslg/pas/common/utils/Response.java

@@ -76,12 +76,12 @@ public class Response {
         return response;
     }
 
-    public static String noPermissions(String message) {
+    public static Response noPermissions(String message) {
         Response response = new Response();
         response.setCode(ResponseEnum.NO_PERMISSION.getCode());
         response.setData(Boolean.FALSE);
         response.setMessage(message);
-        return JsonUtils.objectToJson(response);
+        return response;
     }
 
 

src/main/java/cn/cslg/pas/controller/EventController.java

@@ -1,5 +1,6 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.auth.checkAuth;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.dto.business.EventDTO;
 import cn.cslg.pas.common.dto.business.UpdateEventDTO;
@@ -38,6 +39,7 @@ public class EventController {
 
     @Operation(summary = "查询事件")
     @PostMapping("/queryEvent")
+    @checkAuth(FunId = "xiaoshi/event/search")
     public Response queryEvent(@RequestBody StringRequest stringRequest) throws Exception {
         Business business = businessFactory.getClass("eventService");
         Records records = (Records) business.queryMessage(stringRequest);
@@ -47,6 +49,7 @@ public class EventController {
 
     @Operation(summary = "添加事件")
     @PostMapping("/addEvent")
+    @checkAuth(FunId = "xiaoshi/event/add")
     public Response addEvent(String event, List<MultipartFile> files) throws Exception {
         if (event != null) {
             EventDTO eventDTO = JSONObject.parseObject(event, EventDTO.class);
@@ -71,6 +74,7 @@ public class EventController {
 
     @Operation(summary = "更新事件")
     @PostMapping("/updateEvent")
+    @checkAuth(FunId = "xiaoshi/event/edit")
     public Response updateEvent(String event, List<MultipartFile> files) throws Exception {
         if (event != null) {
             UpdateEventDTO updateEventDTO = JSONObject.parseObject(event, UpdateEventDTO.class);
@@ -85,6 +89,7 @@ public class EventController {
 
     @Operation(summary = "删除事件")
     @PostMapping("/deleteEvent")
+    @checkAuth(FunId = "xiaoshi/event/delete")
     public String deleteEvent(@RequestBody List<Integer> ids) throws Exception {
         Business business = businessFactory.getClass("eventService");
         business.deleteMessage(ids);
@@ -93,6 +98,7 @@ public class EventController {
 
     @Operation(summary = "分组事件")
     @PostMapping("/groupEvent")
+    @checkAuth(FunId = "xiaoshi/event/group")
     public Response groupEvent(@RequestBody StringGroupRequest stringGroupRequest) throws Exception {
         Business business = businessFactory.getClass("eventService");
         Records records = (Records)business.getGroup(stringGroupRequest,"event");

src/main/java/cn/cslg/pas/controller/ProductCategoryController.java

@@ -1,5 +1,6 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.auth.checkAuth;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.dto.business.ProductCategoryDTO;
 import cn.cslg.pas.common.dto.business.UpdateProductCategoryDTO;
@@ -26,6 +27,7 @@ import java.util.List;
 
 /**
  * 产品类别的Controller层
+ *
  * @Author xiexiang
  * @Date 2023/10/24
  */
@@ -38,7 +40,8 @@ public class ProductCategoryController {
 
     @Operation(summary = "查询产品类别")
     @PostMapping("/queryProductCategory")
-    public Response queryProductCategory(@RequestBody  StringRequest stringRequest) throws Exception {
+    @checkAuth(FunId = "xiaoshi/product")
+    public Response queryProductCategory(@RequestBody StringRequest stringRequest) throws Exception {
         Business business = businessFactory.getClass("productCategoryService");
         Records records = (Records) business.queryMessage(stringRequest);
         return Response.success(records);
@@ -46,6 +49,7 @@ public class ProductCategoryController {
 
     @Operation(summary = "添加产品类别")
     @PostMapping("/addProductCategory")
+    @checkAuth(FunId = "xiaoshi/product")
     public Response addProductCategory(String productCategory, List<MultipartFile> files) throws Exception {
         if (productCategory != null && productCategory != "") {
             ProductCategoryDTO productCategoryDTO = JSONObject.parseObject(productCategory, ProductCategoryDTO.class);
@@ -53,8 +57,8 @@ public class ProductCategoryController {
             Integer id = null;
             try {
                 id = (Integer) business.addMessage(productCategoryDTO, files);
-            } catch (Exception e){
-                if(e instanceof XiaoShiException) {
+            } catch (Exception e) {
+                if (e instanceof XiaoShiException) {
                     return Response.error(e.getMessage());
                 } else if (e instanceof UnLoginException) {
                     return Response.unLogin(e.getMessage());
@@ -70,18 +74,21 @@ public class ProductCategoryController {
 
     @Operation(summary = "更新产品类别")
     @PostMapping("/updateProductCategory")
+    @checkAuth(FunId = "xiaoshi/product")
     public Response updateProductCategory(String productCategory, List<MultipartFile> files) throws Exception {
         if (productCategory != null) {
             UpdateProductCategoryDTO updateProductCategoryDTO = JSONObject.parseObject(productCategory, UpdateProductCategoryDTO.class);
             Business business = businessFactory.getClass("productCategoryService");
-            business.updateMessage(updateProductCategoryDTO,files);
+            business.updateMessage(updateProductCategoryDTO, files);
             return Response.success(1);
         } else {
             return Response.error("网络异常");
         }
     }
+
     @Operation(summary = "删除产品类别")
     @PostMapping("/deleteProductCategory")
+    @checkAuth(FunId = "xiaoshi/product")
     public String deleteProductCategory(@RequestBody List<Integer> ids) throws Exception {
         Business business = businessFactory.getClass("productCategoryService");
         business.deleteMessage(ids);

src/main/java/cn/cslg/pas/controller/ProductController.java

@@ -1,5 +1,6 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.auth.checkAuth;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.dto.business.ProductDTO;
 import cn.cslg.pas.common.dto.business.UpdateProductDTO;
@@ -42,6 +43,7 @@ public class ProductController {
 
     @Operation(summary = "查询产品")
     @PostMapping("/queryProduct")
+    @checkAuth(FunId = "xiaoshi/product")
     public Response queryProduct(@RequestBody StringRequest stringRequest) throws Exception {
         Business business = businessFactory.getClass("productService");
         Records records = (Records) business.queryMessage(stringRequest);
@@ -50,6 +52,7 @@ public class ProductController {
 
     @Operation(summary = "添加产品")
     @PostMapping("/addProduct")
+    @checkAuth(FunId = "xiaoshi/product")
     public Response addProduct(String product, List<MultipartFile> files) throws Exception {
         if (product != null && product != "") {
             ProductDTO productDTO = JSONObject.parseObject(product, ProductDTO.class);
@@ -74,6 +77,7 @@ public class ProductController {
 
     @Operation(summary = "更新产品")
     @PostMapping("/updateProduct")
+    @checkAuth(FunId = "xiaoshi/product")
     public Response updateProduct(String product, List<MultipartFile> files) throws Exception {
         if(product != null){
             UpdateProductDTO updateProductDTO = JSONObject.parseObject(product, UpdateProductDTO.class);
@@ -87,6 +91,7 @@ public class ProductController {
 
     @Operation(summary = "删除产品")
     @PostMapping("/deleteProduct")
+    @checkAuth(FunId = "xiaoshi/product")
     public String deleteProduct(@RequestBody List<Integer> ids) throws Exception {
         Business business = businessFactory.getClass("productService");
         business.deleteMessage(ids);

src/main/java/cn/cslg/pas/controller/ReportProjectController.java

@@ -1,5 +1,6 @@
 package cn.cslg.pas.controller;
 
+import cn.cslg.pas.common.auth.checkAuth;
 import cn.cslg.pas.common.core.base.Constants;
 import cn.cslg.pas.common.dto.business.EventDTO;
 import cn.cslg.pas.common.dto.business.ReportProjectDTO;
@@ -43,6 +44,7 @@ public class ReportProjectController {
 
     @Operation(summary = "查询报告")
     @PostMapping("/queryReportProject")
+    @checkAuth(FunId = "xiaoshi/report")
     public Response queryPatentProject(@RequestBody StringRequest stringRequest) throws Exception {
         Business business = businessFactory.getClass("reportProjectService");
         Records records = (Records) business.queryMessage(stringRequest);
@@ -52,6 +54,7 @@ public class ReportProjectController {
 
     @Operation(summary = "添加报告")
     @PostMapping("/addReportProject")
+    @checkAuth(FunId = "xiaoshi/report")
     public Response addReportProject(@RequestBody ReportProjectDTO reportProjectDTO) throws Exception {
         if (reportProjectDTO != null) {
             Business business = businessFactory.getClass("reportProjectService");
@@ -75,6 +78,7 @@ public class ReportProjectController {
 
     @Operation(summary = "更新报告")
     @PostMapping("/updateReportProject")
+    @checkAuth(FunId = "xiaoshi/report")
     public Response updatePatentProject(@RequestBody UpdateReportProjectDTO updateReportProjectDTO) throws Exception {
         if (updateReportProjectDTO != null) {
             Business business = businessFactory.getClass("reportProjectService");
@@ -87,6 +91,7 @@ public class ReportProjectController {
 
     @Operation(summary = "删除报告")
     @PostMapping("/deleteReportProject")
+    @checkAuth(FunId = "xiaoshi/report")
     public String deletePatentProject(@RequestBody List<Integer> ids) throws Exception {
         Business business = businessFactory.getClass("reportProjectService");
         business.deleteMessage(ids);
@@ -95,6 +100,7 @@ public class ReportProjectController {
 
     @Operation(summary = "分组报告")
     @PostMapping("/groupReportProject")
+    @checkAuth(FunId = "xiaoshi/report")
     public Response groupPatentProject(@RequestBody StringGroupRequest stringGroupRequest) throws Exception {
         Business business = businessFactory.getClass("reportProjectService");
         Records records = (Records) business.getGroup(stringGroupRequest, "reportProject");
@@ -104,6 +110,7 @@ public class ReportProjectController {
 
     @Operation(summary = "更新是否第二次无效")
     @PostMapping("/updateIfSecondInvalid")
+    @checkAuth(FunId = "xiaoshi/report")
     public Response updateIfSecondInvalid(@RequestBody UpdateIfSecondInvalidDTO updateIfSecondInvalidDTO) throws Exception {
         try {
             reportProjectService.updateIfSecondInvalid(updateIfSecondInvalidDTO);

src/main/java/cn/cslg/pas/service/business/EventService.java

@@ -77,7 +77,8 @@ public class EventService extends ServiceImpl<EventMapper, Event> implements Bus
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
 
        List<String> sqls = formatQueryService.reSqls(queryRequest,"event");
-        //根据sql查询事件信息
+        sqls=this.loadSearchSql(sqls);
+       //根据sql查询事件信息
         List<EventVO> eventVOS = eventMapper.getEvent(sqls.get(0),sqls.get(1),sqls.get(2));
 
         //查询总数
@@ -256,6 +257,7 @@ public class EventService extends ServiceImpl<EventMapper, Event> implements Bus
         StringRequest stringRequest =new StringRequest();
         BeanUtils.copyProperties(groupRequest,stringRequest);
         List<String> sqls = formatQueryService.reSqls(stringRequest,tableName);
+        sqls =this.loadSearchSql(sqls);
         //格式化 分组
         GroupConfig groupConfig=null;
         if (groupRequest.getGroupBy() != null) {
@@ -446,4 +448,23 @@ public List<Integer> getEventIdByName(String value,Boolean ifEqual){
 
 }
 
+
+    //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        Integer tenant_id =personnelVO.getTenantId();
+        String rootSql ="(tenant_id ="+tenant_id+")";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
+
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
+
 }

src/main/java/cn/cslg/pas/service/business/PatentDigProjectService.java

@@ -97,6 +97,7 @@ public class PatentDigProjectService extends ServiceImpl<PatentDigProjectMapper,
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
         List<String> sqls = formatQueryService.reSqls(queryRequest, "patentDigProject");
         //根据sql查询专题库信息
+       sqls = this.loadSearchSql(sqls);
         List<PatentDigProjectVO> patentProjectVOS = patentDigProjectMapper.getPatentDigProject(sqls.get(0), sqls.get(1), sqls.get(2));
         Long total = patentDigProjectMapper.getPatentDigCount(sqls.get(0));
         //装载专利数据库信息
@@ -755,4 +756,22 @@ public class PatentDigProjectService extends ServiceImpl<PatentDigProjectMapper,
 
     }
 
+
+    //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        String id =personnelVO.getId();
+        String rootSql ="(p.create_id ="+id+" or p.head_id="+id+" or p.id in (select project_id from asso_project_person where person_id ="+id+"))";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
+
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
 }

src/main/java/cn/cslg/pas/service/business/PatentProjectService.java

@@ -104,6 +104,7 @@ public class PatentProjectService extends ServiceImpl<PatentProjectMapper, Paten
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
 
         List<String> sqls = formatQueryService.reSqls(queryRequest, "patentProject");
+        sqls =this.loadSearchSql(sqls);
         //根据sql查询专题库信息
         List<PatentProjectVO> patentProjectVOS = patentProjectMapper.getPatentProject(sqls.get(0), sqls.get(1), sqls.get(2));
         Long total = patentProjectMapper.getPatentProjectCount(sqls.get(0));
@@ -192,6 +193,7 @@ public class PatentProjectService extends ServiceImpl<PatentProjectMapper, Paten
         StringRequest stringRequest = new StringRequest();
         BeanUtils.copyProperties(groupRequest, stringRequest);
         List<String> sqls = formatQueryService.reSqls(stringRequest, tableName);
+        sqls=this.loadSearchSql(sqls);
         //格式化 分组
         GroupConfig groupConfig = null;
         if (groupRequest.getGroupBy() != null) {
@@ -867,6 +869,22 @@ public class PatentProjectService extends ServiceImpl<PatentProjectMapper, Paten
         }
 
     }
+    //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        String id =personnelVO.getId();
+        String rootSql ="(p.create_id ="+id+" or p.head_id="+id+" or p.id in (select project_id from asso_project_person where person_id ="+id+"))";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
 
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
 
 }

src/main/java/cn/cslg/pas/service/business/ProductCategoryService.java

@@ -77,6 +77,7 @@ public class ProductCategoryService extends ServiceImpl<ProductCategoryMapper, P
     @Override
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
         List<String> sqls = formatQueryService.reSqls(queryRequest,"productCategory");
+        sqls =this.loadSearchSql(sqls);
         //根据sql查询产品类别信息
         List<ProductCategoryVO> productCategoryVOS = productCategoryMapper.getProductCategory(sqls.get(0),sqls.get(1),sqls.get(2));
         //查询总数
@@ -502,4 +503,27 @@ public class ProductCategoryService extends ServiceImpl<ProductCategoryMapper, P
             productCategoryVO.setAdminIds(adminIds);
         }
     }
+
+    //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        String id =personnelVO.getId();
+        Integer tenantId =personnelVO.getTenantId();
+        String rootSql ="category.create_id="+id+" or(category.show_type =0 and category.tenant ="+tenantId+") or ( category.id in (select product_category_id from asso_product_category_person where" +
+                " person_id="+id+" and role=0)) or (category.show_type=2 and  category.id in (select product_category_id from asso_product_category_person where" +
+                " person_id="+id+" and role=1)) or(category.show_type =3 and category.id not in(select product_category_id from asso_product_category_person where" +
+                " person_id="+id+" and role=2))";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
+
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
+
 }

src/main/java/cn/cslg/pas/service/business/ProductService.java

@@ -70,6 +70,7 @@ public class ProductService extends ServiceImpl<ProductMapper, Product> implemen
     @Transactional(rollbackFor = Exception.class)
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
         List<String> sqls = formatQueryService.reSqls(queryRequest,"product");
+       sqls= this.loadSearchSql(sqls);
         //根据sql查询产品信息
         List<ProductVO> productVOS = productMapper.getProduct(sqls.get(0), sqls.get(1), sqls.get(2));
         //查询总数
@@ -493,4 +494,27 @@ public class ProductService extends ServiceImpl<ProductMapper, Product> implemen
             productVO.setAdminIds(adminIds);
         }
     }
+
+    //装载查询语句
+    //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        String id =personnelVO.getId();
+        Integer tenantId =personnelVO.getTenantId();
+        String rootSql ="product.create_id="+id+" or(product.show_type =0 and product.tenant_id ="+tenantId+") or ( product.id in (select product_id from asso_product_person where" +
+                " person_id="+id+" and role=0)) or (product.show_type=2 and  product.id in (select product_id from asso_product_person where" +
+                " person_id="+id+" and role=1)) or(product.show_type =3 and product.id not in(select product_id from asso_product_person where" +
+                " person_id="+id+" and role=2))";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
+
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
 }

src/main/java/cn/cslg/pas/service/business/ProjectTaskService.java

@@ -238,6 +238,7 @@ public class ProjectTaskService extends ServiceImpl<ProjectTaskMapper, ProjectTa
     @Override
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
         List<String> sqls = formatQueryService.reSqls(queryRequest, "projectTask");
+        sqls=this.loadSearchSql(sqls);
         //根据sql查询任务信息
         List<ProjectTaskVO> projectTaskVOS = projectTaskMapper.getProjectTask(sqls.get(0), sqls.get(1), sqls.get(2));
         //查询总数
@@ -1207,4 +1208,21 @@ public class ProjectTaskService extends ServiceImpl<ProjectTaskMapper, ProjectTa
         }
         return projectTask.getId();
     }
+    //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        String id =personnelVO.getId();
+        String rootSql ="(create_id ="+id+" or handler="+id+")";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
+
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
 }

src/main/java/cn/cslg/pas/service/business/ReportProjectService.java

@@ -106,7 +106,7 @@ public class ReportProjectService extends ServiceImpl<ReportProjectMapper, Repor
     @Transactional(rollbackFor = Exception.class)
     public Object queryMessage(QueryRequest queryRequest) throws Exception {
         List<String> sqls = formatQueryService.reSqls(queryRequest, "reportProject");
-
+             sqls=this.loadSearchSql(sqls);
         //根据sql查询事件信息
         List<ReportProjectVO> reportProject = reportProjectMapper.getReportProject(sqls.get(0), sqls.get(1), sqls.get(2));
         this.loadReportProjectVO(reportProject);
@@ -873,4 +873,21 @@ public class ReportProjectService extends ServiceImpl<ReportProjectMapper, Repor
         return true;
     }
 
+ //装载查询语句
+    private List<String> loadSearchSql(List<String> sqls){
+        PersonnelVO personnelVO =cacheUtils.getLoginUser(loginUtils.getId());
+        String id =personnelVO.getId();
+        String rootSql ="(p.create_id ="+id+" or p.head_id="+id+" or p.id in (select project_id from asso_project_person where person_id ="+id+"))";
+        if(sqls.get(0)!=null&&!sqls.get(0).equals(""))
+        {
+            sqls.set(0,rootSql+" and"+"("+sqls.get(0)+")");
+
+        }
+        else {
+            sqls.set(0,rootSql);
+        }
+
+        return sqls;
+
+    }
 }

src/main/resources/jsons/product.json

@@ -2,7 +2,7 @@
   {"name":"产品Id",
     "type":"Integer",
     "value":"product_id",
-    "field":"id",
+    "field":"product_id",
     "sqlField": "product.id",
     "sqlClass": "getComSql",
     "orderClass": "getComOrder",

src/main/resources/mapper/Event.xml

@@ -21,7 +21,7 @@
         </if>
     </select>
     <select id="getGroups" resultType="cn.cslg.pas.common.vo.GroupReVO">
-        select ${selectField} as value ,count(*) as num from ${tableName}
+        select ${selectField} as value ,count(${selectField}) as num from ${tableName}
         <if test="sqls.get(0)!=''">
             where ${sqls.get(0)}
         </if>
@@ -55,7 +55,7 @@
 
 
     <select id="getEntrustGroup" resultType="cn.cslg.pas.common.vo.EntrustVO">
-        select distinct ${selectField} ,p.id,count(*) as num from ${tableName}
+        select distinct ${selectField} ,p.id,count(distinct p.id ) as num from ${tableName}
         <if test="sqls.get(0)!=''">
             where ${sqls.get(0)}
         </if>