fix:存放位置数据权限调整

zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/business/config/controller/vo/ConfigWarehouseLocationPageReqVO.java

@@ -6,6 +6,7 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import com.zt.plat.framework.common.pojo.PageParam;
 import org.springframework.format.annotation.DateTimeFormat;
 import java.time.LocalDateTime;
+import java.util.List;
 import java.util.Set;
 
 import static com.zt.plat.framework.common.util.date.DateUtils.FORMAT_YEAR_MONTH_DAY_HOUR_MINUTE_SECOND;
@@ -64,6 +65,9 @@ public class ConfigWarehouseLocationPageReqVO extends PageParam {
     @Schema(description = "是否为管理员-可查看全部数据")
     private Boolean adminFlag;
 
+    @Schema(description = "有权限的仓库")
+    private List<Long> authorizedWarehouseIds;
+
     @Schema(description = "查询用-权限角色")
     private Set<Long> roleIds;
 

zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/business/config/dal/mapper/ConfigWarehouseLocationMapper.java

@@ -29,6 +29,7 @@ public interface ConfigWarehouseLocationMapper extends BaseMapperX<ConfigWarehou
     default PageResult<ConfigWarehouseLocationRespVO> selectPage(ConfigWarehouseLocationPageReqVO reqVO) {
 
         MPJLambdaWrapperX<ConfigWarehouseLocationDO> wrapper = new MPJLambdaWrapperX<>();
+        Boolean adminFlag = reqVO.getAdminFlag();
         //仓库
         wrapper.leftJoin(ConfigWarehouseLocationParDO.class, ConfigWarehouseLocationParDO::getId, ConfigWarehouseLocationDO::getParentId);
         wrapper.selectAll(ConfigWarehouseLocationDO.class)
@@ -47,19 +48,12 @@ public interface ConfigWarehouseLocationMapper extends BaseMapperX<ConfigWarehou
                 .eqIfPresent(ConfigWarehouseLocationDO::getSystemDepartmentCode, reqVO.getSystemDepartmentCode())
                 .betweenIfPresent(ConfigWarehouseLocationDO::getCreateTime, reqVO.getCreateTime())
                 .eqIfPresent(ConfigWarehouseLocationDO::getRemark, reqVO.getRemark())
-        ;
-        Boolean adminFlag = reqVO.getAdminFlag();
-        // 角色权限 - 使用 exists 子查询
-        if (adminFlag == null || !adminFlag && CollUtil.isNotEmpty(reqVO.getRoleIds())) {
-            String roleIdsStr = reqVO.getRoleIds().stream()
-                    .map(String::valueOf)
-                    .collect(Collectors.joining(","));
-            wrapper.and(wrapper1 ->
-                    wrapper1.exists("SELECT 1 FROM t_cfg_perm WHERE t_cfg_perm.SRC_ID = t.ID AND t_cfg_perm.deleted = 0 AND t_cfg_perm.TGT_ID IN (" + roleIdsStr + ")")
-            );
-        }
-
-        wrapper.orderByDesc(ConfigWarehouseLocationDO::getSortNo);
+                .and(adminFlag == null || !adminFlag && CollUtil.isNotEmpty(reqVO.getAuthorizedWarehouseIds()),
+                        wrapper1 ->
+                                wrapper1.in(ConfigWarehouseLocationDO::getId, reqVO.getAuthorizedWarehouseIds())
+                                        .or()
+                                        .in(ConfigWarehouseLocationParDO::getId, reqVO.getAuthorizedWarehouseIds()))
+                .orderByDesc(ConfigWarehouseLocationDO::getSortNo);
 
         return selectJoinPage(reqVO, ConfigWarehouseLocationRespVO.class, wrapper);
     }

zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/business/config/service/ConfigPermissionService.java

@@ -74,4 +74,11 @@ public interface ConfigPermissionService {
      */
     PageResult<ConfigPermissionDO> getConfigPermissionPage(ConfigPermissionPageReqVO pageReqVO);
 
+    /**
+     * 根据目标id获取权限列表
+     *
+     * @param targetIds 目标id
+     * @return 权限列表
+     */
+    List<ConfigPermissionDO> getPermissionListByTargetIds(List<Long> targetIds);
 }

zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/business/config/service/ConfigPermissionServiceImpl.java

@@ -2,6 +2,7 @@ package com.zt.plat.module.qms.business.config.service;
 
 import cn.hutool.core.collection.CollUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigPermissionPageReqVO;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigPermissionRespVO;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigPermissionSaveReqVO;
@@ -210,4 +211,11 @@ public class ConfigPermissionServiceImpl implements ConfigPermissionService {
         return configPermissionMapper.selectPage(pageReqVO);
     }
 
+    @Override
+    public List<ConfigPermissionDO> getPermissionListByTargetIds(List<Long> targetIds) {
+
+        return configPermissionMapper.selectList(Wrappers.lambdaQuery(ConfigPermissionDO.class)
+                .in(ConfigPermissionDO::getTargetId, targetIds));
+    }
+
 }

zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/business/config/service/ConfigWarehouseLocationServiceImpl.java

@@ -5,11 +5,13 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.zt.plat.framework.common.biz.system.permission.PermissionCommonApi;
 import com.zt.plat.framework.common.pojo.CommonResult;
+import com.zt.plat.framework.mybatis.core.query.LambdaQueryWrapperX;
 import com.zt.plat.framework.security.core.util.SecurityFrameworkUtils;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigPermissionSaveReqVO;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigWarehouseLocationPageReqVO;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigWarehouseLocationRespVO;
 import com.zt.plat.module.qms.business.config.controller.vo.ConfigWarehouseLocationSaveReqVO;
+import com.zt.plat.module.qms.business.config.dal.dataobject.ConfigPermissionDO;
 import com.zt.plat.module.qms.enums.QmsPermissionConstant;
 import com.zt.plat.module.qms.enums.QmsWarehouseLocationConstant;
 import com.zt.plat.module.system.api.permission.PermissionApi;
@@ -184,10 +186,21 @@ public class ConfigWarehouseLocationServiceImpl implements ConfigWarehouseLocati
     @Override
     public PageResult<ConfigWarehouseLocationRespVO> getConfigWarehouseLocationPage(ConfigWarehouseLocationPageReqVO pageReqVO) {
         // 获取当前用户角色
-        CommonResult<Set<Long>> userRoleIds = permissionApi.getUserRoleIdListByUserId(SecurityFrameworkUtils.getLoginUserId());
-        pageReqVO.setRoleIds(userRoleIds.getData());
+        CommonResult<Set<Long>> userRoleIdsRes = permissionApi.getUserRoleIdListByUserId(SecurityFrameworkUtils.getLoginUserId());
+        Set<Long> userRoleIds = userRoleIdsRes.getData();
+        pageReqVO.setRoleIds(userRoleIds);
         CommonResult<Boolean> hasAnyRoles = permissionCommonApi.hasAnyRoles(SecurityFrameworkUtils.getLoginUserId(), QmsPermissionConstant.ADMIN_ROLE);
         pageReqVO.setAdminFlag(hasAnyRoles.getData());
+        if (CollUtil.isNotEmpty(userRoleIds)) {
+            // 先查询有权限的仓库 ID 列表
+            List<ConfigPermissionDO> permissionList = configPermissionService.getPermissionListByTargetIds(new ArrayList<>(userRoleIds));
+
+            if (CollUtil.isNotEmpty(permissionList)) {
+                // 使用 IN 条件查询库位（库位的 parentId 在有权限的仓库 ID 中）
+                List<Long> authorizedWarehouseIds = permissionList.stream().map(ConfigPermissionDO::getSourceId).distinct().toList();
+                pageReqVO.setAuthorizedWarehouseIds(authorizedWarehouseIds);
+            }
+        }
         return configWarehouseLocationMapper.selectPage(pageReqVO);
     }