zgty/zt-qms
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix:调整数据权限处理:self为true才允许查询自己的数据,部门id不空才进行部门数据隔离(可看日志权限表达式)

Browse Source
This commit is contained in:
shusir
2026-03-12 14:31:26 +08:00
parent 199dd7715e
commit 4c28b21454
6 changed files with 155 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/core/aspect/QmsPermissionAspect.java
View File

@@ -61,7 +61,8 @@ public class QmsPermissionAspect {
QmsPermission annotation = getAnnotationByJoinPoint(joinPoint); QmsPermission annotation = getAnnotationByJoinPoint(joinPoint);
if(annotation == null) if(annotation == null)
return; return;
QMSPermissionContextHolder.setContext(true, annotation.deptDataRoleCodes(), annotation.moduleDataRoleCodes(), annotation.deptIdColumn(), annotation.userIdColumn(), annotation.custom()); QMSPermissionContextHolder.setContext(true, annotation.deptDataRoleCodes(), annotation.moduleDataRoleCodes(),
annotation.deptIdColumn(), annotation.userIdColumn(), annotation.self(), annotation.custom());
} }
private QmsPermission getAnnotationByJoinPoint(JoinPoint joinPoint) { private QmsPermission getAnnotationByJoinPoint(JoinPoint joinPoint) {

2
zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/core/aspect/annotation/QmsPermission.java
View File

@@ -21,6 +21,8 @@ public @interface QmsPermission {
String userIdColumn() default "CREATOR"; //人员id列 String userIdColumn() default "CREATOR"; //人员id列
boolean self() default false; //是否可查看自己创建的数据
//todo 考虑支持模块自定义扩展。参数传入表达式,通过表达式计算权限 //todo 考虑支持模块自定义扩展。参数传入表达式,通过表达式计算权限
String custom() default ""; String custom() default "";

131
zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/framework/datapermission/QMSMultiDataPermissionHandler.java
View File

File diff suppressed because it is too large Load Diff

14
zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/framework/datapermission/QMSPermissionContextHolder.java
View File

@@ -11,6 +11,7 @@ public class QMSPermissionContextHolder {
private static final ThreadLocal<String> moduleDataRoleCodes = new TransmittableThreadLocal<>(); //模块数据权限 private static final ThreadLocal<String> moduleDataRoleCodes = new TransmittableThreadLocal<>(); //模块数据权限
private static final ThreadLocal<String> deptIdColumn = new TransmittableThreadLocal<>(); //部门id列 private static final ThreadLocal<String> deptIdColumn = new TransmittableThreadLocal<>(); //部门id列
private static final ThreadLocal<String> userIdColumn = new TransmittableThreadLocal<>(); //人员id列 private static final ThreadLocal<String> userIdColumn = new TransmittableThreadLocal<>(); //人员id列
private static final ThreadLocal<Boolean> self = new TransmittableThreadLocal<>();
private static final ThreadLocal<String> custom = new TransmittableThreadLocal<>(); //人员id列 private static final ThreadLocal<String> custom = new TransmittableThreadLocal<>(); //人员id列
public static void setEnable(Boolean ignore) { public static void setEnable(Boolean ignore) {
@@ -21,12 +22,14 @@ public class QMSPermissionContextHolder {
return Boolean.TRUE.equals(enable.get()); return Boolean.TRUE.equals(enable.get());
} }
public static void setContext(boolean enable, String deptDataRoleCode, String moduleDataRoleCode, String deptIdColumn, String userIdColumn, String custom){ public static void setContext(boolean enable, String deptDataRoleCode, String moduleDataRoleCode,
String deptIdColumn, String userIdColumn, Boolean self, String custom){
QMSPermissionContextHolder.setEnable(enable); QMSPermissionContextHolder.setEnable(enable);
QMSPermissionContextHolder.deptDataRoleCodes.set(deptDataRoleCode); QMSPermissionContextHolder.deptDataRoleCodes.set(deptDataRoleCode);
QMSPermissionContextHolder.moduleDataRoleCodes.set(moduleDataRoleCode); QMSPermissionContextHolder.moduleDataRoleCodes.set(moduleDataRoleCode);
QMSPermissionContextHolder.deptIdColumn.set(deptIdColumn); QMSPermissionContextHolder.deptIdColumn.set(deptIdColumn);
QMSPermissionContextHolder.userIdColumn.set(userIdColumn); QMSPermissionContextHolder.userIdColumn.set(userIdColumn);
QMSPermissionContextHolder.self.set(self);
QMSPermissionContextHolder.custom.set(custom); QMSPermissionContextHolder.custom.set(custom);
} }
@@ -62,6 +65,15 @@ public class QMSPermissionContextHolder {
return userIdColumn.get(); return userIdColumn.get();
} }
// 新增 self 的 getter 和 setter
public static void setSelf(Boolean self) {
QMSPermissionContextHolder.self.set(self);
}
public static Boolean getSelf() {
return self.get();
}
public static void setCustom(String custom) { public static void setCustom(String custom) {
QMSPermissionContextHolder.custom.set(custom); QMSPermissionContextHolder.custom.set(custom);
} }

2
zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/resource/material/dal/mapper/MaterialBatchMapper.java
View File

@@ -48,7 +48,7 @@ public interface MaterialBatchMapper extends BaseMapperX<MaterialBatchDO> {
.orderByDesc(MaterialBatchDO::getId)); .orderByDesc(MaterialBatchDO::getId));
} }
// @QmsPermission(deptDataRoleCodes = "ytjyDeptAndSub", moduleDataRoleCodes = "qms_material_manager") @QmsPermission(moduleDataRoleCodes = "ytjyAdmin", deptIdColumn = "ASN_DEPT_ID")
default PageResult<MaterialBatchRespVO> selectPageWithPdtInfo(MaterialBatchPageReqVO reqVO, List<Long> pdtIds) { default PageResult<MaterialBatchRespVO> selectPageWithPdtInfo(MaterialBatchPageReqVO reqVO, List<Long> pdtIds) {
MPJLambdaWrapper<MaterialBatchDO> wrapper = new MPJLambdaWrapperX<MaterialBatchDO>() MPJLambdaWrapper<MaterialBatchDO> wrapper = new MPJLambdaWrapperX<MaterialBatchDO>()

31
zt-module-qms/zt-module-qms-server/src/main/java/com/zt/plat/module/qms/resource/material/service/MaterialBatchServiceImpl.java
View File

@@ -392,21 +392,7 @@ public class MaterialBatchServiceImpl implements MaterialBatchService {
pageResult = materialBatchMapper.selectPageWithPdtInfo(pageReqVO, List.of()); pageResult = materialBatchMapper.selectPageWithPdtInfo(pageReqVO, List.of());
} }
// 查全部 // 给批次设置顶级分类的json配置
if (StrUtil.isEmpty(pageReqVO.getDataType())) {
List<MaterialBatchRespVO> respVOS = pageResult.getList();
if (CollUtil.isNotEmpty(respVOS)) {
List<Long> batIds = respVOS.stream().map(MaterialBatchRespVO::getId).toList();
List<MaterialBatchDO> gongs = materialBatchMapper.selectList(Wrappers.lambdaQuery(MaterialBatchDO.class)
.in(MaterialBatchDO::getParentId, batIds));
if (CollUtil.isNotEmpty(gongs)) {
List<MaterialBatchRespVO> gongRespVOs = gongs.stream().map(gong -> BeanUtils.toBean(gong, MaterialBatchRespVO.class)).toList();
respVOS.addAll(gongRespVOs);
pageResult.setList(respVOS);
}
}
}
if (StrUtil.isEmpty(pageReqVO.getDataType()) || MaterialBatchGongType.batch.name().equals(pageReqVO.getDataType())) { if (StrUtil.isEmpty(pageReqVO.getDataType()) || MaterialBatchGongType.batch.name().equals(pageReqVO.getDataType())) {
List<MaterialBatchRespVO> batches = pageResult.getList(); List<MaterialBatchRespVO> batches = pageResult.getList();
if (CollUtil.isNotEmpty(batches)) { if (CollUtil.isNotEmpty(batches)) {
@@ -428,6 +414,21 @@ public class MaterialBatchServiceImpl implements MaterialBatchService {
} }
} }
// 查全部
if (StrUtil.isEmpty(pageReqVO.getDataType())) {
List<MaterialBatchRespVO> respVOS = pageResult.getList();
if (CollUtil.isNotEmpty(respVOS)) {
List<Long> batIds = respVOS.stream().map(MaterialBatchRespVO::getId).toList();
List<MaterialBatchDO> gongs = materialBatchMapper.selectList(Wrappers.lambdaQuery(MaterialBatchDO.class)
.in(MaterialBatchDO::getParentId, batIds));
if (CollUtil.isNotEmpty(gongs)) {
List<MaterialBatchRespVO> gongRespVOs = gongs.stream().map(gong -> BeanUtils.toBean(gong, MaterialBatchRespVO.class)).toList();
respVOS.addAll(gongRespVOs);
pageResult.setList(respVOS);
}
}
}
// 需要组装children // 需要组装children
if (!MaterialBatchGongType.gong.name().equals(pageReqVO.getDataType()) && pageReqVO.getChildren()) { if (!MaterialBatchGongType.gong.name().equals(pageReqVO.getDataType()) && pageReqVO.getChildren()) {
List<MaterialBatchRespVO> voList = pageResult.getList(); List<MaterialBatchRespVO> voList = pageResult.getList();