加入权限判断

1301bb61 · liulianglang · 69d50f54 · 1301bb61 · 1301bb61 · 1301bb61
Commit 1301bb61 authored Jul 07, 2023 by liulianglang
6 changed files
--- a/src/main/java/org/springblade/founder/tjfx/controller/AjTjController.java
+++ b/src/main/java/org/springblade/founder/tjfx/controller/AjTjController.java
@@ -3,13 +3,17 @@ package org.springblade.founder.tjfx.controller;
 import com.alibaba.excel.EasyExcel;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.codec.Charsets;
+import org.springblade.core.secure.utils.SecureUtil;
 import org.springblade.founder.tjfx.entity.*;
+import org.springblade.founder.tjfx.mapper.AjtjMapper;
 import org.springblade.founder.tjfx.service.AjtjService;
 import org.springblade.founder.utils.R;
 import org.springblade.founder.utils.Utils;
+import org.springblade.modules.system.entity.XzxtUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
+import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -23,7 +27,8 @@ public class AjTjController {
 	@Autowired
 	private AjtjService ajtjService;
+	@Resource
+	private AjtjMapper ajtjMapper;
 	@PostMapping("/getFapafyuest")
 	@ApiOperation(value = "各月份立破案分月走势图", notes = "各月份立破案分月走势图")
 	public R getFapafyuest(AjtjParam ajtjParam){
@@ -324,7 +329,9 @@ public class AjTjController {
 		ajtjParam.setPage(1);
 		ajtjParam.setLimit(10000);
 		Utils.setOraclePageParams(ajtjParam);
-		ajtjParam.setUnitcode("");  //只导出可看的数据
+//		ajtjParam.setUnitcode("");  //只导出可看的数据
+		ajtjParam.setUnitcode(ajtjService.pdUnit(ajtjParam.getUnitcode()));
 		List<TbStAsj> list = ajtjService.getFaList(ajtjParam);
 		response.setContentType("application/vnd.ms-excel");
 		response.setCharacterEncoding(Charsets.UTF_8.name());

--- a/src/main/java/org/springblade/founder/tjfx/controller/TjfxController.java
+++ b/src/main/java/org/springblade/founder/tjfx/controller/TjfxController.java
@@ -838,7 +838,9 @@ public class TjfxController {
 		ajtjParam.setPage(1);
 		ajtjParam.setLimit(10000);
 		Utils.setOraclePageParams(ajtjParam);
-		ajtjParam.setUnitcode("");  //只导出可看的数据
+//		ajtjParam.setUnitcode("");  //只导出可看的数据
+		ajtjParam.setUnitcode(ajtjService.pdUnit(ajtjParam.getUnitcode()));
 		ajtjService.setDwxx(ajtjParam);
 		List<TbStAsj> list = tjfxService.getExportFats(ajtjParam);
 		response.setContentType("application/vnd.ms-excel");

--- a/src/main/java/org/springblade/founder/tjfx/mapper/AjtjMapper.java
+++ b/src/main/java/org/springblade/founder/tjfx/mapper/AjtjMapper.java
@@ -89,4 +89,11 @@ public interface AjtjMapper {
 	List<String> getDwdmList(Map<String, Object> map);
 	String getCodeByGrade(@Param("unitcode") String unitcode, @Param("codename") String codename);
+	String getTwoUnitLevel(@Param(value = "code") String code);
+	int queryChildOrNot(@Param(value = "code") String code, @Param(value = "codeLevCol") String codeLevCol, @Param(value = "unitCode") String unitCode);
+	//根据code获取该用户市级的单位
+	String getDUnitcode(@Param(value = "code") String code);
 }
--- a/src/main/java/org/springblade/founder/tjfx/mapper/AjtjMapper.xml
+++ b/src/main/java/org/springblade/founder/tjfx/mapper/AjtjMapper.xml
@@ -840,7 +840,35 @@ from tb_st_asj asj where asj.xxsc_pdbz='0'
    <select id="getCodeByGrade" resultType="java.lang.String">
        select ${codename} from sys_dictitem_xz where CODE = #{unitcode}
    </select>
+    <!-- 获取单位级别 -->
+    <select id="getTwoUnitLevel" parameterType="string" resultType="String">
+        SELECT
+            LEV
+        FROM
+            sys_dictitem_xz
+        WHERE
+            CODE = #{code}
+    </select>
+    <!-- 查询是否是子集 -->
+    <select id="queryChildOrNot" parameterType="string" resultType="int">
+        SELECT
+            COUNT(1)
+        FROM
+            sys_dictitem_xz
+        WHERE
+            CODE = #{code}
+            AND ${codeLevCol} = #{unitCode}
+    </select>
+    <!-- 获取市级别单位 -->
+    <select id="getDUnitcode" resultType="string" parameterType="string">
+        SELECT
+            CODE_LEV2
+        FROM
+            sys_dictitem_xz
+        WHERE
+            code = #{code}
+    </select>
    <sql id="aj-condition">

--- a/src/main/java/org/springblade/founder/tjfx/service/AjtjService.java
+++ b/src/main/java/org/springblade/founder/tjfx/service/AjtjService.java
@@ -85,6 +85,6 @@ public interface AjtjService {
 	int getZaryListCount(AjtjParam ajtjParam);
 	List<TbXwZbfzxyr>  getZaryList(AjtjParam ajtjParam);
 	public AjtjParam setDwxx(AjtjParam ajtjParam);
+	String pdUnit(String cxunitcode);
 	DwXnpgTj getDwTjFx(Map<String, Object> paramMap);
 }
--- a/src/main/java/org/springblade/founder/tjfx/service/impl/AjtjServiceImpl.java
+++ b/src/main/java/org/springblade/founder/tjfx/service/impl/AjtjServiceImpl.java
@@ -1230,6 +1230,88 @@ public class AjtjServiceImpl implements AjtjService {
 		}
 	}
+	@Override
+	public  String pdUnit (String cxunitcode){
+		XzxtUser xzxtUser = SecureUtil.getUserXzxt();
+		String dwUnitCode = xzxtUser.getUnitcode(); //当前单位代码
+		String userGrade = xzxtUser.getGrade(); //用户等级
+		int a = 0;
+		int unitLev = Integer.valueOf(ajtjMapper.getTwoUnitLevel(dwUnitCode)).intValue(); //所属单位等级
+		if(unitLev == 1){ //如果所属单位是1，那么就是S
+			userGrade = "S";
+			System.out.println("判断所属单位等级是1");
+		}else if(unitLev == 2 && !"S".equals(userGrade)){  //如果所属单位是2，需要判断用户等级
+			userGrade = "D";
+			System.out.println("判断所属单位等级是2");
+		}else if(unitLev == 3 && !"S".equals(userGrade) && !"D".equals(userGrade)){
+			userGrade = "X";
+			System.out.println("判断所属单位等级是3");
+		}
+		System.out.println("经过判断后获取的用户等级" + userGrade);
+		if("S".equals(userGrade)){
+			dwUnitCode = "460000000000";
+		}else if("D".equals(userGrade)){
+			dwUnitCode = ajtjMapper.getDUnitcode(dwUnitCode);
+			System.out.println("如果判断是等于D" + dwUnitCode);
+		}
+		int judgeValue = judgeDataAuthority(a, userGrade, dwUnitCode, cxunitcode);
+		if(judgeValue < 0){
+			return "";
+		}else if(judgeValue > 0){
+			return xzxtUser.getUnitcode();
+		}else{
+			return cxunitcode;
+		}
+	}
+	//判断当前用户是否有权限查询所选单位的数据
+	//返回值说明（-1：无权查看，0：可以查看所有数据、不需要额外判断，1：可以查看数据、但是说明所选单位的级别更高、需要另行判断）
+	private int judgeDataAuthority(int allAuthority, String grade, String userUnit, String chooseSsdw){
+		if(allAuthority > 0){ //如果有全部数据的权限，就可以看
+			return 0;
+		}else{
+			//如果没有，需要判断当前单位是否可以查看所选择单位的数据
+			//判断当前登录者是否是省级用户，有最高权限，可以查看数据
+			if("S".equals(grade)){
+				return 0;
+			}else{
+				//如果不是，则判断查询的所属单位等级与当前单位等级是否相等
+				int unitLev = Integer.valueOf(ajtjMapper.getTwoUnitLevel(userUnit)).intValue();
+				int chooseLev = Integer.valueOf(ajtjMapper.getTwoUnitLevel(chooseSsdw)).intValue();
+				int differenceValue = unitLev - chooseLev;
+				if(differenceValue < 0){
+					//小于0说明当前登录者所在单位的级别更高，查询当前查询单位是否是当前登录者所在的单位的下属
+					int a = ajtjMapper.queryChildOrNot(chooseSsdw, "CODE_LEV" + unitLev, userUnit);
+					if(a > 0){
+						//大于0，说明是当前登录单位的子集，可以查看其数据
+						return 0;
+					}else{
+						//否则，说明不是当前登录单位的子集，无权查看查询单位的数据
+						return -1;
+					}
+				}else if(differenceValue == 0){
+					//等于0说明当前登录者所在单位的级别与查询的级别相等，可以查看其数据
+					if(chooseSsdw.equals(userUnit)){
+						return 0;
+					}
+					//否则无权查看查询单位的数据
+					return -1;
+				}else{
+					//大于0说明查询单位的级别更高,需要判断当前登录单位是否为查询单位的子集
+					int a = ajtjMapper.queryChildOrNot(userUnit, "CODE_LEV" + chooseLev, chooseSsdw);
+					if(a > 0){
+						//如果大于0，说明是子集，但是只能查看当前单位起始的数据
+						return 1;
+					}else{
+						//否则，说明当前登录单位不是所选择单位的子集，无权查看查询单位的数据
+						return -1;
+					}
+				}
+			}
+		}
+	}
 	@Override
 	public DwXnpgTj getDwTjFx(Map<String, Object> paramMap) {