⚡ 机构管理列表页非超管角色只可看到本级及以下数据

4 years ago · 82a8ddb10b
2 changed files with 19 additions and 4 deletions
--- a/blade-service/blade-system/src/main/java/org/springblade/system/mapper/DeptMapper.xml
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/mapper/DeptMapper.xml
@ -61,7 +61,7 @@
            and dept.tenant_id = #{param1}
        </if>
        <if test="param2!=null">
-            and dept.parent_id = #{param2}
+            and (dept.parent_id = #{param2} or dept.ancestors like concat(concat('%', #{param2}),'%'))
        </if>
        <if test="param3.deptName!=null and param3.deptName!=''">
            and dept.dept_name like concat(concat('%', #{param3.deptName}),'%')
--- a/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/DeptServiceImpl.java
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/DeptServiceImpl.java
@ -24,6 +24,7 @@ import org.springblade.core.tool.constant.BladeConstant;
 import org.springblade.core.tool.node.ForestNodeMerger;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.core.tool.utils.StringPool;
+import org.springblade.system.cache.SysCache;
 import org.springblade.system.entity.Dept;
 import org.springblade.system.mapper.DeptMapper;
 import org.springblade.system.service.IDeptService;
@ -42,19 +43,33 @@ import java.util.stream.Collectors;
@Service
 public class DeptServiceImpl extends ServiceImpl<DeptMapper, Dept> implements IDeptService {

+	private static final String TENANT_ID = "tenantId";
+	private static final String PARENT_ID = "parentId";
+
 	@Override
 	public List<DeptVO> lazyList(String tenantId, Long parentId, Map<String, Object> param) {
+		// 设置租户ID
 		if (AuthUtil.isAdministrator()) {
 			tenantId = StringPool.EMPTY;
 		}
-		String paramTenantId = Func.toStr(param.get("tenantId"));
+		String paramTenantId = Func.toStr(param.get(TENANT_ID));
 		if (Func.isNotEmpty(paramTenantId) && AuthUtil.isAdministrator()) {
 			tenantId = paramTenantId;
 		}
-		if (Func.isEmpty(param.get("parentId")) && param.size() == 1) {
+		// 判断点击搜索但是没有查询条件的情况
+		if (Func.isEmpty(param.get(PARENT_ID)) && param.size() == 1) {
 			parentId = 0L;
 		}
-		if (Func.isEmpty(param.get("parentId")) && param.size() > 1) {
+		// 判断数据权限控制,非超管角色只可看到本级及以下数据
+		if (Func.toLong(parentId) == 0L && !AuthUtil.isAdministrator()) {
+			Long deptId = Func.firstLong(AuthUtil.getDeptId());
+			Dept dept = SysCache.getDept(deptId);
+			if (dept.getParentId() != 0) {
+				parentId = dept.getParentId();
+			}
+		}
+		// 判断点击搜索带有查询条件的情况
+		if (Func.isEmpty(param.get(PARENT_ID)) && param.size() > 1 && Func.toLong(parentId) == 0L) {
 			parentId = null;
 		}
 		return baseMapper.lazyList(tenantId, parentId, param);