Skip to content

H
hg-smart
Commit 78e49860 by 宋祥
Options

1.数据权限开发,SQL注入

parent 2f5f49d1
Showing with 453 additions and 111 deletions
src/main/java/com/baosight/hggp/core/security/UserSessionUtils.java
......@@ -109,7 +109,7 @@ public class UserSessionUtils extends UserSession {
}
/**
* *获取登录用户所有角色
* 获取登录用户所有角色
*
* @return
*/
......@@ -118,7 +118,7 @@ public class UserSessionUtils extends UserSession {
}
/**
* *获取登录用户所有角色的公司列表
* 获取登录用户所有角色的公司列表
*
* @return
*/
......@@ -135,7 +135,7 @@ public class UserSessionUtils extends UserSession {
}
/**
* *获取指定公司的部门列表
* 获取指定公司的部门列表
*
* @return
*/
......@@ -148,7 +148,7 @@ public class UserSessionUtils extends UserSession {
}
/**
* *获取指定公司的人员列表
* 获取指定公司的人员列表
*
* @return
*/
......
src/main/java/com/baosight/hggp/hg/sj/sql/HGSJ001.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sqlMap PUBLIC "-//ibatis.apache.org//DTD SQL Map 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-2.dtd">
<!-- table information
Generate time : 2024-05-05 21:45:00
Version : 1.0
schema : hpjx
tableName : HGPZ001
ID BIGINT NOT NULL primarykey,
COMPANY_CODE VARCHAR,
DEP_CODE VARCHAR,
CREATED_BY VARCHAR,
CREATED_NAME VARCHAR,
CREATED_TIME VARCHAR,
UPDATED_BY VARCHAR,
UPDATED_NAME VARCHAR,
UPDATED_TIME VARCHAR,
DELETE_FLAG TINYINT,
FACTORY_CODE VARCHAR,
FACTORY_NAME VARCHAR,
PROCESS_CODE VARCHAR,
PROCESS_NAME VARCHAR,
UNIT VARCHAR,
STANDARD_JOB DECIMAL,
STANDARD_DAYS DECIMAL,
STANDARD_NUM DECIMAL,
PRINC VARCHAR,
STATUS TINYINT
-->
<!DOCTYPE sqlMap PUBLIC "-//iBATIS.com//DTD SQL Map 2.0//EN" "http://www.ibatis.com/dtd/sql-map-2.dtd">
<sqlMap namespace="HGSJ001">
<sql id="column">
......@@ -51,7 +25,28 @@
STATUS as "status" <!-- 状态0.启用1.停止 -->
</sql>
<sql id="authCondition">
<!-- 无权限时使用 -->
<isNotEmpty prepend=" AND " property="authDepCode">
DEP_CODE = #authDepCode#
</isNotEmpty>
<!-- 仅本人和部门组合 -->
<isEqual prepend=" AND " property="authCombination" compareValue="1">
(CREATED_BY = #authOnlyPeople# OR DEP_CODE IN <iterate close=")" open="(" conjunction="," property="authDepCodes">#authDepCodes[]#</iterate>)
</isEqual>
<!-- 仅本人或部门 -->
<isNotEqual prepend=" AND " property="authCombination" compareValue="1">
<isNotEmpty property="authOnlyPeople">
CREATED_BY = #authOnlyPeople#
</isNotEmpty>
<isNotEmpty property="authDepCodes">
DEP_CODE IN <iterate close=")" open="(" conjunction="," property="authDepCodes">#authDepCodes[]#</iterate>
</isNotEmpty>
</isNotEqual>
</sql>
<sql id="condition">
<include refid="authCondition"/>
<isNotEmpty prepend=" AND " property="id">
ID = #id#
</isNotEmpty>
......@@ -117,7 +112,7 @@
<select id="query" parameterClass="java.util.HashMap"
resultClass="com.baosight.hggp.hg.sj.domain.HGSJ001">
SELECT
<include refid="column"/>
<include refid="column"/>
FROM ${hggpSchema}.HGGY001 WHERE 1=1
<include refid="condition" />
<dynamic prepend="ORDER BY">
......
src/main/java/com/baosight/hggp/hg/xs/domain/Company.java
package com.baosight.hggp.hg.xs.domain;
import com.baosight.iplat4j.core.data.DaoEPBase;
import com.baosight.iplat4j.core.ei.EiColumn;
import com.baosight.iplat4j.core.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* @author:songx
* @date:2024/5/8,13:47
*/
public class Company {
public class Company extends DaoEPBase {
public static final String FIELD_COMPANY_CODE = "companyCode"; /* 公司编码*/
public static final String FIELD_COMPANY_NAME = "companyName"; /* 公司名称*/
......@@ -12,17 +19,38 @@ public class Company {
/**
* 公司编码
*/
private String companyCode;
private String companyCode = "";
/**
* 公司名称
*/
private String companyName;
private String companyName = "";
/**
* initialize the metadata.
*/
public void initMetaData() {
EiColumn eiColumn;
eiColumn = new EiColumn(FIELD_COMPANY_CODE);
eiColumn.setDescName("公司编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_COMPANY_NAME);
eiColumn.setDescName("公司名称");
eiMetadata.addMeta(eiColumn);
}
/**
* the constructor.
*/
public Company() {
initMetaData();
}
public Company(String companyCode, String companyName) {
initMetaData();
this.companyCode = companyCode;
this.companyName = companyName;
}
......@@ -42,4 +70,29 @@ public class Company {
public void setCompanyName(String companyName) {
this.companyName = companyName;
}
/**
* get the value from Map.
*
* @param map - source data map
*/
@Override
public void fromMap(Map map) {
setCompanyCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_COMPANY_CODE)), companyCode));
setCompanyName(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_COMPANY_NAME)), companyName));
}
/**
* set the value to Map.
*/
@Override
public Map toMap() {
Map map = new HashMap();
map.put(FIELD_COMPANY_CODE, StringUtils.toString(companyCode, eiMetadata.getMeta(FIELD_COMPANY_CODE)));
map.put(FIELD_COMPANY_NAME, StringUtils.toString(companyName, eiMetadata.getMeta(FIELD_COMPANY_NAME)));
return map;
}
}
src/main/java/com/baosight/hggp/hg/xs/domain/Dept.java
package com.baosight.hggp.hg.xs.domain;
import com.baosight.iplat4j.core.data.DaoEPBase;
import com.baosight.iplat4j.core.ei.EiColumn;
import com.baosight.iplat4j.core.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* @author:songx
* @date:2024/5/8,13:47
*/
public class Dept {
public class Dept extends DaoEPBase {
public static final String FIELD_DEP_CODE = "depCode"; /* 部门编码*/
public static final String FIELD_DEP_NAME = "depName"; /* 部门名称*/
/**
* 部门编码
......@@ -16,6 +26,22 @@ public class Dept {
*/
private String depName;
/**
* initialize the metadata.
*/
public void initMetaData() {
EiColumn eiColumn;
eiColumn = new EiColumn(FIELD_DEP_CODE);
eiColumn.setDescName("部门编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_DEP_NAME);
eiColumn.setDescName("部门名称");
eiMetadata.addMeta(eiColumn);
}
public Dept() {
}
......@@ -39,4 +65,29 @@ public class Dept {
public void setDeptName(String depName) {
this.depName = depName;
}
/**
* get the value from Map.
*
* @param map - source data map
*/
@Override
public void fromMap(Map map) {
setDepCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DEP_CODE)), depCode));
setDeptName(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DEP_NAME)), depName));
}
/**
* set the value to Map.
*/
@Override
public Map toMap() {
Map map = new HashMap();
map.put(FIELD_DEP_CODE, StringUtils.toString(depCode, eiMetadata.getMeta(FIELD_DEP_CODE)));
map.put(FIELD_DEP_NAME, StringUtils.toString(depName, eiMetadata.getMeta(FIELD_DEP_NAME)));
return map;
}
}
src/main/java/com/baosight/hggp/hg/xs/domain/Factory.java
package com.baosight.hggp.hg.xs.domain;
import com.baosight.iplat4j.core.data.DaoEPBase;
import com.baosight.iplat4j.core.ei.EiColumn;
import com.baosight.iplat4j.core.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* @author:songx
* @date:2024/5/8,13:47
*/
public class Factory {
public class Factory extends DaoEPBase {
public static final String FIELD_FACTORY_CODE = "factoryCode"; /* 部门编码*/
public static final String FIELD_FACTORY_NAME = "factoryName"; /* 部门名称*/
/**
* 厂区编码
......@@ -16,6 +26,32 @@ public class Factory {
*/
private String factoryName;
/**
* initialize the metadata.
*/
public void initMetaData() {
EiColumn eiColumn;
eiColumn = new EiColumn(FIELD_FACTORY_CODE);
eiColumn.setDescName("厂区编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_FACTORY_NAME);
eiColumn.setDescName("厂区名称");
eiMetadata.addMeta(eiColumn);
}
public Factory() {
initMetaData();
}
public Factory(String factoryCode, String factoryName) {
initMetaData();
this.factoryCode = factoryCode;
this.factoryName = factoryName;
}
public String getFactoryCode() {
return factoryCode;
}
......@@ -31,4 +67,29 @@ public class Factory {
public void setFactoryName(String factoryName) {
this.factoryName = factoryName;
}
/**
* get the value from Map.
*
* @param map - source data map
*/
@Override
public void fromMap(Map map) {
setFactoryCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_FACTORY_CODE)), factoryCode));
setFactoryName(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_FACTORY_NAME)), factoryName));
}
/**
* set the value to Map.
*/
@Override
public Map toMap() {
Map map = new HashMap();
map.put(FIELD_FACTORY_CODE, StringUtils.toString(factoryCode, eiMetadata.getMeta(FIELD_FACTORY_CODE)));
map.put(FIELD_FACTORY_NAME, StringUtils.toString(factoryName, eiMetadata.getMeta(FIELD_FACTORY_NAME)));
return map;
}
}
src/main/java/com/baosight/hggp/hg/xs/domain/UserGroup.java
package com.baosight.hggp.hg.xs.domain;
import java.io.Serializable;
import com.baosight.iplat4j.core.data.DaoEPBase;
import com.baosight.iplat4j.core.ei.EiColumn;
import com.baosight.iplat4j.core.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* @author:songx
* @date:2024/1/15,14:50
*/
public class UserGroup implements Serializable {
public static final String FIELD_ID = "id"; /* ID*/
public static final String FIELD_GROUP_ENAME = "groupEname"; /* 群组英文名*/
public static final String FIELD_GROUP_CNAME = "groupCname"; /* 群组中文名*/
public static final String FIELD_ACCOUNT_CODE = "accountCode"; /* 帐套编码*/
public static final String FIELD_DATA_AUTH_TYPE = "dataAuthType"; /* 数据权限类型*/
public static final String FIELD_DEP_CODE = "depCode"; /* 部门编码*/
public static final String FIELD_FACTORY_CODE = "factoryCode"; /* 厂区编码*/
public static final String FIELD_COMPANY_CODE = "companyCode"; /* 公司编码*/
public static final String FIELD_USER_ID = "userId"; /* 用户ID*/
public class UserGroup extends DaoEPBase {
public static final String FIELD_ID = "id"; /* ID*/
public static final String FIELD_GROUP_ENAME = "groupEname"; /* 群组英文名*/
public static final String FIELD_GROUP_CNAME = "groupCname"; /* 群组中文名*/
public static final String FIELD_ACCOUNT_CODE = "accountCode"; /* 帐套编码*/
public static final String FIELD_DATA_AUTH_TYPE = "dataAuthType"; /* 数据权限类型*/
public static final String FIELD_DEP_CODE = "depCode"; /* 部门编码*/
public static final String FIELD_FACTORY_CODE = "factoryCode"; /* 厂区编码*/
public static final String FIELD_COMPANY_CODE = "companyCode"; /* 公司编码*/
public static final String FIELD_USER_ID = "userId"; /* 用户ID*/
/**
* ID
......@@ -63,6 +68,55 @@ public class UserGroup implements Serializable {
*/
private String userId;
/**
* initialize the metadata.
*/
public void initMetaData() {
EiColumn eiColumn;
eiColumn = new EiColumn(FIELD_ID);
eiColumn.setDescName("ID");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_GROUP_ENAME);
eiColumn.setDescName("群组英文名");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_GROUP_CNAME);
eiColumn.setDescName("群组中文名");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_ACCOUNT_CODE);
eiColumn.setDescName("帐套编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_DATA_AUTH_TYPE);
eiColumn.setDescName("数据权限类型");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_DEP_CODE);
eiColumn.setDescName("公司编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_FACTORY_CODE);
eiColumn.setDescName("厂区编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_COMPANY_CODE);
eiColumn.setDescName("公司编码");
eiMetadata.addMeta(eiColumn);
eiColumn = new EiColumn(FIELD_USER_ID);
eiColumn.setDescName("用户ID");
eiMetadata.addMeta(eiColumn);
}
public UserGroup() {
initMetaData();
}
public String getId() {
return id;
}
......@@ -134,4 +188,43 @@ public class UserGroup implements Serializable {
public void setUserId(String userId) {
this.userId = userId;
}
/**
* get the value from Map.
*
* @param map - source data map
*/
@Override
public void fromMap(Map map) {
setId(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_ID)), id));
setGroupEname(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_GROUP_ENAME)), groupEname));
setGroupCname(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_GROUP_CNAME)), groupCname));
setAccountCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_ACCOUNT_CODE)), accountCode));
setDataAuthType(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DATA_AUTH_TYPE)), dataAuthType));
setFactoryCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_FACTORY_CODE)), factoryCode));
setDepCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DEP_CODE)), depCode));
setCompanyCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_COMPANY_CODE)), companyCode));
setUserId(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_USER_ID)), userId));
}
/**
* set the value to Map.
*/
@Override
public Map toMap() {
Map map = new HashMap();
map.put(FIELD_ID, StringUtils.toString(id, eiMetadata.getMeta(FIELD_ID)));
map.put(FIELD_GROUP_ENAME, StringUtils.toString(groupEname, eiMetadata.getMeta(FIELD_GROUP_ENAME)));
map.put(FIELD_GROUP_CNAME, StringUtils.toString(groupCname, eiMetadata.getMeta(FIELD_GROUP_CNAME)));
map.put(FIELD_ACCOUNT_CODE, StringUtils.toString(accountCode, eiMetadata.getMeta(FIELD_ACCOUNT_CODE)));
map.put(FIELD_DATA_AUTH_TYPE, StringUtils.toString(dataAuthType, eiMetadata.getMeta(FIELD_DATA_AUTH_TYPE)));
map.put(FIELD_FACTORY_CODE, StringUtils.toString(factoryCode, eiMetadata.getMeta(FIELD_FACTORY_CODE)));
map.put(FIELD_DEP_CODE, StringUtils.toString(depCode, eiMetadata.getMeta(FIELD_DEP_CODE)));
map.put(FIELD_COMPANY_CODE, StringUtils.toString(companyCode, eiMetadata.getMeta(FIELD_COMPANY_CODE)));
map.put(FIELD_USER_ID, StringUtils.toString(userId, eiMetadata.getMeta(FIELD_USER_ID)));
return map;
}
}
src/main/java/com/baosight/hggp/hg/xs/tools/HGXSTools.java
......@@ -212,40 +212,6 @@ public class HGXSTools {
return results.stream().collect(Collectors.groupingBy(UserGroup::getUserId));
}
/**
* 设置项目信息
*
* @param inInfo
*/
public static void setIsManager(EiInfo inInfo) {
List<Map> resultRows = inInfo.getBlock(EiConstant.resultBlock).getRows();
List<String> userIds = ObjectUtils.listKey(resultRows, User.FIELD_USER_ID);
Map<String, List<UserGroup>> resultMap = mapByUser(userIds);
if (MapUtils.isEmpty(resultMap)) {
return;
}
for (Map resultRow : resultRows) {
String userId = MapUtils.getString(resultRow, User.FIELD_USER_ID);
List<UserGroup> dbUserGroups = resultMap.get(userId);
setIsManager(resultRow, dbUserGroups);
}
}
/**
* 设置项目信息
*
* @param resultRow
* @param dbUserGroups
*/
private static void setIsManager(Map resultRow, List<UserGroup> dbUserGroups) {
if (CollectionUtils.isEmpty(dbUserGroups)) {
resultRow.put("isManager", CommonConstant.YesNo.NO_0);
return;
}
boolean companyManageExists = dbUserGroups.stream().map(UserGroup::getGroupEname).anyMatch(item ->
CommonConstant.Field.COMPANY_MANAGE.equals(item));
resultRow.put("isManager", companyManageExists ? CommonConstant.YesNo.YES_1 : CommonConstant.YesNo.NO_0);
}
}
/**
......
src/main/java/com/baosight/hggp/hg/xs/utils/HGXSUtils.java 0 → 100644
package com.baosight.hggp.hg.xs.utils;
import com.baosight.hggp.core.constant.CommonConstant;
import com.baosight.hggp.hg.xs.domain.Org;
import com.baosight.hggp.hg.xs.domain.User;
import com.baosight.hggp.hg.xs.domain.UserGroup;
import com.baosight.hggp.hg.xs.tools.HGXSTools;
import com.baosight.hggp.util.MapUtils;
import com.baosight.hggp.util.ObjectUtils;
import com.baosight.iplat4j.core.ei.EiConstant;
import com.baosight.iplat4j.core.ei.EiInfo;
import org.apache.commons.collections.CollectionUtils;
import java.util.List;
import java.util.Map;
/**
* @author:songx
* @date:2024/5/8,17:45
*/
public class HGXSUtils {
/**
* 用户组
*
* @author:songx
* @date:2024/5/7,16:27
*/
public static class XsUserGroup {
/**
* 设置管理员信息
*
* @param inInfo
*/
public static void setIsManager(EiInfo inInfo) {
List<Map> resultRows = inInfo.getBlock(EiConstant.resultBlock).getRows();
List<String> userIds = ObjectUtils.listKey(resultRows, User.FIELD_USER_ID);
Map<String, List<UserGroup>> resultMap = HGXSTools.XsUserGroup.mapByUser(userIds);
if (MapUtils.isEmpty(resultMap)) {
return;
}
for (Map resultRow : resultRows) {
String userId = MapUtils.getString(resultRow, User.FIELD_USER_ID);
List<UserGroup> dbUserGroups = resultMap.get(userId);
setIsManager(resultRow, dbUserGroups);
}
}
/**
* 设置项目信息
*
* @param resultRow
* @param dbUserGroups
*/
private static void setIsManager(Map resultRow, List<UserGroup> dbUserGroups) {
if (CollectionUtils.isEmpty(dbUserGroups)) {
resultRow.put("isManager", CommonConstant.YesNo.NO_0);
return;
}
boolean companyManageExists = dbUserGroups.stream().map(UserGroup::getGroupEname).anyMatch(item ->
CommonConstant.Field.COMPANY_MANAGE.equals(item));
resultRow.put("isManager", companyManageExists ? CommonConstant.YesNo.YES_1 : CommonConstant.YesNo.NO_0);
}
}
/**
* 组织机构
*
* @author:songx
* @date:2024/5/7,16:27
*/
public static class XsOrg {
/**
* 设置组织信息
*
* @param inInfo
* @param codeKey
* @param valueKey
*/
public static void setInfo(EiInfo inInfo, String codeKey, String valueKey) {
List<Map> resultRows = inInfo.getBlock(EiConstant.resultBlock).getRows();
List<String> orgIds = ObjectUtils.listKey(resultRows, codeKey);
Map<String, Org> resultMap = HGXSTools.XsOrg.map(orgIds);
if (MapUtils.isEmpty(resultMap)) {
return;
}
for (Map resultRow : resultRows) {
String userId = MapUtils.getString(resultRow, codeKey);
Org dbOrg = resultMap.get(userId);
resultRow.put(valueKey, dbOrg == null ? "" : dbOrg.getOrgCname());
}
}
}
}
src/main/java/com/baosight/iplat4j/core/data/ibatis/dao/SqlMapDaoLogProxy.java
......@@ -210,7 +210,7 @@ public class SqlMapDaoLogProxy extends SqlMapDao {
return;
}
String authEnable = PlatApplicationContext.getProperty("iplat4j.page.auth.enable");
if (StringUtils.isNotBlank(authEnable) && "0".equals(authEnable)) {
if (StringUtils.isNotBlank(authEnable) && CommonConstant.YesNo.NO_0.equals(authEnable)) {
return;
}
// 当前用户所有角色
......@@ -228,10 +228,11 @@ public class SqlMapDaoLogProxy extends SqlMapDao {
*/
private void buildDataAuth(List<UserGroup> userGroups, Object parameters) {
List<String> depCodes = new ArrayList<>();
boolean onlyPeople = false;
for (UserGroup userGroup : userGroups) {
String dataAuthType = userGroup.getDataAuthType();
if (DataAuthTypeEnum.ONLY_PEOPLE.getCode().equals(dataAuthType)) {
((Map) parameters).put("authOnlyPeople", CommonConstant.YesNo.YES_1);
onlyPeople = true;
} else {
List<String> depAuths = buildDepCondition(userGroup);
if (CollectionUtils.isNotEmpty(depAuths)) {
......@@ -239,13 +240,23 @@ public class SqlMapDaoLogProxy extends SqlMapDao {
}
}
}
// 无权限
if (!onlyPeople && CollectionUtils.isEmpty(depCodes)) {
((Map) parameters).put("authDepCode", DataAuthTypeEnum.NO_AUTH.getCode());
return;
}
// 组合权限
if (onlyPeople && CollectionUtils.isNotEmpty(depCodes)) {
((Map) parameters).put("authCombination", CommonConstant.YesNo.YES_1);
}
// 仅本人
if (onlyPeople) {
((Map) parameters).put("authOnlyPeople", UserSessionUtils.getLoginName());
}
// 去除重复数据
if (CollectionUtils.isEmpty(depCodes)) {
depCodes.add(DataAuthTypeEnum.NO_AUTH.getCode());
} else {
depCodes = depCodes.stream().distinct().collect(Collectors.toList());
if (CollectionUtils.isNotEmpty(depCodes)) {
((Map) parameters).put("authDepCodes", depCodes.stream().distinct().collect(Collectors.toList()));
}
((Map) parameters).put("authDepCodes", depCodes);
}
/**
......
src/main/java/com/baosight/xservices/xs/service/ServiceXS3001.java
......@@ -2,6 +2,7 @@ package com.baosight.xservices.xs.service;
import com.baosight.hggp.core.security.UserSessionUtils;
import com.baosight.hggp.hg.xs.tools.HGXSTools;
import com.baosight.hggp.hg.xs.utils.HGXSUtils;
import com.baosight.iplat4j.core.cache.CacheManager;
import com.baosight.iplat4j.core.ei.EiBlock;
import com.baosight.iplat4j.core.ei.EiConstant;
......@@ -54,7 +55,7 @@ public class ServiceXS3001 extends ServiceEPBase {
}
EiInfo outInfo = super.query(inInfo, "XS01.query", new XS01());
// 用户是否管理员
HGXSTools.XsUserGroup.setIsManager(outInfo);
HGXSUtils.XsUserGroup.setIsManager(outInfo);
return outInfo;
}
......
src/main/java/com/baosight/xservices/xs/service/ServiceXS3002.java
......@@ -5,7 +5,10 @@ import com.baosight.hggp.core.enums.OrgTypeEnum;
import com.baosight.hggp.core.security.UserSessionUtils;
import com.baosight.hggp.hg.pz.domain.HGPZ009;
import com.baosight.hggp.hg.pz.tools.HGPZTools;
import com.baosight.hggp.hg.xs.tools.HGXSTools;
import com.baosight.hggp.hg.xs.domain.Company;
import com.baosight.hggp.hg.xs.domain.Dept;
import com.baosight.hggp.hg.xs.domain.Factory;
import com.baosight.hggp.hg.xs.utils.HGXSUtils;
import com.baosight.hggp.util.CommonMethod;
import com.baosight.hggp.util.LogUtils;
import com.baosight.iplat4j.core.ei.EiBlock;
......@@ -21,7 +24,6 @@ import com.baosight.xservices.xs.domain.XS01;
import com.baosight.xservices.xs.domain.XS02;
import com.baosight.xservices.xs.util.LoginUserDetails;
import com.baosight.xservices.xs.util.UserSession;
import org.apache.commons.lang.StringUtils;
import java.util.Arrays;
......@@ -97,11 +99,20 @@ public class ServiceXS3002 extends ServiceEPBase {
* @return
*/
public EiInfo query(EiInfo inInfo) {
// 非管理员仅查询所属企业用户组 added by songx at 2024-01-15
if (!LoginUserDetails.isUserAdmin(UserSessionUtils.getLoginName())) {
inInfo.set("inqu_status-0-accountCode", UserSessionUtils.getAccountCode());
try {
// 非管理员仅查询所属企业用户组 added by songx at 2024-01-15
if (!LoginUserDetails.isUserAdmin(UserSessionUtils.getLoginName())) {
inInfo.set("inqu_status-0-accountCode", UserSessionUtils.getAccountCode());
}
inInfo = super.query(inInfo, "XS02.query", new XS02());
// 设置部门、厂区、公司名称
HGXSUtils.XsOrg.setInfo(inInfo, Dept.FIELD_DEP_CODE, Dept.FIELD_DEP_NAME);
HGXSUtils.XsOrg.setInfo(inInfo, Factory.FIELD_FACTORY_CODE, Factory.FIELD_FACTORY_NAME);
HGXSUtils.XsOrg.setInfo(inInfo, Company.FIELD_COMPANY_CODE, Company.FIELD_COMPANY_NAME);
} catch (Exception e) {
LogUtils.setMsg(inInfo, e, "查询失败");
}
return super.query(inInfo, "XS02.query", new XS02());
return inInfo;
}
/**
......
src/main/webapp/XS/XS3002.js
......@@ -185,7 +185,7 @@ $(function () {
$("#splitter").kendoSplitter({
panes: [
{size: "50%", min: "30%", max: "70%", collapsible: true},
{size: "60%", min: "30%", max: "70%", collapsible: true},
{},
{collapsible: true}
]
......@@ -201,7 +201,7 @@ $(function () {
if (document.getElementById("splitter").getElementsByClassName("k-splitbar").length !== 1) {
$("#splitter").kendoSplitter({
panes: [
{size: "50%", min: "30%", max: "70%", collapsible: true},
{size: "60%", min: "30%", max: "70%", collapsible: true},
{},
{collapsible: true}
]
......@@ -235,10 +235,16 @@ let deptCodeChange = function (e) {
for (let k = 0; k < resultGrid.getCheckedRowsIndex() + 1; k++) {
for (let i = 0; i < deptCodeRows.length; i++) {
if (deptCodeRows[i][1] === item.depCode) {
let depName = deptCodeRows[i][0];
resultGrid.setCellValue(item, 'depName', depName == null ? "" : depName);
let factoryCode = deptCodeRows[i][2];
let factoryName = deptCodeRows[i][3];
resultGrid.setCellValue(item, 'factoryCode', factoryCode == null ? "" : factoryCode);
resultGrid.setCellValue(item, 'factoryName', factoryName == null ? "" : factoryName);
let companyCode = deptCodeRows[i][4]
let companyName = deptCodeRows[i][5]
resultGrid.setCellValue(item, 'companyCode', companyCode == null ? "" : companyCode);
resultGrid.setCellValue(item, 'companyName', companyName == null ? "" : companyName);
return;
}
}
......
src/main/webapp/XS/XS3002.jsp
......@@ -27,20 +27,16 @@
required="true">
<EF:EFCodeOption codeName="hggp.role.dataAuthType"/>
</EF:EFComboColumn>
<EF:EFComboColumn ename="depCode" cname="所属部门" width="110" align="center"
defaultValue="" filter="contains" required="true">
<EF:EFComboColumn ename="depCode" cname="所属部门编码" width="110" align="center"
defaultValue="" filter="contains" required="true"
columnTemplate="#=valueField#">
<EF:EFOptions blockId="dept_code_block_id" valueField="valueField" textField="textField"/>
</EF:EFComboColumn>
<EF:EFComboColumn ename="factoryCode" cname="所属厂区" enable="false" width="110" align="center"
defaultValue="">
<EF:EFOptions blockId="factory_code_block_id" valueField="valueField"
textField="textField"/>
</EF:EFComboColumn>
<EF:EFComboColumn ename="companyCode" cname="所属公司" enable="false" width="110" align="center"
defaultValue="">
<EF:EFOptions blockId="company_code_block_id" valueField="valueField"
textField="textField"/>
</EF:EFComboColumn>
<EF:EFColumn ename="depName" cname="所属部门名称" enable="false" width="110" align="left"/>
<EF:EFColumn ename="factoryName" cname="所属厂区名称" enable="false" width="110" align="left"/>
<EF:EFColumn ename="factoryCode" cname="所属厂区编码" enable="false" width="110" align="left"/>
<EF:EFColumn ename="companyName" cname="所属公司名称" enable="false" width="110" align="left"/>
<EF:EFColumn ename="companyCode" cname="所属公司编码" enable="false" width="110" align="left"/>
<EF:EFColumn ename="manageGroupEname" cname="管辖组英文名" style="text-align:left;" hidden="true"/>
<EF:EFColumn ename="manageGroupCname" cname="管辖组中文名" style="text-align:left;" readonly="true"
hidden="true"/>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment