1.数据权限开发,SQL注入

src/main/java/com/baosight/hggp/core/security/UserSessionUtils.java

@@ -109,7 +109,7 @@ public class UserSessionUtils extends UserSession {
 	}
 	
 	/**
-	 * *获取登录用户所有角色
+	 * 获取登录用户所有角色
 	 *
 	 * @return
 	 */
@@ -118,7 +118,7 @@ public class UserSessionUtils extends UserSession {
 	}
 	
 	/**
-	 * *获取登录用户所有角色的公司列表
+	 * 获取登录用户所有角色的公司列表
 	 *
 	 * @return
 	 */
@@ -135,7 +135,7 @@ public class UserSessionUtils extends UserSession {
 	}
 	
 	/**
-	 * *获取指定公司的部门列表
+	 * 获取指定公司的部门列表
 	 *
 	 * @return
 	 */
@@ -148,7 +148,7 @@ public class UserSessionUtils extends UserSession {
 	}
 	
 	/**
-	 * *获取指定公司的人员列表
+	 * 获取指定公司的人员列表
 	 *
 	 * @return
 	 */

src/main/java/com/baosight/hggp/hg/sj/sql/HGSJ001.xml

 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE sqlMap  PUBLIC "-//ibatis.apache.org//DTD SQL Map 2.0//EN" "http://ibatis.apache.org/dtd/sql-map-2.dtd">
-<!--      table information
-		Generate time : 2024-05-05 21:45:00
-   		Version :  1.0
-		schema : hpjx
-		tableName : HGPZ001
-		 ID  BIGINT   NOT NULL   primarykey, 
-		 COMPANY_CODE  VARCHAR, 
-		 DEP_CODE  VARCHAR, 
-		 CREATED_BY  VARCHAR, 
-		 CREATED_NAME  VARCHAR, 
-		 CREATED_TIME  VARCHAR, 
-		 UPDATED_BY  VARCHAR, 
-		 UPDATED_NAME  VARCHAR, 
-		 UPDATED_TIME  VARCHAR, 
-		 DELETE_FLAG  TINYINT, 
-		 FACTORY_CODE  VARCHAR, 
-		 FACTORY_NAME  VARCHAR, 
-		 PROCESS_CODE  VARCHAR, 
-		 PROCESS_NAME  VARCHAR, 
-		 UNIT  VARCHAR, 
-		 STANDARD_JOB  DECIMAL, 
-		 STANDARD_DAYS  DECIMAL, 
-		 STANDARD_NUM  DECIMAL, 
-		 PRINC  VARCHAR, 
-		 STATUS  TINYINT
-	-->
+<!DOCTYPE sqlMap PUBLIC "-//iBATIS.com//DTD SQL Map 2.0//EN" "http://www.ibatis.com/dtd/sql-map-2.dtd">
 <sqlMap namespace="HGSJ001">
 
 	<sql id="column">
@@ -51,7 +25,28 @@
 		STATUS	as "status" <!-- 状态0.启用1.停止 -->
 	</sql>
 
+    <sql id="authCondition">
+        <!-- 无权限时使用 -->
+        <isNotEmpty prepend=" AND " property="authDepCode">
+            DEP_CODE = #authDepCode#
+        </isNotEmpty>
+        <!-- 仅本人和部门组合 -->
+        <isEqual prepend=" AND " property="authCombination" compareValue="1">
+            (CREATED_BY = #authOnlyPeople# OR DEP_CODE IN <iterate close=")" open="(" conjunction="," property="authDepCodes">#authDepCodes[]#</iterate>)
+        </isEqual>
+        <!-- 仅本人或部门 -->
+        <isNotEqual prepend=" AND " property="authCombination" compareValue="1">
+            <isNotEmpty property="authOnlyPeople">
+                CREATED_BY = #authOnlyPeople#
+            </isNotEmpty>
+            <isNotEmpty property="authDepCodes">
+                DEP_CODE IN <iterate close=")" open="(" conjunction="," property="authDepCodes">#authDepCodes[]#</iterate>
+            </isNotEmpty>
+        </isNotEqual>
+    </sql>
+
 	<sql id="condition">
+        <include refid="authCondition"/>
 		<isNotEmpty prepend=" AND " property="id">
 			ID = #id#
 		</isNotEmpty>

src/main/java/com/baosight/hggp/hg/xs/domain/Company.java

 package com.baosight.hggp.hg.xs.domain;
 
+import com.baosight.iplat4j.core.data.DaoEPBase;
+import com.baosight.iplat4j.core.ei.EiColumn;
+import com.baosight.iplat4j.core.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * @author:songx
  * @date:2024/5/8,13:47
  */
-public class Company {
+public class Company extends DaoEPBase {
 	
 	public static final String FIELD_COMPANY_CODE = "companyCode";            /* 公司编码*/
 	public static final String FIELD_COMPANY_NAME = "companyName";            /* 公司名称*/
@@ -12,17 +19,38 @@ public class Company {
 	/**
 	 * 公司编码
 	 */
-	private String companyCode;
+	private String companyCode = "";
 	
 	/**
 	 * 公司名称
 	 */
-	private String companyName;
+	private String companyName = "";
+	
+	/**
+	 * initialize the metadata.
+	 */
+	public void initMetaData() {
+		EiColumn eiColumn;
+		
+		eiColumn = new EiColumn(FIELD_COMPANY_CODE);
+		eiColumn.setDescName("公司编码");
+		eiMetadata.addMeta(eiColumn);
 		
+		eiColumn = new EiColumn(FIELD_COMPANY_NAME);
+		eiColumn.setDescName("公司名称");
+		eiMetadata.addMeta(eiColumn);
+		
+	}
+	
+	/**
+	 * the constructor.
+	 */
 	public Company() {
+		initMetaData();
 	}
 	
 	public Company(String companyCode, String companyName) {
+		initMetaData();
 		this.companyCode = companyCode;
 		this.companyName = companyName;
 	}
@@ -42,4 +70,29 @@ public class Company {
 	public void setCompanyName(String companyName) {
 		this.companyName = companyName;
 	}
+	
+	/**
+	 * get the value from Map.
+	 *
+	 * @param map - source data map
+	 */
+	@Override
+	public void fromMap(Map map) {
+		
+		setCompanyCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_COMPANY_CODE)), companyCode));
+		setCompanyName(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_COMPANY_NAME)), companyName));
+	}
+	
+	/**
+	 * set the value to Map.
+	 */
+	@Override
+	public Map toMap() {
+		
+		Map map = new HashMap();
+		map.put(FIELD_COMPANY_CODE, StringUtils.toString(companyCode, eiMetadata.getMeta(FIELD_COMPANY_CODE)));
+		map.put(FIELD_COMPANY_NAME, StringUtils.toString(companyName, eiMetadata.getMeta(FIELD_COMPANY_NAME)));
+		
+		return map;
+	}
 }

src/main/java/com/baosight/hggp/hg/xs/domain/Dept.java

 package com.baosight.hggp.hg.xs.domain;
 
+import com.baosight.iplat4j.core.data.DaoEPBase;
+import com.baosight.iplat4j.core.ei.EiColumn;
+import com.baosight.iplat4j.core.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * @author:songx
  * @date:2024/5/8,13:47
  */
-public class Dept {
+public class Dept extends DaoEPBase {
+	
+	public static final String FIELD_DEP_CODE = "depCode";            /* 部门编码*/
+	public static final String FIELD_DEP_NAME = "depName";            /* 部门名称*/
 	
 	/**
 	 * 部门编码
@@ -16,6 +26,22 @@ public class Dept {
 	 */
 	private String depName;
 	
+	/**
+	 * initialize the metadata.
+	 */
+	public void initMetaData() {
+		EiColumn eiColumn;
+		
+		eiColumn = new EiColumn(FIELD_DEP_CODE);
+		eiColumn.setDescName("部门编码");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_DEP_NAME);
+		eiColumn.setDescName("部门名称");
+		eiMetadata.addMeta(eiColumn);
+		
+	}
+	
 	public Dept() {
 	}
 	
@@ -39,4 +65,29 @@ public class Dept {
 	public void setDeptName(String depName) {
 		this.depName = depName;
 	}
+	
+	/**
+	 * get the value from Map.
+	 *
+	 * @param map - source data map
+	 */
+	@Override
+	public void fromMap(Map map) {
+		
+		setDepCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DEP_CODE)), depCode));
+		setDeptName(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DEP_NAME)), depName));
+	}
+	
+	/**
+	 * set the value to Map.
+	 */
+	@Override
+	public Map toMap() {
+		
+		Map map = new HashMap();
+		map.put(FIELD_DEP_CODE, StringUtils.toString(depCode, eiMetadata.getMeta(FIELD_DEP_CODE)));
+		map.put(FIELD_DEP_NAME, StringUtils.toString(depName, eiMetadata.getMeta(FIELD_DEP_NAME)));
+		
+		return map;
+	}
 }

src/main/java/com/baosight/hggp/hg/xs/domain/Factory.java

 package com.baosight.hggp.hg.xs.domain;
 
+import com.baosight.iplat4j.core.data.DaoEPBase;
+import com.baosight.iplat4j.core.ei.EiColumn;
+import com.baosight.iplat4j.core.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * @author:songx
  * @date:2024/5/8,13:47
  */
-public class Factory {
+public class Factory extends DaoEPBase {
+	
+	public static final String FIELD_FACTORY_CODE = "factoryCode";            /* 部门编码*/
+	public static final String FIELD_FACTORY_NAME = "factoryName";            /* 部门名称*/
 	
 	/**
 	 * 厂区编码
@@ -16,6 +26,32 @@ public class Factory {
 	 */
 	private String factoryName;
 	
+	/**
+	 * initialize the metadata.
+	 */
+	public void initMetaData() {
+		EiColumn eiColumn;
+		
+		eiColumn = new EiColumn(FIELD_FACTORY_CODE);
+		eiColumn.setDescName("厂区编码");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_FACTORY_NAME);
+		eiColumn.setDescName("厂区名称");
+		eiMetadata.addMeta(eiColumn);
+		
+	}
+	
+	public Factory() {
+		initMetaData();
+	}
+	
+	public Factory(String factoryCode, String factoryName) {
+		initMetaData();
+		this.factoryCode = factoryCode;
+		this.factoryName = factoryName;
+	}
+	
 	public String getFactoryCode() {
 		return factoryCode;
 	}
@@ -31,4 +67,29 @@ public class Factory {
 	public void setFactoryName(String factoryName) {
 		this.factoryName = factoryName;
 	}
+	
+	/**
+	 * get the value from Map.
+	 *
+	 * @param map - source data map
+	 */
+	@Override
+	public void fromMap(Map map) {
+		
+		setFactoryCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_FACTORY_CODE)), factoryCode));
+		setFactoryName(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_FACTORY_NAME)), factoryName));
+	}
+	
+	/**
+	 * set the value to Map.
+	 */
+	@Override
+	public Map toMap() {
+		
+		Map map = new HashMap();
+		map.put(FIELD_FACTORY_CODE, StringUtils.toString(factoryCode, eiMetadata.getMeta(FIELD_FACTORY_CODE)));
+		map.put(FIELD_FACTORY_NAME, StringUtils.toString(factoryName, eiMetadata.getMeta(FIELD_FACTORY_NAME)));
+		
+		return map;
+	}
 }

src/main/java/com/baosight/hggp/hg/xs/domain/UserGroup.java

 package com.baosight.hggp.hg.xs.domain;
 
-import java.io.Serializable;
+import com.baosight.iplat4j.core.data.DaoEPBase;
+import com.baosight.iplat4j.core.ei.EiColumn;
+import com.baosight.iplat4j.core.util.StringUtils;
+
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * @author:songx
  * @date:2024/1/15,14:50
  */
-public class UserGroup implements Serializable {
+public class UserGroup extends DaoEPBase {
 	
 	public static final String FIELD_ID = "id";            /* ID*/
 	public static final String FIELD_GROUP_ENAME = "groupEname";            /* 群组英文名*/
@@ -63,6 +68,55 @@ public class UserGroup implements Serializable {
 	 */
 	private String userId;
 	
+	
+	/**
+	 * initialize the metadata.
+	 */
+	public void initMetaData() {
+		EiColumn eiColumn;
+		
+		eiColumn = new EiColumn(FIELD_ID);
+		eiColumn.setDescName("ID");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_GROUP_ENAME);
+		eiColumn.setDescName("群组英文名");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_GROUP_CNAME);
+		eiColumn.setDescName("群组中文名");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_ACCOUNT_CODE);
+		eiColumn.setDescName("帐套编码");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_DATA_AUTH_TYPE);
+		eiColumn.setDescName("数据权限类型");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_DEP_CODE);
+		eiColumn.setDescName("公司编码");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_FACTORY_CODE);
+		eiColumn.setDescName("厂区编码");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_COMPANY_CODE);
+		eiColumn.setDescName("公司编码");
+		eiMetadata.addMeta(eiColumn);
+		
+		eiColumn = new EiColumn(FIELD_USER_ID);
+		eiColumn.setDescName("用户ID");
+		eiMetadata.addMeta(eiColumn);
+		
+	}
+	
+	public UserGroup() {
+		initMetaData();
+	}
+	
 	public String getId() {
 		return id;
 	}
@@ -134,4 +188,43 @@ public class UserGroup implements Serializable {
 	public void setUserId(String userId) {
 		this.userId = userId;
 	}
+	
+	/**
+	 * get the value from Map.
+	 *
+	 * @param map - source data map
+	 */
+	@Override
+	public void fromMap(Map map) {
+		
+		setId(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_ID)), id));
+		setGroupEname(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_GROUP_ENAME)), groupEname));
+		setGroupCname(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_GROUP_CNAME)), groupCname));
+		setAccountCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_ACCOUNT_CODE)), accountCode));
+		setDataAuthType(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DATA_AUTH_TYPE)), dataAuthType));
+		setFactoryCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_FACTORY_CODE)), factoryCode));
+		setDepCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_DEP_CODE)), depCode));
+		setCompanyCode(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_COMPANY_CODE)), companyCode));
+		setUserId(StringUtils.defaultIfEmpty(StringUtils.toString(map.get(FIELD_USER_ID)), userId));
+	}
+	
+	/**
+	 * set the value to Map.
+	 */
+	@Override
+	public Map toMap() {
+		
+		Map map = new HashMap();
+		map.put(FIELD_ID, StringUtils.toString(id, eiMetadata.getMeta(FIELD_ID)));
+		map.put(FIELD_GROUP_ENAME, StringUtils.toString(groupEname, eiMetadata.getMeta(FIELD_GROUP_ENAME)));
+		map.put(FIELD_GROUP_CNAME, StringUtils.toString(groupCname, eiMetadata.getMeta(FIELD_GROUP_CNAME)));
+		map.put(FIELD_ACCOUNT_CODE, StringUtils.toString(accountCode, eiMetadata.getMeta(FIELD_ACCOUNT_CODE)));
+		map.put(FIELD_DATA_AUTH_TYPE, StringUtils.toString(dataAuthType, eiMetadata.getMeta(FIELD_DATA_AUTH_TYPE)));
+		map.put(FIELD_FACTORY_CODE, StringUtils.toString(factoryCode, eiMetadata.getMeta(FIELD_FACTORY_CODE)));
+		map.put(FIELD_DEP_CODE, StringUtils.toString(depCode, eiMetadata.getMeta(FIELD_DEP_CODE)));
+		map.put(FIELD_COMPANY_CODE, StringUtils.toString(companyCode, eiMetadata.getMeta(FIELD_COMPANY_CODE)));
+		map.put(FIELD_USER_ID, StringUtils.toString(userId, eiMetadata.getMeta(FIELD_USER_ID)));
+		
+		return map;
+	}
 }

src/main/java/com/baosight/hggp/hg/xs/tools/HGXSTools.java

@@ -212,40 +212,6 @@ public class HGXSTools {
 			return results.stream().collect(Collectors.groupingBy(UserGroup::getUserId));
 		}
 		
-		/**
-		 * 设置项目信息
-		 *
-		 * @param inInfo
-		 */
-		public static void setIsManager(EiInfo inInfo) {
-			List<Map> resultRows = inInfo.getBlock(EiConstant.resultBlock).getRows();
-			List<String> userIds = ObjectUtils.listKey(resultRows, User.FIELD_USER_ID);
-			Map<String, List<UserGroup>> resultMap = mapByUser(userIds);
-			if (MapUtils.isEmpty(resultMap)) {
-				return;
-			}
-			for (Map resultRow : resultRows) {
-				String userId = MapUtils.getString(resultRow, User.FIELD_USER_ID);
-				List<UserGroup> dbUserGroups = resultMap.get(userId);
-				setIsManager(resultRow, dbUserGroups);
-			}
-		}
-		
-		/**
-		 * 设置项目信息
-		 *
-		 * @param resultRow
-		 * @param dbUserGroups
-		 */
-		private static void setIsManager(Map resultRow, List<UserGroup> dbUserGroups) {
-			if (CollectionUtils.isEmpty(dbUserGroups)) {
-				resultRow.put("isManager", CommonConstant.YesNo.NO_0);
-				return;
-			}
-			boolean companyManageExists = dbUserGroups.stream().map(UserGroup::getGroupEname).anyMatch(item ->
-					CommonConstant.Field.COMPANY_MANAGE.equals(item));
-			resultRow.put("isManager", companyManageExists ? CommonConstant.YesNo.YES_1 : CommonConstant.YesNo.NO_0);
-		}
 	}
 	
 	/**

src/main/java/com/baosight/hggp/hg/xs/utils/HGXSUtils.java

+package com.baosight.hggp.hg.xs.utils;
+
+import com.baosight.hggp.core.constant.CommonConstant;
+import com.baosight.hggp.hg.xs.domain.Org;
+import com.baosight.hggp.hg.xs.domain.User;
+import com.baosight.hggp.hg.xs.domain.UserGroup;
+import com.baosight.hggp.hg.xs.tools.HGXSTools;
+import com.baosight.hggp.util.MapUtils;
+import com.baosight.hggp.util.ObjectUtils;
+import com.baosight.iplat4j.core.ei.EiConstant;
+import com.baosight.iplat4j.core.ei.EiInfo;
+import org.apache.commons.collections.CollectionUtils;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author:songx
+ * @date:2024/5/8,17:45
+ */
+public class HGXSUtils {
+	
+	/**
+	 * 用户组
+	 *
+	 * @author:songx
+	 * @date:2024/5/7,16:27
+	 */
+	public static class XsUserGroup {
+		
+		/**
+		 * 设置管理员信息
+		 *
+		 * @param inInfo
+		 */
+		public static void setIsManager(EiInfo inInfo) {
+			List<Map> resultRows = inInfo.getBlock(EiConstant.resultBlock).getRows();
+			List<String> userIds = ObjectUtils.listKey(resultRows, User.FIELD_USER_ID);
+			Map<String, List<UserGroup>> resultMap = HGXSTools.XsUserGroup.mapByUser(userIds);
+			if (MapUtils.isEmpty(resultMap)) {
+				return;
+			}
+			for (Map resultRow : resultRows) {
+				String userId = MapUtils.getString(resultRow, User.FIELD_USER_ID);
+				List<UserGroup> dbUserGroups = resultMap.get(userId);
+				setIsManager(resultRow, dbUserGroups);
+			}
+		}
+		
+		/**
+		 * 设置项目信息
+		 *
+		 * @param resultRow
+		 * @param dbUserGroups
+		 */
+		private static void setIsManager(Map resultRow, List<UserGroup> dbUserGroups) {
+			if (CollectionUtils.isEmpty(dbUserGroups)) {
+				resultRow.put("isManager", CommonConstant.YesNo.NO_0);
+				return;
+			}
+			boolean companyManageExists = dbUserGroups.stream().map(UserGroup::getGroupEname).anyMatch(item ->
+					CommonConstant.Field.COMPANY_MANAGE.equals(item));
+			resultRow.put("isManager", companyManageExists ? CommonConstant.YesNo.YES_1 : CommonConstant.YesNo.NO_0);
+		}
+	}
+	
+	
+	/**
+	 * 组织机构
+	 *
+	 * @author:songx
+	 * @date:2024/5/7,16:27
+	 */
+	public static class XsOrg {
+		
+		/**
+		 * 设置组织信息
+		 *
+		 * @param inInfo
+		 * @param codeKey
+		 * @param valueKey
+		 */
+		public static void setInfo(EiInfo inInfo, String codeKey, String valueKey) {
+			List<Map> resultRows = inInfo.getBlock(EiConstant.resultBlock).getRows();
+			List<String> orgIds = ObjectUtils.listKey(resultRows, codeKey);
+			Map<String, Org> resultMap = HGXSTools.XsOrg.map(orgIds);
+			if (MapUtils.isEmpty(resultMap)) {
+				return;
+			}
+			for (Map resultRow : resultRows) {
+				String userId = MapUtils.getString(resultRow, codeKey);
+				Org dbOrg = resultMap.get(userId);
+				resultRow.put(valueKey, dbOrg == null ? "" : dbOrg.getOrgCname());
+			}
+		}
+		
+	}
+}

src/main/java/com/baosight/iplat4j/core/data/ibatis/dao/SqlMapDaoLogProxy.java

@@ -210,7 +210,7 @@ public class SqlMapDaoLogProxy extends SqlMapDao {
 			return;
 		}
 		String authEnable = PlatApplicationContext.getProperty("iplat4j.page.auth.enable");
-		if (StringUtils.isNotBlank(authEnable) && "0".equals(authEnable)) {
+		if (StringUtils.isNotBlank(authEnable) && CommonConstant.YesNo.NO_0.equals(authEnable)) {
 			return;
 		}
 		// 当前用户所有角色
@@ -228,10 +228,11 @@ public class SqlMapDaoLogProxy extends SqlMapDao {
 	 */
 	private void buildDataAuth(List<UserGroup> userGroups, Object parameters) {
 		List<String> depCodes = new ArrayList<>();
+		boolean onlyPeople = false;
 		for (UserGroup userGroup : userGroups) {
 			String dataAuthType = userGroup.getDataAuthType();
 			if (DataAuthTypeEnum.ONLY_PEOPLE.getCode().equals(dataAuthType)) {
-				((Map) parameters).put("authOnlyPeople", CommonConstant.YesNo.YES_1);
+				onlyPeople = true;
 			} else {
 				List<String> depAuths = buildDepCondition(userGroup);
 				if (CollectionUtils.isNotEmpty(depAuths)) {
@@ -239,13 +240,23 @@ public class SqlMapDaoLogProxy extends SqlMapDao {
 				}
 			}
 		}
+		// 无权限
+		if (!onlyPeople && CollectionUtils.isEmpty(depCodes)) {
+			((Map) parameters).put("authDepCode", DataAuthTypeEnum.NO_AUTH.getCode());
+			return;
+		}
+		// 组合权限
+		if (onlyPeople && CollectionUtils.isNotEmpty(depCodes)) {
+			((Map) parameters).put("authCombination", CommonConstant.YesNo.YES_1);
+		}
+		// 仅本人
+		if (onlyPeople) {
+			((Map) parameters).put("authOnlyPeople", UserSessionUtils.getLoginName());
+		}
 		// 去除重复数据
-		if (CollectionUtils.isEmpty(depCodes)) {
-			depCodes.add(DataAuthTypeEnum.NO_AUTH.getCode());
-		} else {
-			depCodes = depCodes.stream().distinct().collect(Collectors.toList());
+		if (CollectionUtils.isNotEmpty(depCodes)) {
+			((Map) parameters).put("authDepCodes", depCodes.stream().distinct().collect(Collectors.toList()));
 		}
-		((Map) parameters).put("authDepCodes", depCodes);
 	}
 	
 	/**

src/main/java/com/baosight/xservices/xs/service/ServiceXS3001.java

@@ -2,6 +2,7 @@ package com.baosight.xservices.xs.service;
 
 import com.baosight.hggp.core.security.UserSessionUtils;
 import com.baosight.hggp.hg.xs.tools.HGXSTools;
+import com.baosight.hggp.hg.xs.utils.HGXSUtils;
 import com.baosight.iplat4j.core.cache.CacheManager;
 import com.baosight.iplat4j.core.ei.EiBlock;
 import com.baosight.iplat4j.core.ei.EiConstant;
@@ -54,7 +55,7 @@ public class ServiceXS3001 extends ServiceEPBase {
 		}
 		EiInfo outInfo = super.query(inInfo, "XS01.query", new XS01());
 		// 用户是否管理员
-		HGXSTools.XsUserGroup.setIsManager(outInfo);
+		HGXSUtils.XsUserGroup.setIsManager(outInfo);
 		return outInfo;
 	}
 	

src/main/java/com/baosight/xservices/xs/service/ServiceXS3002.java

@@ -5,7 +5,10 @@ import com.baosight.hggp.core.enums.OrgTypeEnum;
 import com.baosight.hggp.core.security.UserSessionUtils;
 import com.baosight.hggp.hg.pz.domain.HGPZ009;
 import com.baosight.hggp.hg.pz.tools.HGPZTools;
-import com.baosight.hggp.hg.xs.tools.HGXSTools;
+import com.baosight.hggp.hg.xs.domain.Company;
+import com.baosight.hggp.hg.xs.domain.Dept;
+import com.baosight.hggp.hg.xs.domain.Factory;
+import com.baosight.hggp.hg.xs.utils.HGXSUtils;
 import com.baosight.hggp.util.CommonMethod;
 import com.baosight.hggp.util.LogUtils;
 import com.baosight.iplat4j.core.ei.EiBlock;
@@ -21,7 +24,6 @@ import com.baosight.xservices.xs.domain.XS01;
 import com.baosight.xservices.xs.domain.XS02;
 import com.baosight.xservices.xs.util.LoginUserDetails;
 import com.baosight.xservices.xs.util.UserSession;
-
 import org.apache.commons.lang.StringUtils;
 
 import java.util.Arrays;
@@ -97,11 +99,20 @@ public class ServiceXS3002 extends ServiceEPBase {
 	 * @return
 	 */
 	public EiInfo query(EiInfo inInfo) {
+		try {
 			// 非管理员仅查询所属企业用户组 added by songx at 2024-01-15
 			if (!LoginUserDetails.isUserAdmin(UserSessionUtils.getLoginName())) {
 				inInfo.set("inqu_status-0-accountCode", UserSessionUtils.getAccountCode());
 			}
-		return super.query(inInfo, "XS02.query", new XS02());
+			inInfo = super.query(inInfo, "XS02.query", new XS02());
+			// 设置部门、厂区、公司名称
+			HGXSUtils.XsOrg.setInfo(inInfo, Dept.FIELD_DEP_CODE, Dept.FIELD_DEP_NAME);
+			HGXSUtils.XsOrg.setInfo(inInfo, Factory.FIELD_FACTORY_CODE, Factory.FIELD_FACTORY_NAME);
+			HGXSUtils.XsOrg.setInfo(inInfo, Company.FIELD_COMPANY_CODE, Company.FIELD_COMPANY_NAME);
+		} catch (Exception e) {
+			LogUtils.setMsg(inInfo, e, "查询失败");
+		}
+		return inInfo;
 	}
 	
 	/**

src/main/webapp/XS/XS3002.js

@@ -185,7 +185,7 @@ $(function () {
 
     $("#splitter").kendoSplitter({
         panes: [
-            {size: "50%", min: "30%", max: "70%", collapsible: true},
+            {size: "60%", min: "30%", max: "70%", collapsible: true},
             {},
             {collapsible: true}
         ]
@@ -201,7 +201,7 @@ $(function () {
         if (document.getElementById("splitter").getElementsByClassName("k-splitbar").length !== 1) {
             $("#splitter").kendoSplitter({
                 panes: [
-                    {size: "50%", min: "30%", max: "70%", collapsible: true},
+                    {size: "60%", min: "30%", max: "70%", collapsible: true},
                     {},
                     {collapsible: true}
                 ]
@@ -235,10 +235,16 @@ let deptCodeChange = function (e) {
 	for (let k = 0; k < resultGrid.getCheckedRowsIndex() + 1; k++) {
 		for (let i = 0; i < deptCodeRows.length; i++) {
 			if (deptCodeRows[i][1] === item.depCode) {
+				let depName = deptCodeRows[i][0];
+				resultGrid.setCellValue(item, 'depName', depName == null ? "" : depName);
 				let factoryCode = deptCodeRows[i][2];
+				let factoryName = deptCodeRows[i][3];
 				resultGrid.setCellValue(item, 'factoryCode', factoryCode == null ? "" : factoryCode);
+				resultGrid.setCellValue(item, 'factoryName', factoryName == null ? "" : factoryName);
 				let companyCode = deptCodeRows[i][4]
+				let companyName = deptCodeRows[i][5]
 				resultGrid.setCellValue(item, 'companyCode', companyCode == null ? "" : companyCode);
+				resultGrid.setCellValue(item, 'companyName', companyName == null ? "" : companyName);
 				return;
 			}
 		}

src/main/webapp/XS/XS3002.jsp

@@ -27,20 +27,16 @@
 	                                      required="true">
 		                    <EF:EFCodeOption codeName="hggp.role.dataAuthType"/>
 	                    </EF:EFComboColumn>
-	                    <EF:EFComboColumn ename="depCode" cname="所属部门" width="110" align="center"
-	                                      defaultValue="" filter="contains" required="true">
+	                    <EF:EFComboColumn ename="depCode" cname="所属部门编码" width="110" align="center"
+	                                      defaultValue="" filter="contains" required="true"
+	                                      columnTemplate="#=valueField#">
 		                    <EF:EFOptions blockId="dept_code_block_id" valueField="valueField" textField="textField"/>
 	                    </EF:EFComboColumn>
-	                    <EF:EFComboColumn ename="factoryCode" cname="所属厂区" enable="false" width="110" align="center"
-	                                      defaultValue="">
-		                    <EF:EFOptions blockId="factory_code_block_id" valueField="valueField"
-		                                  textField="textField"/>
-	                    </EF:EFComboColumn>
-	                    <EF:EFComboColumn ename="companyCode" cname="所属公司" enable="false" width="110" align="center"
-	                                      defaultValue="">
-		                    <EF:EFOptions blockId="company_code_block_id" valueField="valueField"
-		                                  textField="textField"/>
-	                    </EF:EFComboColumn>
+	                    <EF:EFColumn ename="depName" cname="所属部门名称" enable="false" width="110" align="left"/>
+	                    <EF:EFColumn ename="factoryName" cname="所属厂区名称" enable="false" width="110" align="left"/>
+	                    <EF:EFColumn ename="factoryCode" cname="所属厂区编码" enable="false" width="110" align="left"/>
+	                    <EF:EFColumn ename="companyName" cname="所属公司名称" enable="false" width="110" align="left"/>
+	                    <EF:EFColumn ename="companyCode" cname="所属公司编码" enable="false" width="110" align="left"/>
 	                    <EF:EFColumn ename="manageGroupEname" cname="管辖组英文名" style="text-align:left;" hidden="true"/>
 	                    <EF:EFColumn ename="manageGroupCname" cname="管辖组中文名" style="text-align:left;" readonly="true"
 	                                 hidden="true"/>