设备权限修改

ygtx-gxt/src/main/java/com/ygtx/gxt/service/impl/GxtEquipmentServiceImpl.java

@@ -1,7 +1,12 @@
 package com.ygtx.gxt.service.impl;
 
 import java.util.List;
+
+import com.ygtx.common.core.domain.entity.SysDept;
+import com.ygtx.common.core.domain.entity.SysUser;
 import com.ygtx.common.utils.DateUtils;
+import com.ygtx.system.service.ISysDeptService;
+import com.ygtx.system.service.ISysUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import com.ygtx.gxt.mapper.GxtEquipmentMapper;
@@ -10,13 +15,12 @@ import com.ygtx.gxt.service.IGxtEquipmentService;
 import com.ygtx.common.utils.StringUtils;
 import com.ygtx.common.exception.ServiceException;
 import javax.validation.Validator;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-import com.ygtx.system.service.ISysUserService;
-import com.ygtx.system.service.ISysDeptService;
-import com.ygtx.common.core.domain.entity.SysUser;
-import com.ygtx.common.core.domain.entity.SysDept;
-import java.util.List;
+import com.ygtx.common.annotation.DataScope;
+import com.ygtx.common.core.domain.entity.SysRole;
+import com.ygtx.common.core.domain.model.LoginUser;
+import com.ygtx.common.utils.SecurityUtils;
+import com.ygtx.framework.aspectj.DataScopeAspect;
+import java.util.ArrayList;
 
 /**
  * 设备管理Service业务层处理
@@ -58,8 +62,11 @@ public class GxtEquipmentServiceImpl implements IGxtEquipmentService
      * @return 设备管理
      */
     @Override
+    @DataScope(deptAlias = "t", userAlias = "")
     public List<GxtEquipment> selectGxtEquipmentList(GxtEquipment gxtEquipment)
     {
+        // 添加业务特定的数据权限过滤
+        addBusinessDataScopeFilter(gxtEquipment);
         return gxtEquipmentMapper.selectGxtEquipmentList(gxtEquipment);
     }
 
@@ -364,4 +371,135 @@ public class GxtEquipmentServiceImpl implements IGxtEquipmentService
             }
         }
     }
+    
+    /**
+     * 添加业务特定的数据权限过滤条件
+     * 基于角色的数据范围进行自定义权限控制
+     *
+     * @param gxtEquipment 设备管理查询条件
+     */
+    private void addBusinessDataScopeFilter(GxtEquipment gxtEquipment) {
+        // 获取当前登录用户
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (loginUser == null) {
+            return;
+        }
+
+        SysUser currentUser = loginUser.getUser();
+        if (currentUser == null) {
+            return;
+        }
+
+        // 如果是超级管理员，不过滤数据
+        if (currentUser.isAdmin()) {
+            return;
+        }
+
+        // 获取用户角色
+        List<SysRole> roles = currentUser.getRoles();
+        if (roles == null || roles.isEmpty()) {
+            return;
+        }
+
+        // 构建业务特定的数据权限SQL
+        StringBuilder businessSql = new StringBuilder();
+        
+        // 遍历用户角色，根据角色的数据范围添加业务特定的权限控制
+        for (SysRole role : roles) {
+            String dataScope = role.getDataScope();
+            
+            // 如果是全部数据权限，则不过滤
+            if (DataScopeAspect.DATA_SCOPE_ALL.equals(dataScope)) {
+                businessSql.setLength(0); // 清空之前的条件
+                break; // 全部数据权限，跳出循环
+            }
+            
+            // 自定义数据权限 - 根据角色的数据范围值来控制查询条件
+            if (DataScopeAspect.DATA_SCOPE_CUSTOM.equals(dataScope)) {
+                // 获取具有自定义数据权限的角色ID列表
+                List<String> customRoleIds = new ArrayList<>();
+                for (SysRole r : roles) {
+                    if (DataScopeAspect.DATA_SCOPE_CUSTOM.equals(r.getDataScope())) {
+                        customRoleIds.add(String.valueOf(r.getRoleId()));
+                    }
+                }
+                
+                // 构建自定义数据权限查询条件
+                if (businessSql.length() > 0) {
+                    businessSql.append(" OR ");
+                }
+                
+                if (customRoleIds.size() > 1) {
+                    // 多个自定义数据权限角色使用IN查询
+                    businessSql.append("(t.maintenance_center_id IN (SELECT dept_id FROM sys_role_dept WHERE role_id IN (")
+                              .append(String.join(",", customRoleIds))
+                              .append("))")
+                              .append(" OR t.station_id IN (SELECT dept_id FROM sys_role_dept WHERE role_id IN (")
+                              .append(String.join(",", customRoleIds))
+                              .append(")))");
+                } else {
+                    // 单个自定义数据权限角色查询
+                    businessSql.append("(t.maintenance_center_id IN (SELECT dept_id FROM sys_role_dept WHERE role_id = ")
+                              .append(role.getRoleId())
+                              .append(")")
+                              .append(" OR t.station_id IN (SELECT dept_id FROM sys_role_dept WHERE role_id = ")
+                              .append(role.getRoleId())
+                              .append("))");
+                }
+                continue;
+            }
+            
+            // 部门数据权限 - 适用于部门负责人角色
+            if (DataScopeAspect.DATA_SCOPE_DEPT.equals(dataScope)) {
+                if (businessSql.length() > 0) {
+                    businessSql.append(" OR ");
+                }
+                businessSql.append("(t.station_id = ")
+                          .append(currentUser.getDeptId())
+                          .append(" OR t.maintenance_center_id = ")
+                          .append(currentUser.getDeptId())
+                          .append(")");
+                continue;
+            }
+            
+            // 部门及以下数据权限
+            if (DataScopeAspect.DATA_SCOPE_DEPT_AND_CHILD.equals(dataScope)) {
+                if (businessSql.length() > 0) {
+                    businessSql.append(" OR ");
+                }
+                businessSql.append("(t.station_id IN ")
+                          .append("(SELECT dept_id FROM sys_dept WHERE dept_id = ")
+                          .append(currentUser.getDeptId())
+                          .append(" OR FIND_IN_SET(")
+                          .append(currentUser.getDeptId())
+                          .append(", ancestors))")
+                          .append(" OR t.maintenance_center_id IN ")
+                          .append("(SELECT dept_id FROM sys_dept WHERE dept_id = ")
+                          .append(currentUser.getDeptId())
+                          .append(" OR FIND_IN_SET(")
+                          .append(currentUser.getDeptId())
+                          .append(", ancestors)))");
+                continue;
+            }
+            
+            // 仅本人数据权限 - 适用于设备责任人角色或创建人
+            if (DataScopeAspect.DATA_SCOPE_SELF.equals(dataScope)) {
+                if (businessSql.length() > 0) {
+                    businessSql.append(" OR ");
+                }
+                businessSql.append("(t.responsible_person_id = ")
+                        .append(currentUser.getUserId())
+                        .append(" OR t.create_by = '")
+                        .append(currentUser.getUserName())
+                        .append("')");
+                continue;
+            }
+        }
+
+        // 如果构建了业务特定的过滤条件，则添加到查询参数中
+        if (businessSql.length() > 0) {
+            String businessDataScopeSql = " AND (" + businessSql.toString() + ")";
+            gxtEquipment.getParams().put("businessDataScope", businessDataScopeSql);
+        }
+    }
 }

ygtx-gxt/src/main/resources/mapper/gxt/GxtEquipmentMapper.xml

@@ -24,7 +24,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
     </resultMap>
 
     <sql id="selectGxtEquipmentVo">
-        select equipment_id, equipment_code, maintenance_center, station, brand, model, equipment_type, status, responsible_person_name, responsible_person_id, maintenance_center_id, station_id, create_by, create_time, update_by, update_time from gxt_equipment
+        select equipment_id, equipment_code, maintenance_center, station, brand, model, equipment_type, status, responsible_person_name, responsible_person_id, maintenance_center_id, station_id, create_by, create_time, update_by, update_time from gxt_equipment t
     </sql>
 
     <select id="selectGxtEquipmentList" parameterType="GxtEquipment" resultMap="GxtEquipmentResult">
@@ -37,6 +37,11 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
             <if test="model != null  and model != ''"> and model = #{model}</if>
             <if test="equipmentType != null  and equipmentType != ''"> and equipment_type = #{equipmentType}</if>
             <if test="status != null  and status != ''"> and status = #{status}</if>
+            
+            <!-- 业务特定数据权限过滤条件 -->
+            <if test="params.businessDataScope != null and params.businessDataScope != ''">
+                ${params.businessDataScope}
+            </if>
         </where>
     </select>