Merge remote-tracking branch 'origin/master'

ygtx-admin/src/main/java/com/ygtx/web/controller/system/SysDeptController.java

@@ -37,7 +37,6 @@ public class SysDeptController extends BaseController
     /**
      * 获取部门列表
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:list')")
     @GetMapping("/list")
     public AjaxResult list(SysDept dept)
     {
@@ -48,7 +47,6 @@ public class SysDeptController extends BaseController
     /**
      * 查询部门列表（排除节点）
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:list')")
     @GetMapping("/list/exclude/{deptId}")
     public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
     {
@@ -60,7 +58,6 @@ public class SysDeptController extends BaseController
     /**
      * 根据部门编号获取详细信息
      */
-    @PreAuthorize("@ss.hasPermi('system:dept:query')")
     @GetMapping(value = "/{deptId}")
     public AjaxResult getInfo(@PathVariable Long deptId)
     {

ygtx-admin/src/main/java/com/ygtx/web/controller/system/SysUserController.java

@@ -57,7 +57,6 @@ public class SysUserController extends BaseController
     /**
      * 获取用户列表
      */
-    @PreAuthorize("@ss.hasPermi('system:user:list')")
     @GetMapping("/list")
     public TableDataInfo list(SysUser user)
     {

ygtx-gxt/src/main/java/com/ygtx/gxt/controller/GxtEquipmentController.java

@@ -38,7 +38,6 @@ public class GxtEquipmentController extends BaseController
     /**
      * 查询设备管理列表
      */
-    @PreAuthorize("@ss.hasPermi('gxt:equipment:list')")
     @GetMapping("/list")
     public TableDataInfo list(GxtEquipment gxtEquipment)
     {
@@ -50,7 +49,6 @@ public class GxtEquipmentController extends BaseController
     /**
      * 获取所有品牌列表（去重）
      */
-    @PreAuthorize("@ss.hasPermi('gxt:equipment:list')")
     @GetMapping("/brands")
     public AjaxResult listBrands()
     {
@@ -61,7 +59,6 @@ public class GxtEquipmentController extends BaseController
     /**
      * 根据品牌获取机型列表（去重）
      */
-    @PreAuthorize("@ss.hasPermi('gxt:equipment:list')")
     @GetMapping("/models/{brand}")
     public AjaxResult listModelsByBrand(@PathVariable("brand") String brand)
     {
@@ -72,7 +69,6 @@ public class GxtEquipmentController extends BaseController
     /**
      * 获取所有维保中心列表（去重）
      */
-    @PreAuthorize("@ss.hasPermi('gxt:equipment:list')")
     @GetMapping("/maintenanceCenters")
     public AjaxResult listMaintenanceCenters()
     {
@@ -83,7 +79,6 @@ public class GxtEquipmentController extends BaseController
     /**
      * 根据维保中心获取场站列表（去重）
      */
-    @PreAuthorize("@ss.hasPermi('gxt:equipment:list')")
     @GetMapping("/stations/{maintenanceCenter}")
     public AjaxResult listStationsByMaintenanceCenter(@PathVariable("maintenanceCenter") String maintenanceCenter)
     {

ygtx-gxt/src/main/java/com/ygtx/gxt/controller/GxtFaultCodesController.java

@@ -37,7 +37,6 @@ public class GxtFaultCodesController extends BaseController
     /**
      * 查询故障代码管理列表
      */
-    @PreAuthorize("@ss.hasPermi('gxt:faultCodes:list')")
     @GetMapping("/list")
     public TableDataInfo list(GxtFaultCodes gxtFaultCodes)
     {

ygtx-gxt/src/main/java/com/ygtx/gxt/service/impl/GxtRepairOrderServiceImpl.java

@@ -83,6 +83,12 @@ public class GxtRepairOrderServiceImpl implements IGxtRepairOrderService
     {
         // 添加业务特定的数据权限过滤
         addBusinessDataScopeFilter(gxtRepairOrder);
+        
+        // 确保设置了当前用户的用户名，用于待下发工单的权限过滤
+        if (gxtRepairOrder.getCreateBy() == null || gxtRepairOrder.getCreateBy().isEmpty()) {
+            gxtRepairOrder.setCreateBy(SecurityUtils.getUsername());
+        }
+        
         return gxtRepairOrderMapper.selectGxtRepairOrderList(gxtRepairOrder);
     }
 

ygtx-gxt/src/main/java/com/ygtx/gxt/task/RepairOrderArchiveTask.java

@@ -2,18 +2,25 @@ package com.ygtx.gxt.task;
 
 import java.util.Date;
 import java.util.List;
+import java.util.Set;
 
+import com.ygtx.common.core.domain.entity.SysUser;
+import com.ygtx.common.core.domain.model.LoginUser;
 import com.ygtx.common.utils.DateUtils;
+import com.ygtx.framework.web.service.SysPermissionService;
 import com.ygtx.gxt.domain.GxtRepairOrder;
 import com.ygtx.gxt.domain.GxtRepairOrderFlow;
 import com.ygtx.gxt.service.IGxtRepairOrderService;
 import com.ygtx.gxt.service.IGxtRepairOrderFlowService;
 
+import com.ygtx.system.mapper.SysUserMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
 /**
@@ -35,14 +42,31 @@ public class RepairOrderArchiveTask {
     @Autowired
     private IGxtRepairOrderFlowService repairOrderFlowService;
 
+    @Autowired
+    private SysUserMapper userMapper;
+
+    @Autowired
+    private SysPermissionService permissionService;
+
     /**
      * 每小时执行定时任务
      * 查找已完成复运操作且评分为非空的工单，并进行归档
      */
+    //@Scheduled(cron = "0 0/3 * * * ?")
     @Scheduled(cron = "0 0 * * * ?")
     public void archiveRepairOrders() {
         log.info("开始执行维修工单自动归档任务");
+        SysUser userAdmin = userMapper.selectUserByUserName("admin");
+        Set<String> permissions = permissionService.getMenuPermission(userAdmin);
+        LoginUser loginUser = new LoginUser(userAdmin,permissions);
+
+        UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(
+                loginUser,
+                null,
+                loginUser.getAuthorities()
+        );
 
+        SecurityContextHolder.getContext().setAuthentication(authentication);
         try {
             // 构造查询条件：已完成复运操作且评分为非空的工单
             GxtRepairOrder queryOrder = new GxtRepairOrder();

ygtx-gxt/src/main/resources/mapper/gxt/GxtRepairOrderMapper.xml

@@ -117,6 +117,11 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
             <if test="params.businessDataScope != null and params.businessDataScope != ''">
                 ${params.businessDataScope}
             </if>
+            <!-- 限制待下发工单只能创建人本部门查看 -->
+            and (t.work_order_status != 'to_issue' or t.create_by in 
+                (select user_name from sys_user t1
+                 left join sys_dept t2 on t1.dept_id = t2.dept_id
+                 where t2.dept_id = (select dept_id from sys_user where user_name = #{createBy,jdbcType=VARCHAR})))
         </where>
         order by id desc
     </select>