update

mec-biz/src/main/java/com/ym/mec/biz/dal/page/TeacherSalaryModifyQueryInfo.java

@@ -6,7 +6,7 @@ import com.ym.mec.common.page.QueryInfo;
 public class TeacherSalaryModifyQueryInfo extends QueryInfo {
     private String salarySettlementMonth;
 
-    private Integer organId;
+    private String organId;
 
     private Integer teacherId;
 
@@ -20,11 +20,11 @@ public class TeacherSalaryModifyQueryInfo extends QueryInfo {
         this.salarySettlementMonth = salarySettlementMonth;
     }
 
-    public Integer getOrganId() {
+    public String getOrganId() {
         return organId;
     }
 
-    public void setOrganId(Integer organId) {
+    public void setOrganId(String organId) {
         this.organId = organId;
     }
 

mec-biz/src/main/resources/config/mybatis/TeacherSalaryComplaintsMapper.xml

@@ -99,8 +99,8 @@
 
 	<sql id="queryPageSql">
 		<where>
-			<if test="organId != null">
-				t.organ_id_ = #{organId}
+			<if test="organId != null and organId != ''">
+				FIND_IN_SET(t.organ_id_,#{organId})
 			</if>
 			<if test="salarySettlementMonth != null and salarySettlementMonth != ''">
 				AND tsc.salary_settlement_month_ = #{salarySettlementMonth}

mec-web/src/main/java/com/ym/mec/web/controller/TeacherSalaryComplaintsController.java

@@ -1,19 +1,23 @@
 package com.ym.mec.web.controller;
 
+import com.ym.mec.auth.api.client.SysUserFeignService;
+import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.biz.dal.dao.EmployeeDao;
+import com.ym.mec.biz.dal.entity.Employee;
 import com.ym.mec.biz.dal.entity.TeacherSalaryComplaints;
-import com.ym.mec.biz.dal.entity.TeacherSalaryModifyLog;
 import com.ym.mec.biz.dal.page.TeacherSalaryModifyQueryInfo;
 import com.ym.mec.biz.service.TeacherSalaryComplaintsService;
-import com.ym.mec.biz.service.TeacherSalaryModifyLogService;
 import com.ym.mec.common.controller.BaseController;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.Date;
+import java.util.Arrays;
+import java.util.List;
 
 @RequestMapping("teacherSalaryComplaints")
 @Api(tags = "老师课酬申诉")
@@ -22,11 +26,32 @@ public class TeacherSalaryComplaintsController extends BaseController {
 
     @Autowired
     private TeacherSalaryComplaintsService teacherSalaryComplaintsService;
+    @Autowired
+    private SysUserFeignService sysUserFeignService;
+    @Autowired
+    private EmployeeDao employeeDao;
 
     @ApiOperation(value = "分页获取")
     @RequestMapping("/queryPage")
     @PreAuthorize("@pcs.hasPermissions('teacherSalaryComplaints/queryPage')")
     public Object queryPage(TeacherSalaryModifyQueryInfo queryInfo){
+        SysUser sysUser = sysUserFeignService.queryUserInfo();
+        if (sysUser == null) {
+            return failed("用户信息获取失败");
+        }
+        if(!sysUser.getIsSuperAdmin()){
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
+                queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.containsAll(Arrays.asList(queryInfo.getOrganId().split(",")))){
+                    return failed("非法请求");
+                }
+            }
+        }
         return succeed(teacherSalaryComplaintsService.queryPage(queryInfo));
     }