Merge remote-tracking branch 'origin/master'

mec-biz/src/main/java/com/ym/mec/biz/dal/page/FinancialExpenditureQueryInfo.java

@@ -14,9 +14,6 @@ public class FinancialExpenditureQueryInfo extends QueryInfo {
     @ApiModelProperty(value = "钉钉流程编号",required = false)
     private String dingtalkProcessNo;
     /**  */
-    @ApiModelProperty(value = "分部",required = false)
-    private Integer organId;
-    /**  */
     @ApiModelProperty(value = "学校/合作单位",required = false)
     private Integer cooperationOrganId;
     /**  */
@@ -31,6 +28,17 @@ public class FinancialExpenditureQueryInfo extends QueryInfo {
     /**  */
     @ApiModelProperty(value = "结束时间",required = false)
     private String endTime;
+    /**  */
+    @ApiModelProperty(value = "分部编号",required = false)
+    private String organId;
+
+    public String getOrganId() {
+        return organId;
+    }
+
+    public void setOrganId(String organId) {
+        this.organId = organId;
+    }
 
     public Integer getFeeProject() {
         return feeProject;
@@ -72,14 +80,6 @@ public class FinancialExpenditureQueryInfo extends QueryInfo {
         this.dingtalkProcessNo = dingtalkProcessNo;
     }
 
-    public Integer getOrganId() {
-        return organId;
-    }
-
-    public void setOrganId(Integer organId) {
-        this.organId = organId;
-    }
-
     public Integer getCooperationOrganId() {
         return cooperationOrganId;
     }

mec-biz/src/main/resources/config/mybatis/FinancialExpenditureMapper.xml

@@ -130,11 +130,11 @@
                 AND fe.dingtalk_process_no_ = #{dingtalkProcessNo}
             </if>
             <if test="search != null and search != ''">
-                AND (fe.batch_no_ LIKE CONCAT('%',#{search},'%') OR fe.financial_process_no_ LIKE CONCAT('%',#{search},'%')
+                AND (fe.id_ LIKE CONCAT('%',#{search},'%') OR fe.financial_process_no_ LIKE CONCAT('%',#{search},'%')
                 OR fe.dingtalk_process_no_ LIKE CONCAT('%',#{search},'%') OR fe.apply_user_ LIKE CONCAT('%',#{search},'%'))
             </if>
-            <if test="organId != null">
-                AND fe.organ_id_ = #{organId}
+            <if test="organId != null and organId != ''">
+                AND FIND_IN_SET(fe.organ_id_,#{organId})
             </if>
             <if test="cooperationOrganId != null">
                 AND fe.cooperation_organ_id_ = #{cooperationOrganId}

mec-web/src/main/java/com/ym/mec/web/controller/FinancialExpenditureController.java

@@ -1,16 +1,24 @@
 package com.ym.mec.web.controller;
 
-import com.ym.mec.biz.dal.entity.FinancialExpenditure;
+import com.ym.mec.auth.api.client.SysUserFeignService;
+import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.biz.dal.dao.EmployeeDao;
+import com.ym.mec.biz.dal.entity.Employee;
 import com.ym.mec.biz.dal.page.FinancialExpenditureQueryInfo;
 import com.ym.mec.biz.service.FinancialExpenditureService;
 import com.ym.mec.common.controller.BaseController;
-import com.ym.mec.common.page.QueryInfo;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiParam;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Arrays;
+import java.util.List;
 
 @RequestMapping("financialExpenditure")
 @Api(tags = "财务支出服务")
@@ -19,6 +27,10 @@ public class FinancialExpenditureController extends BaseController {
 
     @Autowired
     private FinancialExpenditureService financialExpenditureService;
+    @Autowired
+    private SysUserFeignService sysUserFeignService;
+    @Autowired
+    private EmployeeDao employeeDao;
 
     @ApiOperation(value = "删除财务支出")
     @PostMapping("/batchDel")
@@ -32,6 +44,23 @@ public class FinancialExpenditureController extends BaseController {
     @GetMapping("/queryPage")
     @PreAuthorize("@pcs.hasPermissions('financialExpenditure/queryPage')")
     public Object queryPage(FinancialExpenditureQueryInfo queryInfo) {
+        SysUser sysUser = sysUserFeignService.queryUserInfo();
+        if (sysUser == null) {
+            return failed("用户信息获取失败");
+        }
+        if(!sysUser.getIsSuperAdmin()){
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
+                queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.containsAll(Arrays.asList(queryInfo.getOrganId().split(",")))){
+                    return failed("非法请求");
+                }
+            }
+        }
         return succeed(financialExpenditureService.queryFinancialExpenditurePage(queryInfo));
     }