商品关联分部

mec-biz/src/main/java/com/ym/mec/biz/dal/page/GoodsQueryInfo.java

@@ -42,6 +42,16 @@ public class GoodsQueryInfo extends QueryInfo {
 
     private String courseViewType;
 
+    private String organId;
+
+    public String getOrganId() {
+        return organId;
+    }
+
+    public void setOrganId(String organId) {
+        this.organId = organId;
+    }
+
     public String getCourseViewType() {
         return courseViewType;
     }

mec-biz/src/main/resources/config/mybatis/GoodsMapper.xml

@@ -312,8 +312,8 @@
 
     <sql id="queryGoodsPageSql">
         <where>
-            <if test="organId != null">
-                AND FIND_IN_SET(#{organId},g.organ_id_list_)
+            <if test="organId != null and organId != ''">
+                AND INTE_ARRAY(organId,g.organ_id_list_)
             </if>
             <if test="goodsCategoryId != null">
                 AND g.goods_category_id_ = #{goodsCategoryId}

mec-web/src/main/java/com/ym/mec/web/controller/GoodsController.java

@@ -2,6 +2,8 @@ package com.ym.mec.web.controller;
 
 import com.ym.mec.auth.api.client.SysUserFeignService;
 import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.biz.dal.dao.EmployeeDao;
+import com.ym.mec.biz.dal.entity.Employee;
 import com.ym.mec.biz.dal.entity.GoodsCategory;
 import com.ym.mec.biz.dal.entity.GoodsProcurement;
 import com.ym.mec.biz.dal.enums.AccountType;
@@ -16,8 +18,10 @@ import io.swagger.annotations.ApiParam;
 
 import java.util.Arrays;
 import java.util.Date;
+import java.util.List;
 import java.util.Objects;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.transaction.annotation.Transactional;
@@ -40,6 +44,8 @@ public class GoodsController extends BaseController {
     private GoodsCategoryService goodsCategoryService;
     @Autowired
     private SysUserFeignService sysUserFeignService;
+    @Autowired
+    private EmployeeDao employeeDao;
 
     @ApiOperation(value = "新增商品(教材、辅件)")
     @PostMapping("/add")
@@ -112,6 +118,21 @@ public class GoodsController extends BaseController {
     @GetMapping("/queryPage")
     @PreAuthorize("@pcs.hasPermissions('goods/queryPage')")
     public Object queryPage(GoodsQueryInfo queryInfo){
+        SysUser sysUser = sysUserFeignService.queryUserInfo();
+        if (sysUser == null) {
+            return failed("用户信息获取失败");
+        }
+        Employee employee = employeeDao.get(sysUser.getId());
+        if (StringUtils.isEmpty(queryInfo.getOrganId())) {
+            queryInfo.setOrganId(employee.getOrganIdList());
+        }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+            return failed("用户所在分部异常");
+        }else {
+            List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+            if(!list.containsAll(Arrays.asList(queryInfo.getOrganId().split(",")))){
+                return failed("非法请求");
+            }
+        }
         return succeed(goodsService.queryPage(queryInfo));
     }