|
@@ -2,6 +2,8 @@ package com.ym.mec.web.controller;
|
|
|
|
|
|
import com.ym.mec.auth.api.client.SysUserFeignService;
|
|
|
import com.ym.mec.auth.api.entity.SysUser;
|
|
|
+import com.ym.mec.biz.dal.dao.EmployeeDao;
|
|
|
+import com.ym.mec.biz.dal.entity.Employee;
|
|
|
import com.ym.mec.biz.dal.entity.GoodsCategory;
|
|
|
import com.ym.mec.biz.dal.entity.GoodsProcurement;
|
|
|
import com.ym.mec.biz.dal.enums.AccountType;
|
|
@@ -16,8 +18,10 @@ import io.swagger.annotations.ApiParam;
|
|
|
|
|
|
import java.util.Arrays;
|
|
|
import java.util.Date;
|
|
|
+import java.util.List;
|
|
|
import java.util.Objects;
|
|
|
|
|
|
+import org.apache.commons.lang3.StringUtils;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.security.access.prepost.PreAuthorize;
|
|
|
import org.springframework.transaction.annotation.Transactional;
|
|
@@ -40,6 +44,8 @@ public class GoodsController extends BaseController {
|
|
|
private GoodsCategoryService goodsCategoryService;
|
|
|
@Autowired
|
|
|
private SysUserFeignService sysUserFeignService;
|
|
|
+ @Autowired
|
|
|
+ private EmployeeDao employeeDao;
|
|
|
|
|
|
@ApiOperation(value = "新增商品(教材、辅件)")
|
|
|
@PostMapping("/add")
|
|
@@ -112,6 +118,21 @@ public class GoodsController extends BaseController {
|
|
|
@GetMapping("/queryPage")
|
|
|
@PreAuthorize("@pcs.hasPermissions('goods/queryPage')")
|
|
|
public Object queryPage(GoodsQueryInfo queryInfo){
|
|
|
+ SysUser sysUser = sysUserFeignService.queryUserInfo();
|
|
|
+ if (sysUser == null) {
|
|
|
+ return failed("用户信息获取失败");
|
|
|
+ }
|
|
|
+ Employee employee = employeeDao.get(sysUser.getId());
|
|
|
+ if (StringUtils.isEmpty(queryInfo.getOrganId())) {
|
|
|
+ queryInfo.setOrganId(employee.getOrganIdList());
|
|
|
+ }else if(StringUtils.isEmpty(employee.getOrganIdList())){
|
|
|
+ return failed("用户所在分部异常");
|
|
|
+ }else {
|
|
|
+ List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
|
|
|
+ if(!list.containsAll(Arrays.asList(queryInfo.getOrganId().split(",")))){
|
|
|
+ return failed("非法请求");
|
|
|
+ }
|
|
|
+ }
|
|
|
return succeed(goodsService.queryPage(queryInfo));
|
|
|
}
|
|
|
|