update

mec-biz/src/main/java/com/ym/mec/biz/dal/page/OrganizationQueryInfo.java

@@ -12,6 +12,8 @@ public class OrganizationQueryInfo extends QueryInfo {
 
     @ApiModelProperty(value = "节点状态，默认0未删除，1删除",required = false)
     private YesOrNoEnum delFlag = YesOrNoEnum.NO;
+    
+    private String organId;
 
     public YesOrNoEnum getDelFlag() {
         return delFlag;
@@ -28,4 +30,12 @@ public class OrganizationQueryInfo extends QueryInfo {
     public void setParentId(Integer parentId) {
         this.parentId = parentId;
     }
+
+	public String getOrganId() {
+		return organId;
+	}
+
+	public void setOrganId(String organId) {
+		this.organId = organId;
+	}
 }

mec-biz/src/main/resources/config/mybatis/MusicGroupSubjectPlanMapper.xml

@@ -139,7 +139,7 @@
         SELECT sp.*, sb.name_
         FROM music_group_subject_plan sp
         LEFT JOIN subject sb ON sb.id_ = sp.subject_id_
-        WHERE sp.music_group_id_=#{musicGroupId} AND sp.subject_id_=#{subjectId} FOR UPDATE
+        WHERE sp.music_group_id_=#{musicGroupId} AND sp.subject_id_=#{subjectId}
     </select>
     <select id="findSubjectPlan" resultMap="MusicGroupSubjectPlan">
         SELECT * FROM music_group_subject_plan WHERE music_group_id_ = #{musicGroupId} AND subject_id_ = #{subjectId} LIMIT 1

mec-biz/src/main/resources/config/mybatis/OrganizationMapper.xml

@@ -77,7 +77,10 @@
     <sql id="queryPageSql">
         <where>
             <if test="delFlag != null">
-                o.del_flag_ = #{delFlag,typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler}
+                and o.del_flag_ = #{delFlag,typeHandler=com.ym.mec.common.dal.CustomEnumTypeHandler}
+            </if>
+            <if test="organId != null">
+                and o.id_ in (${organId})
             </if>
         </where>
     </sql>

mec-web/src/main/java/com/ym/mec/web/controller/OrganizationController.java

@@ -4,8 +4,11 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 
+import java.util.Arrays;
 import java.util.Date;
+import java.util.List;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -14,6 +17,10 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.ym.mec.auth.api.client.SysUserFeignService;
+import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.biz.dal.dao.EmployeeDao;
+import com.ym.mec.biz.dal.entity.Employee;
 import com.ym.mec.biz.dal.entity.Organization;
 import com.ym.mec.biz.dal.page.OrganizationQueryInfo;
 import com.ym.mec.biz.service.OrganizationService;
@@ -26,11 +33,32 @@ public class OrganizationController extends BaseController {
 
     @Autowired
     private OrganizationService organizationService;
+	@Autowired
+	private SysUserFeignService sysUserFeignService;
+	@Autowired
+	private EmployeeDao employeeDao;
 
     @ApiOperation(value = "分页查询分部列表")
     @GetMapping("/queryPage")
     @PreAuthorize("@pcs.hasPermissions('organization/queryPage')")
     public Object queryPage(OrganizationQueryInfo queryInfo){
+    	SysUser sysUser = sysUserFeignService.queryUserInfo();
+		if (sysUser == null) {
+			return failed("用户信息获取失败");
+		}
+		if(!sysUser.getIsSuperAdmin()){
+			Employee employee = employeeDao.get(sysUser.getId());
+			if (StringUtils.isEmpty(queryInfo.getOrganId())) {
+				queryInfo.setOrganId(employee.getOrganIdList());
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+				return failed("用户所在分部异常");
+			}else {
+				List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+				if(!list.containsAll(Arrays.asList(queryInfo.getOrganId().split(",")))){
+					return failed("非法请求");
+				}
+			}
+		}
         return succeed(organizationService.queryPage(queryInfo));
     }