bug

2026-03-28 00:45:42 +08:00
parent 596b2a68bf
commit 04610aa678
4 changed files with 95 additions and 5 deletions
--- a/src/main/java/com/sipai/controller/report/RptCreateController.java
+++ b/src/main/java/com/sipai/controller/report/RptCreateController.java
@ -374,6 +374,17 @@ public class RptCreateController {
    @RequestMapping("/doadd.do")
    public String doadd(HttpServletRequest request, Model model) {
        User cu = (User) request.getSession().getAttribute("cu");
+        String rptsetId = request.getParameter("rptsetId");
+        
+        // 权限验证：检查用户是否有报表生成权限
+        if (rptsetId != null && !rptsetId.isEmpty()) {
+            if (!this.rptCreateService.checkGeneratePermission(rptsetId, cu)) {
+                Result result = Result.failed("您没有该报表的生成权限");
+                model.addAttribute("result", CommUtil.toJson(result));
+                return "result";
+            }
+        }
+        
        request.setAttribute("userId", cu.getId());
        request.setAttribute("userName", cu.getCaption());
        request.setAttribute("id", CommUtil.getUUID());
@ -432,6 +443,14 @@ public class RptCreateController {
        String rptsetId = request.getParameter("rptsetId");
        int result = 0;

+        // 权限验证：检查用户是否有报表生成权限
+        if (rptCreate.getRptsetId() != null && !rptCreate.getRptsetId().isEmpty()) {
+            if (!this.rptCreateService.checkGeneratePermission(rptCreate.getRptsetId(), cu)) {
+                model.addAttribute("result", "{\"res\":\"您没有该报表的生成权限\",\"msg\":\"您没有该报表的生成权限\"}");
+                return new ModelAndView("result");
+            }
+        }
+
        RptInfoSet rptInfoSet = rptInfoSetService.selectById(rptCreate.getRptsetId());
        if (rptInfoSet != null) {
            //日报
@ -545,6 +564,15 @@ public class RptCreateController {
        User cu = (User) request.getSession().getAttribute("cu");
        String rptsetId = request.getParameter("rptsetId");
        int result = 0;
+        
+        // 权限验证：检查用户是否有报表生成权限
+        if (rptCreate.getRptsetId() != null && !rptCreate.getRptsetId().isEmpty()) {
+            if (!this.rptCreateService.checkGeneratePermission(rptCreate.getRptsetId(), cu)) {
+                model.addAttribute("result", "{\"res\":\"-1\",\"msg\":\"您没有该报表的生成权限\"}");
+                return new ModelAndView("result");
+            }
+        }
+        
        RptInfoSet rptInfoSet = rptInfoSetService.selectById(rptCreate.getRptsetId());
        if (rptInfoSet != null) {
            SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
--- a/src/main/java/com/sipai/controller/report/RptDayLogController.java
+++ b/src/main/java/com/sipai/controller/report/RptDayLogController.java
@ -206,7 +206,7 @@ public class RptDayLogController {
 	}
 	
 	@RequestMapping("/dosave.do")
-	public String dosave(HttpServletRequest request,Model model){
+	public ModelAndView dosave(HttpServletRequest request,Model model){
 		User cu = (User) request.getSession().getAttribute("cu");
 		String userId = cu.getId();
 		String json = request.getParameter("json");
@ -216,8 +216,8 @@ public class RptDayLogController {
 		String rptdeptId = (String) jsonObject.get("rptdeptId");
 		if (!this.rptDayLogService.checkInputPermission(rptdeptId, cu)) {
 			Result result = Result.failed("您没有该报表的填报权限");
-			model.addAttribute("result", CommUtil.toJson(result));
-			return "result";
+			model.addAttribute("result", "{\"res\":\"您没有该报表的生成权限\",\"msg\":\"您没有该报表的生成权限\"}");
+			return new ModelAndView("result");
 		}
 		
 		if (jsonObject.get("id")==null||jsonObject.get("id").equals("")) {
@ -230,12 +230,12 @@ public class RptDayLogController {
 			e.printStackTrace();
 			Result result = Result.failed("插入失败");
 			model.addAttribute("result", CommUtil.toJson(result));
-			return "result";
+			return new ModelAndView("result");
 		}
 		
 		Result result = Result.success(null);
 		model.addAttribute("result", CommUtil.toJson(result));
-		return "result";
+		return new ModelAndView("result");
 	}
 	
 	@RequestMapping("/onekeyAudit.do")//一键审核
--- a/src/main/java/com/sipai/service/report/RptCreateService.java
+++ b/src/main/java/com/sipai/service/report/RptCreateService.java
@ -2,6 +2,7 @@ package com.sipai.service.report;

 import com.sipai.entity.business.BusinessUnitAudit;
 import com.sipai.entity.report.RptCreate;
+import com.sipai.entity.user.User;
 import org.xmlpull.v1.XmlPullParserException;

 import javax.xml.parsers.ParserConfigurationException;
@ -45,4 +46,11 @@ public interface RptCreateService {

    //改变状态
    public abstract int updateStatus(String id);
+
+    /** 检查用户是否有报表生成权限
+     * @param rptInfoSetId 报表配置id
+     * @param user 当前用户
+     * @return true=有权限, false=无权限
+     */
+    public abstract boolean checkGeneratePermission(String rptInfoSetId, User user);
 }
--- a/src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java
+++ b/src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java
@ -13,6 +13,7 @@ import com.sipai.entity.report.*;
 import com.sipai.entity.scada.MPoint;
 import com.sipai.entity.scada.TempReport;
 import com.sipai.entity.user.User;
+import com.sipai.entity.user.UserJob;
 import com.sipai.entity.work.GroupDetail;
 import com.sipai.entity.work.Scheduling;
 import com.sipai.service.activiti.WorkflowProcessDefinitionService;
@ -24,6 +25,7 @@ import com.sipai.service.report.*;
 import com.sipai.service.scada.MPointService;
 import com.sipai.service.scada.TempReportService;
 import com.sipai.service.user.UserService;
+import com.sipai.service.user.UserJobService;
 import com.sipai.service.work.GroupDetailService;
 import com.sipai.service.work.SchedulingService;
 import com.sipai.tools.*;
@ -107,6 +109,8 @@ public class RptCreateServiceImpl implements RptCreateService {
    private BusinessUnitHandleDetailService businessUnitHandleDetailService;
    @Resource
    private GroupDetailService groupDetailService;
+    @Resource
+    private UserJobService userJobService;

    @Override
    public RptCreate selectById(String id) {
@ -1912,4 +1916,54 @@ public class RptCreateServiceImpl implements RptCreateService {
        return false;
    }

+    /**
+     * 检查用户是否有报表生成权限
+     * @param rptInfoSetId 报表配置id
+     * @param user 当前用户
+     * @return true=有权限, false=无权限
+     */
+    @Override
+    public boolean checkGeneratePermission(String rptInfoSetId, User user) {
+        if (user == null || rptInfoSetId == null || rptInfoSetId.isEmpty()) {
+            return false;
+        }
+        
+        // 管理员默认有权限
+        if ("emp01".equals(user.getId())) {
+            return true;
+        }
+        
+        // 获取报表配置信息
+        RptInfoSet rptInfoSet = rptInfoSetService.selectById4Simple(rptInfoSetId);
+        if (rptInfoSet == null) {
+            return false;
+        }
+        
+        String userId = user.getId();
+        
+        // 检查用户是否在createusers列表中
+        String createusers = rptInfoSet.getCreateusers();
+        if (createusers != null && !createusers.isEmpty()) {
+            if (createusers.contains(userId)) {
+                return true;
+            }
+        }
+        
+        // 检查用户岗位是否在generate_position列表中
+        String generatePosition = rptInfoSet.getGeneratePosition();
+        if (generatePosition != null && !generatePosition.isEmpty()) {
+            // 获取用户的所有岗位
+            List<UserJob> userJobs = userJobService.selectListByWhere(" where userid='" + userId + "'");
+            if (userJobs != null && !userJobs.isEmpty()) {
+                for (UserJob userJob : userJobs) {
+                    if (generatePosition.contains(userJob.getJobid())) {
+                        return true;
+                    }
+                }
+            }
+        }
+        
+        return false;
+    }
+
 }