From 04610aa6781fa86e709545409ad625030a584771 Mon Sep 17 00:00:00 2001 From: Timer <@> Date: Sat, 28 Mar 2026 00:45:42 +0800 Subject: [PATCH] bug --- .../report/RptCreateController.java | 28 ++++++++++ .../report/RptDayLogController.java | 10 ++-- .../service/report/RptCreateService.java | 8 +++ .../report/impl/RptCreateServiceImpl.java | 54 +++++++++++++++++++ 4 files changed, 95 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/sipai/controller/report/RptCreateController.java b/src/main/java/com/sipai/controller/report/RptCreateController.java index 3ccd0762..a5547bea 100644 --- a/src/main/java/com/sipai/controller/report/RptCreateController.java +++ b/src/main/java/com/sipai/controller/report/RptCreateController.java @@ -374,6 +374,17 @@ public class RptCreateController { @RequestMapping("/doadd.do") public String doadd(HttpServletRequest request, Model model) { User cu = (User) request.getSession().getAttribute("cu"); + String rptsetId = request.getParameter("rptsetId"); + + // 权限验证:检查用户是否有报表生成权限 + if (rptsetId != null && !rptsetId.isEmpty()) { + if (!this.rptCreateService.checkGeneratePermission(rptsetId, cu)) { + Result result = Result.failed("您没有该报表的生成权限"); + model.addAttribute("result", CommUtil.toJson(result)); + return "result"; + } + } + request.setAttribute("userId", cu.getId()); request.setAttribute("userName", cu.getCaption()); request.setAttribute("id", CommUtil.getUUID()); @@ -432,6 +443,14 @@ public class RptCreateController { String rptsetId = request.getParameter("rptsetId"); int result = 0; + // 权限验证:检查用户是否有报表生成权限 + if (rptCreate.getRptsetId() != null && !rptCreate.getRptsetId().isEmpty()) { + if (!this.rptCreateService.checkGeneratePermission(rptCreate.getRptsetId(), cu)) { + model.addAttribute("result", "{\"res\":\"您没有该报表的生成权限\",\"msg\":\"您没有该报表的生成权限\"}"); + return new ModelAndView("result"); + } + } + RptInfoSet rptInfoSet = rptInfoSetService.selectById(rptCreate.getRptsetId()); if (rptInfoSet != null) { //日报 @@ -545,6 +564,15 @@ public class RptCreateController { User cu = (User) request.getSession().getAttribute("cu"); String rptsetId = request.getParameter("rptsetId"); int result = 0; + + // 权限验证:检查用户是否有报表生成权限 + if (rptCreate.getRptsetId() != null && !rptCreate.getRptsetId().isEmpty()) { + if (!this.rptCreateService.checkGeneratePermission(rptCreate.getRptsetId(), cu)) { + model.addAttribute("result", "{\"res\":\"-1\",\"msg\":\"您没有该报表的生成权限\"}"); + return new ModelAndView("result"); + } + } + RptInfoSet rptInfoSet = rptInfoSetService.selectById(rptCreate.getRptsetId()); if (rptInfoSet != null) { SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); diff --git a/src/main/java/com/sipai/controller/report/RptDayLogController.java b/src/main/java/com/sipai/controller/report/RptDayLogController.java index 4197c8c6..cacdcf62 100644 --- a/src/main/java/com/sipai/controller/report/RptDayLogController.java +++ b/src/main/java/com/sipai/controller/report/RptDayLogController.java @@ -206,7 +206,7 @@ public class RptDayLogController { } @RequestMapping("/dosave.do") - public String dosave(HttpServletRequest request,Model model){ + public ModelAndView dosave(HttpServletRequest request,Model model){ User cu = (User) request.getSession().getAttribute("cu"); String userId = cu.getId(); String json = request.getParameter("json"); @@ -216,8 +216,8 @@ public class RptDayLogController { String rptdeptId = (String) jsonObject.get("rptdeptId"); if (!this.rptDayLogService.checkInputPermission(rptdeptId, cu)) { Result result = Result.failed("您没有该报表的填报权限"); - model.addAttribute("result", CommUtil.toJson(result)); - return "result"; + model.addAttribute("result", "{\"res\":\"您没有该报表的生成权限\",\"msg\":\"您没有该报表的生成权限\"}"); + return new ModelAndView("result"); } if (jsonObject.get("id")==null||jsonObject.get("id").equals("")) { @@ -230,12 +230,12 @@ public class RptDayLogController { e.printStackTrace(); Result result = Result.failed("插入失败"); model.addAttribute("result", CommUtil.toJson(result)); - return "result"; + return new ModelAndView("result"); } Result result = Result.success(null); model.addAttribute("result", CommUtil.toJson(result)); - return "result"; + return new ModelAndView("result"); } @RequestMapping("/onekeyAudit.do")//一键审核 diff --git a/src/main/java/com/sipai/service/report/RptCreateService.java b/src/main/java/com/sipai/service/report/RptCreateService.java index 3abb569c..e4f254e2 100644 --- a/src/main/java/com/sipai/service/report/RptCreateService.java +++ b/src/main/java/com/sipai/service/report/RptCreateService.java @@ -2,6 +2,7 @@ package com.sipai.service.report; import com.sipai.entity.business.BusinessUnitAudit; import com.sipai.entity.report.RptCreate; +import com.sipai.entity.user.User; import org.xmlpull.v1.XmlPullParserException; import javax.xml.parsers.ParserConfigurationException; @@ -45,4 +46,11 @@ public interface RptCreateService { //改变状态 public abstract int updateStatus(String id); + + /** 检查用户是否有报表生成权限 + * @param rptInfoSetId 报表配置id + * @param user 当前用户 + * @return true=有权限, false=无权限 + */ + public abstract boolean checkGeneratePermission(String rptInfoSetId, User user); } \ No newline at end of file diff --git a/src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java b/src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java index 3cc3ee46..6e2b8aab 100644 --- a/src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java +++ b/src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java @@ -13,6 +13,7 @@ import com.sipai.entity.report.*; import com.sipai.entity.scada.MPoint; import com.sipai.entity.scada.TempReport; import com.sipai.entity.user.User; +import com.sipai.entity.user.UserJob; import com.sipai.entity.work.GroupDetail; import com.sipai.entity.work.Scheduling; import com.sipai.service.activiti.WorkflowProcessDefinitionService; @@ -24,6 +25,7 @@ import com.sipai.service.report.*; import com.sipai.service.scada.MPointService; import com.sipai.service.scada.TempReportService; import com.sipai.service.user.UserService; +import com.sipai.service.user.UserJobService; import com.sipai.service.work.GroupDetailService; import com.sipai.service.work.SchedulingService; import com.sipai.tools.*; @@ -107,6 +109,8 @@ public class RptCreateServiceImpl implements RptCreateService { private BusinessUnitHandleDetailService businessUnitHandleDetailService; @Resource private GroupDetailService groupDetailService; + @Resource + private UserJobService userJobService; @Override public RptCreate selectById(String id) { @@ -1912,4 +1916,54 @@ public class RptCreateServiceImpl implements RptCreateService { return false; } + /** + * 检查用户是否有报表生成权限 + * @param rptInfoSetId 报表配置id + * @param user 当前用户 + * @return true=有权限, false=无权限 + */ + @Override + public boolean checkGeneratePermission(String rptInfoSetId, User user) { + if (user == null || rptInfoSetId == null || rptInfoSetId.isEmpty()) { + return false; + } + + // 管理员默认有权限 + if ("emp01".equals(user.getId())) { + return true; + } + + // 获取报表配置信息 + RptInfoSet rptInfoSet = rptInfoSetService.selectById4Simple(rptInfoSetId); + if (rptInfoSet == null) { + return false; + } + + String userId = user.getId(); + + // 检查用户是否在createusers列表中 + String createusers = rptInfoSet.getCreateusers(); + if (createusers != null && !createusers.isEmpty()) { + if (createusers.contains(userId)) { + return true; + } + } + + // 检查用户岗位是否在generate_position列表中 + String generatePosition = rptInfoSet.getGeneratePosition(); + if (generatePosition != null && !generatePosition.isEmpty()) { + // 获取用户的所有岗位 + List userJobs = userJobService.selectListByWhere(" where userid='" + userId + "'"); + if (userJobs != null && !userJobs.isEmpty()) { + for (UserJob userJob : userJobs) { + if (generatePosition.contains(userJob.getJobid())) { + return true; + } + } + } + } + + return false; + } + }