bug

src/main/java/com/sipai/controller/report/RptCreateController.java

@@ -374,6 +374,17 @@ public class RptCreateController {
     @RequestMapping("/doadd.do")
     public String doadd(HttpServletRequest request, Model model) {
         User cu = (User) request.getSession().getAttribute("cu");
+        String rptsetId = request.getParameter("rptsetId");
+        
+        // 权限验证：检查用户是否有报表生成权限
+        if (rptsetId != null && !rptsetId.isEmpty()) {
+            if (!this.rptCreateService.checkGeneratePermission(rptsetId, cu)) {
+                Result result = Result.failed("您没有该报表的生成权限");
+                model.addAttribute("result", CommUtil.toJson(result));
+                return "result";
+            }
+        }
+        
         request.setAttribute("userId", cu.getId());
         request.setAttribute("userName", cu.getCaption());
         request.setAttribute("id", CommUtil.getUUID());
@@ -432,6 +443,14 @@ public class RptCreateController {
         String rptsetId = request.getParameter("rptsetId");
         int result = 0;
 
+        // 权限验证：检查用户是否有报表生成权限
+        if (rptCreate.getRptsetId() != null && !rptCreate.getRptsetId().isEmpty()) {
+            if (!this.rptCreateService.checkGeneratePermission(rptCreate.getRptsetId(), cu)) {
+                model.addAttribute("result", "{\"res\":\"您没有该报表的生成权限\",\"msg\":\"您没有该报表的生成权限\"}");
+                return new ModelAndView("result");
+            }
+        }
+
         RptInfoSet rptInfoSet = rptInfoSetService.selectById(rptCreate.getRptsetId());
         if (rptInfoSet != null) {
             //日报
@@ -545,6 +564,15 @@ public class RptCreateController {
         User cu = (User) request.getSession().getAttribute("cu");
         String rptsetId = request.getParameter("rptsetId");
         int result = 0;
+        
+        // 权限验证：检查用户是否有报表生成权限
+        if (rptCreate.getRptsetId() != null && !rptCreate.getRptsetId().isEmpty()) {
+            if (!this.rptCreateService.checkGeneratePermission(rptCreate.getRptsetId(), cu)) {
+                model.addAttribute("result", "{\"res\":\"-1\",\"msg\":\"您没有该报表的生成权限\"}");
+                return new ModelAndView("result");
+            }
+        }
+        
         RptInfoSet rptInfoSet = rptInfoSetService.selectById(rptCreate.getRptsetId());
         if (rptInfoSet != null) {
             SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");

src/main/java/com/sipai/controller/report/RptDayLogController.java

@@ -206,7 +206,7 @@ public class RptDayLogController {
 	}
 	
 	@RequestMapping("/dosave.do")
-	public String dosave(HttpServletRequest request,Model model){
+	public ModelAndView dosave(HttpServletRequest request,Model model){
 		User cu = (User) request.getSession().getAttribute("cu");
 		String userId = cu.getId();
 		String json = request.getParameter("json");
@@ -216,8 +216,8 @@ public class RptDayLogController {
 		String rptdeptId = (String) jsonObject.get("rptdeptId");
 		if (!this.rptDayLogService.checkInputPermission(rptdeptId, cu)) {
 			Result result = Result.failed("您没有该报表的填报权限");
-			model.addAttribute("result", CommUtil.toJson(result));
+			model.addAttribute("result", "{\"res\":\"您没有该报表的生成权限\",\"msg\":\"您没有该报表的生成权限\"}");
-			return "result";
+			return new ModelAndView("result");
 		}
 		
 		if (jsonObject.get("id")==null||jsonObject.get("id").equals("")) {
@@ -230,12 +230,12 @@ public class RptDayLogController {
 			e.printStackTrace();
 			Result result = Result.failed("插入失败");
 			model.addAttribute("result", CommUtil.toJson(result));
-			return "result";
+			return new ModelAndView("result");
 		}
 		
 		Result result = Result.success(null);
 		model.addAttribute("result", CommUtil.toJson(result));
-		return "result";
+		return new ModelAndView("result");
 	}
 	
 	@RequestMapping("/onekeyAudit.do")//一键审核

src/main/java/com/sipai/service/report/RptCreateService.java

@@ -2,6 +2,7 @@ package com.sipai.service.report;
 
 import com.sipai.entity.business.BusinessUnitAudit;
 import com.sipai.entity.report.RptCreate;
+import com.sipai.entity.user.User;
 import org.xmlpull.v1.XmlPullParserException;
 
 import javax.xml.parsers.ParserConfigurationException;
@@ -45,4 +46,11 @@ public interface RptCreateService {
 
     //改变状态
     public abstract int updateStatus(String id);
+
+    /** 检查用户是否有报表生成权限
+     * @param rptInfoSetId 报表配置id
+     * @param user 当前用户
+     * @return true=有权限, false=无权限
+     */
+    public abstract boolean checkGeneratePermission(String rptInfoSetId, User user);
 }

src/main/java/com/sipai/service/report/impl/RptCreateServiceImpl.java

@@ -13,6 +13,7 @@ import com.sipai.entity.report.*;
 import com.sipai.entity.scada.MPoint;
 import com.sipai.entity.scada.TempReport;
 import com.sipai.entity.user.User;
+import com.sipai.entity.user.UserJob;
 import com.sipai.entity.work.GroupDetail;
 import com.sipai.entity.work.Scheduling;
 import com.sipai.service.activiti.WorkflowProcessDefinitionService;
@@ -24,6 +25,7 @@ import com.sipai.service.report.*;
 import com.sipai.service.scada.MPointService;
 import com.sipai.service.scada.TempReportService;
 import com.sipai.service.user.UserService;
+import com.sipai.service.user.UserJobService;
 import com.sipai.service.work.GroupDetailService;
 import com.sipai.service.work.SchedulingService;
 import com.sipai.tools.*;
@@ -107,6 +109,8 @@ public class RptCreateServiceImpl implements RptCreateService {
     private BusinessUnitHandleDetailService businessUnitHandleDetailService;
     @Resource
     private GroupDetailService groupDetailService;
+    @Resource
+    private UserJobService userJobService;
 
     @Override
     public RptCreate selectById(String id) {
@@ -1912,4 +1916,54 @@ public class RptCreateServiceImpl implements RptCreateService {
         return false;
     }
 
+    /**
+     * 检查用户是否有报表生成权限
+     * @param rptInfoSetId 报表配置id
+     * @param user 当前用户
+     * @return true=有权限, false=无权限
+     */
+    @Override
+    public boolean checkGeneratePermission(String rptInfoSetId, User user) {
+        if (user == null || rptInfoSetId == null || rptInfoSetId.isEmpty()) {
+            return false;
+        }
+        
+        // 管理员默认有权限
+        if ("emp01".equals(user.getId())) {
+            return true;
+        }
+        
+        // 获取报表配置信息
+        RptInfoSet rptInfoSet = rptInfoSetService.selectById4Simple(rptInfoSetId);
+        if (rptInfoSet == null) {
+            return false;
+        }
+        
+        String userId = user.getId();
+        
+        // 检查用户是否在createusers列表中
+        String createusers = rptInfoSet.getCreateusers();
+        if (createusers != null && !createusers.isEmpty()) {
+            if (createusers.contains(userId)) {
+                return true;
+            }
+        }
+        
+        // 检查用户岗位是否在generate_position列表中
+        String generatePosition = rptInfoSet.getGeneratePosition();
+        if (generatePosition != null && !generatePosition.isEmpty()) {
+            // 获取用户的所有岗位
+            List<UserJob> userJobs = userJobService.selectListByWhere(" where userid='" + userId + "'");
+            if (userJobs != null && !userJobs.isEmpty()) {
+                for (UserJob userJob : userJobs) {
+                    if (generatePosition.contains(userJob.getJobid())) {
+                        return true;
+                    }
+                }
+            }
+        }
+        
+        return false;
+    }
+
 }