diff --git a/src/main/java/com/example/demo/Mysql/MysqlServiceImpl.java b/src/main/java/com/example/demo/Mysql/MysqlServiceImpl.java index 2b83b5b..712e27e 100644 --- a/src/main/java/com/example/demo/Mysql/MysqlServiceImpl.java +++ b/src/main/java/com/example/demo/Mysql/MysqlServiceImpl.java @@ -162,7 +162,7 @@ public class MysqlServiceImpl implements MysqlService { mysqlStmt.setString(12, remark); mysqlStmt.setInt(15, 3); mysqlStmt.setTimestamp(16, created_at); - if(remark.contains("测试")){ + if(remark.contains("测试")&&remark.contains("员工")){ mysqlStmt.setInt(17, 0); }else { mysqlStmt.setInt(17, 1); diff --git a/src/main/java/com/example/demo/controller/coin/GoldDetailController.java b/src/main/java/com/example/demo/controller/coin/GoldDetailController.java index 8c155aa..ea0f61b 100644 --- a/src/main/java/com/example/demo/controller/coin/GoldDetailController.java +++ b/src/main/java/com/example/demo/controller/coin/GoldDetailController.java @@ -57,76 +57,137 @@ public class GoldDetailController { @PostMapping("/getGoldDetail") public Result getGoldDetail(@RequestBody Page page) throws Exception { - if(ObjectUtils.isEmpty(page.getPageNum())){ + // 获取当前请求对象 + HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); + String token = request.getHeader("token"); + +// 解析 token 获取用户信息 + Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); + List userMarkets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); + List markets = marketService.getMarketIds(userMarkets); + +// 校验分页参数 + if (ObjectUtils.isEmpty(page.getPageNum())) { return Result.error("页码数为空!"); } - if(ObjectUtils.isEmpty(page.getPageSize())){ + if (ObjectUtils.isEmpty(page.getPageSize())) { return Result.error("页大小为空!"); } - else{ - if(page.getGoldDetail().getMarkets()==null||page.getGoldDetail().getMarkets().isEmpty()){ - HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); - String token = request.getHeader("token"); - Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); - List markets = Arrays.asList(StringUtils.split(admin.getMarkets(), ","));; - if(!markets.contains("总部")&&!markets.contains("研发部")) { - - page.getGoldDetail().setMarkets(marketService.getMarketIds(markets)); - } + +// 获取传入的市场列表 + List requestedMarkets = page.getGoldDetail() != null ? page.getGoldDetail().getMarkets() : null; + +// 权限校验 + if (requestedMarkets != null && !requestedMarkets.isEmpty()) { + if (!markets.containsAll(requestedMarkets)) { + // 如果 markets 不包含 requestedMarkets 中的所有元素,则返回无权限 + return Result.error("无权限!"); + } + } else { + // 如果传入的市场为空,则设置默认市场 + if (!markets.contains("9") || !markets.contains("9999")) { + page.getGoldDetail().setMarkets(markets); // 设置默认市场 } - return Result.success(goldDetailService.getGoldDetail(page.getPageNum(), page.getPageSize(), page.getGoldDetail())); } + +// 返回详情数据 + return Result.success(goldDetailService.getGoldDetail( + page.getPageNum(), + page.getPageSize(), + page.getGoldDetail() + )); } @PostMapping("/getTotal") public Result getTotal(@RequestBody Page page) throws Exception { Integer pageNum = page.getPageNum(); Integer pageSize = page.getPageSize(); GoldDetail goldDetail = page.getGoldDetail(); - if(page.getGoldDetail().getMarkets()==null||page.getGoldDetail().getMarkets().isEmpty()){ + // 获取当前请求对象 HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String token = request.getHeader("token"); - Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); - List markets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); - if(!markets.contains("总部")&&!markets.contains("研发部")) { - page.getGoldDetail().setMarkets(marketService.getMarketIds(markets)); +// 解析 token 获取用户信息 + Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); + List userMarkets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); + List markets = marketService.getMarketIds(userMarkets); +// 获取传入的市场列表 + List requestedMarkets = page.getGoldDetail() != null ? page.getGoldDetail().getMarkets() : null; + +// 权限校验 + if (requestedMarkets != null && !requestedMarkets.isEmpty()) { + if (!markets.containsAll(requestedMarkets)) { + // 如果 markets 不包含 requestedMarkets 中的所有元素,则返回无权限 + return Result.error("无权限!"); + } + } else { + // 如果传入的市场为空,则设置默认市场 + if (!markets.contains("9") || !markets.contains("9999")) { + page.getGoldDetail().setMarkets(markets); // 设置默认市场 } } return Result.success(goldDetailService.sumGold(pageNum,pageSize,goldDetail)); } @PostMapping("/goldTotal") public Result GoldTotal(@RequestBody User user) throws Exception { - if(user.getMarkets()==null||user.getMarkets().isEmpty()) { - HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); - String token = request.getHeader("token"); - Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); - List markets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); + // 获取当前请求对象 + HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); + String token = request.getHeader("token"); + +// 解析 token 获取用户信息 + Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); + List userMarkets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); + List markets = marketService.getMarketIds(userMarkets); - if(!markets.contains("总部")&&!markets.contains("研发部")) { - user.setMarkets(marketService.getMarketIds(markets)); +// 获取传入的市场列表 + List requestedMarkets = user != null ? user.getMarkets() : null; + +// 权限校验 + if (requestedMarkets != null && !requestedMarkets.isEmpty()) { + if (!markets.containsAll(requestedMarkets)) { + // 如果 markets 不包含 requestedMarkets 中的所有元素,则返回无权限 + return Result.error("无权限!"); + } + } else { + // 如果传入的市场为空,则设置默认市场 + if (!markets.contains("9") || !markets.contains("9999")) { + user.setMarkets(markets); // 设置默认市场 } } return Result.success(goldDetailService.GoldTotal(user)); } @PostMapping("/getGold") public Result getGold(@RequestBody Page page) throws Exception { -// System.out.println( page); - if(ObjectUtils.isEmpty(page.getPageNum())){ + // 获取当前请求对象 + HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); + String token = request.getHeader("token"); + +// 解析 token 获取用户信息 + Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); + List userMarkets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); + List markets = marketService.getMarketIds(userMarkets); + +// 校验分页参数 + if (ObjectUtils.isEmpty(page.getPageNum())) { return Result.error("页码数为空!"); } - if(ObjectUtils.isEmpty(page.getPageSize())){ + if (ObjectUtils.isEmpty(page.getPageSize())) { return Result.error("页大小为空!"); } - if(page.getUser().getMarkets()==null||page.getUser().getMarkets().isEmpty()) { - HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); - String token = request.getHeader("token"); - Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); - List markets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); - if(!markets.contains("总部")&&!markets.contains("研发部")) { +// 获取传入的市场列表 + List requestedMarkets = page.getUser() != null ? page.getUser().getMarkets() : null; - page.getUser().setMarkets(marketService.getMarketIds(markets)); +// 权限校验 + if (requestedMarkets != null && !requestedMarkets.isEmpty()) { + if (!markets.containsAll(requestedMarkets)) { + // 如果 markets 不包含 requestedMarkets 中的所有元素,则返回无权限 + return Result.error("无权限!"); + } + } else { + // 如果传入的市场为空,则设置默认市场 + if (!markets.contains("9") || !markets.contains("9999")) { + page.getUser().setMarkets(markets); // 设置默认市场 } } return Result.success(goldDetailService.getGold(page.getPageNum(), page.getPageSize(), page.getUser())); diff --git a/src/main/resources/mapper/GoldDetailMapper.xml b/src/main/resources/mapper/GoldDetailMapper.xml index 53cfa94..438859b 100644 --- a/src/main/resources/mapper/GoldDetailMapper.xml +++ b/src/main/resources/mapper/GoldDetailMapper.xml @@ -15,6 +15,7 @@ left join market m on m.id=`user`.market ugr.flag = 1 and + `user`.flag = 1 and ugr.audit_status IN (1,3) and ugr.jwcode = #{jwcode} @@ -50,6 +51,7 @@ from user_gold_record ugr ugr.flag = 1 and + `user`.flag = 1 and ugr.audit_status IN (1,3) and `ugr`.jwcode = #{jwcode} @@ -110,7 +112,9 @@ sum(current_task_gold) as taskGold, sum(current_permanent_gold) + sum(current_free_june + current_free_december) + sum(current_task_gold) as Goldtotal from `user` + + flag = 1 and jwcode = #{jwcode}