From c0938c28e5ffbd44797c02226e05102007f8fe1a Mon Sep 17 00:00:00 2001
From: WendyYang <realwendyyang@qq.com>
Date: Thu, 7 Mar 2024 14:58:28 +0800
Subject: [PATCH] =?UTF-8?q?=E8=AE=BE=E7=BD=AE=E7=99=BB=E5=BD=95=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E4=BF=A1=E6=81=AF=E7=BA=BF=E7=A8=8B=E5=85=B1=E4=BA=AB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hz-pm-api/src/main/java/com/hz/pm/api/App.java     |  2 +
 .../projectlib/manage/DeclaredRecordManage.java    | 88 ++++++++++++++++++++--
 .../com/hz/pm/api/user/model/vo/MhUnitListVO.java  |  3 +
 hz-pm-api/src/main/resources/application-dev.yml   |  1 -
 4 files changed, 88 insertions(+), 6 deletions(-)

diff --git a/hz-pm-api/src/main/java/com/hz/pm/api/App.java b/hz-pm-api/src/main/java/com/hz/pm/api/App.java
index a9ff222..3a5063b 100644
--- a/hz-pm-api/src/main/java/com/hz/pm/api/App.java
+++ b/hz-pm-api/src/main/java/com/hz/pm/api/App.java
@@ -11,6 +11,7 @@ import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.annotation.EnableScheduling;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 /**
@@ -28,6 +29,7 @@ public class App {
     protected static final String MAPPER_PACKAGES = "com.hz.pm.api.**.mapper";
 
     public static void main(String[] args) {
+        System.setProperty(SecurityContextHolder.SYSTEM_PROPERTY, SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
         ApplicationContext context = SpringApplication.run(App.class, args);
         // 设置applicationContext
         SpringUtils.setApplicationContext(context);
diff --git a/hz-pm-api/src/main/java/com/hz/pm/api/projectlib/manage/DeclaredRecordManage.java b/hz-pm-api/src/main/java/com/hz/pm/api/projectlib/manage/DeclaredRecordManage.java
index 8428307..2b8556a 100644
--- a/hz-pm-api/src/main/java/com/hz/pm/api/projectlib/manage/DeclaredRecordManage.java
+++ b/hz-pm-api/src/main/java/com/hz/pm/api/projectlib/manage/DeclaredRecordManage.java
@@ -6,7 +6,6 @@ import cn.hutool.core.map.MapUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.poi.excel.ExcelUtil;
 import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.TypeReference;
 import com.baomidou.mybatisplus.core.conditions.Wrapper;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
@@ -14,9 +13,12 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.hz.pm.api.common.enumeration.CommonEnum;
 import com.hz.pm.api.common.enumeration.ProjectProcessStageEnum;
+import com.hz.pm.api.common.helper.UserInfoHelper;
 import com.hz.pm.api.common.model.constant.TypeReferenceConst;
 import com.hz.pm.api.common.statemachine.event.ProjectStatusChangeEvent;
 import com.hz.pm.api.common.util.BizUtils;
+import com.hz.pm.api.datascope.model.DataScopeDTO;
+import com.hz.pm.api.datascope.utils.DataScopeUtil;
 import com.hz.pm.api.external.model.enumeration.MhUnitStripEnum;
 import com.hz.pm.api.external.model.enumeration.MhUnitTypeEnum;
 import com.hz.pm.api.projectdeclared.manage.DefaultDeclaredProjectManage;
@@ -45,6 +47,7 @@ import com.hz.pm.api.todocenter.constant.WorkNoticeConst;
 import com.hz.pm.api.user.helper.MhUnitCache;
 import com.hz.pm.api.user.model.dto.UnitDTO;
 import com.hz.pm.api.user.model.entity.MhUnit;
+import com.hz.pm.api.user.security.model.UserFullInfoDTO;
 import com.hz.pm.api.user.security.model.UserInfoDetails;
 import com.hz.pm.api.user.service.IMhUnitService;
 import com.hz.pm.api.user.util.LoginUserUtil;
@@ -83,6 +86,7 @@ import java.util.stream.Collectors;
 @RequiredArgsConstructor
 public class DeclaredRecordManage {
 
+    private final UserInfoHelper userInfoHelper;
     private final ProjectCodeGenUtil projectCodeGenUtil;
     private final IMhProjectService mhProjectService;
     private final IMhProjectSchemaTargetDataService schemaTargetDataService;
@@ -108,24 +112,98 @@ public class DeclaredRecordManage {
         if (req.getCreateDateMax() != null) {
             query.lt(MhProject::getCreateTime, req.getCreateDateMax().minusDays(1));
         }
-        UserInfoDetails user = LoginUserUtil.loginUserDetail();
-        if (!user.getSuperAdmin() && !user.getRegionAdmin()) {
-            query.eq(MhProject::getUnitId, user.getMhUnitId());
-        }
         if (req.getUnitStrip() != null) {
             query.eq(MhProject::getUnitStrip, req.getUnitStrip());
         }
         return query;
     }
 
+    private boolean buildMhProjectLibPermission(LambdaQueryWrapper<MhProject> query, UserFullInfoDTO user) {
+        boolean queryState = true;
+        Optional<DataScopeDTO> currentUserDataScope = DataScopeUtil.getCurrentUserDataScopeHasUserId(user);
+        if (!currentUserDataScope.isPresent()) {
+            log.warn("没有取到权限信息 当前查询 没有权限条件");
+            queryState = false;
+        } else {
+            switch (currentUserDataScope.get().getRole()) {
+                case NORMAL_MEMBER:
+                    //普通用户 只能看到自己单位去申报的
+                    query.eq(MhProject::getUnitId, user.getMhUnitId());
+                    break;
+                case COMPANY_MANAGER:
+                    List<Long> childUnitIds = mhUnitCache.getChildrenIdsRecursion(user.getMhUnitId());
+                    childUnitIds.add(user.getMhUnitId());
+                    //单位管理员 看到自己单位去申报的 + 待预审的主管单位是自己单位的项目
+                    query.in(MhProject::getUnitId, childUnitIds);
+                    break;
+                case SUPER_ADMIN:
+                    //超级管理员 看到丽水全市的 并且也要判断他 同时是不是单位管理员
+                    break;
+                case VISITOR:
+                    //访客可以看全市的
+                    break;
+                case DASHBOARD:
+                    break;
+                default:
+                    //没有权限的话 就让它查不到
+                    queryState = false;
+                    break;
+            }
+        }
+        return queryState;
+    }
+
+    private boolean buildProjectLibPermission(LambdaQueryWrapper<Project> query, UserFullInfoDTO user) {
+        boolean queryState = true;
+        Optional<DataScopeDTO> currentUserDataScope = DataScopeUtil.getCurrentUserDataScopeHasUserId(user);
+        if (!currentUserDataScope.isPresent()) {
+            log.warn("没有取到权限信息 当前查询 没有权限条件");
+            queryState = false;
+        } else {
+            switch (currentUserDataScope.get().getRole()) {
+                case NORMAL_MEMBER:
+                    //普通用户 只能看到自己单位去申报的
+                    query.eq(Project::getBuildOrgCode, user.getMhUnitIdStr());
+                    break;
+                case COMPANY_MANAGER:
+                    List<Long> childUnitIds = mhUnitCache.getChildrenIdsRecursion(user.getMhUnitId());
+                    childUnitIds.add(user.getMhUnitId());
+                    List<String> viewUnitIdList = CollUtils.convert(childUnitIds, String::valueOf);
+                    //单位管理员 看到自己单位去申报的 + 待预审的主管单位是自己单位的项目
+                    query.in(Project::getBuildOrgCode, viewUnitIdList);
+                    break;
+                case SUPER_ADMIN:
+                    //超级管理员 看到丽水全市的 并且也要判断他 同时是不是单位管理员
+                    break;
+                case VISITOR:
+                    //访客可以看全市的
+                    break;
+                case DASHBOARD:
+                    break;
+                default:
+                    //没有权限的话 就让它查不到
+                    queryState = false;
+                    break;
+            }
+        }
+        return queryState;
+    }
+
     public PageVo<DeclaredProjectListVO> pageDeclaredProject(DeclaredProjectListReq req) {
         LambdaQueryWrapper<MhProject> query = buildQuery(req);
+        UserFullInfoDTO user = userInfoHelper.getUserFullInfo(LoginUserUtil.getUserId());
         // 查询审核中、失败、待立项备案的项目信息
         LambdaQueryWrapper<Project> pQuery = Wrappers.lambdaQuery(Project.class)
                 .in(Project::getStatus, ProjectStatusEnum.DECLARED_APPROVED_RECORD_FAILED.getCode(),
                         ProjectStatusEnum.DECLARED_APPROVED_TO_BE_RECORD.getCode(),
                         ProjectStatusEnum.DECLARED_APPROVED_RECORD_AUDITING.getCode())
                 .select(Project::getId, Project::getProjectCode, Project::getStage, Project::getStatus, Project::getCreateOn);
+        if (!buildProjectLibPermission(pQuery, user)) {
+            return PageVo.empty();
+        }
+        if (!buildMhProjectLibPermission(query, user)) {
+            return PageVo.empty();
+        }
         List<Project> projects = projectService.list(pQuery);
         Map<String, Project> projectMap = BizUtils.groupFirstMap(projects, Project::getProjectCode,
                 Comparator.comparing(Project::getCreateOn).reversed());
diff --git a/hz-pm-api/src/main/java/com/hz/pm/api/user/model/vo/MhUnitListVO.java b/hz-pm-api/src/main/java/com/hz/pm/api/user/model/vo/MhUnitListVO.java
index aff892d..dd87926 100644
--- a/hz-pm-api/src/main/java/com/hz/pm/api/user/model/vo/MhUnitListVO.java
+++ b/hz-pm-api/src/main/java/com/hz/pm/api/user/model/vo/MhUnitListVO.java
@@ -22,6 +22,9 @@ public class MhUnitListVO {
     @ApiModelProperty("单位名称")
     private String name;
 
+    @ApiModelProperty("单位简称")
+    private String shortName;
+
     @ApiModelProperty("上级单位ID")
     private Long parentId;
 
diff --git a/hz-pm-api/src/main/resources/application-dev.yml b/hz-pm-api/src/main/resources/application-dev.yml
index d141d4c..91124be 100644
--- a/hz-pm-api/src/main/resources/application-dev.yml
+++ b/hz-pm-api/src/main/resources/application-dev.yml
@@ -118,7 +118,6 @@ log:
 
 swagger:
   enabled: true
-
 flowable:
   async-executor-activate: true
   #关闭一些不需要的功能服务