1、oa通用事项审批-列表权限

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/controller/admin/oa/universal/vo/OaUniversalPageReqVO.java

@@ -1,6 +1,7 @@
 package cn.iocoder.yudao.module.bpm.controller.admin.oa.universal.vo;
 
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
+import cn.iocoder.yudao.module.system.api.permission.dto.DeptDataPermissionRespDTO;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
@@ -39,4 +40,10 @@ public class OaUniversalPageReqVO extends PageParam {
     @DateTimeFormat(pattern = FORMAT_YEAR_MONTH_DAY_HOUR_MINUTE_SECOND)
     private LocalDateTime[] createTime;
 
+    @Schema(description = "数据权限")
+    private DeptDataPermissionRespDTO deptDataPermission;
+
+    @Schema(description = "用户id")
+    private Long userId;
+
 }

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/dal/mysql/oa/universal/OaUniversalMapper.java

@@ -1,10 +1,12 @@
 package cn.iocoder.yudao.module.bpm.dal.mysql.oa.universal;
 
+import cn.hutool.core.collection.CollUtil;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.mybatis.core.query.LambdaQueryWrapperX;
 import cn.iocoder.yudao.framework.mybatis.core.mapper.BaseMapperX;
 import cn.iocoder.yudao.module.bpm.controller.admin.oa.universal.vo.OaUniversalPageReqVO;
 import cn.iocoder.yudao.module.bpm.dal.dataobject.oa.universal.OaUniversalDO;
+import cn.iocoder.yudao.module.system.api.permission.dto.DeptDataPermissionRespDTO;
 import org.apache.ibatis.annotations.Mapper;
 
 /**
@@ -16,7 +18,7 @@ import org.apache.ibatis.annotations.Mapper;
 public interface OaUniversalMapper extends BaseMapperX<OaUniversalDO> {
 
     default PageResult<OaUniversalDO> selectPage(OaUniversalPageReqVO reqVO) {
-        return selectPage(reqVO, new LambdaQueryWrapperX<OaUniversalDO>()
+        LambdaQueryWrapperX<OaUniversalDO> lambdaQueryWrapperX = new LambdaQueryWrapperX<OaUniversalDO>()
                 .likeIfPresent(OaUniversalDO::getEmployeeName, reqVO.getEmployeeName())
                 .likeIfPresent(OaUniversalDO::getEmployeePhone, reqVO.getEmployeePhone())
                 .eqIfPresent(OaUniversalDO::getDeptId, reqVO.getDeptId())
@@ -24,7 +26,29 @@ public interface OaUniversalMapper extends BaseMapperX<OaUniversalDO> {
                 .likeIfPresent(OaUniversalDO::getTitle, reqVO.getTitle())
                 .eqIfPresent(OaUniversalDO::getAuditStatus, reqVO.getAuditStatus())
                 .betweenIfPresent(OaUniversalDO::getCreateTime, reqVO.getCreateTime())
-                .orderByDesc(OaUniversalDO::getId));
+                .orderByDesc(OaUniversalDO::getId);
+        // 数据权限
+        DeptDataPermissionRespDTO deptDataPermission = reqVO.getDeptDataPermission();
+        if (deptDataPermission != null) {
+            if (deptDataPermission.getAll()) {
+                // 全部数据权限
+            } else {
+                if (CollUtil.isNotEmpty(deptDataPermission.getDeptIds()) && deptDataPermission.getSelf()) {
+                    lambdaQueryWrapperX.and(wrapper ->
+                            wrapper.in(OaUniversalDO::getDeptId, deptDataPermission.getDeptIds()))
+                            .or(wrapper -> wrapper.eq(OaUniversalDO::getCreator, reqVO.getUserId()));
+                } else if (CollUtil.isNotEmpty(deptDataPermission.getDeptIds())) {
+                    lambdaQueryWrapperX.in(OaUniversalDO::getCreator, deptDataPermission.getDeptIds());
+                } else if (deptDataPermission.getSelf()) {
+                    lambdaQueryWrapperX.eq(OaUniversalDO::getCreator, reqVO.getUserId());
+                } else {
+                    return PageResult.empty();
+                }
+            }
+        } else {
+            return PageResult.empty();
+        }
+        return selectPage(reqVO, lambdaQueryWrapperX);
     }
 
 }

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/service/oa/universal/OaUniversalServiceImpl.java

@@ -35,6 +35,8 @@ import cn.iocoder.yudao.module.system.api.dept.PostApi;
 import cn.iocoder.yudao.module.system.api.dept.dto.DeptRespDTO;
 import cn.iocoder.yudao.module.system.api.dept.dto.PostRespDTO;
 import cn.iocoder.yudao.module.system.api.notify.NotifyMessageSendApi;
+import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
+import cn.iocoder.yudao.module.system.api.permission.dto.DeptDataPermissionRespDTO;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 import org.apache.commons.lang3.StringUtils;
@@ -99,6 +101,9 @@ public class OaUniversalServiceImpl implements OaUniversalService {
     @Resource
     private PostApi postApi;
 
+    @Resource
+    private PermissionApi permissionApi;
+
     @Override
     @Transactional(rollbackFor = Exception.class)
     public Long stagingOaUniversal(OaUniversalSaveReqVO stagingReqVO) {
@@ -119,7 +124,7 @@ public class OaUniversalServiceImpl implements OaUniversalService {
         oaUniversal.setDeptId(loginEmployee.getDeptId());
         oaUniversal.setPostId(loginEmployee.getPostId());
         oaUniversal.setPosition(loginEmployee.getPosition());
-        oaUniversal.setCreator(String.valueOf(loginEmployee.getId()));
+        // oaUniversal.setCreator(String.valueOf(loginEmployee.getId()));
         oaUniversal.setUserId(loginUserId);
         oaUniversal.setAuditStatus(DictDataConstants.OA_AUDIT_STATUS_STAGING);
         oaUniversal.setInfoSource("0");
@@ -175,7 +180,7 @@ public class OaUniversalServiceImpl implements OaUniversalService {
         oaUniversal.setDeptId(loginEmployee.getDeptId());
         oaUniversal.setPostId(loginEmployee.getPostId());
         oaUniversal.setPosition(loginEmployee.getPosition());
-        oaUniversal.setCreator(String.valueOf(loginEmployee.getId()));
+        // oaUniversal.setCreator(String.valueOf(loginEmployee.getId()));
         oaUniversal.setUserId(loginUserId);
         oaUniversal.setInfoSource("0");
         // 保存或更新表单信息
@@ -659,6 +664,12 @@ public class OaUniversalServiceImpl implements OaUniversalService {
 
     @Override
     public PageResult<OaUniversalRespVO> getOaUniversalPage(OaUniversalPageReqVO pageReqVO) {
+        // 数据权限
+        Long loginUserId = SecurityFrameworkUtils.getLoginUserId();
+        DeptDataPermissionRespDTO deptDataPermission = permissionApi.getDeptDataPermission(loginUserId);
+        pageReqVO.setDeptDataPermission(deptDataPermission);
+        pageReqVO.setUserId(loginUserId);
+
         PageResult<OaUniversalDO> oaUniversalDOPageResult = oaUniversalMapper.selectPage(pageReqVO);
         PageResult<OaUniversalRespVO> oaUniversalRespVOPageResult = BeanUtils.toBean(oaUniversalDOPageResult, OaUniversalRespVO.class);
 

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/permission/PermissionServiceImpl.java

@@ -7,6 +7,8 @@ import cn.hutool.extra.spring.SpringUtil;
 import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
 import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
 import cn.iocoder.yudao.framework.datapermission.core.annotation.DataPermission;
+import cn.iocoder.yudao.module.employee.api.EmployeeApi;
+import cn.iocoder.yudao.module.employee.api.dto.EmployeeRespDTO;
 import cn.iocoder.yudao.module.system.api.permission.dto.DeptDataPermissionRespDTO;
 import cn.iocoder.yudao.module.system.controller.admin.permission.vo.menu.MenuListReqVO;
 import cn.iocoder.yudao.module.system.controller.admin.permission.vo.menu.MenuRespVO;
@@ -60,6 +62,8 @@ public class PermissionServiceImpl implements PermissionService {
     private DeptService deptService;
     @Resource
     private AdminUserService userService;
+    @Resource
+    private EmployeeApi employeeApi;
 
     @Override
     public boolean hasAnyPermissions(Long userId, String... permissions) {
@@ -284,7 +288,11 @@ public class PermissionServiceImpl implements PermissionService {
         }
 
         // 获得用户的部门编号的缓存，通过 Guava 的 Suppliers 惰性求值，即有且仅有第一次发起 DB 的查询
-        Supplier<Long> userDeptId = Suppliers.memoize(() -> userService.getUser(userId).getDeptId());
+        Supplier<Long> userDept = Suppliers.memoize(() -> userService.getUser(userId).getDeptId());
+        Long userDeptId = userDept.get();
+        // 设置为用户对应员工的部门
+        EmployeeRespDTO employee = employeeApi.getEmployeeByUserId(userId);
+        userDeptId = employee.getDeptId();
         // 遍历每个角色，计算
         for (RoleDO role : roles) {
             // 为空时，跳过
@@ -301,19 +309,19 @@ public class PermissionServiceImpl implements PermissionService {
                 CollUtil.addAll(result.getDeptIds(), role.getDataScopeDeptIds());
                 // 自定义可见部门时，保证可以看到自己所在的部门。否则，一些场景下可能会有问题。
                 // 例如说，登录时，基于 t_user 的 username 查询会可能被 dept_id 过滤掉
-                CollUtil.addAll(result.getDeptIds(), userDeptId.get());
+                CollUtil.addAll(result.getDeptIds(), userDeptId);
                 continue;
             }
             // 情况三，DEPT_ONLY
             if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_ONLY.getScope())) {
-                CollectionUtils.addIfNotNull(result.getDeptIds(), userDeptId.get());
+                CollectionUtils.addIfNotNull(result.getDeptIds(), userDeptId);
                 continue;
             }
             // 情况四，DEPT_DEPT_AND_CHILD
             if (Objects.equals(role.getDataScope(), DataScopeEnum.DEPT_AND_CHILD.getScope())) {
-                CollUtil.addAll(result.getDeptIds(), deptService.getChildDeptIdListFromCache(userDeptId.get()));
+                CollUtil.addAll(result.getDeptIds(), deptService.getChildDeptIdListFromCache(userDeptId));
                 // 添加本身部门编号
-                CollUtil.addAll(result.getDeptIds(), userDeptId.get());
+                CollUtil.addAll(result.getDeptIds(), userDeptId);
                 continue;
             }
             // 情况五，SELF