ocr施工日志施工单位权限bug修复

2025-09-04 14:35:30 +08:00 · 2025-09-04 14:35:30 +08:00 · 05da654a32
commit 05da654a32
parent 1af66415d6
1 changed files with 19 additions and 32 deletions
--- a/src/main/java/com/zhgd/mybatis/DataScopeHandler.java
+++ b/src/main/java/com/zhgd/mybatis/DataScopeHandler.java
@ -156,11 +156,12 @@ public class DataScopeHandler implements DataPermissionHandler {
        List<Expression> expressions = new ArrayList<>();
        if (!DataScopeInterceptor.findIgnoreDataScope(parameter, ds)) {
            if (Objects.equals(user.getAccountType(), SystemUserAccountTypeEnum.PROJECT_SUB_ACCOUNT.getValue())) {
+                List<String> authEnterpriseIds = userEnterpriseService.getEnterpriseIdsIfSubProject();
+                authEnterpriseIds.add("0");
                List<String> filterEnterprises = getNeedFilterLeftExpression(plainSelect, getFieldEnterpriseTables(), ds);
                if (CollUtil.isNotEmpty(filterEnterprises)) {
-                    List<String> enterpriseIds = userEnterpriseService.getEnterpriseIdsIfSubProject();
                    for (String filterEnterprise : filterEnterprises) {
-                        inExpression(filterEnterprise, enterpriseIds, plainSelect);
+                        inExpression(filterEnterprise, authEnterpriseIds, plainSelect);
                    }
                }

@ -193,36 +194,22 @@ public class DataScopeHandler implements DataPermissionHandler {
                }

                //ocr施工日志施工单位
-//                HashMap<String, String> ocrBuildLogTables = new HashMap<>();
-//                ocrBuildLogTables.put("ocr_build_log", "id");
-//                List<String> filterOcrBuildLogTables = getNeedFilterLeftExpression(plainSelect, ocrBuildLogTables, ds);
-//                if (CollUtil.isNotEmpty(filterOcrBuildLogTables)) {
-//                    List<String> ids = ocrBuildLogService.getIdsIfSubProject().stream().map(Convert::toStr).collect(Collectors.toList());
-//                    ids.add("0");
-//                    for (String filterEnterprise : filterOcrBuildLogTables) {
-//                        //( (xxx.id in ()) OR ( xxx.uploader_id = 123))
-//                        InExpression inExpr = new InExpression();
-//                        ItemsList itemsList = new ExpressionList(ids.stream().map(StringValue::new).collect(Collectors.toList()));
-//                        inExpr.setLeftExpression(new Column(filterEnterprise));
-//                        inExpr.setRightItemsList(itemsList);
-//                        inExpression(filterEnterprise, ids, plainSelect);
-//                        // 假设这是你的inExpression方法返回的表达式
-//
-//                        EqualsTo equalsExpr = new EqualsTo();
-//                        equalsExpr.setLeftExpression(new Column(StrUtil.subBefore(filterEnterprise, ".", false) + "." + "uploader_id"));
-//                        equalsExpr.setRightExpression(new LongValue(SecurityUtils.getUser().getUserId()));
-//                        // 创建OR表达式组合两者
-//                        OrExpression orExpr = new OrExpression(inExpr, equalsExpr);
-//                        // 将整个OR表达式添加到WHERE子句中
-//                        if (plainSelect.getWhere() == null) {
-//                            plainSelect.setWhere(orExpr);
-//                        } else {
-//                            // 如果已有WHERE条件，可能需要用AND连接
-//                            AndExpression andExpr = new AndExpression(plainSelect.getWhere(), orExpr);
-//                            plainSelect.setWhere(andExpr);
-//                        }
-//                    }
-//                }
+                HashMap<String, String> ocrBuildLogTables = new HashMap<>();
+                ocrBuildLogTables.put("ocr_build_log", "id");
+                List<String> filterOcrBuildLogTables = getNeedFilterLeftExpression(plainSelect, ocrBuildLogTables, ds);
+                if (CollUtil.isNotEmpty(filterOcrBuildLogTables)) {
+                    for (String filterEnterprise : filterOcrBuildLogTables) {
+                        String uploaderIdField = StrUtil.subBefore(filterEnterprise, ".", false) + "." + "uploader_id";
+                        String sql = StrUtil.format(" ( ({} in (select ocr_build_log_id from ocr_build_log_enterprise where enterprise_id in ({}))) OR ( {} = {}))",
+                                filterEnterprise, StrUtil.join(",", authEnterpriseIds), uploaderIdField, SecurityUtils.getUser().getUserId());
+                        try {
+                            Expression expression = CCJSqlParserUtil.parseCondExpression(sql);
+                            expressions.add(expression);
+                        } catch (Exception e) {
+                            log.error(e.getMessage(), e);
+                        }
+                    }
+                }

                //安全隐患
                HashMap<String, String> xzSecurityTables = new HashMap<>();