增加部门和用户管理页面的权限过滤

e49cf676 · 法拉51246 · 54e4643f · e49cf676 · e49cf676 · e49cf676
Commit e49cf676 authored Jun 09, 2025 by 法拉51246
12 changed files
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/dept/vo/dept/DeptListReqVO.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/dept/vo/dept/DeptListReqVO.java
@@ -3,6 +3,8 @@ package cn.iocoder.yudao.module.system.controller.admin.dept.vo.dept;
 import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;

+import java.util.Collection;
+
 @Schema(description = "管理后台 - 部门列表 Request VO")
 @Data
 public class DeptListReqVO {
@@ -13,4 +15,7 @@ public class DeptListReqVO {
    @Schema(description = "展示状态，参见 CommonStatusEnum 枚举类", example = "1")
    private Integer status;

+    @Schema(description = "deptId集合")
+    private Collection<Long> deptIds;
+
 }
--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/user/vo/user/UserSaveReqVO.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/user/vo/user/UserSaveReqVO.java
@@ -38,6 +38,7 @@ public class UserSaveReqVO {
    private String remark;

    @Schema(description = "部门编号", example = "我是一个用户")
+    @NotBlank(message = "部门编号不能为空")
    @DiffLogField(name = "部门", function = DeptParseFunction.NAME)
    private Long deptId;


--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/dept/DeptMapper.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/dept/DeptMapper.java
@@ -15,6 +15,7 @@ public interface DeptMapper extends BaseMapperX<DeptDO> {
    default List<DeptDO> selectList(DeptListReqVO reqVO) {
        return selectList(new LambdaQueryWrapperX<DeptDO>()
                .likeIfPresent(DeptDO::getName, reqVO.getName())
+                .inIfPresent(DeptDO::getId,reqVO.getDeptIds())
                .eqIfPresent(DeptDO::getStatus, reqVO.getStatus()));
    }


--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/dept/DeptServiceImpl.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/dept/DeptServiceImpl.java
@@ -5,6 +5,8 @@ import cn.hutool.core.util.ObjectUtil;
 import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
 import cn.iocoder.yudao.framework.datapermission.core.annotation.DataPermission;
+import cn.iocoder.yudao.framework.security.core.LoginUser;
+import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
 import cn.iocoder.yudao.module.system.controller.admin.dept.vo.dept.DeptListReqVO;
 import cn.iocoder.yudao.module.system.controller.admin.dept.vo.dept.DeptSaveReqVO;
 import cn.iocoder.yudao.module.system.dal.dataobject.dept.DeptDO;
@@ -167,11 +169,27 @@ public class DeptServiceImpl implements DeptService {

    @Override
    public List<DeptDO> getDeptList(DeptListReqVO reqVO) {
+        //只查自己的部门及以下
+        Long loginUserDeptId = SecurityFrameworkUtils.getLoginUserDeptId();
+        reqVO.setDeptIds(getDeptCondition(loginUserDeptId));
        List<DeptDO> list = deptMapper.selectList(reqVO);
        list.sort(Comparator.comparing(DeptDO::getSort));
        return list;
    }
-
+    /**
+     * 获得部门条件：查询指定部门的子部门编号们，包括自身
+     *
+     * @param deptId 部门编号
+     * @return 部门编号集合
+     */
+    private Set<Long> getDeptCondition(Long deptId) {
+        if (deptId == null) {
+            return Collections.emptySet();
+        }
+        Set<Long> deptIds = convertSet(getChildDeptList(deptId), DeptDO::getId);
+        deptIds.add(deptId); // 包括自身
+        return deptIds;
+    }
    @Override
    public List<DeptDO> getChildDeptList(Collection<Long> ids) {
        List<DeptDO> children = new LinkedList<>();

--- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/user/AdminUserServiceImpl.java
+++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/user/AdminUserServiceImpl.java
@@ -173,7 +173,8 @@ public class AdminUserServiceImpl implements AdminUserService {
        if (ObjectUtil.notEqual(updateReqVO.getId(), SecurityFrameworkUtils.getLoginUserId())) {
            //进入这里说明不是自己，那就根据逻辑是否强制下线
            // 新增:如果更新了部门编号，则先查看该用户的id，根据id删除该用户token，强制下线重新登录
-            if (Objects.nonNull(updateReqVO.getDeptId())&&  !oldUser.getDeptId().equals(updateObj.getDeptId()) ) {
+            if (Objects.nonNull(updateReqVO.getDeptId())
+                    && !Objects.equals(updateObj.getDeptId(), oldUser.getDeptId())) {
                OAuth2AccessTokenPageReqVO reqVO = new OAuth2AccessTokenPageReqVO();
                reqVO.setUserId(oldUser.getId());
                PageResult<OAuth2AccessTokenDO> accessTokenPage = oauth2TokenService.getAccessTokenPage(reqVO);

--- a/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/controller/admin/customerinfo/CustomerInfoController.java
+++ b/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/controller/admin/customerinfo/CustomerInfoController.java
@@ -93,16 +93,16 @@ public class CustomerInfoController {
    @GetMapping("/getByCompanyName")
    @Operation(summary = "通过公司名称带出基本信息")
    @Parameter(name = "companyName", description = "公司名称", required = true, example = "郑州小牛")
-    public CommonResult<List<CustomerInfoRespVO>> getCustomerInfoByCompanyName(@RequestParam("companyName") String companyName) {
-        List<CustomerInfoDO> customerInfo = customerInfoService.getCustomerInfoByCompanyName(companyName);
-        List<CustomerInfoRespVO> bean = BeanUtils.toBean(customerInfo, CustomerInfoRespVO.class);
+    public CommonResult<CustomerInfoRespVO> getCustomerInfoByCompanyName(@RequestParam("companyName") String companyName) {
+        CustomerInfoDO customerInfo = customerInfoService.getCustomerInfoByCompanyName(companyName);
+        CustomerInfoRespVO bean = BeanUtils.toBean(customerInfo, CustomerInfoRespVO.class);
        return success(bean);
    }


    @GetMapping("/getByPhone")
    @Operation(summary = "通过手机号带出基本信息")
-    @Parameter(name = "companyName", description = "联系方式", required = true, example = "156")
+    @Parameter(name = "contact", description = "联系方式", required = true, example = "156")
    public CommonResult<List<CustomerInfoRespVO>> getCustomerInfoByContact(@RequestParam("contact") String contact) {
        List<CustomerInfoDO> customerInfo = customerInfoService.getCustomerInfoByContact(contact);
        List<CustomerInfoRespVO> bean = BeanUtils.toBean(customerInfo, CustomerInfoRespVO.class);

--- a/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/dal/mysql/customerinfo/CustomerInfoMapper.java
+++ b/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/dal/mysql/customerinfo/CustomerInfoMapper.java
@@ -53,17 +53,18 @@ public interface CustomerInfoMapper extends BaseMapperX<CustomerInfoDO> {
    }

    // 根据公司名称或手机号查询（根据任一条件带出符合条件的列表）
-    default List<CustomerInfoDO> selectListByCompanyName(String companyName) {
+    default CustomerInfoDO selectListByCompanyName(String companyName) {
        Long companyId = SecurityFrameworkUtils.getLoginUserDeptId();
-        return selectList(new LambdaQueryWrapperX<CustomerInfoDO>()
+        return selectOne(new LambdaQueryWrapperX<CustomerInfoDO>()
                .eqIfPresent(CustomerInfoDO::getCompanyId, companyId)
-                .likeIfPresent(CustomerInfoDO::getCompanyName, companyName));
+                .eqIfPresent(CustomerInfoDO::getCompanyName, companyName)
+                .last("LIMIT 1"));
    }
    default List<CustomerInfoDO> selectListByContact(String contact) {
        Long companyId = SecurityFrameworkUtils.getLoginUserDeptId();
        return selectList(new LambdaQueryWrapperX<CustomerInfoDO>()
                .eqIfPresent(CustomerInfoDO::getCompanyId, companyId)
-                .likeIfPresent(CustomerInfoDO::getContact, contact));
+                .eqIfPresent(CustomerInfoDO::getContact, contact));
    }

    default List<CustomerInfoDO> selectList(Long companyId){

--- a/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/service/customerinfo/CustomerInfoService.java
+++ b/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/service/customerinfo/CustomerInfoService.java
@@ -52,7 +52,7 @@ public interface CustomerInfoService {
     */
    PageResult<CustomerInfoDO> getCustomerInfoPage(CustomerInfoPageReqVO pageReqVO);

-    List<CustomerInfoDO> getCustomerInfoByCompanyName(String companyName);
+    CustomerInfoDO getCustomerInfoByCompanyName(String companyName);
    List<CustomerInfoDO> getCustomerInfoByContact(String contact);



--- a/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/service/customerinfo/CustomerInfoServiceImpl.java
+++ b/yudao-module-visit/src/main/java/cn/iocoder/yudao/module/visit/service/customerinfo/CustomerInfoServiceImpl.java
@@ -123,7 +123,7 @@ public class CustomerInfoServiceImpl implements CustomerInfoService {
    }

    @Override
-    public List<CustomerInfoDO> getCustomerInfoByCompanyName(String companyName) {
+    public CustomerInfoDO getCustomerInfoByCompanyName(String companyName) {
        return customerInfoMapper.selectListByCompanyName(companyName);
    }
    @Override

--- a/yudao-ui/yudao-ui-admin-vue3/src/views/Profile/components/BasicInfo.vue
+++ b/yudao-ui/yudao-ui-admin-vue3/src/views/Profile/components/BasicInfo.vue
@@ -70,12 +70,12 @@ const schema = reactive<FormSchema[]>([
    label: t('profile.user.email'),
    component: 'Input'
  },
-  {
-    field: 'sex',
-    label: t('profile.user.sex'),
-    component: 'InputNumber',
-    value: 0
-  }
+  // {
+  //   field: 'sex',
+  //   label: t('profile.user.sex'),
+  //   component: 'InputNumber',
+  //   value: 0
+  // }
 ])
 const formRef = ref<FormExpose>() // 表单 Ref
 const submit = () => {

--- a/yudao-ui/yudao-ui-admin-vue3/src/views/system/user/UserForm.vue
+++ b/yudao-ui/yudao-ui-admin-vue3/src/views/system/user/UserForm.vue
@@ -132,6 +132,7 @@ const formRules = reactive<FormRules>({
  username: [{ required: true, message: '用户名称不能为空', trigger: 'blur' }],
  nickname: [{ required: true, message: '真实姓名不能为空', trigger: 'blur' }],
  password: [{ required: true, message: '用户密码不能为空', trigger: 'blur' }],
+  deptId: [{ required: true, message: '所属部门不能为空', trigger: 'blur' }],
  email: [
    {
      type: 'email',

--- a/yudao-ui/yudao-ui-admin-vue3/src/views/system/user/index.vue
+++ b/yudao-ui/yudao-ui-admin-vue3/src/views/system/user/index.vue
@@ -206,12 +206,13 @@ import UserForm from './UserForm.vue'
 import UserImportForm from './UserImportForm.vue'
 import UserAssignRoleForm from './UserAssignRoleForm.vue'
 import DeptTree from './DeptTree.vue'
+import {useUserStore} from "@/store/modules/user";

 defineOptions({ name: 'SystemUser' })

 const message = useMessage() // 消息弹窗
 const { t } = useI18n() // 国际化
-
+const userStore = useUserStore()//用户信息
 const loading = ref(true) // 列表的加载中
 const total = ref(0) // 列表的总页数
 const list = ref([]) // 列表的数
@@ -229,6 +230,9 @@ const queryFormRef = ref() // 搜索的表单
 /** 查询列表 */
 const getList = async () => {
  loading.value = true
+  if (userStore.user.deptId!==100){//如果不是总公司用户，再过滤，总公司用户可以看到所有
+    queryParams.deptId = userStore.user.deptId
+  }
  try {
    const data = await UserApi.getUserPage(queryParams)
    list.value = data.list