人事卡片按钮权限BUG

src/com/engine/organization/mapper/personnelcard/CardButtonMapper.java

@@ -22,4 +22,6 @@ public interface CardButtonMapper {
     List<Long> listAllId();
 
     int deleteByIds(@Param("ids")Collection<Long> ids);
+
+    CardButtonPO getEditButton();
 }

src/com/engine/organization/mapper/personnelcard/CardButtonMapper.xml

@@ -52,5 +52,13 @@
         from jcl_org_cardbutton t
         where t.delete_type = 0
     </select>
+    <select id="getEditButton" resultMap="BaseResultMap">
+        select
+        <include refid="baseColumns"/>
+        from jcl_org_cardbutton t
+        where t.delete_type = 0
+        and sys_default = 0
+        and id = 1
+    </select>
 
 </mapper>

src/com/engine/organization/service/impl/ExtServiceImpl.java

@@ -1,6 +1,8 @@
 package com.engine.organization.service.impl;
 
 import com.api.browser.bean.SearchConditionItem;
+import com.engine.common.service.HrmCommonService;
+import com.engine.common.service.impl.HrmCommonServiceImpl;
 import com.engine.core.impl.Service;
 import com.engine.organization.entity.TopTab;
 import com.engine.organization.entity.codesetting.po.CodeRulePO;
@@ -10,10 +12,12 @@ import com.engine.organization.entity.extend.param.ExtendInfoParams;
 import com.engine.organization.entity.extend.po.ExtendGroupPO;
 import com.engine.organization.entity.extend.po.ExtendInfoPO;
 import com.engine.organization.entity.extend.po.ExtendTitlePO;
+import com.engine.organization.entity.personnelcard.po.CardButtonPO;
 import com.engine.organization.enums.ModuleTypeEnum;
 import com.engine.organization.mapper.codesetting.CodeRuleMapper;
 import com.engine.organization.mapper.extend.*;
 import com.engine.organization.mapper.hrmresource.HrmResourceMapper;
+import com.engine.organization.mapper.personnelcard.CardButtonMapper;
 import com.engine.organization.service.ExtService;
 import com.engine.organization.util.OrganizationAssert;
 import com.engine.organization.util.db.DBType;
@@ -69,8 +73,7 @@ public class ExtServiceImpl extends Service implements ExtService {
             return conditionItems;
         }
         List<String> readOnlyFieldList = new ArrayList<>(Arrays.asList(readOnlyFields));
-        //TODO 细化权限
-        if ("4".equals(extendType) && !user.isAdmin()) {
+        if ("4".equals(extendType) && noEditRight(user)) {
             String ecResourceId = MapperProxyFactory.getProxy(HrmResourceMapper.class).getEcResourceId(String.valueOf(id));
             if (Util.null2String(user.getUID()).equals(ecResourceId)) {
                 List<String> readOnlyList = infoPOList.stream().filter(item -> !"1".equals(Util.null2String(item.getIsModify()))).map(ExtendInfoPO::getFieldName).collect(Collectors.toList());
@@ -156,9 +159,8 @@ public class ExtServiceImpl extends Service implements ExtService {
             }
         }
         Map<Long, List<ExtendInfoPO>> allFields = infoPOList.stream().collect(Collectors.groupingBy(ExtendInfoPO::getExtendGroupId));
-        //TODO 控制展示权限
         boolean checkRight = true;
-        if (2 == viewAttr && "4".equals(extendType) && !user.isAdmin()) {
+        if (2 == viewAttr && "4".equals(extendType) && noEditRight(user)) {
             checkRight = false;
             String ecResourceId = MapperProxyFactory.getProxy(HrmResourceMapper.class).getEcResourceId(String.valueOf(id));
             if (Util.null2String(user.getUID()).equals(ecResourceId)) {
@@ -171,6 +173,7 @@ public class ExtServiceImpl extends Service implements ExtService {
         // 查询所有分布模块，拓展明细表信息
         Map<Long, List<ExtendInfoPO>> groupMap = infoPOList.stream().collect(Collectors.groupingBy(ExtendInfoPO::getExtendGroupId));
         // 遍历Map,组装数据
+        boolean finalCheckRight = checkRight;
         for (Map.Entry<Long, List<ExtendInfoPO>> entry : groupMap.entrySet()) {
             Map<String, Object> tableMap = new HashMap<>();
             tableMap.put("hide", false);
@@ -190,7 +193,6 @@ public class ExtServiceImpl extends Service implements ExtService {
             List<Map<String, Object>> maps = getExtDTMapper().listCompExtDT(tableName, id, fields);
             maps.removeIf(Objects::isNull);
             // 兼容Oracle,map的key转换为小写
-            boolean finalCheckRight = checkRight;
             List<Map<String, Object>> collect = maps.stream().map(item -> {
                 Map<String, Object> resultMap = new HashMap<>();
                 Set<String> keys = item.keySet();
@@ -325,10 +327,39 @@ public class ExtServiceImpl extends Service implements ExtService {
         }
     }
 
+    /**
+     * 转化明细表字段返回到前端的值
+     *
+     * @param obj
+     * @return
+     */
     private Object parseDetailValue(Object obj) {
         if (null == obj || StringUtils.isBlank(Util.null2String(obj))) {
             return null;
         }
         return obj;
     }
+
+    /**
+     * 判断是否为管理员或者
+     *
+     * @param user
+     * @return
+     */
+    private boolean noEditRight(User user) {
+        boolean hasEditRight = user.isAdmin();
+        CardButtonPO editButton = MapperProxyFactory.getProxy(CardButtonMapper.class).getEditButton();
+        // 非系统管理员判断是否拥有角色
+        if (!hasEditRight && null != editButton) {
+            // 判断是否有这个角色
+            HrmCommonService hrmCommonService = new HrmCommonServiceImpl();
+            List<String> roleIds = new ArrayList<>(Arrays.asList(hrmCommonService.getRoleIds(user.getUID()).split(",")));
+            List<String> accessRoleIds = new ArrayList<>(Arrays.asList(Util.null2String(editButton.getRoles()).split(",")));
+            roleIds.retainAll(accessRoleIds);
+            hasEditRight = CollectionUtils.isNotEmpty(roleIds);
+        }
+
+        return !hasEditRight;
+
+    }
 }