原始bom暂存、提交、转ebom时添加权限校验，只允许操作自己创建的数据

2024-03-18 15:24:10 +08:00 · 2024-03-18 15:24:10 +08:00 · af3268756f
parent ccd879665a
commit af3268756f
2 changed files with 11 additions and 5 deletions
--- a/nflg_project_dev/nflg-bom-new/src/main/java/com/nflg/product/bomnew/api/user/OriginalBomApi.java
+++ b/nflg_project_dev/nflg-bom-new/src/main/java/com/nflg/product/bomnew/api/user/OriginalBomApi.java
@ -7,7 +7,6 @@ import com.mzt.logapi.context.LogRecordContext;
 import com.mzt.logapi.starter.annotation.LogRecord;
 import com.nflg.product.base.core.api.BaseApi;
 import com.nflg.product.base.core.conmon.util.SessionUtil;
-import com.nflg.product.base.core.exception.NflgBusinessException;
 import com.nflg.product.bomnew.constant.OriginalStatusEnum;
 import com.nflg.product.bomnew.mapper.master.BomNewEbomChildMapper;
 import com.nflg.product.bomnew.pojo.dto.BomNewOriginalExcelDTO;
@ -29,11 +28,8 @@ import io.swagger.annotations.ApiOperation;
 import nflg.product.common.constant.STATE;
 import nflg.product.common.vo.ResultVO;
 import org.springframework.transaction.annotation.Transactional;
-import org.springframework.transaction.support.TransactionSynchronizationAdapter;
-import org.springframework.transaction.support.TransactionSynchronizationManager;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
-import org.ttzero.excel.entity.ListMapSheet;
 import org.ttzero.excel.entity.ListSheet;
 import org.ttzero.excel.entity.Workbook;

@ -44,7 +40,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;
-import java.util.Map;
+import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.ExecutionException;

@ -95,6 +91,8 @@ public class OriginalBomApi extends BaseApi {
        BomNewOriginalParentEntity parentEntity = originalParentService.getBaseMapper().selectById(bom.getParentRowId());
        LogRecordContext.putVariable("drawingNo",parentEntity.getDrawingNo());

+        VUtils.isTure(!Objects.equals(parentEntity.getCreatedBy(), SessionUtil.getUserCode())).throwMessage("不能操作非本人创建的数据");
+
        return ResultVO.success(originalParentService.saveBom(bom, false));
    }

@ -106,6 +104,8 @@ public class OriginalBomApi extends BaseApi {
        BomNewOriginalParentEntity parentEntity = originalParentService.getBaseMapper().selectById(bom.getParentRowId());
        LogRecordContext.putVariable("drawingNo",parentEntity.getDrawingNo());

+        VUtils.isTure(!Objects.equals(parentEntity.getCreatedBy(), SessionUtil.getUserCode())).throwMessage("不能操作非本人创建的数据");
+
        return ResultVO.success(originalParentService.saveSubmit(bom));
    }

--- a/nflg_project_dev/nflg-bom-new/src/main/java/com/nflg/product/bomnew/service/BomNewOriginalParentService.java
+++ b/nflg_project_dev/nflg-bom-new/src/main/java/com/nflg/product/bomnew/service/BomNewOriginalParentService.java
@ -482,6 +482,12 @@ public class BomNewOriginalParentService extends ServiceImpl<BomNewOriginalParen

        //开始转换
        for (BomNewOriginalParentEntity parent : bomNewOriginalParentEntities) {
+
+            if (!Objects.equals(parent.getCreatedBy(), SessionUtil.getUserCode())){
+                log.warn(SessionUtil.getRealName()+"("+SessionUtil.getUserCode()+")转换原始bom("+parent.getRowId().toString()+")到ebom的操作被阻止");
+                continue;
+            }
+
            LogRecordContext.putVariable("bom",parent);
            Long ebomRowId = IdWorker.getId();
            convertToEBomDo(parent, ebomRowId);