fix(qms-pdi-task): 修正不合格物料分页查询数据权限过滤
- 在查询请求中自动填充当前登录用户ID以支持数据权限控制 - QmsPdiTaskRecordDefectSearchQO中新增currentUserId字段用于传递用户ID - Mapper查询逻辑新增权限校验,限制用户只能访问自己负责的质检数据 - 权限规则区分无工单与有工单两种情况,确保数据隔离和安全
This commit is contained in:
parent
8701e0fb3d
commit
8fb1128e06
|
|
@ -94,6 +94,9 @@ public class QmsPdiTaskRecordControllerService {
|
|||
* 不合格物料分页查询(已完成+不合格+存在不合格检测项,关联工单状态)
|
||||
*/
|
||||
public PageData<QmsPdiTaskRecordDefectPageVO> searchDefect(QmsPdiTaskRecordDefectSearchQO request) {
|
||||
// 填充当前登录用户ID(用于数据权限过滤)
|
||||
request.setCurrentUserId(UserUtil.getUserId());
|
||||
|
||||
Page<QmsPdiTaskRecordDefectPageVO> page = taskRecordService.searchDefect(request);
|
||||
PageData<QmsPdiTaskRecordDefectPageVO> result = new PageData<>();
|
||||
result.setItems(page.getRecords());
|
||||
|
|
|
|||
|
|
@ -57,4 +57,9 @@ public class QmsPdiTaskRecordDefectSearchQO {
|
|||
* 每页条数
|
||||
*/
|
||||
private Integer pageSize = 20;
|
||||
|
||||
/**
|
||||
* 当前登录用户ID(用于数据权限过滤,由后端自动填充)
|
||||
*/
|
||||
private Long currentUserId;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -116,6 +116,19 @@
|
|||
AND ir.inspection_item_results = false
|
||||
)
|
||||
)
|
||||
<!-- 权限校验:当前登录用户只能看到自己负责的数据 -->
|
||||
AND (
|
||||
<!-- 无工单时:显示给质检人或帮办人 -->
|
||||
(it.id IS NULL AND (r.inspector_id = #{request.currentUserId} OR t.assistant_id = #{request.currentUserId}))
|
||||
OR
|
||||
<!-- 有工单时:只显示该用户作为处理人的工单 -->
|
||||
(it.id IS NOT NULL AND EXISTS (
|
||||
SELECT 1
|
||||
FROM qms_issue_ticket_process p
|
||||
WHERE p.issue_ticket_id = it.id
|
||||
AND p.handler_user_id = #{request.currentUserId}
|
||||
))
|
||||
)
|
||||
<if test="request.inspectionType != null">
|
||||
AND r.inspection_type = #{request.inspectionType}
|
||||
</if>
|
||||
|
|
|
|||
Loading…
Reference in New Issue