From 8fb1128e066591d56bb7db96647a7398f439712b Mon Sep 17 00:00:00 2001
From: funny <834502597@qq.com>
Date: Sat, 9 May 2026 14:14:17 +0800
Subject: [PATCH] =?UTF-8?q?fix(qms-pdi-task):=20=E4=BF=AE=E6=AD=A3?=
 =?UTF-8?q?=E4=B8=8D=E5=90=88=E6=A0=BC=E7=89=A9=E6=96=99=E5=88=86=E9=A1=B5?=
 =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E6=95=B0=E6=8D=AE=E6=9D=83=E9=99=90=E8=BF=87?=
 =?UTF-8?q?=E6=BB=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在查询请求中自动填充当前登录用户ID以支持数据权限控制
- QmsPdiTaskRecordDefectSearchQO中新增currentUserId字段用于传递用户ID
- Mapper查询逻辑新增权限校验，限制用户只能访问自己负责的质检数据
- 权限规则区分无工单与有工单两种情况，确保数据隔离和安全
---
 .../service/QmsPdiTaskRecordControllerService.java  |  3 +++
 .../pojo/qo/QmsPdiTaskRecordDefectSearchQO.java     |  5 +++++
 .../resources/mapper/QmsPdiTaskRecordMapper.xml     | 13 +++++++++++++
 3 files changed, 21 insertions(+)

diff --git a/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsPdiTaskRecordControllerService.java b/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsPdiTaskRecordControllerService.java
index addae0ab..6222cb17 100644
--- a/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsPdiTaskRecordControllerService.java
+++ b/nflg-qms-admin/src/main/java/com/nflg/qms/admin/service/QmsPdiTaskRecordControllerService.java
@@ -94,6 +94,9 @@ public class QmsPdiTaskRecordControllerService {
      * 不合格物料分页查询（已完成+不合格+存在不合格检测项，关联工单状态）
      */
     public PageData<QmsPdiTaskRecordDefectPageVO> searchDefect(QmsPdiTaskRecordDefectSearchQO request) {
+        // 填充当前登录用户ID（用于数据权限过滤）
+        request.setCurrentUserId(UserUtil.getUserId());
+        
         Page<QmsPdiTaskRecordDefectPageVO> page = taskRecordService.searchDefect(request);
         PageData<QmsPdiTaskRecordDefectPageVO> result = new PageData<>();
         result.setItems(page.getRecords());
diff --git a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/QmsPdiTaskRecordDefectSearchQO.java b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/QmsPdiTaskRecordDefectSearchQO.java
index c9b1b898..38ccf926 100644
--- a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/QmsPdiTaskRecordDefectSearchQO.java
+++ b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/QmsPdiTaskRecordDefectSearchQO.java
@@ -57,4 +57,9 @@ public class QmsPdiTaskRecordDefectSearchQO {
      * 每页条数
      */
     private Integer pageSize = 20;
+
+    /**
+     * 当前登录用户ID（用于数据权限过滤，由后端自动填充）
+     */
+    private Long currentUserId;
 }
diff --git a/nflg-wms-repository/src/main/resources/mapper/QmsPdiTaskRecordMapper.xml b/nflg-wms-repository/src/main/resources/mapper/QmsPdiTaskRecordMapper.xml
index bff3f47d..19db58d3 100644
--- a/nflg-wms-repository/src/main/resources/mapper/QmsPdiTaskRecordMapper.xml
+++ b/nflg-wms-repository/src/main/resources/mapper/QmsPdiTaskRecordMapper.xml
@@ -116,6 +116,19 @@
                       AND ir.inspection_item_results = false
                 )
             )
+            <!-- 权限校验：当前登录用户只能看到自己负责的数据 -->
+            AND (
+                <!-- 无工单时：显示给质检人或帮办人 -->
+                (it.id IS NULL AND (r.inspector_id = #{request.currentUserId} OR t.assistant_id = #{request.currentUserId}))
+                OR
+                <!-- 有工单时：只显示该用户作为处理人的工单 -->
+                (it.id IS NOT NULL AND EXISTS (
+                    SELECT 1
+                    FROM qms_issue_ticket_process p
+                    WHERE p.issue_ticket_id = it.id
+                      AND p.handler_user_id = #{request.currentUserId}
+                ))
+            )
             <if test="request.inspectionType != null">
                 AND r.inspection_type = #{request.inspectionType}
             </if>