From f68d223a337a1815413b301c34babbf5fafd731f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9B=B9=E9=B9=8F=E9=A3=9E?= <rakor2010@gmail.com>
Date: Sun, 14 Jun 2026 10:27:59 +0800
Subject: [PATCH 1/3] =?UTF-8?q?fix(qms):=20=E7=A7=BB=E9=99=A4=E5=B7=B2?=
 =?UTF-8?q?=E9=A9=B3=E5=9B=9E=E7=8A=B6=E6=80=81=E4=B8=8B=E6=9D=90=E6=96=99?=
 =?UTF-8?q?=E5=8F=B7=E5=92=8C=E9=87=87=E8=B4=AD=E5=8D=95=E5=8F=B7=E7=9A=84?=
 =?UTF-8?q?=E6=A0=A1=E9=AA=8C=E9=99=90=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 删除了状态3时对materialNo和purchaseNo字段的非空校验
- 移除了已驳回状态只能修改COA报告和图片的业务限制
- 允许在状态3时修改材料号和采购单号字段
---
 .../repository/service/impl/QmsCoaReviewServiceImpl.java    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/QmsCoaReviewServiceImpl.java b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/QmsCoaReviewServiceImpl.java
index 7441faff..8620867b 100644
--- a/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/QmsCoaReviewServiceImpl.java
+++ b/nflg-wms-repository/src/main/java/com/nflg/wms/repository/service/impl/QmsCoaReviewServiceImpl.java
@@ -207,12 +207,6 @@ public class QmsCoaReviewServiceImpl extends ServiceImpl<QmsCoaReviewMapper, Qms
             }
         } else if (Objects.equals(status, 3)) {
             // 状态3时只能改COA报告和图片
-            if (Objects.nonNull(qo.getMaterialNo()) && !qo.getMaterialNo().isEmpty()) {
-                throw new NflgException(STATE.BusinessError, "已驳回状态只能修改COA报告和图片");
-            }
-            if (Objects.nonNull(qo.getPurchaseNo()) && !qo.getPurchaseNo().isEmpty()) {
-                throw new NflgException(STATE.BusinessError, "已驳回状态只能修改COA报告和图片");
-            }
             if (Objects.nonNull(qo.getCoaFile()) && !qo.getCoaFile().isEmpty()) {
                 updater.set(QmsCoaReview::getCoaFile, qo.getCoaFile());
             }

From 36ad7c0bfac1054e3da239b0e5d2adf65a192484 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9B=B9=E9=B9=8F=E9=A3=9E?= <rakor2010@gmail.com>
Date: Sun, 14 Jun 2026 10:42:34 +0800
Subject: [PATCH 2/3] =?UTF-8?q?feat(user):=20=E6=B7=BB=E5=8A=A0=E6=98=BE?=
 =?UTF-8?q?=E7=A4=BA=E6=89=80=E6=9C=89=E7=94=A8=E6=88=B7=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 在 UserSearchQO 中新增 showAll 字段，默认值为 true
- 修改 UserControllerService 中的权限判断逻辑，增加对 showAll 参数的支持
- 非超级管理员用户可通过设置 showAll 控制是否显示所有用户数据
---
 .../com/nflg/wms/admin/service/UserControllerService.java    | 2 +-
 .../main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java  | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
index 0c80d0cb..bb79bde2 100644
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
@@ -186,7 +186,7 @@ public class UserControllerService {
         if (Objects.nonNull(request.getDeptId())) {
             request.setDeptIds(deptService.getWithChildren(request.getDeptId()));
         }
-        if (!UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+        if (!request.getShowAll() || !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
             request.setCreateById(UserUtil.getUserId());
         }
         IPage<UserVO> pu = uService.search(request);
diff --git a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java
index 24ddb8a9..2e98f29e 100644
--- a/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java
+++ b/nflg-wms-common/src/main/java/com/nflg/wms/common/pojo/qo/UserSearchQO.java
@@ -31,4 +31,9 @@ public class UserSearchQO extends SearchBaseQO {
 
     @JsonIgnore
     private Long createById;
+
+    /**
+     * 是否显示所有用户
+     */
+    private Boolean showAll = true;
 }

From dbbe383313ccb4bdb3ff71954ce93fce490ac70b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9B=B9=E9=B9=8F=E9=A3=9E?= <rakor2010@gmail.com>
Date: Sun, 14 Jun 2026 10:49:52 +0800
Subject: [PATCH 3/3] =?UTF-8?q?fix(user):=20=E4=BF=AE=E5=A4=8D=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E6=9F=A5=E8=AF=A2=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 将权限判断条件从 OR 改为 AND 操作符
- 确保非超级管理员用户无法显示所有数据
- 修复了权限控制的安全漏洞
---
 .../java/com/nflg/wms/admin/service/UserControllerService.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
index bb79bde2..6fa5803f 100644
--- a/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
+++ b/nflg-wms-admin/src/main/java/com/nflg/wms/admin/service/UserControllerService.java
@@ -186,7 +186,7 @@ public class UserControllerService {
         if (Objects.nonNull(request.getDeptId())) {
             request.setDeptIds(deptService.getWithChildren(request.getDeptId()));
         }
-        if (!request.getShowAll() || !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
+        if (!request.getShowAll() && !UserUtil.getRoles().contains(Constant.SUPER_ADMIN)) {
             request.setCreateById(UserUtil.getUserId());
         }
         IPage<UserVO> pu = uService.search(request);