diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/OvertimeApplicationConstants.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/OvertimeApplicationConstants.java index de05c72..bbaa2de 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/OvertimeApplicationConstants.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/OvertimeApplicationConstants.java @@ -32,5 +32,6 @@ public final class OvertimeApplicationConstants { public static final String PERMISSION_DELETE = "project:overtime-application:delete"; public static final String PERMISSION_APPROVE = "project:overtime-application:approve"; public static final String PERMISSION_EXPORT = "project:overtime-application:export"; + public static final String PERMISSION_TEAM_DASHBOARD = "project:overtime-application:team-dashboard"; } diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/TeamDashboardConstants.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/TeamDashboardConstants.java deleted file mode 100644 index b573d2f..0000000 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/TeamDashboardConstants.java +++ /dev/null @@ -1,12 +0,0 @@ -package com.njcn.rdms.module.project.constant; - -/** - * 团队视角常量。 - */ -public final class TeamDashboardConstants { - - private TeamDashboardConstants() { - } - - public static final String PERMISSION = "project:work-report:team-dashboard"; -} diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/WorkReportConstants.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/WorkReportConstants.java index f4c3772..07c8d2a 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/WorkReportConstants.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/constant/WorkReportConstants.java @@ -38,4 +38,5 @@ public final class WorkReportConstants { public static final String PERMISSION_APPROVE = "project:work-report:approve"; public static final String PERMISSION_EXPORT = "project:work-report:export"; public static final String PERMISSION_PROJECT_OWNER = "project:work-report:project-owner"; + public static final String PERMISSION_TEAM_DASHBOARD = "project:work-report:team-dashboard"; } diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/overtime/team/TeamOvertimeController.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/overtime/team/TeamOvertimeController.java index e6f9257..01e8bb3 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/overtime/team/TeamOvertimeController.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/overtime/team/TeamOvertimeController.java @@ -1,7 +1,7 @@ package com.njcn.rdms.module.project.controller.admin.overtime.team; import com.njcn.rdms.framework.common.pojo.CommonResult; -import com.njcn.rdms.module.project.constant.TeamDashboardConstants; +import com.njcn.rdms.module.project.constant.OvertimeApplicationConstants; import com.njcn.rdms.module.project.controller.admin.overtime.team.vo.TeamOvertimeSummaryReqVO; import com.njcn.rdms.module.project.controller.admin.overtime.team.vo.TeamOvertimeSummaryRespVO; import com.njcn.rdms.module.project.service.overtime.team.TeamOvertimeService; @@ -28,7 +28,7 @@ public class TeamOvertimeController { @GetMapping("/summary") @Operation(summary = "获取团队加班申请统计") - @PreAuthorize("@ss.hasPermission('" + TeamDashboardConstants.PERMISSION + "')") + @PreAuthorize("@ss.hasPermission('" + OvertimeApplicationConstants.PERMISSION_TEAM_DASHBOARD + "')") public CommonResult getSummary(@Valid TeamOvertimeSummaryReqVO reqVO) { return success(teamOvertimeService.getSummary(reqVO)); } diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/workreport/team/TeamWorkReportController.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/workreport/team/TeamWorkReportController.java index c6b3004..a50a186 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/workreport/team/TeamWorkReportController.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/controller/admin/workreport/team/TeamWorkReportController.java @@ -1,7 +1,7 @@ package com.njcn.rdms.module.project.controller.admin.workreport.team; import com.njcn.rdms.framework.common.pojo.CommonResult; -import com.njcn.rdms.module.project.constant.TeamDashboardConstants; +import com.njcn.rdms.module.project.constant.WorkReportConstants; import com.njcn.rdms.module.project.controller.admin.workreport.team.vo.TeamReportRemindReqVO; import com.njcn.rdms.module.project.controller.admin.workreport.team.vo.TeamReportRemindRespVO; import com.njcn.rdms.module.project.controller.admin.workreport.team.vo.TeamReportSummaryReqVO; @@ -32,14 +32,14 @@ public class TeamWorkReportController { @GetMapping("/summary") @Operation(summary = "获取团队工作报告统计") - @PreAuthorize("@ss.hasPermission('" + TeamDashboardConstants.PERMISSION + "')") + @PreAuthorize("@ss.hasPermission('" + WorkReportConstants.PERMISSION_TEAM_DASHBOARD + "')") public CommonResult getSummary(@Valid TeamReportSummaryReqVO reqVO) { return success(teamWorkReportService.getSummary(reqVO)); } @PostMapping("/remind") @Operation(summary = "催办团队工作报告") - @PreAuthorize("@ss.hasPermission('" + TeamDashboardConstants.PERMISSION + "')") + @PreAuthorize("@ss.hasPermission('" + WorkReportConstants.PERMISSION_TEAM_DASHBOARD + "')") public CommonResult remind(@Valid @RequestBody TeamReportRemindReqVO reqVO) { return success(teamWorkReportService.remind(reqVO)); } diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/OvertimeApplicationServiceImpl.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/OvertimeApplicationServiceImpl.java index 8c8028e..4f7fe57 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/OvertimeApplicationServiceImpl.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/OvertimeApplicationServiceImpl.java @@ -196,7 +196,8 @@ public class OvertimeApplicationServiceImpl implements OvertimeApplicationServic Long loginUserId = SecurityFrameworkUtils.getLoginUserId(); PageResult page; if (reqVO.getApplicantIds() != null) { - List applicantIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds(reqVO.getApplicantIds()); + List applicantIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds( + reqVO.getApplicantIds(), OvertimeApplicationConstants.PERMISSION_TEAM_DASHBOARD); page = overtimeApplicationMapper.selectMyPage(applicantIds, reqVO, TEAM_VISIBLE_STATUS_CODES); } else { page = overtimeApplicationMapper.selectMyPage(loginUserId, reqVO); @@ -384,7 +385,8 @@ public class OvertimeApplicationServiceImpl implements OvertimeApplicationServic Long loginUserId = SecurityFrameworkUtils.getLoginUserId(); if (!Objects.equals(application.getApplicantId(), loginUserId) && !Objects.equals(application.getApproverId(), loginUserId) - && !teamDashboardAccessService.canReadSubordinateUser(application.getApplicantId())) { + && !teamDashboardAccessService.canReadSubordinateUser( + application.getApplicantId(), OvertimeApplicationConstants.PERMISSION_TEAM_DASHBOARD)) { throw exception(ErrorCodeConstants.OVERTIME_APPLICATION_READ_FORBIDDEN); } return application; diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/team/TeamOvertimeServiceImpl.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/team/TeamOvertimeServiceImpl.java index f57cfaf..ab2b371 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/team/TeamOvertimeServiceImpl.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/overtime/team/TeamOvertimeServiceImpl.java @@ -33,7 +33,8 @@ public class TeamOvertimeServiceImpl implements TeamOvertimeService { @Override public TeamOvertimeSummaryRespVO getSummary(TeamOvertimeSummaryReqVO reqVO) { - teamDashboardAccessService.validateTeamDashboardPermission(); + teamDashboardAccessService.validateTeamDashboardPermission( + OvertimeApplicationConstants.PERMISSION_TEAM_DASHBOARD); List subordinateIds = teamDashboardAccessService.getAllSubordinateUserIds(); YearMonth month = parseMonth(reqVO == null ? null : reqVO.getMonth()); diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessService.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessService.java index f72ae9c..96bf960 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessService.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessService.java @@ -9,7 +9,7 @@ public interface TeamDashboardAccessService { /** * 校验当前用户具备团队视角权限。 */ - void validateTeamDashboardPermission(); + void validateTeamDashboardPermission(String permission); /** * 获取当前登录用户全部有效下属(不含本人)。 @@ -24,7 +24,7 @@ public interface TeamDashboardAccessService { * @param candidateUserIds 前端传入的目标用户 ID;为空表示全部下属 * @return 校验后的目标用户 ID(不含本人) */ - List resolveRequestedSubordinateUserIds(Collection candidateUserIds); + List resolveRequestedSubordinateUserIds(Collection candidateUserIds, String permission); /** * 判断当前登录用户是否可读取指定工作报告/加班申请所属人员的数据。 @@ -32,7 +32,7 @@ public interface TeamDashboardAccessService { * @param userId 目标人员 ID * @return 是否可读 */ - boolean canReadSubordinateUser(Long userId); + boolean canReadSubordinateUser(Long userId, String permission); /** * 获取当前登录用户下属集合。 diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessServiceImpl.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessServiceImpl.java index cafdb36..80287ac 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessServiceImpl.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/team/TeamDashboardAccessServiceImpl.java @@ -3,7 +3,6 @@ package com.njcn.rdms.module.project.service.team; import com.njcn.rdms.framework.common.pojo.CommonResult; import com.njcn.rdms.framework.security.core.service.SecurityFrameworkService; import com.njcn.rdms.framework.security.core.util.SecurityFrameworkUtils; -import com.njcn.rdms.module.project.constant.TeamDashboardConstants; import com.njcn.rdms.module.project.enums.ErrorCodeConstants; import com.njcn.rdms.module.system.api.user.AdminUserApi; import com.njcn.rdms.module.system.api.user.UserManagementRelationApi; @@ -32,8 +31,8 @@ public class TeamDashboardAccessServiceImpl implements TeamDashboardAccessServic private SecurityFrameworkService securityFrameworkService; @Override - public void validateTeamDashboardPermission() { - if (!securityFrameworkService.hasPermission(TeamDashboardConstants.PERMISSION)) { + public void validateTeamDashboardPermission(String permission) { + if (!securityFrameworkService.hasPermission(permission)) { throw exception(ErrorCodeConstants.TEAM_DASHBOARD_PERMISSION_REQUIRED); } } @@ -44,8 +43,8 @@ public class TeamDashboardAccessServiceImpl implements TeamDashboardAccessServic } @Override - public List resolveRequestedSubordinateUserIds(Collection candidateUserIds) { - validateTeamDashboardPermission(); + public List resolveRequestedSubordinateUserIds(Collection candidateUserIds, String permission) { + validateTeamDashboardPermission(permission); Set allSubordinates = getSubordinateUserIdSet(); if (allSubordinates.isEmpty()) { return Collections.emptyList(); @@ -68,11 +67,11 @@ public class TeamDashboardAccessServiceImpl implements TeamDashboardAccessServic } @Override - public boolean canReadSubordinateUser(Long userId) { + public boolean canReadSubordinateUser(Long userId, String permission) { if (userId == null) { return false; } - if (!securityFrameworkService.hasPermission(TeamDashboardConstants.PERMISSION)) { + if (!securityFrameworkService.hasPermission(permission)) { return false; } return getSubordinateUserIdSet().contains(userId); diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/common/WorkReportCommonService.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/common/WorkReportCommonService.java index f555a3b..23a2882 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/common/WorkReportCommonService.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/common/WorkReportCommonService.java @@ -242,7 +242,8 @@ public class WorkReportCommonService { Long loginUserId = SecurityFrameworkUtils.getLoginUserId(); PageResult pageResult; if (reqVO.getReporterIds() != null) { - List reporterIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds(reqVO.getReporterIds()); + List reporterIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds( + reqVO.getReporterIds(), WorkReportConstants.PERMISSION_TEAM_DASHBOARD); pageResult = weeklyReportMapper.selectReporterPage(reporterIds, reqVO, TEAM_VISIBLE_STATUS_CODES); } else { pageResult = weeklyReportMapper.selectReporterPage(loginUserId, reqVO, getEnabledStatusCodes()); @@ -406,7 +407,8 @@ public class WorkReportCommonService { Long loginUserId = SecurityFrameworkUtils.getLoginUserId(); PageResult pageResult; if (reqVO.getReporterIds() != null) { - List reporterIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds(reqVO.getReporterIds()); + List reporterIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds( + reqVO.getReporterIds(), WorkReportConstants.PERMISSION_TEAM_DASHBOARD); pageResult = monthlyReportMapper.selectReporterPage(reporterIds, reqVO, TEAM_VISIBLE_STATUS_CODES); } else { pageResult = monthlyReportMapper.selectReporterPage(loginUserId, reqVO, getEnabledStatusCodes()); @@ -589,7 +591,8 @@ public class WorkReportCommonService { Long loginUserId = SecurityFrameworkUtils.getLoginUserId(); PageResult pageResult; if (reqVO.getProjectOwnerIds() != null) { - List projectOwnerIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds(reqVO.getProjectOwnerIds()); + List projectOwnerIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds( + reqVO.getProjectOwnerIds(), WorkReportConstants.PERMISSION_TEAM_DASHBOARD); pageResult = projectReportMapper.selectReporterPage(projectOwnerIds, reqVO, TEAM_VISIBLE_STATUS_CODES); } else { pageResult = projectReportMapper.selectReporterPage(loginUserId, reqVO, getEnabledStatusCodes()); @@ -788,7 +791,8 @@ public class WorkReportCommonService { Long loginUserId = SecurityFrameworkUtils.getLoginUserId(); if (!Objects.equals(loginUserId, reporterId) && !Objects.equals(loginUserId, supervisorUserId) - && !teamDashboardAccessService.canReadSubordinateUser(reporterId)) { + && !teamDashboardAccessService.canReadSubordinateUser( + reporterId, WorkReportConstants.PERMISSION_TEAM_DASHBOARD)) { throw exception(ErrorCodeConstants.WORK_REPORT_READ_FORBIDDEN); } } diff --git a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/team/TeamWorkReportServiceImpl.java b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/team/TeamWorkReportServiceImpl.java index 59c1591..e52de18 100644 --- a/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/team/TeamWorkReportServiceImpl.java +++ b/rdms-project/rdms-project-boot/src/main/java/com/njcn/rdms/module/project/service/workreport/team/TeamWorkReportServiceImpl.java @@ -69,7 +69,7 @@ public class TeamWorkReportServiceImpl implements TeamWorkReportService { @Override public TeamReportSummaryRespVO getSummary(TeamReportSummaryReqVO reqVO) { - teamDashboardAccessService.validateTeamDashboardPermission(); + teamDashboardAccessService.validateTeamDashboardPermission(WorkReportConstants.PERMISSION_TEAM_DASHBOARD); ReportContext context = buildReportContext(normalizeReportType(reqVO.getReportType()), reqVO.getPeriodKey()); TeamReportSummaryRespVO respVO = new TeamReportSummaryRespVO(); respVO.setTotalShouldSubmit(context.expectedUserIds().size()); @@ -84,7 +84,7 @@ public class TeamWorkReportServiceImpl implements TeamWorkReportService { @Override @Transactional(rollbackFor = Exception.class) public TeamReportRemindRespVO remind(TeamReportRemindReqVO reqVO) { - teamDashboardAccessService.validateTeamDashboardPermission(); + teamDashboardAccessService.validateTeamDashboardPermission(WorkReportConstants.PERMISSION_TEAM_DASHBOARD); String reportType = normalizeReportType(reqVO.getReportType()); ReportContext context = buildReportContext(reportType, reqVO.getPeriodKey()); List remindUserIds = resolveRemindUserIds(reqVO.getUserIds(), context); @@ -223,7 +223,8 @@ public class TeamWorkReportServiceImpl implements TeamWorkReportService { if (requestedUserIds == null) { return new ArrayList<>(unsubmittedUserIds); } - List validatedIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds(requestedUserIds); + List validatedIds = teamDashboardAccessService.resolveRequestedSubordinateUserIds( + requestedUserIds, WorkReportConstants.PERMISSION_TEAM_DASHBOARD); return validatedIds.stream() .filter(unsubmittedUserIds::contains) .collect(Collectors.toList());