增加权限过滤。

web/src/main/java/com/jpsoft/smart/modules/base/controller/AlarmConfigController.java

@@ -2,14 +2,18 @@ package com.jpsoft.smart.modules.base.controller;
 
 import com.github.pagehelper.Page;
 import com.jpsoft.smart.modules.base.entity.AlarmConfig;
+import com.jpsoft.smart.modules.base.entity.CompanyInfo;
 import com.jpsoft.smart.modules.base.entity.OwnerInfo;
 import com.jpsoft.smart.modules.base.service.AlarmConfigService;
 import com.jpsoft.smart.modules.base.service.AlarmConfigService;
+import com.jpsoft.smart.modules.base.service.CompanyInfoService;
 import com.jpsoft.smart.modules.base.service.OwnerInfoService;
 import com.jpsoft.smart.modules.common.dto.MessageResult;
 import com.jpsoft.smart.modules.common.dto.Sort;
 import com.jpsoft.smart.modules.common.utils.PojoUtils;
 import com.jpsoft.smart.modules.common.utils.WechatMessageUtil;
+import com.jpsoft.smart.modules.sys.entity.User;
+import com.jpsoft.smart.modules.sys.service.UserService;
 import com.jpsoft.smart.modules.wechat.entity.AccessControl;
 import com.jpsoft.smart.modules.wechat.service.IAccessControlService;
 import io.swagger.annotations.ApiOperation;
@@ -30,7 +34,12 @@ public class AlarmConfigController {
     @Autowired
     private AlarmConfigService alarmConfigService;
 
-   
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private CompanyInfoService companyInfoService;
+
     @ApiOperation(value="创建空记录")
     @GetMapping("create")
     public MessageResult<AlarmConfig> create(){
@@ -225,6 +234,9 @@ public class AlarmConfigController {
 
         Map<String,Object> searchParams = new HashMap<>();
 
+        User user = userService.get(subject);
+        CompanyInfo companyInfo = companyInfoService.get(user.getCompanyId());
+
         List<Sort> sortList = new ArrayList<>();
         sortList.add(new Sort("a.company_id","asc"));
         sortList.add(new Sort("a.start_time","asc"));
@@ -232,6 +244,11 @@ public class AlarmConfigController {
         if (StringUtils.isNotEmpty(companyId)) {
             searchParams.put("companyId",companyId);
         }
+        else{
+            if (!userService.hasRole(subject,"SYSADMIN")) {
+                searchParams.put("companyId",companyInfo.getId());
+            }
+        }
 
         Page<AlarmConfig> page = alarmConfigService.pageSearch(searchParams,pageIndex,pageSize,true,sortList);
 

web/src/main/java/com/jpsoft/smart/modules/base/controller/PersonInfoController.java

@@ -481,13 +481,7 @@ public class PersonInfoController {
 
         if (StringUtils.isEmpty(companyCode)){
             if (!userService.hasRole(subject,"SYSADMIN")) {
-
-                if(subordinate){
-                    searchParams.put("companyCode", companyInfo.getCode() + "%");
-                }
-                else {
-                    searchParams.put("companyCode", companyInfo.getCode());
-                }
+                searchParams.put("companyCode", companyInfo.getCode() + "%");
             }
         }
         else{

web/src/main/java/com/jpsoft/smart/modules/base/controller/WarningPusherController.java

@@ -2,12 +2,16 @@ package com.jpsoft.smart.modules.base.controller;
 
 import cn.hutool.json.JSONObject;
 import com.github.pagehelper.Page;
+import com.jpsoft.smart.modules.base.entity.CompanyInfo;
+import com.jpsoft.smart.modules.base.service.CompanyInfoService;
 import com.jpsoft.smart.modules.common.utils.PojoUtils;
 import com.jpsoft.smart.modules.common.dto.Sort;
 import com.jpsoft.smart.modules.common.dto.MessageResult;
 import com.jpsoft.smart.modules.base.entity.WarningPusher;
 import com.jpsoft.smart.modules.base.service.WarningPusherService;
 import com.jpsoft.smart.modules.common.utils.WeixinUtil;
+import com.jpsoft.smart.modules.sys.entity.User;
+import com.jpsoft.smart.modules.sys.service.UserService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
@@ -42,6 +46,12 @@ public class WarningPusherController {
     @Autowired
     private WarningPusherService warningPusherService;
 
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private CompanyInfoService companyInfoService;
+
     @ApiOperation(value="创建空记录")
     @GetMapping("create")
     public MessageResult<WarningPusher> create(){
@@ -227,6 +237,9 @@ public class WarningPusherController {
         //当前用户ID
         System.out.println(subject);
 
+        User user = userService.get(subject);
+        CompanyInfo companyInfo = companyInfoService.get(user.getCompanyId());
+
         MessageResult<Map> msgResult = new MessageResult<>();
 
         Map<String,Object> searchParams = new HashMap<>();
@@ -246,6 +259,11 @@ public class WarningPusherController {
         if (StringUtils.isNotEmpty(companyId)) {
             searchParams.put("companyId",companyId);
         }
+        else{
+            if (!userService.hasRole(subject,"SYSADMIN")) {
+                searchParams.put("companyId",companyInfo.getId());
+            }
+        }
 
         Page<WarningPusher> page = warningPusherService.pageSearch(searchParams,pageIndex,pageSize,true,sortList);