From 05d8772b3b77a0fdea489baec5312c6740572db1 Mon Sep 17 00:00:00 2001
From: buaixuexideshitongxue <2936013465@qq.com>
Date: Thu, 26 Mar 2026 18:53:55 +0800
Subject: [PATCH] =?UTF-8?q?fix--=E5=AE=A1=E8=AE=A1=E6=83=85=E5=86=B5?=
 =?UTF-8?q?=E8=A1=A8=EF=BC=9A=E5=88=97=E8=A1=A8=E5=B1=95=E7=A4=BA=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E8=8C=83=E5=9B=B4=E5=86=85=E2=80=9C=E5=AE=A1=E8=AE=A1?=
 =?UTF-8?q?=E5=8D=95=E4=BD=8D=E2=80=9D=E4=B8=BA=E7=9D=A3=E5=AE=A1=E6=94=AF?=
 =?UTF-8?q?=E9=98=9F=EF=BC=88=E5=AE=A1=E8=AE=A1=E5=A4=A7=E9=98=9F=EF=BC=89?=
 =?UTF-8?q?=E7=9A=84=E5=BD=92=E6=A1=A3=E9=A1=B9=E7=9B=AE=E3=80=82=EF=BC=88?=
 =?UTF-8?q?=E5=90=8C=E6=AD=A5=E4=BF=AE=E6=94=B9=E5=88=97=E8=A1=A8=E6=8F=8F?=
 =?UTF-8?q?=E8=BF=B0=EF=BC=8C=E5=89=94=E9=99=A4=E5=88=A0=E9=99=A4=E7=8A=B6?=
 =?UTF-8?q?=E6=80=81=E7=9A=84=E9=A1=B9=E7=9B=AE=EF=BC=89=EF=BC=89=20?=
 =?UTF-8?q?=E5=AE=A1=E7=BB=93=E6=83=85=E5=86=B5=E8=A1=A8=EF=BC=9A=E5=88=97?=
 =?UTF-8?q?=E8=A1=A8=E5=B1=95=E7=A4=BA=E6=9D=83=E9=99=90=E8=8C=83=E5=9B=B4?=
 =?UTF-8?q?=E5=86=85=E5=B7=B2=E5=BD=92=E6=A1=A3=E7=9A=84=E9=A1=B9=E7=9B=AE?=
 =?UTF-8?q?=EF=BC=88=E5=89=94=E9=99=A4=E5=88=A0=E9=99=A4=E7=8A=B6=E6=80=81?=
 =?UTF-8?q?=E9=A1=B9=E7=9B=AE=EF=BC=8C=E7=9B=AE=E5=89=8D=E9=A1=B9=E7=9B=AE?=
 =?UTF-8?q?=E6=95=B0=E5=AF=B9=E4=B8=8D=E4=B8=8A=EF=BC=89=20=E9=A1=B9?=
 =?UTF-8?q?=E7=9B=AE=E5=AE=A1=E8=AE=A1=E6=83=85=E5=86=B5=E5=A4=87=E6=A1=88?=
 =?UTF-8?q?=E8=A1=A8=EF=BC=9A=E5=88=97=E8=A1=A8=E5=B1=95=E7=A4=BA=E9=99=90?=
 =?UTF-8?q?=E6=9D=83=E9=99=90=E8=8C=83=E5=9B=B4=E5=86=85=E2=80=9C=E5=AE=A1?=
 =?UTF-8?q?=E8=AE=A1=E5=8D=95=E4=BD=8D=E2=80=9D=E4=B8=BA=E5=90=84=E5=88=86?=
 =?UTF-8?q?=E5=8E=BF=E5=B8=82=E5=B1=80=E5=86=85=E5=AE=A1=E7=9A=84=E5=BD=92?=
 =?UTF-8?q?=E6=A1=A3=E9=A1=B9=E7=9B=AE=E3=80=82=EF=BC=88=E5=90=8C=E6=AD=A5?=
 =?UTF-8?q?=E5=B0=86=E8=AF=A5=E5=88=97=E8=A1=A8=E6=9C=80=E4=B8=8B=E6=96=B9?=
 =?UTF-8?q?=E5=8A=9F=E8=83=BD=E6=8F=8F=E8=BF=B0=E4=BF=AE=E6=94=B9=EF=BC=8C?=
 =?UTF-8?q?=E5=89=94=E9=99=A4=E5=88=A0=E9=99=A4=E7=8A=B6=E6=80=81=E7=9A=84?=
 =?UTF-8?q?=E9=A1=B9=E7=9B=AE=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../report/ReportProjectController.java       | 44 +++++++++++++++----
 1 file changed, 35 insertions(+), 9 deletions(-)

diff --git a/src/main/java/com/biutag/supervision/controller/report/ReportProjectController.java b/src/main/java/com/biutag/supervision/controller/report/ReportProjectController.java
index 16f9e34..9d9617c 100644
--- a/src/main/java/com/biutag/supervision/controller/report/ReportProjectController.java
+++ b/src/main/java/com/biutag/supervision/controller/report/ReportProjectController.java
@@ -214,8 +214,6 @@ public class ReportProjectController {
         wrapper.eq(StrUtil.isNotBlank(queryParam.getNode()),"p.node",queryParam.getNode())
                 .like(StrUtil.isNotBlank(queryParam.getReportName()),"p.report_name",queryParam.getReportName())
                 .like(StrUtil.isNotBlank(queryParam.getProjectType()),"p.project_type",queryParam.getProjectType())
-//                .eq(StrUtil.isNotBlank(queryParam.getAuditUnitId()),"p.audit_unit_id",queryParam.getAuditUnitId())
-//                .eq(StrUtil.isNotBlank(queryParam.getProjectUnitId()),"p.project_unit_id",queryParam.getProjectUnitId())
                 .eq(StrUtil.isNotBlank(queryParam.getPurchaseMethod()),"p.purchase_method",queryParam.getPurchaseMethod())
                 .like(StrUtil.isNotBlank(queryParam.getReferenceNumber()),"p.reference_number",queryParam.getReferenceNumber());
                 if(StrUtil.isNotBlank(queryParam.getReportType()) && !"all".equals(queryParam.getReportType())) {
@@ -230,13 +228,6 @@ public class ReportProjectController {
                 if(CollectionUtil.isNotEmpty(queryParam.getApplicantDateTime())){
                     wrapper.between("p.applicant_time",queryParam.getApplicantDateTime().get(0),queryParam.getApplicantDateTime().get(1));
                 }
-                if(StrUtil.isNotBlank(queryParam.getCode())){
-                    if(queryParam.getCode().equals("city")){
-                        wrapper.le("p.report_money",new BigDecimal(200000));
-                    }else{
-                        wrapper.ge("p.report_money",new BigDecimal(200000));
-                    }
-                }
         if (StrUtil.isNotBlank(queryParam.getAuditUnitId())) {
             // 获取选择的审计单位及其所有子部门的ID
             wrapper.in("p.audit_unit_id", departService.getAllNodeIds(queryParam.getAuditUnitId()));
@@ -246,6 +237,41 @@ public class ReportProjectController {
         }
                 wrapper.groupBy("p.id");
                 wrapper.eq("p.delete_flag", DeleteStatusEnum.NO.getCode());
+
+        // 鉴权逻辑
+        UserAuth user = UserContextHolder.getCurrentUser();
+        boolean superAuth = AppConstants.USER_TYPE_SUPER.equals(user.getUserType());
+        boolean firstAuth = superAuth || user.getRoleCodes().contains(RoleCodeEnum.FIRST_ADMIN.getCode());
+        // 获取用户的权限部门及其所有子部门
+        List<String> userAuthOrgIds = !user.getAuthDepartIds().isEmpty()
+                ? departService.getAllNodeIds(user.getAuthDepartIds())
+                : departService.getAllNodeIds(user.getDepartId());
+
+        // 根据code参数应用不同的鉴权规则
+        String code = queryParam.getCode();
+        if (firstAuth) {
+            // 超级管理员和市级管理员
+            if ("dszd".equals(code)) {
+                // 只显示督审支队及以下单位的数据
+                List<String> dszdOrgIds = departService.getAllNodeIds(AppConstants.DSZD);
+                wrapper.and(w -> w.in("p.audit_unit_id", dszdOrgIds).or().in("p.project_unit_id", dszdOrgIds));
+            }
+            // 其他情况（firstAuth + 无code或self）显示全部数据
+        } else {
+            // 非市级管理员，根据code应用不同规则
+            if ("dszd".equals(code)) {
+                // 只显示审计单位或项目单位为督审支队及以下单位的数据
+                List<String> dszdOrgIds = departService.getAllNodeIds(AppConstants.DSZD);
+                wrapper.and(w -> w.in("p.audit_unit_id", dszdOrgIds).or().in("p.project_unit_id", dszdOrgIds));
+            } else if ("self".equals(code)) {
+                // 只显示审计单位或项目单位为自己的权限机构的数据
+                wrapper.and(w -> w.eq("p.audit_unit_id", user.getDepartId()).or().eq("p.project_unit_id", user.getDepartId()));
+            } else {
+                // 默认显示权限范围内的所有数据
+                wrapper.and(w -> w.in("p.audit_unit_id", userAuthOrgIds).or().in("p.project_unit_id", userAuthOrgIds));
+            }
+        }
+
         Page<ConditionVo> conditionPage = reportProjectService.getConditionPage(new Page<>(queryParam.getCurrent(), queryParam.getSize()), wrapper);
         conditionPage.getRecords().forEach(s->{
             SupDepart auditById = departService.getById(s.getAuditUnitId());