涉访涉诉--删除权限需要根据是否本人录入来判断

2 weeks ago · b9b0f64039
1 changed files with 34 additions and 2 deletions
--- a/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java
+++ b/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java
@ -131,16 +131,19 @@ public class ComplaintCollectionServiceImpl implements ComplaintCollectionServic


    @Override
+    @Transactional(rollbackFor = Exception.class)
    public Result<Boolean> delComplaintCollection(ComplaintCollectionDelRequest request) {
        ComplaintCollectionQueryParam param = new ComplaintCollectionQueryParam();
        param.setId(request.getId());
        List<ComplaintCollection> query = complaintCollectionResourceService.query(param);
        if (CollectionUtil.isEmpty(query)) {
-            throw new RuntimeException("未找到可删除信息");
+            throw new IllegalStateException("未找到可删除信息" + request.getId());
        }
        if (!"0".equals(query.get(0).getStatus())) {
-            throw new RuntimeException("目标信息状态不可删除");
+            throw new IllegalStateException("目标信息状态不可删除" + request.getId());
        }
+        // 鉴权
+        checkDeletePermission(query.get(0));
        boolean deleted = complaintCollectionResourceService.deleteById(request.getId());
        if (!deleted) {
            throw new RuntimeException("删除失败");
@ -909,4 +912,33 @@ public class ComplaintCollectionServiceImpl implements ComplaintCollectionServic

    }

+
+    /**
+     * 删除鉴权
+     * 1、本人可删除
+     * 2、市局管理员可删除
+     * 3、超级管理员可删除
+     *
+     * @param complaintCollection
+     */
+    private void checkDeletePermission(ComplaintCollection complaintCollection) {
+        UserAuth currentUser = UserContextHolder.getCurrentUser();
+        List<String> authDepartIds = currentUser.getAuthDepartIds();
+        // 本人可删
+        if (currentUser.getUserName().equals(complaintCollection.getCreateBy())) {
+            return;
+        }
+        // 超级管理员可删
+        if (AppConstants.USER_TYPE_SUPER.equals(currentUser.getUserType())) {
+            return;
+        }
+        // 市局管理员可删除
+        if (currentUser.getRoleCodes() != null && currentUser.getRoleCodes().contains(RoleCodeEnum.FIRST_ADMIN.getCode())) {
+            return;
+        }
+        // 后续二级机构专班可以删除三级机构的
+        // 否则直接异常
+        throw new IllegalStateException("当前账号无权限操作该数据。请使用市局管理员账号登录，或确认该数据是否为本人录入。");
+    }
+
 }