涉访涉诉--支持用一级查二级

1 month ago · f80f43c2c2
2 changed files with 67 additions and 1 deletions
--- a/src/main/java/com/biutag/supervision/repository/supdepart/SupDepartResourceService.java
+++ b/src/main/java/com/biutag/supervision/repository/supdepart/SupDepartResourceService.java
@ -77,4 +77,46 @@ public class SupDepartResourceService extends BaseDAO {
        return departAndSubDepart.stream().collect(Collectors.toMap(DepartAndSubDepartDto::getParentId, dto -> dto));
    }
    /**
     * 根据任意部门ID展开为其下属二级机构ID集合（包含自身如果自身就是二级）
     * @param departId 可能是二级机构，也可能是其上级
     * @return 二级机构ID集合
     */
    public Set<String> expandToSecondDepartIds(String departId) {
        if (StrUtil.isBlank(departId)) {
            return Collections.emptySet();
        }
        final String SECOND_LEVEL_VALUE = "2";
        // 1) 先查自己
        SupDepart self = supDepartMapper.selectById(departId);
        if (self == null) {
            return Collections.emptySet();
        }
        // 2) 如果自己就是二级，直接返回
        if (SECOND_LEVEL_VALUE.equals(String.valueOf(self.getLevel()))) {
            return new HashSet<>(Collections.singletonList(self.getId()));
        }
        // 3) 否则：查该部门下直属的二级机构
        LambdaQueryWrapper<SupDepart> wrapper = new LambdaQueryWrapper<>();
        wrapper.eq(SupDepart::getPid, departId);
        wrapper.eq(SupDepart::getLevel, SECOND_LEVEL_VALUE);
        List<SupDepart> seconds = supDepartMapper.selectList(wrapper);
        if (CollectionUtil.isEmpty(seconds)) {
            return Collections.emptySet();
        }
        return seconds.stream()
                .map(SupDepart::getId)
                .filter(StrUtil::isNotBlank)
                .collect(Collectors.toSet());
    }
 }
--- a/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java
+++ b/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java
@ -218,11 +218,35 @@ public class ComplaintCollectionServiceImpl implements ComplaintCollectionServic
        }
        if (!AppConstants.USER_TYPE_SUPER.equals(user.getUserType())) {
            if (user.getRoleCodes().contains(RoleCodeEnum.SECOND_ADMIN.getCode())) {
-                param.setSecondDepartIds(new HashSet<>(user.getAuthDepartIds()));
+                // 1) 用户可见范围（你说的“显示用户看到信息”）
                Set<String> visibleSecondIds = new HashSet<>(user.getAuthDepartIds());
                // 2) 前端如果传了 secondDepartId（可能是二级或上级），展开成“二级机构ID集合”
                if (StrUtil.isNotBlank(request.getSecondDepartId())) {
                    Set<String> querySecondIds = supDepartResourceService.expandToSecondDepartIds(request.getSecondDepartId());
                    // 3) 取交集：避免越权
                    visibleSecondIds.retainAll(querySecondIds);
                }
                // 4) 交集为空：直接无权限/无数据
                if (CollectionUtil.isEmpty(visibleSecondIds)) {
                    return Result.success(ComplaintCollectionPageVo.noAuthVo());
                }
                // 5) 最终生效的查询条件
                param.setSecondDepartIds(visibleSecondIds);
            } else if (user.getRoleCodes().contains(RoleCodeEnum.THREE_ADMIN.getCode())) {
                // 三级管理员：不允许看
                return Result.success(ComplaintCollectionPageVo.noAuthVo());
            }
        }else {
            // 超管：也支持“前端传上级 -> 展开二级”查询（不做权限交集）
            if (StrUtil.isNotBlank(request.getSecondDepartId())) {
                Set<String> querySecondIds = supDepartResourceService.expandToSecondDepartIds(request.getSecondDepartId());
                if (CollectionUtil.isNotEmpty(querySecondIds)) {
                    param.setSecondDepartIds(querySecondIds);
                } else {
                    return Result.success(ComplaintCollectionPageVo.noAuthVo());
                }
            }
        }
        IPage<ComplaintCollection> page = complaintCollectionResourceService.pageQuery(param);
        List<ComplaintCollection> records = page.getRecords();
        List<ComplaintCollectionPageDTO> complaintCollectionPageDTOS = ComplaintCollectionTransfer.INSTANCE.entityToPageDTOList(records);