总后台，订单相关数据权限隔离+导出

fs-admin/src/main/java/com/fs/hisStore/controller/FsStoreAfterSalesScrmController.java

@@ -7,6 +7,7 @@ import com.fs.common.annotation.Log;
 import com.fs.common.core.controller.BaseController;
 import com.fs.common.core.domain.AjaxResult;
 import com.fs.common.core.domain.R;
+import com.fs.common.core.domain.entity.SysDept;
 import com.fs.common.core.domain.model.LoginUser;
 import com.fs.common.core.page.TableDataInfo;
 import com.fs.common.enums.BusinessType;
@@ -28,6 +29,7 @@ import com.fs.hisStore.param.FsStoreAfterSalesCancelParam;
 import com.fs.hisStore.param.FsStoreAfterSalesRefundParam;
 import com.fs.hisStore.service.*;
 import com.fs.hisStore.vo.FsStoreAfterSalesVO;
+import com.fs.system.mapper.SysDeptMapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
@@ -74,6 +76,9 @@ public class FsStoreAfterSalesScrmController extends BaseController
     @Autowired
     private IFsExpressService expressService;
 
+    @Autowired
+    private SysDeptMapper sysDeptMapper;
+
     /**
      * 查询售后记录列表
      */
@@ -81,6 +86,8 @@ public class FsStoreAfterSalesScrmController extends BaseController
     @GetMapping("/list")
     public TableDataInfo list(FsStoreAfterSalesScrm fsStoreAfterSales)
     {
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤销售公司订单
+        this.applyDeptDataScope(fsStoreAfterSales);
         startPage();
         List<FsStoreAfterSalesVO> list = fsStoreAfterSalesService.selectFsStoreAfterSalesListVO(fsStoreAfterSales);
         for (FsStoreAfterSalesVO vo : list){
@@ -97,7 +104,9 @@ public class FsStoreAfterSalesScrmController extends BaseController
     @GetMapping("/export")
     public AjaxResult export(FsStoreAfterSalesScrm fsStoreAfterSales)
     {
-        if (fsStoreAfterSales.getBeginTime().equals("") && fsStoreAfterSales.getEndTime().equals("")){
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤销售公司订单
+        this.applyDeptDataScope(fsStoreAfterSales);
+        if (fsStoreAfterSales.getBeginTime() == null && fsStoreAfterSales.getEndTime() == null){
             fsStoreAfterSales.setBeginTime(null);
             fsStoreAfterSales.setEndTime(null);
         }
@@ -286,4 +295,36 @@ public class FsStoreAfterSalesScrmController extends BaseController
         return R.ok().put("data",vo);
     }
 
+    /**
+     * 数据隔离：admin 看全部；其它账号按登录用户所属部门ID过滤（含下级部门），
+     * 过滤走 company.dept_id（商城订单 company_id 为空，left join 后 c.dept_id 为空，自然不展示）
+     */
+    private void applyDeptDataScope(FsStoreAfterSalesScrm param) {
+        if (param == null) {
+            return;
+        }
+        try {
+            LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+            if (loginUser != null && !loginUser.isAdmin()
+                    && !checkDept(loginUser.getUser().getDeptId())) {
+                param.setDeptId(loginUser.getDeptId());
+            }
+        } catch (Exception ignore) {
+        }
+    }
+
+    /**
+     * 判断是否总公司部门（deptId=1），总公司账号视为看全部
+     */
+    public boolean checkDept(Long deptId) {
+        if (deptId == null) {
+            return false;
+        }
+        SysDept dept = sysDeptMapper.selectDeptById(deptId);
+        if (dept == null || !dept.getDeptId().equals(1L)) {
+            return false;
+        }
+        return true;
+    }
+
 }

fs-admin/src/main/java/com/fs/hisStore/controller/FsStoreOrderScrmController.java

@@ -53,8 +53,10 @@ import com.fs.hisStore.mapper.FsStoreVerifyCodeScrmMapper;
 import com.fs.hisStore.param.*;
 import com.fs.hisStore.service.*;
 import com.fs.hisStore.vo.*;
+import com.fs.common.core.domain.entity.SysDept;
 import com.fs.system.domain.SysConfig;
 import com.fs.system.mapper.SysConfigMapper;
+import com.fs.system.mapper.SysDeptMapper;
 import io.swagger.annotations.ApiOperation;
 import me.chanjar.weixin.mp.bean.card.Abstract;
 import org.springframework.beans.BeanUtils;
@@ -130,6 +132,9 @@ public class FsStoreOrderScrmController extends BaseController {
     @Autowired
     SysConfigMapper sysConfigMapper;
 
+    @Autowired
+    private SysDeptMapper sysDeptMapper;
+
     @Autowired
     private IFsDfAccountService fsDfAccountService;
 
@@ -183,6 +188,8 @@ public class FsStoreOrderScrmController extends BaseController {
     @PostMapping("/list")
     public TableDataInfo list(@RequestBody FsStoreOrderParam param) {
         startPage();
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤（含下级部门）
+        this.applyDeptDataScope(param);
         if(!StringUtils.isEmpty(param.getCreateTimeRange())){
             param.setCreateTimeList(param.getCreateTimeRange().split("--"));
         }
@@ -308,8 +315,10 @@ public class FsStoreOrderScrmController extends BaseController {
      */
     @PreAuthorize("@ss.hasPermi('store:storeOrder:export')")
     @Log(title = "订单", businessType = BusinessType.EXPORT)
-    @PostMapping("/export")
-    public AjaxResult export(@RequestBody FsStoreOrderParam param) {
+    @GetMapping("/export")
+    public AjaxResult export(FsStoreOrderParam param) {
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤（含下级部门）
+        this.applyDeptDataScope(param);
         if ("".equals(param.getBeginTime()) && "".equals(param.getEndTime())){
             param.setBeginTime(null);
             param.setEndTime(null);
@@ -374,8 +383,10 @@ public class FsStoreOrderScrmController extends BaseController {
      */
     @PreAuthorize("@ss.hasPermi('store:storeOrder:export:details')")
     @Log(title = "订单", businessType = BusinessType.EXPORT)
-    @PostMapping("/exportDetails")
-    public AjaxResult exportDetails(@RequestBody FsStoreOrderParam param) {
+    @GetMapping("/exportDetails")
+    public AjaxResult exportDetails(FsStoreOrderParam param) {
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤（含下级部门）
+        this.applyDeptDataScope(param);
         if ("".equals(param.getBeginTime()) && "".equals(param.getEndTime())){
             param.setBeginTime(null);
             param.setEndTime(null);
@@ -421,6 +432,8 @@ public class FsStoreOrderScrmController extends BaseController {
     @Log(title = "订单明细导出", businessType = BusinessType.EXPORT)
     @GetMapping("/exportItems")
     public AjaxResult exportItems(FsStoreOrderParam param) {
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤（含下级部门）
+        this.applyDeptDataScope(param);
         if ("".equals(param.getBeginTime()) && "".equals(param.getEndTime())){
             param.setBeginTime(null);
             param.setEndTime(null);
@@ -472,6 +485,8 @@ public class FsStoreOrderScrmController extends BaseController {
     @Log(title = "订单明细导出", businessType = BusinessType.EXPORT)
     @GetMapping("/exportItemsDetails")
     public AjaxResult exportItemsDetails(FsStoreOrderParam param) {
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤（含下级部门）
+        this.applyDeptDataScope(param);
         if ("".equals(param.getBeginTime()) && "".equals(param.getEndTime())){
             param.setBeginTime(null);
             param.setEndTime(null);
@@ -511,7 +526,8 @@ public class FsStoreOrderScrmController extends BaseController {
 
     @GetMapping("/orderItemsNum")
     public R orderItemsNum(FsStoreOrderParam param) {
-
+        // 数据隔离：非超级管理员且非总公司部门时，按登录用户部门ID过滤（含下级部门）
+        this.applyDeptDataScope(param);
         if(!StringUtils.isEmpty(param.getCreateTimeRange())){
             param.setCreateTimeList(param.getCreateTimeRange().split("--"));
         }
@@ -1082,4 +1098,36 @@ public class FsStoreOrderScrmController extends BaseController {
         }
         return df;
     }
+
+    /**
+     * 数据隔离：非超级管理员且非总公司部门(deptId=1)时，限定 deptId 为登录用户部门
+     * SQL 层会匹配该部门及其下级部门的订单
+     */
+    private void applyDeptDataScope(FsStoreOrderParam param) {
+        if (param == null) {
+            return;
+        }
+        try {
+            LoginUser loginUser = tokenService.getLoginUser(ServletUtils.getRequest());
+            if (loginUser != null && !loginUser.isAdmin()
+                    && !checkDept(loginUser.getUser().getDeptId())) {
+                param.setDeptId(loginUser.getDeptId());
+            }
+        } catch (Exception ignore) {
+        }
+    }
+
+    /**
+     * 校验是否为总公司部门（deptId = 1）
+     */
+    public boolean checkDept(Long deptId) {
+        if (deptId == null) {
+            return false;
+        }
+        SysDept dept = sysDeptMapper.selectDeptById(deptId);
+        if (dept == null || !dept.getDeptId().equals(1L)) {
+            return false;
+        }
+        return true;
+    }
 }

fs-service/src/main/java/com/fs/hisStore/mapper/FsStoreAfterSalesScrmMapper.java

@@ -152,7 +152,7 @@ public interface FsStoreAfterSalesScrmMapper
             " AND date_format(s.create_time,'%y%m%d') <= date_format(#{maps.endTime},'%y%m%d') " +
             "</if>" +
             "<if test = 'maps.deptId != null    '> " +
-            "  AND (o.dept_id = #{maps.deptId} OR o.dept_id IN ( SELECT t.dept_id FROM company_dept t WHERE find_in_set(#{maps.deptId}, ancestors) )) " +
+            "  AND c.dept_id = #{maps.deptId} " +
             "</if>" +
             "<if test = 'maps.storeName != null and maps.storeName != \"\"   '> " +
             " AND ssc.store_name  like CONCAT('%',#{maps.storeName},'%')  " +

fs-service/src/main/java/com/fs/hisStore/mapper/FsStoreOrderItemScrmMapper.java

@@ -140,6 +140,9 @@ public interface FsStoreOrderItemScrmMapper
             "<if test = 'maps.scheduleId != null    '> " +
             "and o.schedule_id =#{maps.scheduleId} " +
             "</if>" +
+            "<if test = 'maps.deptId != null    '> " +
+            "  AND c.dept_id = #{maps.deptId} " +
+            "</if>" +
             " order by o.id desc limit 50000"+
             "</script>"})
     List<FsStoreOrderItemExportVO> selectFsStoreOrderItemListExportVO(@Param("maps")FsStoreOrderParam fsStoreOrder);
@@ -247,6 +250,9 @@ public interface FsStoreOrderItemScrmMapper
             "            <if test=\"maps.erpAccount == '未分拣'\">\n" +
             "                and ( df.login_account is null or df.login_account like '')\n" +
             "            </if>" +
+            "<if test = 'maps.deptId != null    '> " +
+            "   AND c.dept_id = #{maps.deptId}  " +
+            "</if>" +
             " order by o.id desc "+
             "</script>"})
     Long itemsCount(@Param("maps")FsStoreOrderParam fsStoreOrder);

fs-service/src/main/java/com/fs/hisStore/mapper/FsStoreOrderScrmMapper.java

@@ -732,7 +732,7 @@ public interface FsStoreOrderScrmMapper extends BaseMapper<FsStoreOrderScrm>
             " AND date_format(o.delivery_import_time,'%y%m%d') &lt;= date_format(#{maps.deliveryImportTimeList[1]},'%y%m%d') " +
             "</if>" +
             "<if test = 'maps.deptId != null    '> " +
-            "  AND (o.dept_id = #{maps.deptId} OR o.dept_id IN ( SELECT t.dept_id FROM company_dept t WHERE find_in_set(#{maps.deptId}, ancestors) )) " +
+            "  AND c.dept_id = #{maps.deptId}  " +
             "</if>" +
             "<if test = 'maps.isUpload != null and maps.isUpload == 0    '> " +
             "and o.certificates is null  " +
@@ -887,7 +887,7 @@ public interface FsStoreOrderScrmMapper extends BaseMapper<FsStoreOrderScrm>
             " AND date_format(o.delivery_import_time,'%y%m%d') &lt;= date_format(#{maps.deliveryImportTimeList[1]},'%y%m%d') " +
             "</if>" +
             "<if test = 'maps.deptId != null    '> " +
-            "  AND (o.dept_id = #{maps.deptId} OR o.dept_id IN ( SELECT t.dept_id FROM company_dept t WHERE find_in_set(#{maps.deptId}, ancestors) )) " +
+            "  AND c.dept_id = #{maps.deptId} " +
             "</if>" +
             " ${maps.params.dataScope} "+
             " order by o.id desc "+

fs-service/src/main/resources/mapper/hisStore/FsStoreOrderScrmMapper.xml

@@ -1736,7 +1736,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
                 AND date_format(o.delivery_import_time,'%y%m%d') <= date_format(#{maps.deliveryImportTimeList[1]},'%y%m%d')
             </if>
             <if test="maps.deptId != null     ">
-                AND (o.dept_id = #{maps.deptId} OR o.dept_id IN ( SELECT t.dept_id FROM company_dept t WHERE find_in_set(#{maps.deptId}, ancestors) ))
+                AND c.dept_id = #{maps.deptId}
             </if>
             <if test="maps.erpPhoneNumber != null and maps.erpPhoneNumber != ''">
                 and o.erp_phone like concat(#{maps.erpPhoneNumber},'%')