fix(safety-problem): 修复安全问题追溯查询权限控制

- 防止越权查询其他组织的安全问题数据 - 当治理机构组织代码不以当前公司组织代码开头时返回空结果

fix(safety-problem): 修复安全问题追溯查询权限控制
12f3ae08 · tianbo · 505579ff · 12f3ae08
Commit 12f3ae08 authored Apr 02, 2026 by tianbo
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

SafetyProblemTracingController.java ...ule/jg/biz/controller/SafetyProblemTracingController.java +6 -1

No files found.
--- a/amos-boot-system-tzs/amos-boot-module-jg/amos-boot-module-jg-biz/src/main/java/com/yeejoin/amos/boot/module/jg/biz/controller/SafetyProblemTracingController.java
+++ b/amos-boot-system-tzs/amos-boot-module-jg/amos-boot-module-jg-biz/src/main/java/com/yeejoin/amos/boot/module/jg/biz/controller/SafetyProblemTracingController.java
@@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.typroject.tyboot.core.foundation.enumeration.UserType;
+import org.typroject.tyboot.core.foundation.utils.ValidationUtil;
 import org.typroject.tyboot.core.restful.doc.TycloudOperation;
 import org.typroject.tyboot.core.restful.utils.ResponseHelper;
 import org.typroject.tyboot.core.restful.utils.ResponseModel;
@@ -110,7 +111,11 @@ public class SafetyProblemTracingController extends BaseController {
 		Page<SafetyProblemTracingDto> page = new Page<>();
 		page.setCurrent(current);
 		page.setSize(size);
-		problemModel.setGoverningBodyOrgCode(loginParams.getCompany().getOrgCode());
+		if (!ValidationUtil.isEmpty(problemModel.getGoverningBodyOrgCode())) {
+			if (!problemModel.getGoverningBodyOrgCode().startsWith(loginParams.getCompany().getOrgCode())) {
+				return ResponseHelper.buildResponse(new Page<>());
+			}
+		}
 		return ResponseHelper.buildResponse(safetyProblemTracingServiceImpl.queryForSafetyProblemTracingPage(page, problemModel));
 	}