Skip to content

A
amos-boot-biz
Commit 12f3ae08 authored by tianbo's avatar tianbo
Browse files
Options

fix(safety-problem): 修复安全问题追溯查询权限控制

- 防止越权查询其他组织的安全问题数据 - 当治理机构组织代码不以当前公司组织代码开头时返回空结果
parent 505579ff
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
amos-boot-system-tzs/amos-boot-module-jg/amos-boot-module-jg-biz/src/main/java/com/yeejoin/amos/boot/module/jg/biz/controller/SafetyProblemTracingController.java
View file @ 12f3ae08
......@@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.typroject.tyboot.core.foundation.enumeration.UserType;
import org.typroject.tyboot.core.foundation.utils.ValidationUtil;
import org.typroject.tyboot.core.restful.doc.TycloudOperation;
import org.typroject.tyboot.core.restful.utils.ResponseHelper;
import org.typroject.tyboot.core.restful.utils.ResponseModel;
......@@ -110,7 +111,11 @@ public class SafetyProblemTracingController extends BaseController {
Page<SafetyProblemTracingDto> page = new Page<>();
page.setCurrent(current);
page.setSize(size);
problemModel.setGoverningBodyOrgCode(loginParams.getCompany().getOrgCode());
if (!ValidationUtil.isEmpty(problemModel.getGoverningBodyOrgCode())) {
if (!problemModel.getGoverningBodyOrgCode().startsWith(loginParams.getCompany().getOrgCode())) {
return ResponseHelper.buildResponse(new Page<>());
}
}
return ResponseHelper.buildResponse(safetyProblemTracingServiceImpl.queryForSafetyProblemTracingPage(page, problemModel));
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment