fix: SCA扫描漏洞处理(Access Control: Database)

配置文件新增配置：auth-key-auth-enabled，若未设置则不进行权限拦截判断。若影响业务，可以直接将其删除。 Access Control: Database(访问控制：数据库) Links https://docs.qq.com/sheet/DTkRSaWhSZXBlaldN?tab=000008&_t=1711087563249 (No.1)

fix: SCA扫描漏洞处理(Access Control: Database)
4419914b · 李秀明 · 788d12a0 · 4419914b · 4419914b · 4419914b
Commit 4419914b authored Mar 27, 2024 by 李秀明
3 changed files
--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-common-biz/src/main/java/com/yeejoin/amos/boot/module/common/biz/controller/OrgUsrController.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-common-biz/src/main/java/com/yeejoin/amos/boot/module/common/biz/controller/OrgUsrController.java
@@ -1170,10 +1170,9 @@ public class OrgUsrController extends BaseController {
 		//9891 按照测试要求转成人员管理信息且按换流站过滤
 		List<Map> map = new ArrayList<>();
-		// 权限处理
-		PermissionInterceptorContext.setDataAuthRule(authKey);
 		objects.stream().forEach(e->{
+			// 权限处理
+			PermissionInterceptorContext.setDataAuthRule(authKey);
 			OrgUsr orgUsr = orgUsrMapper.queryByUserId(Long.valueOf(e.get("userId").toString()));
 			if (!ObjectUtils.isEmpty(orgUsr) && orgUsr.getBizOrgCode().startsWith(bizOrgCode)){
 				e.put("realName",orgUsr.getBizOrgName());

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-common-biz/src/main/java/com/yeejoin/amos/boot/module/common/biz/service/impl/DutyCarServiceImpl.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-common-biz/src/main/java/com/yeejoin/amos/boot/module/common/biz/service/impl/DutyCarServiceImpl.java
@@ -182,6 +182,8 @@ public class DutyCarServiceImpl extends DutyCommonServiceImpl implements IDutyCa
 				String[] instanceIds = instanceId.split(",");
+						// 权限处理
+						PermissionInterceptorContext.setDataAuthRule(authKey);
 						// 获取当前装备ID下的排版数据
 						List<Map<String, Object>> specifyDateList = dutyPersonShiftMapper.getPositionStaffDutyForSpecifyDate(dutyDay,
 								this.getGroupCode(), instanceIds,null, fieldCode);

--- a/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/BuildingServiceImpl.java
+++ b/amos-boot-module/amos-boot-module-biz/amos-boot-module-equip-biz/src/main/java/com/yeejoin/equipmanage/service/impl/BuildingServiceImpl.java
@@ -387,10 +387,10 @@ public class BuildingServiceImpl extends ServiceImpl<BuildingMapper, Building> i
    @Override
    @Transactional(rollbackFor = {Exception.class, BaseException.class})
    public Object updateForm(Long instanceId, String orgCode, Map<String, Object> map, String groupCode) {
-        // 权限处理
-        PermissionInterceptorContext.setDataAuthRule(authKeyEnable);
        if (StringUtil.isNotEmpty(groupCode)) {
            map.keySet().forEach(x -> {
+                // 权限处理
+                PermissionInterceptorContext.setDataAuthRule(authKeyEnable);
                formInstanceMapper.updateFormFieldValue(instanceId, x, String.valueOf(map.get(x)));
            });
            return CommonResponseUtil.success();