贸易订单数据权限控制

sckw-modules/sckw-report/src/main/java/com/sckw/report/service/KwOrderService.java

@@ -138,84 +138,111 @@ public class KwOrderService {
     private Criteria buildCriteria(TradeOrderListStatisticParam params, Boolean isStatistic) {
         Long entId = LoginUserHolder.getEntId();
         Long userId = LoginUserHolder.getUserId();
-        Criteria criteria = new Criteria();
         String topEnt = Objects.equals(params.getOrderType(), 1) ? "procureTopEntId" : "supplyTopEntId";
-        criteria.and(topEnt).is(entId).and("delFlag").is(0);
+        Criteria dataPermission = getDataPermissions(params.getOrderType());
+        //订单状态
+        Criteria statusCriteria;
+        if (Objects.nonNull(params.getStatus()) && !isStatistic) {
+            statusCriteria = new Criteria().and("status").is(params.getStatus());
+            if (Objects.equals(params.getStatus(), 0)) {
+                //草稿状态只能创建订单的人能看
+                statusCriteria.and("createBy").is(userId);
+            }
+        } else {
+            //非草稿状态or草稿状态且是当前人
+            statusCriteria = new Criteria().orOperator(Criteria.where("status").ne(0),
+                    new Criteria().andOperator(Criteria.where("status").is(0),
+                            Criteria.where("createBy").is(userId)));
+        }
+        //匹配条件
+        Criteria condition = new Criteria();
+        condition.and("delFlag").is(0);
         //日期范围
         if (Objects.nonNull(params.getStartCreateTime()) && Objects.nonNull(params.getEndCreateTime())) {
-            criteria.and("createTime").gte(params.getStartCreateTime()).lte(params.getEndCreateTime());
+            condition.and("createTime").gte(params.getStartCreateTime()).lte(params.getEndCreateTime());
         } else if (Objects.nonNull(params.getStartCreateTime())) {
-            criteria.and("createTime").gte(params.getStartCreateTime());
+            condition.and("createTime").gte(params.getStartCreateTime());
         } else if (Objects.nonNull(params.getEndCreateTime())) {
-            criteria.and("createTime").lte(params.getEndCreateTime());
+            condition.and("createTime").lte(params.getEndCreateTime());
         }
         //装卸货地址
         String loadCode = params.getShippingAddressCode();
         if (StringUtils.isNotBlank(loadCode)) {
             switch (params.getShippingAddressLevel()) {
-                case 1 -> criteria.and("loadCityCode")
+                case 1 -> condition.and("loadCityCode")
                         .regex(Pattern.compile("^" + loadCode.substring(0, 2) + ".*$", Pattern.CASE_INSENSITIVE));
-                case 2 -> criteria.and("loadCityCode")
+                case 2 -> condition.and("loadCityCode")
                         .regex(Pattern.compile("^" + loadCode.substring(0, 4) + ".*$", Pattern.CASE_INSENSITIVE));
-                case 3 -> criteria.and("loadCityCode").is(loadCode);
+                case 3 -> condition.and("loadCityCode").is(loadCode);
             }
         }
         String unloadCode = params.getUnloadingAddressCode();
         if (StringUtils.isNotBlank(unloadCode)) {
             switch (params.getUnloadingAddressLevel()) {
-                case 1 -> criteria.and("unloadCityCode")
+                case 1 -> condition.and("unloadCityCode")
                         .regex(Pattern.compile("^" + unloadCode.substring(0, 2) + ".*$", Pattern.CASE_INSENSITIVE));
-                case 2 -> criteria.and("unloadCityCode")
+                case 2 -> condition.and("unloadCityCode")
                         .regex(Pattern.compile("^" + unloadCode.substring(0, 4) + ".*$", Pattern.CASE_INSENSITIVE));
-                case 3 -> criteria.and("unloadCityCode").is(unloadCode);
+                case 3 -> condition.and("unloadCityCode").is(unloadCode);
             }
         }
         //提货方式
         if (StringUtils.isNotBlank(params.getPickupType())) {
-            criteria.and("pickupType").is(params.getPickupType());
+            condition.and("pickupType").is(params.getPickupType());
         }
         //交易方式
         if (StringUtils.isNotBlank(params.getTrading())) {
-            criteria.and("trading").is(params.getTrading());
+            condition.and("trading").is(params.getTrading());
         }
         //交付类型
         if (StringUtils.isNotBlank(params.getDeliveryType())) {
-            criteria.and("deliveryType").is(params.getDeliveryType());
+            condition.and("deliveryType").is(params.getDeliveryType());
         }
         //下单方式
         if (StringUtils.isNotBlank(params.getSource())) {
-            criteria.and("source").is(params.getSource());
-        }
-        List<Criteria> orOperators = new ArrayList<>();
-        //订单状态
-        if (Objects.nonNull(params.getStatus()) && !isStatistic) {
-            criteria.and("status").is(params.getStatus());
-            if (Objects.equals(params.getStatus(), 0)) {
-                //草稿状态只能创建订单的人能看
-                criteria.and("createBy").is(userId);
-            }
-        } else {
-            //非草稿状态且一级企业匹配or草稿状态且是当前人
-            Criteria orOperator = new Criteria().orOperator(
-                    Criteria.where("status").ne(0),
-                    new Criteria().andOperator(Criteria.where("status").is(0),
-                            Criteria.where("createBy").is(userId)));
-            orOperators.add(orOperator);
+            condition.and("source").is(params.getSource());
         }
+        Criteria criteria = new Criteria().and(topEnt).is(entId);
         //关键字模糊匹配
         if (StringUtils.isNotBlank(params.getKeywords())) {
             Pattern pattern = Pattern.compile("^.*" + params.getKeywords() + ".*$", Pattern.CASE_INSENSITIVE);
-            Criteria orOperator = new Criteria().orOperator(
+            Criteria keywordsMatch = new Criteria().orOperator(
                     Criteria.where("tOrderNo").regex(pattern), Criteria.where("procureFirmName").regex(pattern),
                     Criteria.where("supplyFirmName").regex(pattern), Criteria.where("goodsName").regex(pattern));
-            orOperators.add(orOperator);
-        }
-        if (CollectionUtils.isNotEmpty(orOperators)) {
-            criteria.andOperator(orOperators);
+            criteria.andOperator(dataPermission, statusCriteria, condition, keywordsMatch);
+        } else {
+            criteria.andOperator(dataPermission, statusCriteria, condition);
         }
         return criteria;
     }
 
+    /**
+     * @desc: 数据权限组装
+     * @author: yzc
+     * @date: 2023-09-08 18:02
+     * @Param orderType:
+     * @return: org.springframework.data.mongodb.core.query.Criteria
+     */
+    private Criteria getDataPermissions(Integer orderType) {
+        Long entId = LoginUserHolder.getEntId();
+        Integer isMain = LoginUserHolder.getIsMain();
+        List<Long> authUserIdList = LoginUserHolder.getAuthUserIdList();
+        //数据权限
+        String topEnt = Objects.equals(orderType, 1) ? "procureTopEntId" : "supplyTopEntId";
+        String contactsId = Objects.equals(orderType, 1) ? "procureContactsId" : "supplyContactsId";
+        Criteria criteria1, criteria2;
+        if (Objects.equals(isMain, 0)) {
+            criteria1 = new Criteria().andOperator(Criteria.where("ent_id").is(entId),
+                    Criteria.where("create_by").in(authUserIdList));
+            criteria2 = new Criteria().andOperator(Criteria.where(topEnt).is(entId),
+                    Criteria.where(contactsId).in(authUserIdList));
+        } else {
+            criteria1 = new Criteria().andOperator(Criteria.where("ent_id").is(entId));
+            criteria2 = new Criteria().andOperator(Criteria.where(topEnt).is(entId));
+        }
+        return new Criteria().orOperator(criteria1, criteria2);
+    }
+
     /**
      * @desc: 贸易订单列表统计查询
      * @author: yzc
@@ -272,6 +299,8 @@ public class KwOrderService {
         List<Integer> status = Arrays.asList(1, 4, 5, 7);
         Criteria criteria = new Criteria();
         criteria.and(topEnt).is(entId).and("status").in(status).and("delFlag").is(0);
+        Criteria dataPermissions = getDataPermissions(params.getOrderType());
+        criteria.andOperator(dataPermissions);
         Aggregation aggregation = Aggregation.newAggregation(
                 Aggregation.match(criteria),
                 Aggregation.group("status").count().as("total"),