相关方人员审核功能不能委托主账号审核信息

liujun-2024-05-23-接口漏洞修复
liujun 2024-04-25 14:11:30 +08:00
parent 1dd6b0fdea
commit 68c9d00ab0
1 changed files with 14 additions and 1 deletions

View File

@ -9,6 +9,7 @@ import com.zcloud.flow.xgf.util.XgfFlowDto;
import com.zcloud.mapper.datasource.bus.CorpInfoMapper;
import com.zcloud.mapper.datasource.xgf.*;
import com.zcloud.service.system.DepartmentService;
import com.zcloud.service.system.UsersService;
import com.zcloud.service.xgf.XgfUserService;
import com.zcloud.util.*;
import org.apache.commons.lang3.StringUtils;
@ -55,6 +56,9 @@ public class XgfUserServiceImpl implements XgfUserService {
@Resource
private FlowExecutor flowExecutor;
@Resource
private UsersService usersService;
@Override
public void save(PageData pd) throws Exception {
xgfUserMapper.save(pd);
@ -1018,10 +1022,19 @@ public class XgfUserServiceImpl implements XgfUserService {
if (_list == null || _list.size() == 0) {
throw new RuntimeException("请求数据异常");
}
PageData condition = new PageData();
condition.put("USER_ID",request.getString("APPOINT_USER_ID"));
PageData userInfo = usersService.findById(condition);
if (userInfo != null && userInfo.size() > 0 && userInfo.get("ISMAIN") != null){
if ("1".equals(userInfo.getString("ISMAIN"))){
throw new RuntimeException("审批人不能指定主账号");
}
}
List<String> list = _list.stream().map(x -> x.getString("XGF_USER_ID")).collect(Collectors.toList());
PageData condition = new PageData();
for (String x : list) {
condition.clear();
condition.put("FLOWS_ID", x);
PageData flows = xgfFlowsMapper.findById(condition);
if (flows == null || flows.size() == 0) {