From 1b25f2b5c34afc887bcb9889dbca44b96bab725f Mon Sep 17 00:00:00 2001 From: zhaokai Date: Thu, 5 Mar 2026 11:11:50 +0800 Subject: [PATCH] =?UTF-8?q?fix(security):=20=E5=90=AF=E7=94=A8=E6=8E=A7?= =?UTF-8?q?=E5=88=B6=E5=99=A8=E6=9D=83=E9=99=90=E9=AA=8C=E8=AF=81=E5=B9=B6?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=95=B0=E6=8D=AE=E5=BA=93=E5=85=B3=E8=81=94?= =?UTF-8?q?=E6=9F=A5=E8=AF=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/zcloud/domain/web/DomainDepartmentController.java | 2 +- .../java/com/zcloud/domain/web/DomainGroupController.java | 2 +- .../java/com/zcloud/domain/web/ProjectTaskController.java | 4 ++-- .../src/main/resources/mapper/ProjectTaskMapper.xml | 2 ++ 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java b/web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java index 56a4d51..0d399ab 100644 --- a/web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java +++ b/web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java @@ -44,7 +44,7 @@ public class DomainDepartmentController { @ApiOperation("分页") @PostMapping("/list") -// @PreAuthorize("@pms.hasAnyPermission('lybmgl')") + @PreAuthorize("@pms.hasAnyPermission('lybmgl')") public PageResponse page(@RequestBody DomainDepartmentPageQry qry) { return domainDepartmentService.listPage(qry); } diff --git a/web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java b/web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java index a003326..ac1f2f7 100644 --- a/web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java +++ b/web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java @@ -50,7 +50,7 @@ public class DomainGroupController { @ApiOperation("领域组分页") @PostMapping("/list") -// @PreAuthorize("@pms.hasAnyPermission('lyzgl')") + @PreAuthorize("@pms.hasAnyPermission('lyzgl')") public PageResponse page(@RequestBody DomainGroupPageQry qry) { return domainGroupService.listPage(qry); } diff --git a/web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java b/web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java index 39597ac..e4cb4a8 100644 --- a/web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java +++ b/web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java @@ -43,14 +43,14 @@ public class ProjectTaskController { @ApiOperation("课题任务分页") @PostMapping("/projectPage") -// @PreAuthorize("@pms.hasAnyPermission('gfd-ktrw','qyd-ktrw')") + @PreAuthorize("@pms.hasAnyPermission('gfd-ktrw','qyd-ktrw')") public PageResponse listPage(@RequestBody ProjectTaskPageQry qry) { return projectTaskService.listPage(qry); } @ApiOperation("课题评分分页") @PostMapping("/projectScorepage") -// @PreAuthorize("@pms.hasAnyPermission('gfd-ktpf','qyd-ktpf')") + @PreAuthorize("@pms.hasAnyPermission('gfd-ktpf','qyd-ktpf')") public PageResponse projectScorepage(@RequestBody ProjectTaskPageQry qry) { return projectTaskService.listPage(qry); } diff --git a/web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml b/web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml index 12bfff8..5c8a43b 100644 --- a/web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml +++ b/web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml @@ -11,6 +11,8 @@ on pt.domain_department_id = dd.domain_department_id and dd.delete_enum = 'false' left join corp_info c on c.id = pt.execute_corpinfo_id left join department d on d.id = dd.master_department_id + left join project_task_score_info ptsi on ptsi.project_task_id = pt.project_task_id + left join project_task_group_user pti on pti.project_task_id = pt.project_task_id where pt.delete_enum = 'false' and pt.domain_type = #{params.domainType}