zcloud_gbs
/
zcloud_gbs_domain
15
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(security): 启用控制器权限验证并添加数据库关联查询

master
zhaokai 2026-03-05 11:11:50 +08:00
parent 0dabd2b9a3
commit 1b25f2b5c3
4 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java
View File

@ -44,7 +44,7 @@ public class DomainDepartmentController {
@ApiOperation("分页") @ApiOperation("分页")
@PostMapping("/list") @PostMapping("/list")
// @PreAuthorize("@pms.hasAnyPermission('lybmgl')") @PreAuthorize("@pms.hasAnyPermission('lybmgl')")
public PageResponse<DomainDepartmentListCO> page(@RequestBody DomainDepartmentPageQry qry) { public PageResponse<DomainDepartmentListCO> page(@RequestBody DomainDepartmentPageQry qry) {
return domainDepartmentService.listPage(qry); return domainDepartmentService.listPage(qry);
} }

2
web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java
View File

@ -50,7 +50,7 @@ public class DomainGroupController {
@ApiOperation("领域组分页") @ApiOperation("领域组分页")
@PostMapping("/list") @PostMapping("/list")
// @PreAuthorize("@pms.hasAnyPermission('lyzgl')") @PreAuthorize("@pms.hasAnyPermission('lyzgl')")
public PageResponse<DomainGroupCO> page(@RequestBody DomainGroupPageQry qry) { public PageResponse<DomainGroupCO> page(@RequestBody DomainGroupPageQry qry) {
return domainGroupService.listPage(qry); return domainGroupService.listPage(qry);
} }

4
web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java
View File

@ -43,14 +43,14 @@ public class ProjectTaskController {
@ApiOperation("课题任务分页") @ApiOperation("课题任务分页")
@PostMapping("/projectPage") @PostMapping("/projectPage")
// @PreAuthorize("@pms.hasAnyPermission('gfd-ktrw','qyd-ktrw')") @PreAuthorize("@pms.hasAnyPermission('gfd-ktrw','qyd-ktrw')")
public PageResponse<ProjectTaskCO> listPage(@RequestBody ProjectTaskPageQry qry) { public PageResponse<ProjectTaskCO> listPage(@RequestBody ProjectTaskPageQry qry) {
return projectTaskService.listPage(qry); return projectTaskService.listPage(qry);
} }
@ApiOperation("课题评分分页") @ApiOperation("课题评分分页")
@PostMapping("/projectScorepage") @PostMapping("/projectScorepage")
// @PreAuthorize("@pms.hasAnyPermission('gfd-ktpf','qyd-ktpf')") @PreAuthorize("@pms.hasAnyPermission('gfd-ktpf','qyd-ktpf')")
public PageResponse<ProjectTaskCO> projectScorepage(@RequestBody ProjectTaskPageQry qry) { public PageResponse<ProjectTaskCO> projectScorepage(@RequestBody ProjectTaskPageQry qry) {
return projectTaskService.listPage(qry); return projectTaskService.listPage(qry);
} }

2
web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml
View File

@ -11,6 +11,8 @@
on pt.domain_department_id = dd.domain_department_id and dd.delete_enum = 'false' on pt.domain_department_id = dd.domain_department_id and dd.delete_enum = 'false'
left join corp_info c on c.id = pt.execute_corpinfo_id left join corp_info c on c.id = pt.execute_corpinfo_id
left join department d on d.id = dd.master_department_id left join department d on d.id = dd.master_department_id
left join project_task_score_info ptsi on ptsi.project_task_id = pt.project_task_id
left join project_task_group_user pti on pti.project_task_id = pt.project_task_id
where pt.delete_enum = 'false' where pt.delete_enum = 'false'
<if test="params.domainType != null and params.domainType != '' "> <if test="params.domainType != null and params.domainType != '' ">
and pt.domain_type = #{params.domainType} and pt.domain_type = #{params.domainType}