fix(security): 启用控制器权限验证并添加数据库关联查询

2026-03-05 11:11:50 +08:00 · 2026-03-05 11:11:50 +08:00 · 1b25f2b5c3
parent 0dabd2b9a3
commit 1b25f2b5c3
4 changed files with 6 additions and 4 deletions
--- a/web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java
+++ b/web-adapter/src/main/java/com/zcloud/domain/web/DomainDepartmentController.java
@ -44,7 +44,7 @@ public class DomainDepartmentController {

    @ApiOperation("分页")
    @PostMapping("/list")
-//    @PreAuthorize("@pms.hasAnyPermission('lybmgl')")
+    @PreAuthorize("@pms.hasAnyPermission('lybmgl')")
    public PageResponse<DomainDepartmentListCO> page(@RequestBody DomainDepartmentPageQry qry) {
        return domainDepartmentService.listPage(qry);
    }
--- a/web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java
+++ b/web-adapter/src/main/java/com/zcloud/domain/web/DomainGroupController.java
@ -50,7 +50,7 @@ public class DomainGroupController {

    @ApiOperation("领域组分页")
    @PostMapping("/list")
-//    @PreAuthorize("@pms.hasAnyPermission('lyzgl')")
+    @PreAuthorize("@pms.hasAnyPermission('lyzgl')")
    public PageResponse<DomainGroupCO> page(@RequestBody DomainGroupPageQry qry) {
        return domainGroupService.listPage(qry);
    }
--- a/web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java
+++ b/web-adapter/src/main/java/com/zcloud/domain/web/ProjectTaskController.java
@ -43,14 +43,14 @@ public class ProjectTaskController {

    @ApiOperation("课题任务分页")
    @PostMapping("/projectPage")
-//    @PreAuthorize("@pms.hasAnyPermission('gfd-ktrw','qyd-ktrw')")
+    @PreAuthorize("@pms.hasAnyPermission('gfd-ktrw','qyd-ktrw')")
    public PageResponse<ProjectTaskCO> listPage(@RequestBody ProjectTaskPageQry qry) {
        return projectTaskService.listPage(qry);
    }

    @ApiOperation("课题评分分页")
    @PostMapping("/projectScorepage")
-//    @PreAuthorize("@pms.hasAnyPermission('gfd-ktpf','qyd-ktpf')")
+    @PreAuthorize("@pms.hasAnyPermission('gfd-ktpf','qyd-ktpf')")
    public PageResponse<ProjectTaskCO> projectScorepage(@RequestBody ProjectTaskPageQry qry) {
        return projectTaskService.listPage(qry);
    }
--- a/web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml
+++ b/web-infrastructure/src/main/resources/mapper/ProjectTaskMapper.xml
@ -11,6 +11,8 @@
            on pt.domain_department_id = dd.domain_department_id and dd.delete_enum = 'false'
            left join corp_info c on c.id = pt.execute_corpinfo_id
            left join department d on d.id = dd.master_department_id
+            left join project_task_score_info ptsi on ptsi.project_task_id = pt.project_task_id
+            left join project_task_group_user pti on pti.project_task_id = pt.project_task_id
         where pt.delete_enum = 'false'
            <if test="params.domainType != null and params.domainType != '' ">
                and pt.domain_type = #{params.domainType}