供应商分配和转移先进行权限判断

src/main/java/com/uas/platform/b2b/controller/VendorDistributeController.java

@@ -55,7 +55,7 @@ public class VendorDistributeController {
      * @return 绑定结果
      */
     @RequestMapping(value = "/bindUserToVendor/{id}", method = RequestMethod.POST)
-    public ResultMap bindUserToVendor(@PathVariable("id") Long id, @RequestBody String json) {
+    public ResultMap bindUserToVendor(@PathVariable("id") Long id, @RequestBody String json) throws IllegalAccessException {
         List<User> users = FlexJsonUtils.fromJsonArray(json, User.class);
         boolean result = vendorService.transferVendorToUser(id, users);
         String resultInfo = result ? "成功" : "失败";
@@ -70,7 +70,7 @@ public class VendorDistributeController {
      * @return
      */
     @RequestMapping(value = "/{id}", method = RequestMethod.POST)
-    public List<User> getUsersAndDistribute(@PathVariable("id") Long id) {
+    public List<User> getUsersAndDistribute(@PathVariable("id") Long id) throws IllegalAccessException {
         LOGGER.log("用户信息", "查询[" + id +"]供应商分配信息");
         return vendorService.findUserInfoVendDistribute(id);
     }

src/main/java/com/uas/platform/b2b/dao/RoleDao.java

@@ -39,7 +39,7 @@ public interface RoleDao extends JpaRepository<Role, Long> {
     List<Role> findByEnUUAndIssys(Long enUU, short yes);
 
 	/**
-	 * 查询当前用户在当前企业的角色是否是管理员或者销售经理<br>
+	 * 通过角色名称查询在当前企业的角色<br>
 	 *
 	 * 分配客户需要
 	 *
@@ -49,7 +49,7 @@ public interface RoleDao extends JpaRepository<Role, Long> {
 	 * @return
 	 */
 	@Query(value = "select count(1) from sec$roles r left join sec$userrole u on r.role_id = u.role_id where r.role_enuu = :enUU and u.user_uu = :userUU and r.role_name IN (:roles)", nativeQuery = true)
-	Double findByEnUUAndUserUU(@Param("enUU") Long enUU, @Param("userUU") Long userUU, @Param("roles") List<String> roles);
+	Integer countByEnUUAndUserUU(@Param("enUU") Long enUU, @Param("userUU") Long userUU, @Param("roles") List<String> roles);
 
 	/**
 	 * 根据角色名称查找默认角色的默认值

src/main/java/com/uas/platform/b2b/model/Role.java

@@ -44,10 +44,20 @@ public class Role implements Serializable {
      */
     public static final String BUYER = "BUYER";
 
+    /**
+     * 销售经理
+     */
+    public static final String ROLE_SALEMANAGER = "ROLE_SALEMANAGER";
+
+    /**
+     * 普通用户
+     */
+    public static final String ROLE_USER = "ROLE_USER";
+
     /**
      * 管理员
      */
-    public static final String ADMIN = "管理员";
+    public static final String ROLE_ADMIN = "ROLE_ADMIN";
 
 	/**
 	 * 

src/main/java/com/uas/platform/b2b/search/RestTempSearchServiceImpl.java

@@ -34,7 +34,7 @@ public class RestTempSearchServiceImpl implements RestTempSearchService {
     /**
      * 邮件服务主机地址
      */
-    @Value("#{sys.searchUrl ?: 'http://10.10.100.179:8081'}")
+    @Value("#{sys.searchUrl ?: 'http://172.21.0.6:8081'}")
     private String SEARCH_URL;
 
     @Autowired

src/main/java/com/uas/platform/b2b/service/VendorService.java

@@ -182,7 +182,7 @@ public interface VendorService {
      * @param users 前端选择用户信息
      * @return 转移结果
      */
-    boolean transferVendorToUser(Long id, List<User> users);
+    boolean transferVendorToUser(Long id, List<User> users) throws IllegalAccessException;
 
     /**
      * 设置联系人
@@ -206,5 +206,5 @@ public interface VendorService {
      * @param vendUU 供应商UU
      * @return 分配的供应商
      */
-    List<User> findUserInfoVendDistribute(Long vendUU);
+    List<User> findUserInfoVendDistribute(Long vendUU) throws IllegalAccessException;
 }

src/main/java/com/uas/platform/b2b/service/impl/RoleServiceImpl.java

@@ -36,21 +36,6 @@ public class RoleServiceImpl implements RoleService {
 	@Autowired
     private CommonDao commonDao;
 
-    /**
-     * 销售经理
-     */
-	private static final String ROLE_SALEMANAGER = "ROLE_SALEMANAGER";
-
-    /**
-     * 普通用户
-     */
-	private static final String ROLE_USER = "ROLE_USER";
-
-    /**
-     * 管理员
-     */
-	private static final String ROLE_ADMIN = "ROLE_ADMIN";
-
 	@Override
 	public List<Role> findAll() {
 		return findByEnterprise(SystemSession.getUser().getEnterprise().getUu());
@@ -114,23 +99,23 @@ public class RoleServiceImpl implements RoleService {
 	@Override
 	public ModelMap getCurrentRoles() {
 		List<String> roles = new ArrayList<>();
-		roles.add(ROLE_SALEMANAGER);
-		roles.add(ROLE_ADMIN);
-		return new ModelMap("count", roleDao.findByEnUUAndUserUU(SystemSession.getUser().getEnterprise().getUu(),SystemSession.getUser().getUserUU(), roles));
+		roles.add(Role.ROLE_SALEMANAGER);
+		roles.add(Role.ROLE_ADMIN);
+		return new ModelMap("count", roleDao.countByEnUUAndUserUU(SystemSession.getUser().getEnterprise().getUu(),SystemSession.getUser().getUserUU(), roles));
 	}
 
 	@Override
 	public ModelMap isManager() {
         List<String> roles = new ArrayList<>();
-        roles.add(ROLE_ADMIN);
-		return new ModelMap("isManager", roleDao.findByEnUUAndUserUU(SystemSession.getUser().getEnterprise().getUu(), SystemSession.getUser().getUserUU(), roles) > 0 ? true : false);
+        roles.add(Role.ROLE_ADMIN);
+		return new ModelMap("isManager", roleDao.countByEnUUAndUserUU(SystemSession.getUser().getEnterprise().getUu(), SystemSession.getUser().getUserUU(), roles) > 0 ? true : false);
 	}
 
 	@Override
 	public ModelMap isUser() {
         List<String> roles = new ArrayList<>();
-        roles.add(ROLE_USER);
-		return new ModelMap("isUser", roleDao.findByEnUUAndUserUU(SystemSession.getUser().getEnterprise().getUu(), SystemSession.getUser().getUserUU(), roles) > 0 ? true : false);
+        roles.add(Role.ROLE_USER);
+		return new ModelMap("isUser", roleDao.countByEnUUAndUserUU(SystemSession.getUser().getEnterprise().getUu(), SystemSession.getUser().getUserUU(), roles) > 0 ? true : false);
 	}
 
     @Override

src/main/java/com/uas/platform/b2b/service/impl/VendorsServiceImpl.java

@@ -3,6 +3,7 @@ package com.uas.platform.b2b.service.impl;
 import com.uas.platform.b2b.dao.CommonDao;
 import com.uas.platform.b2b.dao.DistributeDao;
 import com.uas.platform.b2b.dao.EnterpriseDao;
+import com.uas.platform.b2b.dao.RoleDao;
 import com.uas.platform.b2b.dao.VendorContactDao;
 import com.uas.platform.b2b.dao.VendorDao;
 import com.uas.platform.b2b.dao.VendorDistributeDao;
@@ -12,6 +13,7 @@ import com.uas.platform.b2b.erp.model.VendorRecommend;
 import com.uas.platform.b2b.model.Distribute;
 import com.uas.platform.b2b.model.Enterprise;
 import com.uas.platform.b2b.model.Product;
+import com.uas.platform.b2b.model.Role;
 import com.uas.platform.b2b.model.SearchFilter;
 import com.uas.platform.b2b.model.User;
 import com.uas.platform.b2b.model.Vendor;
@@ -82,6 +84,9 @@ public class VendorsServiceImpl implements VendorService {
     @Autowired
     private UserService userService;
 
+    @Autowired
+    private RoleDao roleDao;
+
     /**
      * 应用来源
      */
@@ -560,7 +565,7 @@ public class VendorsServiceImpl implements VendorService {
      * @return 转移结果
      */
     @Override
-    public boolean transferVendorToUser(Long id, List<User> users) {
+    public boolean transferVendorToUser(Long id, List<User> users) throws IllegalAccessException {
         Vendor vendor = vendorDao.findOne(id);
         if (!CollectionUtils.isEmpty(users)) {
             List<VendorDistribute> saveList = new ArrayList<>();
@@ -604,6 +609,35 @@ public class VendorsServiceImpl implements VendorService {
         return false;
     }
 
+    /**
+     * 查询是否有操作转移的权限
+     * <pre>
+     *     1、 先判断是否是管理员，如果是，后面不用判断
+     *     2、 非管理员判断是否被转移权限，有权限继续，没有权限返回给出提示，不能操作
+     * </pre>
+     *
+     * @param vendId 供应商关系表id
+     */
+    private void checkAuthority(Long vendId) throws IllegalAccessException {
+        User user = SystemSession.getUser();
+        List<String> roles = new ArrayList<>();
+        roles.add(Role.ROLE_ADMIN);
+        // 查询是否是管理员
+        Integer count = roleDao.countByEnUUAndUserUU(user.getEnterprise().getUu(), user.getUserUU(), roles);
+        if (count == 0) {
+            // 查询是否被转移权限
+            List<VendorDistribute> distributes = vendorDistributeDao.findByUserUUAndVendorId(user.getUserUU(), vendId);
+            if (!CollectionUtil.isEmpty(distributes)) {
+                VendorDistribute distribute = distributes.get(0);
+                if (Constant.NO == distribute.getIsTransfer()) {
+                    throw new IllegalAccessException("当前用户没有分配或转移的权限");
+                }
+            }
+
+        }
+
+    }
+
     /**
      * 删除用户的所有关联节点
      * @param vendorId 供应商关系id
@@ -633,7 +667,8 @@ public class VendorsServiceImpl implements VendorService {
      * @return 分配的供应商
      */
     @Override
-    public List<User> findUserInfoVendDistribute(Long veId) {
+    public List<User> findUserInfoVendDistribute(Long veId) throws IllegalAccessException {
+        checkAuthority(veId);
         List<VendorDistribute> distributes = vendorDistributeDao.findByVendorId(veId);
         List<User> users = userService.findUsersByEnUU(SystemSession.getUser().getEnterprise().getUu());
         users.forEach(user -> {