浏览代码

feat: 一些问题优化

wuwenyi 1 周之前
父节点
当前提交
ac0fa69783

+ 3 - 0
src/main/java/com/qqflow/engine/common/constant/SecurityConstants.java

@@ -19,4 +19,7 @@ public final class SecurityConstants {
     public static final String ROLE_DEPT_MANAGER = "dept_manager";
 
     public static final String EMPLOYEE_TYPE_COMMON_USER = "common_user";
+    public static final String EMPLOYEE_TYPE_FLOW_MANAGER = "flow_manager";
+    public static final String EMPLOYEE_TYPE_DEPT_MANAGER = "dept_manager";
+    public static final String EMPLOYEE_TYPE_SUPER_ADMIN = "super_admin";
 }

+ 1 - 1
src/main/java/com/qqflow/engine/domain/flow/controller/AnalysisController.java

@@ -30,7 +30,7 @@ import java.util.Map;
 @RequestMapping("/analysis")
 @RequiredArgsConstructor
 @Tag(name = "流程数据分析")
-@PreAuthorize("hasAnyRole('super_admin','flow_manager')")
+@PreAuthorize("hasAnyRole('super_admin','flow_manager','dept_manager')")
 public class AnalysisController {
 
     private final AnalysisService analysisService;

+ 1 - 1
src/main/java/com/qqflow/engine/domain/flow/controller/ProcessInstanceController.java

@@ -44,7 +44,7 @@ public class ProcessInstanceController {
     }
 
     @GetMapping("/page")
-    @PreAuthorize("hasAnyRole('super_admin','flow_manager')")
+    @PreAuthorize("hasAnyRole('super_admin','flow_manager','dept_manager')")
     @Operation(summary = "流程实例分页列表(管理员)")
     public Result<PageResult<ProcessInstanceDTO>> page(
             @RequestParam(defaultValue = "1") Integer pageNum,

+ 1 - 0
src/main/java/com/qqflow/engine/domain/flow/service/impl/FlowEngineServiceImpl.java

@@ -389,6 +389,7 @@ public class FlowEngineServiceImpl implements FlowEngineService {
         if (targetNode == null) {
             throw new BusinessException("无法找到回退目标节点");
         }
+        currentTask.setApprovalResult(ApprovalResult.RETURN.getCode());
         this.updateTaskStatus(currentTask, TaskStatus.RETURNED.getCode(), comment);
         this.approvalTaskHelper.cancelPendingTasks(instance.getId(), LocalDateTime.now());
         List<FlowNode> returnTargets = Collections.singletonList(targetNode);

+ 50 - 0
src/main/java/com/qqflow/engine/domain/system/service/impl/SysUserServiceImpl.java

@@ -6,6 +6,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.qqflow.engine.common.exception.BusinessException;
 import com.qqflow.engine.common.util.JwtUtils;
 import com.qqflow.engine.common.util.RedisCache;
+import com.qqflow.engine.common.util.SecurityUtils;
 import com.qqflow.engine.config.security.LoginUser;
 import com.qqflow.engine.domain.system.dto.LoginDTO;
 import com.qqflow.engine.domain.system.dto.UserDTO;
@@ -41,6 +42,9 @@ import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
 import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_COMMON_USER;
+import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_DEPT_MANAGER;
+import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_FLOW_MANAGER;
+import static com.qqflow.engine.common.constant.SecurityConstants.EMPLOYEE_TYPE_SUPER_ADMIN;
 import static com.qqflow.engine.common.constant.SecurityConstants.USER_TYPE_SYSTEM;
 
 @Slf4j
@@ -79,6 +83,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
     @Override
     @Transactional
     public boolean addUser(SysUser user) {
+        this.checkEmployeeTypePermission(user.getEmployeeType());
         if (user.getUsername() == null || user.getUsername().isBlank()) {
             throw new BusinessException("用户名不能为空");
         }
@@ -116,6 +121,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
     @Override
     @Transactional
     public boolean updateUser(SysUser user) {
+        this.checkEmployeeTypePermission(user.getEmployeeType());
         if (user.getId() == null) {
             throw new BusinessException("用户ID不能为空");
         }
@@ -147,8 +153,37 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
         return updated;
     }
 
+    private void checkEmployeeTypePermission(String targetType) {
+        if (targetType == null) return;
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (loginUser == null) return;
+        String currentType = loginUser.getEmployeeType();
+        if (currentType == null) currentType = EMPLOYEE_TYPE_COMMON_USER;
+        // 管理员可操作所有类型
+        if (EMPLOYEE_TYPE_SUPER_ADMIN.equals(currentType)) return;
+        // 部门运维可操作 部门运维、流程运维、普通用户
+        if (EMPLOYEE_TYPE_DEPT_MANAGER.equals(currentType)) {
+            if (EMPLOYEE_TYPE_SUPER_ADMIN.equals(targetType)) {
+                throw new BusinessException("无权操作管理员类型的用户");
+            }
+            return;
+        }
+        // 流程运维只可操作 流程运维、普通用户
+        if (EMPLOYEE_TYPE_FLOW_MANAGER.equals(currentType)) {
+            if (EMPLOYEE_TYPE_SUPER_ADMIN.equals(targetType)
+                    || EMPLOYEE_TYPE_DEPT_MANAGER.equals(targetType)) {
+                throw new BusinessException("无权操作该类型的用户");
+            }
+            return;
+        }
+        // 普通用户无权操作任何用户
+        throw new BusinessException("无权操作该类型的用户");
+    }
+
     @Override
     public boolean removeUser(Long id) {
+        SysUser target = this.getById(id);
+        if (target != null) this.checkEmployeeTypePermission(target.getEmployeeType());
         sysUserRoleMapper.delete(
                 new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper<SysUserRole>()
                         .eq(SysUserRole::getUserId, id)
@@ -202,6 +237,21 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser>
             List<Long> deptIds = this.sysDeptService.collectChildDeptIds(deptId);
             wrapper.in(SysUser::getDeptId, deptIds);
         }
+        wrapper.orderByDesc(SysUser::getCreateTime);
+
+        // 非管理员只展示权限范围内的用户
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (loginUser != null && !EMPLOYEE_TYPE_SUPER_ADMIN.equals(loginUser.getEmployeeType())) {
+            String currentType = loginUser.getEmployeeType() != null ? loginUser.getEmployeeType() : EMPLOYEE_TYPE_COMMON_USER;
+            if (EMPLOYEE_TYPE_DEPT_MANAGER.equals(currentType)) {
+                wrapper.in(SysUser::getEmployeeType, EMPLOYEE_TYPE_DEPT_MANAGER, EMPLOYEE_TYPE_FLOW_MANAGER, EMPLOYEE_TYPE_COMMON_USER);
+            } else if (EMPLOYEE_TYPE_FLOW_MANAGER.equals(currentType)) {
+                wrapper.in(SysUser::getEmployeeType, EMPLOYEE_TYPE_FLOW_MANAGER, EMPLOYEE_TYPE_COMMON_USER);
+            } else {
+                wrapper.eq(SysUser::getEmployeeType, EMPLOYEE_TYPE_COMMON_USER);
+            }
+        }
+
         Page<SysUser> userPage = this.page(new Page<>(page.getCurrent(), page.getSize()), wrapper);
         List<SysUser> users = userPage.getRecords();
         if (users.isEmpty()) {