|
@@ -42,16 +42,19 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st |
|
@@ -42,16 +42,19 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st |
42
|
//自己可审核的
|
42
|
//自己可审核的
|
43
|
sql2 string = fmt.Sprintf(` SELECT a.id FROM chance AS a
|
43
|
sql2 string = fmt.Sprintf(` SELECT a.id FROM chance AS a
|
44
|
JOIN audit_flow_process AS b ON a.id=b.chance_id
|
44
|
JOIN audit_flow_process AS b ON a.id=b.chance_id
|
45
|
- WHERE b.uid=%d AND a.review_status = 3 `, usercompanyid)
|
45
|
+ WHERE b.uid=%d `, usercompanyid)
|
46
|
//公开到自己部门的
|
46
|
//公开到自己部门的
|
47
|
sql3 string = ` SELECT a.id FROM chance AS a
|
47
|
sql3 string = ` SELECT a.id FROM chance AS a
|
48
|
JOIN chance_department AS b ON a.id=b.chance_id
|
48
|
JOIN chance_department AS b ON a.id=b.chance_id
|
49
|
WHERE b.department_id IN (%s) AND a.review_status = 3 `
|
49
|
WHERE b.department_id IN (%s) AND a.review_status = 3 `
|
50
|
//指定提交的部门
|
50
|
//指定提交的部门
|
51
|
sql4 string = ` SELECT id FROM chance WHERE department_id IN (%s) and review_status =3 `
|
51
|
sql4 string = ` SELECT id FROM chance WHERE department_id IN (%s) and review_status =3 `
|
|
|
52
|
+
|
52
|
//全公司公开的
|
53
|
//全公司公开的
|
53
|
sql5 string = fmt.Sprintf(` SELECT id FROM chance where publish_status = 1 AND review_status = 3 AND company_id=%d `, companyid)
|
54
|
sql5 string = fmt.Sprintf(` SELECT id FROM chance where publish_status = 1 AND review_status = 3 AND company_id=%d `, companyid)
|
54
|
//查看所有公开的
|
55
|
//查看所有公开的
|
|
|
56
|
+ sql6 string = fmt.Sprintf(`SELECT id FROM chance WHERE review_status =3 And company_id=%d `, companyid)
|
|
|
57
|
+
|
55
|
allsql string = ` SELECT t.id FROM (%s) as t `
|
58
|
allsql string = ` SELECT t.id FROM (%s) as t `
|
56
|
unionsql string = ``
|
59
|
unionsql string = ``
|
57
|
permissionObject serverabc.PermissionOptionObject
|
60
|
permissionObject serverabc.PermissionOptionObject
|
|
@@ -93,11 +96,18 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st |
|
@@ -93,11 +96,18 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st |
93
|
return fmt.Sprintf(allsql, unionsql)
|
96
|
return fmt.Sprintf(allsql, unionsql)
|
94
|
}
|
97
|
}
|
95
|
log.Debug("获取到的权限规则,check:%+v,option:%+v", usrPermission.CheckMap, usrPermission.CheckOption)
|
98
|
log.Debug("获取到的权限规则,check:%+v,option:%+v", usrPermission.CheckMap, usrPermission.CheckOption)
|
|
|
99
|
+ if len(usrPermission.CheckMap) == 1 {
|
|
|
100
|
+ if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv1]; ok {
|
|
|
101
|
+ log.Debug("命中规则:仅查看自己")
|
|
|
102
|
+ return strings.Join(sqlslice, " UNION ")
|
|
|
103
|
+ }
|
|
|
104
|
+ }
|
96
|
//进行权限判定
|
105
|
//进行权限判定
|
97
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv4]; ok {
|
106
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv4]; ok {
|
98
|
//查看所有
|
107
|
//查看所有
|
99
|
log.Debug("命中规则:查看所有")
|
108
|
log.Debug("命中规则:查看所有")
|
100
|
- return ""
|
109
|
+ sqlslice = append(sqlslice, sql6)
|
|
|
110
|
+ return strings.Join(sqlslice, " UNION ")
|
101
|
}
|
111
|
}
|
102
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv3]; ok {
|
112
|
if _, ok := usrPermission.CheckMap[serverabc.OpportunityCheckLv3]; ok {
|
103
|
//指定部门
|
113
|
//指定部门
|
|
@@ -122,7 +132,7 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st |
|
@@ -122,7 +132,7 @@ func buildSqlForAuditList(usercompanyid int64, companyid int64, userid int64) st |
122
|
sqlslice = append(sqlslice, fmt.Sprintf(sql3, strings.Join(ids, ",")))
|
132
|
sqlslice = append(sqlslice, fmt.Sprintf(sql3, strings.Join(ids, ",")))
|
123
|
}
|
133
|
}
|
124
|
}
|
134
|
}
|
125
|
- //添加规则全公司公开
|
135
|
+
|
126
|
sqlslice = append(sqlslice, sql5)
|
136
|
sqlslice = append(sqlslice, sql5)
|
127
|
return fmt.Sprintf(allsql, strings.Join(sqlslice, " UNION "))
|
137
|
return fmt.Sprintf(allsql, strings.Join(sqlslice, " UNION "))
|
128
|
}
|
138
|
}
|
|
@@ -168,11 +178,9 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64 |
|
@@ -168,11 +178,9 @@ func GetAuditList(param protocol.RequestAuditList, companyid int64, userid int64 |
168
|
if companyinfo, err := models.GetCompanyById(companyid); err == nil {
|
178
|
if companyinfo, err := models.GetCompanyById(companyid); err == nil {
|
169
|
//非主管进行权限过滤
|
179
|
//非主管进行权限过滤
|
170
|
if companyinfo.AdminId != userid {
|
180
|
if companyinfo.AdminId != userid {
|
171
|
- s1 += " AND a.publish_status>0 "
|
|
|
172
|
- s2 += " AND a.publish_status>0 "
|
|
|
173
|
- }
|
|
|
174
|
sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
|
181
|
sqlFromPermission = buildSqlForAuditList(usercompany.Id, usercompany.CompanyId, usercompany.UserId)
|
175
|
}
|
182
|
}
|
|
|
183
|
+ }
|
176
|
if len(sqlFromPermission) > 0 {
|
184
|
if len(sqlFromPermission) > 0 {
|
177
|
temp := fmt.Sprintf(`JOIN (%s) AS tt ON tt.id=a.id`, sqlFromPermission)
|
185
|
temp := fmt.Sprintf(`JOIN (%s) AS tt ON tt.id=a.id`, sqlFromPermission)
|
178
|
s1 = fmt.Sprintf(s1, temp)
|
186
|
s1 = fmt.Sprintf(s1, temp)
|