等保调整，增加部分接口鉴权，防止水平越权,团队成员明细查询优化

6e8c844f · hongzhong · cc8065f3 · 6e8c844f · 6e8c844f · 6e8c844f
Commit 6e8c844f authored Oct 28, 2021 by hongzhong
8 changed files
--- a/yd-api/src/main/java/com/yd/api/agms/service/impl/AgmsPractitionerServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/api/agms/service/impl/AgmsPractitionerServiceImpl.java
@@ -50,7 +50,7 @@ public class AgmsPractitionerServiceImpl implements AgmsPractitionerService {
            mdDropOptionIds=(Long[]) ConvertUtils.convert(requestVO.getMdDropOptionId().split(","),Long.class);
        }
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(requestVO.getPractitionerId());
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(requestVO.getPractitionerId(),null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;

--- a/yd-api/src/main/java/com/yd/api/market/service/impl/MarketServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/api/market/service/impl/MarketServiceImpl.java
@@ -84,7 +84,7 @@ public class MarketServiceImpl implements MarketService {
        PosterQueryResponseVO responseVO = new PosterQueryResponseVO();
        Long practitionerId = requestVO.getPractitionerId();
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;

--- a/yd-api/src/main/java/com/yd/api/practitioner/service/impl/PractitionerBasicInfoServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/api/practitioner/service/impl/PractitionerBasicInfoServiceImpl.java
@@ -124,7 +124,7 @@ public class PractitionerBasicInfoServiceImpl implements PractitionerBasicInfoSe

        if (practitionerId != null) {
            //等保调整
-            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
            if(null == findByObjSortable ){
                responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                return responseVO;
@@ -388,7 +388,7 @@ public class PractitionerBasicInfoServiceImpl implements PractitionerBasicInfoSe
        List<PayScaleInfo> resultList = new ArrayList<>();

        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(requestVO.getPractitionerId());
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(requestVO.getPractitionerId(),null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;
@@ -776,7 +776,7 @@ public class PractitionerBasicInfoServiceImpl implements PractitionerBasicInfoSe
                practitionerIdList = practitionerService.getPractitionerIdBySidList(requestVO.getSId(),systemType,1);
            }else{
                //等保调整
-                List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+                List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,1L);
                if(null == findByObjSortable ){
                    resp.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                    return resp;
@@ -937,7 +937,7 @@ public class PractitionerBasicInfoServiceImpl implements PractitionerBasicInfoSe
        //等保调整
        Long practitionerId = requestVO.getPractitionerId();
        if (null != practitionerId) {
-            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
            if(null == findByObjSortable ){
                responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                return responseVO;
@@ -1075,7 +1075,7 @@ public class PractitionerBasicInfoServiceImpl implements PractitionerBasicInfoSe
            return responseBody;
        }
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(requestVO.getPractitionerId());
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(requestVO.getPractitionerId(),null);
        if(null == findByObjSortable ){
            responseBody.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseBody;

--- a/yd-api/src/main/java/com/yd/api/practitioner/service/impl/PractitionerHiringServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/api/practitioner/service/impl/PractitionerHiringServiceImpl.java
@@ -421,7 +421,7 @@ public class PractitionerHiringServiceImpl implements PractitionerHiringService 
        Long approvingStatus = requestVO.getApprovingStatus();

        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;
@@ -850,7 +850,7 @@ public class PractitionerHiringServiceImpl implements PractitionerHiringService 
                resp.setCommonResult(new CommonResult(false, "practitionerId不能为空"));
            } else {
                //等保调整
-                List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+                List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
                if(null == findByObjSortable ){
                    resp.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                    return resp;

--- a/yd-api/src/main/java/com/yd/api/practitioner/service/impl/PractitionerServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/api/practitioner/service/impl/PractitionerServiceImpl.java
@@ -617,7 +617,7 @@ public class PractitionerServiceImpl implements com.yd.api.practitioner.service.
        SettingQueryResponseVO responseVO = new SettingQueryResponseVO();
        Long practitionerId = requestVO.getPractitionerId();//入参经纪人id
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;
@@ -786,7 +786,7 @@ public class PractitionerServiceImpl implements com.yd.api.practitioner.service.
        OwnOpportunityQueryResponseVO responseVO = new OwnOpportunityQueryResponseVO();
        Long practitionerId = requestVO.getPractitionerId();
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;
@@ -1364,7 +1364,7 @@ public class PractitionerServiceImpl implements com.yd.api.practitioner.service.
        Long practitionerId = requestVO.getPractitionerId();
        if(practitionerId != null){
            //等保调整
-            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
            if(null == findByObjSortable ){
                responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                return responseVO;
@@ -1895,7 +1895,7 @@ public class PractitionerServiceImpl implements com.yd.api.practitioner.service.
        //经纪人id
        Long practitionerId = requestVO.getPractitionerId();
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;
@@ -2306,7 +2306,7 @@ public class PractitionerServiceImpl implements com.yd.api.practitioner.service.
        //通过团队长经纪人id,查询此团队所有经纪人id
        Long practitionerId = requestVO.getPractitionerId();
        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return responseVO;
@@ -2720,7 +2720,7 @@ public class PractitionerServiceImpl implements com.yd.api.practitioner.service.
        Long practitionerId = requestVO.getPractitionerId();
        if(practitionerId != null){
            //等保调整
-            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
            if(null == findByObjSortable ){
                responseVO.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                return responseVO;

--- a/yd-api/src/main/java/com/yd/api/practitioner/service/impl/ScheduleTrackServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/api/practitioner/service/impl/ScheduleTrackServiceImpl.java
@@ -212,7 +212,7 @@ public class ScheduleTrackServiceImpl implements ScheduleTrackService {
        List<ScheduleTrackVO> showList = new ArrayList<>();
        try {
            //等保调整
-            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
            if(null == findByObjSortable ){
                resp.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                return resp;
@@ -290,7 +290,7 @@ public class ScheduleTrackServiceImpl implements ScheduleTrackService {
        Long practitionerId = requestVO.getPractitionerId();
        try {
            //等保调整
-            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+            List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
            if(null == findByObjSortable ){
                resp.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
                return resp;
@@ -394,7 +394,7 @@ public class ScheduleTrackServiceImpl implements ScheduleTrackService {
        String time = requestVO.getTime();

        //等保调整
-        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId);
+        List<AclCustomer> findByObjSortable = aclPractitionerDALService.getAclCustomers(practitionerId,null);
        if(null == findByObjSortable ){
            resp.setCommonResult(new CommonResult(false,ZHBErrorConfig.getErrorInfo("630028")));
            return resp;

--- a/yd-api/src/main/java/com/yd/dal/service/customer/AclPractitionerDALService.java
+++ b/yd-api/src/main/java/com/yd/dal/service/customer/AclPractitionerDALService.java
@@ -214,5 +214,5 @@ public interface AclPractitionerDALService {
    /**
     水平越权处理，从token中获取当前用户（手机号），然后根据客户id查看是否有权限，查不到数据则说明没有权限
     */
-    List<AclCustomer> getAclCustomers(Long practitionerId);
+    List<AclCustomer> getAclCustomers(Long practitionerId,Long flag);
 }
--- a/yd-api/src/main/java/com/yd/dal/service/customer/impl/AclPractitionerDALServiceImpl.java
+++ b/yd-api/src/main/java/com/yd/dal/service/customer/impl/AclPractitionerDALServiceImpl.java
 package com.yd.dal.service.customer.impl;

 import com.google.common.base.Strings;
+import com.yd.api.practitioner.service.PractitionerService;
 import com.yd.api.practitioner.vo.payscale.PayScaleInfo;
 import com.yd.api.practitioner.vo.subordinate.TeamMemberDetail;
 import com.yd.dal.entity.customer.AclCustomer;
@@ -41,6 +42,10 @@ public class AclPractitionerDALServiceImpl implements AclPractitionerDALService 
    private JwtTokenUtil jwtTokenUtil;
    @Autowired
    private AclCustomerMapper aclCustomerMapper;
+    @Autowired
+    PractitionerService practitionerService;
+    @Autowired
+    private AclPractitionerDALService aclPractitionerDALService;
    @Override
    public AclPractitioner findByCustomerIdIsActive(Long customerId, int isActive) {
        return aclPractitionerMapper.findByCustomerIdIsActive(customerId,isActive);
@@ -248,7 +253,7 @@ public class AclPractitionerDALServiceImpl implements AclPractitionerDALService 
    }

    @Override
-    public List<AclCustomer> getAclCustomers(Long practitionerId) {
+    public List<AclCustomer> getAclCustomers(Long practitionerId,Long flag) {
        RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = (HttpServletRequest) requestAttributes.resolveReference(RequestAttributes.REFERENCE_REQUEST);
        String userId = "";
@@ -270,8 +275,26 @@ public class AclPractitionerDALServiceImpl implements AclPractitionerDALService 
        }
        AclPractitioner practitioner = aclPractitionerMapper.selectByPrimaryKey(practitionerId);
        if(null != practitioner){
+            Long customerId = null;
+            //我的团队，特殊处理
+            if(null != flag){
+                AclPractitioner practitioner1 = aclPractitionerMapper.selectByMobileNo(userId);
+                List<AclPractitioner> practitionerList = aclPractitionerDALService.findByIds(practitionerService.getPractitionerIdList(practitioner1.getId(),null));
+                if(null != practitionerList && practitionerList.size() > 0){
+                    for(AclPractitioner acl:practitionerList){
+                        if(practitioner.getCustomerId().equals(acl.getCustomerId())){
+                            customerId = acl.getCustomerId();
+                            userId = practitioner.getMobileNo();
+                            break;
+                        }
+                    }
+                }
+            }
+            if(null == customerId || null == flag){
+                customerId=practitioner.getCustomerId();
+            }
            AclCustomer aclCustomer = new AclCustomer();
-            aclCustomer.setId(practitioner.getCustomerId());
+            aclCustomer.setId(customerId);
            aclCustomer.setMobileNo(userId);
            List<AclCustomer> findByObjSortable = aclCustomerMapper.findByObj(aclCustomer);
            if(findByObjSortable == null || findByObjSortable.size() == 0){