CRM: 完善数据权限

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/business/CrmBusinessMapper.java

@@ -38,8 +38,11 @@ public interface CrmBusinessMapper extends BaseMapperX<CrmBusinessDO> {
     default PageResult<CrmBusinessDO> selectPage(CrmBusinessPageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmBusinessDO> query = new MPJLambdaWrapperX<>();
         // 拼接数据权限的查询条件
-        CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_BUSINESS.getType(), CrmBusinessDO::getId,
-                userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_BUSINESS.getType(),
+                CrmBusinessDO::getId, userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        if (!condition) {
+            return PageResult.empty();
+        }
         // 拼接自身的查询条件
         query.selectAll(CrmBusinessDO.class)
                 .likeIfPresent(CrmBusinessDO::getName, pageReqVO.getName())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/clue/CrmClueMapper.java

@@ -30,8 +30,11 @@ public interface CrmClueMapper extends BaseMapperX<CrmClueDO> {
     default PageResult<CrmClueDO> selectPage(CrmCluePageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmClueDO> query = new MPJLambdaWrapperX<>();
         // 拼接数据权限的查询条件
-        CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_LEADS.getType(), CrmClueDO::getId,
-                userId, pageReqVO.getSceneType(), pageReqVO.getPool());
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_LEADS.getType(),
+                CrmClueDO::getId, userId, pageReqVO.getSceneType(), pageReqVO.getPool());
+        if (!condition) {
+            return PageResult.empty();
+        }
         // 拼接自身的查询条件
         query.selectAll(CrmClueDO.class)
                 .likeIfPresent(CrmClueDO::getName, pageReqVO.getName())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/contact/CrmContactMapper.java

@@ -43,8 +43,11 @@ public interface CrmContactMapper extends BaseMapperX<CrmContactDO> {
     default PageResult<CrmContactDO> selectPage(CrmContactPageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmContactDO> query = new MPJLambdaWrapperX<>();
         // 拼接数据权限的查询条件
-        CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_CONTACT.getType(), CrmContactDO::getId,
-                userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_CONTACT.getType(),
+                CrmContactDO::getId, userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        if (!condition) {
+            return PageResult.empty();
+        }
         // 拼接自身的查询条件
         query.selectAll(CrmContactDO.class)
                 .likeIfPresent(CrmContactDO::getName, pageReqVO.getName())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/contract/CrmContractMapper.java

@@ -40,9 +40,13 @@ public interface CrmContractMapper extends BaseMapperX<CrmContractDO> {
 
     default PageResult<CrmContractDO> selectPage(CrmContractPageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmContractDO> mpjLambdaWrapperX = new MPJLambdaWrapperX<>();
-        // 构建数据权限连表条件
-        CrmQueryWrapperUtils.appendPermissionCondition(mpjLambdaWrapperX, CrmBizTypeEnum.CRM_CONTACT.getType(), CrmContractDO::getId,
-                userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        // 拼接数据权限的查询条件
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(mpjLambdaWrapperX, CrmBizTypeEnum.CRM_CONTACT.getType(),
+                CrmContractDO::getId, userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        if (!condition) {
+            return PageResult.empty();
+        }
+        // 拼接自身的查询条件
         mpjLambdaWrapperX.selectAll(CrmContractDO.class)
                 .likeIfPresent(CrmContractDO::getNo, pageReqVO.getNo())
                 .likeIfPresent(CrmContractDO::getName, pageReqVO.getName())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/customer/CrmCustomerMapper.java

@@ -30,8 +30,11 @@ public interface CrmCustomerMapper extends BaseMapperX<CrmCustomerDO> {
     default PageResult<CrmCustomerDO> selectPage(CrmCustomerPageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmCustomerDO> query = new MPJLambdaWrapperX<>();
         // 拼接数据权限的查询条件
-        CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_CUSTOMER.getType(), CrmCustomerDO::getId,
-                userId, pageReqVO.getSceneType(), pageReqVO.getPool());
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_CUSTOMER.getType(),
+                CrmCustomerDO::getId, userId, pageReqVO.getSceneType(), pageReqVO.getPool());
+        if (!condition) {
+            return PageResult.empty();
+        }
         // 拼接自身的查询条件
         query.selectAll(CrmCustomerDO.class)
                 .likeIfPresent(CrmCustomerDO::getName, pageReqVO.getName())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/receivable/CrmReceivableMapper.java

@@ -39,8 +39,11 @@ public interface CrmReceivableMapper extends BaseMapperX<CrmReceivableDO> {
     default PageResult<CrmReceivableDO> selectPage(CrmReceivablePageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmReceivableDO> query = new MPJLambdaWrapperX<>();
         // 拼接数据权限的查询条件
-        CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_RECEIVABLE.getType(), CrmReceivableDO::getId,
-                userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_RECEIVABLE.getType(),
+                CrmReceivableDO::getId, userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        if (!condition) {
+            return PageResult.empty();
+        }
         // 拼接自身的查询条件
         query.selectAll(CrmReceivableDO.class)
                 .eqIfPresent(CrmReceivableDO::getNo, pageReqVO.getNo())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/dal/mysql/receivable/CrmReceivablePlanMapper.java

@@ -38,8 +38,11 @@ public interface CrmReceivablePlanMapper extends BaseMapperX<CrmReceivablePlanDO
     default PageResult<CrmReceivablePlanDO> selectPage(CrmReceivablePlanPageReqVO pageReqVO, Long userId) {
         MPJLambdaWrapperX<CrmReceivablePlanDO> query = new MPJLambdaWrapperX<>();
         // 拼接数据权限的查询条件
-        CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_RECEIVABLE_PLAN.getType(), CrmReceivablePlanDO::getId,
-                userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        boolean condition = CrmQueryWrapperUtils.appendPermissionCondition(query, CrmBizTypeEnum.CRM_RECEIVABLE_PLAN.getType(),
+                CrmReceivablePlanDO::getId, userId, pageReqVO.getSceneType(), Boolean.FALSE);
+        if (!condition) {
+            return PageResult.empty();
+        }
         // 拼接自身的查询条件
         query.selectAll(CrmReceivablePlanDO.class)
                 .eqIfPresent(CrmReceivablePlanDO::getCustomerId, pageReqVO.getCustomerId())

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/util/CrmQueryWrapperUtils.java

@@ -33,10 +33,11 @@ public class CrmQueryWrapperUtils {
      * @param userId    用户编号
      * @param sceneType 场景类型
      * @param pool      公海
+     * @return 是否 （是：需要执行查询，否：不需要查询调用方法直接返回空）
      */
     // TODO @puhui999：bizId 直接传递会不会简单点 回复：还是需要 SFunction 因为分页连表时不知道 bizId 是多少
-    public static <T extends MPJLambdaWrapper<?>, S> void appendPermissionCondition(T query, Integer bizType, SFunction<S, ?> bizId,
-                                                                                    Long userId, Integer sceneType, Boolean pool) {
+    public static <T extends MPJLambdaWrapper<?>, S> boolean appendPermissionCondition(T query, Integer bizType, SFunction<S, ?> bizId,
+                                                                                       Long userId, Integer sceneType, Boolean pool) {
         // 1. 构建数据权限连表条件
         if (ObjUtil.notEqual(validateAdminUser(userId), Boolean.TRUE)) { // 管理员不需要数据权限
             query.innerJoin(CrmPermissionDO.class, on ->
@@ -59,10 +60,10 @@ public class CrmQueryWrapperUtils {
         // 2.3 场景三：下属负责的数据
         if (CrmSceneTypeEnum.isSubordinate(sceneType)) {
             List<AdminUserRespDTO> subordinateUsers = getAdminUserApi().getUserListBySubordinate(userId);
-            // TODO @puhui999：如果为空，不拼接，就是查询了所有数据呀？
-            if (CollUtil.isNotEmpty(subordinateUsers)) {
-                query.in("owner_user_id", convertSet(subordinateUsers, AdminUserRespDTO::getId));
+            if (CollUtil.isEmpty(subordinateUsers)) {
+                return false;
             }
+            query.in("owner_user_id", convertSet(subordinateUsers, AdminUserRespDTO::getId));
         }
 
         // 3. 拼接公海的查询条件
@@ -71,6 +72,8 @@ public class CrmQueryWrapperUtils {
         } else { // 情况二：不是公海
             query.isNotNull("owner_user_id");
         }
+
+        return true;
     }
 
     /**
@@ -95,8 +98,6 @@ public class CrmQueryWrapperUtils {
         return AdminUserApiHolder.ADMIN_USER_API;
     }
 
-    // TODO @puhui999：需要实现；
-
     /**
      * 校验用户是否是管理员
      *
@@ -104,6 +105,15 @@ public class CrmQueryWrapperUtils {
      * @return 是/否
      */
     private static boolean validateAdminUser(Long userId) {
+        // TODO 查询权限配置表用户的角色信息
+        //CrmPermissionConfig permissionConfig = crmPermissionConfigService.getPermissionConfigByUserId(userId);
+        //if (permissionConfig == null) {
+        //    return false;
+        //}
+        //// 校验是否为管理员
+        //if (permissionConfig.getIsAdmin()){
+        //    return true;
+        //}
         return false;
     }