xbb

mjava-cloudpure/src/main/java/com/malk/cloudpure/controller/XBBController.java

@@ -7,6 +7,7 @@ import com.malk.server.common.McR;
 import com.malk.server.xbongbong.XBBConf;
 import com.malk.service.dingtalk.DDClient;
 import com.malk.service.dingtalk.DDClient_Contacts;
+import com.malk.service.dingtalk.DDClient_Personnel;
 import com.malk.service.xbongbong.XBBClient;
 import com.malk.utils.UtilMap;
 import lombok.extern.slf4j.Slf4j;
@@ -26,6 +27,12 @@ public class XBBController {
 
     @Autowired
     private XBBClient xbbClient;
+    @Autowired
+    private DDClient ddClient;
+    @Autowired
+    private DDClient_Contacts ddClientContacts;
+
+    private static List<Integer> AUTH_WHITELIST_DEPFIDS=Arrays.asList(95172190,333372743); // 权限白名单
 
     /**
      * 模糊查询归属权限下客户列表
@@ -35,10 +42,18 @@ public class XBBController {
 
         log.info("客户列表, {}", data);
         McException.assertParamException_Null(data, "name, userId");
-
+        boolean isNeedAuth = !UtilMap.getString(data,"isNeedAuth").equals("false"); // 调用方是否需要验证权限
+        if(!isNeedAuth){
+            // 判断用户部门是否是交付部、售前部门
+            Map userInfo=ddClientContacts.getUserInfoById(ddClient.getAccessToken(), data.get("userId"));
+            List<Integer> temp = new ArrayList<>(AUTH_WHITELIST_DEPFIDS);
+            List<Integer> dept_id_list=UtilMap.getList(userInfo,"dept_id_list");
+            temp.retainAll(dept_id_list); // 保留两个列表中都存在的元素
+            isNeedAuth=temp.isEmpty(); // 结果为空需要验证权限
+        }
         List<Map> customers = new ArrayList<>();
-        customers.addAll(_likeCustomerList(XBBConf.API_LIST_customer, "钉钉", data.get("name"), data.get("userId")));
-        customers.addAll(_likeCustomerList(XBBConf.API_LIST_customer, "Teambition", data.get("name"), data.get("userId")));
+        customers.addAll(_likeCustomerList(XBBConf.API_LIST_customer, "钉钉", data.get("name"), data.get("userId"),isNeedAuth));
+        customers.addAll(_likeCustomerList(XBBConf.API_LIST_customer, "Teambition", data.get("name"), data.get("userId"),isNeedAuth));
 
         log.info("客户响应, {}", customers);
         return McR.success(customers);
@@ -47,7 +62,7 @@ public class XBBController {
     /**
      * 模糊查询归属权限下, 指定字段类型 [后置查询]
      */
-    private List<Map> _likeCustomerList(String url, String type, String name, String userId) {
+    private List<Map> _likeCustomerList(String url, String type, String name, String userId,boolean isNeedAuth) {
         List<Map> rsp = xbbClient.getFormList(type, 1, 100);
         long formId = UtilMap.getLong(rsp.get(0), "formId");
         rsp = xbbClient.getFormDefine(formId, 0); // 表单定义
@@ -57,7 +72,7 @@ public class XBBController {
             List<String> ownerId = (List<String>) JSON.parse(String.valueOf(((Map) item.get("data")).get("ownerId")));
             List<String> coUserId = (List<String>) JSON.parse(String.valueOf(((Map) item.get("data")).get("coUserId")));
             // 后置查询, 属于客户负责人和协同人
-            return ownerId.contains(userId) || coUserId.contains(userId);
+            return isNeedAuth ? ownerId.contains(userId) || coUserId.contains(userId) :true;
         }).map(item -> UtilMap.map("name", String.valueOf(((Map) item.get("data")).get(nameField)))).collect(Collectors.toList());
     }
 
@@ -114,7 +129,7 @@ public class XBBController {
 //    根据工单编号查看工单信息
 
 private Long getWorkOrderInfo(@RequestParam String workOrderSerierNO) {
-    JSONArray workOrderList = (JSONArray) xbbClient .getWorkOrderInfo(workOrderSerierNO).get("list");
+    JSONArray workOrderList = (JSONArray) xbbClient.getWorkOrderInfo(workOrderSerierNO).get("list");
     Map workOrderNo = (Map) workOrderList.get(0);
     Long dataId = Long.valueOf(workOrderNo.get("dataId").toString());
     return dataId ;
@@ -144,18 +159,10 @@ private Long getWorkOrderInfo(@RequestParam String workOrderSerierNO) {
         }
     }
 
-
-
-    @Autowired
-    private DDClient ddClient;
-
-    @Autowired
-    private DDClient_Contacts ddClient_contacts;
-
     @PostMapping("test")
     McR test() {
 
-        ddClient_contacts.getUserInfoById(ddClient.getAccessToken(), "16608972969409067");
+        ddClientContacts.getUserInfoById(ddClient.getAccessToken(), "16608972969409067");
         return McR.success();
     }
 }