update

mec-web/src/main/java/com/ym/mec/web/controller/EmployeeController.java

@@ -14,7 +14,9 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.Arrays;
 import java.util.Date;
+import java.util.List;
 
 /**
  * @Author Joburgess
@@ -39,12 +41,17 @@ public class EmployeeController extends BaseController {
             return failed("用户信息获取失败");
         }
 		if (!sysUser.getIsSuperAdmin()) {
+            Employee employee = employeeService.get(sysUser.getId());
 			if (StringUtils.isEmpty(queryInfo.getOrganId())) {
-				Employee employee = employeeService.get(sysUser.getId());
 				queryInfo.setOrganId(employee.getOrganIdList());
-			}
-		} else {
-			queryInfo.setOrganId(null);
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(queryInfo.getOrganId())){
+                    return failed("用户所在分部异常");
+                }
+            }
 		}
         return succeed(employeeService.queryEmployByOrganId(queryInfo));
     }

mec-web/src/main/java/com/ym/mec/web/controller/MusicGroupController.java

@@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 import java.util.Set;
@@ -97,9 +98,16 @@ public class MusicGroupController extends BaseController {
 			return failed("用户信息获取失败");
 		}
 		if(!sysUser.getIsSuperAdmin()){
-			if(StringUtils.isEmpty(queryInfo.getOrganId())){
-				Employee employee = employeeDao.get(sysUser.getId());
+			Employee employee = employeeDao.get(sysUser.getId());
+			if (StringUtils.isEmpty(queryInfo.getOrganId())) {
 				queryInfo.setOrganId(employee.getOrganIdList());
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+				return failed("用户所在分部异常");
+			}else {
+				List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+				if(!list.contains(queryInfo.getOrganId())){
+					return failed("用户所在分部异常");
+				}
 			}
 		}
 		return succeed(musicGroupService.queryMusicGroupPage(queryInfo));

mec-web/src/main/java/com/ym/mec/web/controller/StudentApplyRefundsController.java

@@ -18,6 +18,9 @@ import com.ym.mec.biz.dal.page.StudentApplyrefundsQueryInfo;
 import com.ym.mec.biz.service.StudentApplyRefundsService;
 import com.ym.mec.common.controller.BaseController;
 
+import java.util.Arrays;
+import java.util.List;
+
 @RequestMapping("studentRefunds")
 @Api(tags = "退费服务")
 @RestController
@@ -41,12 +44,17 @@ public class StudentApplyRefundsController extends BaseController {
 			return failed("用户信息获取失败");
 		}
 		if(!sysUser.getIsSuperAdmin()){
-			if(StringUtils.isEmpty(queryInfo.getOrganId())){
-				Employee employee = employeeDao.get(sysUser.getId());
+			Employee employee = employeeDao.get(sysUser.getId());
+			if (StringUtils.isEmpty(queryInfo.getOrganId())) {
 				queryInfo.setOrganId(employee.getOrganIdList());
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+				return failed("用户所在分部异常");
+			}else {
+				List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+				if(!list.contains(queryInfo.getOrganId())){
+					return failed("用户所在分部异常");
+				}
 			}
-		} else {
-			queryInfo.setOrganId(null);
 		}
         return succeed(studentApplyRefundsService.queryPage(queryInfo));
     }

mec-web/src/main/java/com/ym/mec/web/controller/StudentManageController.java

@@ -27,6 +27,9 @@ import com.ym.mec.biz.service.StudentManageService;
 import com.ym.mec.biz.service.StudentRegistrationService;
 import com.ym.mec.common.controller.BaseController;
 
+import java.util.Arrays;
+import java.util.List;
+
 @Api(tags = "学生管理")
 @RequestMapping("studentManage")
 @RestController
@@ -50,9 +53,16 @@ public class StudentManageController extends BaseController {
             return failed("用户信息获取失败");
         }
         if(!sysUser.getIsSuperAdmin()){
-            if(StringUtils.isEmpty(queryInfo.getOrganId())){
-                Employee employee = employeeDao.get(sysUser.getId());
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
                 queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(queryInfo.getOrganId())){
+                    return failed("用户所在分部异常");
+                }
             }
         }
         return succeed(studentManageService.findStudentsByOrganId(queryInfo));

mec-web/src/main/java/com/ym/mec/web/controller/StudentPaymentOrderController.java

@@ -20,6 +20,9 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Arrays;
+import java.util.List;
+
 @RequestMapping("order")
 @Api(tags = "订单服务")
 @RestController
@@ -49,13 +52,18 @@ public class StudentPaymentOrderController extends BaseController {
             return failed("用户信息获取失败");
         }
         if(!sysUser.getIsSuperAdmin()){
-            if(StringUtils.isEmpty(queryInfo.getOrganId())){
-                Employee employee = employeeDao.get(sysUser.getId());
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
                 queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(queryInfo.getOrganId())){
+                    return failed("用户所在分部异常");
+                }
             }
-        } else {
-			queryInfo.setOrganId(null);
-		}
+        }
         if(hiddenMode){
             queryInfo.setPaymentChannel(channel);
         }

mec-web/src/main/java/com/ym/mec/web/controller/StudentRechargeController.java

@@ -19,6 +19,9 @@ import com.ym.mec.biz.dal.page.StudentRechargeQueryInfo;
 import com.ym.mec.biz.service.StudentRechargeService;
 import com.ym.mec.common.controller.BaseController;
 
+import java.util.Arrays;
+import java.util.List;
+
 @RequestMapping("studentRecharge")
 @Api(tags = "充值服务")
 @RestController
@@ -42,12 +45,17 @@ public class StudentRechargeController extends BaseController {
 			return failed("用户信息获取失败");
 		}
 		if(!sysUser.getIsSuperAdmin()){
-			if(StringUtils.isEmpty(queryInfo.getOrganId())){
-				Employee employee = employeeDao.get(sysUser.getId());
+			Employee employee = employeeDao.get(sysUser.getId());
+			if (StringUtils.isEmpty(queryInfo.getOrganId())) {
 				queryInfo.setOrganId(employee.getOrganIdList());
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+				return failed("用户所在分部异常");
+			}else {
+				List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+				if(!list.contains(queryInfo.getOrganId())){
+					return failed("用户所在分部异常");
+				}
 			}
-		} else {
-			queryInfo.setOrganId(null);
 		}
 		return succeed(studentRechargeService.queryPage(queryInfo));
 	}

mec-web/src/main/java/com/ym/mec/web/controller/StudentWithdrawController.java

@@ -21,6 +21,9 @@ import com.ym.mec.biz.dal.enums.TransTypeEnum;
 import com.ym.mec.biz.service.StudentWithdrawService;
 import com.ym.mec.common.controller.BaseController;
 
+import java.util.Arrays;
+import java.util.List;
+
 @RequestMapping("studentWithdraw")
 @Api(tags = "提现服务")
 @RestController
@@ -52,12 +55,17 @@ public class StudentWithdrawController extends BaseController {
 			return failed("用户信息获取失败");
 		}
 		if(!sysUser.getIsSuperAdmin()){
-			if(StringUtils.isEmpty(queryInfo.getOrganId())){
-				Employee employee = employeeDao.get(sysUser.getId());
+			Employee employee = employeeDao.get(sysUser.getId());
+			if (StringUtils.isEmpty(queryInfo.getOrganId())) {
 				queryInfo.setOrganId(employee.getOrganIdList());
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+				return failed("用户所在分部异常");
+			}else {
+				List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+				if(!list.contains(queryInfo.getOrganId())){
+					return failed("用户所在分部异常");
+				}
 			}
-		} else {
-			queryInfo.setOrganId(null);
 		}
 		return succeed(studentWithdrawService.queryPage(queryInfo));
 	}

mec-web/src/main/java/com/ym/mec/web/controller/TeacherController.java

@@ -20,6 +20,9 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Arrays;
+import java.util.List;
+
 @RequestMapping("teacher")
 @Api(tags = "教师服务")
 @RestController
@@ -50,9 +53,16 @@ public class TeacherController extends BaseController {
             return failed("用户信息获取失败");
         }
         if(!sysUser.getIsSuperAdmin()){
-            if(StringUtils.isEmpty(queryInfo.getOrganId())){
-                Employee employee = employeeDao.get(sysUser.getId());
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
                 queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(queryInfo.getOrganId())){
+                    return failed("用户所在分部异常");
+                }
             }
         }
         return succeed(teacherService.queryPageDetail(queryInfo));
@@ -78,8 +88,24 @@ public class TeacherController extends BaseController {
     @ApiOperation(value = "获取分部所有老师")
     @GetMapping("/findTeachers")
     @PreAuthorize("@pcs.hasPermissions('teacher/findTeachers')")
-    public HttpResponseResult findTeachers() {
-        String organId = sysUserFeignService.queryUserInfo().getOrganId();
+    public HttpResponseResult findTeachers(String organId) {
+        SysUser sysUser = sysUserFeignService.queryUserInfo();
+        if (sysUser == null) {
+            return failed("用户信息获取失败");
+        }
+        if(!sysUser.getIsSuperAdmin()){
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(organId)) {
+                organId = employee.getOrganIdList();
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(organId)){
+                    return failed("用户所在分部异常");
+                }
+            }
+        }
         return succeed(teacherService.findTeachers(organId));
     }
 

mec-web/src/main/java/com/ym/mec/web/controller/VipGroupActivityController.java

@@ -18,6 +18,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.Arrays;
+import java.util.List;
 import java.util.Objects;
 
 /**
@@ -53,16 +55,18 @@ public class VipGroupActivityController extends BaseController {
         if(sysUser == null){
             return failed("用户信息获取失败");
         }
-        if(sysUser.getOrganId() != null){
-            queryInfo.setOrganId(sysUser.getOrganId());
-        }
 		if (!sysUser.getIsSuperAdmin()) {
-			if (StringUtils.isEmpty(sysUser.getOrganId())) {
-				Employee employee = employeeDao.get(sysUser.getId());
-				queryInfo.setOrganId(employee.getOrganIdList());
-			}
-		} else {
-			queryInfo.setOrganId(null);
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
+                queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(queryInfo.getOrganId())){
+                    return failed("用户所在分部异常");
+                }
+            }
 		}
         return succeed(vipGroupActivityService.queryPage(queryInfo));
     }

mec-web/src/main/java/com/ym/mec/web/controller/VipGroupCategoryController.java

@@ -17,7 +17,9 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Arrays;
 import java.util.Date;
+import java.util.List;
 
 @Api(tags = "vip课类别")
 @RequestMapping("vipGroupCategory")
@@ -47,12 +49,17 @@ public class VipGroupCategoryController extends BaseController {
 			return failed("用户信息获取失败");
 		}
 		if (!sysUser.getIsSuperAdmin()) {
+			Employee employee = employeeDao.get(sysUser.getId());
 			if (StringUtils.isEmpty(organId)) {
-				Employee employee = employeeDao.get(sysUser.getId());
 				organId = employee.getOrganIdList();
+			}else if(StringUtils.isEmpty(employee.getOrganIdList())){
+				return failed("用户所在分部异常");
+			}else {
+				List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+				if(!list.contains(organId)){
+					return failed("用户所在分部异常");
+				}
 			}
-		} else {
-			organId = null;
 		}
 		return succeed(vipGroupCategoryService.findAllByOrgan(organId));
 	}

mec-web/src/main/java/com/ym/mec/web/controller/VipGroupManageController.java

@@ -29,10 +29,7 @@ import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.*;
 
 import java.math.BigDecimal;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-import java.util.Objects;
+import java.util.*;
 
 /**
  * @Author Joburgess
@@ -84,12 +81,17 @@ public class VipGroupManageController extends BaseController {
             return failed("用户信息获取失败");
         }
         if(!sysUser.getIsSuperAdmin()){
-            if(StringUtils.isEmpty(queryInfo.getOrganId())){
-                Employee employee = employeeDao.get(sysUser.getId());
+            Employee employee = employeeDao.get(sysUser.getId());
+            if (StringUtils.isEmpty(queryInfo.getOrganId())) {
                 queryInfo.setOrganId(employee.getOrganIdList());
+            }else if(StringUtils.isEmpty(employee.getOrganIdList())){
+                return failed("用户所在分部异常");
+            }else {
+                List<String> list = Arrays.asList(employee.getOrganIdList().split(","));
+                if(!list.contains(queryInfo.getOrganId())){
+                    return failed("用户所在分部异常");
+                }
             }
-        } else{
-        	queryInfo.setOrganId(null);
         }
         return succeed(vipGroupService.findVipGroups(queryInfo));
     }