From fcdead9bf40ce08e7a15a6c52414397e69f3f026 Mon Sep 17 00:00:00 2001
From: Joshi <3040996759@qq.com>
Date: Sat, 11 Apr 2026 17:27:53 +0800
Subject: [PATCH] =?UTF-8?q?fix(flow):=20=E4=BF=AE=E5=A4=8D=E6=B5=81?=
 =?UTF-8?q?=E7=A8=8B=E4=BB=BB=E5=8A=A1=E6=9D=83=E9=99=90=E6=A0=A1=E9=AA=8C?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 添加 LoginHelper 导入用于获取当前用户ID
- 实现任务审批权限校验逻辑
- 阻止非任务审批人的用户进行审批操作
- 抛出明确的权限错误提示信息
---
 .../com/ruoyi/hrm/service/impl/HrmFlowTaskServiceImpl.java  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fad-hrm/src/main/java/com/ruoyi/hrm/service/impl/HrmFlowTaskServiceImpl.java b/fad-hrm/src/main/java/com/ruoyi/hrm/service/impl/HrmFlowTaskServiceImpl.java
index f944a2c..3a09cd8 100644
--- a/fad-hrm/src/main/java/com/ruoyi/hrm/service/impl/HrmFlowTaskServiceImpl.java
+++ b/fad-hrm/src/main/java/com/ruoyi/hrm/service/impl/HrmFlowTaskServiceImpl.java
@@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.ruoyi.common.core.domain.PageQuery;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.core.service.UserService;
+import com.ruoyi.common.helper.LoginHelper;
 import com.ruoyi.hrm.domain.*;
 import com.ruoyi.hrm.domain.bo.HrmFlowTaskBo;
 import com.ruoyi.hrm.domain.bo.HrmSealStampBo;
@@ -144,6 +145,11 @@ public class HrmFlowTaskServiceImpl implements IHrmFlowTaskService {
         if (task == null) {
             return false;
         }
+        // 权限校验：当前登录用户必须是任务的审批人
+        Long currentUserId = LoginHelper.getUserId();
+        if (currentUserId != null && !currentUserId.equals(task.getAssigneeUserId())) {
+            throw new RuntimeException("不是当前任务的审批人，不能审批该任务");
+        }
         HrmFlowInstance inst = instanceMapper.selectById(task.getInstId());
         if (inst == null) {
             return false;