DeXun/fad_oa
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(flow): 修复流程任务权限校验问题

Browse Source 
- 添加 LoginHelper 导入用于获取当前用户ID
- 实现任务审批权限校验逻辑
- 阻止非任务审批人的用户进行审批操作
- 抛出明确的权限错误提示信息
This commit is contained in:
Joshi
2026-04-11 17:27:53 +08:00
parent 0ec27271e8
commit fcdead9bf4
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
fad-hrm/src/main/java/com/ruoyi/hrm/service/impl/HrmFlowTaskServiceImpl.java
View File

@@ -8,6 +8,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import com.ruoyi.common.core.domain.PageQuery; import com.ruoyi.common.core.domain.PageQuery;
import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.core.service.UserService; import com.ruoyi.common.core.service.UserService;
import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.hrm.domain.*; import com.ruoyi.hrm.domain.*;
import com.ruoyi.hrm.domain.bo.HrmFlowTaskBo; import com.ruoyi.hrm.domain.bo.HrmFlowTaskBo;
import com.ruoyi.hrm.domain.bo.HrmSealStampBo; import com.ruoyi.hrm.domain.bo.HrmSealStampBo;
@@ -144,6 +145,11 @@ public class HrmFlowTaskServiceImpl implements IHrmFlowTaskService {
if (task == null) { if (task == null) {
return false; return false;
} }
// 权限校验:当前登录用户必须是任务的审批人
Long currentUserId = LoginHelper.getUserId();
if (currentUserId != null && !currentUserId.equals(task.getAssigneeUserId())) {
throw new RuntimeException("不是当前任务的审批人,不能审批该任务");
}
HrmFlowInstance inst = instanceMapper.selectById(task.getInstId()); HrmFlowInstance inst = instanceMapper.selectById(task.getInstId());
if (inst == null) { if (inst == null) {
return false; return false;