企微管理员校验

haoban-manage3-web/src/main/java/com/gic/haoban/manage/web/controller/AdminController.java

@@ -45,6 +45,10 @@ public class AdminController extends WebBaseController {
     @RequestMapping("admin-list")
     public HaobanResponse adminList() {
         WebLoginDTO login = AuthWebRequestUtil.getLoginUser();
+        String staffId = login.getStaffId() ;
+        if(StringUtils.isBlank(staffId)) {
+            return this.resultResponse(HaoBanErrCode.ERR_10030) ;
+        }
         String wxEnterpriseId = login.getWxEnterpriseId();
         WxApplicationDTO application = wxApplicationApiService.selectByWxEnterpriseIdAndApplicationType(wxEnterpriseId, 2);
         WxEnterpriseDTO enterprise = wxEnterpriseApiService.getOne(wxEnterpriseId);
@@ -63,10 +67,6 @@ public class AdminController extends WebBaseController {
         List<StaffDTO> list = new ArrayList<>();
         List<AdminVO> resultList = new ArrayList<>();
         if (CollectionUtils.isNotEmpty(openUserIds)) {
-            String staffId = login.getStaffId() ;
-            if(StringUtils.isBlank(staffId)) {
-                return this.resultResponse(HaoBanErrCode.ERR_10030) ;
-            }
             if (corpid.length() > 20) {
                 logger.info("OpenUserIds");
                 list = staffApiService.listByOpenUserIdsAndWxEnterpriseId(openUserIds, wxEnterpriseId);

haoban-manage3-web/src/main/java/com/gic/haoban/manage/web/controller/DepartmentContoller.java

 package com.gic.haoban.manage.web.controller;
 
-import cn.hutool.core.collection.CollectionUtil;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
 import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
 import com.gic.api.base.commons.Page;
 import com.gic.clerk.api.dto.ClerkDTO;
 import com.gic.clerk.api.dto.ClerkListDTO;
@@ -24,21 +39,20 @@ import com.gic.haoban.manage.api.dto.DepartmentDTO;
 import com.gic.haoban.manage.api.dto.DepartmentShortDTO;
 import com.gic.haoban.manage.api.dto.StaffDTO;
 import com.gic.haoban.manage.api.dto.StaffDepartmentRelatedDTO;
+import com.gic.haoban.manage.api.dto.WxApplicationDTO;
+import com.gic.haoban.manage.api.dto.WxEnterpriseDTO;
 import com.gic.haoban.manage.api.service.DepartmentApiService;
 import com.gic.haoban.manage.api.service.StaffApiService;
 import com.gic.haoban.manage.api.service.StaffDepartmentRelatedApiService;
+import com.gic.haoban.manage.api.service.WxApplicationApiService;
+import com.gic.haoban.manage.api.service.WxEnterpriseApiService;
 import com.gic.haoban.manage.web.errCode.HaoBanErrCode;
 import com.gic.haoban.manage.web.vo.DepartmentChainVO;
 import com.gic.haoban.manage.web.vo.DepartmentVO;
 import com.gic.redis.data.util.RedisUtil;
-import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import com.gic.wechat.api.service.qywx.QywxSuiteApiService;
 
-import java.util.*;
+import cn.hutool.core.collection.CollectionUtil;
 
 @RestController
 public class DepartmentContoller extends WebBaseController {
@@ -46,20 +60,24 @@ public class DepartmentContoller extends WebBaseController {
     private static final Logger logger = LoggerFactory.getLogger(DepartmentContoller.class);
     @Autowired
     private DepartmentApiService departmentApiService;
-
     @Autowired
     private StoreGroupService storeGroupService;
     @Autowired
     private StoreService storeService;
     @Autowired
     private StaffApiService staffApiService;
-
     @Autowired
     private EnterpriseService enterpriseService;
     @Autowired
     private ClerkService clerkService;
     @Autowired
     private StaffDepartmentRelatedApiService staffDepartmentRelatedApiService;
+    @Autowired
+    private WxApplicationApiService wxApplicationApiService ;
+    @Autowired
+    private WxEnterpriseApiService wxEnterpriseApiService ;
+    @Autowired
+    private QywxSuiteApiService qywxSuiteApiService ;
 
 
     @RequestMapping("department-list")
@@ -420,6 +438,9 @@ public class DepartmentContoller extends WebBaseController {
      */
     @RequestMapping("department-list-cache")
     public HaobanResponse departmentCachelist() {
+        if(!isAdmin()) {
+            return this.resultResponse(HaoBanErrCode.ERR_10030) ;
+        }
         WebLoginDTO login = AuthWebRequestUtil.getLoginUser();
         String wxEnterpriseId = login.getWxEnterpriseId();
         if (StringUtils.isBlank(wxEnterpriseId)) {
@@ -434,5 +455,33 @@ public class DepartmentContoller extends WebBaseController {
             return resultResponse(HaoBanErrCode.ERR_1, cache);
         }
     }
+    
+    private boolean isAdmin(){
+        WebLoginDTO login = AuthWebRequestUtil.getLoginUser();
+        String staffId = login.getStaffId() ;
+        if(StringUtils.isBlank(staffId)) {
+            return false ;
+        }
+        String wxEnterpriseId = login.getWxEnterpriseId();
+        WxApplicationDTO application = wxApplicationApiService.selectByWxEnterpriseIdAndApplicationType(wxEnterpriseId, 2);
+        WxEnterpriseDTO enterprise = wxEnterpriseApiService.getOne(wxEnterpriseId);
+        String corpid = enterprise.getCorpid();
+        logger.info("【管理员查询】corpid={},siteId={},agentId={}", corpid, application.getSiteId(), application.getAgentId());
+        String adminList = qywxSuiteApiService.getAdminList(corpid, application.getSiteId(), Integer.parseInt(application.getAgentId()));
+        logger.info("【管理员查询】userIds={}", JSON.toJSONString(adminList));
+        List<String> openUserIds = new ArrayList<>();
+        if (StringUtils.isNotBlank(adminList)) {
+            JSONArray jsonArr = JSON.parseArray(adminList);
+            for (Object object : jsonArr) {
+                JSONObject json = JSON.parseObject(JSON.toJSONString(object));
+                openUserIds.add(json.getString("userid"));
+            }
+        }
+        StaffDTO staff = this.staffApiService.selectById(staffId) ;
+        if(openUserIds.contains(staff.getWxUserId()) || openUserIds.contains(staff.getWxOpenUseId())) {
+            return true ;
+        }
+        return false ;
+    }
 
 }

haoban-manage3-web/src/main/java/com/gic/haoban/manage/web/controller/StaffController.java

@@ -562,6 +562,10 @@ public class StaffController extends WebBaseController {
     
     private boolean isAdmin(){
         WebLoginDTO login = AuthWebRequestUtil.getLoginUser();
+        String staffId = login.getStaffId() ;
+        if(StringUtils.isBlank(staffId)) {
+            return false ;
+        }
         String wxEnterpriseId = login.getWxEnterpriseId();
         WxApplicationDTO application = wxApplicationApiService.selectByWxEnterpriseIdAndApplicationType(wxEnterpriseId, 2);
         WxEnterpriseDTO enterprise = wxEnterpriseApiService.getOne(wxEnterpriseId);
@@ -577,10 +581,6 @@ public class StaffController extends WebBaseController {
                 openUserIds.add(json.getString("userid"));
             }
         }
-        String staffId = login.getStaffId() ;
-        if(StringUtils.isBlank(staffId)) {
-            return false ;
-        }
         StaffDTO staff = this.staffApiService.selectById(staffId) ;
         if(openUserIds.contains(staff.getWxUserId()) || openUserIds.contains(staff.getWxOpenUseId())) {
             return true ;