客户信息、客户资信：业务员，办事处内勤，办事处主管，区域负责人-各办事处只能看到各办事处的客户信息、客户资信（精确到区域）

@@ -2,6 +2,7 @@ package com.lframework.xingyun.basedata.controller;
 
 import com.lframework.starter.common.exceptions.impl.DefaultClientException;
 import com.lframework.starter.common.utils.CollectionUtil;
+import com.lframework.starter.web.core.components.security.SecurityUtil;
 import com.lframework.starter.web.core.annotations.security.HasPermission;
 import com.lframework.starter.web.core.controller.DefaultBaseController;
 import com.lframework.starter.web.core.components.resp.InvokeResult;
@@ -9,6 +10,12 @@ import com.lframework.starter.web.core.components.resp.InvokeResultBuilder;
 import com.lframework.starter.web.core.components.resp.PageResult;
 import com.lframework.starter.web.core.utils.ExcelUtil;
 import com.lframework.starter.web.core.utils.PageResultUtil;
+import com.lframework.starter.web.inner.entity.SysDept;
+import com.lframework.starter.web.inner.entity.SysRole;
+import com.lframework.starter.web.inner.entity.SysUserDept;
+import com.lframework.starter.web.inner.service.system.SysDeptService;
+import com.lframework.starter.web.inner.service.system.SysRoleService;
+import com.lframework.starter.web.inner.service.system.SysUserDeptService;
 import com.lframework.xingyun.basedata.bo.customer.GetCustomerBo;
 import com.lframework.xingyun.basedata.bo.customer.QueryCustomerBo;
 import com.lframework.xingyun.basedata.entity.Customer;
@@ -22,12 +29,17 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 import javax.validation.Valid;
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -51,6 +63,12 @@ public class CustomerController extends DefaultBaseController {
 
   @Autowired
   private CustomerService customerService;
+  @Autowired
+  private SysRoleService sysRoleService;
+  @Autowired
+  private SysUserDeptService sysUserDeptService;
+  @Autowired
+  private SysDeptService sysDeptService;
 
   /**
    * 客户列表
@@ -60,6 +78,8 @@ public class CustomerController extends DefaultBaseController {
       "base-data:customer:modify"})
   @GetMapping("/query")
   public InvokeResult<PageResult<QueryCustomerBo>> query(@Valid QueryCustomerVo vo) {
+    //查询数据权限
+    applyQueryPermission(vo);
 
     PageResult<Customer> pageResult = customerService.query(getPageIndex(vo), getPageSize(vo), vo);
 
@@ -73,6 +93,100 @@ public class CustomerController extends DefaultBaseController {
     return InvokeResultBuilder.success(PageResultUtil.rebuild(pageResult, results));
   }
 
+  private void applyQueryPermission(QueryCustomerVo vo) {
+    String currentUserId = SecurityUtil.getCurrentUser().getId();
+    List<SysRole> roles = sysRoleService.getByUserId(currentUserId);
+    if (CollectionUtil.isEmpty(roles)) {
+      return;
+    }
+
+    List<String> roleCodes = roles.stream().map(SysRole::getCode).collect(Collectors.toList());
+    //业务员，办事处内勤，办事处主管，区域负责人只能看到本区域（办事处）数据
+    boolean needControl = roleCodes.contains("ywy")
+        || roleCodes.contains("bscnq")
+        || roleCodes.contains("bsczg")
+        || roleCodes.contains("qyfzr");
+    if (!needControl) {
+      return;
+    }
+
+    DeptScope scope = resolveDeptScope(currentUserId);
+    if (scope == null) {
+      vo.setCreateByIds(Collections.singletonList(currentUserId));
+      return;
+    }
+
+    String scopeDeptId = StringUtils.isNotBlank(scope.getRegionId())
+        ? scope.getRegionId() : scope.getOfficeDeptId();
+    if (StringUtils.isBlank(scopeDeptId)) {
+      vo.setCreateByIds(Collections.singletonList(currentUserId));
+      return;
+    }
+
+    List<String> createByIds = sysUserDeptService.listAllUserByDeptId(scopeDeptId, Boolean.TRUE);
+    if (CollectionUtil.isEmpty(createByIds)) {
+      vo.setCreateByIds(Collections.singletonList(currentUserId));
+      return;
+    }
+    vo.setCreateByIds(createByIds.stream().distinct().collect(Collectors.toList()));
+  }
+
+  private DeptScope resolveDeptScope(String userId) {
+    List<SysUserDept> userDeptList = sysUserDeptService.getByUserId(userId);
+    if (CollectionUtil.isEmpty(userDeptList)) {
+      return null;
+    }
+
+    Set<String> officeCodes = new HashSet<>(Arrays.asList("BF", "CZ", "DG", "FS", "NB", "SZ", "WZ", "ZT", "WM"));
+    for (SysUserDept userDept : userDeptList) {
+      String deptId = userDept.getDeptId();
+      if (StringUtils.isBlank(deptId)) {
+        continue;
+      }
+
+      SysDept current = sysDeptService.findById(deptId);
+      SysDept child = null;
+      while (current != null) {
+        if (officeCodes.contains(current.getCode())) {
+          DeptScope scope = new DeptScope();
+          scope.setOfficeDeptId(current.getId());
+          if (child != null && !officeCodes.contains(child.getCode())) {
+            scope.setRegionId(child.getId());
+          }
+          return scope;
+        }
+        child = current;
+        if (StringUtils.isBlank(current.getParentId())) {
+          break;
+        }
+        current = sysDeptService.findById(current.getParentId());
+      }
+    }
+
+    return null;
+  }
+
+  private static class DeptScope {
+    private String officeDeptId;
+    private String regionId;
+
+    public String getOfficeDeptId() {
+      return officeDeptId;
+    }
+
+    public void setOfficeDeptId(String officeDeptId) {
+      this.officeDeptId = officeDeptId;
+    }
+
+    public String getRegionId() {
+      return regionId;
+    }
+
+    public void setRegionId(String regionId) {
+      this.regionId = regionId;
+    }
+  }
+
   /**
    * 查询客户
    */

@@ -4,6 +4,7 @@ import com.lframework.starter.web.core.vo.BaseVo;
 import com.lframework.starter.web.core.vo.SortPageVo;
 import io.swagger.annotations.ApiModelProperty;
 import java.io.Serializable;
+import java.util.List;
 import lombok.Data;
 
 @Data
@@ -42,4 +43,10 @@ public class QueryCustomerVo extends SortPageVo implements BaseVo, Serializable
    */
   @ApiModelProperty("来源")
   private String source;
+
+  /**
+   * 创建人ID集合
+   */
+  @ApiModelProperty("创建人ID集合")
+  private List<String> createByIds;
 }

@@ -22,6 +22,7 @@
         <result column="account_no" property="accountNo"/>
         <result column="available" property="available"/>
         <result column="description" property="description"/>
+        <result column="create_by_id" property="createById"/>
         <result column="create_by" property="createBy"/>
         <result column="create_time" property="createTime"/>
         <result column="update_by" property="updateBy"/>
@@ -49,6 +50,7 @@
             c.account_no,
             c.available,
             c.description,
+            c.create_by_id,
             c.create_by,
             c.create_time,
             c.update_by,
@@ -69,6 +71,12 @@
                 <if test="vo.available != null">
                     AND c.available = #{vo.available}
                 </if>
+                <if test="vo.createByIds != null and vo.createByIds.size() > 0">
+                    AND c.create_by_id IN
+                    <foreach collection="vo.createByIds" item="createById" open="(" separator="," close=")">
+                        #{createById}
+                    </foreach>
+                </if>
                 <choose>
                     <when test="vo.source == 'CUSTOMER_CREDIT'">
                         AND NOT EXISTS (

@@ -16,7 +16,13 @@ import com.lframework.starter.web.core.controller.DefaultBaseController;
 import com.lframework.starter.web.core.utils.ExcelUtil;
 import com.lframework.starter.web.core.utils.JsonUtil;
 import com.lframework.starter.web.inner.bo.system.user.QuerySysUserBo;
+import com.lframework.starter.web.inner.entity.SysDept;
+import com.lframework.starter.web.inner.entity.SysRole;
 import com.lframework.starter.web.inner.entity.SysUser;
+import com.lframework.starter.web.inner.entity.SysUserDept;
+import com.lframework.starter.web.inner.service.system.SysDeptService;
+import com.lframework.starter.web.inner.service.system.SysRoleService;
+import com.lframework.starter.web.inner.service.system.SysUserDeptService;
 import com.lframework.starter.web.inner.service.system.SysUserService;
 import com.lframework.xingyun.basedata.entity.Customer;
 import com.lframework.xingyun.basedata.service.customer.CustomerService;
@@ -45,6 +51,7 @@ import io.swagger.annotations.ApiOperation;
 import com.lframework.starter.common.utils.CollectionUtil;
 import io.swagger.annotations.Api;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.scheduling.annotation.Scheduled;
@@ -81,6 +88,12 @@ public class CustomerCreditController extends DefaultBaseController {
     private CorePersonnelService corePersonnelService;
     @Resource
     private SysUserService sysUserService;
+    @Resource
+    private SysRoleService sysRoleService;
+    @Resource
+    private SysUserDeptService sysUserDeptService;
+    @Resource
+    private SysDeptService sysDeptService;
     @Autowired
     private RedisHandler redisHandler;
     @Value("${customer.credit.export:/web/service/erp/xingyun/export/templates/}")
@@ -99,6 +112,8 @@ public class CustomerCreditController extends DefaultBaseController {
     @HasPermission({"customer-credit-manage:customer-credit-plan:query"})
     @GetMapping("/query")
     public InvokeResult<PageResult<GetCustomerCreditBo>> query(@Valid QueryCustomerCreditVo vo) {
+        //数据查询权限
+        applyQueryPermission(vo);
 
         PageResult<CustomerCredit> pageResult = customerCreditService.query(getPageIndex(vo), getPageSize(vo), vo);
 
@@ -137,6 +152,96 @@ public class CustomerCreditController extends DefaultBaseController {
         return InvokeResultBuilder.success(PageResultUtil.rebuild(pageResult, results));
     }
 
+    private void applyQueryPermission(QueryCustomerCreditVo vo) {
+        String currentUserId = SecurityUtil.getCurrentUser().getId();
+        List<SysRole> roles = sysRoleService.getByUserId(currentUserId);
+        if (CollectionUtil.isEmpty(roles)) {
+            return;
+        }
+
+        List<String> roleCodes = roles.stream().map(SysRole::getCode).collect(Collectors.toList());
+        DeptScope scope = resolveDeptScope(currentUserId);
+        if (scope == null) {
+            return;
+        }
+
+        //业务员，办事处内勤，办事处主管，区域负责人只能看到本区域（办事处）数据
+        boolean needControl = roleCodes.contains("ywy")
+                || roleCodes.contains("bscnq")
+                || roleCodes.contains("bsczg")
+                || roleCodes.contains("qyfzr");
+        if (!needControl) {
+            return;
+        }
+
+        if (StringUtils.isNotBlank(scope.getRegionId())) {
+            vo.setRegion(scope.getRegionId());
+            vo.setDeptId(null);
+            return;
+        }
+
+        if (StringUtils.isNotBlank(scope.getOfficeDeptId())) {
+            vo.setDeptId(scope.getOfficeDeptId());
+            vo.setRegion(null);
+        }
+    }
+
+    private DeptScope resolveDeptScope(String userId) {
+        List<SysUserDept> userDeptList = sysUserDeptService.getByUserId(userId);
+        if (CollectionUtil.isEmpty(userDeptList)) {
+            return null;
+        }
+
+        Set<String> officeCodes = new HashSet<>(Arrays.asList("BF", "CZ", "DG", "FS", "NB", "SZ", "WZ", "ZT", "WM"));
+        for (SysUserDept userDept : userDeptList) {
+            String deptId = userDept.getDeptId();
+            if (StringUtils.isBlank(deptId)) {
+                continue;
+            }
+
+            SysDept current = sysDeptService.findById(deptId);
+            SysDept child = null;
+            while (current != null) {
+                if (officeCodes.contains(current.getCode())) {
+                    DeptScope scope = new DeptScope();
+                    scope.setOfficeDeptId(current.getId());
+                    if (child != null && !officeCodes.contains(child.getCode())) {
+                        scope.setRegionId(child.getId());
+                    }
+                    return scope;
+                }
+                child = current;
+                if (StringUtils.isBlank(current.getParentId())) {
+                    break;
+                }
+                current = sysDeptService.findById(current.getParentId());
+            }
+        }
+
+        return null;
+    }
+
+    private static class DeptScope {
+        private String officeDeptId;
+        private String regionId;
+
+        public String getOfficeDeptId() {
+            return officeDeptId;
+        }
+
+        public void setOfficeDeptId(String officeDeptId) {
+            this.officeDeptId = officeDeptId;
+        }
+
+        public String getRegionId() {
+            return regionId;
+        }
+
+        public void setRegionId(String regionId) {
+            this.regionId = regionId;
+        }
+    }
+
     /**
      * 根据ID查询
      */