From 0db58617b0fbb92adb315aafd71ab86ba8848c96 Mon Sep 17 00:00:00 2001
From: jhz <jinghz@oceic.com>
Date: 星期二, 09 八月 2022 16:52:50 +0800
Subject: [PATCH] 器具规程保存时权限判定有问题,递入的用户错误
---
WebAPI/Controllers/BaseSet/Gy_CustomerController.cs | 54 ++++++++++++++++++++++++++++++++----------------------
1 files changed, 32 insertions(+), 22 deletions(-)
diff --git a/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs b/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs
index 3db4fde..5f65cea 100644
--- a/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs
+++ b/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs
@@ -25,36 +25,35 @@
/// </summary>
[Route("Gy_Customer/list")]
[HttpGet]
- public object list(string sWhere)
+ public object list(string sWhere,string user, string Organization)
{
try
{
- if (sWhere == null || sWhere.Equals(""))
- {
- ds = oCN.RunProcReturn("select * from h_v_Gy_CustomerList " + sWhere + " order by HItemID desc", "h_v_Gy_CustomerList");
- }
- else
- {
- string sql1 = "select * from h_v_Gy_CustomerList where 1 = 1 ";
- string sql = sql1 + sWhere + " order by HItemID desc";
- ds = oCN.RunProcReturn(sql, "h_v_Gy_CustomerList");
- }
- if (ds == null || ds.Tables[0].Rows.Count == 0)
+ //缂栬緫鏉冮檺
+ if (!DBUtility.ClsPub.Security_Log_second("Crm_CustomerFileList", 1, false, user))
{
objJsonResult.code = "0";
objJsonResult.count = 0;
- objJsonResult.Message = "false锛�";
+ objJsonResult.Message = "鏃犳煡鐪嬫潈闄愶紒";
objJsonResult.data = null;
return objJsonResult;
}
+ string sql1 = string.Format(@"select * from h_v_Gy_CustomerList where 缁勭粐鍚嶇О='" + Organization + "'");
+ if (sWhere == null || sWhere.Equals(""))
+ {
+ ds = oCN.RunProcReturn(sql1 + sWhere + " order by 瀹㈡埛浠g爜 ", "h_v_Gy_CustomerList");
+ }
else
{
- objJsonResult.code = "1";
- objJsonResult.count = 1;
- objJsonResult.Message = "Sucess锛�";
- objJsonResult.data = ds.Tables[0];
- return objJsonResult;
+ string sql = sql1 + sWhere + " order by 瀹㈡埛浠g爜 ";
+ ds = oCN.RunProcReturn(sql, "h_v_Gy_CustomerList");
}
+
+ objJsonResult.code = "1";
+ objJsonResult.count = 1;
+ objJsonResult.Message = "Sucess锛�";
+ objJsonResult.data = ds.Tables[0];
+ return objJsonResult;
}
catch (Exception e)
{
@@ -176,14 +175,25 @@
try
{
var _value = oMain["oMain"].ToString();
- string msg1 = _value.ToString();
+ string msg3 = _value.ToString();
+ string[] sArray = msg3.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries);
+ string msg1 = sArray[0].ToString();
+ string msg2 = sArray[1].ToString();
//鍙嶅簭鍒楀寲
msg1 = "[" + msg1.ToString() + "]";
DAL.ClsGy_Customer_Ctl oDept = new DAL.ClsGy_Customer_Ctl();
DAL.ClsGy_Customer_View oDeptHlp = new DAL.ClsGy_Customer_View();
-
+ //缂栬緫鏉冮檺
+ if (!DBUtility.ClsPub.Security_Log_second("Gy_Customer_Edit", 1, false, msg2))
+ {
+ objJsonResult.code = "0";
+ objJsonResult.count = 0;
+ objJsonResult.Message = "鏃犱繚瀛樻潈闄愶紒";
+ objJsonResult.data = null;
+ return objJsonResult;
+ }
List<Customer> list = Newtonsoft.Json.JsonConvert.DeserializeObject<List<Customer>>(msg1);
@@ -371,7 +381,7 @@
//鍒ゆ柇鏉冮檺
- if (!ClsPub.Security_Log(msg5, 1, true, msg4))
+ if (!ClsPub.Security_Log(msg5, 1, false, msg4))
{
objJsonResult.code = "0";
objJsonResult.count = 0;
@@ -464,7 +474,7 @@
DAL.ClsGy_Customer_View oDeptHlp = new DAL.ClsGy_Customer_View();
try
{
- if (!DBUtility.ClsPub.Security_Log(ModRightNameDelete, 1, true, User))
+ if (!DBUtility.ClsPub.Security_Log(ModRightNameDelete, 1, false, User))
{
objJsonResult.code = "0";
objJsonResult.count = 0;
--
Gitblit v1.9.1