From 0db58617b0fbb92adb315aafd71ab86ba8848c96 Mon Sep 17 00:00:00 2001
From: jhz <jinghz@oceic.com>
Date: 星期二, 09 八月 2022 16:52:50 +0800
Subject: [PATCH] 器具规程保存时权限判定有问题，递入的用户错误

---
 WebAPI/Controllers/BaseSet/Gy_CustomerController.cs |   27 ++++++++++++++++++++++++---
 1 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs b/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs
index 8eef185..5f65cea 100644
--- a/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs
+++ b/WebAPI/Controllers/BaseSet/Gy_CustomerController.cs
@@ -25,10 +25,19 @@
         /// </summary>
         [Route("Gy_Customer/list")]
         [HttpGet]
-        public object list(string sWhere, string Organization)
+        public object list(string sWhere,string user, string Organization)
         {
             try
             {
+                //缂栬緫鏉冮檺
+                if (!DBUtility.ClsPub.Security_Log_second("Crm_CustomerFileList", 1, false, user))
+                {
+                    objJsonResult.code = "0";
+                    objJsonResult.count = 0;
+                    objJsonResult.Message = "鏃犳煡鐪嬫潈闄愶紒";
+                    objJsonResult.data = null;
+                    return objJsonResult;
+                }
                 string sql1 = string.Format(@"select * from h_v_Gy_CustomerList where 缁勭粐鍚嶇О='" + Organization + "'");
                 if (sWhere == null || sWhere.Equals(""))
                 {
@@ -39,6 +48,7 @@
                     string sql = sql1 + sWhere + " order by 瀹㈡埛浠ｇ爜 ";
                     ds = oCN.RunProcReturn(sql, "h_v_Gy_CustomerList");
                 }
+
                 objJsonResult.code = "1";
                 objJsonResult.count = 1;
                 objJsonResult.Message = "Sucess锛�";
@@ -165,14 +175,25 @@
             try
             {
                 var _value = oMain["oMain"].ToString();
-                string msg1 = _value.ToString();
+                string msg3 = _value.ToString();
+                string[] sArray = msg3.Split(new string[] { ";" }, StringSplitOptions.RemoveEmptyEntries);
+                string msg1 = sArray[0].ToString();
+                string msg2 = sArray[1].ToString();
                 //鍙嶅簭鍒楀寲
                 msg1 = "[" + msg1.ToString() + "]";
 
                 DAL.ClsGy_Customer_Ctl oDept = new DAL.ClsGy_Customer_Ctl();
                 DAL.ClsGy_Customer_View oDeptHlp = new DAL.ClsGy_Customer_View();
 
-
+                //缂栬緫鏉冮檺
+                if (!DBUtility.ClsPub.Security_Log_second("Gy_Customer_Edit", 1, false, msg2))
+                {
+                    objJsonResult.code = "0";
+                    objJsonResult.count = 0;
+                    objJsonResult.Message = "鏃犱繚瀛樻潈闄愶紒";
+                    objJsonResult.data = null;
+                    return objJsonResult;
+                }
 
                 List<Customer> list = Newtonsoft.Json.JsonConvert.DeserializeObject<List<Customer>>(msg1);
 

--
Gitblit v1.9.1