pms 部门数据权限增强 部门数据权限自动拼接仅本人数据权限

yudao-framework/yudao-spring-boot-starter-biz-data-permission/src/main/java/cn/iocoder/yudao/framework/datapermission/core/rule/dept/DeptDataPermissionRule.java

@@ -1,6 +1,7 @@
 package cn.iocoder.yudao.framework.datapermission.core.rule.dept;
 
 import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
@@ -124,9 +125,13 @@ public class DeptDataPermissionRule implements DataPermissionRule {
             return new EqualsTo(null, null); // WHERE null = null，可以保证返回的数据为空
         }
 
+        // 强制添加本人权限（除非已经是"仅本人权限"场景）
+        boolean forceSelf = !deptDataPermission.getSelf()
+                && CollectionUtil.isNotEmpty(deptDataPermission.getDeptIds());
+
         // 情况三，拼接 Dept 和 User 的条件，最后组合
         Expression deptExpression = buildDeptExpression(tableName,tableAlias, deptDataPermission.getDeptIds());
-        Expression userExpression = buildUserExpression(tableName, tableAlias, deptDataPermission.getSelf(), loginUser.getId());
+        Expression userExpression = buildUserExpression(tableName, tableAlias, deptDataPermission.getSelf() || forceSelf, loginUser.getId());
         if (deptExpression == null && userExpression == null) {
             // TODO 芋艿：获得不到条件的时候，暂时不抛出异常，而是不返回数据
             log.warn("[getExpression][LoginUser({}) Table({}/{}) DeptDataPermission({}) 构建的条件为空]",

yudao-module-pms/yudao-module-pms-biz/src/main/java/cn/iocoder/yudao/module/pms/config/PmsDataPermissionConfiguration.java

@@ -37,25 +37,33 @@ public class PmsDataPermissionConfiguration {
             rule.addDeptColumn(DeptDO.class, "id");
             rule.addDeptColumn(SupplierDO.class, "dept_id");
             rule.addDeptColumn(IotTreeDO.class,"dept_id");
+
             rule.addDeptColumn(IotDeviceDO.class,"dept_id");
+            rule.addUserColumn(IotDeviceDO.class, "creator");
+
             rule.addDeptColumn(IotFailureReportDO.class,"dept_id");
             rule.addDeptColumn(IotInfoDO.class, "dept_id");
             rule.addDeptColumn(IotMaintainDO.class,"dept_id");
             rule.addDeptColumn(IotInformationDbDO.class,"dept_id");
+
             rule.addDeptColumn(IotMainWorkOrderDO.class,"dept_id");
+            rule.addUserColumn(IotMainWorkOrderDO.class, "creator");
+
             rule.addDeptColumn(IotInspectItemDO.class,"dept_id");
             rule.addDeptColumn(IotInspectRouteDO.class,"dept_id");
             rule.addDeptColumn(IotInspectPlanDO.class, "dept_id");
+
             rule.addDeptColumn(IotInspectOrderDO.class, "dept_id");
+            rule.addUserColumn(IotInspectOrderDO.class, "creator");
+
             rule.addDeptColumn(IotLockStockDO.class, "dept_id");
-            rule.addDeptColumn(IotMainWorkOrderDO.class, "dept_id");
+
             rule.addDeptColumn(IotMaintenancePlanDO.class, "dept_id");
             rule.addDeptColumn(IotSapStockDO.class, "dept_id");
+
             // user
-//            rule.addUserColumn(SupplierDO.class);
             rule.addUserColumn(AdminUserDO.class, "id");
-//            rule.addUserColumn(SupplierDO.class, "creator");
-
+            rule.addUserColumn(SupplierDO.class, "creator");
         };
     }