部分代码审计

yudao-module-md/yudao-module-md-biz/src/main/java/cn/iocoder/yudao/module/md/controller/admin/AcsController.java

@@ -71,6 +71,7 @@ public class AcsController {
 
     //
     @Scheduled(cron = "0 */10 * * * ?") // 每10分钟执行
+    @PostMapping("/getMachineList")
     public void scheduledTask() throws UnsupportedEncodingException, InterruptedException {
         acsService.searchEvents(adminUserService, studentAttendanceService,fileApi);
     }

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/mail/MailTemplateController.java

@@ -273,6 +273,7 @@ public class MailTemplateController {
     @PostMapping("/testTeacher")
     @Operation(summary = "测试发送邮件给导师")
     public void testTeacher() {
+
         // 获取导师
         Set<Long> collegeIdList =  permissionService.getUserListByRoleId(114L);
         List<AdminUserDO> TeacherList = adminUserService.getUserList(collegeIdList);

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/user/UserController.java

@@ -237,12 +237,6 @@ public class UserController {
     @PreAuthorize("@ss.hasPermission('system:user:teacherGetstudentList')")
     public CommonResult<PageResult<UserRespVO>> getUserPageForTeacher(@Valid UserPageReqVO pageReqVO) {
         // 获得用户分页列表
-        Long loginId = SecurityFrameworkUtils.getLoginUserId();
-        Long deptId = SecurityFrameworkUtils.getLoginUserDeptId();
-        Set<Long> roleIds = permissionService.getUserRoleIdListByUserId(loginId);
-        if (roleIds.contains(113L)&&(deptId==null||deptId==0)){
-            return null;
-        }
         PageResult<AdminUserDO> pageResult = userService.getUserPageForTeacher(pageReqVO);
         if (CollUtil.isEmpty(pageResult.getList())) {
             return success(new PageResult<>(pageResult.getTotal()));

yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/user/AdminUserServiceImpl.java

@@ -403,34 +403,19 @@ public class AdminUserServiceImpl implements AdminUserService {
         } else {
             offset = (reqVO.getPageNo() - 1) * reqVO.getPageSize();
         }
+        List<AdminUserDO> result = new ArrayList<>();
+        Long size = 0L;
+        if (roleIds.contains(114L)) {//学院
+            result = userMapper.selectPageForGraduate(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,0);
+            size = userMapper.selectPage1Count(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,0);
+        } else if (roleIds.contains(113L)){//如果是教师,只找导师工作间下的
+            result =  userMapper.selectPageForGraduate(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,1);
+            size =  userMapper.selectPage1Count(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,1);
+        }else if (roleIds.contains(1L)){//管理员
+            result = userMapper.selectPageForGraduate(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,0);
+            size = userMapper.selectPage1Count(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,0);
+        }
 
-        List<AdminUserDO> result =userMapper.selectPageForGraduate(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,0);
-        Long size = userMapper.selectPage1Count(reqVO, getDeptCondition(reqVO.getDeptId()),roleIds,deptId,offset,loginId,0);
-
-        // 遍历结果集，设置 photoIsExist
-//        resultPage.getList().stream().forEach(user -> {
-//            user.setPhotoIsExist(Long.valueOf(user.getPhotoUrl() != null && !user.getPhotoUrl().isEmpty() ? 1 : 0));
-////            user.setIsGraduate(vilidateIsGraduate(user));
-//            if (user.getDeptId()==null||user.getDeptId()==0L){
-//                user.setDeptName("测绘学院");
-//            }
-//            if ("1".equals(user.getUserType()) ||"2".equals(user.getUserType())) {
-//                if (user.getSupervisorId() != null) {
-//                    AdminUserDO supervisorUser = getUser(user.getSupervisorId());
-//                    String supervisor = supervisorUser.getNickname();
-//                    String mobile = supervisorUser.getMobile();
-//                    // 赋值给 对应 字段
-//                    user.setSupervisor(supervisor);
-//                    user.setSupervisorMobile(mobile);
-//                }
-//            }
-//        });
-
-//        if (reqVO.getPhotoIsExist() != null) {//搜索人脸导入
-//            result.setList(result.getList().stream()
-//                    .filter(user -> reqVO.getPhotoIsExist().equals(user.getPhotoIsExist()))
-//                    .collect(Collectors.toList()));
-//        }
         return new PageResult<>(result, size);
     }
 

yudao-module-system/yudao-module-system-biz/src/main/resources/Mapper/user/AdminUserMapper.xml

@@ -80,9 +80,8 @@
             <when test="type == 1">
                 AND a.user_type = 1
                 AND (
-                (
-                a.dept_id = #{deptId}
-                AND a.dept_id != 0
+                ( a.dept_id != 0
+                AND  a.dept_id = #{deptId}
                 AND a.dept_id IS NOT NULL
                 AND a.dept_id != ''
                 )
@@ -182,9 +181,8 @@
             <when test="type == 1">
                 AND a.user_type = 1
                 AND (
-                (
-                a.dept_id = #{deptId}
-                AND a.dept_id != 0
+                ( a.dept_id != 0
+                AND  a.dept_id = #{deptId}
                 AND a.dept_id IS NOT NULL
                 AND a.dept_id != ''
                 )