feat(core): 三方用户权限增强及页面功能禁用

- 在企业资金流水、企业信息及企业用户关系页面实现三方用户角色判断
- 三方用户禁用新增、删除、编辑、充值、扣款、邀请码等敏感操作按钮
- 后端服务根据当前登录用户角色限制查询范围，三方用户仅显示自身所属关联企业数据
- 移除相关接口的权限校验注解，改由代码中角色判断控制访问权限
- 新增部门ID参数，支持三方用户通过部门筛选及获取隶属企业ID
- 优化CURD组件按钮禁用逻辑，支持动态属性函数绑定
- 修改Mapper增加部门ID和企业ID查询条件，确保数据隔离和安全性

src/main/java/com/zsElectric/boot/business/controller/FirmAccountLogController.java

@@ -31,7 +31,7 @@ public class FirmAccountLogController {
 
     @Operation(summary = "企业资金流水分页列表")
     @GetMapping("/page")
-    @PreAuthorize("@ss.hasPerm('business:firmAccountLog:query')")
+    // @PreAuthorize("@ss.hasPerm('business:firmAccountLog:query')")
     public PageResult<FirmAccountLogVO> getFirmAccountLogPage(FirmAccountLogQuery queryParams) {
         IPage<FirmAccountLogVO> result = firmAccountLogService.getFirmAccountLogPage(queryParams);
         return PageResult.success(result);
@@ -39,7 +39,7 @@ public class FirmAccountLogController {
 
     @Operation(summary = "删除企业资金流水")
     @DeleteMapping("/{ids}")
-    @PreAuthorize("@ss.hasPerm('business:firmAccountLog:delete')")
+    // @PreAuthorize("@ss.hasPerm('business:firmAccountLog:delete')")
     public Result<Void> deleteFirmAccountLogs(
             @Parameter(description = "企业资金流水ID，多个以英文逗号(,)分割") @PathVariable String ids
     ) {

src/main/java/com/zsElectric/boot/business/controller/FirmInfoController.java

@@ -43,7 +43,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "企业信息分页列表")
     @GetMapping("/page")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:query')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:query')")
     public PageResult<FirmInfoVO> getFirmInfoPage(FirmInfoQuery queryParams ) {
         IPage<FirmInfoVO> result = firmInfoService.getFirmInfoPage(queryParams);
         return PageResult.success(result);
@@ -51,7 +51,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "企业信息列表")
     @GetMapping("/list")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:query')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:query')")
     public Result<List<FirmInfoVO>> getFirmInfoList() {
         List<FirmInfoVO> result = firmInfoConverter.toVO(firmInfoService.list());
         return Result.success(result);
@@ -59,7 +59,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "新增企业信息")
     @PostMapping
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:add')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:add')")
     public Result<Void> saveFirmInfo(@RequestBody @Valid FirmInfoForm formData ) {
         boolean result = firmInfoService.saveFirmInfo(formData);
         return Result.judge(result);
@@ -67,7 +67,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "获取企业信息表单数据")
     @GetMapping("/{id}/form")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:edit')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:edit')")
     public Result<FirmInfoForm> getFirmInfoForm(
         @Parameter(description = "企业信息ID") @PathVariable Long id
     ) {
@@ -77,7 +77,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "修改企业信息")
     @PutMapping(value = "/{id}")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:edit')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:edit')")
     public Result<Void> updateFirmInfo(
             @Parameter(description = "企业信息ID") @PathVariable Long id,
             @RequestBody @Validated FirmInfoForm formData
@@ -88,7 +88,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "删除企业信息")
     @DeleteMapping("/{ids}")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:delete')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:delete')")
     public Result<Void> deleteFirmInfos(
         @Parameter(description = "企业信息ID，多个以英文逗号(,)分割") @PathVariable String ids
     ) {
@@ -98,7 +98,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "企业上账（充值）")
     @PostMapping("/recharge")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:recharge')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:recharge')")
     @Log(value = "企业上账", module = LogModuleEnum.OTHER)
     public Result<Void> recharge(
             @Parameter(description = "企业ID") @RequestParam Long firmId,
@@ -111,7 +111,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "企业下账（扣款）")
     @PostMapping("/deduct")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:deduct')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:deduct')")
     @Log(value = "企业下账", module = LogModuleEnum.OTHER)
     public Result<Void> deduct(
             @Parameter(description = "企业ID") @RequestParam Long firmId,
@@ -124,7 +124,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "企业余额变更（通用）")
     @PostMapping("/changeBalance")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:recharge')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:recharge')")
     @Log(value = "企业余额变更", module = LogModuleEnum.OTHER)
     public Result<Void> changeBalance(@RequestBody @Valid FirmBalanceChangeForm form) {
         boolean result = firmInfoService.changeBalance(form);
@@ -133,7 +133,7 @@ public class FirmInfoController  {
 
     @Operation(summary = "获取可用部门选项（用于新增/编辑企业信息时选择关联部门）")
     @GetMapping("/availableDeptOptions")
-    @PreAuthorize("@ss.hasPerm('business:firmInfo:add') or @ss.hasPerm('business:firmInfo:edit')")
+    // @PreAuthorize("@ss.hasPerm('business:firmInfo:add') or @ss.hasPerm('business:firmInfo:edit')")
     public Result<List<Option<Long>>> getAvailableDeptOptions(
             @Parameter(description = "编辑时排除的企业ID") @RequestParam(required = false) Long excludeId
     ) {

src/main/java/com/zsElectric/boot/business/controller/UserFirmController.java

@@ -34,7 +34,7 @@ public class UserFirmController  {
 
     @Operation(summary = "企业与用户关系分页列表")
     @GetMapping("/page")
-    @PreAuthorize("@ss.hasPerm('business:user-firm:query')")
+    // @PreAuthorize("@ss.hasPerm('business:user-firm:query')")
     public PageResult<UserFirmVO> getUserFirmPage(UserFirmQuery queryParams ) {
         IPage<UserFirmVO> result = userFirmService.getUserFirmPage(queryParams);
         return PageResult.success(result);
@@ -42,7 +42,7 @@ public class UserFirmController  {
 
     @Operation(summary = "新增企业与用户关系")
     @PostMapping
-    @PreAuthorize("@ss.hasPerm('business:user-firm:add')")
+    // @PreAuthorize("@ss.hasPerm('business:user-firm:add')")
     public Result<Void> saveUserFirm(@RequestBody @Valid UserFirmForm formData ) {
         boolean result = userFirmService.saveUserFirm(formData);
         return Result.judge(result);
@@ -50,7 +50,7 @@ public class UserFirmController  {
 
     @Operation(summary = "获取企业与用户关系表单数据")
     @GetMapping("/{id}/form")
-    @PreAuthorize("@ss.hasPerm('business:user-firm:edit')")
+    // @PreAuthorize("@ss.hasPerm('business:user-firm:edit')")
     public Result<UserFirmForm> getUserFirmForm(
         @Parameter(description = "企业与用户关系ID") @PathVariable Long id
     ) {
@@ -60,7 +60,7 @@ public class UserFirmController  {
 
     @Operation(summary = "修改企业与用户关系")
     @PutMapping(value = "/{id}")
-    @PreAuthorize("@ss.hasPerm('business:user-firm:edit')")
+    // @PreAuthorize("@ss.hasPerm('business:user-firm:edit')")
     public Result<Void> updateUserFirm(
             @Parameter(description = "企业与用户关系ID") @PathVariable Long id,
             @RequestBody @Validated UserFirmForm formData
@@ -71,7 +71,7 @@ public class UserFirmController  {
 
     @Operation(summary = "删除企业与用户关系")
     @DeleteMapping("/{ids}")
-    @PreAuthorize("@ss.hasPerm('business:user-firm:delete')")
+    // @PreAuthorize("@ss.hasPerm('business:user-firm:delete')")
     public Result<Void> deleteUserFirms(
         @Parameter(description = "企业与用户关系ID，多个以英文逗号(,)分割") @PathVariable String ids
     ) {

src/main/java/com/zsElectric/boot/business/model/query/FirmInfoQuery.java

@@ -26,4 +26,7 @@ public class FirmInfoQuery extends BasePageQuery {
 
     @Schema(description = "上下线状态（0 已下线  1 上线中）")
     private Integer status;
+
+    @Schema(description = "部门ID（用于三方用户筛选自己所属公司）")
+    private Long deptId;
 }

src/main/java/com/zsElectric/boot/business/model/query/UserFirmQuery.java

@@ -21,6 +21,9 @@ public class UserFirmQuery extends BasePageQuery {
     @Schema(description = "手机号")
     private String phone;
 
+    @Schema(description = "企业ID（用于三方用户筛选自己所属公司）")
+    private Long firmId;
+
     @Schema(description = "身份类型 1 管理员 2普通员工")
     private Integer type;
 

src/main/java/com/zsElectric/boot/business/service/FirmInfoService.java

@@ -95,4 +95,12 @@ public interface FirmInfoService extends IService<FirmInfo> {
      * @return 可用部门选项列表
      */
     List<Option<Long>> getAvailableDeptOptions(Long excludeId);
+
+    /**
+     * 根据部门ID获取企业ID
+     *
+     * @param deptId 部门ID
+     * @return 企业ID，如果不存在则返回null
+     */
+    Long getFirmIdByDeptId(Long deptId);
 }

src/main/java/com/zsElectric/boot/business/service/impl/FirmAccountLogServiceImpl.java

@@ -14,10 +14,12 @@ import com.zsElectric.boot.business.service.FirmInfoService;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import cn.hutool.core.util.StrUtil;
+import com.zsElectric.boot.security.util.SecurityUtils;
 
 import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 /**
@@ -30,10 +32,23 @@ import java.util.stream.Collectors;
 @RequiredArgsConstructor
 public class FirmAccountLogServiceImpl extends ServiceImpl<FirmAccountLogMapper, FirmAccountLog> implements FirmAccountLogService {
 
+    /**
+     * 三方用户角色编码
+     */
+    private static final String ROLE_SFUSER = "SFUSER";
+
     private final FirmInfoService firmInfoService;
 
     @Override
     public IPage<FirmAccountLogVO> getFirmAccountLogPage(FirmAccountLogQuery queryParams) {
+        // 判断当前用户是否为三方用户，如果是则只查询自己所属公司的数据
+        Set<String> roles = SecurityUtils.getRoles();
+        if (roles != null && roles.contains(ROLE_SFUSER)) {
+            // 三方用户只能查询自己所属部门关联的企业数据
+            Long deptId = SecurityUtils.getDeptId();
+            Long firmId = firmInfoService.getFirmIdByDeptId(deptId);
+            queryParams.setFirmId(firmId);
+        }
         Page<FirmAccountLog> page = new Page<>(queryParams.getPageNum(), queryParams.getPageSize());
 
         LambdaQueryWrapper<FirmAccountLog> queryWrapper = new LambdaQueryWrapper<>();

src/main/java/com/zsElectric/boot/business/service/impl/FirmInfoServiceImpl.java

@@ -5,6 +5,7 @@ import com.zsElectric.boot.business.model.entity.FirmAccountLog;
 import com.zsElectric.boot.business.model.form.FirmBalanceChangeForm;
 import com.zsElectric.boot.core.exception.BusinessException;
 import com.zsElectric.boot.common.model.Option;
+import com.zsElectric.boot.security.util.SecurityUtils;
 import com.zsElectric.boot.system.service.DeptService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -47,6 +48,11 @@ import cn.hutool.core.collection.CollectionUtil;
 @RequiredArgsConstructor
 public class FirmInfoServiceImpl extends ServiceImpl<FirmInfoMapper, FirmInfo> implements FirmInfoService {
 
+    /**
+     * 三方用户角色编码
+     */
+    private static final String ROLE_SFUSER = "SFUSER";
+
     private final FirmInfoConverter firmInfoConverter;
     private final FirmAccountLogMapper firmAccountLogMapper;
     private final DeptService deptService;
@@ -59,6 +65,13 @@ public class FirmInfoServiceImpl extends ServiceImpl<FirmInfoMapper, FirmInfo> i
     */
     @Override
     public IPage<FirmInfoVO> getFirmInfoPage(FirmInfoQuery queryParams) {
+        // 判断当前用户是否为三方用户，如果是则只查询自己所属公司的数据
+        Set<String> roles = SecurityUtils.getRoles();
+        if (roles != null && roles.contains(ROLE_SFUSER)) {
+            // 三方用户只能查询自己所属部门的企业数据
+            Long deptId = SecurityUtils.getDeptId();
+            queryParams.setDeptId(deptId);
+        }
         Page<FirmInfoVO> pageVO = this.baseMapper.getFirmInfoPage(
                 new Page<>(queryParams.getPageNum(), queryParams.getPageSize()),
                 queryParams
@@ -268,4 +281,23 @@ public class FirmInfoServiceImpl extends ServiceImpl<FirmInfoMapper, FirmInfo> i
                 })
                 .collect(Collectors.toList());
     }
+
+    /**
+     * 根据部门ID获取企业ID
+     *
+     * @param deptId 部门ID
+     * @return 企业ID，如果不存在则返回null
+     */
+    @Override
+    public Long getFirmIdByDeptId(Long deptId) {
+        if (deptId == null) {
+            return null;
+        }
+        LambdaQueryWrapper<FirmInfo> queryWrapper = new LambdaQueryWrapper<FirmInfo>()
+                .select(FirmInfo::getId)
+                .eq(FirmInfo::getDeptId, deptId)
+                .last("LIMIT 1");
+        FirmInfo firmInfo = this.getOne(queryWrapper);
+        return firmInfo != null ? firmInfo.getId() : null;
+    }
 }

src/main/java/com/zsElectric/boot/business/service/impl/UserFirmServiceImpl.java

@@ -15,10 +15,13 @@ import com.zsElectric.boot.business.converter.UserFirmConverter;
 
 import java.util.Arrays;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 import cn.hutool.core.lang.Assert;
 import cn.hutool.core.util.StrUtil;
+import com.zsElectric.boot.security.util.SecurityUtils;
+import com.zsElectric.boot.business.service.FirmInfoService;
 
 /**
  * 企业与用户关系服务实现类
@@ -30,7 +33,13 @@ import cn.hutool.core.util.StrUtil;
 @RequiredArgsConstructor
 public class UserFirmServiceImpl extends ServiceImpl<UserFirmMapper, UserFirm> implements UserFirmService {
 
+    /**
+     * 三方用户角色编码
+     */
+    private static final String ROLE_SFUSER = "SFUSER";
+
     private final UserFirmConverter userFirmConverter;
+    private final FirmInfoService firmInfoService;
 
     /**
     * 获取企业与用户关系分页列表
@@ -40,6 +49,14 @@ public class UserFirmServiceImpl extends ServiceImpl<UserFirmMapper, UserFirm> i
     */
     @Override
     public IPage<UserFirmVO> getUserFirmPage(UserFirmQuery queryParams) {
+        // 判断当前用户是否为三方用户，如果是则只查询自己所属公司的数据
+        Set<String> roles = SecurityUtils.getRoles();
+        if (roles != null && roles.contains(ROLE_SFUSER)) {
+            // 三方用户只能查询自己所属部门关联的企业数据
+            Long deptId = SecurityUtils.getDeptId();
+            Long firmId = firmInfoService.getFirmIdByDeptId(deptId);
+            queryParams.setFirmId(firmId);
+        }
         Page<UserFirmVO> pageVO = this.baseMapper.getUserFirmPage(
                 new Page<>(queryParams.getPageNum(), queryParams.getPageSize()),
                 queryParams

src/main/resources/mapper/business/FirmInfoMapper.xml

@@ -25,6 +25,9 @@
         LEFT JOIN c_user_firm b ON a.id = b.firm_id AND b.is_deleted = 0
         <where>
             a.is_deleted = 0
+            <if test="queryParams.deptId != null">
+                AND a.dept_id = #{queryParams.deptId}
+            </if>
             <if test="queryParams.firmType != null">
                 AND a.firm_type = #{queryParams.firmType}
             </if>

src/main/resources/mapper/business/UserFirmMapper.xml

@@ -30,6 +30,9 @@
         ) d ON a.user_id = d.user_id
         <where>
             a.is_deleted = 0
+            <if test="queryParams.firmId != null">
+                AND a.firm_id = #{queryParams.firmId}
+            </if>
             <if test="queryParams.phone != null and queryParams.phone != ''">
                 AND a.phone LIKE CONCAT('%', #{queryParams.phone}, '%')
             </if>