漏洞修复

bonus-modules/bonus-system/src/main/resources/mapper/system/DataScopeMapper.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper
+        PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.bonus.system.mapper.DataScopeMapper">
+    <!-- 数据范围 SQL 片段 -->
+    <sql id="dataScopeFilter">
+        <choose>
+            <when test="missionSource == '1'.toString()">
+                <!-- 全部数据权限，无需额外条件 -->
+            </when>
+            <when test="missionSource == '2'.toString()">
+                AND (d.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in
+                <foreach item="item" index="index" collection="newrole" open="(" separator="," close=")">
+                    #{item}
+                </foreach>
+                ))
+            </when>
+            <when test="missionSource == '3'.toString()">
+                AND d.dept_id = #{newdeptId}
+            </when>
+            <when test="missionSource == '4'.toString()">
+                AND (d.dept_id =  #{newdeptId}  OR d.dept_id IN ( SELECT dept_id FROM sys_role_dept WHERE role_id in
+                <foreach item="item" index="index" collection="newrole" open="(" separator="," close=")">
+                    #{item}
+                </foreach>
+                ))
+
+            </when>
+            <when test="missionSource == '5'.toString()">
+                AND (u.user_id = #{newUserId} )
+            </when>
+        </choose>
+    </sql>
+</mapper>