fix:用户只能查阅自己拥有的品种权限

controller/sandbox/sandbox.go

@@ -35,7 +35,7 @@ func List(c *gin.Context) {
 	userInfo := user.GetInfoByClaims(c)
 
 	//权限验证
-	checkOk, permissionCheckInfo, tempErr := company.CheckUserSandboxPermission(userInfo.CompanyID, int(userInfo.UserID), 0)
+	checkOk, companyPermissionIdList, permissionCheckInfo, tempErr := company.CheckUserSandboxPermission(userInfo.CompanyID, int(userInfo.UserID), 0)
 	if tempErr != nil {
 		response.FailMsg("沙盘权限验证失败", "沙盘权限验证失败："+tempErr.Error(), c)
 		c.Abort()
@@ -48,7 +48,7 @@ func List(c *gin.Context) {
 	}
 
 	//获取指标信息
-	total, list, err, errMsg := sandboxLogic.GetList(chartPermissionId, keyword, page, pageSize)
+	total, list, err, errMsg := sandboxLogic.GetList(chartPermissionId, companyPermissionIdList, keyword, page, pageSize)
 	if err != nil {
 		response.FailMsg(errMsg, err.Error(), c)
 		return
@@ -84,7 +84,7 @@ func Detail(c *gin.Context) {
 		return
 	}
 	//权限验证
-	checkOk, permissionCheckInfo, tempErr := company.CheckUserSandboxPermission(userInfo.CompanyID, int(userInfo.UserID), int(sandboxInfo.ChartPermissionID))
+	checkOk, _, permissionCheckInfo, tempErr := company.CheckUserSandboxPermission(userInfo.CompanyID, int(userInfo.UserID), int(sandboxInfo.ChartPermissionID))
 	if tempErr != nil {
 		response.FailMsg("沙盘权限验证失败", "沙盘权限验证失败："+tempErr.Error(), c)
 		c.Abort()

logic/sandbox/sandbox.go

@@ -18,7 +18,7 @@ type SandboxItem struct {
 }
 
 // GetList 获取沙盘列表数据
-func GetList(chartPermissionId int, keyword string, page, pageSize int) (total int64, list []SandboxItem, err error, errMsg string) {
+func GetList(chartPermissionId int, companyPermissionIdList []int, keyword string, page, pageSize int) (total int64, list []SandboxItem, err error, errMsg string) {
 	errMsg = `获取失败`
 	var condition string
 	var pars []interface{}
@@ -26,6 +26,12 @@ func GetList(chartPermissionId int, keyword string, page, pageSize int) (total i
 	condition = ` is_delete = ? `
 	pars = append(pars, 0)
 
+	// 客户拥有的品种权限
+	if len(companyPermissionIdList) > 0 {
+		condition += " AND chart_permission_id in (?) "
+		pars = append(pars, companyPermissionIdList)
+	}
+
 	if chartPermissionId > 0 {
 		condition += " AND chart_permission_id=? "
 		pars = append(pars, chartPermissionId)
@@ -36,6 +42,8 @@ func GetList(chartPermissionId int, keyword string, page, pageSize int) (total i
 		condition += ` AND  ( name LIKE '%` + keyword + `%' )`
 	}
 
+	//todo 获取用户的品种权限，需要做筛选
+
 	//获取指标信息
 	tmpTotal, tmpList, tmpErr := sandboxModel.GetPageListByWhere(condition, pars, (page-1)*pageSize, pageSize)
 	if tmpErr != nil {

services/company/permission.go

@@ -765,7 +765,7 @@ func GetHomeFiccPermissions(user user.UserInfo) (ret response.PermissionFiccResp
 }
 
 // CheckUserSandboxPermission 验证用户/联系人的沙盘权限
-func CheckUserSandboxPermission(companyId int64, userId, permissionId int) (ok bool, permissionCheckInfo ChartPermissionCheckInfo, err error) {
+func CheckUserSandboxPermission(companyId int64, userId, permissionId int) (ok bool, companyPermissionIdList []int, permissionCheckInfo ChartPermissionCheckInfo, err error) {
 	defer func() {
 		// 如果无权限，那么就去查询是否申请过
 		if ok == false && permissionCheckInfo.Type == CheckTypeApply {
@@ -861,11 +861,15 @@ func CheckUserSandboxPermission(companyId int64, userId, permissionId int) (ok b
 			err = tmpErr
 			return
 		}
+
+		//客户品种权限赋值
+		for _, chartPermission := range companyPermissionList {
+			companyPermissionIdList = append(companyPermissionIdList, chartPermission.ChartPermissionID)
+		}
 		if permissionId > 0 {
 			for _, chartPermission := range companyPermissionList {
 				if chartPermission.ChartPermissionID == permissionId {
 					ok = true
-					continue
 				}
 			}
 		} else {