[MODIFY]提测bug修改，多接口增加数据权限控制

src/1.datas/ATS.NonCustodial.Domain/Entities/Admins/App_Unitcode.cs

@@ -65,10 +65,6 @@ namespace ATS.NonCustodial.Domain.Entities.Admins
         [MaxLength(StringLengthConstants.StringLength255)]
         public string? UnitIsReferToAs { get; set; }
 
-        /// <summary>
+       
-        /// 查询界限
-        /// </summary>
-        [MaxLength(StringLengthConstants.StringLength2048)]
-        public string? limits { get; set; }
     }
 }

src/2.services/ATS.NonCustodial.Application/Impl/Admins/AuthService.cs

@@ -414,7 +414,7 @@ namespace ATS.NonCustodial.Application.Impl.Admins
             if (user == null) return string.Empty;
 
             var roles = (await _userService.IsAdmin(user.Id)).Roles.Select(w => w.Id).ToList();
-            string limits = _appUnitRepository.AsQueryable(false, true).Where(a => a.Id == user.UnitId).Select(a => a.limits).FirstOrDefault();
+            string limits = _appUnitRepository.AsQueryable(false, true).Where(a => a.Id == user.UnitId).Select(a => a.Limits).FirstOrDefault();
             TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
             var timeLogin = Convert.ToInt64(ts.TotalMilliseconds).ToString();
             var token = LazyGetRequiredService<IUserToken>().Create(new[]

src/2.services/ATS.NonCustodial.Application/Impl/Business/AppBusinessApplicationService.cs

@@ -301,7 +301,15 @@ namespace ATS.NonCustodial.Application.Impl.Business
         [HttpGet]
         public async Task<IResultOutput> BusAppBusinessWorkbench()
         {
-            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Select(w => w.AppCaseManagement.Id).ToListAsync();
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Where(w => w.AppCaseManagement != null && caseIdList.Contains(w.AppCaseManagement.Id)).Select(w => w.AppCaseManagement.Id).ToListAsync();
+
+       
 
             var dataList = await _appBusinessApplicationRepository.AsQueryable(false, true)
                 .Where(w => caseIds.Contains(w.CaseId))

src/2.services/ATS.NonCustodial.Application/Impl/Business/AppEarlyWarningService.cs

@@ -390,7 +390,15 @@ namespace ATS.NonCustodial.Application.Impl.Business
         /// <returns></returns>
         public async Task<IResultOutput> EarlyWarningBusinessWorkbench()
         { 
-            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Select(w => w.AppCaseManagement.Id).ToListAsync();
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Where(w=> w.AppCaseManagement!=null&&caseIdList.Contains(w.AppCaseManagement.Id)).Select(w => w.AppCaseManagement.Id).ToListAsync();
+
+
             var dataList = await _appEarlyWarningRepository.AsQueryable(false, true)
                 .Where(w => caseIds.Contains(w.CaseId))
                 .OrderByDescending(w => w.CreatedTime)

src/2.services/ATS.NonCustodial.Application/Impl/Business/AppManagementService.cs

@@ -1196,9 +1196,17 @@ namespace ATS.NonCustodial.Application.Impl.Business
         /// <returns></returns>
         private async Task<List<SupervisedPersonListOutput>> GetCaseListDetail(string? name)
         {
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+
             var data = (await base.GetCurrentUserCaseListAsync())
-                .Where(W => W.AppCaseManagement.CaseProgress != CaseProgressEnum.Closed)
+                .Where(W => W.AppCaseManagement!=null&& W.AppCaseManagement.CaseProgress != CaseProgressEnum.Closed && caseIdList.Contains(W.AppCaseManagement.Id))
-                .Where(W => W.AppCaseSupervisedPerson != null)
+                .Where(W => W.AppCaseSupervisedPerson != null&& caseIdList.Contains(W.AppCaseSupervisedPerson.CaseId))
+                .Where(W=>W.AppCaseSupervisor!=null && caseIdList.Contains(W.AppCaseSupervisor.CaseId))
                 .WhereIf(name.NotNull(), w => w.AppCaseSupervisedPerson.SupervisedPersonName!.Contains(name))
                 .Select(w => new
                 {

src/2.services/ATS.NonCustodial.Application/Impl/Business/CaseManagements/AppCaseManagementService.cs

@@ -31,6 +31,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using SixLabors.ImageSharp;
+using System.Linq;
 using Yitter.IdGenerator;
 
 
@@ -145,9 +146,11 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
             var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
                 .Where(w => limits.Contains(w.UnitId.ToString()))
                 .ToListAsync();
-            input.CaseIds = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
 
             var express = await GetExpression(input, _appCaseManagementRepository.AsQueryable(false, true));
+            // 先应用案件ID过滤条件
+            express = express.Where(w => caseIdList.Contains(w.Id));
 
             var rtn = await base.GetPageAsync<AppCaseManagement, AppCaseManagementGetPageInput, AppCaseManagementListDto>(input, express);
 
@@ -239,8 +242,18 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
         [HttpPost]
         public async Task<IResultOutput> caseStatistics()
         {
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+
             //获取案件信息
             var express = await base.GetCurrentUserCaseListAsync();
+            express = express.Where(w =>w.AppCaseManagement!=null && caseIdList.Contains(w.AppCaseManagement.Id)&& w.AppCaseSupervisedPerson != null && caseIdList.Contains(w.AppCaseSupervisedPerson.CaseId)&& w.AppCaseSupervisor != null && caseIdList.Contains(w.AppCaseSupervisor.CaseId));
+
+
             //案件信息Id
             var caseIds = await express.Select(w => w.AppCaseManagement.Id).ToListAsync();
             //监管人数
@@ -266,9 +279,16 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
         [HttpPost]
         public async Task<IResultOutput> casetypeStatistics()
         {
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+
             var diclist = new List<dynamic>();
             //获取当前用户能看到的数据Id
-            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Select(w => w.AppCaseManagement.Id).ToListAsync();
+            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Where(w=>w.AppCaseManagement!=null&& caseIdList.Contains(w.AppCaseManagement.Id)).Select(w => w.AppCaseManagement.Id).ToListAsync();
             //获取案件信息
             var express = await _appCaseManagementRepository.AsQueryable(false, true).Where(q => caseIds.Contains(q.Id)).ToListAsync();
             var otherexpress = express;
@@ -947,10 +967,11 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
             var caseIds = selectLimits.Select(w => w.CaseId).Distinct().ToList();
 
             var data = await _appCaseManagementRepository.AsQueryable(false, true)
+                .Where(w => caseIds.Contains(w.Id))
                 .WhereIf(input.KeyWord.NotNull(), a => a.Name.Contains(input.KeyWord))
                 .WhereIf(input.TimeSearch.BeginTime.Length == 2, w => w.CreatedTime > input.TimeSearch.BeginTime[0] && w.CreatedTime < input.TimeSearch.BeginTime[1].AddDays(1))
                 .WhereIf(input.TimeSearch.EndTime.Length == 2, w => w.CaseClosedTime > input.TimeSearch.EndTime[0] && w.CaseClosedTime < input.TimeSearch.EndTime[1].AddDays(1))
-                .WhereIf(input.ajtype.NotNull(), w => w.CaseTypeId == input.ajtype.ToLong()).Where(w => caseIds.Contains(w.Id))
+                .WhereIf(input.ajtype.NotNull(), w => w.CaseTypeId == input.ajtype.ToLong())
                 .ToListAsync();
 
             var dataGroup = data.GroupBy(w => w.CaseTypeId);
@@ -1112,7 +1133,15 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
         /// <returns></returns>
         public async Task<IResultOutput> ImBusinessWorkbench()
         {
-            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Select(w => w.AppCaseManagement.Id).ToListAsync();
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+            var caseIds = await (await base.GetCurrentUserCaseListAsync()).Where(w => w.AppCaseManagement != null && caseIdList.Contains(w.AppCaseManagement.Id)).Select(w => w.AppCaseManagement.Id).ToListAsync();
+
+        
 
             var imManagementList = await (from cm in _appCaseManagementRepository.AsQueryable(false, true)
                         .Where(w => w.CaseProgress != CaseProgressEnum.Closed && caseIds.Contains(w.Id))
@@ -1139,11 +1168,18 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
         /// <returns></returns>
         public async Task<IResultOutput> CaseBusinessWorkbench()
         { 
+            //获取当前用户权限下的案件ids
+            var limits = User.limits;
+            var selectLimits = await _appCaseSupervisorRepository.AsQueryable(false, true)
+                .Where(w => limits.Contains(w.UnitId.ToString()))
+                .ToListAsync();
+            var caseIdList = selectLimits.Select(w => w.CaseId).Distinct().ToList();
+
             var dataDict = await _appDictionaryService.GetListNoApiAsync(null);
             var caseList = (await (await base.GetCurrentUserCaseListAsync()).ToListAsync())
-                .Where(w => w.AppCaseManagement.CaseProgress != CaseProgressEnum.Closed)
+                .Where(w => w.AppCaseManagement!=null && w.AppCaseManagement.CaseProgress != CaseProgressEnum.Closed && caseIdList.Contains(w.AppCaseManagement.Id)
+                &&w.AppCaseSupervisedPerson!=null && caseIdList.Contains(w.AppCaseSupervisedPerson.CaseId)&&w.AppCaseSupervisor !=null && caseIdList.Contains(w.AppCaseSupervisor.CaseId))
                 .OrderByDescending(w => w.AppCaseSupervisedPerson?.CreatedTime)
-                .Where(w => w.AppCaseSupervisedPerson != null)
                 .Skip(0)
                 .Take(5)
                 .Select(caseAgg =>
@@ -1457,6 +1493,8 @@ namespace ATS.NonCustodial.Application.Impl.Business.CaseManagements
         /// <returns></returns>
         public async Task<List<long>> GetUserIdListByCurrentUser()
         {
+            var limits = User.limits;
+
             var data = await (await base.GetCurrentUserCaseListAsync()).ToListAsync();
 
             var userList = new List<long>();