From df1a2f5fce2549d68a78b341717b52117db4415a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=B5=B5=E4=BA=91?= <赵云@gentronhealth.com> Date: Tue, 12 May 2026 11:10:28 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20Bug=20#441=20?= =?UTF-8?q?=E2=80=94=20=E6=8A=A4=E5=A3=AB=E8=A7=92=E8=89=B2=E6=97=A0?= =?UTF-8?q?=E6=9D=83=E8=AE=BF=E9=97=AE=E5=8D=AB=E7=94=9F=E6=9C=BA=E6=9E=84?= =?UTF-8?q?=E5=88=97=E8=A1=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 将租户Controller中4个只读端点的权限从 system:tenant:operate 降级为 system:tenant:list: - getTenantPage (下拉列表数据源) - getTenantDetail - getTenantUserPage - getUnbindTenantUserList 增删改操作保持 system:tenant:operate 不变。 同步更新 sys_menu 表:menu_id=2048 perms='system:tenant:list' Root cause: 护士角色进入门诊手术安排页时 onMounted 调用 /system/tenant/page,该接口要求 system:tenant:operate 权限,护士角色无此权限导致卫生机构下拉列表为空,后续所有查询均失败。 --- .../controller/system/SysTenantController.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/openhis-server-new/core-admin/src/main/java/com/core/web/controller/system/SysTenantController.java b/openhis-server-new/core-admin/src/main/java/com/core/web/controller/system/SysTenantController.java index 8466e398..71e51b16 100755 --- a/openhis-server-new/core-admin/src/main/java/com/core/web/controller/system/SysTenantController.java +++ b/openhis-server-new/core-admin/src/main/java/com/core/web/controller/system/SysTenantController.java @@ -25,7 +25,7 @@ public class SysTenantController extends BaseController { private ISysTenantService sysTenantService; /** - * 查询租户分页列表 + * 查询租户分页列表(只读操作,不限制租户管理权限) * * @param tenantId 租户ID查询 * @param tenantCode 租户编码模糊查询 @@ -35,7 +35,7 @@ public class SysTenantController extends BaseController { * @param pageSize 每页多少条 * @return 租户分页列表 */ - @PreAuthorize("@ss.hasPermi('system:tenant:operate')") + @PreAuthorize("@ss.hasPermi('system:tenant:list')") @GetMapping("/page") public R> getTenantPage(@RequestParam(required = false) Integer tenantId, @RequestParam(required = false) String tenantCode, @RequestParam(required = false) String tenantName, @@ -45,19 +45,19 @@ public class SysTenantController extends BaseController { } /** - * 查询租户详情 + * 查询租户详情(只读操作) * * @param tenantId 租户ID * @return 租户分页列表 */ - @PreAuthorize("@ss.hasPermi('system:tenant:operate')") + @PreAuthorize("@ss.hasPermi('system:tenant:list')") @GetMapping("/{tenantId}") public R getTenantDetail(@PathVariable Integer tenantId) { return R.ok(sysTenantService.getById(tenantId)); } /** - * 查询租户所属用户分页列表 + * 查询租户所属用户分页列表(只读操作) * * @param tenantId 租户ID查询 * @param userName 用户昵称模糊查询 @@ -67,7 +67,7 @@ public class SysTenantController extends BaseController { * @param pageSize 每页多少条 * @return 租户所属用户分页列表 */ - @PreAuthorize("@ss.hasPermi('system:tenant:operate')") + @PreAuthorize("@ss.hasPermi('system:tenant:list')") @GetMapping("/user/page") public R> getTenantUserPage(@RequestParam(required = false) Integer tenantId, @RequestParam(required = false) String userName, @RequestParam(required = false) String nickName, @@ -141,14 +141,14 @@ public class SysTenantController extends BaseController { } /** - * 查询租户未绑定的用户列表 + * 查询租户未绑定的用户列表(只读操作) * * @param tenantId 租户ID * @param pageNum 当前页 * @param pageSize 每页多少条 * @return 结果 */ - @PreAuthorize("@ss.hasPermi('system:tenant:operate')") + @PreAuthorize("@ss.hasPermi('system:tenant:list')") @GetMapping("/{tenantId}/unbind-users") public R> getUnbindTenantUserList(@PathVariable Integer tenantId, @RequestParam(required = false) String userName, @RequestParam(required = false) String nickName, @@ -194,4 +194,4 @@ public class SysTenantController extends BaseController { public R> getUserBindTenantList(@PathVariable String username) { return sysTenantService.getUserBindTenantList(username); } -} +} \ No newline at end of file