feat(permission): 实现基于数据规则的权限过滤功能

- 移除旧的权限过滤实现，包括 AppCache、IAppCache 和相关权限服务助手类的导入
- 添加 HRPermissionServiceHelper 数据规则获取功能用于权限范围过滤
- 在多个查询插件中实现统一的数据规则权限过滤机制
- 更新考核评估报表查询插件使用新的权限过滤逻辑
- 优化未调整报表和绩效详情打印报表的权限过滤实现
- 重构考核周期生成和薪资调整操作插件的权限过滤逻辑
- 在子公司负责人服务和任期人员列表插件中集成权限过滤功能
- 使用 RequestContext 获取当前用户ID并应用权限范围限制

code/hr/nckd-jxccl-hr/src/main/java/nckd/jxccl/hr/psms/plugin/form/other/report/KeyBeHavEvalReptQueryPlugin.java

@@ -9,8 +9,6 @@ import kd.bos.context.RequestContext;
 import kd.bos.dataentity.entity.DynamicObject;
 import kd.bos.dataentity.entity.DynamicObjectCollection;
 import kd.bos.dataentity.entity.LocaleString;
-import kd.bos.entity.cache.AppCache;
-import kd.bos.entity.cache.IAppCache;
 import kd.bos.entity.report.AbstractReportColumn;
 import kd.bos.entity.report.AbstractReportListDataPlugin;
 import kd.bos.entity.report.DynamicReportColumnEvent;
@@ -19,10 +17,7 @@ import kd.bos.entity.report.ReportColumn;
 import kd.bos.entity.report.ReportQueryParam;
 import kd.bos.orm.query.QCP;
 import kd.bos.orm.query.QFilter;
-import kd.bos.permission.api.HasPermOrgResult;
 import kd.bos.servicehelper.QueryServiceHelper;
-import kd.bos.servicehelper.parameter.SystemParamServiceHelper;
-import kd.bos.servicehelper.permission.PermissionServiceHelper;
 import kd.hr.hbp.common.model.AuthorizedOrgResultWithSub;
 import kd.hr.hbp.common.model.OrgSubInfo;
 import kd.sdk.hr.hbp.business.helper.permission.HRPermissionServiceHelper;
@@ -85,8 +80,13 @@ public class KeyBeHavEvalReptQueryPlugin extends AbstractReportListDataPlugin im
         // 5. 查询主表数据
         // 处理快速过滤条件
         QFilter qFilter = QFilter.of("1=1");
-        if (authorizedOrgIds != null && !authorizedOrgIds.isEmpty()) {
-            qFilter.and(String.join(".", FormConstant.NCKD_PERSON, FormConstant.HRPI_EMPPOSORGREL, FormConstant.ADMINORG), QCP.in, authorizedOrgIds);
+        //按权限范围过滤
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_psmsfile", PositionStructureConstant.PERSONPOSFILE_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            Object value = dataRule.getValue();
+            qFilter.and(String.join(".",FormConstant.NCKD_PERSON,FormConstant.HRPI_EMPPOSORGREL, FormConstant.ADMINORG), QCP.in, value);
         }
 
         processFastFilter(reportQueryParam, qFilter);
@@ -94,7 +94,7 @@ public class KeyBeHavEvalReptQueryPlugin extends AbstractReportListDataPlugin im
         processFilter(reportQueryParam, qFilter);
 
         DataSet mainTableDataSet = queryMainTableDataSet(qFilter);
-        
+
         // 6. 关联主表和行转列结果
         DataSet finalResultDataSet = joinMainAndPivotData(mainTableDataSet, pivotResultDataSet);
         
@@ -155,7 +155,17 @@ public class KeyBeHavEvalReptQueryPlugin extends AbstractReportListDataPlugin im
      */
     private List<ProjectInfo> getUniqueProjectInfo(List<Long> orgIds) {
         QueryFieldBuilder resultFieldBuilder = createResultFieldBuilder();
-        QFilter filter = createOrgFilter(orgIds);
+//        QFilter filter = createOrgFilter(orgIds);
+
+        QFilter filter = QFilter.of("1=1");
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_psmsfile", PositionStructureConstant.PERSONPOSFILE_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            Object value = dataRule.getValue();
+            filter.and(String.join(".",PositionStructureConstant.NCKD_KEYBEHAVCONFENTRY,"nckd_keybehavconf",FormConstant.NCKD_ORG, FormConstant.ID_KEY), QCP.in, value);
+            filter.and(String.join(".",FormConstant.NCKD_PERSON,FormConstant.HRPI_EMPPOSORGREL, FormConstant.ADMINORG), QCP.in, value);
+        }
         DynamicObjectCollection keyBeHavEvalProjRslt = QueryServiceHelper.query(
                 PositionStructureConstant.KEYBEHAVEVALPROJRSLT_ENTITYID, 
                 resultFieldBuilder.buildSelect(), 
@@ -198,7 +208,15 @@ public class KeyBeHavEvalReptQueryPlugin extends AbstractReportListDataPlugin im
      */
     private DataSet queryKeyBeHavEvalProjRsltDataSet(List<Long> orgIds) {
         QueryFieldBuilder resultFieldBuilder = createResultFieldBuilder();
-        QFilter filter = createOrgFilter(orgIds);
+//        QFilter filter = createOrgFilter(orgIds);
+        QFilter filter = QFilter.of("1=1");
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_psmsfile", PositionStructureConstant.PERSONPOSFILE_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            Object value = dataRule.getValue();
+            filter.and("nckd_person.hrpi_empposorgrel.adminorg",QCP.in, value);
+        }
         return QueryServiceHelper.queryDataSet(this.getClass().getName(),
                 PositionStructureConstant.KEYBEHAVEVALPROJRSLT_ENTITYID, 
                 resultFieldBuilder.buildSelect(), 

code/hr/nckd-jxccl-hr/src/main/java/nckd/jxccl/hr/psms/plugin/report/adjust/UnAdjustedReportReportListDataPlugin.java

@@ -2,6 +2,7 @@ package nckd.jxccl.hr.psms.plugin.report.adjust;
 
 import kd.bos.algo.DataSet;
 import kd.bos.common.enums.EnableEnum;
+import kd.bos.context.RequestContext;
 import kd.bos.entity.report.AbstractReportListDataPlugin;
 import kd.bos.entity.report.FastFilter;
 import kd.bos.entity.report.FilterItemInfo;
@@ -10,11 +11,14 @@ import kd.bos.orm.ORMHint;
 import kd.bos.orm.query.QCP;
 import kd.bos.orm.query.QFilter;
 import kd.bos.servicehelper.QueryServiceHelper;
+import kd.bos.servicehelper.model.PermissionStatus;
+import kd.sdk.hr.hbp.business.helper.permission.HRPermissionServiceHelper;
 import nckd.jxccl.base.common.constant.FormConstant;
 import nckd.jxccl.base.common.utils.ConvertUtil;
 import nckd.jxccl.base.common.utils.QueryFieldBuilder;
 import nckd.jxccl.hr.psms.common.PositionStructureConstant;
 
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.StringJoiner;
@@ -39,6 +43,13 @@ public class UnAdjustedReportReportListDataPlugin extends AbstractReportListData
 
         //其他过滤条件
         processFilter(reportQueryParam, qFilter);
+        //权限过滤
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_psmsfile", "unadjustquery",
+                PermissionStatus.View, new HashMap<>());
+        if(dataRule != null){
+            qFilter.and(dataRule);
+        }
 
 
         // 执行基础查询

code/opmc/nckd-jxccl-opmc/src/main/java/nckd/jxccl/opmc/pm/plugin/form/print/PrintPerfDetailReportListDataPlugin.java

@@ -6,6 +6,7 @@ import kd.bos.algo.GroupbyDataSet;
 import kd.bos.algo.JoinType;
 import kd.bos.algo.Row;
 import kd.bos.common.enums.EnableEnum;
+import kd.bos.context.RequestContext;
 import kd.bos.dataentity.entity.LocaleString;
 import kd.bos.entity.EntityMetadataCache;
 import kd.bos.entity.QueryEntityType;
@@ -22,9 +23,11 @@ import kd.bos.mvc.list.ListDataProvider;
 import kd.bos.orm.query.QCP;
 import kd.bos.orm.query.QFilter;
 import kd.bos.servicehelper.QueryServiceHelper;
+import kd.bos.servicehelper.model.PermissionStatus;
 import kd.fi.frm.mservice.algo.DistinctConcatAggFunction;
 import kd.hr.hbp.business.servicehelper.HRQueryEntityHelper;
 import kd.hr.hbp.common.cache.HRPageCache;
+import kd.sdk.hr.hbp.business.helper.permission.HRPermissionServiceHelper;
 import kd.sdk.plugin.Plugin;
 import nckd.jxccl.base.common.algo.DistinctConcatFunction;
 import nckd.jxccl.base.common.algo.GroupMaxStrFunction;
@@ -36,6 +39,7 @@ import nckd.jxccl.opmc.pm.common.PerfManagerFormConstant;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.util.Date;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -83,6 +87,13 @@ public class PrintPerfDetailReportListDataPlugin extends AbstractReportListDataP
 
         //其他过滤条件
         processFilter(reportQueryParam, qFilter);
+        //权限过滤
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_pm", PerfManagerFormConstant.PERFMANAGER_ENTITYID,
+                PermissionStatus.View, new HashMap<>());
+        if(dataRule != null){
+            qFilter.and(dataRule);
+        }
 
         // 执行基础查询
         QueryEntityType queryEntityType = (QueryEntityType) EntityMetadataCache.getDataEntityType("printperfquery");

code/opmc/nckd-jxccl-opmc/src/main/java/nckd/jxccl/opmc/pm/plugin/operate/cycle/CycleGenerateOpPlugin.java

@@ -22,6 +22,7 @@ import kd.bos.logging.Log;
 import kd.bos.logging.LogFactory;
 import kd.bos.orm.query.QCP;
 import kd.bos.orm.query.QFilter;
+import kd.bos.servicehelper.model.PermissionStatus;
 import kd.bos.servicehelper.operation.OperationServiceHelper;
 import kd.hr.hbp.business.servicehelper.HRQueryEntityHelper;
 import kd.hr.hbp.common.model.AuthorizedOrgResultWithSub;
@@ -184,21 +185,13 @@ public class CycleGenerateOpPlugin extends AbstractOperationServicePlugIn implem
         }else{
             return personPerfInfoMap;
         }*/
-        // 只处理权限范围内的人员
-        AuthorizedOrgResultWithSub userAdminOrgWithSub = HRPermissionServiceHelper.getUserAdminOrgsWithSub(
-                currUserId, "nckd_pm", PerfManagerFormConstant.PERFMANAGER_ENTITYID,
-                PermItemConst.ITEM_VIEW, "hrpi_empposorgrel.adminorg", new HashMap<>());
 
-        if (!userAdminOrgWithSub.isHasAllOrgPerm()) {
-            List<Long> orgIds = extractOrgIds(userAdminOrgWithSub.getHasPermOrgsWithSub());
-            newHireFilter.and(String.join( ".",FormConstant.ADMINORG,FormConstant.ID_KEY), QCP.in, orgIds);
-        }
 
 
         DynamicObjectCollection newHirePersonList = queryNewHirePersons(newHireFilter);
 
         // 构建考核周期查询条件
-        QFilter perfManagerFilter = buildPerfManagerFilter(userAdminOrgWithSub);
+        QFilter perfManagerFilter = buildPerfManagerFilter();
         QueryFieldBuilder perfManagerQueryFieldBuilder = buildPerfManagerQueryFieldBuilder();
         QueryEntityType perfManagerQueryEntityType = (QueryEntityType) EntityMetadataCache.getDataEntityTypeNoCache("nckd_perfmanager_query");
 
@@ -208,7 +201,6 @@ public class CycleGenerateOpPlugin extends AbstractOperationServicePlugIn implem
             DataSet perfManagerQueryDataSet = HRQueryEntityHelper.getInstance().getQueryDataSet(
                     perfManagerQueryEntityType, perfManagerQueryFieldBuilder.buildSelectLowerCase(),
                     new QFilter[]{perfManagerFilter}, perfManagerQueryFieldBuilder.buildOrder());
-            perfManagerQueryDataSet.print(true);
 
             // 收集所有人员ID
             collectPersonIds(personIds, perfManagerQueryDataSet.copy());
@@ -245,12 +237,21 @@ public class CycleGenerateOpPlugin extends AbstractOperationServicePlugIn implem
      * 构建新入职员工查询条件
      */
     private static QFilter buildNewHireFilter(LocalDateTime lastBegin, LocalDateTime lastEnd) {
-        return new QFilter(String.join(".", FormConstant.HRPI_EMPENTREL, FormConstant.ENTRYDATE), QCP.large_equals, lastBegin)
+        QFilter filter = new QFilter(String.join(".", FormConstant.HRPI_EMPENTREL, FormConstant.ENTRYDATE), QCP.large_equals, lastBegin)
                 .and(String.join(".", FormConstant.HRPI_EMPENTREL, FormConstant.ENTRYDATE), QCP.less_equals, lastEnd)
                 .and(String.join(".", FormConstant.HRPI_EMPENTREL, FormConstant.LABOR_REL_STATUS, FormConstant.IS_HIRED),
                         QCP.equals, EnableEnum.YES.getCode())
                 //岗位绩效工资制
-                .and(String.join(".",FormConstant.POSITION_KEY,FormConstant.NCKD_PAYSTDPLAN, FormConstant.NUMBER_KEY),QCP.equals,FormConstant.POST_PERF_WAGE_SYS);
+                .and(String.join(".", FormConstant.POSITION_KEY, FormConstant.NCKD_PAYSTDPLAN, FormConstant.NUMBER_KEY), QCP.equals, FormConstant.POST_PERF_WAGE_SYS);
+        //数据范围过滤（考评周期有什么权限那么就能生成什么范围的人员）
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_pm",  PerfManagerFormConstant.PERFMANAGER_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            Object value = dataRule.getValue();
+            filter.and(FormConstant.ADMINORG,QCP.in, value);
+        }
+        return filter;
 
     }
 
@@ -278,11 +279,14 @@ public class CycleGenerateOpPlugin extends AbstractOperationServicePlugIn implem
     /**
      * 构建考核周期查询条件
      */
-    private static QFilter buildPerfManagerFilter(AuthorizedOrgResultWithSub userAdminOrgWithSub) {
+    private static QFilter buildPerfManagerFilter() {
         QFilter perfManagerFilter = QFilter.of("1=1");
-        if (!userAdminOrgWithSub.isHasAllOrgPerm()) {
-            List<Long> orgIds = extractOrgIds(userAdminOrgWithSub.getHasPermOrgsWithSub());
-            perfManagerFilter.and(String.join(".", FormConstant.HRPI_EMPPOSORGREL, FormConstant.ADMINORG), QCP.in, orgIds);
+        // 只处理权限范围内的人员
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_pm",  PerfManagerFormConstant.PERFMANAGER_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            perfManagerFilter.and(dataRule);
         }
 //        perfManagerFilter.and(String.join(".", FormConstant.HRPI_EMPPOSORGREL, FormConstant.IS_SEQLATESTRECORD), QCP.equals,EnableEnum.YES.getCode());
         //岗位绩效工资制

code/opmc/nckd-jxccl-opmc/src/main/java/nckd/jxccl/opmc/pm/plugin/operate/salary/SalaryAdjOpPlugin.java

@@ -96,12 +96,9 @@ public class SalaryAdjOpPlugin extends AbstractOperationServicePlugIn implements
 
         Long currUserId = RequestContext.get().getCurrUserId();
         DynamicObject currUser = UserServiceHelper.getUserInfoByID(currUserId, FormConstant.ID_KEY);
-        // 只处理权限范围内的人员
-        AuthorizedOrgResultWithSub userAdminOrgWithSub = HRPermissionServiceHelper.getUserAdminOrgsWithSub(
-                currUserId, "nckd_pm", PerfManagerFormConstant.PERFMANAGER_ENTITYID,
-                PermItemConst.ITEM_VIEW, "hrpi_empposorgrel.adminorg", new HashMap<>());
+
         // 构建考核周期查询条件
-        QFilter perfManagerFilter = buildPerfManagerFilter(userAdminOrgWithSub);
+        QFilter perfManagerFilter = buildPerfManagerFilter();
         perfManagerFilter.and(PerfManagerFormConstant.NCKD_SALARYADJUSTGENFLAG,QCP.not_equals,EnableEnum.YES.getCode());
         QueryFieldBuilder perfManagerQueryFieldBuilder = buildPerfManagerQueryFieldBuilder();
         DynamicObjectCollection perfManagerList = QueryServiceHelper.query(PerfManagerFormConstant.PERFMANAGER_ENTITYID, perfManagerQueryFieldBuilder.buildSelect(), new QFilter[]{perfManagerFilter});
@@ -657,11 +654,14 @@ public class SalaryAdjOpPlugin extends AbstractOperationServicePlugIn implements
     /**
      * 构建考核周期查询条件
      */
-    private static QFilter buildPerfManagerFilter(AuthorizedOrgResultWithSub userAdminOrgWithSub) {
+    private static QFilter buildPerfManagerFilter() {
         QFilter perfManagerFilter = QFilter.of("1=1");
-        if (!userAdminOrgWithSub.isHasAllOrgPerm()) {
-            List<Long> orgIds = extractOrgIds(userAdminOrgWithSub.getHasPermOrgsWithSub());
-            perfManagerFilter.and(String.join(".", FormConstant.NCKD_EMPPOSORGREL, FormConstant.ADMINORG), QCP.in, orgIds);
+        // 只处理权限范围内的人员
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_pm",  PerfManagerFormConstant.PERFMANAGER_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            perfManagerFilter.and(dataRule);
         }
         perfManagerFilter.and(PerfManagerFormConstant.NCKD_THESTATUS, QCP.equals, EnableEnum.YES.getCode());
         return perfManagerFilter;

code/swc/nckd-jxccl-swc/src/main/java/nckd/jxccl/swc/mas/plugin/form/empmgt/SubCoHeadServiceListPlugin.java

@@ -136,16 +136,18 @@ public class SubCoHeadServiceListPlugin extends AbstractListPlugin implements Pl
         Date startOfYear = DateUtil.toDate(DateUtil.beginOfYear(now));
         Date endOfYear = DateUtil.toDate(DateUtil.endOfYear(now));
 
-        // 只处理权限范围内的人员
-        Long currUserId = RequestContext.get().getCurrUserId();
-        AuthorizedOrgResultWithSub userAdminOrgWithSub = HRPermissionServiceHelper.getUserAdminOrgsWithSub(
-                currUserId, "nckd_pm", MasConstant.SUBCOHEADSERVICE_ENTITYID,
-                PermItemConst.ITEM_VIEW, "nckd_employee.hsbs_empposorgrel.adminorg", new HashMap<>());
         QueryFieldBuilder subCoHeadServiceFieldBuilder = QueryFieldBuilder.create()
                 .addIdNumberName(MasConstant.NCKD_EMPLOYEE);
         //查询当年已生成子企业负责人任职情况的人员
         QFilter subCoHeadServiceFilter = new QFilter(MasConstant.NCKD_YEAR, QCP.large_equals, startOfYear)
                 .and(MasConstant.NCKD_YEAR, QCP.less_equals, endOfYear);
+        // 只处理权限范围内的人员
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_mas", MasConstant.SUBCOHEADSERVICE_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            subCoHeadServiceFilter.and(dataRule);
+        }
         DynamicObjectCollection subCoHeadServiceFilterQuery = QueryServiceHelper.query(MasConstant.SUBCOHEADSERVICE_ENTITYID, subCoHeadServiceFieldBuilder.buildSelect(), new QFilter[]{subCoHeadServiceFilter});
         List<Long> employeeIds = subCoHeadServiceFilterQuery.stream()
                 .map(dynamicObject -> dynamicObject.getLong(String.join(".", MasConstant.NCKD_EMPLOYEE, FormConstant.ID_KEY)))

code/swc/nckd-jxccl-swc/src/main/java/nckd/jxccl/swc/mas/plugin/form/empmgt/TenurePersonListListPlugin.java

@@ -99,15 +99,17 @@ public class TenurePersonListListPlugin extends AbstractListPlugin implements Pl
         Date startOfYear = DateUtil.toDate(DateUtil.beginOfYear(now));
         Date endOfYear = DateUtil.toDate(DateUtil.endOfYear(now));
 
-        // 只处理权限范围内的人员
-        Long currUserId = RequestContext.get().getCurrUserId();
-        AuthorizedOrgResultWithSub userAdminOrgWithSub = HRPermissionServiceHelper.getUserAdminOrgsWithSub(
-                currUserId, "nckd_pm", MasConstant.SUBCOHEADSERVICE_ENTITYID,
-                PermItemConst.ITEM_VIEW, "nckd_employee.hsbs_empposorgrel.adminorg", new HashMap<>());
         QueryFieldBuilder subCoHeadServiceFieldBuilder = QueryFieldBuilder.create()
                 .addIdNumberName(MasConstant.NCKD_EMPLOYEE);
         //查询任期区间已生成的人员
         QFilter tenurePersonListFilterFilter = new QFilter(MasConstant.NCKD_TERM, QCP.equals, term.getLong(FormConstant.ID_KEY));
+        // 只处理权限范围内的人员
+        QFilter dataRule = HRPermissionServiceHelper.getDataRule(
+                RequestContext.get().getCurrUserId(), "nckd_mas", MasConstant.TENUREPERSONLIST_ENTITYID,
+                PermItemConst.ITEM_VIEW, new HashMap<>());
+        if (dataRule != null) {
+            tenurePersonListFilterFilter.and(dataRule);
+        }
         DynamicObjectCollection tenurePersonListFilterQuery = QueryServiceHelper.query(MasConstant.TENUREPERSONLIST_ENTITYID, subCoHeadServiceFieldBuilder.buildSelect(), new QFilter[]{tenurePersonListFilterFilter});
         List<Long> employeeIds = tenurePersonListFilterQuery.stream()
                 .map(dynamicObject -> dynamicObject.getLong(String.join(".", MasConstant.NCKD_EMPLOYEE, FormConstant.ID_KEY)))