From 0a09d4ccc0612ae0be094de10f33b6cb7701f3f5 Mon Sep 17 00:00:00 2001
From: wang <wzh@>
Date: Sun, 12 Apr 2026 10:44:21 +0800
Subject: [PATCH] =?UTF-8?q?fix:=E4=B8=AA=E4=BA=BA=E4=BF=A1=E6=81=AF?=
 =?UTF-8?q?=E6=9B=B4=E6=96=B0=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 yun-admin/pom.xml                             |   8 ++
 .../controller/FirmReportsController.java     |  18 ++-
 .../admin/module/cost/dao/FirmReportsDao.java |  11 +-
 .../cost/service/FirmReportsService.java      |  93 +++++++++---
 .../penalty/service/PenaltyApplyService.java  |  11 +-
 .../service/dao/ServiceApplicationsDao.java   |  12 +-
 .../form/ServiceApplicationsQueryForm.java    |   5 +
 .../service/ServiceApplicationsService.java   | 132 +++++++++++-------
 .../domain/entity/EmployeeEntity.java         |   5 +
 .../system/login/domain/RequestEmployee.java  |   7 +-
 .../system/login/manager/LoginManager.java    |   3 +
 .../sa/admin/util/AdminRequestUtil.java       |  67 +++++++++
 .../mapper/cost/FirmReportsMapper.xml         |  16 ++-
 .../service/ServiceApplicationsMapper.xml     |  69 ++++++++-
 .../base/common/code/UnexpectedErrorCode.java |   2 +-
 .../base/common/enumeration/UserTypeEnum.java |   4 +
 .../resources/mapper/support/FileMapper.xml   |  22 +--
 17 files changed, 387 insertions(+), 98 deletions(-)

diff --git a/yun-admin/pom.xml b/yun-admin/pom.xml
index 65d7123..e961b48 100644
--- a/yun-admin/pom.xml
+++ b/yun-admin/pom.xml
@@ -98,6 +98,14 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>10</source>
+                    <target>10</target>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/controller/FirmReportsController.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/controller/FirmReportsController.java
index a8ea526..fe3a444 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/controller/FirmReportsController.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/controller/FirmReportsController.java
@@ -37,15 +37,14 @@ public class FirmReportsController {
     @Operation(summary = "查询有无填报 @author wzh")
     @GetMapping("/firmReports/query")
     public ResponseDTO<Boolean> query() {
-        //根据当前时间去推理去上一个月的月份和年度，考虑到跨年情况
+        //根据当前时间去推理上一个季度的季度和年度，考虑到跨年情况
         LocalDate now = LocalDate.now();
-        LocalDate previousMonth = now.minusMonths(1);
+        LocalDate previousDate = now.minusMonths(3);
         
-        int previousYear = previousMonth.getYear();
-        int previousMonthValue = previousMonth.getMonthValue();
-
+        int previousYear = previousDate.getYear();
+        int previousQuarter = getQuarterByYearMonth(previousYear, previousDate.getMonthValue());
         
-        return firmReportsService.query(previousMonthValue, previousYear);
+        return firmReportsService.query(previousQuarter, previousYear);
     }
 
     @Operation(summary = "分页查询 @author wzh")
@@ -90,6 +89,13 @@ public class FirmReportsController {
         return firmReportsService.commit(idList);
     }
 
+    //驳回
+    @Operation(summary = "驳回 @author wzh")
+    @PostMapping("/firmReports/reject")
+    public ResponseDTO<String> reject(@RequestBody ValidateList<Integer> idList) {
+        return firmReportsService.reject(idList);
+    }
+
     //查询本年度已经提交的收入和成本
     @Operation(summary = "查询本年度已经提交的收入 @author wzh")
     @PostMapping("/firmReports/income")
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/dao/FirmReportsDao.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/dao/FirmReportsDao.java
index a0ea796..1222c6b 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/dao/FirmReportsDao.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/dao/FirmReportsDao.java
@@ -41,11 +41,18 @@ public interface FirmReportsDao extends BaseMapper<FirmReportsEntity> {
     void commit(ValidateList<Integer> idList);
 
     /**
-     * 根据季度、年度和律所ID查询报表
+     * 批量驳回
+     *
+     * @param idList
+     */
+    void reject(ValidateList<Integer> idList);
+
+    /**
+     * 根据季度、年度和律所 ID 查询报表
      *
      * @param declareQuarter 季度
      * @param declareYear 年度
-     * @param firmId 律所ID
+     * @param firmId 律所 ID
      * @return FirmReportsEntity
      */
     FirmReportsEntity selectList(@Param("declareQuarter") String declareQuarter, 
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/service/FirmReportsService.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/service/FirmReportsService.java
index 72ca834..772b63b 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/service/FirmReportsService.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/service/FirmReportsService.java
@@ -2,7 +2,6 @@ package net.lab1024.sa.admin.module.cost.service;
 
 import java.time.LocalDateTime;
 import java.util.List;
-import java.util.Optional;
 
 import net.lab1024.sa.admin.common.enums.ReviewEnum;
 import net.lab1024.sa.admin.module.cost.dao.FirmReportsDao;
@@ -19,8 +18,6 @@ import net.lab1024.sa.admin.module.system.role.service.RoleEmployeeService;
 import net.lab1024.sa.admin.util.AdminRequestUtil;
 import net.lab1024.sa.admin.util.DateTimeUtil;
 import net.lab1024.sa.base.common.code.UnexpectedErrorCode;
-import net.lab1024.sa.base.common.code.UserErrorCode;
-import net.lab1024.sa.base.common.domain.RequestUser;
 import net.lab1024.sa.base.common.domain.ValidateList;
 import net.lab1024.sa.base.common.enumeration.UserTypeEnum;
 import net.lab1024.sa.base.common.util.SmartBeanUtil;
@@ -62,12 +59,11 @@ public class FirmReportsService {
         // 检查当前用户是否为CEO角色
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
         List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
-        String roleCode = roleIdList.get(0).getRoleCode();
+        String roleCode = AdminRequestUtil.getRoleCode(roleIdList);
 
         if (!UserTypeEnum.Admin.getDesc().equals(roleCode)) {
             // 检查角色类型
-            boolean isCeo = UserTypeEnum.CEO.getDesc().equals(roleCode);
-            if (isCeo) {
+            if (AdminRequestUtil.isAssociationRole(roleIdList)) {
                 // 如果是CEO角色，查询自己的数据和已经提交的数据（审批状态大于等于3的数据）
                 queryForm.setUserId(requestUser.getEmployeeId());
                 queryForm.setIncludeSubmitted(true); // 设置查询参数以包括已提交的数据
@@ -81,9 +77,11 @@ public class FirmReportsService {
 
         PageResult<FirmReportsVO> firmReportsVOPageResult = SmartPageUtil.convert2PageResult(page, list);
         firmReportsVOPageResult.getList().forEach(item -> {
-            if (item.getDeclareQuarter() != null) {
+            if (item.getDeclareQuarter() != null && !item.getDeclareQuarter().isEmpty()) {
                 String quarter = dictService.getDictDataLabelByDictCode("QUARTER", item.getDeclareQuarter());
-                item.setDeclareQuarter(quarter);
+                if (quarter != null && !quarter.isEmpty()) {
+                    item.setDeclareQuarter(quarter);
+                }
             }
             if (item.getFirmId() != null) {
                 item.setFirmName(departmentService.queryByFirmId(item.getFirmId()).getDepartmentName());
@@ -97,8 +95,8 @@ public class FirmReportsService {
      * 添加
      */
     public ResponseDTO<String> add(FirmReportsAddForm addForm) {
-        // 使用lambda表达式和Optional来检查重复数据
-        FirmReportsEntity existing = firmReportsDao.selectList(String.valueOf(addForm.getDeclareMonth()), addForm.getDeclareYear(), addForm.getFirmId());
+        // 使用季度检查重复数据
+        FirmReportsEntity existing = firmReportsDao.selectList(addForm.getDeclareQuarter(), addForm.getDeclareYear(), addForm.getFirmId());
         if (existing != null ) {
             return ResponseDTO.userErrorParam(UnexpectedErrorCode.DATA_EXIST.getMsg());
         }
@@ -117,8 +115,19 @@ public class FirmReportsService {
      *
      */
     public ResponseDTO<String> update(FirmReportsUpdateForm updateForm) {
+        // 检查记录是否存在
+        FirmReportsEntity currentEntity = firmReportsDao.selectById(updateForm.getId());
+        if (currentEntity == null) {
+            return ResponseDTO.userErrorParam("记录不存在");
+        }
+        
+        // 检查状态，只有未提交（0）或待审核（1）的才能修改
+        if (currentEntity.getApprovalStatus() != null && currentEntity.getApprovalStatus() == 3) {
+            return ResponseDTO.userErrorParam("记录已通过，不能修改");
+        }
+        
         // 检查除当前记录外是否还存在相同季度、年度、律所的记录
-        FirmReportsEntity existing = firmReportsDao.selectList(String.valueOf(updateForm.getDeclareMonth()), updateForm.getDeclareYear(), updateForm.getFirmId());
+        FirmReportsEntity existing = firmReportsDao.selectList(updateForm.getDeclareQuarter(), updateForm.getDeclareYear(), updateForm.getFirmId());
         if (existing != null && !existing.getId().equals(updateForm.getId())) {
             return ResponseDTO.userErrorParam(UnexpectedErrorCode.DATA_EXIST.getMsg());
         }
@@ -135,6 +144,14 @@ public class FirmReportsService {
         if (CollectionUtils.isEmpty(idList)){
             return ResponseDTO.ok();
         }
+        
+        // 检查每条记录的状态，只有未提交（0）或待审核（1）的才能删除
+        for (Integer id : idList) {
+            FirmReportsEntity entity = firmReportsDao.selectById(id);
+            if (entity != null && entity.getApprovalStatus() != null && entity.getApprovalStatus() == 3) {
+                return ResponseDTO.userErrorParam("记录已通过，不能删除");
+            }
+        }
 
         firmReportsDao.deleteBatchIds(idList);
         return ResponseDTO.ok();
@@ -147,29 +164,73 @@ public class FirmReportsService {
         if (null == id){
             return ResponseDTO.ok();
         }
+        
+        // 检查记录状态，只有未提交（0）或待审核（1）的才能删除
+        FirmReportsEntity entity = firmReportsDao.selectById(id);
+        if (entity != null && entity.getApprovalStatus() != null && entity.getApprovalStatus() == 3) {
+            return ResponseDTO.userErrorParam("记录已通过，不能删除");
+        }
 
         firmReportsDao.deleteById(id);
         return ResponseDTO.ok();
     }
 
     public ResponseDTO<String> commit(ValidateList<Integer> idList) {
+        if (CollectionUtils.isEmpty(idList)) {
+            return ResponseDTO.ok();
+        }
+        
+        // 检查每条记录的状态，只有未提交（0）或待审核（1）的才能提交
+        for (Integer id : idList) {
+            FirmReportsEntity entity = firmReportsDao.selectById(id);
+            if (entity == null) {
+                return ResponseDTO.userErrorParam("记录不存在");
+            }
+            // 状态为 3（已通过）或 4（拒绝）时，不能重复提交
+            if (entity.getApprovalStatus() != null && (entity.getApprovalStatus() == 3 || entity.getApprovalStatus() == 4)) {
+                return ResponseDTO.userErrorParam("记录已审批，不能重复提交");
+            }
+        }
+        
         firmReportsDao.commit(idList);
         return ResponseDTO.ok();
     }
 
+    /**
+     * 驳回（将已提交的数据驳回为未提交状态）
+     */
+    public ResponseDTO<String> reject(ValidateList<Integer> idList) {
+        if (CollectionUtils.isEmpty(idList)) {
+            return ResponseDTO.ok();
+        }
+        
+        // 检查每条记录的状态，只有已通过（3）的才能驳回
+        for (Integer id : idList) {
+            FirmReportsEntity entity = firmReportsDao.selectById(id);
+            if (entity == null) {
+                return ResponseDTO.userErrorParam("记录不存在");
+            }
+            if (entity.getApprovalStatus() == null || entity.getApprovalStatus() != 3) {
+                return ResponseDTO.userErrorParam("记录未提交，不能驳回");
+            }
+        }
+        
+        firmReportsDao.reject(idList);
+        return ResponseDTO.ok();
+    }
+
     /**
      * 查询当前用户是否可以填报报表
      * @return true-可以填报，false-不可以填报
      */
-    public ResponseDTO<Boolean> query(Integer month, Integer Year) {
+    public ResponseDTO<Boolean> query(Integer quarter, Integer Year) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
         List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
-        String roleCode = roleIdList.get(0).getRoleCode();
 
-        // 只有律所管理员(CTO)可以填报
-        boolean canReport = UserTypeEnum.CTO.getDesc().equals(roleCode);
+        // 只有律所主任或行政可以填报
+        boolean canReport = AdminRequestUtil.isFirmRole(roleIdList);
         if (canReport){
-            canReport = firmReportsDao.query(month, Year, requestUser.getDepartmentId());
+            canReport = firmReportsDao.query(quarter, Year, requestUser.getDepartmentId());
         }
         return ResponseDTO.ok(canReport);
     }
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/penalty/service/PenaltyApplyService.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/penalty/service/PenaltyApplyService.java
index 62fd6a6..d7bc3b3 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/penalty/service/PenaltyApplyService.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/penalty/service/PenaltyApplyService.java
@@ -66,11 +66,12 @@ public class PenaltyApplyService {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
         
         // 安全获取角色代码，避免NPE
-        String roleCode = getUserRoleCode(requestUser);
+        List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
+        String roleCode = AdminRequestUtil.getRoleCode(roleIdList);
         if (!UserTypeEnum.Admin.getDesc().equals(roleCode)) {
-            if (roleCode.equals(UserTypeEnum.CEO.getDesc())) {
+            if (AdminRequestUtil.isAssociationRole(roleIdList)) {
                 queryForm.setUserType(roleCode);
-            } else if (roleCode.equals(UserTypeEnum.CTO.getDesc())) {
+            } else if (AdminRequestUtil.isFirmRole(roleIdList)) {
                 queryForm.setDepartmentId(requestUser.getDepartmentId());
             } else {
                 queryForm.setUserId(requestUser.getUserId());
@@ -105,7 +106,7 @@ public class PenaltyApplyService {
         penaltyApplyEntity.setUserId(userId);
         String roleCode = letterService.getRoleCode();
         //判断类型
-        if (roleCode.equals(UserTypeEnum.CTO.getDesc())){
+        if (roleCode.equals(UserTypeEnum.CTO.getDesc()) || roleCode.equals(UserTypeEnum.STAFF.getDesc())){
             penaltyApplyEntity.setStatus(ReviewEnum.PASS.getValue());
             penaltyApplyEntity.setAuditStatus(ReviewEnum.APPROVAL.getValue());
         }else {
@@ -155,7 +156,7 @@ public class PenaltyApplyService {
         PenaltyApplyEntity penaltyApplyEntity = penaltyApplyDao.selectById(updateForm.getId());
         String roleCode = letterService.getRoleCode();
         //判断类型
-        if (roleCode.equals(UserTypeEnum.CTO.getDesc())){
+        if (roleCode.equals(UserTypeEnum.CTO.getDesc()) || roleCode.equals(UserTypeEnum.STAFF.getDesc())){
             //审核通过,则下一个为律协审核
             if (ReviewEnum.PASS.getValue().equals(updateForm.getAuditStatus())){
                 penaltyApplyEntity.setAuditStatus(ReviewEnum.APPROVAL.getValue());
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/dao/ServiceApplicationsDao.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/dao/ServiceApplicationsDao.java
index 0463618..5846fba 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/dao/ServiceApplicationsDao.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/dao/ServiceApplicationsDao.java
@@ -45,7 +45,7 @@ public interface ServiceApplicationsDao extends BaseMapper<ServiceApplicationsEn
     /**
      * 批量提交律所审核
      */
-    void batchSubmitAsFirm(@Param("idList")List<Long> idList, @Param("firmAuditStatus")Integer firmAuditStatus);
+    void batchSubmitAsFirm(@Param("idList")List<Long> idList, @Param("firmAuditStatus")Integer firmAuditStatus, @Param("userId")Long userId, @Param("submitTime")java.time.LocalDateTime submitTime);
 
     /**
      * 批量提交协会审核
@@ -200,4 +200,14 @@ public interface ServiceApplicationsDao extends BaseMapper<ServiceApplicationsEn
      * 导出活动明细
      */
     List<ServiceApplicationsVO> exportActivityDetail(@Param("queryForm") ServiceApplicationsQueryForm queryForm);
+
+    /**
+     * 查询有成本查看权限律所的未审核数据数量
+     */
+    Long queryNoReviewWithCostFilter();
+
+    /**
+     * 判断律所是否有成本查看权限
+     */
+    Integer countFirmWithCostPermission(@Param("firmId") Long firmId);
 }
\ No newline at end of file
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/domain/form/ServiceApplicationsQueryForm.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/domain/form/ServiceApplicationsQueryForm.java
index e427ba7..4cb1d43 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/domain/form/ServiceApplicationsQueryForm.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/domain/form/ServiceApplicationsQueryForm.java
@@ -189,4 +189,9 @@ public class ServiceApplicationsQueryForm extends PageParam {
 
     @Schema(description = "结束时间")
     private String endTime;
+
+    /**
+     * 是否只查询成本填报律所的数据
+     */
+    private Boolean costReportViewOnly;
 }
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/service/ServiceApplicationsService.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/service/ServiceApplicationsService.java
index c18bdb9..a0d83e8 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/service/ServiceApplicationsService.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/service/service/ServiceApplicationsService.java
@@ -180,18 +180,23 @@ public class ServiceApplicationsService {
         //根据用户角色的查询数据范围来查询数据
         RequestUser requestUser = AdminRequestUtil.getRequestUser();
         List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getUserId());
-        String roleCode = roleIdList.get(0).getRoleCode();
+        String roleCode = AdminRequestUtil.getRoleCode(roleIdList);
         
         // 检查角色类型
-        boolean isAssociationRole = UserTypeEnum.CEO.getDesc().equals(roleCode);
-        boolean isFirmAdminRole = UserTypeEnum.CTO.getDesc().equals(roleCode); // 律所管理员
+        boolean isAssociationRole = AdminRequestUtil.isAssociationRole(roleIdList);
+        boolean isFirmRole = AdminRequestUtil.isFirmRole(roleIdList); // 律所主任或行政
         if (!UserTypeEnum.Admin.getDesc().equals(roleCode)) {
             if (isAssociationRole) {
                 // 协会用户（CEO）：可以看到所有律所提交的数据，但只显示associationAuditStatus为待审核(1)、通过(3)和拒绝(4)的数据和自己创建的数据
                 // CEO作为最高权限用户，不需要限制在特定部门范围内，直接设置includeAssociationReviewed即可
                 queryForm.setIncludeAssociationReviewed(true);
-            } else if (isFirmAdminRole) {
-                // 律所管理员（cto）：能看到自己部门范围内的数据，但只显示firmAuditStatus为待审核、通过和拒绝的数据和自己创建的数据
+                // 检查是否只能查看成本填报律所的数据
+                RequestEmployee requestEmployee = (RequestEmployee) requestUser;
+                if (Boolean.TRUE.equals(requestEmployee.getCostReportViewOnly())) {
+                    queryForm.setCostReportViewOnly(true);
+                }
+            } else if (isFirmRole) {
+                // 律所主任或行政：能看到自己部门范围内的数据，但只显示firmAuditStatus为待审核、通过和拒绝的数据和自己创建的数据
                 Integer oneByRoleId = dataScopeViewService.getOneByRoleId(roleIdList.get(0).getRoleId());
                 // 获取自己部门范围内的数据
                 List<Long> departmentEmployees = new ArrayList<>();
@@ -210,7 +215,7 @@ public class ServiceApplicationsService {
                 }
 
                 queryForm.setEmployeeIdList(departmentEmployees);
-                // 律所管理员可以查看部门内所有已审核数据以及自己创建的有效数据（明确排除未提交的草稿）
+                // 律所主任或行政可以查看部门内所有已审核数据以及自己创建的有效数据（明确排除未提交的草稿）
                 queryForm.setIncludeFirmReviewed(true);
             } else {
                 // 律所普通用户：只能看到自己提交的数据，包括所有firmAuditStatus状态
@@ -612,27 +617,8 @@ public class ServiceApplicationsService {
             return ResponseDTO.ok();
         }
 
-       // RequestUser requestUser = AdminRequestUtil.getRequestUser();
-        // 查询用户角色是律所管理员,则修改律所的审核状态
-        // 如果是ceo则修改协会审核状态
-        // List<RoleVO> roles = roleEmployeeService.getRoleIdList(requestUser.getUserId());
-        // if (roles.isEmpty()) {
-           // return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
-        // }
-
-        // String roleCode = roles.get(0).getRoleCode();
-        
-        // 设置审核时间
-        // String reviewTime = LocalDateTime.now().toString();
-        
-        // 根据不同角色执行不同的提交操作
-        // if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
-            // CEO角色：修改协会审核状态
-            //serviceApplicationsDao.batchSubmitAsAssociation(idList, ReviewEnum.PASS.getValue());
-        // } else {
-            // 其他角色（如律所管理员）：修改律所审核状态
-            serviceApplicationsDao.batchSubmitAsAssociation(idList, ReviewEnum.APPROVAL.getValue());
-        //  }
+        //RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
+        serviceApplicationsDao.batchSubmitAsAssociation(idList, ReviewEnum.APPROVAL.getValue());
         
         return ResponseDTO.ok();
     }
@@ -708,25 +694,33 @@ public class ServiceApplicationsService {
             return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
-        String roleCode = roles.get(0).getRoleCode();
         ServiceApplicationsEntity serviceApplicationsEntity = serviceApplicationsDao.selectById(updateForm.getApplicationId());
 
+        // 权限验证：如果只能查看成本填报律所的数据，需要验证该数据是否属于有成本查看权限的律所
+        if (Boolean.TRUE.equals(requestUser.getCostReportViewOnly())) {
+            if (!isFirmHasCostPermission(serviceApplicationsEntity.getFirmId())) {
+                return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
+            }
+        }
+
         // 根据不同角色执行不同的审核操作
-        if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
+        if (AdminRequestUtil.isAssociationRole(roles)) {
             // CEO角色：修改协会审核状态
             serviceApplicationsEntity.setAssociationAuditStatus(updateForm.getFirmAuditStatus());
             serviceApplicationsEntity.setAssociationAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setAssociationAuditTime(LocalDateTime.now());
             serviceApplicationsEntity.setAssociationAuditOpinion(updateForm.getAssociationAuditOpinion());
-        } else {
+        } else if (AdminRequestUtil.isFirmRole(roles)) {
+            // 律所主任或行政：修改律所审核状态
             if (ReviewEnum.REFUSE.getValue() == updateForm.getAssociationAuditStatus()){
                 serviceApplicationsEntity.setFirmAuditStatus(ReviewEnum.REFUSE.getValue());
             }else {
-                // 其他角色（如律所管理员）：修改律所审核状态
                 serviceApplicationsEntity.setFirmAuditStatus(updateForm.getFirmAuditStatus());
             }
             serviceApplicationsEntity.setFirmAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setFirmAuditTime(LocalDateTime.now());
+        } else {
+            return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
         serviceApplicationsDao.updateById(serviceApplicationsEntity);
@@ -1255,7 +1249,6 @@ public class ServiceApplicationsService {
             return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
-        String roleCode = roles.get(0).getRoleCode();
         String applicationIds = updateForm.getApplicationIds();
         if (applicationIds == null || applicationIds.trim().isEmpty()) {
             return ResponseDTO.ok();
@@ -1268,12 +1261,14 @@ public class ServiceApplicationsService {
         String reviewTime = LocalDateTime.now().toString();
         
         // 根据不同角色执行不同的审核操作
-        if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
+        if (AdminRequestUtil.isAssociationRole(roles)) {
             // CEO角色：修改协会审核状态
             serviceApplicationsDao.batchReviewAsAssociation(fileKeyList, updateForm.getAuditResult(), requestUser.getUserId(), reviewTime);
-        } else {
-            // 其他角色（如律所管理员）：修改律所审核状态
+        } else if (AdminRequestUtil.isFirmRole(roles)) {
+            // 律所主任或行政：修改律所审核状态
             serviceApplicationsDao.batchReviewAsFirm(fileKeyList, updateForm.getAuditResult(), requestUser.getUserId(), reviewTime);
+        } else {
+            return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
         return ResponseDTO.ok();
@@ -1330,7 +1325,16 @@ public class ServiceApplicationsService {
 
     public Long queryNoReview() {
         //查询上个月是否有未审核的数据，注意跨年情况
-        Long departmentId = AdminRequestUtil.getRequestUser().getDepartmentId();
+        RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
+        Long departmentId = requestUser.getDepartmentId();
+        
+        // 检查是否只能查看成本填报律所的数据
+        Boolean costReportViewOnly = requestUser.getCostReportViewOnly();
+        if (Boolean.TRUE.equals(costReportViewOnly)) {
+            // 只统计律所主任或行政有成本查看权限的律所的未审核数据
+            return serviceApplicationsDao.queryNoReviewWithCostFilter();
+        }
+        
         return serviceApplicationsDao.queryNoReview(departmentId);
     }
 
@@ -1341,20 +1345,29 @@ public class ServiceApplicationsService {
         if (roles.isEmpty()) {
             return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
-        String roleCode = roles.get(0).getRoleCode();
         ServiceApplicationsEntity serviceApplicationsEntity = serviceApplicationsDao.selectById(updateForm.getApplicationId());
-        if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
+        
+        // 权限验证：如果只能查看成本填报律所的数据，需要验证该数据是否属于有成本查看权限的律所
+        if (Boolean.TRUE.equals(requestUser.getCostReportViewOnly())) {
+            if (!isFirmHasCostPermission(serviceApplicationsEntity.getFirmId())) {
+                return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
+            }
+        }
+        
+        if (AdminRequestUtil.isAssociationRole(roles)) {
             // CEO角色：修改协会审核状态
             serviceApplicationsEntity.setAssociationAuditStatus(updateForm.getAssociationAuditStatus());
             serviceApplicationsEntity.setAssociationAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setAssociationAuditTime(LocalDateTime.now());
             serviceApplicationsEntity.setAssociationAuditOpinion(updateForm.getAssociationAuditOpinion());
-        } else {
-            // 其他角色（如律所管理员）：修改律所审核状态
+        } else if (AdminRequestUtil.isFirmRole(roles)) {
+            // 律所主任或行政：修改律所审核状态
             serviceApplicationsEntity.setFirmAuditStatus(updateForm.getFirmAuditStatus());
             serviceApplicationsEntity.setFirmAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setFirmAuditTime(LocalDateTime.now());
             serviceApplicationsEntity.setFirmAuditOpinion(updateForm.getFirmAuditOpinion());
+        } else {
+            return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
 
 
@@ -1623,8 +1636,8 @@ public class ServiceApplicationsService {
      */
     private void applyUserPermissionControl(LawyerStatisticsQueryForm queryForm) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
-        if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())){
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
+        if (AdminRequestUtil.isFirmRole(roleList)){
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
     }
@@ -1634,8 +1647,8 @@ public class ServiceApplicationsService {
      */
     private void applyUserPermissionControl(LawyerStatisticsQueryFormPage queryForm) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
-        if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())){
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
+        if (AdminRequestUtil.isFirmRole(roleList)){
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
     }
@@ -1851,11 +1864,11 @@ public class ServiceApplicationsService {
      */
     public void exportLawyer(ServiceLawyerQueryForm queryForm, HttpServletResponse response) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
         
         // 应用权限控制和查询条件
-        if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())){
-            // 律所只能查看自己的部门的数据
+        if (AdminRequestUtil.isFirmRole(roleList)){
+            // 律所主任或行政只能查看自己的部门的数据
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
         // 管理员可以看到所有数据，但仍应尊重用户指定的查询条件
@@ -2125,6 +2138,13 @@ public class ServiceApplicationsService {
      */
     public PageResult<ServiceReportStatisticsVO>  getServiceReportStatistics(ServiceApplicationsQueryForm queryForm) {
         Page<?> page = SmartPageUtil.convert2PageQuery(queryForm);
+        
+        // 添加权限控制：检查是否只能查看成本填报律所的数据
+        RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
+        if (Boolean.TRUE.equals(requestUser.getCostReportViewOnly())) {
+            queryForm.setCostReportViewOnly(true);
+        }
+        
         // 如果没有指定季度，则使用年度范围，否则使用季度范围
         if (queryForm.getQuarter() == null ) {
             // 如果用户指定了年份，则使用指定年份，否则使用当前年份
@@ -2692,14 +2712,14 @@ public class ServiceApplicationsService {
         ServiceApplicationsQueryForm queryForm = new ServiceApplicationsQueryForm();
         // 获取当前登录用户
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
 
         // 根据用户类型应用权限控制
-        if (UserTypeEnum.USER.getDesc().equals(roleList.getRoleCode())) {
+        if (AdminRequestUtil.isLawyerRole(roleList)) {
             // 律师只能看自己
             queryForm.setUserId(requestUser.getUserId());
-        } else if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())) {
-            // 律所管理员看本所
+        } else if (AdminRequestUtil.isFirmRole(roleList)) {
+            // 律所主任或行政看本所
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
         // CEO可以看所有，不需要设置过滤条件
@@ -2762,4 +2782,14 @@ public class ServiceApplicationsService {
                 return "未知";
         }
     }
+
+    /**
+     * 判断律所是否有成本查看权限
+     */
+    private boolean isFirmHasCostPermission(Long firmId) {
+        if (firmId == null) {
+            return false;
+        }
+        return serviceApplicationsDao.countFirmWithCostPermission(firmId) > 0;
+    }
 }
\ No newline at end of file
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/domain/entity/EmployeeEntity.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/domain/entity/EmployeeEntity.java
index c4eee41..6e445fc 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/domain/entity/EmployeeEntity.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/domain/entity/EmployeeEntity.java
@@ -104,4 +104,9 @@ public class EmployeeEntity {
      */
     private Boolean costVisibleFlag;
     private Boolean  penaltyFlag;
+
+    /**
+     * 审批数据是否只能查看成本填报律所
+     */
+    private Boolean costReportViewOnly;
 }
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/RequestEmployee.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/RequestEmployee.java
index b3d1638..76811ae 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/RequestEmployee.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/RequestEmployee.java
@@ -70,7 +70,12 @@ public class RequestEmployee implements RequestUser, Serializable {
      */
     private Boolean costVisibleFlag;
 
-    private  Boolean penaltyFlag;
+    private Boolean penaltyFlag;
+
+    /**
+     * 审批数据是否只能查看成本填报律所
+     */
+    private Boolean costReportViewOnly;
 
     @Override
     public Long getUserId() {
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/manager/LoginManager.java b/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/manager/LoginManager.java
index 9155fbb..0848d15 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/manager/LoginManager.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/manager/LoginManager.java
@@ -83,6 +83,9 @@ public class LoginManager {
         // 基础信息
         RequestEmployee requestEmployee = SmartBeanUtil.copy(employeeEntity, RequestEmployee.class);
         requestEmployee.setUserType(UserTypeEnum.ADMIN_EMPLOYEE);
+        
+        // 手动设置 costReportViewOnly 字段（确保从数据库获取最新值）
+        requestEmployee.setCostReportViewOnly(employeeEntity.getCostReportViewOnly());
 
         // 部门信息
         DepartmentVO department = departmentService.getDepartmentById(employeeEntity.getDepartmentId());
diff --git a/yun-admin/src/main/java/net/lab1024/sa/admin/util/AdminRequestUtil.java b/yun-admin/src/main/java/net/lab1024/sa/admin/util/AdminRequestUtil.java
index caf4850..c6f8c65 100644
--- a/yun-admin/src/main/java/net/lab1024/sa/admin/util/AdminRequestUtil.java
+++ b/yun-admin/src/main/java/net/lab1024/sa/admin/util/AdminRequestUtil.java
@@ -1,9 +1,13 @@
 package net.lab1024.sa.admin.util;
 
 import net.lab1024.sa.admin.module.system.login.domain.RequestEmployee;
+import net.lab1024.sa.admin.module.system.role.domain.vo.RoleVO;
 import net.lab1024.sa.base.common.domain.RequestUser;
+import net.lab1024.sa.base.common.enumeration.UserTypeEnum;
 import net.lab1024.sa.base.common.util.SmartRequestUtil;
 
+import java.util.List;
+
 /**
  * admin 端的请求工具类
  */
@@ -19,5 +23,68 @@ public final class AdminRequestUtil {
         return null == requestUser ? null : requestUser.getUserId();
     }
 
+    /**
+     * 判断是否是协会角色（CEO）
+     */
+    public static boolean isAssociationRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.CEO.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否是律所主任角色（CTO）
+     */
+    public static boolean isFirmDirectorRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.CTO.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否是律所行政角色（STAFF）
+     */
+    public static boolean isFirmStaffRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.STAFF.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否是律所角色（主任或行政）
+     */
+    public static boolean isFirmRole(List<RoleVO> roles) {
+        return isFirmDirectorRole(roles) || isFirmStaffRole(roles);
+    }
+
+    /**
+     * 判断是否是普通律师角色
+     */
+    public static boolean isLawyerRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.USER.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否有服务申报权限（主任有，行政没有）
+     */
+    public static boolean hasServiceApplyPermission(List<RoleVO> roles) {
+        return isFirmDirectorRole(roles) || isLawyerRole(roles) || isAssociationRole(roles);
+    }
+
+    /**
+     * 获取角色code
+     */
+    public static String getRoleCode(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return null;
+        }
+        return roles.get(0).getRoleCode();
+    }
 
 }
diff --git a/yun-admin/src/main/resources/mapper/cost/FirmReportsMapper.xml b/yun-admin/src/main/resources/mapper/cost/FirmReportsMapper.xml
index fcd558a..cd51177 100644
--- a/yun-admin/src/main/resources/mapper/cost/FirmReportsMapper.xml
+++ b/yun-admin/src/main/resources/mapper/cost/FirmReportsMapper.xml
@@ -30,6 +30,16 @@
         </foreach>
     </update>
 
+    <!-- 批量驳回 -->
+    <update id="reject">
+        UPDATE t_firm_reports
+        SET approval_status = 0
+        WHERE id IN
+        <foreach item="item" collection="list" separator="," open="(" close=")" index="">
+            #{item}
+        </foreach>
+    </update>
+
     <!-- 分页查询 -->
     <select id="queryPage" resultType="net.lab1024.sa.admin.module.cost.domain.vo.FirmReportsVO">
         SELECT
@@ -64,12 +74,12 @@
         ORDER BY t_firm_reports.update_time DESC
     </select>
 
-    <!-- 根据季度、年度和律所ID查询报表 -->
+    <!-- 根据季度、年度和律所 ID 查询报表 -->
     <select id="selectList" resultType="net.lab1024.sa.admin.module.cost.domain.entity.FirmReportsEntity">
         SELECT *
         FROM t_firm_reports
         WHERE del_flag = 0
-          AND declare_month = #{declareQuarter}
+          AND declare_quarter = #{declareQuarter}
           AND declare_year = #{declareYear}
           AND firm_id = #{firmId}
         LIMIT 1
@@ -80,7 +90,7 @@
         SELECT 1
         FROM t_firm_reports
         WHERE del_flag = 0 and approval_status = 3
-          AND declare_month = #{currentQuarter}
+          AND declare_quarter = #{currentQuarter}
           AND declare_year = #{currentYear}
           AND firm_id = #{departmentId}
         ) THEN true ELSE false END
diff --git a/yun-admin/src/main/resources/mapper/service/ServiceApplicationsMapper.xml b/yun-admin/src/main/resources/mapper/service/ServiceApplicationsMapper.xml
index 07ef6dd..2145325 100644
--- a/yun-admin/src/main/resources/mapper/service/ServiceApplicationsMapper.xml
+++ b/yun-admin/src/main/resources/mapper/service/ServiceApplicationsMapper.xml
@@ -129,6 +129,18 @@
                 <if test="queryForm.noStatusFilter != null and queryForm.noStatusFilter">
                     <!-- 普通律所用户：不过滤firm_audit_status，可以看到所有状态的数据 -->
                 </if>
+                <!-- 服务申报律所过滤：只查看律所主任或行政有成本查看权限的律所的数据 -->
+                <if test="queryForm.costReportViewOnly != null and queryForm.costReportViewOnly">
+                    AND t_service_applications.firm_id IN (
+                        SELECT DISTINCT e.department_id 
+                        FROM t_employee e
+                        INNER JOIN t_role_employee re ON e.employee_id = re.employee_id
+                        INNER JOIN t_role r ON re.role_id = r.role_id
+                        WHERE (e.deleted_flag = 0 OR e.deleted_flag IS NULL)
+                        AND (r.role_code = 'cto' OR r.role_code = 'staff')
+                        AND e.cost_visible_flag = 1
+                    )
+                </if>
                 <!-- 律所管理员过滤条件：查看部门内已审核数据以及自己创建的所有数据（不包括未提交的草稿） -->
                 <if test="queryForm.includeFirmReviewed != null and queryForm.includeFirmReviewed and (queryForm.firmAuditStatus == null or queryForm.firmAuditStatus == '') and (queryForm.associationAuditStatus == null or queryForm.associationAuditStatus == '')">
                     AND (
@@ -181,7 +193,7 @@
 
     <update id="batchSubmitAsFirm">
         update t_service_applications set
-        association_audit_status = #{firmAuditStatus},
+            firm_audit_status = #{firmAuditStatus},
             firm_audit_user = #{userId},
             firm_audit_time = #{submitTime},
             report_time = NOW()
@@ -193,9 +205,9 @@
 
     <update id="batchSubmitAsAssociation">
         update t_service_applications set 
-            association_audit_status = #{associationAuditStatus},
-            association_audit_time = now()
-        where association_audit_status = 0 and application_id in
+            association_audit_status = #{associationAuditStatus}
+
+        where application_id in
         <foreach collection="idList" open="(" close=")" separator="," item="item">
             #{item}
         </foreach>
@@ -498,6 +510,18 @@
             <if test="queryForm.firmId != null">
               and  d.department_id = #{queryForm.firmId}
             </if>
+            <!-- 成本填报律所过滤：只查看律所主任或行政有成本查看权限的律所的数据 -->
+            <if test="queryForm.costReportViewOnly != null and queryForm.costReportViewOnly">
+                AND d.department_id IN (
+                    SELECT DISTINCT e2.department_id 
+                    FROM t_employee e2
+                    INNER JOIN t_role_employee re ON e2.employee_id = re.employee_id
+                    INNER JOIN t_role r ON re.role_id = r.role_id
+                    WHERE (e2.deleted_flag = 0 OR e2.deleted_flag IS NULL)
+                    AND (r.role_code = 'cto' OR r.role_code = 'staff')
+                    AND e2.cost_visible_flag = 1
+                )
+            </if>
         GROUP BY
         d.department_id,
         d.department_name
@@ -708,6 +732,43 @@
         )
     </select>
 
+    <!-- 查询有成本查看权限律所的未审核数据数量 -->
+    <select id="queryNoReviewWithCostFilter" resultType="java.lang.Long">
+        SELECT COUNT(*) 
+        FROM t_service_applications tsa
+        WHERE tsa.deleted_flag = 0
+        AND tsa.firm_audit_status = 1
+        AND tsa.firm_id IN (
+            SELECT DISTINCT e.department_id 
+            FROM t_employee e
+            INNER JOIN t_role_employee re ON e.employee_id = re.employee_id
+            INNER JOIN t_role r ON re.role_id = r.role_id
+            WHERE (e.deleted_flag = 0 OR e.deleted_flag IS NULL)
+            AND (r.role_code = 'cto' OR r.role_code = 'staff')
+            AND e.cost_visible_flag = 1
+        )
+        AND (
+            -- 上个月的数据（处理跨年情况）
+            (YEAR(tsa.create_time) = YEAR(DATE_SUB(NOW(), INTERVAL 1 MONTH)) 
+             AND MONTH(tsa.create_time) = MONTH(DATE_SUB(NOW(), INTERVAL 1 MONTH)))
+            OR
+            -- 或者是本月但还未到审核截止时间的数据
+            (YEAR(tsa.create_time) = YEAR(NOW()) AND MONTH(tsa.create_time) = MONTH(NOW()))
+        )
+    </select>
+
+    <!-- 判断律所是否有成本查看权限 -->
+    <select id="countFirmWithCostPermission" resultType="java.lang.Integer">
+        SELECT COUNT(1)
+        FROM t_employee e
+        INNER JOIN t_role_employee re ON e.employee_id = re.employee_id
+        INNER JOIN t_role r ON re.role_id = r.role_id
+        WHERE (e.deleted_flag = 0 OR e.deleted_flag IS NULL)
+        AND e.department_id = #{firmId}
+        AND (r.role_code = 'cto' OR r.role_code = 'staff')
+        AND e.cost_visible_flag = 1
+    </select>
+
     <!-- 查询律师列表（分页） -->
     <select id="getLawyerActivityCount" resultType="net.lab1024.sa.admin.module.service.domain.vo.LawyerActivityCountVO">
         SELECT DISTINCT
diff --git a/yun-base/src/main/java/net/lab1024/sa/base/common/code/UnexpectedErrorCode.java b/yun-base/src/main/java/net/lab1024/sa/base/common/code/UnexpectedErrorCode.java
index 009a64b..d9952da 100644
--- a/yun-base/src/main/java/net/lab1024/sa/base/common/code/UnexpectedErrorCode.java
+++ b/yun-base/src/main/java/net/lab1024/sa/base/common/code/UnexpectedErrorCode.java
@@ -21,7 +21,7 @@ public enum UnexpectedErrorCode implements ErrorCode {
     PAY_ORDER_ID_ERROR(20002, "付款单id发生了异常，请联系技术人员排查"),
 
 
-    DATA_EXIST(20003, "当前年度的本月成本填报已存在,请勿重复填报，记得提交哦"),
+    DATA_EXIST(20003, "本年的当前季度成本填报已存在,请勿重复填报，记得提交哦"),
     ;
 
     private final int code;
diff --git a/yun-base/src/main/java/net/lab1024/sa/base/common/enumeration/UserTypeEnum.java b/yun-base/src/main/java/net/lab1024/sa/base/common/enumeration/UserTypeEnum.java
index 3bf2c17..23557c4 100644
--- a/yun-base/src/main/java/net/lab1024/sa/base/common/enumeration/UserTypeEnum.java
+++ b/yun-base/src/main/java/net/lab1024/sa/base/common/enumeration/UserTypeEnum.java
@@ -10,6 +10,10 @@ public enum UserTypeEnum implements BaseEnum {
     USER(4, "user"),
     ls(5, "律师承诺书"),
     lx(6, "律所承诺书"),
+    /**
+     * 律所行政人员
+     */
+    STAFF(7, "staff"),
     /**
      * 管理端 员工用户
      */
diff --git a/yun-base/src/main/resources/mapper/support/FileMapper.xml b/yun-base/src/main/resources/mapper/support/FileMapper.xml
index b53cd64..73bc56d 100644
--- a/yun-base/src/main/resources/mapper/support/FileMapper.xml
+++ b/yun-base/src/main/resources/mapper/support/FileMapper.xml
@@ -48,16 +48,22 @@
 
 
     <select id="selectByFileKeyList" resultType="net.lab1024.sa.base.module.support.file.domain.vo.FileVO">
-        select * from t_file where file_key in
-        <foreach collection="fileKeyList" open="(" close=")" separator="," item="item">
-            #{item}
-        </foreach>
+        select * from t_file where 1=0
+        <if test="fileKeyList != null and fileKeyList.size() > 0">
+            OR file_key in
+            <foreach collection="fileKeyList" open="(" close=")" separator="," item="item">
+                #{item}
+            </foreach>
+        </if>
     </select>
     <select id="selectByFileId" resultType="net.lab1024.sa.base.module.support.file.domain.vo.FileVO">
-        select * from t_file where file_id in
-        <foreach collection="fileKeyList" open="(" close=")" separator="," item="item">
-            #{item}
-        </foreach>
+        select * from t_file where 1=0
+        <if test="fileKeyList != null and fileKeyList.size() > 0">
+            OR file_id in
+            <foreach collection="fileKeyList" open="(" close=")" separator="," item="item">
+                #{item}
+            </foreach>
+        </if>
     </select>
 
 </mapper>
\ No newline at end of file