fix:个人信息更新修改

yun-admin/pom.xml

@@ -98,6 +98,14 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>10</source>
+                    <target>10</target>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 

yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/controller/FirmReportsController.java

@@ -37,15 +37,14 @@ public class FirmReportsController {
     @Operation(summary = "查询有无填报 @author wzh")
     @GetMapping("/firmReports/query")
     public ResponseDTO<Boolean> query() {
-        //根据当前时间去推理去上一个月的月份和年度，考虑到跨年情况
+        //根据当前时间去推理上一个季度的季度和年度，考虑到跨年情况
         LocalDate now = LocalDate.now();
-        LocalDate previousMonth = now.minusMonths(1);
+        LocalDate previousDate = now.minusMonths(3);
         
-        int previousYear = previousMonth.getYear();
+        int previousYear = previousDate.getYear();
-        int previousMonthValue = previousMonth.getMonthValue();
+        int previousQuarter = getQuarterByYearMonth(previousYear, previousDate.getMonthValue());
         
-        
+        return firmReportsService.query(previousQuarter, previousYear);
-        return firmReportsService.query(previousMonthValue, previousYear);
     }
 
     @Operation(summary = "分页查询 @author wzh")
@@ -90,6 +89,13 @@ public class FirmReportsController {
         return firmReportsService.commit(idList);
     }
 
+    //驳回
+    @Operation(summary = "驳回 @author wzh")
+    @PostMapping("/firmReports/reject")
+    public ResponseDTO<String> reject(@RequestBody ValidateList<Integer> idList) {
+        return firmReportsService.reject(idList);
+    }
+
     //查询本年度已经提交的收入和成本
     @Operation(summary = "查询本年度已经提交的收入 @author wzh")
     @PostMapping("/firmReports/income")

yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/dao/FirmReportsDao.java

@@ -40,6 +40,13 @@ public interface FirmReportsDao extends BaseMapper<FirmReportsEntity> {
      */
     void commit(ValidateList<Integer> idList);
 
+    /**
+     * 批量驳回
+     *
+     * @param idList
+     */
+    void reject(ValidateList<Integer> idList);
+
     /**
      * 根据季度、年度和律所 ID 查询报表
      *

yun-admin/src/main/java/net/lab1024/sa/admin/module/cost/service/FirmReportsService.java

@@ -2,7 +2,6 @@ package net.lab1024.sa.admin.module.cost.service;
 
 import java.time.LocalDateTime;
 import java.util.List;
-import java.util.Optional;
 
 import net.lab1024.sa.admin.common.enums.ReviewEnum;
 import net.lab1024.sa.admin.module.cost.dao.FirmReportsDao;
@@ -19,8 +18,6 @@ import net.lab1024.sa.admin.module.system.role.service.RoleEmployeeService;
 import net.lab1024.sa.admin.util.AdminRequestUtil;
 import net.lab1024.sa.admin.util.DateTimeUtil;
 import net.lab1024.sa.base.common.code.UnexpectedErrorCode;
-import net.lab1024.sa.base.common.code.UserErrorCode;
-import net.lab1024.sa.base.common.domain.RequestUser;
 import net.lab1024.sa.base.common.domain.ValidateList;
 import net.lab1024.sa.base.common.enumeration.UserTypeEnum;
 import net.lab1024.sa.base.common.util.SmartBeanUtil;
@@ -62,12 +59,11 @@ public class FirmReportsService {
         // 检查当前用户是否为CEO角色
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
         List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
-        String roleCode = roleIdList.get(0).getRoleCode();
+        String roleCode = AdminRequestUtil.getRoleCode(roleIdList);
 
         if (!UserTypeEnum.Admin.getDesc().equals(roleCode)) {
             // 检查角色类型
-            boolean isCeo = UserTypeEnum.CEO.getDesc().equals(roleCode);
+            if (AdminRequestUtil.isAssociationRole(roleIdList)) {
-            if (isCeo) {
                 // 如果是CEO角色，查询自己的数据和已经提交的数据（审批状态大于等于3的数据）
                 queryForm.setUserId(requestUser.getEmployeeId());
                 queryForm.setIncludeSubmitted(true); // 设置查询参数以包括已提交的数据
@@ -81,10 +77,12 @@ public class FirmReportsService {
 
         PageResult<FirmReportsVO> firmReportsVOPageResult = SmartPageUtil.convert2PageResult(page, list);
         firmReportsVOPageResult.getList().forEach(item -> {
-            if (item.getDeclareQuarter() != null) {
+            if (item.getDeclareQuarter() != null && !item.getDeclareQuarter().isEmpty()) {
                 String quarter = dictService.getDictDataLabelByDictCode("QUARTER", item.getDeclareQuarter());
+                if (quarter != null && !quarter.isEmpty()) {
                     item.setDeclareQuarter(quarter);
                 }
+            }
             if (item.getFirmId() != null) {
                 item.setFirmName(departmentService.queryByFirmId(item.getFirmId()).getDepartmentName());
             }
@@ -97,8 +95,8 @@ public class FirmReportsService {
      * 添加
      */
     public ResponseDTO<String> add(FirmReportsAddForm addForm) {
-        // 使用lambda表达式和Optional来检查重复数据
+        // 使用季度检查重复数据
-        FirmReportsEntity existing = firmReportsDao.selectList(String.valueOf(addForm.getDeclareMonth()), addForm.getDeclareYear(), addForm.getFirmId());
+        FirmReportsEntity existing = firmReportsDao.selectList(addForm.getDeclareQuarter(), addForm.getDeclareYear(), addForm.getFirmId());
         if (existing != null ) {
             return ResponseDTO.userErrorParam(UnexpectedErrorCode.DATA_EXIST.getMsg());
         }
@@ -117,8 +115,19 @@ public class FirmReportsService {
      *
      */
     public ResponseDTO<String> update(FirmReportsUpdateForm updateForm) {
+        // 检查记录是否存在
+        FirmReportsEntity currentEntity = firmReportsDao.selectById(updateForm.getId());
+        if (currentEntity == null) {
+            return ResponseDTO.userErrorParam("记录不存在");
+        }
+        
+        // 检查状态，只有未提交（0）或待审核（1）的才能修改
+        if (currentEntity.getApprovalStatus() != null && currentEntity.getApprovalStatus() == 3) {
+            return ResponseDTO.userErrorParam("记录已通过，不能修改");
+        }
+        
         // 检查除当前记录外是否还存在相同季度、年度、律所的记录
-        FirmReportsEntity existing = firmReportsDao.selectList(String.valueOf(updateForm.getDeclareMonth()), updateForm.getDeclareYear(), updateForm.getFirmId());
+        FirmReportsEntity existing = firmReportsDao.selectList(updateForm.getDeclareQuarter(), updateForm.getDeclareYear(), updateForm.getFirmId());
         if (existing != null && !existing.getId().equals(updateForm.getId())) {
             return ResponseDTO.userErrorParam(UnexpectedErrorCode.DATA_EXIST.getMsg());
         }
@@ -136,6 +145,14 @@ public class FirmReportsService {
             return ResponseDTO.ok();
         }
         
+        // 检查每条记录的状态，只有未提交（0）或待审核（1）的才能删除
+        for (Integer id : idList) {
+            FirmReportsEntity entity = firmReportsDao.selectById(id);
+            if (entity != null && entity.getApprovalStatus() != null && entity.getApprovalStatus() == 3) {
+                return ResponseDTO.userErrorParam("记录已通过，不能删除");
+            }
+        }
+
         firmReportsDao.deleteBatchIds(idList);
         return ResponseDTO.ok();
     }
@@ -148,28 +165,72 @@ public class FirmReportsService {
             return ResponseDTO.ok();
         }
         
+        // 检查记录状态，只有未提交（0）或待审核（1）的才能删除
+        FirmReportsEntity entity = firmReportsDao.selectById(id);
+        if (entity != null && entity.getApprovalStatus() != null && entity.getApprovalStatus() == 3) {
+            return ResponseDTO.userErrorParam("记录已通过，不能删除");
+        }
+
         firmReportsDao.deleteById(id);
         return ResponseDTO.ok();
     }
 
     public ResponseDTO<String> commit(ValidateList<Integer> idList) {
+        if (CollectionUtils.isEmpty(idList)) {
+            return ResponseDTO.ok();
+        }
+        
+        // 检查每条记录的状态，只有未提交（0）或待审核（1）的才能提交
+        for (Integer id : idList) {
+            FirmReportsEntity entity = firmReportsDao.selectById(id);
+            if (entity == null) {
+                return ResponseDTO.userErrorParam("记录不存在");
+            }
+            // 状态为 3（已通过）或 4（拒绝）时，不能重复提交
+            if (entity.getApprovalStatus() != null && (entity.getApprovalStatus() == 3 || entity.getApprovalStatus() == 4)) {
+                return ResponseDTO.userErrorParam("记录已审批，不能重复提交");
+            }
+        }
+        
         firmReportsDao.commit(idList);
         return ResponseDTO.ok();
     }
 
+    /**
+     * 驳回（将已提交的数据驳回为未提交状态）
+     */
+    public ResponseDTO<String> reject(ValidateList<Integer> idList) {
+        if (CollectionUtils.isEmpty(idList)) {
+            return ResponseDTO.ok();
+        }
+        
+        // 检查每条记录的状态，只有已通过（3）的才能驳回
+        for (Integer id : idList) {
+            FirmReportsEntity entity = firmReportsDao.selectById(id);
+            if (entity == null) {
+                return ResponseDTO.userErrorParam("记录不存在");
+            }
+            if (entity.getApprovalStatus() == null || entity.getApprovalStatus() != 3) {
+                return ResponseDTO.userErrorParam("记录未提交，不能驳回");
+            }
+        }
+        
+        firmReportsDao.reject(idList);
+        return ResponseDTO.ok();
+    }
+
     /**
      * 查询当前用户是否可以填报报表
      * @return true-可以填报，false-不可以填报
      */
-    public ResponseDTO<Boolean> query(Integer month, Integer Year) {
+    public ResponseDTO<Boolean> query(Integer quarter, Integer Year) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
         List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
-        String roleCode = roleIdList.get(0).getRoleCode();
 
-        // 只有律所管理员(CTO)可以填报
+        // 只有律所主任或行政可以填报
-        boolean canReport = UserTypeEnum.CTO.getDesc().equals(roleCode);
+        boolean canReport = AdminRequestUtil.isFirmRole(roleIdList);
         if (canReport){
-            canReport = firmReportsDao.query(month, Year, requestUser.getDepartmentId());
+            canReport = firmReportsDao.query(quarter, Year, requestUser.getDepartmentId());
         }
         return ResponseDTO.ok(canReport);
     }

yun-admin/src/main/java/net/lab1024/sa/admin/module/penalty/service/PenaltyApplyService.java

@@ -66,11 +66,12 @@ public class PenaltyApplyService {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
         
         // 安全获取角色代码，避免NPE
-        String roleCode = getUserRoleCode(requestUser);
+        List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
+        String roleCode = AdminRequestUtil.getRoleCode(roleIdList);
         if (!UserTypeEnum.Admin.getDesc().equals(roleCode)) {
-            if (roleCode.equals(UserTypeEnum.CEO.getDesc())) {
+            if (AdminRequestUtil.isAssociationRole(roleIdList)) {
                 queryForm.setUserType(roleCode);
-            } else if (roleCode.equals(UserTypeEnum.CTO.getDesc())) {
+            } else if (AdminRequestUtil.isFirmRole(roleIdList)) {
                 queryForm.setDepartmentId(requestUser.getDepartmentId());
             } else {
                 queryForm.setUserId(requestUser.getUserId());
@@ -105,7 +106,7 @@ public class PenaltyApplyService {
         penaltyApplyEntity.setUserId(userId);
         String roleCode = letterService.getRoleCode();
         //判断类型
-        if (roleCode.equals(UserTypeEnum.CTO.getDesc())){
+        if (roleCode.equals(UserTypeEnum.CTO.getDesc()) || roleCode.equals(UserTypeEnum.STAFF.getDesc())){
             penaltyApplyEntity.setStatus(ReviewEnum.PASS.getValue());
             penaltyApplyEntity.setAuditStatus(ReviewEnum.APPROVAL.getValue());
         }else {
@@ -155,7 +156,7 @@ public class PenaltyApplyService {
         PenaltyApplyEntity penaltyApplyEntity = penaltyApplyDao.selectById(updateForm.getId());
         String roleCode = letterService.getRoleCode();
         //判断类型
-        if (roleCode.equals(UserTypeEnum.CTO.getDesc())){
+        if (roleCode.equals(UserTypeEnum.CTO.getDesc()) || roleCode.equals(UserTypeEnum.STAFF.getDesc())){
             //审核通过,则下一个为律协审核
             if (ReviewEnum.PASS.getValue().equals(updateForm.getAuditStatus())){
                 penaltyApplyEntity.setAuditStatus(ReviewEnum.APPROVAL.getValue());

yun-admin/src/main/java/net/lab1024/sa/admin/module/service/dao/ServiceApplicationsDao.java

@@ -45,7 +45,7 @@ public interface ServiceApplicationsDao extends BaseMapper<ServiceApplicationsEn
     /**
      * 批量提交律所审核
      */
-    void batchSubmitAsFirm(@Param("idList")List<Long> idList, @Param("firmAuditStatus")Integer firmAuditStatus);
+    void batchSubmitAsFirm(@Param("idList")List<Long> idList, @Param("firmAuditStatus")Integer firmAuditStatus, @Param("userId")Long userId, @Param("submitTime")java.time.LocalDateTime submitTime);
 
     /**
      * 批量提交协会审核
@@ -200,4 +200,14 @@ public interface ServiceApplicationsDao extends BaseMapper<ServiceApplicationsEn
      * 导出活动明细
      */
     List<ServiceApplicationsVO> exportActivityDetail(@Param("queryForm") ServiceApplicationsQueryForm queryForm);
+
+    /**
+     * 查询有成本查看权限律所的未审核数据数量
+     */
+    Long queryNoReviewWithCostFilter();
+
+    /**
+     * 判断律所是否有成本查看权限
+     */
+    Integer countFirmWithCostPermission(@Param("firmId") Long firmId);
 }

yun-admin/src/main/java/net/lab1024/sa/admin/module/service/domain/form/ServiceApplicationsQueryForm.java

@@ -189,4 +189,9 @@ public class ServiceApplicationsQueryForm extends PageParam {
 
     @Schema(description = "结束时间")
     private String endTime;
+
+    /**
+     * 是否只查询成本填报律所的数据
+     */
+    private Boolean costReportViewOnly;
 }

yun-admin/src/main/java/net/lab1024/sa/admin/module/service/service/ServiceApplicationsService.java

@@ -180,18 +180,23 @@ public class ServiceApplicationsService {
         //根据用户角色的查询数据范围来查询数据
         RequestUser requestUser = AdminRequestUtil.getRequestUser();
         List<RoleVO> roleIdList = roleEmployeeService.getRoleIdList(requestUser.getUserId());
-        String roleCode = roleIdList.get(0).getRoleCode();
+        String roleCode = AdminRequestUtil.getRoleCode(roleIdList);
         
         // 检查角色类型
-        boolean isAssociationRole = UserTypeEnum.CEO.getDesc().equals(roleCode);
+        boolean isAssociationRole = AdminRequestUtil.isAssociationRole(roleIdList);
-        boolean isFirmAdminRole = UserTypeEnum.CTO.getDesc().equals(roleCode); // 律所管理员
+        boolean isFirmRole = AdminRequestUtil.isFirmRole(roleIdList); // 律所主任或行政
         if (!UserTypeEnum.Admin.getDesc().equals(roleCode)) {
             if (isAssociationRole) {
                 // 协会用户（CEO）：可以看到所有律所提交的数据，但只显示associationAuditStatus为待审核(1)、通过(3)和拒绝(4)的数据和自己创建的数据
                 // CEO作为最高权限用户，不需要限制在特定部门范围内，直接设置includeAssociationReviewed即可
                 queryForm.setIncludeAssociationReviewed(true);
-            } else if (isFirmAdminRole) {
+                // 检查是否只能查看成本填报律所的数据
-                // 律所管理员（cto）：能看到自己部门范围内的数据，但只显示firmAuditStatus为待审核、通过和拒绝的数据和自己创建的数据
+                RequestEmployee requestEmployee = (RequestEmployee) requestUser;
+                if (Boolean.TRUE.equals(requestEmployee.getCostReportViewOnly())) {
+                    queryForm.setCostReportViewOnly(true);
+                }
+            } else if (isFirmRole) {
+                // 律所主任或行政：能看到自己部门范围内的数据，但只显示firmAuditStatus为待审核、通过和拒绝的数据和自己创建的数据
                 Integer oneByRoleId = dataScopeViewService.getOneByRoleId(roleIdList.get(0).getRoleId());
                 // 获取自己部门范围内的数据
                 List<Long> departmentEmployees = new ArrayList<>();
@@ -210,7 +215,7 @@ public class ServiceApplicationsService {
                 }
 
                 queryForm.setEmployeeIdList(departmentEmployees);
-                // 律所管理员可以查看部门内所有已审核数据以及自己创建的有效数据（明确排除未提交的草稿）
+                // 律所主任或行政可以查看部门内所有已审核数据以及自己创建的有效数据（明确排除未提交的草稿）
                 queryForm.setIncludeFirmReviewed(true);
             } else {
                 // 律所普通用户：只能看到自己提交的数据，包括所有firmAuditStatus状态
@@ -612,27 +617,8 @@ public class ServiceApplicationsService {
             return ResponseDTO.ok();
         }
 
-       // RequestUser requestUser = AdminRequestUtil.getRequestUser();
+        //RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        // 查询用户角色是律所管理员,则修改律所的审核状态
-        // 如果是ceo则修改协会审核状态
-        // List<RoleVO> roles = roleEmployeeService.getRoleIdList(requestUser.getUserId());
-        // if (roles.isEmpty()) {
-           // return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
-        // }
-
-        // String roleCode = roles.get(0).getRoleCode();
-        
-        // 设置审核时间
-        // String reviewTime = LocalDateTime.now().toString();
-        
-        // 根据不同角色执行不同的提交操作
-        // if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
-            // CEO角色：修改协会审核状态
-            //serviceApplicationsDao.batchSubmitAsAssociation(idList, ReviewEnum.PASS.getValue());
-        // } else {
-            // 其他角色（如律所管理员）：修改律所审核状态
         serviceApplicationsDao.batchSubmitAsAssociation(idList, ReviewEnum.APPROVAL.getValue());
-        //  }
         
         return ResponseDTO.ok();
     }
@@ -708,25 +694,33 @@ public class ServiceApplicationsService {
             return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
-        String roleCode = roles.get(0).getRoleCode();
         ServiceApplicationsEntity serviceApplicationsEntity = serviceApplicationsDao.selectById(updateForm.getApplicationId());
 
+        // 权限验证：如果只能查看成本填报律所的数据，需要验证该数据是否属于有成本查看权限的律所
+        if (Boolean.TRUE.equals(requestUser.getCostReportViewOnly())) {
+            if (!isFirmHasCostPermission(serviceApplicationsEntity.getFirmId())) {
+                return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
+            }
+        }
+
         // 根据不同角色执行不同的审核操作
-        if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
+        if (AdminRequestUtil.isAssociationRole(roles)) {
             // CEO角色：修改协会审核状态
             serviceApplicationsEntity.setAssociationAuditStatus(updateForm.getFirmAuditStatus());
             serviceApplicationsEntity.setAssociationAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setAssociationAuditTime(LocalDateTime.now());
             serviceApplicationsEntity.setAssociationAuditOpinion(updateForm.getAssociationAuditOpinion());
-        } else {
+        } else if (AdminRequestUtil.isFirmRole(roles)) {
+            // 律所主任或行政：修改律所审核状态
             if (ReviewEnum.REFUSE.getValue() == updateForm.getAssociationAuditStatus()){
                 serviceApplicationsEntity.setFirmAuditStatus(ReviewEnum.REFUSE.getValue());
             }else {
-                // 其他角色（如律所管理员）：修改律所审核状态
                 serviceApplicationsEntity.setFirmAuditStatus(updateForm.getFirmAuditStatus());
             }
             serviceApplicationsEntity.setFirmAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setFirmAuditTime(LocalDateTime.now());
+        } else {
+            return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
         serviceApplicationsDao.updateById(serviceApplicationsEntity);
@@ -1255,7 +1249,6 @@ public class ServiceApplicationsService {
             return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
-        String roleCode = roles.get(0).getRoleCode();
         String applicationIds = updateForm.getApplicationIds();
         if (applicationIds == null || applicationIds.trim().isEmpty()) {
             return ResponseDTO.ok();
@@ -1268,12 +1261,14 @@ public class ServiceApplicationsService {
         String reviewTime = LocalDateTime.now().toString();
         
         // 根据不同角色执行不同的审核操作
-        if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
+        if (AdminRequestUtil.isAssociationRole(roles)) {
             // CEO角色：修改协会审核状态
             serviceApplicationsDao.batchReviewAsAssociation(fileKeyList, updateForm.getAuditResult(), requestUser.getUserId(), reviewTime);
-        } else {
+        } else if (AdminRequestUtil.isFirmRole(roles)) {
-            // 其他角色（如律所管理员）：修改律所审核状态
+            // 律所主任或行政：修改律所审核状态
             serviceApplicationsDao.batchReviewAsFirm(fileKeyList, updateForm.getAuditResult(), requestUser.getUserId(), reviewTime);
+        } else {
+            return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
         
         return ResponseDTO.ok();
@@ -1330,7 +1325,16 @@ public class ServiceApplicationsService {
 
     public Long queryNoReview() {
         //查询上个月是否有未审核的数据，注意跨年情况
-        Long departmentId = AdminRequestUtil.getRequestUser().getDepartmentId();
+        RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
+        Long departmentId = requestUser.getDepartmentId();
+        
+        // 检查是否只能查看成本填报律所的数据
+        Boolean costReportViewOnly = requestUser.getCostReportViewOnly();
+        if (Boolean.TRUE.equals(costReportViewOnly)) {
+            // 只统计律所主任或行政有成本查看权限的律所的未审核数据
+            return serviceApplicationsDao.queryNoReviewWithCostFilter();
+        }
+        
         return serviceApplicationsDao.queryNoReview(departmentId);
     }
 
@@ -1341,20 +1345,29 @@ public class ServiceApplicationsService {
         if (roles.isEmpty()) {
             return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
-        String roleCode = roles.get(0).getRoleCode();
         ServiceApplicationsEntity serviceApplicationsEntity = serviceApplicationsDao.selectById(updateForm.getApplicationId());
-        if (UserTypeEnum.CEO.getDesc().equals(roleCode)) {
+        
+        // 权限验证：如果只能查看成本填报律所的数据，需要验证该数据是否属于有成本查看权限的律所
+        if (Boolean.TRUE.equals(requestUser.getCostReportViewOnly())) {
+            if (!isFirmHasCostPermission(serviceApplicationsEntity.getFirmId())) {
+                return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
+            }
+        }
+        
+        if (AdminRequestUtil.isAssociationRole(roles)) {
             // CEO角色：修改协会审核状态
             serviceApplicationsEntity.setAssociationAuditStatus(updateForm.getAssociationAuditStatus());
             serviceApplicationsEntity.setAssociationAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setAssociationAuditTime(LocalDateTime.now());
             serviceApplicationsEntity.setAssociationAuditOpinion(updateForm.getAssociationAuditOpinion());
-        } else {
+        } else if (AdminRequestUtil.isFirmRole(roles)) {
-            // 其他角色（如律所管理员）：修改律所审核状态
+            // 律所主任或行政：修改律所审核状态
             serviceApplicationsEntity.setFirmAuditStatus(updateForm.getFirmAuditStatus());
             serviceApplicationsEntity.setFirmAuditUser(requestUser.getEmployeeId());
             serviceApplicationsEntity.setFirmAuditTime(LocalDateTime.now());
             serviceApplicationsEntity.setFirmAuditOpinion(updateForm.getFirmAuditOpinion());
+        } else {
+            return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
         }
 
 
@@ -1623,8 +1636,8 @@ public class ServiceApplicationsService {
      */
     private void applyUserPermissionControl(LawyerStatisticsQueryForm queryForm) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
-        if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())){
+        if (AdminRequestUtil.isFirmRole(roleList)){
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
     }
@@ -1634,8 +1647,8 @@ public class ServiceApplicationsService {
      */
     private void applyUserPermissionControl(LawyerStatisticsQueryFormPage queryForm) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
-        if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())){
+        if (AdminRequestUtil.isFirmRole(roleList)){
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
     }
@@ -1851,11 +1864,11 @@ public class ServiceApplicationsService {
      */
     public void exportLawyer(ServiceLawyerQueryForm queryForm, HttpServletResponse response) {
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
         
         // 应用权限控制和查询条件
-        if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())){
+        if (AdminRequestUtil.isFirmRole(roleList)){
-            // 律所只能查看自己的部门的数据
+            // 律所主任或行政只能查看自己的部门的数据
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
         // 管理员可以看到所有数据，但仍应尊重用户指定的查询条件
@@ -2125,6 +2138,13 @@ public class ServiceApplicationsService {
      */
     public PageResult<ServiceReportStatisticsVO>  getServiceReportStatistics(ServiceApplicationsQueryForm queryForm) {
         Page<?> page = SmartPageUtil.convert2PageQuery(queryForm);
+        
+        // 添加权限控制：检查是否只能查看成本填报律所的数据
+        RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
+        if (Boolean.TRUE.equals(requestUser.getCostReportViewOnly())) {
+            queryForm.setCostReportViewOnly(true);
+        }
+        
         // 如果没有指定季度，则使用年度范围，否则使用季度范围
         if (queryForm.getQuarter() == null ) {
             // 如果用户指定了年份，则使用指定年份，否则使用当前年份
@@ -2692,14 +2712,14 @@ public class ServiceApplicationsService {
         ServiceApplicationsQueryForm queryForm = new ServiceApplicationsQueryForm();
         // 获取当前登录用户
         RequestEmployee requestUser = AdminRequestUtil.getRequestUser();
-        RoleVO roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId()).get(0);
+        List<RoleVO> roleList = roleEmployeeService.getRoleIdList(requestUser.getEmployeeId());
 
         // 根据用户类型应用权限控制
-        if (UserTypeEnum.USER.getDesc().equals(roleList.getRoleCode())) {
+        if (AdminRequestUtil.isLawyerRole(roleList)) {
             // 律师只能看自己
             queryForm.setUserId(requestUser.getUserId());
-        } else if (UserTypeEnum.CTO.getDesc().equals(roleList.getRoleCode())) {
+        } else if (AdminRequestUtil.isFirmRole(roleList)) {
-            // 律所管理员看本所
+            // 律所主任或行政看本所
             queryForm.setFirmId(requestUser.getDepartmentId());
         }
         // CEO可以看所有，不需要设置过滤条件
@@ -2762,4 +2782,14 @@ public class ServiceApplicationsService {
                 return "未知";
         }
     }
+
+    /**
+     * 判断律所是否有成本查看权限
+     */
+    private boolean isFirmHasCostPermission(Long firmId) {
+        if (firmId == null) {
+            return false;
+        }
+        return serviceApplicationsDao.countFirmWithCostPermission(firmId) > 0;
+    }
 }

yun-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/domain/entity/EmployeeEntity.java

@@ -104,4 +104,9 @@ public class EmployeeEntity {
      */
     private Boolean costVisibleFlag;
     private Boolean  penaltyFlag;
+
+    /**
+     * 审批数据是否只能查看成本填报律所
+     */
+    private Boolean costReportViewOnly;
 }

yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/RequestEmployee.java

@@ -72,6 +72,11 @@ public class RequestEmployee implements RequestUser, Serializable {
 
     private Boolean penaltyFlag;
 
+    /**
+     * 审批数据是否只能查看成本填报律所
+     */
+    private Boolean costReportViewOnly;
+
     @Override
     public Long getUserId() {
         return employeeId;

yun-admin/src/main/java/net/lab1024/sa/admin/module/system/login/manager/LoginManager.java

@@ -84,6 +84,9 @@ public class LoginManager {
         RequestEmployee requestEmployee = SmartBeanUtil.copy(employeeEntity, RequestEmployee.class);
         requestEmployee.setUserType(UserTypeEnum.ADMIN_EMPLOYEE);
         
+        // 手动设置 costReportViewOnly 字段（确保从数据库获取最新值）
+        requestEmployee.setCostReportViewOnly(employeeEntity.getCostReportViewOnly());
+
         // 部门信息
         DepartmentVO department = departmentService.getDepartmentById(employeeEntity.getDepartmentId());
         requestEmployee.setDepartmentName(null == department ? StringConst.EMPTY : department.getDepartmentName());

yun-admin/src/main/java/net/lab1024/sa/admin/util/AdminRequestUtil.java

@@ -1,9 +1,13 @@
 package net.lab1024.sa.admin.util;
 
 import net.lab1024.sa.admin.module.system.login.domain.RequestEmployee;
+import net.lab1024.sa.admin.module.system.role.domain.vo.RoleVO;
 import net.lab1024.sa.base.common.domain.RequestUser;
+import net.lab1024.sa.base.common.enumeration.UserTypeEnum;
 import net.lab1024.sa.base.common.util.SmartRequestUtil;
 
+import java.util.List;
+
 /**
  * admin 端的请求工具类
  */
@@ -19,5 +23,68 @@ public final class AdminRequestUtil {
         return null == requestUser ? null : requestUser.getUserId();
     }
 
+    /**
+     * 判断是否是协会角色（CEO）
+     */
+    public static boolean isAssociationRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.CEO.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否是律所主任角色（CTO）
+     */
+    public static boolean isFirmDirectorRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.CTO.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否是律所行政角色（STAFF）
+     */
+    public static boolean isFirmStaffRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.STAFF.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否是律所角色（主任或行政）
+     */
+    public static boolean isFirmRole(List<RoleVO> roles) {
+        return isFirmDirectorRole(roles) || isFirmStaffRole(roles);
+    }
+
+    /**
+     * 判断是否是普通律师角色
+     */
+    public static boolean isLawyerRole(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return false;
+        }
+        return UserTypeEnum.USER.getDesc().equals(roles.get(0).getRoleCode());
+    }
+
+    /**
+     * 判断是否有服务申报权限（主任有，行政没有）
+     */
+    public static boolean hasServiceApplyPermission(List<RoleVO> roles) {
+        return isFirmDirectorRole(roles) || isLawyerRole(roles) || isAssociationRole(roles);
+    }
+
+    /**
+     * 获取角色code
+     */
+    public static String getRoleCode(List<RoleVO> roles) {
+        if (roles == null || roles.isEmpty()) {
+            return null;
+        }
+        return roles.get(0).getRoleCode();
+    }
 
 }

yun-admin/src/main/resources/mapper/cost/FirmReportsMapper.xml

@@ -30,6 +30,16 @@
         </foreach>
     </update>
 
+    <!-- 批量驳回 -->
+    <update id="reject">
+        UPDATE t_firm_reports
+        SET approval_status = 0
+        WHERE id IN
+        <foreach item="item" collection="list" separator="," open="(" close=")" index="">
+            #{item}
+        </foreach>
+    </update>
+
     <!-- 分页查询 -->
     <select id="queryPage" resultType="net.lab1024.sa.admin.module.cost.domain.vo.FirmReportsVO">
         SELECT
@@ -69,7 +79,7 @@
         SELECT *
         FROM t_firm_reports
         WHERE del_flag = 0
-          AND declare_month = #{declareQuarter}
+          AND declare_quarter = #{declareQuarter}
           AND declare_year = #{declareYear}
           AND firm_id = #{firmId}
         LIMIT 1
@@ -80,7 +90,7 @@
         SELECT 1
         FROM t_firm_reports
         WHERE del_flag = 0 and approval_status = 3
-          AND declare_month = #{currentQuarter}
+          AND declare_quarter = #{currentQuarter}
           AND declare_year = #{currentYear}
           AND firm_id = #{departmentId}
         ) THEN true ELSE false END

yun-admin/src/main/resources/mapper/service/ServiceApplicationsMapper.xml

@@ -129,6 +129,18 @@
                 <if test="queryForm.noStatusFilter != null and queryForm.noStatusFilter">
                     <!-- 普通律所用户：不过滤firm_audit_status，可以看到所有状态的数据 -->
                 </if>
+                <!-- 服务申报律所过滤：只查看律所主任或行政有成本查看权限的律所的数据 -->
+                <if test="queryForm.costReportViewOnly != null and queryForm.costReportViewOnly">
+                    AND t_service_applications.firm_id IN (
+                        SELECT DISTINCT e.department_id 
+                        FROM t_employee e
+                        INNER JOIN t_role_employee re ON e.employee_id = re.employee_id
+                        INNER JOIN t_role r ON re.role_id = r.role_id
+                        WHERE (e.deleted_flag = 0 OR e.deleted_flag IS NULL)
+                        AND (r.role_code = 'cto' OR r.role_code = 'staff')
+                        AND e.cost_visible_flag = 1
+                    )
+                </if>
                 <!-- 律所管理员过滤条件：查看部门内已审核数据以及自己创建的所有数据（不包括未提交的草稿） -->
                 <if test="queryForm.includeFirmReviewed != null and queryForm.includeFirmReviewed and (queryForm.firmAuditStatus == null or queryForm.firmAuditStatus == '') and (queryForm.associationAuditStatus == null or queryForm.associationAuditStatus == '')">
                     AND (
@@ -181,7 +193,7 @@
 
     <update id="batchSubmitAsFirm">
         update t_service_applications set
-        association_audit_status = #{firmAuditStatus},
+            firm_audit_status = #{firmAuditStatus},
             firm_audit_user = #{userId},
             firm_audit_time = #{submitTime},
             report_time = NOW()
@@ -193,9 +205,9 @@
 
     <update id="batchSubmitAsAssociation">
         update t_service_applications set 
-            association_audit_status = #{associationAuditStatus},
+            association_audit_status = #{associationAuditStatus}
-            association_audit_time = now()
+
-        where association_audit_status = 0 and application_id in
+        where application_id in
         <foreach collection="idList" open="(" close=")" separator="," item="item">
             #{item}
         </foreach>
@@ -498,6 +510,18 @@
             <if test="queryForm.firmId != null">
               and  d.department_id = #{queryForm.firmId}
             </if>
+            <!-- 成本填报律所过滤：只查看律所主任或行政有成本查看权限的律所的数据 -->
+            <if test="queryForm.costReportViewOnly != null and queryForm.costReportViewOnly">
+                AND d.department_id IN (
+                    SELECT DISTINCT e2.department_id 
+                    FROM t_employee e2
+                    INNER JOIN t_role_employee re ON e2.employee_id = re.employee_id
+                    INNER JOIN t_role r ON re.role_id = r.role_id
+                    WHERE (e2.deleted_flag = 0 OR e2.deleted_flag IS NULL)
+                    AND (r.role_code = 'cto' OR r.role_code = 'staff')
+                    AND e2.cost_visible_flag = 1
+                )
+            </if>
         GROUP BY
         d.department_id,
         d.department_name
@@ -708,6 +732,43 @@
         )
     </select>
 
+    <!-- 查询有成本查看权限律所的未审核数据数量 -->
+    <select id="queryNoReviewWithCostFilter" resultType="java.lang.Long">
+        SELECT COUNT(*) 
+        FROM t_service_applications tsa
+        WHERE tsa.deleted_flag = 0
+        AND tsa.firm_audit_status = 1
+        AND tsa.firm_id IN (
+            SELECT DISTINCT e.department_id 
+            FROM t_employee e
+            INNER JOIN t_role_employee re ON e.employee_id = re.employee_id
+            INNER JOIN t_role r ON re.role_id = r.role_id
+            WHERE (e.deleted_flag = 0 OR e.deleted_flag IS NULL)
+            AND (r.role_code = 'cto' OR r.role_code = 'staff')
+            AND e.cost_visible_flag = 1
+        )
+        AND (
+            -- 上个月的数据（处理跨年情况）
+            (YEAR(tsa.create_time) = YEAR(DATE_SUB(NOW(), INTERVAL 1 MONTH)) 
+             AND MONTH(tsa.create_time) = MONTH(DATE_SUB(NOW(), INTERVAL 1 MONTH)))
+            OR
+            -- 或者是本月但还未到审核截止时间的数据
+            (YEAR(tsa.create_time) = YEAR(NOW()) AND MONTH(tsa.create_time) = MONTH(NOW()))
+        )
+    </select>
+
+    <!-- 判断律所是否有成本查看权限 -->
+    <select id="countFirmWithCostPermission" resultType="java.lang.Integer">
+        SELECT COUNT(1)
+        FROM t_employee e
+        INNER JOIN t_role_employee re ON e.employee_id = re.employee_id
+        INNER JOIN t_role r ON re.role_id = r.role_id
+        WHERE (e.deleted_flag = 0 OR e.deleted_flag IS NULL)
+        AND e.department_id = #{firmId}
+        AND (r.role_code = 'cto' OR r.role_code = 'staff')
+        AND e.cost_visible_flag = 1
+    </select>
+
     <!-- 查询律师列表（分页） -->
     <select id="getLawyerActivityCount" resultType="net.lab1024.sa.admin.module.service.domain.vo.LawyerActivityCountVO">
         SELECT DISTINCT

yun-base/src/main/java/net/lab1024/sa/base/common/code/UnexpectedErrorCode.java

@@ -21,7 +21,7 @@ public enum UnexpectedErrorCode implements ErrorCode {
     PAY_ORDER_ID_ERROR(20002, "付款单id发生了异常，请联系技术人员排查"),
 
 
-    DATA_EXIST(20003, "当前年度的本月成本填报已存在,请勿重复填报，记得提交哦"),
+    DATA_EXIST(20003, "本年的当前季度成本填报已存在,请勿重复填报，记得提交哦"),
     ;
 
     private final int code;

yun-base/src/main/java/net/lab1024/sa/base/common/enumeration/UserTypeEnum.java

@@ -10,6 +10,10 @@ public enum UserTypeEnum implements BaseEnum {
     USER(4, "user"),
     ls(5, "律师承诺书"),
     lx(6, "律所承诺书"),
+    /**
+     * 律所行政人员
+     */
+    STAFF(7, "staff"),
     /**
      * 管理端 员工用户
      */

yun-base/src/main/resources/mapper/support/FileMapper.xml

@@ -48,16 +48,22 @@
 
 
     <select id="selectByFileKeyList" resultType="net.lab1024.sa.base.module.support.file.domain.vo.FileVO">
-        select * from t_file where file_key in
+        select * from t_file where 1=0
+        <if test="fileKeyList != null and fileKeyList.size() > 0">
+            OR file_key in
             <foreach collection="fileKeyList" open="(" close=")" separator="," item="item">
                 #{item}
             </foreach>
+        </if>
     </select>
     <select id="selectByFileId" resultType="net.lab1024.sa.base.module.support.file.domain.vo.FileVO">
-        select * from t_file where file_id in
+        select * from t_file where 1=0
+        <if test="fileKeyList != null and fileKeyList.size() > 0">
+            OR file_id in
             <foreach collection="fileKeyList" open="(" close=")" separator="," item="item">
                 #{item}
             </foreach>
+        </if>
     </select>
 
 </mapper>