fix: 防止越权提交

src/main/java/com/qs/serve/modules/vtb/service/impl/VtbVerificationBatchServiceImpl.java

@@ -105,7 +105,11 @@ public class VtbVerificationBatchServiceImpl extends ServiceImpl<VtbVerification
         redisService.throwResLock(VtbVerificationBatch.class.getSimpleName(),submitBo.getCostApplyId()+"");
         // 校验核销状态
         VerificationUtil.verifyCostState(costApply);
-
+        if(!costApply.getCreateBy().equals(sysUser.getId())
+                &&costApply.getExtUserId()!=null
+                &&!costApply.getExtUserId().equals(sysUser.getId())){
+            Assert.throwEx("越权提交被拦截了");
+        }
         boolean contractFlag = costApply.getContractFlag()!=null&&costApply.getContractFlag().equals(1);
         if(contractFlag){
             Assert.throwEx("协议类申请请移至OA核销");

src/main/java/com/qs/serve/modules/vtb/service/impl/VtbVerificationServiceImpl.java

@@ -699,6 +699,11 @@ public class VtbVerificationServiceImpl extends ServiceImpl<VtbVerificationMappe
         TbsCostApply costApply = costApplyService.getById(activity.getCostApplyId());
         SysUser sysUser = sysUserService.getById(AuthContextUtils.getSysUserId());
         BmsSupplier supplier = bmsSupplierService.getById(activity.getSupplierId());
+        if(!costApply.getCreateBy().equals(sysUser.getId())
+                &&costApply.getExtUserId()!=null
+                &&!costApply.getExtUserId().equals(sysUser.getId())){
+            Assert.throwEx("越权提交被拦截了");
+        }
         sysUser.checkSyAccount();
         redisService.throwResLock(VtbVerification.class.getSimpleName(),activity.getId()+"");
         //自定义成本中心核销