@ -152,14 +152,21 @@ public class OrgManagerImpl implements OrgManager {
@Override
public JSONObject checkOrgIds ( JSONObject manager , JSONObject params ) {
if ( params . getString ( "org_id" ) ! = null ) {
if ( params . getString ( "org_id s ") = = null ) {
if ( params . getString ( "org_id 2 ") = = null ) {
orgIds ( params , manager ) ;
} else {
params . put ( "org_id" , params . getString ( "org_ids" ) ) ;
params . remove ( "org_ids" ) ;
if ( manager . getInteger ( "org_id" ) ! = null ) {
List < JSONObject > orgs = orgMapper . listOrgAndChild ( manager . getIntValue ( "org_id" ) ) ;
List < Integer > orgIds = orgs . stream ( ) . map ( org - > org . getIntValue ( "org_id" ) ) . collect ( Collectors . toList ( ) ) ;
if ( ! orgIds . contains ( params . getString ( "org_id2" ) ) ) {
throw new ForbiddenException ( "You have no permission to query the org" ) ;
}
}
params . put ( "org_id" , params . getString ( "org_id2" ) ) ;
params . remove ( "org_id2" ) ;
}
} else {
if ( params . getString ( "org_ids" ) = = null ) {
if ( params . getString ( "org_id 2 ") = = null ) {
if ( manager . getIntValue ( "org_id" ) > 0 ) {
List < JSONObject > orgs = orgMapper . listOrgAndChild ( manager . getIntValue ( "org_id" ) ) ;
if ( orgs . size ( ) > 1 ) {
@ -170,8 +177,15 @@ public class OrgManagerImpl implements OrgManager {
}
}
} else {
params . put ( "org_id" , params . getString ( "org_ids" ) ) ;
params . remove ( "org_ids" ) ;
if ( manager . getInteger ( "org_id" ) ! = null ) {
List < JSONObject > orgs = orgMapper . listOrgAndChild ( manager . getIntValue ( "org_id" ) ) ;
List < Integer > orgIds = orgs . stream ( ) . map ( org - > org . getIntValue ( "org_id" ) ) . collect ( Collectors . toList ( ) ) ;
if ( ! orgIds . contains ( params . getString ( "org_id2" ) ) ) {
throw new ForbiddenException ( "You have no permission to query the org" ) ;
}
}
params . put ( "org_id" , params . getString ( "org_id2" ) ) ;
params . remove ( "org_id2" ) ;
}
}
return params ;