权限模块，修改

xueyi-api/xueyi-api-modules-auth/src/main/java/com/xueyi/modules/auth/api/domain/vo/IntentionReqDto.java

@@ -13,7 +13,7 @@ import javax.validation.constraints.NotNull;
 public class IntentionReqDto {
     @NotNull(message = "staffId不能为空")
     private String staffId;
-    @NotNull(message = "staffType不能为空")
+
     private String staffType;
     @NotNull(message = "skillCode不能为空")
     private String skillCode;

xueyi-modules/xueyi-system/src/main/java/com/xueyi/system/digitalmans/controller/DmSkillController.java

@@ -1,6 +1,7 @@
 package com.xueyi.system.digitalmans.controller;
 
 import com.xueyi.common.core.context.SecurityContextHolder;
+import com.xueyi.common.core.utils.core.StrUtil;
 import com.xueyi.common.core.web.result.AjaxResult;
 import com.xueyi.common.core.web.result.R;
 import com.xueyi.common.core.web.validate.V_A;
@@ -13,6 +14,7 @@ import com.xueyi.common.web.entity.controller.BaseController;
 import com.xueyi.modules.auth.api.domain.vo.IntentionReqDto;
 import com.xueyi.system.api.digitalmans.domain.dto.DmSkillDto;
 import com.xueyi.system.api.digitalmans.domain.po.DmSkillPo;
+import com.xueyi.system.api.staff.domain.po.DmStaffPo;
 import com.xueyi.system.digitalmans.domain.dto.DmCustomMadeDto;
 import com.xueyi.system.digitalmans.domain.dto.DmDigitalmanDto;
 import com.xueyi.system.digitalmans.domain.dto.DmDigitalmanExtDto;
@@ -22,6 +24,7 @@ import com.xueyi.system.digitalmans.domain.query.DmSkillQuery;
 import com.xueyi.system.digitalmans.service.IDmDigitalmanExtService;
 import com.xueyi.system.digitalmans.service.IDmDigitalmanService;
 import com.xueyi.system.digitalmans.service.IDmSkillService;
+import com.xueyi.system.staff.mapper.DmStaffMapper;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
@@ -96,6 +99,9 @@ public class DmSkillController extends BaseController<DmSkillQuery, DmSkillDto,
         //return success(dmStaffService.selectStaffListByTimestamp(deviceVo));
     }
 
+    @Autowired
+    private DmStaffMapper staffMapper;
+
     @InnerAuth
     @PostMapping("/inner/auth")
     public AjaxResult skillAuth(@Valid @RequestBody IntentionReqDto intentionReqDto) {
@@ -106,8 +112,17 @@ public class DmSkillController extends BaseController<DmSkillQuery, DmSkillDto,
         }
 
         String auth = dto.getAuth();
+        DmStaffPo staffPo = staffMapper.selectById(intentionReqDto.getStaffId());
 
-        if (StringUtils.isNotEmpty(auth) && (auth.equals(intentionReqDto.getStaffType()) || auth.startsWith(intentionReqDto.getStaffType()+",") || auth.indexOf(","+intentionReqDto.getStaffType()+",")!=-1 || auth.endsWith(","+intentionReqDto.getStaffType()))){
+        if (staffPo == null) {
+            return AjaxResult.error("指定ID的员工不存在");
+        }
+
+        String type =  intentionReqDto.getStaffType();
+        if (StrUtil.isNotEmpty(type)) {
+            type = staffPo.getUserType();
+        }
+        if (StringUtils.isNotEmpty(auth) && (auth.equals(type) || auth.startsWith(type+",") || auth.indexOf(","+type+",")!=-1 || auth.endsWith(","+type))){
             return AjaxResult.success(dto);
         } else {
             return AjaxResult.error("权限不足");