修复漏洞

futian.liu

2023-12-06 d04ef5fbd075d8d16bfe167ac032534490d83dc2

修复漏洞

 consum-base/src/main/java/com/consum/base/controller/UsingFormBackController.java

@@ -1,6 +1,13 @@
package com.consum.base.controller;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import com.consum.base.BaseController;
import com.consum.base.core.utils.CommonUtil;
import com.consum.base.core.utils.PageUtil;
import com.consum.base.pojo.query.UsingFormBackQry;
import com.consum.base.pojo.request.UsingFormBackParam;
@@ -8,14 +15,9 @@
import com.consum.base.service.UsingFormBackService;
import com.consum.model.po.FinSysTenantUser;
import com.walker.web.ResponseValue;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author asus
@@ -31,23 +33,30 @@
    @Autowired
    private UsingFormBackService usingFormBackService;


    @ApiOperation(value = "部门物品退回单新增接口", notes = "部门物品退回单新增接口")
    @PostMapping("/add")
    public ResponseValue add(@RequestBody UsingFormBackParam usingFormBackParam) {
    public ResponseValue add() {
        UsingFormBackParam usingFormBackParam = CommonUtil.getObjFromReqBody(UsingFormBackParam.class);
        UsingFormBackParam param2 = new UsingFormBackParam();
        CommonUtil.copyProperties(usingFormBackParam, param2);
        usingFormBackParam = param2;

        FinSysTenantUser sysInfo = getSysInfo();
        if (sysInfo == null) {
            return ResponseValue.error("请先登录");
        }
        usingFormBackService.add(usingFormBackParam, sysInfo,this.getCurrentUser());
        usingFormBackService.add(usingFormBackParam, sysInfo, this.getCurrentUser());
        return ResponseValue.success();
    }


    @ApiOperation(value = "部门物品退回单查询接口", notes = "部门物品退回单查询接口")
    @GetMapping("/list")
    public ResponseValue query(UsingFormBackQry usingFormBackParam) {
    public ResponseValue query() {
        UsingFormBackQry usingFormBackParam = CommonUtil.getObjFromReq(UsingFormBackQry.class);
        UsingFormBackQry param2 = new UsingFormBackQry();
        CommonUtil.copyProperties(usingFormBackParam, param2);
        usingFormBackParam = param2;

        FinSysTenantUser sysInfo = getSysInfo();
        if (sysInfo == null) {
            return ResponseValue.error("请先登录");
@@ -56,7 +65,6 @@
        PageUtil page = usingFormBackService.selectPageByList(usingFormBackParam);
        return ResponseValue.success(page);
    }


    @ApiOperation(value = "部门物品退回单详情接口", notes = "部门物品退回单详情接口")
    @GetMapping("/detail")
@@ -69,10 +77,14 @@
        return ResponseValue.success(detail);
    }


    @ApiOperation(value = "部门物品退回明细查询接口", notes = "部门物品退回明细查询接口")
    @GetMapping("/list/detail")
    public ResponseValue queryListDetail(UsingFormBackQry usingFormBackParam) {
    public ResponseValue queryListDetail() {
        UsingFormBackQry usingFormBackParam = CommonUtil.getObjFromReq(UsingFormBackQry.class);
        UsingFormBackQry param2 = new UsingFormBackQry();
        CommonUtil.copyProperties(usingFormBackParam, param2);
        usingFormBackParam = param2;

        FinSysTenantUser sysInfo = getSysInfo();
        if (sysInfo == null) {
            return ResponseValue.error("请先登录");