From 20c30d26f8bab22a4cb6b6459962fa92d6da490f Mon Sep 17 00:00:00 2001
From: cy <1664593601@qq.com>
Date: 星期一, 27 十一月 2023 14:20:29 +0800
Subject: [PATCH] feat: 漏洞修改
---
consum-base/src/main/java/com/consum/base/controller/LWhFormProcureController.java | 103 +++++++++++++++++++++++++--------------------------
1 files changed, 50 insertions(+), 53 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/controller/LWhFormProcureController.java b/consum-base/src/main/java/com/consum/base/controller/LWhFormProcureController.java
index ed68075..79df3ac 100644
--- a/consum-base/src/main/java/com/consum/base/controller/LWhFormProcureController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/LWhFormProcureController.java
@@ -1,5 +1,6 @@
package com.consum.base.controller;
+import cn.hutool.core.util.ReflectUtil;
import com.consum.base.BaseController;
import com.consum.base.core.CodeGeneratorEnum;
import com.consum.base.core.CodeGeneratorService;
@@ -12,27 +13,9 @@
import com.consum.base.pojo.LWhFormProcureParam;
import com.consum.base.pojo.LWhProcureModelParam;
import com.consum.base.pojo.query.FormProcureQry;
-import com.consum.base.pojo.response.FormProcureVO;
-import com.consum.base.pojo.response.FromProcureTemplateInfoVO;
-import com.consum.base.pojo.response.GoodsModelVO;
-import com.consum.base.pojo.response.LWhFormProcureExtendVO;
-import com.consum.base.pojo.response.LWhFormProcureGoodsVO;
-import com.consum.base.service.BaseGoodsTemplateServiceImpl;
-import com.consum.base.service.BaseWarehouseServiceImpl;
-import com.consum.base.service.FinSysTenantServiceImpl;
-import com.consum.base.service.LOrgSupplierServiceImpl;
-import com.consum.base.service.LWhFormProcureCoreService;
-import com.consum.base.service.LWhFormProcureGoodsService;
-import com.consum.base.service.LWhFormProcureService;
-import com.consum.base.service.LWhGoodsService;
-import com.consum.base.service.LWhProcureModelService;
-import com.consum.model.po.BaseGoodsTemplate;
-import com.consum.model.po.BaseWarehouse;
-import com.consum.model.po.FinSysTenantUser;
-import com.consum.model.po.LOrgSupplier;
-import com.consum.model.po.LWhFormProcure;
-import com.consum.model.po.LWhFormProcureGoods;
-import com.consum.model.po.LWhProcureModel;
+import com.consum.base.pojo.response.*;
+import com.consum.base.service.*;
+import com.consum.model.po.*;
import com.iplatform.model.po.S_user_core;
import com.walker.db.page.GenericPager;
import com.walker.infrastructure.utils.CollectionUtils;
@@ -42,22 +25,13 @@
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
-import java.lang.reflect.Field;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.annotation.Resource;
import org.apache.commons.compress.utils.Lists;
import org.springframework.beans.BeanUtils;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+import java.lang.reflect.Field;
+import java.util.*;
/**
* @ClassName LWhFormProcureController
@@ -95,7 +69,15 @@
* @Description 鏂板
*/
@PostMapping("/add")
- public ResponseValue add(@RequestBody LWhFormProcureParam param) {
+ public ResponseValue add() {
+ LWhFormProcureParam param = CommonUtil.getObjFromReqBody(LWhFormProcureParam.class);
+ LWhFormProcureParam param2 = new LWhFormProcureParam();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
+ return this.add(param);
+ }
+
+ private ResponseValue add(LWhFormProcureParam param) {
Long warehouseId = param.getWarehouseId();
if (param.getWarehouseId() == null) {
return ResponseValue.error("浠撳簱ID涓嶈兘涓虹┖");
@@ -222,10 +204,14 @@
*/
@ApiOperation(value = "閲囪喘鍗曞垪琛ㄦ煡璇�", notes = "閲囪喘鍗曞垪琛ㄦ煡璇�")
@ApiImplicitParams({
- @ApiImplicitParam(name = "param", value = "閲囪喘鏌ヨ鏉′欢", required = true, dataType = "FormProcureQryDto", paramType = "query")
+ @ApiImplicitParam(name = "param", value = "閲囪喘鏌ヨ鏉′欢", required = true, dataType = "FormProcureQryDto", paramType = "query")
})
@GetMapping("/list")
- public ResponseValue queryFormProcureList(FormProcureQry param) {
+ public ResponseValue queryFormProcureList() {
+ FormProcureQry param = CommonUtil.getObjFromReq(FormProcureQry.class);
+ FormProcureQry param2 = new FormProcureQry();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
S_user_core currentUser = this.getCurrentUser();
if (currentUser == null) {
return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
@@ -248,8 +234,8 @@
// 鏌ヨ鍨嬪彿鏁伴噺
String sql = "select fpg.id,BASE_CATEGORY_ID ,BASE_GOODS_TEMPLATE_ID ,GOODS_TEMPLATE_NAME ,sum(counts) count "
- + "from L_WH_FORM_PROCURE_GOODS fpg left join L_WH_PROCURE_MODEL pm on fpg.id = pm.FROM_PROCURE_GOODS_ID "
- + "where fpg.WH_FORM_PROCURE_ID =:id group by pm.FROM_PROCURE_GOODS_ID";
+ + "from L_WH_FORM_PROCURE_GOODS fpg left join L_WH_PROCURE_MODEL pm on fpg.id = pm.FROM_PROCURE_GOODS_ID "
+ + "where fpg.WH_FORM_PROCURE_ID =:id group by pm.FROM_PROCURE_GOODS_ID";
Map<String, Object> paramMap = new HashMap<>();
paramMap.put("id", item.getId());
List<Map<String, Object>> procureModelList = lWhProcureModelService.select(sql, paramMap, new MapperUtil());
@@ -264,8 +250,9 @@
}
try {
Field fieldDatas = GenericPager.class.getDeclaredField("datas");
- fieldDatas.setAccessible(true);
- fieldDatas.set(genericPager, result);
+// fieldDatas.setAccessible(true);
+// fieldDatas.set(genericPager, result);
+ ReflectUtil.setFieldValue(genericPager, fieldDatas, result);
} catch (Exception e) {
e.printStackTrace();
}
@@ -277,7 +264,11 @@
* @Description 缂栬緫
*/
@PostMapping("/edit")
- public ResponseValue edit(@RequestBody LWhFormProcureParam param) {
+ public ResponseValue edit() {
+ LWhFormProcureParam param = CommonUtil.getObjFromReqBody(LWhFormProcureParam.class);
+ LWhFormProcureParam param2 = new LWhFormProcureParam();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
ResponseValue delFlag = delById(param.getId());
if (delFlag.getCode() == ResponseValue.CODE_SUCCESS) {
return this.add(param);
@@ -342,13 +333,13 @@
lWhFormProcureGoods.setWhFormProcureId(id);
List<LWhFormProcureGoods> formProcureGoods = lWhFormProcureGoodsService.select(lWhFormProcureGoods);
- Field fieldModels = null;
- try {
- fieldModels = LWhFormProcureGoodsVO.class.getDeclaredField("models");
- } catch (NoSuchFieldException e) {
- e.printStackTrace();
- }
- fieldModels.setAccessible(true);
+// Field fieldModels = null;
+// try {
+// fieldModels = LWhFormProcureGoodsVO.class.getDeclaredField("models");
+// } catch (NoSuchFieldException e) {
+// e.printStackTrace();
+// }
+// fieldModels.setAccessible(true);
ArrayList<LWhFormProcureGoodsVO> procureGoodsVOList = new ArrayList<>();
for (LWhFormProcureGoods formProcureGood : formProcureGoods) {
LWhFormProcureGoodsVO lWhFormProcureGoodsVO = new LWhFormProcureGoodsVO();
@@ -363,15 +354,17 @@
Map<String, Object> paramMap = new HashMap<>();
paramMap.put("formProcureGoodId", formProcureGood.getId());
String sql = "SELECT\n" + "pm.BASE_GOODS_MODELS_ID,pm.BASE_GOODS_MODELS_NAME,pm.PRICE,pm.COUNTS,pm.WOREHOUSE_COUNT,bgm.unit " + "FROM\n"
- + "\tl_wh_procure_model pm\n"
- + "\tLEFT JOIN base_goods_models bgm on pm.BASE_GOODS_MODELS_ID = bgm.id where pm.FROM_PROCURE_GOODS_ID =:formProcureGoodId";
+ + "\tl_wh_procure_model pm\n"
+ + "\tLEFT JOIN base_goods_models bgm on pm.BASE_GOODS_MODELS_ID = bgm.id where pm.FROM_PROCURE_GOODS_ID =:formProcureGoodId";
List<Map<String, Object>> procureModelList = lWhProcureModelService.select(sql, paramMap, new MapperUtil());
List<GoodsModelVO> goodsModelVOList = Lists.newArrayList();
procureModelList.forEach(item -> {
GoodsModelVO goodsModelVO = MapUtils.convertMapToObj(item, GoodsModelVO.class);
goodsModelVOList.add(goodsModelVO);
});
- fieldModels.set(lWhFormProcureGoodsVO, goodsModelVOList);
+// fieldModels.set(lWhFormProcureGoodsVO, goodsModelVOList);
+ ReflectUtil.setFieldValue(lWhFormProcureGoodsVO, "models", goodsModelVOList);
+
procureGoodsVOList.add(lWhFormProcureGoodsVO);
}
lWhFormProcureExtendVO.setProcureGoods(procureGoodsVOList);
@@ -384,6 +377,10 @@
@GetMapping("detail/list")
public ResponseValue queryFormProcureDetailList() {
FormProcureQry formProcureQry = CommonUtil.getObjFromReq(FormProcureQry.class);
+ FormProcureQry param2 = new FormProcureQry();
+ CommonUtil.copyProperties(formProcureQry, param2);
+ formProcureQry = param2;
+
S_user_core currentUser = this.getCurrentUser();
if (currentUser == null) {
return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
--
Gitblit v1.9.1