From 20c30d26f8bab22a4cb6b6459962fa92d6da490f Mon Sep 17 00:00:00 2001
From: cy <1664593601@qq.com>
Date: 星期一, 27 十一月 2023 14:20:29 +0800
Subject: [PATCH] feat: 漏洞修改
---
consum-base/src/main/java/com/consum/base/service/LWarehouseFlowService.java | 134 ++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 128 insertions(+), 6 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/service/LWarehouseFlowService.java b/consum-base/src/main/java/com/consum/base/service/LWarehouseFlowService.java
index 8e4e322..00c4b06 100644
--- a/consum-base/src/main/java/com/consum/base/service/LWarehouseFlowService.java
+++ b/consum-base/src/main/java/com/consum/base/service/LWarehouseFlowService.java
@@ -1,5 +1,6 @@
package com.consum.base.service;
+import com.consum.base.core.WhBusinessEnum;
import com.consum.base.core.utils.MapRowMapper;
import com.consum.base.core.utils.MapperUtil;
import com.consum.base.pojo.LWarehouseFlowParam;
@@ -7,9 +8,10 @@
import com.walker.db.page.GenericPager;
import com.walker.infrastructure.utils.StringUtils;
import com.walker.jdbc.service.BaseServiceImpl;
+import org.springframework.stereotype.Service;
+
import java.util.HashMap;
import java.util.Map;
-import org.springframework.stereotype.Service;
/**
* @ClassName LWarehouseFlowService
@@ -26,7 +28,7 @@
* @param param
* @return
*/
- private static String QUERY_BUSINESS_FLOW = "SELECT flow.BUSINESS_TYPE,flow.BUSINESS_FORM_ID,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.BUSINESS_FORM_CODE WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.BUSINESS_FORM_CODE END BUSINESS_FORM_CODE,record.GOODS_TEMPLATE_NAME,record.BASE_GOODS_MODELS_NAME,record.THIS_COUNT,record.THIS_TYPE,record.total_price,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.AGENCY_NAME WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.AGENCY_NAME END AGENCY_NAME,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.BUYER_NAME WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.OPERATOR_NAME END created_Name,flow.DEAL_TIME deal_Time FROM L_WAREHOUSE_FLOW flow LEFT JOIN L_WH_GOODS_RECORD record ON flow.id=record.WAREHOUSE_FLOW_ID LEFT JOIN L_WH_FORM_PROCURE tCaiGou ON flow.BUSINESS_TYPE=1 AND tCaiGou.id=flow.BUSINESS_FORM_ID LEFT JOIN L_WH_FORM_OUTPUT tFormOut ON flow.BUSINESS_TYPE=3 AND tFormOut.id=flow.BUSINESS_FORM_ID WHERE 1=1 ";
+ private String QUERY_BUSINESS_FLOW = "SELECT flow.BUSINESS_TYPE,flow.BUSINESS_FORM_ID,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.BUSINESS_FORM_CODE WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.BUSINESS_FORM_CODE END BUSINESS_FORM_CODE,record.GOODS_TEMPLATE_NAME,record.BASE_GOODS_MODELS_NAME,record.THIS_COUNT,record.THIS_TYPE,record.total_price,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.AGENCY_NAME WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.AGENCY_NAME END AGENCY_NAME,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.BUYER_NAME WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.OPERATOR_NAME END created_Name,flow.DEAL_TIME deal_Time FROM L_WAREHOUSE_FLOW flow LEFT JOIN L_WH_GOODS_RECORD record ON flow.id=record.WAREHOUSE_FLOW_ID LEFT JOIN L_WH_FORM_PROCURE tCaiGou ON flow.BUSINESS_TYPE=1 AND tCaiGou.id=flow.BUSINESS_FORM_ID LEFT JOIN L_WH_FORM_OUTPUT tFormOut ON flow.BUSINESS_TYPE=3 AND tFormOut.id=flow.BUSINESS_FORM_ID WHERE 1=1 ";
public GenericPager<Map<String, Object>> queryBusinessFlow(LWarehouseFlowParam param) {
StringBuilder sql = new StringBuilder(QUERY_BUSINESS_FLOW);
@@ -40,7 +42,7 @@
}
if (StringUtils.isNotEmpty(param.getBusinessFormCode())) {
sql.append(" AND CASE WHEN flow.BUSINESS_TYPE = 1 THEN tCaiGou.BUSINESS_FORM_CODE=:businessFormCode"
- + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.BUSINESS_FORM_CODE=:businessFormCode END");
+ + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.BUSINESS_FORM_CODE=:businessFormCode END");
paramts.put("businessFormCode", param.getBusinessFormCode());
// sql.append(" AND CASE WHEN flow.BUSINESS_TYPE = 1 THEN flow.BUSINESS_FORM_CODE=?");
// params.add(param.getBusinessFormCode());
@@ -61,7 +63,7 @@
}
if (param.getCreatedName() != null) {
sql.append(" AND CASE" + " WHEN flow.BUSINESS_TYPE = 1 THEN tCaiGou.BUYER_NAME LIKE :createdName"
- + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.OPERATOR_NAME LIKE :createdName END");
+ + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.OPERATOR_NAME LIKE :createdName END");
paramts.put("createdName", StringUtils.CHAR_PERCENT + param.getCreatedName() + StringUtils.CHAR_PERCENT);
}
if (param.getDealTimeStart() != null) {
@@ -80,7 +82,7 @@
Map<String, Object> paramts = new HashMap<>();
if (StringUtils.isNotEmpty(param.getBusinessFormCode())) {
sql.append("AND CASE WHEN flow.BUSINESS_TYPE = 1 THEN tCaiGou.BUSINESS_FORM_CODE=:businessFormCode"
- + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.BUSINESS_FORM_CODE=:businessFormCode END ");
+ + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.BUSINESS_FORM_CODE=:businessFormCode END ");
paramts.put("businessFormCode", param.getBusinessFormCode());
}
if (StringUtils.isNotEmpty(param.getGoodsName())) {
@@ -99,7 +101,7 @@
if (StringUtils.isNotEmpty(param.getCreateName())) {
sql.append("AND CASE WHEN flow.BUSINESS_TYPE = 1 THEN tCaiGou.BUYER_NAME = :createdName"
- + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.OPERATOR_NAME = :createdName END ");
+ + " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.OPERATOR_NAME = :createdName END ");
paramts.put("createdName", param.getCreateName());
}
if (param.getStartTime() != null) {
@@ -132,4 +134,124 @@
return selectSplit(sql.toString(), paramts, param.getPageNum(), param.getPageSize(), new MapperUtil());
}
+
+ /**
+ * 鍙拌处鏌ヨ
+ *
+ * @param param
+ * @return
+ */
+ private String QUERY_TAIZHANG_LIST_QUERY = "SELECT CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.AGENCY_NAME WHEN (flow.BUSINESS_TYPE=2 OR flow.BUSINESS_TYPE=4 OR flow.BUSINESS_TYPE=6) THEN tTrans.OPERATOR_NAME WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.AGENCY_NAME WHEN flow.BUSINESS_TYPE=5 THEN tScrapped.AGENCY_NAME WHEN flow.BUSINESS_TYPE=7 THEN tInventory.AGENCY_NAME END AGENCY_NAME,ware.WAREHOUSE_NAME,record.GOODS_TEMPLATE_NAME,record.BASE_GOODS_MODELS_NAME,record.THIS_TYPE,flow.BUSINESS_TYPE,CASE WHEN flow.BUSINESS_TYPE=1 THEN tCaiGou.BUSINESS_FORM_CODE WHEN (flow.BUSINESS_TYPE=2 OR flow.BUSINESS_TYPE=4 OR flow.BUSINESS_TYPE=6) THEN tTrans.BUSINESS_FORM_CODE WHEN flow.BUSINESS_TYPE=3 THEN tFormOut.BUSINESS_FORM_CODE WHEN flow.BUSINESS_TYPE=5 THEN tScrapped.BUSINESS_FORM_CODE WHEN flow.BUSINESS_TYPE=7 THEN tInventory.BUSINESS_FORM_CODE END BUSINESS_FORM_CODe,record.THIS_COUNT,record.INITIAL_COUNT,record.END_COUNT,flow.DEAL_TIME,CASE WHEN flow.BUSINESS_TYPE=2 AND tTrans.STATES=1 THEN record.THIS_COUNT ELSE 0 END zai_Tu_Count FROM (SELECT*FROM BASE_WAREHOUSE WHERE 1=1 ";
+ private String QUERY_TAIZHANG_LIST_RECORD = ")ware LEFT JOIN L_WAREHOUSE_FLOW flow ON ware.id=flow.WAREHOUSE_ID AND flow.WAREHOUSE_TYPE=0 LEFT JOIN L_WH_GOODS_RECORD record ON flow.id=record.WAREHOUSE_FLOW_ID ";
+ private String QUERY_TAIZHANG_LIST_END = " WHERE record.id IS NOT NULL";
+ private String QUERY_TAIZHANG_LIST_CAIGOU = " LEFT JOIN L_WH_FORM_PROCURE tCaiGou ON flow.BUSINESS_TYPE=1 AND tCaiGou.id=flow.BUSINESS_FORM_ID ";
+ private String QUERY_TAIZHANG_LIST_DIAOBO = " LEFT JOIN L_WH_FORM_TRANSFER tTrans ON (flow.BUSINESS_TYPE=2 or flow.BUSINESS_TYPE=4 or flow.BUSINESS_TYPE=6) AND tTrans.id=flow.BUSINESS_FORM_ID ";
+ private String QUERY_TAIZHANG_LIST_CHUKU = " LEFT JOIN L_WH_FORM_OUTPUT tFormOut ON flow.BUSINESS_TYPE=3 AND tFormOut.id=flow.BUSINESS_FORM_ID ";
+ private String QUERY_TAIZHANG_LIST_PANDIAN = " LEFT JOIN L_WH_FORM_INVENTORY tInventory ON flow.BUSINESS_TYPE=7 AND tInventory.id=flow.BUSINESS_FORM_ID ";
+ private String QUERY_TAIZHANG_LIST_BAOFEI = " LEFT JOIN L_WH_FORM_SCRAPPED tScrapped ON flow.BUSINESS_TYPE=5 AND tScrapped.id=flow.BUSINESS_FORM_ID ";
+
+ public GenericPager<Map<String, Object>> queryTaiZhangList(LWarehouseFlowParam param) {
+ StringBuilder sqlQuery = new StringBuilder(QUERY_TAIZHANG_LIST_QUERY);
+ StringBuilder sqlEndRecord = new StringBuilder(QUERY_TAIZHANG_LIST_RECORD);
+ StringBuilder sqlCaiGou = new StringBuilder(QUERY_TAIZHANG_LIST_CAIGOU);
+ StringBuilder sqlDiaoBo = new StringBuilder(QUERY_TAIZHANG_LIST_DIAOBO);
+ StringBuilder sqlChuKu = new StringBuilder(QUERY_TAIZHANG_LIST_CHUKU);
+ StringBuilder sqlBaoFei = new StringBuilder(QUERY_TAIZHANG_LIST_BAOFEI);
+ StringBuilder sqlPanDian = new StringBuilder(QUERY_TAIZHANG_LIST_PANDIAN);
+ StringBuilder sqlEnd = new StringBuilder(QUERY_TAIZHANG_LIST_END);
+
+ HashMap<String, Object> paramts = new HashMap<>();
+ //鏈烘瀯
+ if (param.getAgencyId() != null) {
+ sqlQuery.append(" AND left(AGENCY_ID, length(:lengthAgencyId)) = :agencyId");
+ paramts.put("lengthAgencyId", param.getAgencyId());
+ paramts.put("agencyId", param.getAgencyId());
+ }
+ //浠撳簱绫诲瀷
+ if (param.getWarehouseType() != null) {
+ sqlQuery.append(" AND WAREHOUSE_TYPE = :warehouseType");
+ paramts.put("warehouseType", param.getWarehouseType());
+ }
+ if (param.getBaseWarehouseId() != null) {
+ sqlQuery.append(" AND id = :warehouseId");
+ paramts.put("warehouseId", param.getBaseWarehouseId());
+ }
+ //鐗╁搧鍚嶇О
+ if (StringUtils.isNotEmpty(param.getGoodsTemplateName())) {
+ sqlEnd.append(" AND record.GOODS_TEMPLATE_NAME like :goodsTemplateName");
+ paramts.put("goodsTemplateName", StringUtils.CHAR_PERCENT + param.getGoodsTemplateName() + StringUtils.CHAR_PERCENT);
+ }
+ if (param.getGoodsTemplateId() != null) {
+ sqlEnd.append(" AND record.BASE_GOODS_TEMPLATE_ID=:goodsTemplateId");
+ paramts.put("goodsTemplateId", param.getGoodsTemplateId());
+ }
+ //瑙勬牸鍨嬪彿
+ if (param.getBaseGoodsModelsId() != null) {
+ sqlEnd.append(" AND record.BASE_GOODS_MODELS_ID=:baseGoodsModelsId");
+ paramts.put("baseGoodsModelsId", param.getBaseGoodsModelsId());
+ }
+ // 鍚岀爜琛紝1閲囪喘鍏ュ簱 2閫�杩樺叆搴� 3璋冩嫧鍏ュ簱 4鐩樼泩鍏ュ簱 5鐢抽鍑哄簱 6璋冩嫧鍑哄簱 7鐩樹簭鍑哄簱 8鎶ュ簾鍑哄簱 9鍏朵粬鍑哄簱
+ Short flowType = param.getFlowType();
+ if (flowType != null) {
+ Map<String, Short> typeByFlowType = WhBusinessEnum.getTypeByFlowType(flowType);
+ //鏈璋冩暣绫诲瀷锛�1=璋冨锛�2=璋冨噺锛�
+ Short flowThisType = typeByFlowType.get("flowThisType");
+ //鍗曟嵁绫诲瀷 1 閲囪喘2 璋冩嫧 3鍑哄簱4閮ㄩ棬鍒嗗彂5鎶ュ簾6閮ㄩ棬鐗╁搧鍥為��浠撳簱7鐗╁搧鐩樼偣
+ Short flowBusinessType = typeByFlowType.get("flowBusinessType");
+ if (flowThisType != null) {
+ sqlEnd.append(" AND flow.THIS_TYPE=:flowThisType");
+ paramts.put("flowThisType", flowThisType);
+ }
+ if (flowBusinessType != null) {
+ sqlEnd.append(" AND flow.BUSINESS_TYPE=:flowBusinessType");
+ paramts.put("flowBusinessType", flowBusinessType);
+ }
+ }
+ // 鍗曞彿
+ String businessFormCode = param.getBusinessFormCode();
+ if (StringUtils.isNotEmpty(businessFormCode)) {
+ sqlCaiGou.append(" and tCaiGou.BUSINESS_FORM_CODE = :caoGouBusinessFormCode");
+ paramts.put("caoGouBusinessFormCode", businessFormCode);
+ sqlDiaoBo.append(" and tTrans.BUSINESS_FORM_CODE = :diaoBoBusinessFormCode");
+ paramts.put("diaoBoBusinessFormCode", businessFormCode);
+ sqlChuKu.append(" and tFormOut.BUSINESS_FORM_CODE = :chuKuBusinessFormCode");
+ paramts.put("chuKuBusinessFormCode", businessFormCode);
+ sqlBaoFei.append(" and tScrapped.BUSINESS_FORM_CODE = :baoFeiBusinessFormCode");
+ paramts.put("baoFeiBusinessFormCode", businessFormCode);
+ sqlPanDian.append(" and tInventory.BUSINESS_FORM_CODE = :panDianBusinessFormCode");
+ paramts.put("panDianBusinessFormCode", businessFormCode);
+
+ sqlEnd.append(" and case when flow.BUSINESS_TYPE = 1 THEN tCaiGou.BUSINESS_FORM_CODE" +
+ " WHEN ( flow.BUSINESS_TYPE = 2 OR flow.BUSINESS_TYPE = 4 OR flow.BUSINESS_TYPE = 6 ) THEN tTrans.BUSINESS_FORM_CODE" +
+ " WHEN flow.BUSINESS_TYPE = 3 THEN tFormOut.BUSINESS_FORM_CODE" +
+ " WHEN flow.BUSINESS_TYPE = 5 THEN tScrapped.BUSINESS_FORM_CODE" +
+ " WHEN flow.BUSINESS_TYPE = 7 THEN tInventory.BUSINESS_FORM_CODE end =:whereBusinessFormCode");
+ paramts.put("whereBusinessFormCode", businessFormCode);
+
+
+ }
+ // 鎿嶄綔鏃堕棿
+ if (param.getDealTimeStart() != null) {
+ sqlEnd.append(" and flow.DEAL_TIME >=:dealTimeStart ");
+ paramts.put("dealTimeStart", param.getDealTimeStart() * 1000000);
+ }
+ if (param.getDealTimeEnd() != null) {
+ sqlEnd.append(" and flow.DEAL_TIME <:dealTimeEnd ");
+ paramts.put("dealTimeEnd", param.getDealTimeEnd() * 1000000 + 240000);
+ }
+ sqlEnd.append(" ORDER BY record.DEAL_TIME desc,record.id DESC ");
+
+ StringBuilder sql = new StringBuilder();
+ sql.append(sqlQuery)
+ .append(sqlEndRecord)
+ .append(sqlCaiGou)
+ .append(sqlDiaoBo)
+ .append(sqlChuKu)
+ .append(sqlBaoFei)
+ .append(sqlPanDian)
+
+ .append(sqlEnd);
+
+ return selectSplit(sql.toString(), paramts, param.getPageNum(), param.getPageSize(), new MapperUtil());
+ }
}
--
Gitblit v1.9.1