From 767825c89d220941f730c61065285518408ca965 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期三, 06 十二月 2023 14:20:07 +0800
Subject: [PATCH] 漏洞修复
---
consum-base/src/main/java/com/consum/base/service/FinSysTenantUserServiceImpl.java | 215 ++++++++---------------------------------------------
1 files changed, 34 insertions(+), 181 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/service/FinSysTenantUserServiceImpl.java b/consum-base/src/main/java/com/consum/base/service/FinSysTenantUserServiceImpl.java
index b802998..1f1557a 100644
--- a/consum-base/src/main/java/com/consum/base/service/FinSysTenantUserServiceImpl.java
+++ b/consum-base/src/main/java/com/consum/base/service/FinSysTenantUserServiceImpl.java
@@ -1,7 +1,13 @@
package com.consum.base.service;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.stereotype.Service;
+
import com.consum.base.pojo.FinSysTenantUserSearchParam;
-import com.consum.model.po.FinSysOrg;
import com.consum.model.po.FinSysTenantUser;
import com.iplatform.base.util.PlatformRSAUtils;
import com.iplatform.core.util.AESUtils;
@@ -10,46 +16,35 @@
import com.walker.db.page.GenericPager;
import com.walker.infrastructure.utils.StringUtils;
import com.walker.jdbc.service.BaseServiceImpl;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import org.springframework.stereotype.Service;
@Service
public class FinSysTenantUserServiceImpl extends BaseServiceImpl {
- private static final String SQL_GET_USER = "SELECT * FROM fin_sys_tenant_user WHERE IS_DELETE = 0 AND `STATUS` = 1 AND TENANT_ID = ?";
- private static final String SQL_QH_PAGE_USER_PREFIX = "select fstu.* from FIN_SYS_TENANT_USER fstu where fstu.IS_DELETE = 0 ";
- private static final String SQL_QH_PAGE_USER_PREFIX_NEW = "select fstu.* from FIN_SYS_TENANT_USER fstu where IS_DELETE = 0 and status=1 ";
- private static final String SQL_TENANT_USER = "select fstu.*, fst.TENANT_NAME, fst.LV from FIN_SYS_TENANT_USER fstu\n"
- + "left join (SELECT CODE, NAME AS TENANT_NAME, LV FROM FIN_SYS_TENANT) fst ON fstu.TENANT_CODE = fst.CODE\n" + "where fstu.SYS_USER_ID = ?";
- private static final String SQL_TENANT_USER_BY_USER_ID = "select * from FIN_SYS_TENANT_USER where SYS_USER_ID = ? AND STATUS = 1";
- private static final String SQL_INSERT_ROLE_USER = "insert into s_role_user(user_id, role_id, org_id) values(?,?,0)";
+ private static final String SQL_GET_USER =
+ "SELECT * FROM fin_sys_tenant_user WHERE IS_DELETE = 0 AND `STATUS` = 1 AND TENANT_ID = ?";
+ private static final String SQL_QH_PAGE_USER_PREFIX =
+ "select fstu.* from FIN_SYS_TENANT_USER fstu where fstu.IS_DELETE = 0 ";
+
+ private static final String SQL_TENANT_USER =
+ "select fstu.*, fst.TENANT_NAME, fst.LV from FIN_SYS_TENANT_USER fstu\n"
+ + "left join (SELECT CODE, NAME AS TENANT_NAME, LV FROM FIN_SYS_TENANT) fst ON fstu.TENANT_CODE = fst.CODE\n"
+ + "where fstu.SYS_USER_ID = ?";
+
+ private static final String SQL_INSERT_ROLE_USER =
+ "insert into s_role_user(user_id, role_id, org_id) values(?,?,0)";
private static final String SQL_DELETE_ROLE_USER = "DELETE FROM S_ROLE_USER WHERE USER_ID =?";
/**
* 鏍规嵁鐢ㄦ埛id鍜岃鑹瞚d鍒犻櫎瑙掕壊
*/
- private static final String SQL_DELETE_ROLE_BY_USER_ID_AND_ROLE_ID = "DELETE FROM S_ROLE_USER WHERE USER_ID =? AND role_id =?";
+ private static final String SQL_DELETE_ROLE_BY_USER_ID_AND_ROLE_ID =
+ "DELETE FROM S_ROLE_USER WHERE USER_ID =? AND role_id =?";
private static final String SQL_SELECT_USER_CODE = "SELECT * FROM FIN_SYS_TENANT_USER where 1 = 1 ";
private static final String SQL_SELECT_USER_ID = "SELECT * FROM S_ROLE where 1=1 ";
private static final String SQL_DEPT_ROLES = "select * from s_dept where status=0 and del_flag=0";
-
- private static final String SQL_FIN_SYS_ORG = "SELECT * from FIN_SYS_ORG where ID=?";
-
-
- private static final String SQL_TENANT_KF_USER = "select fstu.*, sru.USER_ID from FIN_SYS_TENANT_USER fstu\n"
- + "left join (select USER_ID FROM S_ROLE_USER WHERE ROLE_ID = '1690961420053') sru ON fstu.SYS_USER_ID = sru.USER_ID\n"
- + "WHERE IS_DELETE = 0 AND STATUS = 1 AND sru.USER_ID is NOT NULL AND TENANT_CODE = ?";
-
- private static final String SQL_TEAM_KF_USER = "select fstu.*, sru.USER_ID,FST2.CODE as PARENT_Code from FIN_SYS_TENANT_USER fstu\n"
- + " left join (select USER_ID FROM S_ROLE_USER WHERE ROLE_ID = 2) sru ON fstu.SYS_USER_ID = sru.USER_ID\n"
- + " LEFT JOIN FIN_SYS_TENANT FST ON FST.CODE = fstu.TENANT_CODE \n" + " LEFT JOIN FIN_SYS_TENANT FST2 ON FST2.ID = FST.PARENT_ID \n"
- + " WHERE IS_DELETE = 0 AND STATUS = 1 AND sru.USER_ID is NOT NULL AND fstu.ID != ?";
/**
* @Description 鍒嗛〉鏌ヨ绯荤粺鐢ㄦ埛
@@ -75,19 +70,19 @@
sql.append(" and USER_CODE like :USER_CODE");
parameter.put("USER_CODE", StringUtils.CHAR_PERCENT + param.getUserCode() + StringUtils.CHAR_PERCENT);
}
-// if(StringUtils.isNotEmpty(param.getUserCode())){
-// sql.append(" and user_code like :user_code");
-// parameter.put("user_code", StringUtils.CHAR_PERCENT + param.getUserCode() + StringUtils.CHAR_PERCENT);
-// }
+ // if(StringUtils.isNotEmpty(param.getUserCode())){
+ // sql.append(" and user_code like :user_code");
+ // parameter.put("user_code", StringUtils.CHAR_PERCENT + param.getUserCode() + StringUtils.CHAR_PERCENT);
+ // }
if (param.getStatus() != null) {
sql.append(" and status =:status");
parameter.put("status", param.getStatus());
}
-// if(param.getRoleId()!=null &&!param.getRoleId().equals("")){
-// sql.append(" and fstu.SYS_USER_ID in (select user_id from s_role_user where role_id = :role_id)");
-// parameter.put("role_id", param.getRoleId());
-// }
+ // if(param.getRoleId()!=null &&!param.getRoleId().equals("")){
+ // sql.append(" and fstu.SYS_USER_ID in (select user_id from s_role_user where role_id = :role_id)");
+ // parameter.put("role_id", param.getRoleId());
+ // }
if (StringUtils.isNotEmpty(param.getUserPhone())) {
sql.append(" and USER_PHONE =:userPhone");
@@ -103,13 +98,13 @@
// 杩欓噷鏄�夋嫨浜哄憳鍔犵殑
if (param.getType() != null) {
- // 1 鏄储鏀跨敤鎴� 2 渚涘簲鍟� 浠栦咯鐨勫尯鍒氨鏄� 渚涘簲鍟唅d鏄惁涓虹┖
+ // 1 鏄储鏀跨敤鎴� 2 渚涘簲鍟� 浠栦咯鐨勫尯鍒氨鏄� 渚涘簲鍟唅d鏄惁涓虹┖
if (param.getType() == 1) {
sql.append(" and fstu.supplier_Id is null ");
}
if (param.getType() == 2) {
- //杩欓噷鏄� 鏌ョ殑渚涘簲鍟� 渚涘簲鍟唅d 宸茬粡鍦ㄤ笂闈㈠姞杩囦簡
+ // 杩欓噷鏄� 鏌ョ殑渚涘簲鍟� 渚涘簲鍟唅d 宸茬粡鍦ㄤ笂闈㈠姞杩囦簡
}
}
// 缁戝畾CTI瀹㈡湇
@@ -118,68 +113,6 @@
sql.append(" and fstu.AGENT_JID is not null ");
} else {
sql.append(" and fstu.AGENT_JID is null ");
- }
- }
- sql.append(" ORDER BY SEQ asc ,CREATE_TIME desc");
- return this.selectSplit(sql.toString(), parameter, new FinSysTenantUser());
- }
-
-
- /**
- * @Description 鍒嗛〉鏌ヨ绯荤粺鐢ㄦ埛
- * @Author wh
- * @Date 2023/7/17 14:26
- */
- public GenericPager<FinSysTenantUser> queryAllPageUserNew(FinSysTenantUserSearchParam param) {
- Map<String, Object> parameter = new HashMap<>(5);
- StringBuilder sql = new StringBuilder(SQL_QH_PAGE_USER_PREFIX_NEW);
- if (param.getTenantCode() > 0) {
- sql.append(" and fstu.TENANT_CODE =:tenantCode");
- parameter.put("tenantCode", param.getTenantCode());
- }
- if (param.getSupplierId() != null) {
- sql.append(" and fstu.supplier_Id =:supplier_Id");
- parameter.put("supplier_Id", param.getSupplierId());
- }
- if (StringUtils.isNotEmpty(param.getUserName())) {
- sql.append(" and USER_NAME like :userName");
- parameter.put("userName", StringUtils.CHAR_PERCENT + param.getUserName() + StringUtils.CHAR_PERCENT);
- }
- if (StringUtils.isNotEmpty(param.getUserCode())) {
- sql.append(" and user_code like :user_code");
- parameter.put("user_code", StringUtils.CHAR_PERCENT + param.getUserCode() + StringUtils.CHAR_PERCENT);
- }
- if (param.getStatus() != null) {
- sql.append(" and status like :status");
- parameter.put("status", param.getStatus());
- }
-
- if (param.getRoleId() != null && !param.getRoleId().equals("")) {
- sql.append(" and fstu.SYS_USER_ID in (select user_id from s_role_user where role_id = :role_id)");
- parameter.put("role_id", param.getRoleId());
- }
-
- if (StringUtils.isNotEmpty(param.getUserPhone())) {
- sql.append(" and USER_PHONE =:userPhone");
- try {
- // 鍔犲瘑鎵嬫満鍙�
- String key = PlatformRSAUtils.AES_KEY;
- parameter.put("userPhone", AESUtils.encryptStrAES(param.getUserPhone(), key));
- } catch (Exception e) {
- log.error("鎵嬫満鍙峰姞瀵嗗け璐ワ紝 鍘熷洜鏄細" + e.getMessage());
- parameter.put("userPhone", "");
- }
- }
-
- // 杩欓噷鏄�夋嫨浜哄憳鍔犵殑
- if (param.getType() != null) {
- // 1 鏄储鏀跨敤鎴� 2 渚涘簲鍟� 浠栦咯鐨勫尯鍒氨鏄� 渚涘簲鍟唅d鏄惁涓虹┖
- if (param.getType() == 1) {
- sql.append(" and fstu.supplier_Id is null ");
- }
-
- if (param.getType() == 2) {
- //杩欓噷鏄� 鏌ョ殑渚涘簲鍟� 渚涘簲鍟唅d 宸茬粡鍦ㄤ笂闈㈠姞杩囦簡
}
}
sql.append(" ORDER BY SEQ asc ,CREATE_TIME desc");
@@ -197,7 +130,8 @@
}
public FinSysTenantUser queryOneByUserId(String userId) {
- List<FinSysTenantUser> finSysTenantUserList = this.select(SQL_TENANT_USER, new Object[]{userId}, new FinSysTenantUser());
+ List<FinSysTenantUser> finSysTenantUserList =
+ this.select(SQL_TENANT_USER, new Object[] {userId}, new FinSysTenantUser());
if (finSysTenantUserList.size() > 0) {
return finSysTenantUserList.get(0);
} else {
@@ -268,7 +202,6 @@
this.execBatchUpdate(SQL_DELETE_ROLE_BY_USER_ID_AND_ROLE_ID, parameters);
}
-
/**
* 鏍规嵁userCode鏌ヨ閲嶅銆�
*
@@ -326,91 +259,11 @@
}
/**
- * @Description 鑾峰彇瀹㈡湇
- * @Author wh
- * @Date 2023/7/19 10:12
- */
- public List<FinSysTenantUser> selectKF(String tenantCode) {
- // 鏌ヨ瑙掕壊涓哄鏈嶄笖鏈烘瀯鍜屽綋鍓嶈姹傜敤鎴蜂竴鑷寸殑
- return this.select(SQL_TENANT_KF_USER, new Object[]{tenantCode}, new FinSysTenantUser());
- }
-// public FinSysTenantUser selectKF(String tenantCode) {
-// // 鏌ヨ瑙掕壊涓哄鏈嶄笖鏈烘瀯鍜屽綋鍓嶈姹傜敤鎴蜂竴鑷寸殑
-// List<FinSysTenantUser> finSysTenantUserList = this.select(SQL_TENANT_KF_USER, new Object[]{tenantCode}, new FinSysTenantUser());
-// if (finSysTenantUserList.size() > 0) {
-// return finSysTenantUserList.get(0);
-// } else {
-// return null;
-// }
-// }
-
- /**
- * @Description 鑾峰彇鎵�鏈夊鏈嶄俊鎭紝涓嶅寘鍚嚜宸�
- * @Author wh
- * @Date 2023/7/20 15:33
- */
- public List<FinSysTenantUser> selectTeamKF(Long id) {
- // 鏌ヨ瑙掕壊涓哄鏈嶄笖鏈烘瀯鍜屽綋鍓嶈姹傜敤鎴蜂竴鑷寸殑
- List<FinSysTenantUser> finSysTenantUserList = this.select(SQL_TEAM_KF_USER, new Object[]{id}, new FinSysTenantUser());
- return finSysTenantUserList;
- }
-
- /**
- * 鏍规嵁鏈烘瀯id鏌ヨ鏈烘瀯
- *
- * @param orgId
- * @return
- */
- public List<FinSysOrg> selectFinSysOrg(String orgId) {
- List<FinSysOrg> select = this.select(SQL_FIN_SYS_ORG, new Object[]{orgId}, new FinSysOrg());
- return select;
- }
-
- public FinSysTenantUser queryBySysUserId(Long userId) {
- List<FinSysTenantUser> select = this.select(SQL_TENANT_USER_BY_USER_ID, new Object[]{userId}, new FinSysTenantUser());
- if (StringUtils.isEmptyList(select)) {
- return null;
- } else {
- return select.get(0);
- }
- }
-
- private static final String SQL_GET_ALL_USER = "select DISTINCT( fstu.sys_user_id), fstu.USER_NAME as USER_Name, fstu.id as Id from (\n"
- + "SELECT DISTINCT(CREATE_BY), EVENT_MANAGE_ID FROM FIN_EVENT_MANAGE_RECORD) femr LEFT JOIN FIN_SYS_TENANT_USER fstu ON femr.CREATE_BY = fstu.ID\n"
- + "LEFT JOIN FIN_EVENT_MANAGE fem ON fem.id = femr.EVENT_MANAGE_ID WHERE USER_NAME is not NULL ";
-
- /**
- * @Description 鏌ヨ鏁版嵁缁熻鐨勪俊鎭�
- * @Author wh
- * @Date 2023/9/5 11:53
- */
- public List<FinSysTenantUser> getStatics(FinSysTenantUserSearchParam finSysTenantUserSearchParam) {
- Map<String, Object> parameters = new HashMap<>(10);
- StringBuilder sql = new StringBuilder(SQL_GET_ALL_USER);
- sql.append(" and fem.PROJECT_ID = :projectId");
- parameters.put("projectId", finSysTenantUserSearchParam.getProjectId());
- if (StringUtils.isNotEmpty(finSysTenantUserSearchParam.getUserName())) {
- sql.append(" and fstu.USER_NAME like :userName");
- parameters.put("userName", StringUtils.CHAR_PERCENT + finSysTenantUserSearchParam.getUserName() + StringUtils.CHAR_PERCENT);
- }
- if (finSysTenantUserSearchParam.getStartTime() != null && finSysTenantUserSearchParam.getStartTime() > 0) {
- sql.append(" and fem.create_time >= :startTime");
- parameters.put("startTime", finSysTenantUserSearchParam.getStartTime());
- }
- if (finSysTenantUserSearchParam.getEndTime() != null && finSysTenantUserSearchParam.getEndTime() > 0) {
- sql.append(" and fem.create_time <= :endTime");
- parameters.put("endTime", finSysTenantUserSearchParam.getEndTime());
- }
- sql.append(" ORDER BY ID DESC");
- return this.select(sql.toString(), parameters, new FinSysTenantUser());
- }
-
- /**
* @Description 鏍规嵁OrgId鑾峰彇鐢ㄦ埛淇℃伅
* @Author wh
* @Date 2023/10/4 15:49
*/
public List<FinSysTenantUser> getByOrgId(Long orgId) {
- return this.select(SQL_GET_USER, new Object[]{orgId}, new FinSysTenantUser());
+ return this.select(SQL_GET_USER, new Object[] {orgId}, new FinSysTenantUser());
}
}
--
Gitblit v1.9.1