From c29479a57db73c4dd379788d1b819e716ff7e1c1 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期二, 28 十一月 2023 10:39:39 +0800
Subject: [PATCH] 参数赋值,漏洞修复
---
consum-base/src/main/java/com/consum/base/controller/FinSysTenantController.java | 171 +++++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 123 insertions(+), 48 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantController.java b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantController.java
index 25f650a..bdfe0a0 100644
--- a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantController.java
@@ -5,11 +5,12 @@
import com.alibaba.excel.event.AnalysisEventListener;
import com.alibaba.excel.exception.ExcelDataConvertException;
import com.consum.base.BaseController;
+import com.consum.base.core.utils.CommonUtil;
+import com.consum.base.core.utils.FinSysTenantUtils;
import com.consum.base.pojo.FinSysTenantParam;
import com.consum.base.pojo.FinSysTenantSearchParam;
import com.consum.base.service.FinSysTenantServiceImpl;
import com.consum.base.service.FinSysTenantUserServiceImpl;
-import com.consum.base.core.utils.FinSysTenantUtils;
import com.consum.model.po.FinSysTenant;
import com.consum.model.po.FinSysTenantUser;
import com.consum.model.vo.FinSysTenantUserResult;
@@ -17,6 +18,19 @@
import com.walker.infrastructure.tree.TreeNode;
import com.walker.infrastructure.utils.StringUtils;
import com.walker.web.ResponseValue;
+import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
+import io.swagger.annotations.ApiOperation;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.ClassPathResource;
@@ -26,13 +40,12 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URLEncoder;
-import java.util.*;
/**
* @Description 鍖哄垝
@@ -120,7 +133,12 @@
* @Date 2023/7/14 13:59
*/
@RequestMapping("/select/list")
- public ResponseValue allocatedList(FinSysTenantSearchParam param) {
+ public ResponseValue allocatedList() {
+ FinSysTenantSearchParam param = CommonUtil.getObjFromReq(FinSysTenantSearchParam.class);
+ FinSysTenantSearchParam param2 = new FinSysTenantSearchParam();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
+
FinSysTenantUser sysInfo = getSysInfo();
if (sysInfo == null) {
return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
@@ -164,12 +182,12 @@
// 鐪佽繘鍏� 鏌ヨ 鐪佸拰鍦板競 锛涘湴甯傝繘鍏� 鏌ヨ鑷繁鍦板競
// TODO Long.valueOf(getSysInfo().getTenantId())
FinSysTenant finSysTenant =
- this.finSysTenantService.get(new FinSysTenant(Long.valueOf(getSysInfo().getTenantId())));
+ this.finSysTenantService.get(new FinSysTenant(Long.valueOf(getSysInfo().getTenantId())));
if (finSysTenant.getLv() == 3) {
return ResponseValue.error("鍘垮尯绾у埆鏃犳硶鏌ョ湅");
}
List<FinSysTenant> finSysTenantList =
- this.finSysTenantService.queryTreeById(finSysTenant.getId(), finSysTenant.getLv());
+ this.finSysTenantService.queryTreeById(finSysTenant.getId(), finSysTenant.getLv());
List<TreeNode> treeNodeList = new ArrayList<>();
// 鐪佹煡鏈韩鍙婁互涓� 甯傛煡鏈骇 鍘挎棤鏉冩煡鐪�
if (finSysTenant.getLv() == 1) {
@@ -181,7 +199,7 @@
}
} else {
TreeNode treeNode = new TreeNode(finSysTenantList.get(0).getId(), finSysTenantList.get(0).getName(),
- new ArrayList<>(), finSysTenantList.get(0).getParentId(), finSysTenantList.get(0).getCode());
+ new ArrayList<>(), finSysTenantList.get(0).getParentId(), finSysTenantList.get(0).getCode());
treeNodeList.add(treeNode);
}
return ResponseValue.success(treeNodeList);
@@ -196,12 +214,12 @@
// 鐪佽繘鍏� 鏌ヨ 鐪佸拰鍦板競 锛涘湴甯傝繘鍏� 鏌ヨ鑷繁鍦板競
// TODO Long.valueOf(getSysInfo().getTenantId())
FinSysTenant finSysTenant =
- this.finSysTenantService.get(new FinSysTenant(Long.valueOf(getSysInfo().getTenantId())));
+ this.finSysTenantService.get(new FinSysTenant(Long.valueOf(getSysInfo().getTenantId())));
if (finSysTenant.getLv() == 3) {
return ResponseValue.error("鍘垮尯绾у埆鏃犳硶鏌ョ湅");
}
Map<Long, List<FinSysTenant>> finSysTenantList =
- this.finSysTenantService.queryCountyByCityCode(finSysTenant.getId(), finSysTenant.getLv());
+ this.finSysTenantService.queryCountyByCityCode(finSysTenant.getId(), finSysTenant.getLv());
return ResponseValue.success(finSysTenantList);
}
@@ -272,7 +290,7 @@
protected TreeNode toTreeNode(FinSysTenant entity) {
TreeNode treeNode =
- new TreeNode(entity.getId(), entity.getName(), (List) null, entity.getParentId(), entity.getCode());
+ new TreeNode(entity.getId(), entity.getName(), (List) null, entity.getParentId(), entity.getCode());
return treeNode;
}
@@ -295,9 +313,14 @@
* @Description 涓嶅垎椤垫煡璇�
*/
@RequestMapping("/select/allList")
- public ResponseValue allList(FinSysTenantSearchParam param) {
+ public ResponseValue allList() {
+ FinSysTenantSearchParam param = CommonUtil.getObjFromReq(FinSysTenantSearchParam.class);
+ FinSysTenantSearchParam param2 = new FinSysTenantSearchParam();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
+
StringBuilder whStr = new StringBuilder("where 1=1 and status = 1 and is_delete = 0 ");
- HashMap parameter = new HashMap<>();
+ HashMap parameter = new HashMap<>();
if (param.getFirstZmS() != null && !param.getFirstZmS().equals("")) {
whStr.append(" and name is not null and(");
String upperCase = param.getFirstZmS().toUpperCase();
@@ -314,25 +337,37 @@
/**
* 鍒犻櫎
+ *
* @author 鍗㈠簡闃�
* @date 2023/10/4
*/
@PostMapping("/del")
- public ResponseValue del(@RequestBody FinSysTenantParam param) {
+ public ResponseValue del() {
+ FinSysTenantParam param = CommonUtil.getObjFromReqBody(FinSysTenantParam.class);
+ FinSysTenantParam finSysTenantParam = new FinSysTenantParam();
+ CommonUtil.copyProperties(param, finSysTenantParam);
+ param = finSysTenantParam;
+
if (param.getId() == null) {
return ResponseValue.error("鏈烘瀯id涓虹┖");
}
- int num =this.finSysTenantService.updateById(param,this.getSysInfo());
- return num>0 ? ResponseValue.success(1):ResponseValue.error("鍒犻櫎澶辫触锛�");
+ int num = this.finSysTenantService.updateById(param, this.getSysInfo());
+ return num > 0 ? ResponseValue.success(1) : ResponseValue.error("鍒犻櫎澶辫触锛�");
}
/**
* 娣诲姞鏈烘瀯
+ *
* @author 鍗㈠簡闃�
* @date 2023/10/4
*/
@PostMapping("/add")
- public ResponseValue add(@RequestBody FinSysTenantParam param){
+ public ResponseValue add() {
+ FinSysTenantParam param = CommonUtil.getObjFromReqBody(FinSysTenantParam.class);
+ FinSysTenantParam finSysTenantParam = new FinSysTenantParam();
+ CommonUtil.copyProperties(param, finSysTenantParam);
+ param = finSysTenantParam;
+
if (param == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
}
@@ -342,7 +377,7 @@
if (StringUtils.isEmpty(param.getName())) {
return ResponseValue.error("鏈烘瀯鍚嶇О涓虹┖");
}
- FinSysTenant finSysTenant = this.finSysTenantService.selectByTenantId(param.getCode());
+ FinSysTenant finSysTenant = this.finSysTenantService.queryOneByCode(param.getCode());
if (finSysTenant != null) {
return ResponseValue.error("鏈烘瀯缂栧彿宸插瓨鍦�");
}
@@ -351,8 +386,10 @@
if (lv > 4) {
return ResponseValue.error("涓嶈兘鍒涘缓鏀眬浠ヤ笅鏈烘瀯");
}
- int num = this.finSysTenantService.addFinSysTenant(param,this.getSysInfo(),lv);
- if(num>0) return ResponseValue.success(1);
+ int num = this.finSysTenantService.addFinSysTenant(param, this.getSysInfo(), lv);
+ if (num > 0) {
+ return ResponseValue.success(1);
+ }
return ResponseValue.error("鎻掑叆澶辫触锛�");
}
@@ -371,9 +408,9 @@
InputStreamResource resourceToDownload = new InputStreamResource(inputStream);
// 杩斿洖甯︽湁鏂囦欢杈撳叆娴佺殑ResponseEntity瀵硅薄
return ResponseEntity
- .status(HttpStatus.OK)
- .headers(headers)
- .body(resourceToDownload);
+ .status(HttpStatus.OK)
+ .headers(headers)
+ .body(resourceToDownload);
}
@@ -396,20 +433,20 @@
InputStreamResource resourceToDownload = new InputStreamResource(inputStream);
// 杩斿洖甯︽湁鏂囦欢杈撳叆娴佺殑ResponseEntity瀵硅薄
return ResponseEntity
- .status(HttpStatus.OK)
- .headers(headers)
- .body(resourceToDownload);
+ .status(HttpStatus.OK)
+ .headers(headers)
+ .body(resourceToDownload);
}
@PostMapping("import")
public ResponseValue upload(@RequestParam Long pid, MultipartFile file) throws IOException {
String originalFilename = file.getOriginalFilename();
- if (!"xls".equals(originalFilename.substring(originalFilename.lastIndexOf(".") + 1))){
+ if (!"xls".equals(originalFilename.substring(originalFilename.lastIndexOf(".") + 1))) {
return ResponseValue.error("鏂囦欢鏍煎紡鏈夎!");
}
FinSysTenantUser sysInfo = this.getSysInfo();
- if (sysInfo==null){
+ if (sysInfo == null) {
return ResponseValue.error("褰撳墠鐧诲綍鐢ㄦ埛涓虹┖");
}
String parentIdStr = pid + "";
@@ -420,17 +457,20 @@
EasyExcel.read(file.getInputStream(), FinSysTenantParam.class, new AnalysisEventListener<FinSysTenantParam>() {
LinkedList<FinSysTenantParam> finSysTenantParams = new LinkedList<>();
+
@Override
public void invoke(FinSysTenantParam finSysTenantParam, AnalysisContext analysisContext) {
- if (StringUtils.isEmpty(finSysTenantParam.getCode())||finSysTenantParam.getCode().length()>20){
- IllegalStateException exception = new IllegalStateException("绗�" + analysisContext.readSheetHolder().getRowIndex() + "琛�,鏈烘瀯缂栧彿涓嶈兘涓虹┖鎴栭暱搴﹀ぇ浜�20");
+ if (StringUtils.isEmpty(finSysTenantParam.getCode()) || finSysTenantParam.getCode().length() > 20) {
+ IllegalStateException exception = new IllegalStateException(
+ "绗�" + analysisContext.readSheetHolder().getRowIndex() + "琛�,鏈烘瀯缂栧彿涓嶈兘涓虹┖鎴栭暱搴﹀ぇ浜�20");
throw exception;
}
- if (null!=finSysTenantService.selectByTenantId(finSysTenantParam.getCode())){
+ if (null != finSysTenantService.queryOneByCode(finSysTenantParam.getCode())) {
throw new IllegalStateException("绗�" + analysisContext.readSheetHolder().getRowIndex() + "琛�,鏈烘瀯缂栧彿宸插瓨鍦�");
}
- if (StringUtils.isEmpty(finSysTenantParam.getName())||finSysTenantParam.getName().length()>100){
- IllegalStateException exception = new IllegalStateException("绗�" + analysisContext.readSheetHolder().getRowIndex() + "琛�,鏈烘瀯鍚嶇О涓嶈兘涓虹┖鎴栭暱搴﹀ぇ浜�100");
+ if (StringUtils.isEmpty(finSysTenantParam.getName()) || finSysTenantParam.getName().length() > 100) {
+ IllegalStateException exception = new IllegalStateException(
+ "绗�" + analysisContext.readSheetHolder().getRowIndex() + "琛�,鏈烘瀯鍚嶇О涓嶈兘涓虹┖鎴栭暱搴﹀ぇ浜�100");
throw exception;
}
finSysTenantParam.setParentId(pid);
@@ -438,39 +478,48 @@
finSysTenantParam.setSummary("绯荤粺瀵煎叆");
finSysTenantParams.add(finSysTenantParam);
}
+
@Override
public void doAfterAllAnalysed(AnalysisContext analysisContext) {
- finSysTenantService.insertFinSysTenantBatch(finSysTenantParams,sysInfo,lv);
+ finSysTenantService.insertFinSysTenantBatch(finSysTenantParams, sysInfo, lv);
}
@Override
public void onException(Exception exception, AnalysisContext context) {
// 濡傛灉鏄煇涓�涓崟鍏冩牸鐨勮浆鎹㈠紓甯� 鑳借幏鍙栧埌鍏蜂綋琛屽彿
if (exception instanceof ExcelDataConvertException) {
- ExcelDataConvertException excelDataConvertException = (ExcelDataConvertException)exception;
- logger.error("绗瑊}琛岋紝绗瑊}鍒楄В鏋愬紓甯革紝鏁版嵁涓�:{}",excelDataConvertException.getRowIndex(),
- excelDataConvertException.getColumnIndex()+1, excelDataConvertException.getCellData().getStringValue());
- throw new IllegalStateException("绗�"+(excelDataConvertException.getRowIndex()+1)+"琛岋紝绗�"+(excelDataConvertException.getColumnIndex()+1)+"鍒楄В鏋愬紓甯�,寮傚父鏁版嵁涓�:[ "+excelDataConvertException.getCellData().getStringValue()+" ]");
+ ExcelDataConvertException excelDataConvertException = (ExcelDataConvertException) exception;
+ logger.error("绗瑊}琛岋紝绗瑊}鍒楄В鏋愬紓甯革紝鏁版嵁涓�:{}", excelDataConvertException.getRowIndex(),
+ excelDataConvertException.getColumnIndex() + 1, excelDataConvertException.getCellData().getStringValue());
+ throw new IllegalStateException(
+ "绗�" + (excelDataConvertException.getRowIndex() + 1) + "琛岋紝绗�" + (excelDataConvertException.getColumnIndex() + 1) + "鍒楄В鏋愬紓甯�,寮傚父鏁版嵁涓�:[ "
+ + excelDataConvertException.getCellData().getStringValue() + " ]");
}
- if (exception instanceof IllegalStateException){
- throw (IllegalStateException)exception;
+ if (exception instanceof IllegalStateException) {
+ throw (IllegalStateException) exception;
}
}
}).doReadAll();
- return ResponseValue.success("瀵煎叆鎴愬姛!",1);
+ return ResponseValue.success("瀵煎叆鎴愬姛!", 1);
}
/**
* 缂栬緫
+ *
* @author 鍗㈠簡闃�
* @date 2023/10/6
*/
@PostMapping("/edit")
- public ResponseValue edit(@RequestBody FinSysTenant finSysTenant) {
- Long id = finSysTenant.getId();
+ public ResponseValue edit() {
+ FinSysTenant param = CommonUtil.getObjFromReqBody(FinSysTenant.class);
+ FinSysTenant finSysTenant = new FinSysTenant();
+ CommonUtil.copyProperties(param, finSysTenant);
+ param = finSysTenant;
+
+ Long id = param.getId();
if (id == null || id.longValue() <= 0) {
return ResponseValue.error("缂栬緫鐨勬満鏋勪笉瀛樺湪");
}
@@ -482,8 +531,8 @@
// if (finSysTenant1.getLv() != 1) {
// return ResponseValue.error("鏆傛棤淇敼鏉冮檺");
// }
- int num = this.finSysTenantService.updateFinSysTenant(finSysTenant,this.getSysInfo());
- return num>0 ? ResponseValue.success(1):ResponseValue.error("缂栬緫澶辫触锛�");
+ int num = this.finSysTenantService.updateFinSysTenant(param, this.getSysInfo());
+ return num > 0 ? ResponseValue.success(1) : ResponseValue.error("缂栬緫澶辫触锛�");
}
/**
@@ -564,4 +613,30 @@
}
return ResponseValue.success(finSysTenantUserResults);
}
+
+ @ApiOperation(value = "鑾峰彇鐖剁骇鏈烘瀯", notes = "鑾峰彇鐖剁骇鏈烘瀯")
+ @ApiImplicitParams({
+ @ApiImplicitParam(name = "Authorization", value = "token", dataType = "String", paramType = "header"),
+ })
+ @GetMapping("/get/parent/tenant")
+ public ResponseValue getParentTenant() {
+ FinSysTenantUser sysInfo = getSysInfo();
+ if (sysInfo == null) {
+ return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
+ }
+ String tenantId = sysInfo.getTenantId();
+ FinSysTenant finSysTenant = new FinSysTenant();
+ finSysTenant.setTempId(Long.valueOf(tenantId));
+ FinSysTenant userTenant = this.finSysTenantService.get(finSysTenant);
+ Long parentId = userTenant.getParentId();
+ //绗竴绾�
+ if (parentId == 0) {
+ return ResponseValue.success(userTenant);
+ } else {
+ FinSysTenant param = new FinSysTenant();
+ param.setTempId(Long.valueOf(parentId));
+ FinSysTenant result = this.finSysTenantService.get(param);
+ return ResponseValue.success(result);
+ }
+ }
}
--
Gitblit v1.9.1