From c29479a57db73c4dd379788d1b819e716ff7e1c1 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期二, 28 十一月 2023 10:39:39 +0800
Subject: [PATCH] 参数赋值,漏洞修复
---
consum-base/src/main/java/com/consum/base/controller/LWhFormInventoryController.java | 67 +++++++++++++++++++++++++++------
1 files changed, 54 insertions(+), 13 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/controller/LWhFormInventoryController.java b/consum-base/src/main/java/com/consum/base/controller/LWhFormInventoryController.java
index 45a18cd..aa8da03 100644
--- a/consum-base/src/main/java/com/consum/base/controller/LWhFormInventoryController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/LWhFormInventoryController.java
@@ -1,6 +1,7 @@
package com.consum.base.controller;
import com.consum.base.BaseController;
+import com.consum.base.core.utils.CommonUtil;
import com.consum.base.core.utils.PageUtil;
import com.consum.base.pojo.query.LWhFormInventoryQry;
import com.consum.base.pojo.request.FormInventoryParam;
@@ -27,7 +28,6 @@
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@@ -57,7 +57,13 @@
@ApiImplicitParam(name = "param", value = "鐩樼偣鍗曚俊鎭�", dataType = "FormInventoryParam")
})
@PostMapping("/add")
- public ResponseValue add(@RequestBody FormInventoryParam param) {
+ public ResponseValue add() {
+
+ FormInventoryParam param = CommonUtil.getObjFromReqBody(FormInventoryParam.class);
+ FormInventoryParam formInventoryParam = new FormInventoryParam();
+ CommonUtil.copyProperties(param, formInventoryParam);
+ param = formInventoryParam;
+
FinSysTenantUser sysInfo = this.getSysInfo();
if (sysInfo == null) {
return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
@@ -87,7 +93,12 @@
@ApiImplicitParam(name = "param", value = "鐩樼偣鏉′欢", dataType = "LWhFormInventoryParam", required = true, paramType = "query")
})
@GetMapping("/list")
- public ResponseValue queryList(LWhFormInventoryQry param) {
+ public ResponseValue queryList() {
+ LWhFormInventoryQry param = CommonUtil.getObjFromReq(LWhFormInventoryQry.class);
+ LWhFormInventoryQry param2 = new LWhFormInventoryQry();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
+
FinSysTenantUser sysInfo = this.getSysInfo();
if (sysInfo == null) {
return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
@@ -126,7 +137,12 @@
@ApiImplicitParam(name = "param", value = "鐩樼偣鍗曚俊鎭�", dataType = "FormInventoryParam")
})
@PostMapping("/edit")
- public ResponseValue edit(@RequestBody FormInventoryParam param) {
+ public ResponseValue edit() {
+ FormInventoryParam param = CommonUtil.getObjFromReqBody(FormInventoryParam.class);
+ FormInventoryParam formInventoryParam = new FormInventoryParam();
+ CommonUtil.copyProperties(param, formInventoryParam);
+ param = formInventoryParam;
+
LWhFormInventory lWhFormInventory = lWhFormInventoryService.get(new LWhFormInventory(param.getId()));
if (lWhFormInventory == null) {
return ResponseValue.error("缂栬緫澶辫触锛�");
@@ -138,8 +154,18 @@
if (num == 0) {
return ResponseValue.error("缂栬緫澶辫触锛�");
}
- ResponseValue add = this.add(param);
- if (add.getCode() == ResponseValue.CODE_SUCCESS) {
+
+ //鏍规嵁鐩樼偣浜篿d鏌ヨ鐩樼偣浜�
+ FinSysTenantUser finSysTenantUser = new FinSysTenantUser();
+ finSysTenantUser.setId(param.getOperatorUserId());
+ FinSysTenantUser operatorUser = finSysTenantUserService.get(finSysTenantUser);
+ //鏍规嵁鐩戠洏浜篿d鏌ヨ鐩戠洏浜�
+ FinSysTenantUser monitorUserInfo = new FinSysTenantUser();
+ monitorUserInfo.setId(param.getMonitorUserId());
+ FinSysTenantUser monitorUser = finSysTenantUserService.get(monitorUserInfo);
+ int result = this.lWhFormInventoryService.add(param, this.getSysInfo(), operatorUser, monitorUser);
+
+ if (result > 0) {
return ResponseValue.success();
}
@@ -185,12 +211,17 @@
@ApiImplicitParam(name = "param", value = "鐩樼偣鍗曚俊鎭�", dataType = "LWhFormInventoryDto")
})
@PostMapping("/temporary/storage")
- public ResponseValue temporaryStorage(@RequestBody LWhFormInventoryParam dto) {
- if (dto == null) {
+ public ResponseValue updateTemporaryStorage() {
+ LWhFormInventoryParam param = CommonUtil.getObjFromReqBody(LWhFormInventoryParam.class);
+ LWhFormInventoryParam formInventoryParam = new LWhFormInventoryParam();
+ CommonUtil.copyProperties(param, formInventoryParam);
+ param = formInventoryParam;
+
+ if (param == null) {
return ResponseValue.error("鍙傛暟閿欒");
}
- int num = this.lWhFormInventoryService.updateInventoryInfo(dto, 1, null, null);
+ int num = this.lWhFormInventoryService.updateInventoryInfo(param, 1, null, null);
return num > 0 ? ResponseValue.success(1) : ResponseValue.error("鏆傚瓨澶辫触锛�");
}
@@ -205,13 +236,18 @@
@ApiImplicitParam(name = "param", value = "鐩樼偣鍗曚俊鎭�", dataType = "LWhFormInventoryDto")
})
@PostMapping("/finish")
- public ResponseValue finishPd(@RequestBody LWhFormInventoryParam dto) {
- if (dto == null) {
+ public ResponseValue updateFinishPd() {
+ LWhFormInventoryParam param = CommonUtil.getObjFromReqBody(LWhFormInventoryParam.class);
+ LWhFormInventoryParam formInventoryParam = new LWhFormInventoryParam();
+ CommonUtil.copyProperties(param, formInventoryParam);
+ param = formInventoryParam;
+
+ if (param == null) {
return ResponseValue.error("鍙傛暟閿欒");
}
S_user_core currentUser = this.getCurrentUser();
FinSysTenantUser sysInfo = this.getSysInfo();
- int num = this.lWhFormInventoryService.updateInventoryInfo(dto, 2, currentUser, sysInfo);
+ int num = this.lWhFormInventoryService.updateInventoryInfo(param, 2, currentUser, sysInfo);
return num > 0 ? ResponseValue.success(1) : ResponseValue.error("鐩樼偣澶辫触锛�");
}
@@ -226,7 +262,12 @@
@ApiImplicitParam(name = "param", value = "鐩樼偣鏉′欢", dataType = "LWhFormInventoryParam", paramType = "query")
})
@GetMapping("/list/PdDetail")
- public ResponseValue queryPdDetailList(LWhFormInventoryQry param) {
+ public ResponseValue queryPdDetailList() {
+ LWhFormInventoryQry param = CommonUtil.getObjFromReq(LWhFormInventoryQry.class);
+ LWhFormInventoryQry param2 = new LWhFormInventoryQry();
+ CommonUtil.copyProperties(param, param2);
+ param = param2;
+
FinSysTenantUser sysInfo = this.getSysInfo();
if (sysInfo == null) {
return ResponseValue.error("鐧诲綍鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
--
Gitblit v1.9.1