From a1b85ef72062ca80db35546e4216dd564f3e0f57 Mon Sep 17 00:00:00 2001
From: WangHan <wwh_work@126,com>
Date: 星期四, 03 四月 2025 15:58:19 +0800
Subject: [PATCH] 问题与漏洞修改
---
consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java | 40 ++++++++++++++++++++++++++--------------
1 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java
index 9b6196c..77d3a81 100644
--- a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantDepartmentController.java
@@ -2,6 +2,7 @@
import java.util.List;
+import cn.hutool.core.collection.CollectionUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
@@ -20,17 +21,12 @@
import com.walker.infrastructure.utils.StringUtils;
import com.walker.web.ResponseValue;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiImplicitParam;
-import io.swagger.annotations.ApiImplicitParams;
-import io.swagger.annotations.ApiOperation;
-
/**
* @Description 閮ㄩ棬绠$悊
* @Author 鍗㈠簡闃�
* @Date 2023/10/26
*/
-@Api(value = "閮ㄩ棬绠$悊", tags = "閮ㄩ棬绠$悊")
+// @Api(value = "閮ㄩ棬绠$悊", tags = "閮ㄩ棬绠$悊")
@RestController
@RequestMapping("/pc/fin/sys/tenant/department")
public class FinSysTenantDepartmentController extends BaseController {
@@ -43,9 +39,9 @@
* @Author 鍗㈠簡闃�
* @Date 2023/10/26
*/
- @ApiOperation(value = "鏂板", notes = "鏂板")
- @ApiImplicitParams(value = {
- @ApiImplicitParam(name = "param", value = "閮ㄩ棬淇℃伅", required = true, dataType = "FinSysTenantDepartmentParam")})
+ // @ApiOperation(value = "鏂板", notes = "鏂板")
+// @ApiImplicitParams(value = {
+// @ApiImplicitParam(name = "param", value = "閮ㄩ棬淇℃伅", required = true, dataType = "FinSysTenantDepartmentParam")})
@PostMapping("/add")
public ResponseValue add() {
FinSysTenantDepartmentParam param = CommonUtil.getObjFromReqBody(FinSysTenantDepartmentParam.class);
@@ -70,7 +66,13 @@
if (department != null) {
return ResponseValue.error("閮ㄩ棬鍚嶇О宸插瓨鍦�");
}
-
+ // 閮ㄩ棬缂栧彿
+ FinSysTenantDepartmentParam finSysTenantDepartmentParam1 = new FinSysTenantDepartmentParam();
+ finSysTenantDepartmentParam1.setCode(param.getCode());
+ List<FinSysTenantDepartment> datas = departmentService.queryDataList(finSysTenantDepartmentParam1);
+ if(!CollectionUtil.isEmpty(datas)){
+ return ResponseValue.error("姝ょ紪鍙峰凡瀛樺湪");
+ }
int result = this.departmentService.add(param, this.getSysInfo());
if (result > 0) {
return ResponseValue.success();
@@ -99,9 +101,9 @@
return ResponseValue.success(pager);
}
- @ApiOperation(value = "鏍规嵁鏈烘瀯id鏌ヨ鎵�鏈夐儴闂ㄥ垪琛ㄤ俊鎭�", notes = "鏍规嵁鏈烘瀯id鏌ヨ鎵�鏈夐儴闂ㄥ垪琛ㄤ俊鎭�")
- @ApiImplicitParams(value = {
- @ApiImplicitParam(name = "param", value = "閮ㄩ棬淇℃伅", required = true, dataType = "FinSysTenantDepartmentParam")})
+ // @ApiOperation(value = "鏍规嵁鏈烘瀯id鏌ヨ鎵�鏈夐儴闂ㄥ垪琛ㄤ俊鎭�", notes = "鏍规嵁鏈烘瀯id鏌ヨ鎵�鏈夐儴闂ㄥ垪琛ㄤ俊鎭�")
+// @ApiImplicitParams(value = {
+// @ApiImplicitParam(name = "param", value = "閮ㄩ棬淇℃伅", required = true, dataType = "FinSysTenantDepartmentParam")})
@GetMapping("/list/all")
public ResponseValue queryAllDepartment(Long tenantId) {
FinSysTenantUser sysInfo = this.getSysInfo();
@@ -144,7 +146,17 @@
FinSysTenantDepartment tenantDepartment =
this.departmentService.getTenantDepartment(null, param.getTenantId(), param.getCode());
if (tenantDepartment != null) {
- return ResponseValue.error("閮ㄩ棬缂栧彿宸插瓨鍦�");
+ //return ResponseValue.error("閮ㄩ棬缂栧彿宸插瓨鍦�");
+ }
+ // 閮ㄩ棬缂栧彿
+ FinSysTenantDepartmentParam finSysTenantDepartmentParam1 = new FinSysTenantDepartmentParam();
+ finSysTenantDepartmentParam1.setCode(param.getCode());
+ List<FinSysTenantDepartment> datas = departmentService.queryDataList(finSysTenantDepartmentParam1);
+ if(!CollectionUtil.isEmpty(datas)){
+ FinSysTenantDepartment finSysTenantDepartment1 = datas.get(0);
+ if(!finSysTenantDepartment1.getId().equals(param.getId())){
+ return ResponseValue.error("姝ょ紪鍙峰凡瀛樺湪");
+ }
}
int num = this.departmentService.updateFinSysTenantDepartment(param, sysInfo);
return num > 0 ? ResponseValue.success() : ResponseValue.error("缂栬緫澶辫触锛�");
--
Gitblit v1.9.1