Skip to content

H
hzsomms
Commit 9e816bbd authored by shizhilong's avatar shizhilong
Browse files
Options

bug修改 -shizhilong

parent ec6fc30a
Show whitespace changes
Inline Side-by-side
Showing with 221 additions and 77 deletions
jeecg-module-system/src/main/java/org/jeecg/modules/school/controller/SchoolPlanBatchMasterController.java
View file @ 9e816bbd
package org.jeecg.modules.school.controller;
import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.modules.school.dto.SchoolPlanBatchMasterDTO;
import org.jeecg.modules.school.entity.SchoolPlanBatchMaster;
import org.jeecg.modules.school.service.ISchoolPlanBatchMasterService;
import org.jeecg.modules.school.vo.SchoolPlanBatchMasterVO;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.jeecg.common.system.base.controller.JeecgController;
import java.util.Date;
/**
* <p>
* 作业计划批次管理表 前端控制器
......@@ -49,4 +54,39 @@ public class SchoolPlanBatchMasterController extends JeecgController<SchoolPlanB
return Result.OK(pageData);
}
@AutoLog(value = "作业计划批次管理新增或者编辑")
@ApiOperation(value = "作业计划批次管理新增或者编辑", notes = "作业计划批次管理新增或者编辑")
@PostMapping(value = "/saveOrUpdate")
@ResponseBody
public Result<String> saveOrUpdate(@RequestBody SchoolPlanBatchMaster schoolPlanBatchMaster) {
//获取当前登录人信息
LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal();
String realname = user.getRealname();
schoolPlanBatchMaster.setUpdateTime(new Date());
schoolPlanBatchMaster.setDelFlag("0");
schoolPlanBatchMaster.setUpdateBy(realname);
if (ObjectUtil.isEmpty(schoolPlanBatchMaster.getId())) {
this.service.save(schoolPlanBatchMaster);
} else {
this.service.updateById(schoolPlanBatchMaster);
}
return Result.OK("操作成功!");
}
/**
* 删除作业计划批次管理数据
* @param id
* @return
*/
@AutoLog(value = "删除作业计划批次管理数据")
@ApiOperation(value = "删除作业计划批次管理数据", notes = "删除作业计划批次管理数据")
@GetMapping(value = "/delete")
public Result<String> delete(@ApiParam(name = "作业计划批次管理id", required = true) String id) {
//删除动静态几何尺寸数据
LambdaUpdateWrapper<SchoolPlanBatchMaster> update = Wrappers.lambdaUpdate();
update.set(SchoolPlanBatchMaster::getDelFlag, "1");
update.eq(SchoolPlanBatchMaster::getId, id);
this.service.update(update);
return Result.OK("删除成功!");
}
}
jeecg-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
View file @ 9e816bbd
......@@ -2,13 +2,19 @@ package org.jeecg.modules.system.controller;
import javax.servlet.http.HttpServletRequest;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import io.swagger.annotations.ApiParam;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.mapper.SysDictMapper;
import org.jeecg.modules.system.model.DuplicateCheckVo;
import org.jeecg.modules.system.security.DictQueryBlackListHandler;
import org.jeecg.modules.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping;
......@@ -19,6 +25,8 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import java.util.List;
/**
* @Title: DuplicateCheckAction
* @Description: 重复校验工具
......@@ -29,7 +37,7 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j
@RestController
@RequestMapping("/sys/duplicate")
@Api(tags="重复校验")
@Api(tags = "重复校验")
public class DuplicateCheckController {
@Autowired
......@@ -38,6 +46,9 @@ public class DuplicateCheckController {
@Autowired
DictQueryBlackListHandler dictQueryBlackListHandler;
@Autowired
private ISysUserService sysUserService;
/**
* 校验数据是否在系统中是否存在
*
......@@ -48,13 +59,13 @@ public class DuplicateCheckController {
public Result<String> doDuplicateCheck(DuplicateCheckVo duplicateCheckVo, HttpServletRequest request) {
Long num = null;
log.debug("----duplicate check------:"+ duplicateCheckVo.toString());
log.debug("----duplicate check------:" + duplicateCheckVo.toString());
//关联表字典(举例:sys_user,realname,id)
//SQL注入校验(只限制非法串改数据库)
final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
final String[] sqlInjCheck = {duplicateCheckVo.getTableName(), duplicateCheckVo.getFieldName()};
SqlInjectionUtil.filterContent(sqlInjCheck);
// update-begin-author:taoyan date:20211227 for: JTC-25 【online报表】oracle 操作问题 录入弹框啥都不填直接保存 ①编码不是应该提示必填么?②报错也应该是具体文字提示,不是后台错误日志
if(StringUtils.isEmpty(duplicateCheckVo.getFieldVal())){
if (StringUtils.isEmpty(duplicateCheckVo.getFieldVal())) {
Result rs = new Result();
rs.setCode(500);
rs.setSuccess(true);
......@@ -63,7 +74,7 @@ public class DuplicateCheckController {
}
//update-begin-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
String checkSql = duplicateCheckVo.getTableName() + SymbolConstant.COMMA + duplicateCheckVo.getFieldName() + SymbolConstant.COMMA;
if(!dictQueryBlackListHandler.isPass(checkSql)){
if (!dictQueryBlackListHandler.isPass(checkSql)) {
return Result.error(dictQueryBlackListHandler.getError());
}
//update-end-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
......@@ -88,17 +99,46 @@ public class DuplicateCheckController {
}
/**
* 校验用户相关信息是否存在
*
* @return
*/
// @RequestMapping(value = "/checkUser", method = RequestMethod.GET)
// @ApiOperation("校验用户相关信息是否存在")
// public Result<String> checkUser(@ApiParam(name = "需要校验的参数", required = true) String name,@ApiParam(name = "类型", required = true) String type) {
// LambdaQueryWrapper<SysUser> lambdaQuery = Wrappers.lambdaQuery();
// if("1".equals(type)){
// lambdaQuery.eq(SysUser::getUsername, name);
// }
// if("2".equals(type)){
// lambdaQuery.eq(SysUser::getRealname, name);
// }
// if("3".equals(type)){
// lambdaQuery.eq(SysUser::getWorkNo, name);
// }
// if("4".equals(type)){
// lambdaQuery.eq(SysUser::getPhone, name);
// }
// lambdaQuery.eq(SysUser::getDelFlag, 0);
// List<SysUser> list = sysUserService.list(lambdaQuery);
// if (list != null && list.size() > 0) {
// return Result.error("参数已存在");
// }
// return Result.ok("");
// }
/**
* VUEN-2584【issue】平台sql注入漏洞几个问题
* 部分特殊函数 可以将查询结果混夹在错误信息中,导致数据库的信息暴露
*
* @param e
* @return
*/
@ExceptionHandler(java.sql.SQLException.class)
public Result<?> handleSQLException(Exception e){
public Result<?> handleSQLException(Exception e) {
String msg = e.getMessage();
String extractvalue = "extractvalue";
String updatexml = "updatexml";
if(msg!=null && (msg.toLowerCase().indexOf(extractvalue)>=0 || msg.toLowerCase().indexOf(updatexml)>=0)){
if (msg != null && (msg.toLowerCase().indexOf(extractvalue) >= 0 || msg.toLowerCase().indexOf(updatexml) >= 0)) {
return Result.error("校验失败,sql解析异常!");
}
return Result.error("校验失败,sql解析异常!" + msg);
......
jeecg-module-system/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
View file @ 9e816bbd
......@@ -10,6 +10,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
......@@ -155,23 +156,23 @@ public class SysUserController {
QueryWrapper<SysUser> queryWrapper = new QueryWrapper<>();
//用户账号
String username = req.getParameter("username");
if(ObjectUtil.isNotEmpty(username)){
queryWrapper.like("username",username);
if (ObjectUtil.isNotEmpty(username)) {
queryWrapper.like("username", username);
}
//用户姓名
String realname = req.getParameter("realname");
if(ObjectUtil.isNotEmpty(realname)){
queryWrapper.like("realname",realname);
if (ObjectUtil.isNotEmpty(realname)) {
queryWrapper.like("realname", realname);
}
//性别
String sex = req.getParameter("sex");
if(ObjectUtil.isNotEmpty(sex)){
queryWrapper.eq("sex",sex);
if (ObjectUtil.isNotEmpty(sex)) {
queryWrapper.eq("sex", sex);
}
//手机号码
String phone = req.getParameter("phone");
if(ObjectUtil.isNotEmpty(phone)){
queryWrapper.like("phone",phone);
if (ObjectUtil.isNotEmpty(phone)) {
queryWrapper.like("phone", phone);
}
return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
}
......@@ -185,6 +186,35 @@ public class SysUserController {
String selectedDeparts = jsonObject.getString("selecteddeparts");
try {
SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class);
LambdaQueryWrapper<SysUser> lambdaQuery = Wrappers.lambdaQuery();
lambdaQuery.eq(SysUser::getUsername, user.getUsername());
lambdaQuery.eq(SysUser::getDelFlag,0);
List<SysUser> list = sysUserService.list(lambdaQuery);
if (list != null && list.size() > 0) {
return Result.error("登录账号已存在");
}
LambdaQueryWrapper<SysUser> workNoQuery = Wrappers.lambdaQuery();
workNoQuery.eq(SysUser::getWorkNo, user.getWorkNo());
workNoQuery.eq(SysUser::getDelFlag,0);
List<SysUser> workNoList = sysUserService.list(workNoQuery);
if (workNoList != null && workNoList.size() > 0) {
return Result.error("工号已存在");
}
LambdaQueryWrapper<SysUser> phoneQuery = Wrappers.lambdaQuery();
phoneQuery.eq(SysUser::getPhone, user.getPhone());
phoneQuery.eq(SysUser::getDelFlag,0);
List<SysUser> phoneList = sysUserService.list(phoneQuery);
if (phoneList != null && phoneList.size() > 0) {
return Result.error("手机号码已存在");
}
LambdaQueryWrapper<SysUser> emailQuery = Wrappers.lambdaQuery();
emailQuery.eq(SysUser::getEmail, user.getEmail());
emailQuery.eq(SysUser::getDelFlag,0);
List<SysUser> emailList = sysUserService.list(emailQuery);
if (emailList != null && emailList.size() > 0) {
return Result.error("邮箱已存在");
}
user.setCreateTime(new Date());//设置创建时间
String salt = oConvertUtils.randomGen(8);
user.setSalt(salt);
......@@ -219,6 +249,39 @@ public class SysUserController {
result.error500("未找到对应实体");
} else {
SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class);
LambdaQueryWrapper<SysUser> lambdaQuery = Wrappers.lambdaQuery();
lambdaQuery.eq(SysUser::getUsername, user.getUsername());
lambdaQuery.eq(SysUser::getDelFlag,0);
lambdaQuery.ne(SysUser::getId,user.getId());
List<SysUser> list = sysUserService.list(lambdaQuery);
if (list != null && list.size() > 0) {
return Result.error("登录账号已存在");
}
LambdaQueryWrapper<SysUser> workNoQuery = Wrappers.lambdaQuery();
workNoQuery.eq(SysUser::getWorkNo, user.getWorkNo());
workNoQuery.eq(SysUser::getDelFlag,0);
workNoQuery.ne(SysUser::getId,user.getId());
List<SysUser> workNoList = sysUserService.list(workNoQuery);
if (workNoList != null && workNoList.size() > 0) {
return Result.error("工号已存在");
}
LambdaQueryWrapper<SysUser> phoneQuery = Wrappers.lambdaQuery();
phoneQuery.eq(SysUser::getPhone, user.getPhone());
phoneQuery.eq(SysUser::getDelFlag,0);
phoneQuery.ne(SysUser::getId,user.getId());
List<SysUser> phoneList = sysUserService.list(phoneQuery);
if (phoneList != null && phoneList.size() > 0) {
return Result.error("手机号码已存在");
}
LambdaQueryWrapper<SysUser> emailQuery = Wrappers.lambdaQuery();
emailQuery.eq(SysUser::getEmail, user.getEmail());
emailQuery.eq(SysUser::getDelFlag,0);
emailQuery.ne(SysUser::getId,user.getId());
List<SysUser> emailList = sysUserService.list(emailQuery);
if (emailList != null && emailList.size() > 0) {
return Result.error("邮箱已存在");
}
user.setUpdateTime(new Date());
//String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), sysUser.getSalt());
user.setPassword(sysUser.getPassword());
......
jeecg-module-system/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java
View file @ 9e816bbd
......@@ -134,6 +134,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
//TODO 外部模拟登陆临时账号,列表不显示
queryWrapper.ne("username", "_reserve_user_external");
queryWrapper.eq("del_flag",0);
Page<SysUser> page = new Page<SysUser>(pageNo, pageSize);
IPage<SysUser> pageList = this.page(page, queryWrapper);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment