Commit e02b21dd authored by 史志龙's avatar 史志龙

Merge branch 'dev-szl' into 'dev'

Dev szl

See merge request !33
parents 8528b20d 9e816bbd
package org.jeecg.modules.school.controller; package org.jeecg.modules.school.controller;
import cn.hutool.core.util.ObjectUtil;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result; import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog; import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.modules.school.dto.SchoolPlanBatchMasterDTO; import org.jeecg.modules.school.dto.SchoolPlanBatchMasterDTO;
import org.jeecg.modules.school.entity.SchoolPlanBatchMaster; import org.jeecg.modules.school.entity.SchoolPlanBatchMaster;
import org.jeecg.modules.school.service.ISchoolPlanBatchMasterService; import org.jeecg.modules.school.service.ISchoolPlanBatchMasterService;
import org.jeecg.modules.school.vo.SchoolPlanBatchMasterVO; import org.jeecg.modules.school.vo.SchoolPlanBatchMasterVO;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.*;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.jeecg.common.system.base.controller.JeecgController; import org.jeecg.common.system.base.controller.JeecgController;
import java.util.Date;
/** /**
* <p> * <p>
* 作业计划批次管理表 前端控制器 * 作业计划批次管理表 前端控制器
...@@ -49,4 +54,39 @@ public class SchoolPlanBatchMasterController extends JeecgController<SchoolPlanB ...@@ -49,4 +54,39 @@ public class SchoolPlanBatchMasterController extends JeecgController<SchoolPlanB
return Result.OK(pageData); return Result.OK(pageData);
} }
@AutoLog(value = "作业计划批次管理新增或者编辑")
@ApiOperation(value = "作业计划批次管理新增或者编辑", notes = "作业计划批次管理新增或者编辑")
@PostMapping(value = "/saveOrUpdate")
@ResponseBody
public Result<String> saveOrUpdate(@RequestBody SchoolPlanBatchMaster schoolPlanBatchMaster) {
//获取当前登录人信息
LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal();
String realname = user.getRealname();
schoolPlanBatchMaster.setUpdateTime(new Date());
schoolPlanBatchMaster.setDelFlag("0");
schoolPlanBatchMaster.setUpdateBy(realname);
if (ObjectUtil.isEmpty(schoolPlanBatchMaster.getId())) {
this.service.save(schoolPlanBatchMaster);
} else {
this.service.updateById(schoolPlanBatchMaster);
}
return Result.OK("操作成功!");
}
/**
* 删除作业计划批次管理数据
* @param id
* @return
*/
@AutoLog(value = "删除作业计划批次管理数据")
@ApiOperation(value = "删除作业计划批次管理数据", notes = "删除作业计划批次管理数据")
@GetMapping(value = "/delete")
public Result<String> delete(@ApiParam(name = "作业计划批次管理id", required = true) String id) {
//删除动静态几何尺寸数据
LambdaUpdateWrapper<SchoolPlanBatchMaster> update = Wrappers.lambdaUpdate();
update.set(SchoolPlanBatchMaster::getDelFlag, "1");
update.eq(SchoolPlanBatchMaster::getId, id);
this.service.update(update);
return Result.OK("删除成功!");
}
} }
...@@ -2,13 +2,19 @@ package org.jeecg.modules.system.controller; ...@@ -2,13 +2,19 @@ package org.jeecg.modules.system.controller;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import io.swagger.annotations.ApiParam;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result; import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.SymbolConstant; import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.util.SqlInjectionUtil; import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.mapper.SysDictMapper; import org.jeecg.modules.system.mapper.SysDictMapper;
import org.jeecg.modules.system.model.DuplicateCheckVo; import org.jeecg.modules.system.model.DuplicateCheckVo;
import org.jeecg.modules.system.security.DictQueryBlackListHandler; import org.jeecg.modules.system.security.DictQueryBlackListHandler;
import org.jeecg.modules.system.service.ISysUserService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
...@@ -19,6 +25,8 @@ import io.swagger.annotations.Api; ...@@ -19,6 +25,8 @@ import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.util.List;
/** /**
* @Title: DuplicateCheckAction * @Title: DuplicateCheckAction
* @Description: 重复校验工具 * @Description: 重复校验工具
...@@ -29,7 +37,7 @@ import lombok.extern.slf4j.Slf4j; ...@@ -29,7 +37,7 @@ import lombok.extern.slf4j.Slf4j;
@Slf4j @Slf4j
@RestController @RestController
@RequestMapping("/sys/duplicate") @RequestMapping("/sys/duplicate")
@Api(tags="重复校验") @Api(tags = "重复校验")
public class DuplicateCheckController { public class DuplicateCheckController {
@Autowired @Autowired
...@@ -38,6 +46,9 @@ public class DuplicateCheckController { ...@@ -38,6 +46,9 @@ public class DuplicateCheckController {
@Autowired @Autowired
DictQueryBlackListHandler dictQueryBlackListHandler; DictQueryBlackListHandler dictQueryBlackListHandler;
@Autowired
private ISysUserService sysUserService;
/** /**
* 校验数据是否在系统中是否存在 * 校验数据是否在系统中是否存在
* *
...@@ -48,13 +59,13 @@ public class DuplicateCheckController { ...@@ -48,13 +59,13 @@ public class DuplicateCheckController {
public Result<String> doDuplicateCheck(DuplicateCheckVo duplicateCheckVo, HttpServletRequest request) { public Result<String> doDuplicateCheck(DuplicateCheckVo duplicateCheckVo, HttpServletRequest request) {
Long num = null; Long num = null;
log.debug("----duplicate check------:"+ duplicateCheckVo.toString()); log.debug("----duplicate check------:" + duplicateCheckVo.toString());
//关联表字典(举例:sys_user,realname,id) //关联表字典(举例:sys_user,realname,id)
//SQL注入校验(只限制非法串改数据库) //SQL注入校验(只限制非法串改数据库)
final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()}; final String[] sqlInjCheck = {duplicateCheckVo.getTableName(), duplicateCheckVo.getFieldName()};
SqlInjectionUtil.filterContent(sqlInjCheck); SqlInjectionUtil.filterContent(sqlInjCheck);
// update-begin-author:taoyan date:20211227 for: JTC-25 【online报表】oracle 操作问题 录入弹框啥都不填直接保存 ①编码不是应该提示必填么?②报错也应该是具体文字提示,不是后台错误日志 // update-begin-author:taoyan date:20211227 for: JTC-25 【online报表】oracle 操作问题 录入弹框啥都不填直接保存 ①编码不是应该提示必填么?②报错也应该是具体文字提示,不是后台错误日志
if(StringUtils.isEmpty(duplicateCheckVo.getFieldVal())){ if (StringUtils.isEmpty(duplicateCheckVo.getFieldVal())) {
Result rs = new Result(); Result rs = new Result();
rs.setCode(500); rs.setCode(500);
rs.setSuccess(true); rs.setSuccess(true);
...@@ -63,7 +74,7 @@ public class DuplicateCheckController { ...@@ -63,7 +74,7 @@ public class DuplicateCheckController {
} }
//update-begin-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口 //update-begin-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
String checkSql = duplicateCheckVo.getTableName() + SymbolConstant.COMMA + duplicateCheckVo.getFieldName() + SymbolConstant.COMMA; String checkSql = duplicateCheckVo.getTableName() + SymbolConstant.COMMA + duplicateCheckVo.getFieldName() + SymbolConstant.COMMA;
if(!dictQueryBlackListHandler.isPass(checkSql)){ if (!dictQueryBlackListHandler.isPass(checkSql)) {
return Result.error(dictQueryBlackListHandler.getError()); return Result.error(dictQueryBlackListHandler.getError());
} }
//update-end-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口 //update-end-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
...@@ -88,17 +99,46 @@ public class DuplicateCheckController { ...@@ -88,17 +99,46 @@ public class DuplicateCheckController {
} }
/** /**
* 校验用户相关信息是否存在
*
* @return
*/
// @RequestMapping(value = "/checkUser", method = RequestMethod.GET)
// @ApiOperation("校验用户相关信息是否存在")
// public Result<String> checkUser(@ApiParam(name = "需要校验的参数", required = true) String name,@ApiParam(name = "类型", required = true) String type) {
// LambdaQueryWrapper<SysUser> lambdaQuery = Wrappers.lambdaQuery();
// if("1".equals(type)){
// lambdaQuery.eq(SysUser::getUsername, name);
// }
// if("2".equals(type)){
// lambdaQuery.eq(SysUser::getRealname, name);
// }
// if("3".equals(type)){
// lambdaQuery.eq(SysUser::getWorkNo, name);
// }
// if("4".equals(type)){
// lambdaQuery.eq(SysUser::getPhone, name);
// }
// lambdaQuery.eq(SysUser::getDelFlag, 0);
// List<SysUser> list = sysUserService.list(lambdaQuery);
// if (list != null && list.size() > 0) {
// return Result.error("参数已存在");
// }
// return Result.ok("");
// }
/**
* VUEN-2584【issue】平台sql注入漏洞几个问题 * VUEN-2584【issue】平台sql注入漏洞几个问题
* 部分特殊函数 可以将查询结果混夹在错误信息中,导致数据库的信息暴露 * 部分特殊函数 可以将查询结果混夹在错误信息中,导致数据库的信息暴露
*
* @param e * @param e
* @return * @return
*/ */
@ExceptionHandler(java.sql.SQLException.class) @ExceptionHandler(java.sql.SQLException.class)
public Result<?> handleSQLException(Exception e){ public Result<?> handleSQLException(Exception e) {
String msg = e.getMessage(); String msg = e.getMessage();
String extractvalue = "extractvalue"; String extractvalue = "extractvalue";
String updatexml = "updatexml"; String updatexml = "updatexml";
if(msg!=null && (msg.toLowerCase().indexOf(extractvalue)>=0 || msg.toLowerCase().indexOf(updatexml)>=0)){ if (msg != null && (msg.toLowerCase().indexOf(extractvalue) >= 0 || msg.toLowerCase().indexOf(updatexml) >= 0)) {
return Result.error("校验失败,sql解析异常!"); return Result.error("校验失败,sql解析异常!");
} }
return Result.error("校验失败,sql解析异常!" + msg); return Result.error("校验失败,sql解析异常!" + msg);
......
...@@ -10,6 +10,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; ...@@ -10,6 +10,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper; import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
...@@ -155,23 +156,23 @@ public class SysUserController { ...@@ -155,23 +156,23 @@ public class SysUserController {
QueryWrapper<SysUser> queryWrapper = new QueryWrapper<>(); QueryWrapper<SysUser> queryWrapper = new QueryWrapper<>();
//用户账号 //用户账号
String username = req.getParameter("username"); String username = req.getParameter("username");
if(ObjectUtil.isNotEmpty(username)){ if (ObjectUtil.isNotEmpty(username)) {
queryWrapper.like("username",username); queryWrapper.like("username", username);
} }
//用户姓名 //用户姓名
String realname = req.getParameter("realname"); String realname = req.getParameter("realname");
if(ObjectUtil.isNotEmpty(realname)){ if (ObjectUtil.isNotEmpty(realname)) {
queryWrapper.like("realname",realname); queryWrapper.like("realname", realname);
} }
//性别 //性别
String sex = req.getParameter("sex"); String sex = req.getParameter("sex");
if(ObjectUtil.isNotEmpty(sex)){ if (ObjectUtil.isNotEmpty(sex)) {
queryWrapper.eq("sex",sex); queryWrapper.eq("sex", sex);
} }
//手机号码 //手机号码
String phone = req.getParameter("phone"); String phone = req.getParameter("phone");
if(ObjectUtil.isNotEmpty(phone)){ if (ObjectUtil.isNotEmpty(phone)) {
queryWrapper.like("phone",phone); queryWrapper.like("phone", phone);
} }
return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo); return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
} }
...@@ -185,6 +186,35 @@ public class SysUserController { ...@@ -185,6 +186,35 @@ public class SysUserController {
String selectedDeparts = jsonObject.getString("selecteddeparts"); String selectedDeparts = jsonObject.getString("selecteddeparts");
try { try {
SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class);
LambdaQueryWrapper<SysUser> lambdaQuery = Wrappers.lambdaQuery();
lambdaQuery.eq(SysUser::getUsername, user.getUsername());
lambdaQuery.eq(SysUser::getDelFlag,0);
List<SysUser> list = sysUserService.list(lambdaQuery);
if (list != null && list.size() > 0) {
return Result.error("登录账号已存在");
}
LambdaQueryWrapper<SysUser> workNoQuery = Wrappers.lambdaQuery();
workNoQuery.eq(SysUser::getWorkNo, user.getWorkNo());
workNoQuery.eq(SysUser::getDelFlag,0);
List<SysUser> workNoList = sysUserService.list(workNoQuery);
if (workNoList != null && workNoList.size() > 0) {
return Result.error("工号已存在");
}
LambdaQueryWrapper<SysUser> phoneQuery = Wrappers.lambdaQuery();
phoneQuery.eq(SysUser::getPhone, user.getPhone());
phoneQuery.eq(SysUser::getDelFlag,0);
List<SysUser> phoneList = sysUserService.list(phoneQuery);
if (phoneList != null && phoneList.size() > 0) {
return Result.error("手机号码已存在");
}
LambdaQueryWrapper<SysUser> emailQuery = Wrappers.lambdaQuery();
emailQuery.eq(SysUser::getEmail, user.getEmail());
emailQuery.eq(SysUser::getDelFlag,0);
List<SysUser> emailList = sysUserService.list(emailQuery);
if (emailList != null && emailList.size() > 0) {
return Result.error("邮箱已存在");
}
user.setCreateTime(new Date());//设置创建时间 user.setCreateTime(new Date());//设置创建时间
String salt = oConvertUtils.randomGen(8); String salt = oConvertUtils.randomGen(8);
user.setSalt(salt); user.setSalt(salt);
...@@ -219,6 +249,39 @@ public class SysUserController { ...@@ -219,6 +249,39 @@ public class SysUserController {
result.error500("未找到对应实体"); result.error500("未找到对应实体");
} else { } else {
SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class); SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class);
LambdaQueryWrapper<SysUser> lambdaQuery = Wrappers.lambdaQuery();
lambdaQuery.eq(SysUser::getUsername, user.getUsername());
lambdaQuery.eq(SysUser::getDelFlag,0);
lambdaQuery.ne(SysUser::getId,user.getId());
List<SysUser> list = sysUserService.list(lambdaQuery);
if (list != null && list.size() > 0) {
return Result.error("登录账号已存在");
}
LambdaQueryWrapper<SysUser> workNoQuery = Wrappers.lambdaQuery();
workNoQuery.eq(SysUser::getWorkNo, user.getWorkNo());
workNoQuery.eq(SysUser::getDelFlag,0);
workNoQuery.ne(SysUser::getId,user.getId());
List<SysUser> workNoList = sysUserService.list(workNoQuery);
if (workNoList != null && workNoList.size() > 0) {
return Result.error("工号已存在");
}
LambdaQueryWrapper<SysUser> phoneQuery = Wrappers.lambdaQuery();
phoneQuery.eq(SysUser::getPhone, user.getPhone());
phoneQuery.eq(SysUser::getDelFlag,0);
phoneQuery.ne(SysUser::getId,user.getId());
List<SysUser> phoneList = sysUserService.list(phoneQuery);
if (phoneList != null && phoneList.size() > 0) {
return Result.error("手机号码已存在");
}
LambdaQueryWrapper<SysUser> emailQuery = Wrappers.lambdaQuery();
emailQuery.eq(SysUser::getEmail, user.getEmail());
emailQuery.eq(SysUser::getDelFlag,0);
emailQuery.ne(SysUser::getId,user.getId());
List<SysUser> emailList = sysUserService.list(emailQuery);
if (emailList != null && emailList.size() > 0) {
return Result.error("邮箱已存在");
}
user.setUpdateTime(new Date()); user.setUpdateTime(new Date());
//String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), sysUser.getSalt()); //String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), sysUser.getSalt());
user.setPassword(sysUser.getPassword()); user.setPassword(sysUser.getPassword());
......
...@@ -134,6 +134,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl ...@@ -134,6 +134,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
//TODO 外部模拟登陆临时账号,列表不显示 //TODO 外部模拟登陆临时账号,列表不显示
queryWrapper.ne("username", "_reserve_user_external"); queryWrapper.ne("username", "_reserve_user_external");
queryWrapper.eq("del_flag",0);
Page<SysUser> page = new Page<SysUser>(pageNo, pageSize); Page<SysUser> page = new Page<SysUser>(pageNo, pageSize);
IPage<SysUser> pageList = this.page(page, queryWrapper); IPage<SysUser> pageList = this.page(page, queryWrapper);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment