From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/constant/PermissionConstant.java |   62 +++++++++++++++++++++++++++++++
 1 files changed, 62 insertions(+), 0 deletions(-)

diff --git a/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/constant/PermissionConstant.java b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/constant/PermissionConstant.java
new file mode 100644
index 0000000..3d8c203
--- /dev/null
+++ b/Source/BladeX-Tool/blade-core-secure/src/main/java/org/springblade/core/secure/constant/PermissionConstant.java
@@ -0,0 +1,62 @@
+/*
+ *      Copyright (c) 2018-2028, Chill Zhuang All rights reserved.
+ *
+ *  Redistribution and use in source and binary forms, with or without
+ *  modification, are permitted provided that the following conditions are met:
+ *
+ *  Redistributions of source code must retain the above copyright notice,
+ *  this list of conditions and the following disclaimer.
+ *  Redistributions in binary form must reproduce the above copyright
+ *  notice, this list of conditions and the following disclaimer in the
+ *  documentation and/or other materials provided with the distribution.
+ *  Neither the name of the dreamlu.net developer nor the names of its
+ *  contributors may be used to endorse or promote products derived from
+ *  this software without specific prior written permission.
+ *  Author: Chill 搴勯獮 (smallchill@163.com)
+ */
+package org.springblade.core.secure.constant;
+
+import org.springblade.core.tool.utils.StringUtil;
+
+/**
+ * 鏉冮檺鏍￠獙甯搁噺
+ *
+ * @author Chill
+ */
+public interface PermissionConstant {
+
+	/**
+	 * 鑾峰彇瑙掕壊鎵�鏈夌殑鏉冮檺缂栧彿
+	 *
+	 * @param size 鏁伴噺
+	 * @return string
+	 */
+	static String permissionAllStatement(int size) {
+		return "select scope_path as path from blade_scope_api where id in (select scope_id from blade_role_scope where scope_category = 2 and role_id in (" + buildHolder(size) + "))";
+	}
+
+	/**
+	 * 鑾峰彇瑙掕壊鎸囧畾鐨勬潈闄愮紪鍙�
+	 *
+	 * @param size 鏁伴噺
+	 * @return string
+	 */
+	static String permissionStatement(int size) {
+		return "select resource_code as code from blade_scope_api where resource_code = ? and id in (select scope_id from blade_role_scope where scope_category = 2 and role_id in (" + buildHolder(size) + "))";
+	}
+
+	/**
+	 * 鑾峰彇Sql鍗犱綅绗�
+	 *
+	 * @param size 鏁伴噺
+	 * @return String
+	 */
+	static String buildHolder(int size) {
+		StringBuilder builder = StringUtil.builder();
+		for (int i = 0; i < size; i++) {
+			builder.append("?,");
+		}
+		return StringUtil.removeSuffix(builder.toString(), ",");
+	}
+
+}

--
Gitblit v1.10.0