From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java | 157 ++++++++++++++++++++++++++++++++--------------------
1 files changed, 96 insertions(+), 61 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
index 5eb6253..6850502 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmEngineServiceImpl.java
@@ -1,11 +1,14 @@
package com.vci.ubcs.code.service.impl;
+import cn.hutool.db.sql.Query;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.vci.ubcs.code.applyjtcodeservice.entity.DockingPreMetaAttr;
import com.vci.ubcs.code.applyjtcodeservice.vo.BaseModelVO;
import com.vci.ubcs.code.bo.CodeClassifyFullInfoBO;
import com.vci.ubcs.code.bo.CodeTemplateAttrSqlBO;
@@ -146,7 +149,6 @@
* 绯诲垪娴佹按
*/
@Value("${bzApply.seriesFlow:seriesFlow}")
-
private String seriesFlow;
/***
@@ -441,10 +443,18 @@
throw new VciBaseException("鏈煡璇㈠埌鐩稿叧鏁版嵁銆�");
}
//杩橀渶瑕佷慨鏀筧llCode鐨勭敓鍛藉懆鏈�
- QueryWrapper<CodeAllCode> allCodeWrapper = new QueryWrapper<>();
- allCodeWrapper.eq("createcodebtm", baseModelDTO.getBtmname());
- allCodeWrapper.in("createcodeoid", oids);
- List<CodeAllCode> codeCbos = codeAllCodeService.selectByWrapper(allCodeWrapper);// 鍥炴敹闇�瑕佷笟鍔℃暟鎹垹闄�
+ LambdaQueryWrapper<CodeAllCode> allCodeWrapper = Wrappers.<CodeAllCode>query().lambda();
+ allCodeWrapper.eq(CodeAllCode::getCreateCodeBtm, baseModelDTO.getBtmname());
+ allCodeWrapper.in(CodeAllCode::getCreateCodeOid, oids);
+
+ List<CodeAllCode> codeCbos = codeAllCodeService.selectByWrapper(allCodeWrapper);
+ if(codeCbos.size() != baseModels.size()){
+ throw new ServiceException("褰撳墠鍥炴敹鎿嶄綔涓煡璇㈠嚭鐨勪笟鍔℃暟鎹腑锛屽瓨鍦ㄥ鏉$爜鍊兼暟鎹搴斿叧绯伙紝璇疯仈绯诲紑鍙戜汉鍛樺鏁版嵁杩涜鎺掓煡澶勭悊锛侊紒");
+ }
+ //杞负map鍚庣画鍙栫殑鏃跺�欐柟渚�
+ Map<String, BaseModel> baseModelMap = baseModels.stream().collect(Collectors.toMap(BaseModel::getId, baseModel -> baseModel));
+
+ // 鍥炴敹闇�瑕佷笟鍔℃暟鎹垹闄�
if (CodeDefaultLC.TASK_BACK.getValue().equals(baseModelDTO.getLcStatus())) {
R<List<BtmTypeVO>> listR = btmTypeClient.selectByIdCollection(Collections.singletonList(baseModelDTO.getBtmname()));
if (!listR.isSuccess() || listR.getData().size() == 0) {
@@ -463,12 +473,13 @@
}
}
// 鍒氬ソ椤哄簭鏄竴鑷寸殑锛屾墍浠ョ洿鎺ユ寜鐓odeallcode鐨勯『搴忔潵鎷夸笟鍔℃暟鎹�
- int i = -1;
+ BaseModel baseModel = null;
for (CodeAllCode codeCbo : codeCbos) {
codeCbo.setLcStatus(baseModelDTO.getLcStatus());
// 濡傛灉鏄洖鏀讹紝灏遍渶瑕佸皢涓氬姟鏁版嵁瀛樺偍鍒扮爜鍊艰〃涓�
+ baseModel = baseModelMap.get(codeCbo.getId());
if (baseModelDTO.getLcStatus().equals(FrameWorkDefaultValueConstant.FRAMEWORK_RELEASE_TAKEBACK)) {
- codeCbo.setBusinessData(JSON.toJSONString(baseModels.get(++i)));
+ codeCbo.setBusinessData(JSON.toJSONString(baseModel));
}
}
codeAllCodeService.updateBatchById(codeCbos);
@@ -497,7 +508,7 @@
return addSaveCode(orderDTO, true);
}
- /***
+ /**
* 闆嗘垚鍙彉鐮佹鐢宠鎺ュ彛
* @param orderDTO 鐢宠鐨勪俊鎭紝闇�瑕佸寘鍚睘鎬х殑鍐呭鍜岀爜娈电浉鍏崇殑鍐呭
* @return
@@ -1562,7 +1573,6 @@
return uiInfoVO;
}
-
/**
* 妯℃澘灞炴�ц浆鎹负琛ㄥ崟瀹氫箟鐨勪俊鎭�
*
@@ -2052,7 +2062,7 @@
@Override
public DataGrid<Map<String, String>> queryGrid(String btmType, CodeClassifyTemplateVO templateVO, Map<String, String> conditionMap, PageHelper pageHelper) {
CodeTemplateAttrSqlBO sqlBO = getSqlByTemplateVO(btmType, templateVO, conditionMap, pageHelper);
-// List<Map> maps = boService.queryByOnlySqlForMap(sqlBO.getSqlHasPage());
+ // List<Map> maps = boService.queryByOnlySqlForMap(sqlBO.getSqlHasPage());
List<Map<String, String>> maps = null;
try {
maps = commonsMapper.queryByOnlySqlForMap(sqlBO.getSqlHasPage());
@@ -2072,39 +2082,39 @@
for (String s : map.keySet()) {
data.put(s.toLowerCase(Locale.ROOT), map.get(s) == null ? null : String.valueOf(map.get(s)));
}
-// map.forEach((key, value) -> {
-// data.put(((String) key).toLowerCase(Locale.ROOT), String.valueOf(value));
-// });
+ // map.forEach((key, value) -> {
+ // data.put(((String) key).toLowerCase(Locale.ROOT), String.valueOf(value));
+ // });
dataList.add(data);
});
wrapperData(dataList, templateVO, sqlBO.getSelectFieldList(), false);
-// maps.stream().forEach(map -> {
-// Map<String, String> data = new HashMap<>();
-//// map.forEach((key, value) -> {
-//// data.put(((String) key).toLowerCase(Locale.ROOT), String.valueOf(value));
-//// });
-// for (String s : map.keySet()) {
-// data.put(((String) s).toLowerCase(Locale.ROOT), String.valueOf(map.get(s)));
-// }
-// dataList.add(data);
-// });
+ // maps.stream().forEach(map -> {
+ // Map<String, String> data = new HashMap<>();
+ // map.forEach((key, value) -> {
+ // data.put(((String) key).toLowerCase(Locale.ROOT), String.valueOf(value));
+ // });
+ // for (String s : map.keySet()) {
+ // data.put(((String) s).toLowerCase(Locale.ROOT), String.valueOf(map.get(s)));
+ // }
+ // dataList.add(data);
+ // });
}
-// dataGrid.setData(dataList);
-// if (!CollectionUtils.isEmpty(maps)) {
-// wrapperData(maps, templateVO, sqlBO.getSelectFieldList(), false);
-// maps.stream().forEach(map -> {
-// Map<String, String> data = new HashMap<>();
-//// map.forEach((key, value) -> {
-//// data.put(((String) key).toLowerCase(Locale.ROOT), String.valueOf(value));
-//// });
-// for (String s : map.keySet()) {
-// data.put(((String) s).toLowerCase(Locale.ROOT), String.valueOf(map.get(s)));
-// }
-// dataList.add(data);
-// });
+ // dataGrid.setData(dataList);
+ // if (!CollectionUtils.isEmpty(maps)) {
+ // wrapperData(maps, templateVO, sqlBO.getSelectFieldList(), false);
+ // maps.stream().forEach(map -> {
+ // Map<String, String> data = new HashMap<>();
+ //// map.forEach((key, value) -> {
+ //// data.put(((String) key).toLowerCase(Locale.ROOT), String.valueOf(value));
+ //// });
+ // for (String s : map.keySet()) {
+ // data.put(((String) s).toLowerCase(Locale.ROOT), String.valueOf(map.get(s)));
+ // }
+ // dataList.add(data);
+ // });
dataGrid.setData(dataList);
dataGrid.setTotal(Long.parseLong(commonsMapper.selectBySql(sqlBO.getSqlCount()).get(0).values().toArray()[0].toString()));
-// }
+ // }
return dataGrid;
}
@@ -2181,7 +2191,7 @@
userVOMap.put(String.valueOf(data.getId()), data);
}
}
-// Map<String, SmUserVO> userVOMap = Optional.ofNullable(userQueryService.listUserByUserIds(userIds)).orElseGet(() -> new ArrayList<>()).stream().collect(Collectors.toMap(s -> s.getId().toLowerCase(Locale.ROOT), t -> t));
+ // Map<String, SmUserVO> userVOMap = Optional.ofNullable(userQueryService.listUserByUserIds(userIds)).orElseGet(() -> new ArrayList<>()).stream().collect(Collectors.toMap(s -> s.getId().toLowerCase(Locale.ROOT), t -> t));
dataMap.stream().forEach(data -> {
String creator = data.getOrDefault("creator", null);
if (StringUtils.isNotBlank(creator) && userVOMap.containsKey(creator.toLowerCase(Locale.ROOT))) {
@@ -2571,8 +2581,19 @@
if (referFieldMap.containsKey(field)) {
return VciBaseUtil.toInSql(referFieldMap.get(field), value); //referFieldMap.get(field) + SPACE + "= '" + value + "'" + SPACE;
} else {
- return (field.contains(".") ? "" : "t.") + field + SPACE + "= " + getStringValueInWhere(field, value, attrVOMap) + "" + SPACE;
+ //TODO:鏆傛椂娌¤�冭檻IN>1000鏉$殑闂
+ //return (field.contains(".") ? "" : "t.") + field + SPACE + "= " + getStringValueInWhere(field, value, attrVOMap) + "" + SPACE;
+ return (field.contains(".") ? "" : "t.") + field + SPACE + "IN (" + getStringValueInWhere(field, "IN//"+value, attrVOMap) + ")" + SPACE;
}
+ } else if (key.endsWith("_notin")) {
+ String field = UBCSSqlKeyword.getColumn(key, "_in");
+ if (referFieldMap.containsKey(field)) {
+ return VciBaseUtil.toInSql(referFieldMap.get(field), value); //referFieldMap.get(field) + SPACE + "= '" + value + "'" + SPACE;
+ } else {
+ //return (field.contains(".") ? "" : "t.") + field + SPACE + "not in (" + getStringValueInWhere(field, "IN//"+value, attrVOMap) + ")" + SPACE;
+ return (field.contains(".") ? "" : "t.") + field + SPACE + "IN (" + getStringValueInWhere(field, "IN//"+value, attrVOMap) + ")" + SPACE;
+ }
+
} else {
// if (referFieldMap.containsKey(key)) {
// //璇存槑鏄弬鐓х殑锛屾垜浠弬鐓х殑鏌ヨ閮借涓烘槸瀛楃涓诧紝濡傛灉鏄椂闂存牸寮忕殑鏌ヨ鑲畾鏈夐棶棰橈紝
@@ -2669,13 +2690,21 @@
|| VciFieldTypeEnum.VTInteger.equals(fieldTypeEnum)) {
return value;
} else {
+ if(value.contains("IN//")){
+ return MybatisParameterUtil.getInClause(Func.toStrList(value.replace("IN//","")));
+ }
return "'" + value + "'";
}
} else {
if ((value.startsWith("(") && value.endsWith(")")) || (value.startsWith("'") && value.endsWith("'"))) {
return value;
+ }else if(value.contains("IN//")){
+ //鏆傛椂涓嶈�冭檻>1000鐨勬儏鍐碉紝鍥犱负鎼滅储涓�鑸篃涓嶄細鍑虹幇鎼滅储1000鏉$殑鎯呭喌
+ //return MybatisParameterUtil.convertToOrConditions(field, Func.toStrList(value.replace("IN//","")));
+ return MybatisParameterUtil.getInClause(Func.toStrList(value.replace("IN//","")));
+ }else{
+ return "'" + value + "'";
}
- return "'" + value + "'";
}
}
@@ -3044,26 +3073,26 @@
}
});
return mapDataGrid;
-// List<String> selectFieldList = templateVO.getAttributes().stream().map(CodeClassifyTemplateAttrVO::getId).collect(Collectors.toList());
-// //鍙傜収璁╁钩鍙扮洿鎺ユ煡璇㈠氨琛�
-// List<String> finalSelectFieldList = selectFieldList;
-// List<CodeClassifyTemplateAttrVO> referAttrVOs = templateVO.getAttributes().stream().filter(
-// s -> StringUtils.isNotBlank(s.getReferbtmid())
-// &&
-// (finalSelectFieldList.size() ==0 || finalSelectFieldList.contains(s.getId().toLowerCase(Locale.ROOT)))
-// ).collect(Collectors.toList());
-// if(!CollectionUtils.isEmpty(referAttrVOs)){
-// for (int i = 0; i < referAttrVOs.size(); i++) {
-// selectFieldList.add(referAttrVOs.get(i).getId() + ".name");
-// }
-// }
-// //鎴戜滑浣跨敤鍜屼笟鍔$被鍨嬬殑鏉ユ煡璇�
-// DataGrid<Map<String,String>> dataGrid = boService.queryGridByBo(btmTypeId, conditionMap, pageHelper, selectFieldList);
-// //鎴戜滑闇�瑕佷娇鐢ㄦā鏉挎潵杞崲
-// if(!CollectionUtils.isEmpty(dataGrid.getData())){
-// wrapperData(dataGrid.getData(),templateVO,finalSelectFieldList,false);
-// }
-// return dataGrid;
+ // List<String> selectFieldList = templateVO.getAttributes().stream().map(CodeClassifyTemplateAttrVO::getId).collect(Collectors.toList());
+ // //鍙傜収璁╁钩鍙扮洿鎺ユ煡璇㈠氨琛�
+ // List<String> finalSelectFieldList = selectFieldList;
+ // List<CodeClassifyTemplateAttrVO> referAttrVOs = templateVO.getAttributes().stream().filter(
+ // s -> StringUtils.isNotBlank(s.getReferbtmid())
+ // &&
+ // (finalSelectFieldList.size() ==0 || finalSelectFieldList.contains(s.getId().toLowerCase(Locale.ROOT)))
+ // ).collect(Collectors.toList());
+ // if(!CollectionUtils.isEmpty(referAttrVOs)){
+ // for (int i = 0; i < referAttrVOs.size(); i++) {
+ // selectFieldList.add(referAttrVOs.get(i).getId() + ".name");
+ // }
+ // }
+ // //鎴戜滑浣跨敤鍜屼笟鍔$被鍨嬬殑鏉ユ煡璇�
+ // DataGrid<Map<String,String>> dataGrid = boService.queryGridByBo(btmTypeId, conditionMap, pageHelper, selectFieldList);
+ // //鎴戜滑闇�瑕佷娇鐢ㄦā鏉挎潵杞崲
+ // if(!CollectionUtils.isEmpty(dataGrid.getData())){
+ // wrapperData(dataGrid.getData(),templateVO,finalSelectFieldList,false);
+ // }
+ // return dataGrid;
}
/**
@@ -4731,7 +4760,13 @@
*/
Map<String, Object> nextRevision = commonsMapper.getCurrentRevision(listR.getData().get(0).getTableName(), fromBo.getNameOid());
R<RevisionRuleVO> revisionRuleVOR = revisionRuleClient.selectById(listR.getData().get(0).getRevisionRuleId());
- String revisionval = nextRevision.get("REVISIONVAL").toString();
+ String revisionval = "";
+ try{
+ revisionval = nextRevision.get("REVISIONVAL").toString();
+ }catch (Exception e){
+ throw new ServiceException("涓氬姟鏁版嵁鐗堟鍊艰幏鍙栧嚭閿�,鍘熷洜锛�" + e.getMessage());
+ }
+
// 鏈煡璇㈠埌鐗堟湰瑙勫垯锛岄粯璁ょ洿鎺ョ粰澶х増鏈姞涓�
if (!revisionRuleVOR.isSuccess() || Func.isEmpty(revisionRuleVOR.getData())) {
revisionval = String.valueOf((Integer.parseInt(revisionval) + 1));
--
Gitblit v1.9.3