From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java | 65 ++++++++++++++++++++------------
1 files changed, 40 insertions(+), 25 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java
index d8d36a9..364dedf 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmIOServiceImpl.java
@@ -3,6 +3,7 @@
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.utils.StringUtils;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.google.protobuf.ServiceException;
import com.vci.ubcs.code.applyjtcodeservice.feign.IMdmInterJtClient;
@@ -430,6 +431,7 @@
throw new VciBaseException("妯℃澘娌℃湁閰嶇疆灞炴��");
}
}
+ //鍓旈櫎鎺夐粯璁ょ殑灞炴�э紝浠ュ強琛ㄥ崟涓嶆樉绀虹殑灞炴��
List<CodeClassifyTemplateAttrVO> templateAttrVOS = codeClassifyTemplateAttrVOList.stream().filter(s ->
!DEFAULT_ATTR_LIST.contains(s.getId())
&& StringUtils.isBlank(s.getComponentRule())
@@ -1246,19 +1248,21 @@
//鎴戜滑闇�瑕佸厛鏌ヨ涓�涓嬶紝鍐呭鏄惁宸茬粡瀛樺湪
if (!CollectionUtils.isEmpty(thisCbos)) {
List<String> existIds = new ArrayList<>();
+ // TODO: 2024/12/3 Ludc 杩欏効鏌ヨ鍋氫簡淇敼鏀规垚缁勬垚涓�鍙ql鏌ヨ锛岃�屼笉鏄垎鎵规鏌ヨ
+ LambdaQueryWrapper<CodeAllCode> wrapper = Wrappers.<CodeAllCode>query().lambda()
+ .eq(CodeAllCode::getCodeRuleOid, ruleOid);
VciBaseUtil.switchCollectionForOracleIn(thisCbos).stream().forEach(cbos -> {
- List<CodeAllCode> codeAllCodeList = codeAllCodeService.selectByWrapper(Wrappers.<CodeAllCode>query().lambda().eq(CodeAllCode::getCodeRuleOid, ruleOid)
- .notIn(CodeAllCode::getId, cbos.stream().map(s -> s.getId()).collect(Collectors.toSet()).toArray(new String[0]))
- .notIn(CodeAllCode::getLcStatus, CodeAllCodeLC.TASK_BACK.getValue() + "','" + CodeAllCodeLC.OBSOLETED.getValue())
- );
- existIds.addAll(Optional.ofNullable(codeAllCodeList).orElseGet(() -> new ArrayList<>()).stream().map(s -> {
- String id = s.getId();
- if (StringUtils.isBlank(id)) {
- id = s.getId();
- }
- return id;
- }).collect(Collectors.toList()));
+ wrapper.notIn(CodeAllCode::getId, cbos.stream().map(s -> s.getId()).collect(Collectors.toSet()).toArray(new String[0]));
});
+ wrapper.notIn(CodeAllCode::getLcStatus, CodeAllCodeLC.TASK_BACK.getValue() + "','" + CodeAllCodeLC.OBSOLETED.getValue());
+ List<CodeAllCode> codeAllCodeList = codeAllCodeService.selectByWrapper(wrapper);
+ existIds.addAll(Optional.ofNullable(codeAllCodeList).orElseGet(() -> new ArrayList<>()).stream().map(s -> {
+ String id = s.getId();
+ if (StringUtils.isBlank(id)) {
+ id = s.getId();
+ }
+ return id;
+ }).collect(Collectors.toList()));
List<String> existIdCbos = thisCbos.stream().filter(s -> {
String id = s.getId();
if (StringUtils.isBlank(id)) {
@@ -2424,7 +2428,7 @@
//閮借浆鎹㈠畬浜嗐�傞渶瑕佹壒閲忔鏌�
//濡傛灉鍑洪敊浜嗭紝鎴戜滑渚濈劧鎵ц鏈夋晥鐨勬暟鎹紝鏃犳晥鐨勬暟鎹啓鍥炲埌excel涓�
- Map<String, String> errorKeyMap = new HashMap<>();
+ Map<String, String> errorKeyMap = new ConcurrentHashMap<>();
//1.鍒嗙被娉ㄥ叆
batchSwitchClassifyAttrOnOrder(attrVOS, cboList, classifyFullInfo, false);
//boolean
@@ -2447,6 +2451,7 @@
batchSwitchComponentAttrOnOrder(attrVOS, cboList);
//3.鍒ゆ柇鍏抽敭灞炴��
CodeImportResultVO keyResultVO = batchCheckKeyAttrOnOrder(classifyFullInfo, templateVO, cboList, false, errorKeyMap);
+ log.info("================鏌ラ噸鍚庣殑errorKeyMap閿欒淇℃伅================="+JSON.toJSONString(errorKeyMap));
Set<String> selfRepeatRowIndexList = keyResultVO.getSelfRepeatRowIndexList();
Set<String> keyAttrRepeatRowIndexList = keyResultVO.getKeyAttrRepeatRowIndexList();
@@ -2688,7 +2693,6 @@
}
}
-
}
/***
@@ -2716,7 +2720,8 @@
if (codeOidToSystemOidMap.containsKey(repeatOid)) {
XMLResultDataObjectDetailDO repeatresultDataObjectDetailDO = new XMLResultDataObjectDetailDO();
String repeatSourceOid = codeOidToSystemOidMap.get(repeatOid);
- String repeatMsg = "姝ゆ暟鎹笌鐢宠鐨勭紪鐮佹暟鎹甶d涓恒��" + finalSourceOid + "銆戠殑鍏抽敭灞炴�т竴鑷达紝鍒欏彇鐩稿悓缂栫爜";
+ //String repeatMsg = "姝ゆ暟鎹笌鐢宠鐨勭紪鐮佹暟鎹甶d涓恒��" + finalSourceOid + "銆戠殑鍏抽敭灞炴�т竴鑷达紝鍒欏彇鐩稿悓缂栫爜";
+ String repeatMsg = "姝ゆ暟鎹笌鐢宠鐨勭紪鐮佹暟鎹甶d涓恒��" + code + "銆戠殑鍏抽敭灞炴�т竴鑷达紝鍒欏彇鐩稿悓缂栫爜";
if (isCodeOrGroupCode) {
if (StringUtils.isBlank(groupCode)) {
repeatMsg = "鐢宠鐨勭紪鐮佺被鍨嬩负闆嗗洟鐮侊紝绛夊緟闆嗗洟缂栫爜璧嬪��";
@@ -3371,10 +3376,16 @@
private void getCodeOrderDTOs(CodeClassifyVO codeClassifyVO, CodeClassifyTemplateVO templateVO, Map<String, RowDatas> codeDataMap, Map<String, ClientBusinessObject> codeSystemObjectMap, List<CodeOrderDTO> codeOrderDTOList, Map<String, String> errorMap, boolean isCodeOrGroupCode) {
codeSystemObjectMap.keySet().forEach(code -> {
ClientBusinessObject sysDataObject = codeSystemObjectMap.get(code);
- if (isCodeOrGroupCode) {
- code = sysDataObject.getAttributeValue("GROUPCODE");
+ /*if (isCodeOrGroupCode) {
+ // code = sysDataObject.getAttributeValue("GROUPCODE");
if (StringUtils.isBlank(code)) {
code = sysDataObject.getId();
+ }
+ }*/
+ if(isCodeOrGroupCode){
+ String groupCode=sysDataObject.getAttributeValue("GROUPCODE");
+ if(codeDataMap.containsKey(groupCode)){
+ code=groupCode;
}
}
CodeOrderDTO orderDTO = new CodeOrderDTO();
@@ -4116,7 +4127,8 @@
StringBuffer sb = new StringBuffer();
sb.append(" select id from ");
sb.append(finalTableName);
- sb.append(" where 1=1 ");
+ //sb.append(" where 1 = 1");
+ sb.append(" where lastr = 1 and lastv = 1"); //TODO:娑夊強鍒板凡鍗囩増鐨勬暟鎹篃搴旇鎺掗櫎鎺夛紝鍚﹀垯浼氭姤閲�
sb.append(" and id in (");
sb.append(VciBaseUtil.toInSql(cbos.stream().map(s -> s.getId()).collect(Collectors.toSet()).toArray(new String[0])));
sb.append(")");
@@ -4422,9 +4434,11 @@
* @param classifyFullInfo 鍒嗙被鐨勫叏閮ㄤ俊鎭�
* @param templateVO 妯℃澘鐨勫唴瀹癸紝蹇呴』鍖呭惈妯℃澘灞炴��
* @param cboList 鎵归噺鐨勬暟鎹�
- */
+ * @param isEdit 鏄惁鏄慨鏀�
+ * @param errorMap 蹇呴』蹇呴』蹇呴』鏄嚎绋嬪畨鍏ㄧ殑闆嗗悎
+ * */
private CodeImportResultVO batchCheckKeyAttrOnOrder(CodeClassifyFullInfoBO classifyFullInfo, CodeClassifyTemplateVO templateVO,
- List<ClientBusinessObject> cboList, boolean isEdit, Map<String, String> errorMap) {
+ List<ClientBusinessObject> cboList, boolean isEdit, Map<String, String> errorMap/*蹇呴』瑕佹槸绾跨▼瀹夊叏鐨勯泦鍚�*/) {
//涓嶮dmEngineServiceImpl閲岀殑checkKeyAttrOnOrder鐩镐技
//鍏堣幏鍙栧叧閿睘鎬х殑瑙勫垯锛屼篃鍒╃敤缁ф壙鐨勬柟寮�
CodeKeyAttrRepeatVO keyRuleVO = keyRuleService.getRuleByClassifyFullInfo(classifyFullInfo);
@@ -4453,7 +4467,7 @@
if (Func.isNotEmpty(codeSynonymMaps)) {
codeSynonymMaps.keySet().stream().forEach(item -> {
synonymResString.append(item);
- synonymResString.append("锛�");
+ synonymResString.append(",");
});
}
resultVO.setSynonymRuleInfo(Func.isEmpty(codeSynonymMaps) ? "" : String.format("浠ヤ笅[%s]琚缃簡杩戜箟璇嶆煡璇㈣鍒欑殑鍏抽敭灞炴��,涓嚭鐜颁簡閲嶅锛�", synonymResString));
@@ -4477,8 +4491,8 @@
// TODO:Thread limit exceeded replacing blocked 寮傚父鏄繖閮ㄥ垎浠g爜鎶涘嚭鐨�
// ,鎵�浠ユ殏鏃跺皢parallelStream鏀规垚浜唖tream锛屾敼鎴愪簡stream涔嬪悗鍙戠幇宸ㄦ參
// customForkJoinPool鎺у埗骞跺彂搴�
- List<ClientBusinessObject> finalCboList = cboList;
- Map<String, List<CodeSynonym>> finalCodeSynonymMaps = codeSynonymMaps;
+ final List<ClientBusinessObject> finalCboList = cboList;
+ final Map<String, List<CodeSynonym>> finalCodeSynonymMaps = codeSynonymMaps;
List<ClientBusinessObject> repeatDataMap = (List<ClientBusinessObject>) customForkJoinPool.submit(() -> {
finalCboList.parallelStream().filter(cbo -> {
//姣忚閮藉緱鏌ヨ.濡傛灉鍏朵腑鍑虹幇浜嗛敊璇紝鎴戜滑灏辩洿鎺ユ姏鍑哄紓甯革紝鍏朵綑鐨勬樉绀�
@@ -4521,6 +4535,7 @@
});
// 娣诲姞閿欒鍊�
String rowIndex = cbo.getAttributeValue(IMPORT_ROW_INDEX);
+ log.info("=============鍏抽敭灞炴�ф煡璇㈤噸澶嶇殑============="+JSON.toJSONString(repeatData));
errorMap.put(rowIndex, "閲嶅鐨勮褰曠紪鍙蜂负:" + repeatData.stream().collect(Collectors.joining(",")));
if (!CollectionUtils.isEmpty(newCboList)) {
indexTODataMap.put(cbo.getAttributeValue(IMPORT_ROW_INDEX), newCboList);
@@ -4946,7 +4961,7 @@
}
}
- /******
+ /**
* 鏍规嵁缂栫爜瑙勫垯缂撳瓨鏁版嵁
* @param uuid
* @param codeImprotDataVOs
@@ -4990,7 +5005,7 @@
});
}
- /****
+ /**
* 鏁版嵁鐩镐技椤规暟鎹牎楠宺edis缂撳瓨
* @param codeClassifyOid
* @param templateVO
@@ -5364,7 +5379,7 @@
List<String> codeList = cboList.stream().map(ClientBusinessObject::getId).collect(Collectors.toList());
List<Map<String, String>> dataList = new ArrayList<>();
- Map<String, String> errorMap = new HashMap<>();
+ Map<String, String> errorMap = new ConcurrentHashMap<>();
batchSwitchCheckExist(errorMap, cboList, classifyFullInfo, templateVO, execGroupCodePortDataDTO, fieldIndexMap);
//鍒ゆ柇蹇呰緭椤�
batchCheckRequiredAttrOnOrder(templateVO, cboList, errorMap);
--
Gitblit v1.9.3