From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java | 113 ++++++++++++++++++++++++++++++++------------------------
1 files changed, 65 insertions(+), 48 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
index 70b78a1..3c11372 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/UniversalInterfaceImpl.java
@@ -38,7 +38,10 @@
import com.vci.ubcs.code.webService.annotation.VciWebservice;
import com.vci.ubcs.code.webService.config.AttributeMapConfig;
import com.vci.ubcs.code.webService.config.PersonAndDeptConfig;
+import com.vci.ubcs.omd.cache.EnumCache;
import com.vci.ubcs.omd.feign.IBtmTypeClient;
+import com.vci.ubcs.omd.feign.IDictClient;
+import com.vci.ubcs.omd.feign.IEnumClient;
import com.vci.ubcs.omd.vo.BtmTypeVO;
import com.vci.ubcs.starter.exception.VciBaseException;
import com.vci.ubcs.starter.revision.model.TreeQueryObject;
@@ -559,7 +562,7 @@
object.setOperate("create");
applyDataVOList.add(object);
}
- codeList.add(personMasterData.getLm_code());
+ codeList.add(object.getCode());
});
R<BtmTypeVO> r = btmTypeClient.getAllAttributeByBtmId(templateVO.getBtmTypeId());
@@ -614,8 +617,8 @@
DataObjectVO dataObjectVO = new DataObjectVO();
this.getConfigDatas(systemCode, personLibrary, editDatasVO, attrVOS, dataObjectVO);
log.info("start锛氫慨鏀规暟鎹墽琛屽畬姣�");
- boolean personApplyGroupCode =personAndDeptConfig.isPersonApplyGroupCode();
- mdmIOService.batchSyncEditDatas(codeClassifyVO,dataObjectVO, resultDataObjectDetailDOs,personApplyGroupCode);
+ // boolean personApplyGroupCode =personAndDeptConfig.isPersonApplyGroupCode();
+ mdmIOService.batchSyncEditDatas(codeClassifyVO,dataObjectVO, resultDataObjectDetailDOs,isPersonApplyGroupCode);
log.info("end锛氫慨鏀规暟鎹墽琛屽畬姣�");
}
if(applyDatasVO.getObject()!=null&&applyDatasVO.getObject().size()>0) {
@@ -680,7 +683,7 @@
log.error("鏁版嵁淇濆瓨澶辫触:",e);
mesg=e.getMessage();
e.printStackTrace();
- throw new ServiceException(e.getMessage());
+ // throw new ServiceException(e.getMessage());
}finally {
XMLResultDataObjectDetailDO x=new XMLResultDataObjectDetailDO();
x.setId(rowData.getOid());
@@ -806,10 +809,10 @@
List<ApplyDataVO> deleteDataVOList=new ArrayList<>();
orgMasterDataList.stream().forEach(orgMasterData -> {
ApplyDataVO object=new ApplyDataVO();
- object.setCode(orgMasterData.getMdm_code());//缂栫爜
+ object.setCode(orgMasterData.getDepartment_code());//缂栫爜
object.setCreator(orgMasterData.getCreator());//鍒涘缓鑰�
object.setEditor(orgMasterData.getModifier());//淇敼鑰�
- object.setId(orgMasterData.getDepartment_code());//涓婚敭
+ object.setId(orgMasterData.getId());//涓婚敭
object.setStatus(CodeDefaultLC.RELEASED.getValue());//鐘舵�佸垯闇�瑕佸垽鏂�
Map<String,String> dataMap= VciBaseUtil.objectToMapString(orgMasterData);
List<ProppertyVO> proppertyVOList = new ArrayList<>();
@@ -844,7 +847,7 @@
object.setOperate("create");
applyDataVOList.add(object);
}
- codeList.add(orgMasterData.getMdm_code());
+ codeList.add(object.getCode());
});
R<BtmTypeVO> r = btmTypeClient.getAllAttributeByBtmId(templateVO.getBtmTypeId());
@@ -899,7 +902,7 @@
DataObjectVO dataObjectVO = new DataObjectVO();
this.getConfigDatas(systemCode, deptLibrary, editDatasVO, attrVOS, dataObjectVO);
log.info("start锛氫慨鏀规暟鎹墽琛屽畬姣�");
- boolean personApplyGroupCode = personAndDeptConfig.isPersonApplyGroupCode();
+ boolean personApplyGroupCode = false;//personAndDeptConfig.isPersonApplyGroupCode();
mdmIOService.batchSyncEditDatas(codeClassifyVO,dataObjectVO, resultDataObjectDetailDOs,personApplyGroupCode);
log.info("end锛氫慨鏀规暟鎹墽琛屽畬姣�");
}
@@ -914,8 +917,9 @@
}
List<XMLResultDataObjectDetailDO> xDOs=new CopyOnWriteArrayList<>();
//闄愬埗绾跨▼骞惰鏁伴噺
- customForkJoinPool.submit(()->{
- dataObjectVO.getRowData().parallelStream().forEach(rowData->{
+ //customForkJoinPool.submit(()->{
+ // dataObjectVO.getRowData().parallelStream().forEach(rowData->{
+ dataObjectVO.getRowData().forEach(rowData->{
String mesg="";
try {
CodeOrderDTO orderDTO = new CodeOrderDTO();
@@ -931,7 +935,7 @@
//瑙勫垯涔嬪畾涔変负鍙彉鐮佹瀛樺偍涓绘暟鎹紶閫掕繃鏉ョ殑鏁版嵁
CodeOrderSecDTO CodeOrderSecDTO = new CodeOrderSecDTO();
CodeOrderSecDTO.setSecOid(codeBasicSecVO.getOid());
- CodeOrderSecDTO.setSecValue(rowData.getOid());
+ CodeOrderSecDTO.setSecValue(rowData.getCode());
codeOrderSecDTOList.add(CodeOrderSecDTO);
}
});
@@ -940,33 +944,34 @@
orderDTO.setSecDTOList(codeOrderSecDTOList);//瀛樺偍缂栫爜
orderDTO.setData(rowData.getFiledValue());
String code = engineService.addSaveCodeNotauthUser(orderDTO,false);
- /*if(StringUtils.isNotBlank(code)) {
- //rowData.setCode(code);
- StringBuffer sqlsb = new StringBuffer();
- sqlsb.append(" select * from ");
- sqlsb.append(tableName);
- sqlsb.append(" where 1=1 ");
- sqlsb.append(" and lastr=1 and lastv=1");
- sqlsb.append(" and id in (");
- sqlsb.append(VciBaseUtil.toInSql(code));
- sqlsb.append(")");
- List<Map<String, String>> newDataMapList = commonsMapper.queryByOnlySqlForMap(sqlsb.toString());
- if (!CollectionUtils.isEmpty(newDataMapList)) {
- String oid = StringUtils.isBlank(newDataMapList.get(0).get("OID")) ? "" : newDataMapList.get(0).get("OID");
- List<String> oidList = new ArrayList<>();
- oidList.add(oid);
- //濡傛灉鏈夌敵璇峰氨鍘昏皟鐢ㄧ敵璇烽泦鍥㈢爜
- if (isPersonApplyGroupCode) {
- mdmIOService.sendApplyGroupcode(oidList, templateVO.getBtmTypeId(), sysIntegrationPushTypeEnum.ACCPET_APPCODE.getValue());
- success.set(true);
- mesg = "鏁版嵁淇濆瓨鎴愬姛锛岀瓑寰呯敵璇烽泦鍥㈢爜";
+ /*if(StringUtils.isNotBlank(code)) {
+ //rowData.setCode(code);
+ StringBuffer sqlsb = new StringBuffer();
+ sqlsb.append(" select * from ");
+ sqlsb.append(tableName);
+ sqlsb.append(" where 1=1 ");
+ sqlsb.append(" and lastr=1 and lastv=1");
+ sqlsb.append(" and id in (");
+ sqlsb.append(VciBaseUtil.toInSql(code));
+ sqlsb.append(")");
+ List<Map<String, String>> newDataMapList = commonsMapper.queryByOnlySqlForMap(sqlsb.toString());
+ if (!CollectionUtils.isEmpty(newDataMapList)) {
+ String oid = StringUtils.isBlank(newDataMapList.get(0).get("OID")) ? "" : newDataMapList.get(0).get("OID");
+ List<String> oidList = new ArrayList<>();
+ oidList.add(oid);
+ //濡傛灉鏈夌敵璇峰氨鍘昏皟鐢ㄧ敵璇烽泦鍥㈢爜
+ if (isPersonApplyGroupCode) {
+ mdmIOService.sendApplyGroupcode(oidList, templateVO.getBtmTypeId(), sysIntegrationPushTypeEnum.ACCPET_APPCODE.getValue());
+ success.set(true);
+ mesg = "鏁版嵁淇濆瓨鎴愬姛锛岀瓑寰呯敵璇烽泦鍥㈢爜";
+ }
}
- }
- }*/
+ }*/
} catch (Exception e) {
+ log.error( "閮ㄩ棬鏁版嵁鎺ユ敹澶辫触:",e);
mesg=e.getMessage();
e.printStackTrace();
- throw new ServiceException(e.getMessage());
+ // throw new ServiceException(e.getMessage());
}finally {
XMLResultDataObjectDetailDO x=new XMLResultDataObjectDetailDO();
x.setId(rowData.getOid());
@@ -976,7 +981,7 @@
xDOs.add(x);
}
});
- }).join();
+ //}).join();
resultDataObjectDetailDOs.addAll(xDOs);
boolean finalSuccess1 = success.get();
String finalMessage1 = message;
@@ -2421,8 +2426,13 @@
return codeOrderSecDTOList;
}
- /***
+ /**
* 鏍规嵁浼犲叆鐨勫弬鏁颁俊鎭牎楠岀爜娈佃鍒�
+ * @param SectionVOList
+ * @param ruleVO
+ * @param classifyFullInfo
+ * @return
+ * @throws Throwable
*/
private List<CodeOrderSecDTO> getRuleCodeOrderSecDTOs(List<SectionVO> SectionVOList,CodeRuleVO ruleVO,CodeClassifyFullInfoBO classifyFullInfo) throws Throwable{
List<CodeBasicSecVO> codeBasicSecVOS= ruleVO.getSecVOList();
@@ -2438,6 +2448,9 @@
// String newSecName=codeBasicSecVO.getName();
String classifySecOid= codeBasicSecVO.getOid();
String message="";
+ //#NaN?琛ㄧず鐮佸�间负绌虹殑鍦烘櫙
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
if (!sectype.equals(CodeSecTypeEnum.CODE_SERIAL_SEC.getValue())) {
String name = codeBasicSecVO.getName();
String sectypeText = codeBasicSecVO.getSecTypeText();
@@ -2454,8 +2467,8 @@
List<CodeClassifyValue> codeClassifyValueDOList = codeClassifyValueService.list(Wrappers.<CodeClassifyValue>query().lambda().eq(CodeClassifyValue::getCodeClassifySecOid,classifySecOid));
if (!CollectionUtils.isEmpty(codeClassifyValueDOList)) {
Map<String, CodeClassifyValue> codeClassifyValueDOMap = codeClassifyValueDOList.stream().collect(Collectors.toMap(s -> s.getId(), t -> t, (o1, o2) -> o2));
- if(codeClassifyValueDOMap.containsKey(sectypeValue)){
- CodeClassifyValue codeClassifyValue= codeClassifyValueDOMap.get(sectypeValue);
+ if(codeClassifyValueDOMap.containsKey(sectypeValue) || nullSymbol.equals(sectypeValue)){
+ CodeClassifyValue codeClassifyValue = codeClassifyValueDOMap.get(sectypeValue);
sectypeValue=codeClassifyValue.getOid();
}else {
//throw new Throwable("浼犲叆鐨勫垎绫荤爜娈碉細銆�" + name + " 鍊硷細" + sectypeValue + "銆戯紝涓嶇鍚堝綋鍓嶅垎绫诲眰绾т唬鍙�");
@@ -2474,17 +2487,21 @@
String buildSqlwhere="";
List<CodeSectionValueVO> codeSectionValueVOList=new ArrayList<>();
if(coderefersecSearchVO!=null) {
+ Map<String, Object> condtionMap = new HashMap<>();
+ String valueField= coderefersecSearchVO.getValueField();
+ if(StringUtils.isNotBlank(valueField)){
+ condtionMap.put(valueField,sectypeValue);
+ }
if (coderefersecSearchVO.getType().equals(CodeReferConfigTypeEnum.DEFAULT.getValue()) || coderefersecSearchVO.getType().equals(CodeReferConfigTypeEnum.GRID.getValue())) {//榛樿鏍峰紡/鍒楄〃
- Map<String, Object> condtionMap = new HashMap<>();
List<CodeSrchCondConfigVO> codeSrchCondConfigVOList = coderefersecSearchVO.getCodeSrchCondConfigVOS();
-
if (!CollectionUtils.isEmpty(codeSrchCondConfigVOList)) {
codeSrchCondConfigVOList.stream().forEach(codeSrchCondConfigVO -> {
condtionMap.put(codeSrchCondConfigVO.getFilterField() + codeSrchCondConfigVO.getFilterType(), codeSrchCondConfigVO.getFilterValue());
});
+ }
+ if(!CollectionUtils.isEmpty(condtionMap)) {
buildSqlwhere = UBCSSqlKeyword.buildSqlwhere(condtionMap);
}
-
//浣跨敤浼犲叆鐨勪笟鍔$被鍨嬫煡璇㈣〃
R<List<BtmTypeVO>> listR = btmTypeClient.selectByIdCollection(Collections.singletonList(referBtmId));
if (!listR.isSuccess() || listR.getData().size() == 0) {
@@ -2499,7 +2516,7 @@
sb.append(buildSqlwhere);
}
List<Map> ListMap = commonsMapper.selectBySql(sb.toString());
- String valueField = coderefersecSearchVO.getValueField();
+ //String valueField = coderefersecSearchVO.getValueField();
String textField = coderefersecSearchVO.getTextField();
final int[] num = {0};
if (!CollectionUtils.isEmpty(ListMap)) {
@@ -2514,8 +2531,6 @@
});
}
}else if (coderefersecSearchVO.getType().equals(CodeReferConfigTypeEnum.TREE.getValue())) {//鏍戝舰
- Map<String, Object> condtionMap = new HashMap<>();
-
//浣跨敤浼犲叆鐨勪笟鍔$被鍨嬫煡璇㈣〃
R<List<BtmTypeVO>> listR = btmTypeClient.selectByIdCollection(Collections.singletonList(referBtmId));
if (!listR.isSuccess() || listR.getData().size() == 0) {
@@ -2532,9 +2547,10 @@
codeSrchCondConfigVOList.stream().forEach(codeSrchCondConfigVO -> {
condtionMap.put(codeSrchCondConfigVO.getFilterField() + codeSrchCondConfigVO.getFilterType(), codeSrchCondConfigVO.getFilterValue());
});
+ }
+ if(!CollectionUtils.isEmpty(condtionMap)) {
buildSqlwhere = UBCSSqlKeyword.buildSqlwhere(condtionMap);
}
-
//if("all".equals(coderefersecSearchVO.getLoadType())) {
String parentOidSql = "";
if(StringUtils.isNotBlank(parentValue)){
@@ -2581,7 +2597,6 @@
sb.append(buildSqlwhere);
}
List<Map> ListMap = commonsMapper.selectBySql(sb.toString());
- String valueField = coderefersecSearchVO.getValueField();
String textField = coderefersecSearchVO.getTextField();
final int[] num = {0};
if (!CollectionUtils.isEmpty(ListMap)) {
@@ -2601,11 +2616,11 @@
if(!CollectionUtils.isEmpty(codeSectionValueVOList)){
Map<String, CodeSectionValueVO> codeSectionValueVOMap = codeSectionValueVOList.stream().collect(Collectors.toMap(s -> s.getValue(), t -> t, (o1, o2) -> o2));
if(!codeSectionValueVOMap.containsKey(sectypeValue)){
- message="浼犲叆鐨勭紪鐮佽鍒欑爜娈�:銆�"+name+"銆戜负"+CODE_REFER_SEC.getText()+",鍏跺搴旂殑鍊硷紝鍦ㄧ紪鐮佺郴缁熶笉瀛樺湪";
+ message="浼犲叆鐨勭紪鐮佽鍒欑爜娈�:銆�"+name+"銆戜负"+CODE_REFER_SEC.getText()+",鍏跺搴旂殑鍊笺��"+sectypeValue+"銆戯紝鍦ㄧ紪鐮佺郴缁熶笉瀛樺湪";
errorMap.put("error",errorMap.getOrDefault("error","")+";"+message);
}
}else{
- message="浼犲叆鐨勭紪鐮佽鍒欑爜娈�:銆�"+name+"銆戜负"+CODE_REFER_SEC.getText()+",鍏跺搴旂殑鍊硷紝鍦ㄧ紪鐮佺郴缁熶笉瀛樺湪";
+ message="浼犲叆鐨勭紪鐮佽鍒欑爜娈�:銆�"+name+"銆戜负"+CODE_REFER_SEC.getText()+",鍏跺搴旂殑鍊笺��"+sectypeValue+"銆戯紝鍦ㄧ紪鐮佺郴缁熶笉瀛樺湪";
errorMap.put("error",errorMap.getOrDefault("error","")+";"+message);
}
}
@@ -2728,6 +2743,7 @@
String dataValue = sourceKeyValueMap.get(sourceKey);
if (attrMapConfigMap.containsKey(sourceKey)) {
String targetKey = attrMapConfigMap.get(sourceKey);
+ log.info("xxxxx灞炴�ф槧灏勫��:sourceKey銆�"+sourceKey+"銆戔�斺�斻��+targetKey---銆�"+targetKey+":"+dataValue);
keyValueMap.put(targetKey, StringUtils.isBlank(dataValue)?"":dataValue);
}
});
@@ -2861,6 +2877,7 @@
String dataValue = sourceKeyValueMap.get(sourceKey);
if (attrMapConfigMap.containsKey(sourceKey)) {
String targetKey = attrMapConfigMap.get(sourceKey);
+ log.info("xxxxx灞炴�ф槧灏勫��:sourceKey銆�"+sourceKey+"銆戔�斺�斻��+targetKey---銆�"+targetKey+":"+dataValue);
keyValueMap.put(targetKey, StringUtils.isBlank(dataValue)?"":dataValue);
}
});
--
Gitblit v1.9.3