From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java |   68 +++++++++++++++++++++++++++++----
 1 files changed, 59 insertions(+), 9 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
index a71e215..bf38725 100644
--- a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
+++ b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
@@ -21,6 +21,8 @@
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
+import com.vci.ubcs.system.cache.NacosConfigCache;
 import com.vci.ubcs.system.user.entity.User;
 import com.vci.ubcs.system.user.excel.UserExcel;
 import com.vci.ubcs.system.user.excel.UserImporter;
@@ -31,7 +33,7 @@
 import io.swagger.annotations.ApiParam;
 import lombok.AllArgsConstructor;
 import com.vci.ubcs.common.cache.CacheNames;
-import org.hibernate.validator.internal.util.logging.Log;
+import lombok.extern.slf4j.Slf4j;
 import org.springblade.core.cache.utils.CacheUtil;
 import org.springblade.core.excel.util.ExcelUtil;
 import org.springblade.core.mp.support.Condition;
@@ -48,6 +50,7 @@
 import org.springblade.core.tool.utils.StringUtil;
 import com.vci.ubcs.system.user.service.IUserService;
 import com.vci.ubcs.system.user.vo.UserVO;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import springfox.documentation.annotations.ApiIgnore;
@@ -69,11 +72,19 @@
 @RestController
 @RequestMapping
 @AllArgsConstructor
-@lombok.extern.java.Log
+@Slf4j
 public class UserController {
 
 	private final IUserService userService;
+
 	private final BladeRedis bladeRedis;
+
+	private final NacosConfigCache nacosConfigCache;
+
+	/**
+	 * 鏂囦欢瀹夊叏妫�鏌�
+	 */
+	private ComprehensiveFileValidator fileValidator;
 
 	/**
 	 * 鏌ヨ鍗曟潯
@@ -122,7 +133,7 @@
 	//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
 	public R<IPage<UserVO>> list(@ApiIgnore @RequestParam Map<String, Object> user, Query query, BladeUser bladeUser) {
 		QueryWrapper<User> queryWrapper = Condition.getQueryWrapper(user, User.class);
-		IPage<User> pages = userService.page(Condition.getPage(query), (!bladeUser.getTenantId().equals(BladeConstant.ADMIN_TENANT_ID)) ? queryWrapper.lambda().eq(User::getTenantId, bladeUser.getTenantId()) : queryWrapper);
+		IPage<User> pages = userService.page(Condition.getPage(query), (!bladeUser.getTenantId().equals(nacosConfigCache.getAdminUserInfo().getTenantId())) ? queryWrapper.lambda().eq(User::getTenantId, bladeUser.getTenantId()) : queryWrapper);
 		return R.data(UserWrapper.build().pageVO(pages));
 	}
 
@@ -138,7 +149,7 @@
 	@ApiOperation(value = "鍒楄〃", notes = "浼犲叆account鍜宺ealName")
 	//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
 	public R<IPage<UserVO>> page(@ApiIgnore User user, Query query, Long deptId, BladeUser bladeUser) {
-		IPage<User> pages = userService.selectUserPage(Condition.getPage(query), user, deptId, (bladeUser.getTenantId().equals(BladeConstant.ADMIN_TENANT_ID) ? StringPool.EMPTY : bladeUser.getTenantId()));
+		IPage<User> pages = userService.selectUserPage(Condition.getPage(query), user, deptId, (bladeUser.getTenantId().equals(nacosConfigCache.getAdminUserInfo().getTenantId()) ? StringPool.EMPTY : bladeUser.getTenantId()));
 		return R.data(UserWrapper.build().pageVO(pages));
 	}
 
@@ -188,11 +199,20 @@
 	 */
 	@PostMapping("/grant")
 	@ApiOperationSupport(order = 7)
-	@ApiOperation(value = "鏉冮檺璁剧疆", notes = "浼犲叆roleId闆嗗悎浠ュ強menuId闆嗗悎")
+	@ApiOperation(value = "鏉冮檺璁剧疆", notes = "浼犲叆userIds闆嗗悎浠ュ強roleIds闆嗗悎")
 	//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
 	public R grant(@ApiParam(value = "userId闆嗗悎", required = true) @RequestParam String userIds,
 				   @ApiParam(value = "roleId闆嗗悎", required = true) @RequestParam String roleIds) {
-		boolean temp = userService.grant(userIds, roleIds);
+		boolean temp = false;
+		try {
+			 temp = userService.grant(userIds, roleIds);
+			// 鎻掑叆鎺堟潈鏃ュ織
+			userService.grantLog(UserWrapper.build().entityVO(userService.getById(userIds)).toString(),false);
+		}catch (Exception e){
+			// 鎻掑叆鎺堟潈鏃ュ織
+			userService.grantLog(e.getMessage(),true);
+			throw e;
+		}
 		return R.status(temp);
 	}
 
@@ -251,6 +271,11 @@
 	@ApiOperationSupport(order = 12)
 	@ApiOperation(value = "瀵煎叆鐢ㄦ埛", notes = "浼犲叆excel")
 	public R importUser(MultipartFile file, Integer isCovered) {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+		if (!result.isValid()) {
+			return R.fail(result.getMessage());
+		}
 		UserImporter userImporter = new UserImporter(userService, isCovered == 1);
 		ExcelUtil.save(file, userImporter, UserExcel.class);
 		return R.success("鎿嶄綔鎴愬姛");
@@ -283,7 +308,6 @@
 		ExcelUtil.export(response, "鐢ㄦ埛鏁版嵁妯℃澘", "鐢ㄦ埛鏁版嵁琛�", list, UserExcel.class);
 	}
 
-
 	/**
 	 * 绗笁鏂规敞鍐岀敤鎴�
 	 */
@@ -293,7 +317,6 @@
 	public R registerGuest(User user, Long oauthId) {
 		return R.status(userService.registerGuest(user, oauthId));
 	}
-
 
 	/**
 	 * 閰嶇疆鐢ㄦ埛骞冲彴淇℃伅
@@ -349,7 +372,7 @@
 	}
 
 	/**
-	 * 鐢ㄦ埛瑙ｉ攣
+	 * 妫�鏌ョ敤鎴锋槸鍚﹀埌浜嗘彁閱掔敤鎴蜂慨鏀瑰瘑鐮佹垨鑰呭瘑鐮佽繃鏈熺殑鏃堕棿
 	 */
 	@PostMapping("/check-renexpr")
 	@ApiOperationSupport(order = 20)
@@ -360,6 +383,33 @@
 		return R.data(res);
 	}
 
+	/**
+	 * 鑾峰彇鍒版寚瀹氳韩浠芥潈闄愮殑鐢ㄦ埛鍒楄〃
+	 * @param user 鐢ㄦ埛鏌ヨ鐨勭敤鎴蜂俊鎭紝濡傜鎴蜂俊鎭紝閫氬父涓鸿嚜鍔ㄦ敞鍏ワ紝鍓嶇鍙�夋嫨涓嶄紶
+	 * @param roleName 瑕佹煡璇㈢殑瑙掕壊韬唤
+	 * @return
+	 */
+	@GetMapping("/getByRoleUserList")
+	@ApiOperationSupport(order = 21)
+	@ApiOperation(value = "鑾峰彇鍒版寚瀹氳韩浠芥潈闄愮殑鐢ㄦ埛鍒楄〃", notes = "浼犲叆roleName")
+	public R<List<Map<String,String>>> getByRoleUserList(BladeUser user,@Valid @RequestParam String roleName){
+		return R.data(userService.getByRoleUserList(user,roleName));
+	}
 
+	/**
+	 * 淇敼鐢ㄦ埛鐘舵�� 鍋滅敤/鍚敤
+	 * @param userIds userId闆嗗悎
+	 * @param status 鍋滅敤/鍚敤; true:鍚敤,false:鍋滅敤
+	 * @return
+	 */
+	@PostMapping("/updateUserStatus")
+	@ApiOperationSupport(order = 21)
+	@ApiOperation(value = "鑾峰彇鍒版寚瀹氳韩浠芥潈闄愮殑鐢ㄦ埛鍒楄〃", notes = "浼犲叆userId闆嗗悎")
+	public R<Boolean> updateUserStatus(@Valid @RequestParam("userIds") String userIds,boolean status){
+		if (StringUtil.isBlank(userIds)) {
+			return R.fail("璇疯嚦灏戦�夋嫨涓�涓敤鎴�");
+		}
+		return R.status(userService.updateUserStatus(userIds,status));
+	}
 
 }

--
Gitblit v1.9.3