From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java | 90 ++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 80 insertions(+), 10 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
index 7d66724..bf38725 100644
--- a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
+++ b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
@@ -21,6 +21,8 @@
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
+import com.vci.ubcs.system.cache.NacosConfigCache;
import com.vci.ubcs.system.user.entity.User;
import com.vci.ubcs.system.user.excel.UserExcel;
import com.vci.ubcs.system.user.excel.UserImporter;
@@ -31,6 +33,7 @@
import io.swagger.annotations.ApiParam;
import lombok.AllArgsConstructor;
import com.vci.ubcs.common.cache.CacheNames;
+import lombok.extern.slf4j.Slf4j;
import org.springblade.core.cache.utils.CacheUtil;
import org.springblade.core.excel.util.ExcelUtil;
import org.springblade.core.mp.support.Condition;
@@ -47,6 +50,7 @@
import org.springblade.core.tool.utils.StringUtil;
import com.vci.ubcs.system.user.service.IUserService;
import com.vci.ubcs.system.user.vo.UserVO;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import springfox.documentation.annotations.ApiIgnore;
@@ -68,10 +72,19 @@
@RestController
@RequestMapping
@AllArgsConstructor
+@Slf4j
public class UserController {
private final IUserService userService;
+
private final BladeRedis bladeRedis;
+
+ private final NacosConfigCache nacosConfigCache;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ private ComprehensiveFileValidator fileValidator;
/**
* 鏌ヨ鍗曟潯
@@ -93,7 +106,18 @@
@GetMapping("/info")
public R<UserVO> info(BladeUser user) {
User detail = userService.getById(user.getUserId());
- return R.data(UserWrapper.build().entityVO(detail));
+ UserVO userVO = null;
+ if(detail != null){
+ userVO = UserWrapper.build().entityVO(detail);
+ }else {
+ userVO = new UserVO();
+ userVO.setId(user.getUserId());
+ userVO.setTenantId(user.getTenantId());
+ userVO.setAccount(user.getAccount());
+ userVO.setName(user.getUserName());
+ userVO.setRealName(user.getUserName());
+ }
+ return R.data(userVO);
}
/**
@@ -109,7 +133,7 @@
//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
public R<IPage<UserVO>> list(@ApiIgnore @RequestParam Map<String, Object> user, Query query, BladeUser bladeUser) {
QueryWrapper<User> queryWrapper = Condition.getQueryWrapper(user, User.class);
- IPage<User> pages = userService.page(Condition.getPage(query), (!bladeUser.getTenantId().equals(BladeConstant.ADMIN_TENANT_ID)) ? queryWrapper.lambda().eq(User::getTenantId, bladeUser.getTenantId()) : queryWrapper);
+ IPage<User> pages = userService.page(Condition.getPage(query), (!bladeUser.getTenantId().equals(nacosConfigCache.getAdminUserInfo().getTenantId())) ? queryWrapper.lambda().eq(User::getTenantId, bladeUser.getTenantId()) : queryWrapper);
return R.data(UserWrapper.build().pageVO(pages));
}
@@ -125,8 +149,14 @@
@ApiOperation(value = "鍒楄〃", notes = "浼犲叆account鍜宺ealName")
//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
public R<IPage<UserVO>> page(@ApiIgnore User user, Query query, Long deptId, BladeUser bladeUser) {
- IPage<User> pages = userService.selectUserPage(Condition.getPage(query), user, deptId, (bladeUser.getTenantId().equals(BladeConstant.ADMIN_TENANT_ID) ? StringPool.EMPTY : bladeUser.getTenantId()));
+ IPage<User> pages = userService.selectUserPage(Condition.getPage(query), user, deptId, (bladeUser.getTenantId().equals(nacosConfigCache.getAdminUserInfo().getTenantId()) ? StringPool.EMPTY : bladeUser.getTenantId()));
return R.data(UserWrapper.build().pageVO(pages));
+ }
+
+ @GetMapping("/allPage")
+ public R<List<UserVO>> allPage(User user,Long deptId) {
+ List<User> userss = userService.selectAllUser(user,deptId);
+ return R.data(UserWrapper.build().listVO(userss));
}
/**
@@ -169,11 +199,20 @@
*/
@PostMapping("/grant")
@ApiOperationSupport(order = 7)
- @ApiOperation(value = "鏉冮檺璁剧疆", notes = "浼犲叆roleId闆嗗悎浠ュ強menuId闆嗗悎")
+ @ApiOperation(value = "鏉冮檺璁剧疆", notes = "浼犲叆userIds闆嗗悎浠ュ強roleIds闆嗗悎")
//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
public R grant(@ApiParam(value = "userId闆嗗悎", required = true) @RequestParam String userIds,
@ApiParam(value = "roleId闆嗗悎", required = true) @RequestParam String roleIds) {
- boolean temp = userService.grant(userIds, roleIds);
+ boolean temp = false;
+ try {
+ temp = userService.grant(userIds, roleIds);
+ // 鎻掑叆鎺堟潈鏃ュ織
+ userService.grantLog(UserWrapper.build().entityVO(userService.getById(userIds)).toString(),false);
+ }catch (Exception e){
+ // 鎻掑叆鎺堟潈鏃ュ織
+ userService.grantLog(e.getMessage(),true);
+ throw e;
+ }
return R.status(temp);
}
@@ -232,6 +271,11 @@
@ApiOperationSupport(order = 12)
@ApiOperation(value = "瀵煎叆鐢ㄦ埛", notes = "浼犲叆excel")
public R importUser(MultipartFile file, Integer isCovered) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
UserImporter userImporter = new UserImporter(userService, isCovered == 1);
ExcelUtil.save(file, userImporter, UserExcel.class);
return R.success("鎿嶄綔鎴愬姛");
@@ -264,7 +308,6 @@
ExcelUtil.export(response, "鐢ㄦ埛鏁版嵁妯℃澘", "鐢ㄦ埛鏁版嵁琛�", list, UserExcel.class);
}
-
/**
* 绗笁鏂规敞鍐岀敤鎴�
*/
@@ -274,7 +317,6 @@
public R registerGuest(User user, Long oauthId) {
return R.status(userService.registerGuest(user, oauthId));
}
-
/**
* 閰嶇疆鐢ㄦ埛骞冲彴淇℃伅
@@ -296,7 +338,6 @@
public R<UserVO> platformDetail(User user) {
return R.data(userService.platformDetail(user));
}
-
/**
* 鐢ㄦ埛鍒楄〃鏌ヨ
@@ -331,15 +372,44 @@
}
/**
- * 鐢ㄦ埛瑙i攣
+ * 妫�鏌ョ敤鎴锋槸鍚﹀埌浜嗘彁閱掔敤鎴蜂慨鏀瑰瘑鐮佹垨鑰呭瘑鐮佽繃鏈熺殑鏃堕棿
*/
@PostMapping("/check-renexpr")
@ApiOperationSupport(order = 20)
@ApiOperation(value = "鏌ヨ鐢ㄦ埛瀵嗙爜绛栫暐鏄惁闇�瑕佹彁閱�", notes = "浼犲叆id")
public R<Long> checkRenAndExpr(BladeUser user) {
- System.out.println("==============================="+user.getUserId());
+ log.info("==============================="+user.getUserId());
Long res = userService.checkRenAndExpr(user.getUserId());
return R.data(res);
}
+ /**
+ * 鑾峰彇鍒版寚瀹氳韩浠芥潈闄愮殑鐢ㄦ埛鍒楄〃
+ * @param user 鐢ㄦ埛鏌ヨ鐨勭敤鎴蜂俊鎭紝濡傜鎴蜂俊鎭紝閫氬父涓鸿嚜鍔ㄦ敞鍏ワ紝鍓嶇鍙�夋嫨涓嶄紶
+ * @param roleName 瑕佹煡璇㈢殑瑙掕壊韬唤
+ * @return
+ */
+ @GetMapping("/getByRoleUserList")
+ @ApiOperationSupport(order = 21)
+ @ApiOperation(value = "鑾峰彇鍒版寚瀹氳韩浠芥潈闄愮殑鐢ㄦ埛鍒楄〃", notes = "浼犲叆roleName")
+ public R<List<Map<String,String>>> getByRoleUserList(BladeUser user,@Valid @RequestParam String roleName){
+ return R.data(userService.getByRoleUserList(user,roleName));
+ }
+
+ /**
+ * 淇敼鐢ㄦ埛鐘舵�� 鍋滅敤/鍚敤
+ * @param userIds userId闆嗗悎
+ * @param status 鍋滅敤/鍚敤; true:鍚敤,false:鍋滅敤
+ * @return
+ */
+ @PostMapping("/updateUserStatus")
+ @ApiOperationSupport(order = 21)
+ @ApiOperation(value = "鑾峰彇鍒版寚瀹氳韩浠芥潈闄愮殑鐢ㄦ埛鍒楄〃", notes = "浼犲叆userId闆嗗悎")
+ public R<Boolean> updateUserStatus(@Valid @RequestParam("userIds") String userIds,boolean status){
+ if (StringUtil.isBlank(userIds)) {
+ return R.fail("璇疯嚦灏戦�夋嫨涓�涓敤鎴�");
+ }
+ return R.status(userService.updateUserStatus(userIds,status));
+ }
+
}
--
Gitblit v1.9.3