WxxyDeveloper/JSL_OrganizeInternalOA
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

patch: 漏洞修补,规范化
All checks were successful
代码检查 / 代码检查 (pull_request) Successful in 20s
Details

Browse Source
This commit is contained in:
筱锋xiao_lfeng 2024-04-11 20:22:42 +08:00
parent 061d469c17
commit 381de9d54b
Signed by: XiaoLFeng
GPG Key ID: F693AA12AABBFA87
6 changed files with 38 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/jsl/oa/aspect/AnnotationsAspect.java
View File

@ -4,8 +4,6 @@ import com.jsl.oa.annotations.CheckUserAbleToUse;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.dao.PermissionDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
import com.jsl.oa.mapper.RoleMapper;
import com.jsl.oa.mapper.UserMapper;
import com.jsl.oa.model.dodata.RoleDO;
import com.jsl.oa.model.dodata.RoleUserDO;
@ -45,11 +43,8 @@ import java.util.Objects;
@Component
@RequiredArgsConstructor
public class AnnotationsAspect {
private final UserMapper userMapper;
private final RoleMapper roleMapper;
private final RoleDAO roleDAO;
private final UserDAO userDAO;
private final PermissionDAO permissionDAO;
/**
@ -132,7 +127,7 @@ public class AnnotationsAspect {
// 获取用户信息
Long userId = Processing.getAuthHeaderToUserId(request);
UserDO userDO =userMapper.getUserById(userId);
UserDO userDO = userMapper.getUserById(userId);
// 用户不存在
if (userDO == null) {
return ResultUtil.error(ErrorCode.USER_NOT_EXIST);

2
src/main/java/com/jsl/oa/controllers/UserController.java
View File

@ -136,7 +136,7 @@ public class UserController {
}
}
// 检查是否出现错误
return userService.userCurrent(id, username, email, phone, request);
return userService.userCurrent(request, id, username, email, phone);
}
/**

29
src/main/java/com/jsl/oa/mapper/ProjectMapper.java
View File

@ -38,12 +38,8 @@ public interface ProjectMapper {
ProjectDO tgetProjectById(Integer id);
@Select("select * from organize_oa.oa_project_work where principal_id=#{uid}")
//"(select id from organize_oa.oa_project_work where id in)")
List<ProjectCuttingDO> projectGetUserInCutting(Long uid);
@Insert("update organize_oa.oa_project_work set principal_id =#{uid} where id=#{pid}")
void projectAddUserInCutting(Long uid, Long pid);
@Select("select data from organize_oa.oa_config where value='project_show'")
String getHeader();
@ -54,11 +50,6 @@ public interface ProjectMapper {
+ " updated_at = CURRENT_TIMESTAMP WHERE value = 'project_show'")
boolean setProjectShow(String setProjectShow);
//@Select("select * from organize_oa.oa_project where json_extract(tags,'$.tags')" +
//"like concat('%',#{tags},'%')")
//@Select("select * from organize_oa.oa_project where is_finish=#{isFinish}
// and is_delete=false and principal_id=#{userId}")
List<ProjectDO> getByIsfinish(Long userId, List<Integer> isFinish);
List<ProjectDO> getByTags(Long userId, List<String> tags, List<Integer> isFinish);
@ -75,15 +66,6 @@ public interface ProjectMapper {
@Update("UPDATE organize_oa.oa_project SET is_delete = 1 where id=#{id}")
boolean deleteProject(Long id);
@Update("UPDATE organize_oa.oa_project_cutting SET name = #{name}, "
+ "tag = #{tag}, engineering = #{engineering}, estimated_time = #{estimatedTime}, "
+ "real_time = #{realTime}, updated_at = CURRENT_TIMESTAMP WHERE id = #{id}")
boolean projectCuttingUpdate(ProjectCuttingDO projectCuttingDO);
@Update("UPDATE organize_oa.oa_project_user SET uid = #{uid} , updated_at = CURRENT_TIMESTAMP WHERE id = #{id}")
boolean updateUserForProjectUser(Long uid, Long id);
List<ProjectDO> workgetByIsfinish(Long userId, List<Integer> isFinish, Integer is);
List<ProjectDO> workgetByTags(Long userId, List<String> tags, Integer is, List<Integer> isFinish);
@ -108,11 +90,11 @@ public interface ProjectMapper {
@Select("select principal_id from organize_oa.oa_project_work where id=#{pid}")
Long getPirIdbyWorkid(Long pid);
@Select("select principal_id from organize_oa.oa_project_work where id=#{id} AND"
+ "is_delete = 0")
@Select("select principal_id from organize_oa.oa_project_work where id=#{id} "
+ "AND is_delete = 0")
Long getPid(Integer id);
@Select("select * from organize_oa.oa_project_work where id=#{id}"
@Select("select * from organize_oa.oa_project_work where id=#{id} "
+ "AND is_delete = 0")
ProjectWorkDO getProjectWorkById(Long id);
@ -126,4 +108,9 @@ public interface ProjectMapper {
+ "where DATE(deadline) = DATE(#{threeDayLater}) and is_finish != 1")
List<ProjectWorkDO> getProjectWorkByTime(LocalDateTime threeDayLater);
List<ProjectWorkDO> getAllSubmoduleByUserId(Long uid);
List<ProjectDO> getProjectByPrincipalUser(Long uid);
List<ProjectWorkDO> getAllSubsystemByUserId(Long uid);
}

1
src/main/java/com/jsl/oa/model/dodata/PageBeanDO.java
View File

@ -14,6 +14,7 @@ import java.util.List;
* @since v1.1.0
* @version v1.1.0
* @author 176yunxuan
* @param <R>
*/
@Data

26
src/main/java/com/jsl/oa/services/impl/ProjectServiceImpl.java
View File

@ -78,6 +78,11 @@ public class ProjectServiceImpl implements ProjectService {
return ResultUtil.success("添加成功");
}
@Override
public BaseResponse projectToOtherUserForCutting(HttpServletRequest request, Long oldUid, Long pid, Long newUid) {
return null;
}
@Override
public BaseResponse projecWorktAdd(HttpServletRequest request, ProjectWorkVO projectWorkVO) {
log.info("\t> 执行 Service 层 ProjectService.projectWorkAdd 方法");
@ -230,7 +235,7 @@ public class ProjectServiceImpl implements ProjectService {
//判断用户是否为老师 或者 项目负责人
if (!Processing.checkUserIsTeacher(request, roleMapper)
if (!Processing.checkUserIsTeacher(request, roleDAO)
|| !projectDAO.isPrincipalUser(Processing.getAuthHeaderToUserId(request), projectId)) {
return ResultUtil.error(ErrorCode.NOT_PERMISSION);
}
@ -336,7 +341,14 @@ public class ProjectServiceImpl implements ProjectService {
}
@Override
public BaseResponse get(Integer listAll, HttpServletRequest request, List<String> tags, List<Integer> isFinish, Integer page, Integer pageSize) {
public BaseResponse get(
Integer listAll,
HttpServletRequest request,
List<String> tags,
List<Integer> isFinish,
Integer page,
Integer pageSize
) {
log.info("\t> 执行 Service 层 ProjectService.get 方法");
//获取用户
@ -412,7 +424,15 @@ public class ProjectServiceImpl implements ProjectService {
}
@Override
public BaseResponse workget(Integer listAll, HttpServletRequest request, List<String> tags, List<Integer> isFinish, Integer is, Integer page, Integer pageSize) {
public BaseResponse workget(
Integer listAll,
HttpServletRequest request,
List<String> tags,
List<Integer> isFinish,
Integer is,
Integer page,
Integer pageSize
) {
log.info("\t> 执行 Service 层 ProjectService.workget 方法");
//获取用户

9
src/main/java/com/jsl/oa/services/impl/UserServiceImpl.java
View File

@ -5,8 +5,7 @@ import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.dao.PermissionDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
import com.jsl.oa.mapper.RoleMapper;
import com.jsl.oa.model.dodata.RoleDO;
import com.jsl.oa.model.dodata.RoleUserDO;
import com.jsl.oa.model.dodata.UserDO;
import com.jsl.oa.model.vodata.*;
@ -23,6 +22,8 @@ import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;
/**
@ -40,8 +41,6 @@ import java.util.regex.Pattern;
@Service
@RequiredArgsConstructor
public class UserServiceImpl implements UserService {
private final RoleMapper roleMapper;
private final UserDAO userDAO;
private final RoleDAO roleDAO;
private final PermissionDAO permissionDAO;
@ -74,7 +73,7 @@ public class UserServiceImpl implements UserService {
@Override
public BaseResponse userLock(HttpServletRequest request, Long id, Long isLock) {
log.info("\t> 执行 Service 层 UserService.userLock 方法");
if (!Processing.checkUserIsAdmin(request, roleDAO.roleMapper)) {
if (!Processing.checkUserIsAdmin(request, roleDAO)) {
return ResultUtil.error(ErrorCode.NOT_ADMIN);
}
//判断用户是否存在