From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java | 66 +++++++++++++++++++++------------
1 files changed, 42 insertions(+), 24 deletions(-)
diff --git a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
index b79e160..217538e 100644
--- a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
+++ b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
@@ -6,15 +6,14 @@
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.core.util.ZipUtil;
-import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import com.alibaba.excel.util.StringUtils;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
import org.apache.batik.transcoder.TranscoderInput;
import org.apache.batik.transcoder.TranscoderOutput;
import org.apache.batik.transcoder.image.PNGTranscoder;
-import org.apache.commons.io.IOUtils;
import org.dromara.common.core.exception.ServiceException;
import org.dromara.common.mybatis.core.page.PageQuery;
import org.dromara.common.mybatis.core.page.TableDataInfo;
@@ -22,8 +21,11 @@
import org.dromara.workflow.common.constant.FlowConstant;
import org.dromara.workflow.domain.WfNodeConfig;
import org.dromara.workflow.domain.bo.ModelBo;
+import org.dromara.workflow.domain.bo.WfDefinitionConfigBo;
import org.dromara.workflow.domain.vo.ModelVo;
+import org.dromara.workflow.domain.vo.WfDefinitionConfigVo;
import org.dromara.workflow.service.IActModelService;
+import org.dromara.workflow.service.IWfDefinitionConfigService;
import org.dromara.workflow.service.IWfNodeConfigService;
import org.dromara.workflow.utils.ModelUtils;
import org.dromara.workflow.utils.QueryUtils;
@@ -32,8 +34,12 @@
import org.flowable.bpmn.model.Process;
import org.flowable.bpmn.model.UserTask;
import org.flowable.engine.RepositoryService;
-import org.flowable.engine.repository.*;
+import org.flowable.engine.repository.Deployment;
+import org.flowable.engine.repository.Model;
+import org.flowable.engine.repository.ModelQuery;
+import org.flowable.engine.repository.ProcessDefinition;
import org.flowable.validation.ValidationError;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -44,6 +50,7 @@
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
@@ -54,12 +61,15 @@
*
* @author may
*/
+@Slf4j
@RequiredArgsConstructor
@Service
public class ActModelServiceImpl implements IActModelService {
- private final RepositoryService repositoryService;
- private final IWfNodeConfigService iWfNodeConfigService;
+ @Autowired(required = false)
+ private RepositoryService repositoryService;
+ private final IWfNodeConfigService wfNodeConfigService;
+ private final IWfDefinitionConfigService wfDefinitionConfigService;
/**
* 鍒嗛〉鏌ヨ妯″瀷
@@ -125,7 +135,7 @@
repositoryService.addModelEditorSource(model.getId(), StrUtil.utf8Bytes(xml));
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -151,6 +161,7 @@
modelVo.setDescription(model.getMetaInfo());
return modelVo;
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -175,6 +186,7 @@
model.setMetaInfo(modelBo.getDescription());
repositoryService.saveModel(model);
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
return true;
@@ -224,7 +236,7 @@
repositoryService.addModelEditorSourceExtra(model.getId(), result);
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -244,7 +256,7 @@
if (ArrayUtil.isEmpty(xmlBytes)) {
throw new ServiceException("妯″瀷鏁版嵁涓虹┖锛岃鍏堣璁℃祦绋嬪畾涔夋ā鍨嬶紝鍐嶈繘琛岄儴缃诧紒");
}
- if (JSONUtil.isTypeJSON(IOUtils.toString(xmlBytes, StandardCharsets.UTF_8.toString()))) {
+ if (JSONUtil.isTypeJSON(new String(xmlBytes, StandardCharsets.UTF_8))) {
byte[] bytes = ModelUtils.bpmnJsonToXmlBytes(xmlBytes);
if (ArrayUtil.isEmpty(bytes)) {
throw new ServiceException("妯″瀷涓嶈兘涓虹┖锛岃鑷冲皯璁捐涓�鏉′富绾挎祦绋嬶紒");
@@ -260,6 +272,7 @@
}
// 鏌ヨ妯″瀷鐨勫熀鏈俊鎭�
Model model = repositoryService.getModel(id);
+ ProcessDefinition processDefinition = QueryUtils.definitionQuery().processDefinitionKey(model.getKey()).latestVersion().singleResult();
// xml璧勬簮鐨勫悕绉� 锛屽搴攁ct_ge_bytearray琛ㄤ腑鐨刵ame_瀛楁
String processName = model.getName() + ".bpmn20.xml";
// 璋冪敤閮ㄧ讲鐩稿叧鐨刟pi鏂规硶杩涜閮ㄧ讲娴佺▼瀹氫箟
@@ -282,6 +295,20 @@
// 鏇存柊鍒嗙被
ProcessDefinition definition = QueryUtils.definitionQuery().deploymentId(deployment.getId()).singleResult();
repositoryService.setProcessDefinitionCategory(definition.getId(), model.getCategory());
+ //鏇存柊娴佺▼瀹氫箟閰嶇疆
+ if (processDefinition != null) {
+ WfDefinitionConfigVo definitionVo = wfDefinitionConfigService.getByDefId(processDefinition.getId());
+ if (definitionVo != null) {
+ wfDefinitionConfigService.deleteByDefIds(Collections.singletonList(processDefinition.getId()));
+ WfDefinitionConfigBo wfFormDefinition = new WfDefinitionConfigBo();
+ wfFormDefinition.setDefinitionId(definition.getId());
+ wfFormDefinition.setProcessKey(definition.getKey());
+ wfFormDefinition.setTableName(definitionVo.getTableName());
+ wfFormDefinition.setVersion(definition.getVersion());
+ wfFormDefinition.setRemark(definitionVo.getRemark());
+ wfDefinitionConfigService.saveOrUpdate(wfFormDefinition);
+ }
+ }
//鏇存柊娴佺▼鑺傜偣閰嶇疆琛ㄥ崟
List<UserTask> userTasks = ModelUtils.getUserTaskFlowElements(definition.getId());
UserTask applyUserTask = ModelUtils.getApplyUserTask(definition.getId());
@@ -300,11 +327,11 @@
}
}
if (CollUtil.isNotEmpty(wfNodeConfigList)) {
- iWfNodeConfigService.saveOrUpdate(wfNodeConfigList);
+ wfNodeConfigService.saveOrUpdate(wfNodeConfigList);
}
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -317,9 +344,7 @@
*/
@Override
public void exportZip(List<String> modelIds, HttpServletResponse response) {
- ZipOutputStream zos = null;
- try {
- zos = ZipUtil.getZipOutputStream(response.getOutputStream(), StandardCharsets.UTF_8);
+ try (ZipOutputStream zos = ZipUtil.getZipOutputStream(response.getOutputStream(), StandardCharsets.UTF_8)) {
// 鍘嬬缉鍖呮枃浠跺悕
String zipName = "妯″瀷涓嶅瓨鍦�";
// 鏌ヨ妯″瀷鍩烘湰淇℃伅
@@ -327,7 +352,7 @@
Model model = repositoryService.getModel(modelId);
byte[] xmlBytes = repositoryService.getModelEditorSource(modelId);
if (ObjectUtil.isNotNull(model)) {
- if (JSONUtil.isTypeJSON(IOUtils.toString(xmlBytes, StandardCharsets.UTF_8.toString())) && ArrayUtil.isEmpty(ModelUtils.bpmnJsonToXmlBytes(xmlBytes))) {
+ if (JSONUtil.isTypeJSON(new String(xmlBytes, StandardCharsets.UTF_8)) && ArrayUtil.isEmpty(ModelUtils.bpmnJsonToXmlBytes(xmlBytes))) {
zipName = "妯″瀷涓嶈兘涓虹┖锛岃鑷冲皯璁捐涓�鏉′富绾挎祦绋嬶紒";
zos.putNextEntry(new ZipEntry(zipName + ".txt"));
zos.write(zipName.getBytes(StandardCharsets.UTF_8));
@@ -347,19 +372,11 @@
}
response.setHeader("Content-Disposition",
"attachment; filename=" + URLEncoder.encode(zipName, StandardCharsets.UTF_8) + ".zip");
+ response.addHeader("Access-Control-Expose-Headers", "Content-Disposition");
// 鍒峰嚭鍝嶅簲娴�
response.flushBuffer();
} catch (IOException e) {
- e.printStackTrace();
- } finally {
- if (zos != null) {
- try {
- zos.closeEntry();
- zos.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
+ log.error(e.getMessage(), e);
}
}
@@ -406,6 +423,7 @@
}
}
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
return true;
--
Gitblit v1.9.3