From 098d3347a0df808908aab8c554cd7c4febc5e6d9 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期一, 26 八月 2024 11:43:59 +0800
Subject: [PATCH] !577 发布 5.2.2 正式版 安全性提升 Merge pull request !577 from 疯狂的狮子Li/dev
---
ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java | 108 ++++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 81 insertions(+), 27 deletions(-)
diff --git a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
index 226b88c..217538e 100644
--- a/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
+++ b/ruoyi-modules/ruoyi-workflow/src/main/java/org/dromara/workflow/service/impl/ActModelServiceImpl.java
@@ -10,10 +10,10 @@
import com.alibaba.excel.util.StringUtils;
import jakarta.servlet.http.HttpServletResponse;
import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
import org.apache.batik.transcoder.TranscoderInput;
import org.apache.batik.transcoder.TranscoderOutput;
import org.apache.batik.transcoder.image.PNGTranscoder;
-import org.apache.commons.io.IOUtils;
import org.dromara.common.core.exception.ServiceException;
import org.dromara.common.mybatis.core.page.PageQuery;
import org.dromara.common.mybatis.core.page.TableDataInfo;
@@ -29,11 +29,17 @@
import org.dromara.workflow.service.IWfNodeConfigService;
import org.dromara.workflow.utils.ModelUtils;
import org.dromara.workflow.utils.QueryUtils;
+import org.flowable.bpmn.converter.BpmnXMLConverter;
import org.flowable.bpmn.model.BpmnModel;
+import org.flowable.bpmn.model.Process;
import org.flowable.bpmn.model.UserTask;
import org.flowable.engine.RepositoryService;
-import org.flowable.engine.repository.*;
+import org.flowable.engine.repository.Deployment;
+import org.flowable.engine.repository.Model;
+import org.flowable.engine.repository.ModelQuery;
+import org.flowable.engine.repository.ProcessDefinition;
import org.flowable.validation.ValidationError;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@@ -44,6 +50,7 @@
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import java.util.zip.ZipEntry;
@@ -54,13 +61,15 @@
*
* @author may
*/
+@Slf4j
@RequiredArgsConstructor
@Service
public class ActModelServiceImpl implements IActModelService {
- private final RepositoryService repositoryService;
- private final IWfDefinitionConfigService iWfDefinitionConfigService;
- private final IWfNodeConfigService iWfNodeConfigService;
+ @Autowired(required = false)
+ private RepositoryService repositoryService;
+ private final IWfNodeConfigService wfNodeConfigService;
+ private final IWfDefinitionConfigService wfDefinitionConfigService;
/**
* 鍒嗛〉鏌ヨ妯″瀷
@@ -126,7 +135,7 @@
repositoryService.addModelEditorSource(model.getId(), StrUtil.utf8Bytes(xml));
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -152,6 +161,7 @@
modelVo.setDescription(model.getMetaInfo());
return modelVo;
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -176,6 +186,7 @@
model.setMetaInfo(modelBo.getDescription());
repositoryService.saveModel(model);
} catch (Exception e) {
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
return true;
@@ -225,7 +236,7 @@
repositoryService.addModelEditorSourceExtra(model.getId(), result);
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -245,7 +256,7 @@
if (ArrayUtil.isEmpty(xmlBytes)) {
throw new ServiceException("妯″瀷鏁版嵁涓虹┖锛岃鍏堣璁℃祦绋嬪畾涔夋ā鍨嬶紝鍐嶈繘琛岄儴缃诧紒");
}
- if (JSONUtil.isTypeJSON(IOUtils.toString(xmlBytes, StandardCharsets.UTF_8.toString()))) {
+ if (JSONUtil.isTypeJSON(new String(xmlBytes, StandardCharsets.UTF_8))) {
byte[] bytes = ModelUtils.bpmnJsonToXmlBytes(xmlBytes);
if (ArrayUtil.isEmpty(bytes)) {
throw new ServiceException("妯″瀷涓嶈兘涓虹┖锛岃鑷冲皯璁捐涓�鏉′富绾挎祦绋嬶紒");
@@ -284,20 +295,23 @@
// 鏇存柊鍒嗙被
ProcessDefinition definition = QueryUtils.definitionQuery().deploymentId(deployment.getId()).singleResult();
repositoryService.setProcessDefinitionCategory(definition.getId(), model.getCategory());
- //鏇存柊娴佺▼瀹氫箟琛ㄥ崟
+ //鏇存柊娴佺▼瀹氫箟閰嶇疆
if (processDefinition != null) {
- WfDefinitionConfigVo definitionVo = iWfDefinitionConfigService.getByDefId(processDefinition.getId());
+ WfDefinitionConfigVo definitionVo = wfDefinitionConfigService.getByDefId(processDefinition.getId());
if (definitionVo != null) {
+ wfDefinitionConfigService.deleteByDefIds(Collections.singletonList(processDefinition.getId()));
WfDefinitionConfigBo wfFormDefinition = new WfDefinitionConfigBo();
wfFormDefinition.setDefinitionId(definition.getId());
wfFormDefinition.setProcessKey(definition.getKey());
- wfFormDefinition.setFormId(ObjectUtil.isNotNull(definitionVo.getFormId()) ? definitionVo.getFormId() : null);
+ wfFormDefinition.setTableName(definitionVo.getTableName());
+ wfFormDefinition.setVersion(definition.getVersion());
wfFormDefinition.setRemark(definitionVo.getRemark());
- iWfDefinitionConfigService.saveOrUpdate(wfFormDefinition);
+ wfDefinitionConfigService.saveOrUpdate(wfFormDefinition);
}
}
//鏇存柊娴佺▼鑺傜偣閰嶇疆琛ㄥ崟
- List<UserTask> userTasks = ModelUtils.getuserTaskFlowElements(definition.getId());
+ List<UserTask> userTasks = ModelUtils.getUserTaskFlowElements(definition.getId());
+ UserTask applyUserTask = ModelUtils.getApplyUserTask(definition.getId());
List<WfNodeConfig> wfNodeConfigList = new ArrayList<>();
for (UserTask userTask : userTasks) {
if (StringUtils.isNotBlank(userTask.getFormKey()) && userTask.getFormKey().contains(StrUtil.COLON)) {
@@ -308,15 +322,16 @@
String[] split = userTask.getFormKey().split(StrUtil.COLON);
wfNodeConfig.setFormType(split[0]);
wfNodeConfig.setFormId(Long.valueOf(split[1]));
+ wfNodeConfig.setApplyUserTask(applyUserTask.getId().equals(userTask.getId()) ? FlowConstant.TRUE : FlowConstant.FALSE);
wfNodeConfigList.add(wfNodeConfig);
}
}
if (CollUtil.isNotEmpty(wfNodeConfigList)) {
- iWfNodeConfigService.saveOrUpdate(wfNodeConfigList);
+ wfNodeConfigService.saveOrUpdate(wfNodeConfigList);
}
return true;
} catch (Exception e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
throw new ServiceException(e.getMessage());
}
}
@@ -329,9 +344,7 @@
*/
@Override
public void exportZip(List<String> modelIds, HttpServletResponse response) {
- ZipOutputStream zos = null;
- try {
- zos = ZipUtil.getZipOutputStream(response.getOutputStream(), StandardCharsets.UTF_8);
+ try (ZipOutputStream zos = ZipUtil.getZipOutputStream(response.getOutputStream(), StandardCharsets.UTF_8)) {
// 鍘嬬缉鍖呮枃浠跺悕
String zipName = "妯″瀷涓嶅瓨鍦�";
// 鏌ヨ妯″瀷鍩烘湰淇℃伅
@@ -339,7 +352,7 @@
Model model = repositoryService.getModel(modelId);
byte[] xmlBytes = repositoryService.getModelEditorSource(modelId);
if (ObjectUtil.isNotNull(model)) {
- if (JSONUtil.isTypeJSON(IOUtils.toString(xmlBytes, StandardCharsets.UTF_8.toString())) && ArrayUtil.isEmpty(ModelUtils.bpmnJsonToXmlBytes(xmlBytes))) {
+ if (JSONUtil.isTypeJSON(new String(xmlBytes, StandardCharsets.UTF_8)) && ArrayUtil.isEmpty(ModelUtils.bpmnJsonToXmlBytes(xmlBytes))) {
zipName = "妯″瀷涓嶈兘涓虹┖锛岃鑷冲皯璁捐涓�鏉′富绾挎祦绋嬶紒";
zos.putNextEntry(new ZipEntry(zipName + ".txt"));
zos.write(zipName.getBytes(StandardCharsets.UTF_8));
@@ -359,19 +372,60 @@
}
response.setHeader("Content-Disposition",
"attachment; filename=" + URLEncoder.encode(zipName, StandardCharsets.UTF_8) + ".zip");
+ response.addHeader("Access-Control-Expose-Headers", "Content-Disposition");
// 鍒峰嚭鍝嶅簲娴�
response.flushBuffer();
} catch (IOException e) {
- e.printStackTrace();
- } finally {
- if (zos != null) {
- try {
- zos.closeEntry();
- zos.close();
- } catch (IOException e) {
- e.printStackTrace();
+ log.error(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * 澶嶅埗妯″瀷
+ *
+ * @param modelBo 妯″瀷鏁版嵁
+ * @return 缁撴灉
+ */
+ @Override
+ @Transactional(rollbackFor = Exception.class)
+ public boolean copyModel(ModelBo modelBo) {
+ try {
+ String key = modelBo.getKey();
+ if (StringUtils.isNotBlank(key)) {
+ // 鏌ヨ妯″瀷
+ Model model = repositoryService.createModelQuery().modelId(modelBo.getId()).singleResult();
+ if (ObjectUtil.isNotNull(model)) {
+ byte[] modelEditorSource = repositoryService.getModelEditorSource(model.getId());
+ List<Model> list = QueryUtils.modelQuery().modelKey(key).list();
+ if (CollUtil.isNotEmpty(list)) {
+ throw new ServiceException("妯″瀷KEY宸插瓨鍦紒");
+ }
+ // 鏍¢獙key鍛藉悕瑙勮寖
+ if (!Validator.isMatchRegex(FlowConstant.MODEL_KEY_PATTERN, key)) {
+ throw new ServiceException("妯″瀷鏍囪瘑KEY鍙兘瀛楃鎴栬�呬笅鍒掔嚎寮�澶达紒");
+ }
+ // 澶嶅埗妯″瀷鏁版嵁
+ Model newModel = repositoryService.newModel();
+ newModel.setKey(modelBo.getKey());
+ newModel.setName(modelBo.getName());
+ newModel.setCategory(modelBo.getCategoryCode());
+ newModel.setVersion(1);
+ newModel.setMetaInfo(modelBo.getDescription());
+ newModel.setTenantId(TenantHelper.getTenantId());
+ String xml = StrUtil.utf8Str(modelEditorSource);
+ BpmnModel bpmnModel = ModelUtils.xmlToBpmnModel(xml);
+ Process mainProcess = bpmnModel.getMainProcess();
+ mainProcess.setId(modelBo.getKey());
+ mainProcess.setName(modelBo.getName());
+ byte[] xmlBytes = new BpmnXMLConverter().convertToXML(bpmnModel);
+ repositoryService.saveModel(newModel);
+ repositoryService.addModelEditorSource(newModel.getId(), xmlBytes);
}
}
+ } catch (Exception e) {
+ log.error(e.getMessage(), e);
+ throw new ServiceException(e.getMessage());
}
+ return true;
}
}
--
Gitblit v1.9.3