From 4f0a584efcbe51c5c232ab6f75a8d760b15d5e03 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 01 四月 2022 17:57:00 +0800
Subject: [PATCH] update springboot 2.6.5 => 2.6.6 修复 CVE-2022-22965 漏洞
---
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java | 33 +++++++++++++++++++++++----------
1 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
index 621dc07..32e06d3 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java
@@ -11,10 +11,10 @@
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.helper.DataBaseHelper;
import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.TreeBuildUtils;
-import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.mapper.SysDeptMapper;
import com.ruoyi.system.mapper.SysRoleMapper;
import com.ruoyi.system.mapper.SysUserMapper;
@@ -22,6 +22,7 @@
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -46,7 +47,15 @@
*/
@Override
public List<SysDept> selectDeptList(SysDept dept) {
- return baseMapper.selectDeptList(dept);
+ LambdaQueryWrapper<SysDept> lqw = new LambdaQueryWrapper<>();
+ lqw.eq(SysDept::getDelFlag, "0")
+ .eq(ObjectUtil.isNotNull(dept.getDeptId()), SysDept::getDeptId, dept.getDeptId())
+ .eq(ObjectUtil.isNotNull(dept.getParentId()), SysDept::getParentId, dept.getParentId())
+ .like(StringUtils.isNotBlank(dept.getDeptName()), SysDept::getDeptName, dept.getDeptName())
+ .eq(StringUtils.isNotBlank(dept.getStatus()), SysDept::getStatus, dept.getStatus())
+ .orderByAsc(SysDept::getParentId)
+ .orderByAsc(SysDept::getOrderNum);
+ return baseMapper.selectDeptList(lqw);
}
/**
@@ -76,7 +85,7 @@
@Override
public List<Long> selectDeptListByRoleId(Long roleId) {
SysRole role = roleMapper.selectById(roleId);
- return baseMapper.selectDeptListByRoleId(roleId, role.isDeptCheckStrictly());
+ return baseMapper.selectDeptListByRoleId(roleId, role.getDeptCheckStrictly());
}
/**
@@ -100,7 +109,7 @@
public long selectNormalChildrenDeptById(Long deptId) {
return baseMapper.selectCount(new LambdaQueryWrapper<SysDept>()
.eq(SysDept::getStatus, UserConstants.DEPT_NORMAL)
- .apply("find_in_set({0}, ancestors)", deptId));
+ .apply(DataBaseHelper.findInSet(deptId, "ancestors")));
}
/**
@@ -152,10 +161,10 @@
*/
@Override
public void checkDeptDataScope(Long deptId) {
- if (!SysUser.isAdmin(LoginHelper.getUserId())) {
+ if (!LoginHelper.isAdmin()) {
SysDept dept = new SysDept();
dept.setDeptId(deptId);
- List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
+ List<SysDept> depts = this.selectDeptList(dept);
if (CollUtil.isEmpty(depts)) {
throw new ServiceException("娌℃湁鏉冮檺璁块棶閮ㄩ棬鏁版嵁锛�");
}
@@ -226,12 +235,16 @@
*/
public void updateDeptChildren(Long deptId, String newAncestors, String oldAncestors) {
List<SysDept> children = baseMapper.selectList(new LambdaQueryWrapper<SysDept>()
- .apply("find_in_set({0},ancestors)", deptId));
+ .apply(DataBaseHelper.findInSet(deptId, "ancestors")));
+ List<SysDept> list = new ArrayList<>();
for (SysDept child : children) {
- child.setAncestors(child.getAncestors().replaceFirst(oldAncestors, newAncestors));
+ SysDept dept = new SysDept();
+ dept.setDeptId(child.getDeptId());
+ dept.setAncestors(child.getAncestors().replaceFirst(oldAncestors, newAncestors));
+ list.add(dept);
}
- if (children.size() > 0) {
- baseMapper.updateDeptChildren(children);
+ if (list.size() > 0) {
+ baseMapper.updateBatchById(list);
}
}
--
Gitblit v1.9.3