From 4f0a584efcbe51c5c232ab6f75a8d760b15d5e03 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 01 四月 2022 17:57:00 +0800
Subject: [PATCH] update springboot 2.6.5 => 2.6.6 修复 CVE-2022-22965 漏洞
---
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java | 63 ++++++++++++++++++++++++++++---
1 files changed, 57 insertions(+), 6 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
index c3ff6f4..2ef6388 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -2,18 +2,22 @@
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjectUtil;
+import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.PageQuery;
+import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.exception.ServiceException;
+import com.ruoyi.common.helper.DataBaseHelper;
import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.SysPost;
import com.ruoyi.system.domain.SysUserPost;
import com.ruoyi.system.domain.SysUserRole;
@@ -27,6 +31,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.Map;
import java.util.stream.Collectors;
/**
@@ -40,6 +45,7 @@
public class SysUserServiceImpl implements ISysUserService {
private final SysUserMapper baseMapper;
+ private final SysDeptMapper deptMapper;
private final SysRoleMapper roleMapper;
private final SysPostMapper postMapper;
private final SysUserRoleMapper userRoleMapper;
@@ -47,7 +53,7 @@
@Override
public TableDataInfo<SysUser> selectPageUserList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectPageUserList(pageQuery.build(), user);
+ Page<SysUser> page = baseMapper.selectPageUserList(pageQuery.build(), this.buildQueryWrapper(user));
return TableDataInfo.build(page);
}
@@ -59,7 +65,28 @@
*/
@Override
public List<SysUser> selectUserList(SysUser user) {
- return baseMapper.selectUserList(user);
+ return baseMapper.selectUserList(this.buildQueryWrapper(user));
+ }
+
+ private Wrapper<SysUser> buildQueryWrapper(SysUser user) {
+ Map<String, Object> params = user.getParams();
+ QueryWrapper<SysUser> wrapper = Wrappers.query();
+ wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
+ .eq(ObjectUtil.isNotNull(user.getUserId()), "u.user_id", user.getUserId())
+ .like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
+ .eq(StringUtils.isNotBlank(user.getStatus()), "u.status", user.getStatus())
+ .like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber())
+ .between(params.get("beginTime") != null && params.get("endTime") != null,
+ "u.create_time", params.get("beginTime"), params.get("endTime"))
+ .and(ObjectUtil.isNotNull(user.getDeptId()), w -> {
+ List<SysDept> deptList = deptMapper.selectList(new LambdaQueryWrapper<SysDept>()
+ .select(SysDept::getDeptId)
+ .apply(DataBaseHelper.findInSet(user.getDeptId(), "ancestors")));
+ List<Long> ids = deptList.stream().map(SysDept::getDeptId).collect(Collectors.toList());
+ ids.add(user.getDeptId());
+ w.in("u.dept_id", ids);
+ });
+ return wrapper;
}
/**
@@ -70,7 +97,13 @@
*/
@Override
public TableDataInfo<SysUser> selectAllocatedList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectAllocatedList(pageQuery.build(), user);
+ QueryWrapper<SysUser> wrapper = Wrappers.query();
+ wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
+ .eq(ObjectUtil.isNotNull(user.getRoleId()), "r.role_id", user.getRoleId())
+ .like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
+ .eq(StringUtils.isNotBlank(user.getStatus()), "u.status", user.getStatus())
+ .like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber());
+ Page<SysUser> page = baseMapper.selectAllocatedList(pageQuery.build(), wrapper);
return TableDataInfo.build(page);
}
@@ -82,7 +115,14 @@
*/
@Override
public TableDataInfo<SysUser> selectUnallocatedList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectUnallocatedList(pageQuery.build(), user);
+ List<Long> userId = userRoleMapper.selectUserIdsByRoleId(user.getRoleId());
+ QueryWrapper<SysUser> wrapper = Wrappers.query();
+ wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
+ .and(w -> w.ne("r.role_id", user.getRoleId()).or().isNull("r.role_id"))
+ .notIn("u.user_id", userId)
+ .like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
+ .like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber());
+ Page<SysUser> page = baseMapper.selectUnallocatedList(pageQuery.build(), wrapper);
return TableDataInfo.build(page);
}
@@ -95,6 +135,17 @@
@Override
public SysUser selectUserByUserName(String userName) {
return baseMapper.selectUserByUserName(userName);
+ }
+
+ /**
+ * 閫氳繃鎵嬫満鍙锋煡璇㈢敤鎴�
+ *
+ * @param phonenumber 鎵嬫満鍙�
+ * @return 鐢ㄦ埛瀵硅薄淇℃伅
+ */
+ @Override
+ public SysUser selectUserByPhonenumber(String phonenumber) {
+ return baseMapper.selectUserByPhonenumber(phonenumber);
}
/**
@@ -209,7 +260,7 @@
if (!LoginHelper.isAdmin()) {
SysUser user = new SysUser();
user.setUserId(userId);
- List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
+ List<SysUser> users = this.selectUserList(user);
if (CollUtil.isEmpty(users)) {
throw new ServiceException("娌℃湁鏉冮檺璁块棶鐢ㄦ埛鏁版嵁锛�");
}
--
Gitblit v1.9.3