From 4f0a584efcbe51c5c232ab6f75a8d760b15d5e03 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 01 四月 2022 17:57:00 +0800
Subject: [PATCH] update springboot 2.6.5 => 2.6.6 修复 CVE-2022-22965 漏洞
---
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java | 158 +++++++++++++++++++++++++++++++++-------------------
1 files changed, 99 insertions(+), 59 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
index be99994..2ef6388 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
@@ -1,35 +1,37 @@
package com.ruoyi.system.service.impl;
import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.ObjectUtil;
+import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import com.ruoyi.common.annotation.DataScope;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.PageQuery;
+import com.ruoyi.common.core.domain.entity.SysDept;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.mybatisplus.core.ServicePlusImpl;
import com.ruoyi.common.core.page.TableDataInfo;
-import com.ruoyi.common.core.service.UserService;
import com.ruoyi.common.exception.ServiceException;
-import com.ruoyi.common.utils.PageUtils;
-import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.common.helper.DataBaseHelper;
+import com.ruoyi.common.helper.LoginHelper;
import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.SysPost;
import com.ruoyi.system.domain.SysUserPost;
import com.ruoyi.system.domain.SysUserRole;
import com.ruoyi.system.mapper.*;
import com.ruoyi.system.service.ISysUserService;
+import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.Map;
import java.util.stream.Collectors;
/**
@@ -38,26 +40,21 @@
* @author Lion Li
*/
@Slf4j
+@RequiredArgsConstructor
@Service
-public class SysUserServiceImpl extends ServicePlusImpl<SysUserMapper, SysUser, SysUser> implements ISysUserService, UserService {
+public class SysUserServiceImpl implements ISysUserService {
- @Autowired
- private SysRoleMapper roleMapper;
-
- @Autowired
- private SysPostMapper postMapper;
-
- @Autowired
- private SysUserRoleMapper userRoleMapper;
-
- @Autowired
- private SysUserPostMapper userPostMapper;
+ private final SysUserMapper baseMapper;
+ private final SysDeptMapper deptMapper;
+ private final SysRoleMapper roleMapper;
+ private final SysPostMapper postMapper;
+ private final SysUserRoleMapper userRoleMapper;
+ private final SysUserPostMapper userPostMapper;
@Override
- @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
public TableDataInfo<SysUser> selectPageUserList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectPageUserList(PageUtils.buildPage(pageQuery), user);
- return PageUtils.buildDataInfo(page);
+ Page<SysUser> page = baseMapper.selectPageUserList(pageQuery.build(), this.buildQueryWrapper(user));
+ return TableDataInfo.build(page);
}
/**
@@ -67,9 +64,29 @@
* @return 鐢ㄦ埛淇℃伅闆嗗悎淇℃伅
*/
@Override
- @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
public List<SysUser> selectUserList(SysUser user) {
- return baseMapper.selectUserList(user);
+ return baseMapper.selectUserList(this.buildQueryWrapper(user));
+ }
+
+ private Wrapper<SysUser> buildQueryWrapper(SysUser user) {
+ Map<String, Object> params = user.getParams();
+ QueryWrapper<SysUser> wrapper = Wrappers.query();
+ wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
+ .eq(ObjectUtil.isNotNull(user.getUserId()), "u.user_id", user.getUserId())
+ .like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
+ .eq(StringUtils.isNotBlank(user.getStatus()), "u.status", user.getStatus())
+ .like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber())
+ .between(params.get("beginTime") != null && params.get("endTime") != null,
+ "u.create_time", params.get("beginTime"), params.get("endTime"))
+ .and(ObjectUtil.isNotNull(user.getDeptId()), w -> {
+ List<SysDept> deptList = deptMapper.selectList(new LambdaQueryWrapper<SysDept>()
+ .select(SysDept::getDeptId)
+ .apply(DataBaseHelper.findInSet(user.getDeptId(), "ancestors")));
+ List<Long> ids = deptList.stream().map(SysDept::getDeptId).collect(Collectors.toList());
+ ids.add(user.getDeptId());
+ w.in("u.dept_id", ids);
+ });
+ return wrapper;
}
/**
@@ -79,10 +96,15 @@
* @return 鐢ㄦ埛淇℃伅闆嗗悎淇℃伅
*/
@Override
- @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
public TableDataInfo<SysUser> selectAllocatedList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectAllocatedList(PageUtils.buildPage(pageQuery), user);
- return PageUtils.buildDataInfo(page);
+ QueryWrapper<SysUser> wrapper = Wrappers.query();
+ wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
+ .eq(ObjectUtil.isNotNull(user.getRoleId()), "r.role_id", user.getRoleId())
+ .like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
+ .eq(StringUtils.isNotBlank(user.getStatus()), "u.status", user.getStatus())
+ .like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber());
+ Page<SysUser> page = baseMapper.selectAllocatedList(pageQuery.build(), wrapper);
+ return TableDataInfo.build(page);
}
/**
@@ -92,10 +114,16 @@
* @return 鐢ㄦ埛淇℃伅闆嗗悎淇℃伅
*/
@Override
- @DataScope(deptAlias = "d", userAlias = "u", isUser = true)
public TableDataInfo<SysUser> selectUnallocatedList(SysUser user, PageQuery pageQuery) {
- Page<SysUser> page = baseMapper.selectUnallocatedList(PageUtils.buildPage(pageQuery), user);
- return PageUtils.buildDataInfo(page);
+ List<Long> userId = userRoleMapper.selectUserIdsByRoleId(user.getRoleId());
+ QueryWrapper<SysUser> wrapper = Wrappers.query();
+ wrapper.eq("u.del_flag", UserConstants.USER_NORMAL)
+ .and(w -> w.ne("r.role_id", user.getRoleId()).or().isNull("r.role_id"))
+ .notIn("u.user_id", userId)
+ .like(StringUtils.isNotBlank(user.getUserName()), "u.user_name", user.getUserName())
+ .like(StringUtils.isNotBlank(user.getPhonenumber()), "u.phonenumber", user.getPhonenumber());
+ Page<SysUser> page = baseMapper.selectUnallocatedList(pageQuery.build(), wrapper);
+ return TableDataInfo.build(page);
}
/**
@@ -107,6 +135,17 @@
@Override
public SysUser selectUserByUserName(String userName) {
return baseMapper.selectUserByUserName(userName);
+ }
+
+ /**
+ * 閫氳繃鎵嬫満鍙锋煡璇㈢敤鎴�
+ *
+ * @param phonenumber 鎵嬫満鍙�
+ * @return 鐢ㄦ埛瀵硅薄淇℃伅
+ */
+ @Override
+ public SysUser selectUserByPhonenumber(String phonenumber) {
+ return baseMapper.selectUserByPhonenumber(phonenumber);
}
/**
@@ -158,8 +197,8 @@
*/
@Override
public String checkUserNameUnique(String userName) {
- long count = count(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUserName, userName));
- if (count > 0) {
+ boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUserName, userName));
+ if (exist) {
return UserConstants.NOT_UNIQUE;
}
return UserConstants.UNIQUE;
@@ -173,11 +212,10 @@
*/
@Override
public String checkPhoneUnique(SysUser user) {
- Long userId = StringUtils.isNull(user.getUserId()) ? -1L : user.getUserId();
- long count = count(new LambdaQueryWrapper<SysUser>()
- .eq(SysUser::getPhonenumber, user.getPhonenumber())
- .ne(SysUser::getUserId, userId));
- if (count > 0) {
+ boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysUser>()
+ .eq(SysUser::getPhonenumber, user.getPhonenumber())
+ .ne(ObjectUtil.isNotNull(user.getUserId()), SysUser::getUserId, user.getUserId()));
+ if (exist) {
return UserConstants.NOT_UNIQUE;
}
return UserConstants.UNIQUE;
@@ -191,11 +229,10 @@
*/
@Override
public String checkEmailUnique(SysUser user) {
- Long userId = StringUtils.isNull(user.getUserId()) ? -1L : user.getUserId();
- long count = count(new LambdaQueryWrapper<SysUser>()
- .eq(SysUser::getEmail, user.getEmail())
- .ne(SysUser::getUserId, userId));
- if (count > 0) {
+ boolean exist = baseMapper.exists(new LambdaQueryWrapper<SysUser>()
+ .eq(SysUser::getEmail, user.getEmail())
+ .ne(ObjectUtil.isNotNull(user.getUserId()), SysUser::getUserId, user.getUserId()));
+ if (exist) {
return UserConstants.NOT_UNIQUE;
}
return UserConstants.UNIQUE;
@@ -208,7 +245,7 @@
*/
@Override
public void checkUserAllowed(SysUser user) {
- if (StringUtils.isNotNull(user.getUserId()) && user.isAdmin()) {
+ if (ObjectUtil.isNotNull(user.getUserId()) && user.isAdmin()) {
throw new ServiceException("涓嶅厑璁告搷浣滆秴绾х鐞嗗憳鐢ㄦ埛");
}
}
@@ -220,11 +257,11 @@
*/
@Override
public void checkUserDataScope(Long userId) {
- if (!SysUser.isAdmin(SecurityUtils.getUserId())) {
+ if (!LoginHelper.isAdmin()) {
SysUser user = new SysUser();
user.setUserId(userId);
- List<SysUser> users = SpringUtils.getAopProxy(this).selectUserList(user);
- if (StringUtils.isEmpty(users)) {
+ List<SysUser> users = this.selectUserList(user);
+ if (CollUtil.isEmpty(users)) {
throw new ServiceException("娌℃湁鏉冮檺璁块棶鐢ㄦ埛鏁版嵁锛�");
}
}
@@ -256,6 +293,8 @@
*/
@Override
public boolean registerUser(SysUser user) {
+ user.setCreateBy(user.getUserName());
+ user.setUpdateBy(user.getUserName());
return baseMapper.insert(user) > 0;
}
@@ -290,7 +329,7 @@
@Transactional(rollbackFor = Exception.class)
public void insertUserAuth(Long userId, Long[] roleIds) {
userRoleMapper.delete(new LambdaQueryWrapper<SysUserRole>()
- .eq(SysUserRole::getUserId, userId));
+ .eq(SysUserRole::getUserId, userId));
insertUserRole(userId, roleIds);
}
@@ -326,9 +365,9 @@
@Override
public boolean updateUserAvatar(String userName, String avatar) {
return baseMapper.update(null,
- new LambdaUpdateWrapper<SysUser>()
- .set(SysUser::getAvatar, avatar)
- .eq(SysUser::getUserName, userName)) > 0;
+ new LambdaUpdateWrapper<SysUser>()
+ .set(SysUser::getAvatar, avatar)
+ .eq(SysUser::getUserName, userName)) > 0;
}
/**
@@ -352,9 +391,9 @@
@Override
public int resetUserPwd(String userName, String password) {
return baseMapper.update(null,
- new LambdaUpdateWrapper<SysUser>()
- .set(SysUser::getPassword, password)
- .eq(SysUser::getUserName, userName));
+ new LambdaUpdateWrapper<SysUser>()
+ .set(SysUser::getPassword, password)
+ .eq(SysUser::getUserName, userName));
}
/**
@@ -364,7 +403,7 @@
*/
public void insertUserRole(SysUser user) {
Long[] roles = user.getRoleIds();
- if (StringUtils.isNotNull(roles)) {
+ if (ObjectUtil.isNotNull(roles)) {
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
List<SysUserRole> list = new ArrayList<SysUserRole>();
for (Long roleId : roles) {
@@ -374,7 +413,7 @@
list.add(ur);
}
if (list.size() > 0) {
- userRoleMapper.insertAll(list);
+ userRoleMapper.insertBatch(list);
}
}
}
@@ -386,7 +425,7 @@
*/
public void insertUserPost(SysUser user) {
Long[] posts = user.getPostIds();
- if (StringUtils.isNotNull(posts)) {
+ if (ObjectUtil.isNotNull(posts)) {
// 鏂板鐢ㄦ埛涓庡矖浣嶇鐞�
List<SysUserPost> list = new ArrayList<SysUserPost>();
for (Long postId : posts) {
@@ -396,7 +435,7 @@
list.add(up);
}
if (list.size() > 0) {
- userPostMapper.insertAll(list);
+ userPostMapper.insertBatch(list);
}
}
}
@@ -408,7 +447,7 @@
* @param roleIds 瑙掕壊缁�
*/
public void insertUserRole(Long userId, Long[] roleIds) {
- if (StringUtils.isNotNull(roleIds)) {
+ if (ObjectUtil.isNotNull(roleIds)) {
// 鏂板鐢ㄦ埛涓庤鑹茬鐞�
List<SysUserRole> list = new ArrayList<SysUserRole>();
for (Long roleId : roleIds) {
@@ -418,7 +457,7 @@
list.add(ur);
}
if (list.size() > 0) {
- userRoleMapper.insertAll(list);
+ userRoleMapper.insertBatch(list);
}
}
}
@@ -450,6 +489,7 @@
public int deleteUserByIds(Long[] userIds) {
for (Long userId : userIds) {
checkUserAllowed(new SysUser(userId));
+ checkUserDataScope(userId);
}
List<Long> ids = Arrays.asList(userIds);
// 鍒犻櫎鐢ㄦ埛涓庤鑹插叧鑱�
--
Gitblit v1.9.3