From b4f9d3a8f238e3d40d97f0d947b5b4b302d0c04e Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期四, 27 五月 2021 22:06:36 +0800
Subject: [PATCH] update 优化dataScope参数防止注入
---
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java | 322 ++++++++++++++++++++++++++---------------------------
1 files changed, 159 insertions(+), 163 deletions(-)
diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
index 60bd1a5..c3fdf83 100644
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java
@@ -1,163 +1,159 @@
-package com.ruoyi.web.controller.system;
-
-import java.util.Iterator;
-import java.util.List;
-import org.apache.commons.lang3.ArrayUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.PutMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-import com.ruoyi.common.annotation.Log;
-import com.ruoyi.common.constant.UserConstants;
-import com.ruoyi.common.core.controller.BaseController;
-import com.ruoyi.common.core.domain.AjaxResult;
-import com.ruoyi.common.core.domain.entity.SysDept;
-import com.ruoyi.common.enums.BusinessType;
-import com.ruoyi.common.utils.SecurityUtils;
-import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.system.service.ISysDeptService;
-
-/**
- * 閮ㄩ棬淇℃伅
- *
- * @author ruoyi
- */
-@RestController
-@RequestMapping("/system/dept")
-public class SysDeptController extends BaseController
-{
- @Autowired
- private ISysDeptService deptService;
-
- /**
- * 鑾峰彇閮ㄩ棬鍒楄〃
- */
- @PreAuthorize("@ss.hasPermi('system:dept:list')")
- @GetMapping("/list")
- public AjaxResult list(SysDept dept)
- {
- List<SysDept> depts = deptService.selectDeptList(dept);
- return AjaxResult.success(depts);
- }
-
- /**
- * 鏌ヨ閮ㄩ棬鍒楄〃锛堟帓闄よ妭鐐癸級
- */
- @PreAuthorize("@ss.hasPermi('system:dept:list')")
- @GetMapping("/list/exclude/{deptId}")
- public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
- {
- List<SysDept> depts = deptService.selectDeptList(new SysDept());
- Iterator<SysDept> it = depts.iterator();
- while (it.hasNext())
- {
- SysDept d = (SysDept) it.next();
- if (d.getDeptId().intValue() == deptId
- || ArrayUtils.contains(StringUtils.split(d.getAncestors(), ","), deptId + ""))
- {
- it.remove();
- }
- }
- return AjaxResult.success(depts);
- }
-
- /**
- * 鏍规嵁閮ㄩ棬缂栧彿鑾峰彇璇︾粏淇℃伅
- */
- @PreAuthorize("@ss.hasPermi('system:dept:query')")
- @GetMapping(value = "/{deptId}")
- public AjaxResult getInfo(@PathVariable Long deptId)
- {
- return AjaxResult.success(deptService.selectDeptById(deptId));
- }
-
- /**
- * 鑾峰彇閮ㄩ棬涓嬫媺鏍戝垪琛�
- */
- @GetMapping("/treeselect")
- public AjaxResult treeselect(SysDept dept)
- {
- List<SysDept> depts = deptService.selectDeptList(dept);
- return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
- }
-
- /**
- * 鍔犺浇瀵瑰簲瑙掕壊閮ㄩ棬鍒楄〃鏍�
- */
- @GetMapping(value = "/roleDeptTreeselect/{roleId}")
- public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
- {
- List<SysDept> depts = deptService.selectDeptList(new SysDept());
- AjaxResult ajax = AjaxResult.success();
- ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
- ajax.put("depts", deptService.buildDeptTreeSelect(depts));
- return ajax;
- }
-
- /**
- * 鏂板閮ㄩ棬
- */
- @PreAuthorize("@ss.hasPermi('system:dept:add')")
- @Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.INSERT)
- @PostMapping
- public AjaxResult add(@Validated @RequestBody SysDept dept)
- {
- if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
- {
- return AjaxResult.error("鏂板閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛岄儴闂ㄥ悕绉板凡瀛樺湪");
- }
- dept.setCreateBy(SecurityUtils.getUsername());
- return toAjax(deptService.insertDept(dept));
- }
-
- /**
- * 淇敼閮ㄩ棬
- */
- @PreAuthorize("@ss.hasPermi('system:dept:edit')")
- @Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.UPDATE)
- @PutMapping
- public AjaxResult edit(@Validated @RequestBody SysDept dept)
- {
- if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
- {
- return AjaxResult.error("淇敼閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛岄儴闂ㄥ悕绉板凡瀛樺湪");
- }
- else if (dept.getParentId().equals(dept.getDeptId()))
- {
- return AjaxResult.error("淇敼閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛屼笂绾ч儴闂ㄤ笉鑳芥槸鑷繁");
- }
- else if (StringUtils.equals(UserConstants.DEPT_DISABLE, dept.getStatus())
- && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0)
- {
- return AjaxResult.error("璇ラ儴闂ㄥ寘鍚湭鍋滅敤鐨勫瓙閮ㄩ棬锛�");
- }
- dept.setUpdateBy(SecurityUtils.getUsername());
- return toAjax(deptService.updateDept(dept));
- }
-
- /**
- * 鍒犻櫎閮ㄩ棬
- */
- @PreAuthorize("@ss.hasPermi('system:dept:remove')")
- @Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.DELETE)
- @DeleteMapping("/{deptId}")
- public AjaxResult remove(@PathVariable Long deptId)
- {
- if (deptService.hasChildByDeptId(deptId))
- {
- return AjaxResult.error("瀛樺湪涓嬬骇閮ㄩ棬,涓嶅厑璁稿垹闄�");
- }
- if (deptService.checkDeptExistUser(deptId))
- {
- return AjaxResult.error("閮ㄩ棬瀛樺湪鐢ㄦ埛,涓嶅厑璁稿垹闄�");
- }
- return toAjax(deptService.deleteDeptById(deptId));
- }
-}
+package com.ruoyi.web.controller.system;
+
+import cn.hutool.core.util.StrUtil;
+import com.ruoyi.common.annotation.Log;
+import com.ruoyi.common.constant.UserConstants;
+import com.ruoyi.common.core.controller.BaseController;
+import com.ruoyi.common.core.domain.AjaxResult;
+import com.ruoyi.common.core.domain.entity.SysDept;
+import com.ruoyi.common.enums.BusinessType;
+import com.ruoyi.common.utils.SecurityUtils;
+import com.ruoyi.system.service.ISysDeptService;
+import org.apache.commons.lang3.ArrayUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 閮ㄩ棬淇℃伅
+ *
+ * @author ruoyi
+ */
+@RestController
+@RequestMapping("/system/dept")
+public class SysDeptController extends BaseController
+{
+ @Autowired
+ private ISysDeptService deptService;
+
+ /**
+ * 鑾峰彇閮ㄩ棬鍒楄〃
+ */
+ @PreAuthorize("@ss.hasPermi('system:dept:list')")
+ @GetMapping("/list")
+ public AjaxResult list(SysDept dept)
+ {
+ List<SysDept> depts = deptService.selectDeptList(dept);
+ return AjaxResult.success(depts);
+ }
+
+ /**
+ * 鏌ヨ閮ㄩ棬鍒楄〃锛堟帓闄よ妭鐐癸級
+ */
+ @PreAuthorize("@ss.hasPermi('system:dept:list')")
+ @GetMapping("/list/exclude/{deptId}")
+ public AjaxResult excludeChild(@PathVariable(value = "deptId", required = false) Long deptId)
+ {
+ List<SysDept> depts = deptService.selectDeptList(new SysDept());
+ Iterator<SysDept> it = depts.iterator();
+ while (it.hasNext())
+ {
+ SysDept d = (SysDept) it.next();
+ if (d.getDeptId().intValue() == deptId
+ || ArrayUtils.contains(StrUtil.split(d.getAncestors(), ","), deptId + ""))
+ {
+ it.remove();
+ }
+ }
+ return AjaxResult.success(depts);
+ }
+
+ /**
+ * 鏍规嵁閮ㄩ棬缂栧彿鑾峰彇璇︾粏淇℃伅
+ */
+ @PreAuthorize("@ss.hasPermi('system:dept:query')")
+ @GetMapping(value = "/{deptId}")
+ public AjaxResult getInfo(@PathVariable Long deptId)
+ {
+ return AjaxResult.success(deptService.selectDeptById(deptId));
+ }
+
+ /**
+ * 鑾峰彇閮ㄩ棬涓嬫媺鏍戝垪琛�
+ */
+ @GetMapping("/treeselect")
+ public AjaxResult treeselect(SysDept dept)
+ {
+ List<SysDept> depts = deptService.selectDeptList(dept);
+ return AjaxResult.success(deptService.buildDeptTreeSelect(depts));
+ }
+
+ /**
+ * 鍔犺浇瀵瑰簲瑙掕壊閮ㄩ棬鍒楄〃鏍�
+ */
+ @GetMapping(value = "/roleDeptTreeselect/{roleId}")
+ public AjaxResult roleDeptTreeselect(@PathVariable("roleId") Long roleId)
+ {
+ List<SysDept> depts = deptService.selectDeptList(new SysDept());
+ Map<String,Object> ajax = new HashMap<>();
+ ajax.put("checkedKeys", deptService.selectDeptListByRoleId(roleId));
+ ajax.put("depts", deptService.buildDeptTreeSelect(depts));
+ return AjaxResult.success(ajax);
+ }
+
+ /**
+ * 鏂板閮ㄩ棬
+ */
+ @PreAuthorize("@ss.hasPermi('system:dept:add')")
+ @Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.INSERT)
+ @PostMapping
+ public AjaxResult add(@Validated @RequestBody SysDept dept)
+ {
+ if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
+ {
+ return AjaxResult.error("鏂板閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛岄儴闂ㄥ悕绉板凡瀛樺湪");
+ }
+ dept.setCreateBy(SecurityUtils.getUsername());
+ return toAjax(deptService.insertDept(dept));
+ }
+
+ /**
+ * 淇敼閮ㄩ棬
+ */
+ @PreAuthorize("@ss.hasPermi('system:dept:edit')")
+ @Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.UPDATE)
+ @PutMapping
+ public AjaxResult edit(@Validated @RequestBody SysDept dept)
+ {
+ if (UserConstants.NOT_UNIQUE.equals(deptService.checkDeptNameUnique(dept)))
+ {
+ return AjaxResult.error("淇敼閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛岄儴闂ㄥ悕绉板凡瀛樺湪");
+ }
+ else if (dept.getParentId().equals(dept.getDeptId()))
+ {
+ return AjaxResult.error("淇敼閮ㄩ棬'" + dept.getDeptName() + "'澶辫触锛屼笂绾ч儴闂ㄤ笉鑳芥槸鑷繁");
+ }
+ else if (StrUtil.equals(UserConstants.DEPT_DISABLE, dept.getStatus())
+ && deptService.selectNormalChildrenDeptById(dept.getDeptId()) > 0)
+ {
+ return AjaxResult.error("璇ラ儴闂ㄥ寘鍚湭鍋滅敤鐨勫瓙閮ㄩ棬锛�");
+ }
+ dept.setUpdateBy(SecurityUtils.getUsername());
+ return toAjax(deptService.updateDept(dept));
+ }
+
+ /**
+ * 鍒犻櫎閮ㄩ棬
+ */
+ @PreAuthorize("@ss.hasPermi('system:dept:remove')")
+ @Log(title = "閮ㄩ棬绠$悊", businessType = BusinessType.DELETE)
+ @DeleteMapping("/{deptId}")
+ public AjaxResult remove(@PathVariable Long deptId)
+ {
+ if (deptService.hasChildByDeptId(deptId))
+ {
+ return AjaxResult.error("瀛樺湪涓嬬骇閮ㄩ棬,涓嶅厑璁稿垹闄�");
+ }
+ if (deptService.checkDeptExistUser(deptId))
+ {
+ return AjaxResult.error("閮ㄩ棬瀛樺湪鐢ㄦ埛,涓嶅厑璁稿垹闄�");
+ }
+ return toAjax(deptService.deleteDeptById(deptId));
+ }
+}
--
Gitblit v1.9.3