diff --git a/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java b/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java index ce9edc6..4a9eb91 100644 --- a/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java +++ b/src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java @@ -123,8 +123,8 @@ public class AssociatedFormsController { String rangeString = requestBody.get("rangeString"); String hideFormula = requestBody.get("hideFormula"); String hideString = requestBody.get("hideString"); - - ArrayList dataTitles = customerFormService.getAsfDataTitles(key,token,formId,dataTitle,rangeFormula,rangeString,hideFormula,hideString); + String masterOnField = requestBody.get("masterOnField"); + ArrayList dataTitles = customerFormService.getAsfDataTitles(key,token,formId,dataTitle,rangeFormula,rangeString,hideFormula,hideString,masterOnField); return JsonData.buildSuccess(dataTitles); diff --git a/src/main/java/com/hxgk/lowcode/mapper/FieldRecordMapper.java b/src/main/java/com/hxgk/lowcode/mapper/FieldRecordMapper.java index baf20b8..b759181 100644 --- a/src/main/java/com/hxgk/lowcode/mapper/FieldRecordMapper.java +++ b/src/main/java/com/hxgk/lowcode/mapper/FieldRecordMapper.java @@ -22,4 +22,16 @@ public interface FieldRecordMapper { // 检查表中是否包含指定字段 boolean checkFieldExists(@Param("tableName")String tableName, @Param("fieldName")String fieldName); + + List> getDataTitlesWithWhere_Asf_NotTable(@Param("asfFormName") String asfFormName, @Param("fields") List toSelectDataTitles,@Param("operator") String operator,@Param("whereCondition") String whereCondition,@Param("leftField") String leftField); + + List> getDataTitlesWithWhere_Master_NotTable( + @Param("asfFormName") String asfFormName,@Param("fields") List toSelectDataTitles, @Param("masterFormName") String masterFormName, @Param("masterOnField") String masterOnField, + @Param("whereConditionField") String whereConditionField, @Param("operator") String operator, @Param("whereConditionValue") String whereConditionValue + ); + + List> getDataTitlesWithWhere_Master_IsTable( + @Param("parent") String parent,@Param("fields") List toSelectDataTitles, @Param("child") String child, + @Param("whereConditionField") String whereConditionField, @Param("operator") String operator, @Param("whereConditionValue") String whereConditionValue + ); } diff --git a/src/main/java/com/hxgk/lowcode/model/entity/UserDetail.java b/src/main/java/com/hxgk/lowcode/model/entity/UserDetail.java index 4bfb016..0590943 100644 --- a/src/main/java/com/hxgk/lowcode/model/entity/UserDetail.java +++ b/src/main/java/com/hxgk/lowcode/model/entity/UserDetail.java @@ -86,4 +86,19 @@ public class UserDetail { public void setMaindeparment(Long maindeparment) { this.maindeparment = maindeparment; } + + + @Override + public String toString() { + return "UserDetail{" + + "idcardno='" + idcardno + '\'' + + ", name='" + name + '\'' + + ", icon='" + icon + '\'' + + ", wmNumber='" + wmNumber + '\'' + + ", wmKey=" + wmKey + + ", adminorg=" + adminorg + + ", roleId=" + roleId + + ", maindeparment=" + maindeparment + + '}'; + } } diff --git a/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java b/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java index b1b82a4..1cd4c2e 100644 --- a/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java +++ b/src/main/java/com/hxgk/lowcode/service/CustomerFormService.java @@ -16,7 +16,7 @@ public interface CustomerFormService { ArrayList getFieldRecord(String key, String token, String[] optionsValue3FieldArray); - ArrayList getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString); + ArrayList getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString,String masterOnField); ArrayList getAsfDataTitlesByIds(String AsfFormId,ArrayList> ids); Boolean queryIfOrgOrPersonContainsCurrentUser(String key, String token, String targetOrgOrPerson, String condition, String currentUser); diff --git a/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java b/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java index 1f05eff..14faa31 100644 --- a/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java +++ b/src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java @@ -643,7 +643,7 @@ public class CustomerFormServiceImpl implements CustomerFormService { 关联表单组件下拉数据标题选项获取(所有) */ @Override - public ArrayList getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString) { + public ArrayList getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString,String masterOnField) { //关联表单的id String AsfFormId = formId; //根据formId(cfid)查询关联表单表名 @@ -682,307 +682,140 @@ public class CustomerFormServiceImpl implements CustomerFormService { String operator = leftOperatorsAndRight.get("operator"); //System.out.println(operator); String right = leftOperatorsAndRight.get("right"); - //System.out.println(right); - if(operator.equals("包含")){ - if(right.equals("数据拥有者")){ - //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 - boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); - try { - // 可能抛出异常的代码 - String[] leftArr = left.split(":"); - if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 - String targetOrgOrPerson = leftArr[1]; - - - List> filteredDataTitleMapList = new ArrayList<>(); - - if(owner){//有owner字段 也就是数据拥有者 - //增加owner条件 - toSelectDataTitles.add("owner"); - - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); - for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 - //filteredDataTitleMapList.add(map); - }else{//owner有值 - //本条数据的owner 值为hr系统某个用户的key - String ownerValue = map.get("owner").toString(); - ownerValue = "owner:"+ownerValue; - /*要判断本条数据的ownerValue是否在targetOrgOrPerson之内 - * 1.获取ownerValue的maindeparment(主部门), - * 2.从1获取到的主部门id向上查询到所有祖先部门数组, - * 3.查看targetOrgOrPerson是否在2查询到的数组中 - * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 - * */ - Boolean ownerInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson - if(ownerInOrg){ - filteredDataTitleMapList.add(map); - } - } - } - dataTitleMapList = filteredDataTitleMapList; - }else{//返回所有数据标题 - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 - } + if(containsDangerousWords(right)){//有sql注入的风险的输入 记录操作人key 时间,和输入的right条件 用来追究法律责任. + //获取用户信息 从redis中根据userkey和usertoken拿到userdetail + Map keytokenmap = new HashMap<>(); + keytokenmap.put("userkey",key); + keytokenmap.put("usertoken",token); + UserDetail userDetail = userService.getUserDetailFromRedis(keytokenmap); + logger.error("用户进行了SQL注入攻击:key--"+userDetail.getWmKey()+"姓名--"+userDetail.getName()+"输入的条件"+rangeFormula); + dataTitleMapList = new ArrayList<>();//直接返回空数据标题列表 + }else{ + if(operator.equals("包含")){ + if(right.equals("数据拥有者")){ + //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 + boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); + try { + // 可能抛出异常的代码 + String[] leftArr = left.split(":"); + if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 + String targetOrgOrPerson = leftArr[1]; - /*for(TreeMap item : dataTitleMapList){ - System.out.println(item); - }*/ - }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 - //System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles); - //dataTitleMapList = handleLeftArrLength3(right, operator, left, toSelectDataTitles); - if(leftArr[0].equals("roleid")){ - System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);//高管包含数据拥有者 - String roleId = leftArr[2]; - /* - - * */ - //查出 - }else if(leftArr[0].equals("formField")){ - - }else{//不应该存在的东西 - logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 - - } - } catch (Exception e) { - e.printStackTrace(); - logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(right.equals("数据所属部门")){ - try { - // 可能抛出异常的代码 - String[] leftArr = left.split(":"); - if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 - String targetOrgOrPerson = leftArr[1]; + List> filteredDataTitleMapList = new ArrayList<>(); + if(owner){//有owner字段 也就是数据拥有者 + //增加owner条件 + toSelectDataTitles.add("owner"); - List> filteredDataTitleMapList = new ArrayList<>(); - //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 - boolean org = fieldRecordMapper.checkFieldExists(asfFormName, "org"); - boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); - if(owner){//有owner字段 也就是数据拥有者 - //增加owner条件 - toSelectDataTitles.add("owner"); - } - if(org){//有org字段 也就是数据所属部门 - //增加org条件 - toSelectDataTitles.add("org"); - - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); - for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 - //filteredDataTitleMapList.add(map); - }else{//org有值 - //本条数据的org 值为hr系统orgcont表的id - String orgValue = map.get("org").toString(); - orgValue = "org:"+orgValue; - /*要判断本条数据的orgValue是否在targetOrgOrPerson之内 - * - * 1.orgValue向上查询到所有祖先部门数组,数组中也要加入orgValue - * 2.查看targetOrgOrPerson是否在1查询到的数组中 - * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 - * */ - Boolean orgInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson - if(orgInOrg){ - filteredDataTitleMapList.add(map); + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); + for(TreeMap map :dataTitleMapList){ + if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 + //filteredDataTitleMapList.add(map); + }else{//owner有值 + //本条数据的owner 值为hr系统某个用户的key + String ownerValue = map.get("owner").toString(); + ownerValue = "owner:"+ownerValue; + /*要判断本条数据的ownerValue是否在targetOrgOrPerson之内 + * 1.获取ownerValue的maindeparment(主部门), + * 2.从1获取到的主部门id向上查询到所有祖先部门数组, + * 3.查看targetOrgOrPerson是否在2查询到的数组中 + * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 + * */ + Boolean ownerInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson + if(ownerInOrg){ + filteredDataTitleMapList.add(map); + } } } + dataTitleMapList = filteredDataTitleMapList; + }else{//返回所有数据标题 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 } - dataTitleMapList = filteredDataTitleMapList; - }else{//返回所有数据标题 - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 - } - /*for(TreeMap item : dataTitleMapList){ - System.out.println(item); - }*/ - }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 - if(leftArr[0].equals("roleid")){ - }else if(leftArr[0].equals("formField")){ - - }else{//不应该存在的东西 - logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 - } - } catch (Exception e) { - e.printStackTrace(); - logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else{//无法处理的情况,直接返回全部数据标题 - logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(operator.equals("不包含")){ - if(right.equals("数据拥有者")){ - try { - // 可能抛出异常的代码 - String[] leftArr = left.split(":"); - if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部不包含数据拥有者 - String targetOrgOrPerson = leftArr[1]; - - - List> filteredDataTitleMapList = new ArrayList<>(); - //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 - boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); - if(owner){//有owner字段 也就是数据拥有者 - //增加owner条件 - toSelectDataTitles.add("owner"); - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); - for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 - filteredDataTitleMapList.add(map); - }else{//owner有值 - //本条数据的owner 值为hr系统某个用户的key - String ownerValue = map.get("owner").toString(); - ownerValue = "owner:"+ownerValue; - /*要判断本条数据的ownerValue是否在targetOrgOrPerson之内 - * 1.获取ownerValue的maindeparment(主部门), - * 2.从1获取到的主部门id向上查询到所有祖先部门数组, - * 3.查看targetOrgOrPerson是否在2查询到的数组中 - * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 - * */ - Boolean ownerInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson - if(!ownerInOrg){ - filteredDataTitleMapList.add(map); - } - } - } - dataTitleMapList = filteredDataTitleMapList; - }else{//返回所有数据标题 - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 - } /*for(TreeMap item : dataTitleMapList){ System.out.println(item); }*/ - }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 - if(leftArr[0].equals("roleid")){ - }else if(leftArr[0].equals("formField")){ - - }else{//不应该存在的东西 - logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 - - } - - } catch (Exception e) { - e.printStackTrace(); - logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(right.equals("数据所属部门")){ - try { - // 可能抛出异常的代码 - String[] leftArr = left.split(":"); - if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 - String targetOrgOrPerson = leftArr[1]; - - - List> filteredDataTitleMapList = new ArrayList<>(); - //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 - boolean org = fieldRecordMapper.checkFieldExists(asfFormName, "org"); - boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); - if(owner){//有owner字段 也就是数据拥有者 - //增加owner条件 - toSelectDataTitles.add("owner"); - } - if(org){//有org字段 也就是数据所属部门 - //增加org条件 - toSelectDataTitles.add("org"); - - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); - for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 - filteredDataTitleMapList.add(map); - }else{//org有值 - //本条数据的org 值为hr系统orgcont表的id - String orgValue = map.get("org").toString(); - orgValue = "org:"+orgValue; - /*要判断本条数据的orgValue是否在targetOrgOrPerson之内 - * - * 1.orgValue向上查询到所有祖先部门数组,数组中也要加入orgValue - * 2.查看targetOrgOrPerson是否在1查询到的数组中 - * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 - * */ - Boolean orgInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson - if(!orgInOrg){ - filteredDataTitleMapList.add(map); + }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 + //System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles); + //dataTitleMapList = handleLeftArrLength3(right, operator, left, toSelectDataTitles); + if(leftArr[0].equals("roleid")){ + //System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles); + String targetRoleId = leftArr[2];// 条件示例: 高管包含数据拥有者 + //查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + List> filteredDataTitleMapList = new ArrayList<>(); + for(TreeMap item : dataTitleMapList){ + ManCont manCont = userService.getManContByKey(item.get("owner").toString()); + String currentRoleStr = manCont.getRole(); + if(!StringUtils.isBlank(currentRoleStr)){ + String[] currentRoleArr = currentRoleStr.split(","); + for(String roleItem : currentRoleArr){ + if(roleItem.equals(targetRoleId)){ + filteredDataTitleMapList.add(item); + break; + } + } } } - } - dataTitleMapList = filteredDataTitleMapList; + dataTitleMapList = filteredDataTitleMapList; - }else{//返回所有数据标题 - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 - } - /*for(TreeMap item : dataTitleMapList){ - System.out.println(item); - }*/ - }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 - if(leftArr[0].equals("roleid")){ - }else if(leftArr[0].equals("formField")){ - }else{//不应该存在的东西 - logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + }else if(leftArr[0].equals("formField")){ + dataTitleMapList = new ArrayList<>(); + }else{//不应该存在的东西 + logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 dataTitleMapList = new ArrayList<>(); } - }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 + } catch (Exception e) { + e.printStackTrace(); + logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); } - } catch (Exception e) { - e.printStackTrace(); - logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else{//无法处理的情况,直接返回全部数据标题 - logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else{// == != > < 等符号的情况 - if(right.equals("数据拥有者")){ - if(operator.equals("==")){ + }else if(right.equals("数据所属部门")){ try { // 可能抛出异常的代码 String[] leftArr = left.split(":"); - if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部不包含数据拥有者 + if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 String targetOrgOrPerson = leftArr[1]; List> filteredDataTitleMapList = new ArrayList<>(); //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 + boolean org = fieldRecordMapper.checkFieldExists(asfFormName, "org"); boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); if(owner){//有owner字段 也就是数据拥有者 //增加owner条件 toSelectDataTitles.add("owner"); + } + if(org){//有org字段 也就是数据所属部门 + //增加org条件 + toSelectDataTitles.add("org"); + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 + if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 //filteredDataTitleMapList.add(map); - }else{//owner有值 - //本条数据的owner 值为hr系统某个用户的key - String ownerValue = map.get("owner").toString(); - ownerValue = "owner:"+ownerValue; - /*要判断本条数据的ownerValue是否在targetOrgOrPerson之内 - * 1.获取ownerValue的maindeparment(主部门), - * 2.从1获取到的主部门id向上查询到所有祖先部门数组, - * 3.查看targetOrgOrPerson是否在2查询到的数组中 + }else{//org有值 + //本条数据的org 值为hr系统orgcont表的id + String orgValue = map.get("org").toString(); + orgValue = "org:"+orgValue; + /*要判断本条数据的orgValue是否在targetOrgOrPerson之内 + * + * 1.orgValue向上查询到所有祖先部门数组,数组中也要加入orgValue + * 2.查看targetOrgOrPerson是否在1查询到的数组中 * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 * */ - Boolean ownerIsTarget = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson - if(ownerIsTarget){ + Boolean orgInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson + if(orgInOrg){ filteredDataTitleMapList.add(map); } } @@ -992,27 +825,113 @@ public class CustomerFormServiceImpl implements CustomerFormService { }else{//返回所有数据标题 dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 } - /*for(TreeMap item : dataTitleMapList){ - System.out.println(item); - }*/ + /*for(TreeMap item : dataTitleMapList){ + System.out.println(item); + }*/ }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 if(leftArr[0].equals("roleid")){ - }else if(leftArr[0].equals("formField")){ + logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + }else if(leftArr[0].equals("formField")){ + dataTitleMapList = new ArrayList<>(); }else{//不应该存在的东西 logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); } }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 - + dataTitleMapList = new ArrayList<>(); } - } catch (Exception e) { e.printStackTrace(); logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); } - }else if(operator.equals("!=")){ + }else{//模糊查询 + //logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + //dataTitleMapList = new ArrayList<>(); + + String[] leftArr = left.split(":"); + String leftValue = leftArr[leftArr.length-1];//字段名 + String masterFormName = "";//关联关联表单的表单名 + boolean isChildTable = false;//条件是否是子表字段 + String tableName = "";//子表名 + boolean isMaster = false;//条件字段是否来自关联关联表单的表单 + + String conditionFormName = customerFormViewMapper.getTableNameByCfid(leftArr[1]).getTablekey(); + + if(leftArr.length==3){//条件不涉及子表字段 + + }else if(leftArr.length==4){//条件涉及到子表字段 + isChildTable = true; + tableName = leftArr[2]; + }else{ + dataTitleMapList = new ArrayList<>(); + } + + if(asfFormName.equals(conditionFormName)){//left条件的表单字段属于被关联的表单 + + }else{//left条件的表单字段属于关联关联表单的表单 + isMaster = true; + masterFormName = conditionFormName; + } + + + + if(leftArr[0] == "roleid"){//不允许角色权限自定义输入条件 + dataTitleMapList = new ArrayList<>(); + }else{ + if(leftArr[0].equals("formField")){//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + + + if(isChildTable){//条件涉及到子表字段 + if(isMaster){//条件字段来自关联关联表单的表单 master 目前为止不知道应该有什么效果,暂时返回空数据标题列表 + dataTitleMapList = new ArrayList<>(); + }else{//asf + String parent = ""; + String child = ""; + parent = asfFormName; + child = tableName; + String whereConditionValue = right; + String whereConditionField = leftValue; + operator = "like"; + whereConditionValue = "'%"+whereConditionValue+"%'"; + dataTitleMapList = getDataTitlesWithWhere_Master_IsTable(parent,toSelectDataTitles,child,whereConditionField,operator,whereConditionValue); + System.out.println(dataTitleMapList); + } + + }else{//条件不涉及到子表字段 + if(isMaster){//条件字段来自关联关联表单的表单 master + //System.out.println(masterOnField); + //System.out.println(masterFormName); + //System.out.println(asfFormName); + //System.out.println(operator); + String whereConditionValue = right; + String whereConditionField = leftValue; + operator = "like"; + whereConditionValue = "'%"+whereConditionValue+"%'"; + dataTitleMapList = getDataTitlesWithWhere_Master_NotTable(asfFormName,toSelectDataTitles,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);//根据where条件查询数据标题 + + + }else{ + operator = "like"; + right = "'%"+right+"%'"; + dataTitleMapList = getDataTitlesWithWhere_Asf_NotTable(asfFormName,toSelectDataTitles,operator,right,leftValue);//根据where条件查询数据标题 + + } + } + + + + + }else{//不支持的条件 + dataTitleMapList = new ArrayList<>(); + } + + } + } + }else if(operator.equals("不包含")){ + if(right.equals("数据拥有者")){ try { // 可能抛出异常的代码 String[] leftArr = left.split(":"); @@ -1028,7 +947,7 @@ public class CustomerFormServiceImpl implements CustomerFormService { toSelectDataTitles.add("owner"); dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 + if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 filteredDataTitleMapList.add(map); }else{//owner有值 //本条数据的owner 值为hr系统某个用户的key @@ -1040,8 +959,8 @@ public class CustomerFormServiceImpl implements CustomerFormService { * 3.查看targetOrgOrPerson是否在2查询到的数组中 * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 * */ - Boolean ownerIsTarget = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson - if(!ownerIsTarget){ + Boolean ownerInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson + if(!ownerInOrg){ filteredDataTitleMapList.add(map); } } @@ -1051,19 +970,43 @@ public class CustomerFormServiceImpl implements CustomerFormService { }else{//返回所有数据标题 dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 } - /*for(TreeMap item : dataTitleMapList){ - System.out.println(item); - }*/ + /*for(TreeMap item : dataTitleMapList){ + System.out.println(item); + }*/ }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 if(leftArr[0].equals("roleid")){ + //System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles); + String targetRoleId = leftArr[2];// 条件示例: 高管不包含数据拥有者 + //查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + List> filteredDataTitleMapList = new ArrayList<>(); + for(TreeMap item : dataTitleMapList){ + ManCont manCont = userService.getManContByKey(item.get("owner").toString()); + String currentRoleStr = manCont.getRole(); + if(!StringUtils.isBlank(currentRoleStr)){ + String[] currentRoleArr = currentRoleStr.split(","); + int count = 0; + for(String roleItem : currentRoleArr){ + if(roleItem.equals(targetRoleId)){ + //filteredDataTitleMapList.add(item); + count++; + break; + } + } + if(count==0){ + filteredDataTitleMapList.add(item); + } + } + } + dataTitleMapList = filteredDataTitleMapList; }else if(leftArr[0].equals("formField")){ - + dataTitleMapList = new ArrayList<>(); }else{//不应该存在的东西 logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); } }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 - + dataTitleMapList = new ArrayList<>(); } } catch (Exception e) { @@ -1071,12 +1014,7 @@ public class CustomerFormServiceImpl implements CustomerFormService { logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); } - }else{//无法处理的情况,直接返回全部数据标题 - logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else if(right.equals("数据所属部门")){ - if(operator.equals("==")){ + }else if(right.equals("数据所属部门")){ try { // 可能抛出异常的代码 String[] leftArr = left.split(":"); @@ -1099,7 +1037,7 @@ public class CustomerFormServiceImpl implements CustomerFormService { dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); for(TreeMap map :dataTitleMapList){ if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 - //filteredDataTitleMapList.add(map); + filteredDataTitleMapList.add(map); }else{//org有值 //本条数据的org 值为hr系统orgcont表的id String orgValue = map.get("org").toString(); @@ -1110,8 +1048,8 @@ public class CustomerFormServiceImpl implements CustomerFormService { * 2.查看targetOrgOrPerson是否在1查询到的数组中 * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 * */ - Boolean orgEqualsOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson - if(orgEqualsOrg){ + Boolean orgInOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson + if(!orgInOrg){ filteredDataTitleMapList.add(map); } } @@ -1121,107 +1059,452 @@ public class CustomerFormServiceImpl implements CustomerFormService { }else{//返回所有数据标题 dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 } - /*for(TreeMap item : dataTitleMapList){ - System.out.println(item); - }*/ + /*for(TreeMap item : dataTitleMapList){ + System.out.println(item); + }*/ }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 if(leftArr[0].equals("roleid")){ + logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); }else if(leftArr[0].equals("formField")){ - + dataTitleMapList = new ArrayList<>(); }else{//不应该存在的东西 logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); } }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 - + dataTitleMapList = new ArrayList<>(); } } catch (Exception e) { e.printStackTrace(); logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); } - }else if(operator.equals("!=")){ - try { - // 可能抛出异常的代码 - String[] leftArr = left.split(":"); - if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 - String targetOrgOrPerson = leftArr[1]; - + }else{//无法处理的情况,直接返回全部数据标题 + logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else{// == != > < 等符号的情况 + if(right.equals("数据拥有者")){ + if(operator.equals("==")){ + try { + // 可能抛出异常的代码 + String[] leftArr = left.split(":"); + if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部不包含数据拥有者 + String targetOrgOrPerson = leftArr[1]; + + + List> filteredDataTitleMapList = new ArrayList<>(); + //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 + boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); + if(owner){//有owner字段 也就是数据拥有者 + //增加owner条件 + toSelectDataTitles.add("owner"); + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); + for(TreeMap map :dataTitleMapList){ + if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 + //filteredDataTitleMapList.add(map); + }else{//owner有值 + //本条数据的owner 值为hr系统某个用户的key + String ownerValue = map.get("owner").toString(); + ownerValue = "owner:"+ownerValue; + /*要判断本条数据的ownerValue是否在targetOrgOrPerson之内 + * 1.获取ownerValue的maindeparment(主部门), + * 2.从1获取到的主部门id向上查询到所有祖先部门数组, + * 3.查看targetOrgOrPerson是否在2查询到的数组中 + * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 + * */ + Boolean ownerIsTarget = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson + if(ownerIsTarget){ + filteredDataTitleMapList.add(map); + } + } + } + dataTitleMapList = filteredDataTitleMapList; - List> filteredDataTitleMapList = new ArrayList<>(); - //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 - boolean org = fieldRecordMapper.checkFieldExists(asfFormName, "org"); - boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); - if(owner){//有owner字段 也就是数据拥有者 - //增加owner条件 - toSelectDataTitles.add("owner"); + }else{//返回所有数据标题 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + } + /*for(TreeMap item : dataTitleMapList){ + System.out.println(item); + }*/ + }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 + if(leftArr[0].equals("roleid")){ + //System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles); + String targetRoleId = leftArr[2];// 条件示例: 高管==数据拥有者 + //查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + List> filteredDataTitleMapList = new ArrayList<>(); + for(TreeMap item : dataTitleMapList){ + ManCont manCont = userService.getManContByKey(item.get("owner").toString()); + String currentRoleStr = manCont.getRole(); + if(!StringUtils.isBlank(currentRoleStr)){ + String[] currentRoleArr = currentRoleStr.split(","); + for(String roleItem : currentRoleArr){ + if(roleItem.equals(targetRoleId)){ + filteredDataTitleMapList.add(item); + break; + } + } + } + } + dataTitleMapList = filteredDataTitleMapList; + }else if(leftArr[0].equals("formField")){ + dataTitleMapList = new ArrayList<>(); + }else{//不应该存在的东西 + logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 + dataTitleMapList = new ArrayList<>(); } - if(org){//有org字段 也就是数据所属部门 - //增加org条件 - toSelectDataTitles.add("org"); - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); - for(TreeMap map :dataTitleMapList){ - if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 - //filteredDataTitleMapList.add(map); - }else{//org有值 - //本条数据的org 值为hr系统orgcont表的id - String orgValue = map.get("org").toString(); - orgValue = "org:"+orgValue; - /*要判断本条数据的orgValue是否在targetOrgOrPerson之内 - * - * 1.orgValue向上查询到所有祖先部门数组,数组中也要加入orgValue - * 2.查看targetOrgOrPerson是否在1查询到的数组中 - * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 - * */ - Boolean orgEqualsOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson - if(!orgEqualsOrg){ + } catch (Exception e) { + e.printStackTrace(); + logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(operator.equals("!=")){ + try { + // 可能抛出异常的代码 + String[] leftArr = left.split(":"); + if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部不包含数据拥有者 + String targetOrgOrPerson = leftArr[1]; + + + List> filteredDataTitleMapList = new ArrayList<>(); + //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 + boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); + if(owner){//有owner字段 也就是数据拥有者 + //增加owner条件 + toSelectDataTitles.add("owner"); + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); + for(TreeMap map :dataTitleMapList){ + if(StringUtils.isBlank(map.get("owner").toString())){//本条数据owner为空 filteredDataTitleMapList.add(map); + }else{//owner有值 + //本条数据的owner 值为hr系统某个用户的key + String ownerValue = map.get("owner").toString(); + ownerValue = "owner:"+ownerValue; + /*要判断本条数据的ownerValue是否在targetOrgOrPerson之内 + * 1.获取ownerValue的maindeparment(主部门), + * 2.从1获取到的主部门id向上查询到所有祖先部门数组, + * 3.查看targetOrgOrPerson是否在2查询到的数组中 + * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 + * */ + Boolean ownerIsTarget = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, ownerValue);//有效参数: targetOrgOrPerson + if(!ownerIsTarget){ + filteredDataTitleMapList.add(map); + } } } + dataTitleMapList = filteredDataTitleMapList; + + }else{//返回所有数据标题 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 } - dataTitleMapList = filteredDataTitleMapList; + /*for(TreeMap item : dataTitleMapList){ + System.out.println(item); + }*/ + }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 + if(leftArr[0].equals("roleid")){ + //System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles); + String targetRoleId = leftArr[2];// 条件示例: 高管!=数据拥有者 + //查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + List> filteredDataTitleMapList = new ArrayList<>(); + for(TreeMap item : dataTitleMapList){ + ManCont manCont = userService.getManContByKey(item.get("owner").toString()); + String currentRoleStr = manCont.getRole(); + if(!StringUtils.isBlank(currentRoleStr)){ + String[] currentRoleArr = currentRoleStr.split(","); + int count = 0; + for(String roleItem : currentRoleArr){ + if(roleItem.equals(targetRoleId)){ + //filteredDataTitleMapList.add(item); + count++; + break; + } + } + if(count==0){ + filteredDataTitleMapList.add(item); + } + } + } + dataTitleMapList = filteredDataTitleMapList; + }else if(leftArr[0].equals("formField")){ + dataTitleMapList = new ArrayList<>(); + }else{//不应该存在的东西 + logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 + dataTitleMapList = new ArrayList<>(); + } - }else{//返回所有数据标题 - dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + } catch (Exception e) { + e.printStackTrace(); + logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else{//无法处理的情况,直接返回全部数据标题 + logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(right.equals("数据所属部门")){ + if(operator.equals("==")){ + try { + // 可能抛出异常的代码 + String[] leftArr = left.split(":"); + if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 + String targetOrgOrPerson = leftArr[1]; + + + List> filteredDataTitleMapList = new ArrayList<>(); + //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 + boolean org = fieldRecordMapper.checkFieldExists(asfFormName, "org"); + boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); + if(owner){//有owner字段 也就是数据拥有者 + //增加owner条件 + toSelectDataTitles.add("owner"); + } + if(org){//有org字段 也就是数据所属部门 + //增加org条件 + toSelectDataTitles.add("org"); + + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); + for(TreeMap map :dataTitleMapList){ + if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 + //filteredDataTitleMapList.add(map); + }else{//org有值 + //本条数据的org 值为hr系统orgcont表的id + String orgValue = map.get("org").toString(); + orgValue = "org:"+orgValue; + /*要判断本条数据的orgValue是否在targetOrgOrPerson之内 + * + * 1.orgValue向上查询到所有祖先部门数组,数组中也要加入orgValue + * 2.查看targetOrgOrPerson是否在1查询到的数组中 + * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 + * */ + Boolean orgEqualsOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson + if(orgEqualsOrg){ + filteredDataTitleMapList.add(map); + } + } + } + dataTitleMapList = filteredDataTitleMapList; + + }else{//返回所有数据标题 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + } + /*for(TreeMap item : dataTitleMapList){ + System.out.println(item); + }*/ + }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 + if(leftArr[0].equals("roleid")){ + logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + }else if(leftArr[0].equals("formField")){ + dataTitleMapList = new ArrayList<>(); + }else{//不应该存在的东西 + logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 + dataTitleMapList = new ArrayList<>(); } + } catch (Exception e) { + e.printStackTrace(); + logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(operator.equals("!=")){ + try { + // 可能抛出异常的代码 + String[] leftArr = left.split(":"); + if(leftArr.length==2){//orgOrPerson:102 组织机构条件 例:企管部包含数据拥有者 + String targetOrgOrPerson = leftArr[1]; + + + List> filteredDataTitleMapList = new ArrayList<>(); + //此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤 + boolean org = fieldRecordMapper.checkFieldExists(asfFormName, "org"); + boolean owner = fieldRecordMapper.checkFieldExists(asfFormName, "owner"); + if(owner){//有owner字段 也就是数据拥有者 + //增加owner条件 + toSelectDataTitles.add("owner"); + } + if(org){//有org字段 也就是数据所属部门 + //增加org条件 + toSelectDataTitles.add("org"); + + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles); + for(TreeMap map :dataTitleMapList){ + if(StringUtils.isBlank(map.get("org").toString())){//本条数据owner为空 + //filteredDataTitleMapList.add(map); + }else{//org有值 + //本条数据的org 值为hr系统orgcont表的id + String orgValue = map.get("org").toString(); + orgValue = "org:"+orgValue; + /*要判断本条数据的orgValue是否在targetOrgOrPerson之内 + * + * 1.orgValue向上查询到所有祖先部门数组,数组中也要加入orgValue + * 2.查看targetOrgOrPerson是否在1查询到的数组中 + * 故此处应该调用 queryIfOrgOrPersonContainsCurrentUser方法 + * */ + Boolean orgEqualsOrg = queryIfOrgOrPersonContainsCurrentUser( key, token, targetOrgOrPerson, operator, orgValue);//有效参数: targetOrgOrPerson + if(!orgEqualsOrg){ + filteredDataTitleMapList.add(map); + } + } + } + dataTitleMapList = filteredDataTitleMapList; + + }else{//返回所有数据标题 + dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题 + } /*for(TreeMap item : dataTitleMapList){ System.out.println(item); }*/ - }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 - if(leftArr[0].equals("roleid")){ - }else if(leftArr[0].equals("formField")){ + }else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件 + if(leftArr[0].equals("roleid")){ + logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + }else if(leftArr[0].equals("formField")){ + dataTitleMapList = new ArrayList<>(); + }else{//不应该存在的东西 + + logger.error("数据范围条件查询出现不应该出现的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 + dataTitleMapList = new ArrayList<>(); + } + } catch (Exception e) { + e.printStackTrace(); + logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else{//无法处理的情况,直接返回全部数据标题 + logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); + dataTitleMapList = new ArrayList<>(); + } + }else{//这边对于数字的情况>,>=,<,<=是生效的,文字的情况则不生效,==和!=条件必定生效 + try { + if(operator.equals("==")){ + operator = "="; + } + //System.out.println(right+"----"+operator+"----"+left); + boolean isNumberRic = isNumeric(right);//输入的条件是否能转化成数字 + String[] leftArr = left.split(":"); + String leftValue = leftArr[leftArr.length-1];//字段名 + String masterFormName = "";//关联关联表单的表单名 + boolean isChildTable = false;//条件是否是子表字段 + String tableName = "";//子表名 + boolean isMaster = false;//条件字段是否来自关联关联表单的表单 - }else{//不应该存在的东西 + String conditionFormName = customerFormViewMapper.getTableNameByCfid(leftArr[1]).getTablekey(); - logger.error("数据范围条件查询出现不应该出现的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); + if(leftArr.length==3){//条件不涉及子表字段 + + }else if(leftArr.length==4){//条件涉及到子表字段 + isChildTable = true; + tableName = leftArr[2]; + }else{ + dataTitleMapList = new ArrayList<>(); + } + + if(asfFormName.equals(conditionFormName)){//left条件的表单字段属于被关联的表单 + + }else{//left条件的表单字段属于关联关联表单的表单 + isMaster = true; + masterFormName = conditionFormName; + } + + + + + if(isNumberRic){//可以转换成数字 + if(isChildTable){//条件涉及到子表字段 + if(isMaster){//条件字段来自关联关联表单的表单 master 目前为止不知道应该有什么效果,暂时返回空数据标题列表 + dataTitleMapList = new ArrayList<>(); + }else{//asf + String parent = ""; + String child = ""; + parent = asfFormName; + child = tableName; + String whereConditionValue = right; + String whereConditionField = leftValue; + dataTitleMapList = getDataTitlesWithWhere_Master_IsTable(parent,toSelectDataTitles,child,whereConditionField,operator,whereConditionValue); + System.out.println(dataTitleMapList); + } + + }else{//条件不涉及到子表字段 + if(isMaster){//条件字段来自关联关联表单的表单 master + //System.out.println(masterOnField); + //System.out.println(masterFormName); + //System.out.println(asfFormName); + //System.out.println(operator); + String whereConditionValue = right; + String whereConditionField = leftValue; + dataTitleMapList = getDataTitlesWithWhere_Master_NotTable(asfFormName,toSelectDataTitles,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);//根据where条件查询数据标题 + + + }else{ + dataTitleMapList = getDataTitlesWithWhere_Asf_NotTable(asfFormName,toSelectDataTitles,operator,right,leftValue);//根据where条件查询数据标题 + + } } - }else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件 + }else{ + System.out.println("非数字条件_"+right); + right = "'"+right+"'"; + if(operator.equals(">")||operator.equals(">=")||operator.equals("<")||operator.equals("<=")){//非数字条件时,对于这些符号无法处理,返回空数据标题列表 + dataTitleMapList = new ArrayList<>(); + }else{// == != 的情况 + if(isChildTable){//条件涉及到子表字段 + if(isMaster){//条件字段来自关联关联表单的表单 master 目前为止不知道应该有什么效果,暂时返回空数据标题列表 + dataTitleMapList = new ArrayList<>(); + }else{//asf + String parent = ""; + String child = ""; + parent = asfFormName; + child = tableName; + String whereConditionValue = right; + String whereConditionField = leftValue; + dataTitleMapList = getDataTitlesWithWhere_Master_IsTable(parent,toSelectDataTitles,child,whereConditionField,operator,whereConditionValue); + System.out.println(dataTitleMapList); + } + + }else{//条件不涉及到子表字段 + if(isMaster){//条件字段来自关联关联表单的表单 master + //System.out.println(masterOnField); + //System.out.println(masterFormName); + //System.out.println(asfFormName); + //System.out.println(operator); + String whereConditionValue = right; + String whereConditionField = leftValue; + dataTitleMapList = getDataTitlesWithWhere_Master_NotTable(asfFormName,toSelectDataTitles,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);//根据where条件查询数据标题 + + + }else{ + dataTitleMapList = getDataTitlesWithWhere_Asf_NotTable(asfFormName,toSelectDataTitles,operator,right,leftValue);//根据where条件查询数据标题 + + } + } + } } } catch (Exception e) { e.printStackTrace(); logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); dataTitleMapList = new ArrayList<>(); - } - }else{//无法处理的情况,直接返回全部数据标题 - logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); - } - }else{//这边对于数字的情况>,>=,<,<=是生效的,文字的情况则不生效,==和!=条件必定生效 - try { - System.out.println(right+"----"+operator+"----"+left); - - - } catch (Exception e) { - e.printStackTrace(); - logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList); - dataTitleMapList = new ArrayList<>(); + } } } } + + } } @@ -1272,6 +1555,45 @@ public class CustomerFormServiceImpl implements CustomerFormService { return toReturnSortedDataTitleList; } + + + public static boolean isNumeric(String str) { + try { + Double.parseDouble(str); + return true; + } catch (NumberFormatException e) { + return false; + } + } + + + public static boolean containsDangerousWords(String str) { + Set dangerousWords = new HashSet<>(); + dangerousWords.add("drop"); + dangerousWords.add("table"); + dangerousWords.add("where"); + dangerousWords.add("select"); + dangerousWords.add("insert"); + dangerousWords.add("update"); + dangerousWords.add("delete"); + dangerousWords.add("and"); + dangerousWords.add("or"); + dangerousWords.add("union"); + dangerousWords.add("order by"); + dangerousWords.add("group by"); + dangerousWords.add("having"); + dangerousWords.add("exec"); + dangerousWords.add("execute"); + + String[] words = str.split(" "); + for (String word : words) { + if (dangerousWords.contains(word.toLowerCase())) { + return true; + } + } + return false; + } + public static HashMap splitString(String str) { List operators = Arrays.asList("==", ">", ">=", "<", "<=", "!=", "不包含", "包含"); for (String operator : operators) { @@ -1297,6 +1619,46 @@ public class CustomerFormServiceImpl implements CustomerFormService { processDataTitles(dataTitles); return dataTitles; } + private List> getDataTitlesWithWhere_Asf_NotTable(String asfFormName,ArrayList toSelectDataTitles,String operator,String whereCondition,String leftValue){ + List> newDataTitles = new ArrayList<>(); + List> dataTitles = fieldRecordMapper.getDataTitlesWithWhere_Asf_NotTable(asfFormName, toSelectDataTitles,operator,whereCondition,leftValue); + //没有owner的,creater的key改为owner,有owner但owner为空的,creater的value给owner + //没有org的 + processDataTitles(dataTitles); + return dataTitles; + } + private List> getDataTitlesWithWhere_Master_NotTable(String asfFormName,ArrayList toSelectDataTitles, String masterFormName, String masterOnField, String whereConditionField, String operator, String whereConditionValue) { + ArrayList toSelectDataTitles1 = new ArrayList<>(); + for(String item : toSelectDataTitles){ + String a = "asf."+item; + toSelectDataTitles1.add(a); + } + List> newDataTitles = new ArrayList<>(); + List> dataTitles = fieldRecordMapper.getDataTitlesWithWhere_Master_NotTable(asfFormName, toSelectDataTitles1,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue); + //没有owner的,creater的key改为owner,有owner但owner为空的,creater的value给owner + //没有org的 + processDataTitles(dataTitles); + return dataTitles; + + }// + + private List> getDataTitlesWithWhere_Master_IsTable(String parent,ArrayList toSelectDataTitles, String child, String whereConditionField, String operator, String whereConditionValue) { + ArrayList toSelectDataTitles1 = new ArrayList<>(); + for(String item : toSelectDataTitles){ + String a = "parent."+item; + toSelectDataTitles1.add(a); + } + List> newDataTitles = new ArrayList<>(); + List> dataTitles = fieldRecordMapper.getDataTitlesWithWhere_Master_IsTable(parent, toSelectDataTitles1,child,whereConditionField,operator,whereConditionValue); + //没有owner的,creater的key改为owner,有owner但owner为空的,creater的value给owner + //没有org的 + processDataTitles(dataTitles); + return dataTitles; + + } + + + public void processDataTitles(List> dataTitles) { for (TreeMap map : dataTitles) { diff --git a/src/main/resources/mapper/FieldRecordMapper.xml b/src/main/resources/mapper/FieldRecordMapper.xml index a3a5a57..85df6ea 100644 --- a/src/main/resources/mapper/FieldRecordMapper.xml +++ b/src/main/resources/mapper/FieldRecordMapper.xml @@ -47,4 +47,64 @@ END AS existsFlag + + + + + + + + + \ No newline at end of file