liwenxuan
/
lowcode
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

1.关联表单组件数据范围条件解析 

2.条件解析防sql注入
lwx_v1
liwenxuan 1 year ago
parent
17927228e4
commit
5925cc31b5
6 changed files with 800 additions and 351 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java
  2. 12
      src/main/java/com/hxgk/lowcode/mapper/FieldRecordMapper.java
  3. 15
      src/main/java/com/hxgk/lowcode/model/entity/UserDetail.java
  4. 2
      src/main/java/com/hxgk/lowcode/service/CustomerFormService.java
  5. 414
      src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java
  6. 60
      src/main/resources/mapper/FieldRecordMapper.xml

4
src/main/java/com/hxgk/lowcode/controller/AssociatedFormsController.java
View File

@ -123,8 +123,8 @@ public class AssociatedFormsController {
String rangeString = requestBody.get("rangeString");
String hideFormula = requestBody.get("hideFormula");
String hideString = requestBody.get("hideString");
ArrayList<CustomerFormTableSingleFieldValue> dataTitles = customerFormService.getAsfDataTitles(key,token,formId,dataTitle,rangeFormula,rangeString,hideFormula,hideString);
String masterOnField = requestBody.get("masterOnField");
ArrayList<CustomerFormTableSingleFieldValue> dataTitles = customerFormService.getAsfDataTitles(key,token,formId,dataTitle,rangeFormula,rangeString,hideFormula,hideString,masterOnField);
return JsonData.buildSuccess(dataTitles);

12
src/main/java/com/hxgk/lowcode/mapper/FieldRecordMapper.java
View File

@ -22,4 +22,16 @@ public interface FieldRecordMapper {
// 检查表中是否包含指定字段
boolean checkFieldExists(@Param("tableName")String tableName, @Param("fieldName")String fieldName);
List<TreeMap<String, Object>> getDataTitlesWithWhere_Asf_NotTable(@Param("asfFormName") String asfFormName, @Param("fields") List<String> toSelectDataTitles,@Param("operator") String operator,@Param("whereCondition") String whereCondition,@Param("leftField") String leftField);
List<TreeMap<String, Object>> getDataTitlesWithWhere_Master_NotTable(
@Param("asfFormName") String asfFormName,@Param("fields") List<String> toSelectDataTitles, @Param("masterFormName") String masterFormName, @Param("masterOnField") String masterOnField,
@Param("whereConditionField") String whereConditionField, @Param("operator") String operator, @Param("whereConditionValue") String whereConditionValue
);
List<TreeMap<String, Object>> getDataTitlesWithWhere_Master_IsTable(
@Param("parent") String parent,@Param("fields") List<String> toSelectDataTitles, @Param("child") String child,
@Param("whereConditionField") String whereConditionField, @Param("operator") String operator, @Param("whereConditionValue") String whereConditionValue
);
}

15
src/main/java/com/hxgk/lowcode/model/entity/UserDetail.java
View File

@ -86,4 +86,19 @@ public class UserDetail {
public void setMaindeparment(Long maindeparment) {
this.maindeparment = maindeparment;
}
@Override
public String toString() {
return "UserDetail{" +
"idcardno='" + idcardno + '\'' +
", name='" + name + '\'' +
", icon='" + icon + '\'' +
", wmNumber='" + wmNumber + '\'' +
", wmKey=" + wmKey +
", adminorg=" + adminorg +
", roleId=" + roleId +
", maindeparment=" + maindeparment +
'}';
}
}

2
src/main/java/com/hxgk/lowcode/service/CustomerFormService.java
View File

@ -16,7 +16,7 @@ public interface CustomerFormService {
ArrayList<CustomerFormTableSingleFieldValue> getFieldRecord(String key, String token, String[] optionsValue3FieldArray);
ArrayList<CustomerFormTableSingleFieldValue> getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString);
ArrayList<CustomerFormTableSingleFieldValue> getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString,String masterOnField);
ArrayList<CustomerFormTableSingleFieldValue> getAsfDataTitlesByIds(String AsfFormId,ArrayList<HashMap<String,String>> ids);
Boolean queryIfOrgOrPersonContainsCurrentUser(String key, String token, String targetOrgOrPerson, String condition, String currentUser);

414
src/main/java/com/hxgk/lowcode/service/impl/CustomerFormServiceImpl.java
View File

@ -643,7 +643,7 @@ public class CustomerFormServiceImpl implements CustomerFormService {
关联表单组件下拉数据标题选项获取(所有)
*/
@Override
public ArrayList<CustomerFormTableSingleFieldValue> getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString) {
public ArrayList<CustomerFormTableSingleFieldValue> getAsfDataTitles(String key, String token,String formId, String dataTitle,String rangeFormula, String rangeString, String hideFormula, String hideString,String masterOnField) {
//关联表单的id
String AsfFormId = formId;
//根据formId(cfid)查询关联表单表名
@ -682,7 +682,17 @@ public class CustomerFormServiceImpl implements CustomerFormService {
String operator = leftOperatorsAndRight.get("operator");
//System.out.println(operator);
String right = leftOperatorsAndRight.get("right");
//System.out.println(right);
if(containsDangerousWords(right)){//有sql注入的风险的输入 记录操作人key 时间,和输入的right条件 用来追究法律责任.
//获取用户信息 从redis中根据userkey和usertoken拿到userdetail
Map<String,String> keytokenmap = new HashMap<>();
keytokenmap.put("userkey",key);
keytokenmap.put("usertoken",token);
UserDetail userDetail = userService.getUserDetailFromRedis(keytokenmap);
logger.error("用户进行了SQL注入攻击:key--"+userDetail.getWmKey()+"姓名--"+userDetail.getName()+"输入的条件"+rangeFormula);
dataTitleMapList = new ArrayList<>();//直接返回空数据标题列表
}else{
if(operator.equals("包含")){
if(right.equals("数据拥有者")){
//此时条件为数据拥有者owner需判断关联表单是否含有owner字段,若不存在,则不过滤
@ -734,20 +744,35 @@ public class CustomerFormServiceImpl implements CustomerFormService {
//System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);
//dataTitleMapList = handleLeftArrLength3(right, operator, left, toSelectDataTitles);
if(leftArr[0].equals("roleid")){
System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);//高管包含数据拥有者
String roleId = leftArr[2];
/*
//System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);
String targetRoleId = leftArr[2];// 条件示例: 高管包含数据拥有者
//查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色
dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题
List<TreeMap<String, Object>> filteredDataTitleMapList = new ArrayList<>();
for(TreeMap<String, Object> item : dataTitleMapList){
ManCont manCont = userService.getManContByKey(item.get("owner").toString());
String currentRoleStr = manCont.getRole();
if(!StringUtils.isBlank(currentRoleStr)){
String[] currentRoleArr = currentRoleStr.split(",");
for(String roleItem : currentRoleArr){
if(roleItem.equals(targetRoleId)){
filteredDataTitleMapList.add(item);
break;
}
}
}
}
dataTitleMapList = filteredDataTitleMapList;
* */
//查出
}else if(leftArr[0].equals("formField")){
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
@ -805,24 +830,106 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
}else if(leftArr[0].equals("formField")){
logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
e.printStackTrace();
logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else{//无法处理的情况,直接返回全部数据标题
logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
}else{//模糊查询
//logger.error("数据范围条件查询出现无法处理的情况---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
//dataTitleMapList = new ArrayList<>();
String[] leftArr = left.split(":");
String leftValue = leftArr[leftArr.length-1];//字段名
String masterFormName = "";//关联关联表单的表单名
boolean isChildTable = false;//条件是否是子表字段
String tableName = "";//子表名
boolean isMaster = false;//条件字段是否来自关联关联表单的表单
String conditionFormName = customerFormViewMapper.getTableNameByCfid(leftArr[1]).getTablekey();
if(leftArr.length==3){//条件不涉及子表字段
}else if(leftArr.length==4){//条件涉及到子表字段
isChildTable = true;
tableName = leftArr[2];
}else{
dataTitleMapList = new ArrayList<>();
}
if(asfFormName.equals(conditionFormName)){//left条件的表单字段属于被关联的表单
}else{//left条件的表单字段属于关联关联表单的表单
isMaster = true;
masterFormName = conditionFormName;
}
if(leftArr[0] == "roleid"){//不允许角色权限自定义输入条件
dataTitleMapList = new ArrayList<>();
}else{
if(leftArr[0].equals("formField")){//!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
if(isChildTable){//条件涉及到子表字段
if(isMaster){//条件字段来自关联关联表单的表单 master 目前为止不知道应该有什么效果,暂时返回空数据标题列表
dataTitleMapList = new ArrayList<>();
}else{//asf
String parent = "";
String child = "";
parent = asfFormName;
child = tableName;
String whereConditionValue = right;
String whereConditionField = leftValue;
operator = "like";
whereConditionValue = "'%"+whereConditionValue+"%'";
dataTitleMapList = getDataTitlesWithWhere_Master_IsTable(parent,toSelectDataTitles,child,whereConditionField,operator,whereConditionValue);
System.out.println(dataTitleMapList);
}
}else{//条件不涉及到子表字段
if(isMaster){//条件字段来自关联关联表单的表单 master
//System.out.println(masterOnField);
//System.out.println(masterFormName);
//System.out.println(asfFormName);
//System.out.println(operator);
String whereConditionValue = right;
String whereConditionField = leftValue;
operator = "like";
whereConditionValue = "'%"+whereConditionValue+"%'";
dataTitleMapList = getDataTitlesWithWhere_Master_NotTable(asfFormName,toSelectDataTitles,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);//根据where条件查询数据标题
}else{
operator = "like";
right = "'%"+right+"%'";
dataTitleMapList = getDataTitlesWithWhere_Asf_NotTable(asfFormName,toSelectDataTitles,operator,right,leftValue);//根据where条件查询数据标题
}
}
}else{//不支持的条件
dataTitleMapList = new ArrayList<>();
}
}
}
}else if(operator.equals("不包含")){
if(right.equals("数据拥有者")){
try {
@ -868,14 +975,38 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
//System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);
String targetRoleId = leftArr[2];// 条件示例: 高管不包含数据拥有者
//查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色
dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题
List<TreeMap<String, Object>> filteredDataTitleMapList = new ArrayList<>();
for(TreeMap<String, Object> item : dataTitleMapList){
ManCont manCont = userService.getManContByKey(item.get("owner").toString());
String currentRoleStr = manCont.getRole();
if(!StringUtils.isBlank(currentRoleStr)){
String[] currentRoleArr = currentRoleStr.split(",");
int count = 0;
for(String roleItem : currentRoleArr){
if(roleItem.equals(targetRoleId)){
//filteredDataTitleMapList.add(item);
count++;
break;
}
}
if(count==0){
filteredDataTitleMapList.add(item);
}
}
}
dataTitleMapList = filteredDataTitleMapList;
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
@ -933,14 +1064,16 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
e.printStackTrace();
@ -997,14 +1130,33 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
//System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);
String targetRoleId = leftArr[2];// 条件示例: 高管==数据拥有者
//查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色
dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题
List<TreeMap<String, Object>> filteredDataTitleMapList = new ArrayList<>();
for(TreeMap<String, Object> item : dataTitleMapList){
ManCont manCont = userService.getManContByKey(item.get("owner").toString());
String currentRoleStr = manCont.getRole();
if(!StringUtils.isBlank(currentRoleStr)){
String[] currentRoleArr = currentRoleStr.split(",");
for(String roleItem : currentRoleArr){
if(roleItem.equals(targetRoleId)){
filteredDataTitleMapList.add(item);
break;
}
}
}
}
dataTitleMapList = filteredDataTitleMapList;
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
@ -1056,14 +1208,38 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
//System.out.println(right+"----"+operator+"----"+left+"----"+toSelectDataTitles);
String targetRoleId = leftArr[2];// 条件示例: 高管!=数据拥有者
//查出当前这条数据的owner的roleId数组,若该数组中有roleId,则是这个角色
dataTitleMapList = getDataTitles(asfFormName,toSelectDataTitles);//全部数据标题
List<TreeMap<String, Object>> filteredDataTitleMapList = new ArrayList<>();
for(TreeMap<String, Object> item : dataTitleMapList){
ManCont manCont = userService.getManContByKey(item.get("owner").toString());
String currentRoleStr = manCont.getRole();
if(!StringUtils.isBlank(currentRoleStr)){
String[] currentRoleArr = currentRoleStr.split(",");
int count = 0;
for(String roleItem : currentRoleArr){
if(roleItem.equals(targetRoleId)){
//filteredDataTitleMapList.add(item);
count++;
break;
}
}
if(count==0){
filteredDataTitleMapList.add(item);
}
}
}
dataTitleMapList = filteredDataTitleMapList;
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
@ -1126,14 +1302,16 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该存在的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
e.printStackTrace();
@ -1190,15 +1368,17 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}*/
}else if(leftArr.length==3){// roleid:rootid:4 formField:15:id 1.主表字段条件 2.角色权限条件
if(leftArr[0].equals("roleid")){
logger.error("数据范围条件查询出现不应该存在的条件---系统角色包含数据所属部门---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}else if(leftArr[0].equals("formField")){
dataTitleMapList = new ArrayList<>();
}else{//不应该存在的东西
logger.error("数据范围条件查询出现不应该出现的条件---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
dataTitleMapList = new ArrayList<>();
}
}else if(leftArr.length==4){// formField:44:table1722576832462:input1722576838785 子表字段条件
dataTitleMapList = new ArrayList<>();
}
} catch (Exception e) {
e.printStackTrace();
@ -1211,9 +1391,109 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}
}else{//这边对于数字的情况>,>=,<,<=是生效的,文字的情况则不生效,==和!=条件必定生效
try {
System.out.println(right+"----"+operator+"----"+left);
if(operator.equals("==")){
operator = "=";
}
//System.out.println(right+"----"+operator+"----"+left);
boolean isNumberRic = isNumeric(right);//输入的条件是否能转化成数字
String[] leftArr = left.split(":");
String leftValue = leftArr[leftArr.length-1];//字段名
String masterFormName = "";//关联关联表单的表单名
boolean isChildTable = false;//条件是否是子表字段
String tableName = "";//子表名
boolean isMaster = false;//条件字段是否来自关联关联表单的表单
String conditionFormName = customerFormViewMapper.getTableNameByCfid(leftArr[1]).getTablekey();
if(leftArr.length==3){//条件不涉及子表字段
}else if(leftArr.length==4){//条件涉及到子表字段
isChildTable = true;
tableName = leftArr[2];
}else{
dataTitleMapList = new ArrayList<>();
}
if(asfFormName.equals(conditionFormName)){//left条件的表单字段属于被关联的表单
}else{//left条件的表单字段属于关联关联表单的表单
isMaster = true;
masterFormName = conditionFormName;
}
if(isNumberRic){//可以转换成数字
if(isChildTable){//条件涉及到子表字段
if(isMaster){//条件字段来自关联关联表单的表单 master 目前为止不知道应该有什么效果,暂时返回空数据标题列表
dataTitleMapList = new ArrayList<>();
}else{//asf
String parent = "";
String child = "";
parent = asfFormName;
child = tableName;
String whereConditionValue = right;
String whereConditionField = leftValue;
dataTitleMapList = getDataTitlesWithWhere_Master_IsTable(parent,toSelectDataTitles,child,whereConditionField,operator,whereConditionValue);
System.out.println(dataTitleMapList);
}
}else{//条件不涉及到子表字段
if(isMaster){//条件字段来自关联关联表单的表单 master
//System.out.println(masterOnField);
//System.out.println(masterFormName);
//System.out.println(asfFormName);
//System.out.println(operator);
String whereConditionValue = right;
String whereConditionField = leftValue;
dataTitleMapList = getDataTitlesWithWhere_Master_NotTable(asfFormName,toSelectDataTitles,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);//根据where条件查询数据标题
}else{
dataTitleMapList = getDataTitlesWithWhere_Asf_NotTable(asfFormName,toSelectDataTitles,operator,right,leftValue);//根据where条件查询数据标题
}
}
}else{
System.out.println("非数字条件_"+right);
right = "'"+right+"'";
if(operator.equals(">")||operator.equals(">=")||operator.equals("<")||operator.equals("<=")){//非数字条件时,对于这些符号无法处理,返回空数据标题列表
dataTitleMapList = new ArrayList<>();
}else{// == != 的情况
if(isChildTable){//条件涉及到子表字段
if(isMaster){//条件字段来自关联关联表单的表单 master 目前为止不知道应该有什么效果,暂时返回空数据标题列表
dataTitleMapList = new ArrayList<>();
}else{//asf
String parent = "";
String child = "";
parent = asfFormName;
child = tableName;
String whereConditionValue = right;
String whereConditionField = leftValue;
dataTitleMapList = getDataTitlesWithWhere_Master_IsTable(parent,toSelectDataTitles,child,whereConditionField,operator,whereConditionValue);
System.out.println(dataTitleMapList);
}
}else{//条件不涉及到子表字段
if(isMaster){//条件字段来自关联关联表单的表单 master
//System.out.println(masterOnField);
//System.out.println(masterFormName);
//System.out.println(asfFormName);
//System.out.println(operator);
String whereConditionValue = right;
String whereConditionField = leftValue;
dataTitleMapList = getDataTitlesWithWhere_Master_NotTable(asfFormName,toSelectDataTitles,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);//根据where条件查询数据标题
}else{
dataTitleMapList = getDataTitlesWithWhere_Asf_NotTable(asfFormName,toSelectDataTitles,operator,right,leftValue);//根据where条件查询数据标题
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
logger.error("数据范围条件查询出现异常---返回空数据标题列表---" + leftOperatorsAndRight+"---"+dataTitleMapList);
@ -1223,6 +1503,9 @@ public class CustomerFormServiceImpl implements CustomerFormService {
}
}
}
}
}
@ -1272,6 +1555,45 @@ public class CustomerFormServiceImpl implements CustomerFormService {
return toReturnSortedDataTitleList;
}
public static boolean isNumeric(String str) {
try {
Double.parseDouble(str);
return true;
} catch (NumberFormatException e) {
return false;
}
}
public static boolean containsDangerousWords(String str) {
Set<String> dangerousWords = new HashSet<>();
dangerousWords.add("drop");
dangerousWords.add("table");
dangerousWords.add("where");
dangerousWords.add("select");
dangerousWords.add("insert");
dangerousWords.add("update");
dangerousWords.add("delete");
dangerousWords.add("and");
dangerousWords.add("or");
dangerousWords.add("union");
dangerousWords.add("order by");
dangerousWords.add("group by");
dangerousWords.add("having");
dangerousWords.add("exec");
dangerousWords.add("execute");
String[] words = str.split(" ");
for (String word : words) {
if (dangerousWords.contains(word.toLowerCase())) {
return true;
}
}
return false;
}
public static HashMap<String, String> splitString(String str) {
List<String> operators = Arrays.asList("==", ">", ">=", "<", "<=", "!=", "不包含", "包含");
for (String operator : operators) {
@ -1297,6 +1619,46 @@ public class CustomerFormServiceImpl implements CustomerFormService {
processDataTitles(dataTitles);
return dataTitles;
}
private List<TreeMap<String, Object>> getDataTitlesWithWhere_Asf_NotTable(String asfFormName,ArrayList<String> toSelectDataTitles,String operator,String whereCondition,String leftValue){
List<TreeMap<String, Object>> newDataTitles = new ArrayList<>();
List<TreeMap<String, Object>> dataTitles = fieldRecordMapper.getDataTitlesWithWhere_Asf_NotTable(asfFormName, toSelectDataTitles,operator,whereCondition,leftValue);
//没有owner的,creater的key改为owner,有owner但owner为空的,creater的value给owner
//没有org的
processDataTitles(dataTitles);
return dataTitles;
}
private List<TreeMap<String, Object>> getDataTitlesWithWhere_Master_NotTable(String asfFormName,ArrayList<String> toSelectDataTitles, String masterFormName, String masterOnField, String whereConditionField, String operator, String whereConditionValue) {
ArrayList<String> toSelectDataTitles1 = new ArrayList<>();
for(String item : toSelectDataTitles){
String a = "asf."+item;
toSelectDataTitles1.add(a);
}
List<TreeMap<String, Object>> newDataTitles = new ArrayList<>();
List<TreeMap<String, Object>> dataTitles = fieldRecordMapper.getDataTitlesWithWhere_Master_NotTable(asfFormName, toSelectDataTitles1,masterFormName,masterOnField,whereConditionField,operator,whereConditionValue);
//没有owner的,creater的key改为owner,有owner但owner为空的,creater的value给owner
//没有org的
processDataTitles(dataTitles);
return dataTitles;
}//
private List<TreeMap<String, Object>> getDataTitlesWithWhere_Master_IsTable(String parent,ArrayList<String> toSelectDataTitles, String child, String whereConditionField, String operator, String whereConditionValue) {
ArrayList<String> toSelectDataTitles1 = new ArrayList<>();
for(String item : toSelectDataTitles){
String a = "parent."+item;
toSelectDataTitles1.add(a);
}
List<TreeMap<String, Object>> newDataTitles = new ArrayList<>();
List<TreeMap<String, Object>> dataTitles = fieldRecordMapper.getDataTitlesWithWhere_Master_IsTable(parent, toSelectDataTitles1,child,whereConditionField,operator,whereConditionValue);
//没有owner的,creater的key改为owner,有owner但owner为空的,creater的value给owner
//没有org的
processDataTitles(dataTitles);
return dataTitles;
}
public void processDataTitles(List<TreeMap<String, Object>> dataTitles) {
for (TreeMap<String, Object> map : dataTitles) {

60
src/main/resources/mapper/FieldRecordMapper.xml
View File

@ -47,4 +47,64 @@
END AS existsFlag
</select>
<select id="getDataTitlesWithWhere_Asf_NotTable" resultType="java.util.TreeMap" statementType="STATEMENT">
select id as value,
<foreach collection="fields" index="index" item="item" separator="," >
${item}
</foreach>
from ${asfFormName} where states = 1
<if test="operator!= null and operator!= '' and whereCondition != null and whereCondition != '' and leftField != null and leftField != ''">
AND ${leftField} ${operator} ${whereCondition}
</if>
</select>
<select id="getDataTitlesWithWhere_Master_NotTable" resultType="java.util.TreeMap" statementType="STATEMENT">
SELECT
DISTINCT asf.id AS value,
<foreach collection="fields" index="index" item="item" separator="," >
${item}
</foreach>
from
${asfFormName} asf
left join
${masterFormName} master on
asf.id = master.${masterOnField}
where asf.states = 1 and master.states = 1
<if test="whereConditionField!= null and whereConditionField!= '' and operator != null and operator != '' and whereConditionValue != null and whereConditionValue != ''">
AND ${whereConditionField} ${operator} ${whereConditionValue}
</if>
</select>
<select id="getDataTitlesWithWhere_Master_IsTable" resultType="java.util.TreeMap" statementType="STATEMENT">
SELECT
DISTINCT parent.id AS value,
<foreach collection="fields" index="index" item="item" separator="," >
${item}
</foreach>
from
${parent} parent
left join
${child} child on
parent.masters_key = child.masters_key
where parent.states = 1 and child.states = 1
<if test="whereConditionField!= null and whereConditionField!= '' and operator != null and operator != '' and whereConditionValue != null and whereConditionValue != ''">
AND child.${whereConditionField} ${operator} ${whereConditionValue}
</if>
</select>
</mapper>
Write Preview
Loading…
Cancel
Save