漏洞

soc-api/soc-api-system/src/main/java/com/xunmei/system/api/RemoteRoleService.java

@@ -2,6 +2,7 @@ package com.xunmei.system.api;
 
 import com.xunmei.common.core.constant.SecurityConstants;
 import com.xunmei.common.core.constant.ServiceNameConstants;
+import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.vo.IdNameVo;
 import com.xunmei.system.api.Eto.RoleConditionEto;
 import com.xunmei.system.api.domain.SysRole;
@@ -31,13 +32,13 @@ public interface RemoteRoleService {
     SysRole getRoleByName(@RequestParam("name") String name, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);
 
     @GetMapping(value = "/role/selectRoleNameByUserId")
-    String selectRoleNameByUserId(@RequestParam("userId") Long userId, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);
+    R<String> selectRoleNameByUserId(@RequestParam("userId") Long userId, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);
 
     @GetMapping("/role/getNames")
     List<IdNameVo> getNames(@RequestBody RoleConditionEto condition);
 
     @GetMapping("/role/selectUserByRoleNameAndOrgId")
-    List<SysUser> selectUserByRoleNameAndOrgId(@RequestParam(value = "roleName") String roleName, @RequestParam(value = "orgId") Long orgId,@RequestParam(value = "isLock") Integer isLock, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);
+    List<SysUser> selectUserByRoleNameAndOrgId(@RequestParam(value = "roleName") String roleName, @RequestParam(value = "orgId") Long orgId, @RequestParam(value = "isLock") Integer isLock, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);
 
     @GetMapping("/userRole/getUserRoleId")
     List<Long> getUserRoleId(@RequestParam(value = "userId") Long userId, @RequestHeader(SecurityConstants.FROM_SOURCE) String source);

soc-api/soc-api-system/src/main/java/com/xunmei/system/api/factory/RemoteRoleFallbackFactory.java

@@ -1,6 +1,7 @@
 package com.xunmei.system.api.factory;
 
 
+import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.vo.IdNameVo;
 import com.xunmei.system.api.Eto.RoleConditionEto;
 import com.xunmei.system.api.RemoteRoleService;
@@ -39,7 +40,7 @@ public class RemoteRoleFallbackFactory implements FallbackFactory<RemoteRoleServ
             }
 
             @Override
-            public String selectRoleNameByUserId(Long userId, String source) {
+            public R<String> selectRoleNameByUserId(Long userId, String source) {
                 return null;
             }
 

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/access/controller/TMonitoringRetrievalPlanController.java

@@ -1,6 +1,7 @@
 package com.xunmei.core.access.controller;
 
 import com.xunmei.common.core.constant.SecurityConstants;
+import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.utils.StringUtils;
 import com.xunmei.common.core.web.controller.BaseController;
 import com.xunmei.common.core.web.domain.AjaxResult;
@@ -21,6 +22,7 @@ import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
+
 import java.text.ParseException;
 
 
@@ -42,6 +44,7 @@ public class TMonitoringRetrievalPlanController extends BaseController {
     private RemoteOrgService remoteOrgService;
     @Autowired
     private MonitorAccessReportService monitorAccessReportService;
+
     /**
      * 查询监控调阅计划列表
      */
@@ -53,7 +56,8 @@ public class TMonitoringRetrievalPlanController extends BaseController {
         TableDataInfo<TMonitoringRetrievalPlan> tMonitoringRetrievalPlanTableDataInfo = tMonitoringRetrievalPlanService.selectPage(tMonitoringRetrievalPlan);
         ajax.put("data", tMonitoringRetrievalPlanTableDataInfo);
         boolean admin = false;
-        String s = remoteRoleService.selectRoleNameByUserId(SecurityUtils.getUserId(), SecurityConstants.INNER);
+        R<String> r = remoteRoleService.selectRoleNameByUserId(SecurityUtils.getUserId(), SecurityConstants.INNER);
+        String s = r.getData();
         SysOrg sysOrg = remoteOrgService.selectSysOrgById(SecurityUtils.getLoginUser().getOrgId(), SecurityConstants.INNER);
         if (StringUtils.isNotEmpty(s)) {
             int i = s.indexOf(",");
@@ -85,6 +89,7 @@ public class TMonitoringRetrievalPlanController extends BaseController {
     public AjaxResult distribute(@PathVariable(value = "id", required = false) Long id) throws ParseException {
         return success(tMonitoringRetrievalPlanService.distribute(id));
     }
+
     /**
      * 撤回
      */
@@ -94,6 +99,7 @@ public class TMonitoringRetrievalPlanController extends BaseController {
     public AjaxResult withdraw(@PathVariable(value = "id", required = false) Long id) {
         return success(tMonitoringRetrievalPlanService.withdraw(id));
     }
+
     /**
      * 获取监控调阅计划详细信息
      */

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/evaluate/service/impl/CoreEvaluatePlanServiceImpl.java

@@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.toolkit.IdWorker;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.xunmei.common.core.constant.SecurityConstants;
+import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.utils.DateUtils;
 import com.xunmei.common.core.utils.StringUtils;
 import com.xunmei.common.core.web.page.TableDataInfo;
@@ -31,6 +32,7 @@ import com.xunmei.system.api.domain.SysUser;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
+
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletResponse;
 import java.text.SimpleDateFormat;
@@ -160,7 +162,8 @@ public class CoreEvaluatePlanServiceImpl extends ServiceImpl<CoreEvaluatePlanMap
     }
 
     private boolean check(Long userId) {
-        String s = remoteRoleService.selectRoleNameByUserId(userId, SecurityConstants.INNER);
+        R<String> r = remoteRoleService.selectRoleNameByUserId(userId, SecurityConstants.INNER);
+        String s = r.getData();
         boolean admin = false;
         if (StringUtils.isNotEmpty(s)) {
             int i = s.indexOf(",");
@@ -307,13 +310,13 @@ public class CoreEvaluatePlanServiceImpl extends ServiceImpl<CoreEvaluatePlanMap
 
     @Override
     public void generate(String cycle) {
-        if (cycle.equals("0")){
+        if (cycle.equals("0")) {
             this.monthTask();
         }
-        if (cycle.equals("1")){
-           this.seasonTask();
+        if (cycle.equals("1")) {
+            this.seasonTask();
         }
-        if (cycle.equals("2")){
+        if (cycle.equals("2")) {
             this.yearTask();
         }
 //        List<CoreEvaluatePlan> coreEvaluatePlans = baseMapper.selectPlanByCycle(cycle);
@@ -406,14 +409,14 @@ public class CoreEvaluatePlanServiceImpl extends ServiceImpl<CoreEvaluatePlanMap
     @Override
     public void monthTask() {
         //查询月计划
-        CoreEvaluatePlan coreEvaluatePlan=new CoreEvaluatePlan();
+        CoreEvaluatePlan coreEvaluatePlan = new CoreEvaluatePlan();
         coreEvaluatePlan.setEvaluateCycle("0");
         coreEvaluatePlan.setIsDeleted("0");
         coreEvaluatePlan.setIsDistribute("1");
         coreEvaluatePlan.setStatus("0");
         List<CoreEvaluatePlan> coreEvaluatePlans = baseMapper.selectCoreEvaluatePlanList(coreEvaluatePlan);
-        if (CollectionUtils.isNotEmpty(coreEvaluatePlans)){
-            coreEvaluatePlans.forEach(c->{
+        if (CollectionUtils.isNotEmpty(coreEvaluatePlans)) {
+            coreEvaluatePlans.forEach(c -> {
                 SysOrg org = new SysOrg();
                 org.setType(Integer.valueOf(c.getOrgType()));
                 org.setPath(c.getOrgPath());
@@ -457,14 +460,14 @@ public class CoreEvaluatePlanServiceImpl extends ServiceImpl<CoreEvaluatePlanMap
     @Override
     public void seasonTask() {
         //查询季度计划
-        CoreEvaluatePlan coreEvaluatePlan=new CoreEvaluatePlan();
+        CoreEvaluatePlan coreEvaluatePlan = new CoreEvaluatePlan();
         coreEvaluatePlan.setEvaluateCycle("1");
         coreEvaluatePlan.setIsDeleted("0");
         coreEvaluatePlan.setIsDistribute("1");
         coreEvaluatePlan.setStatus("0");
         List<CoreEvaluatePlan> coreEvaluatePlans = baseMapper.selectCoreEvaluatePlanList(coreEvaluatePlan);
-        if (CollectionUtils.isNotEmpty(coreEvaluatePlans)){
-            coreEvaluatePlans.forEach(c->{
+        if (CollectionUtils.isNotEmpty(coreEvaluatePlans)) {
+            coreEvaluatePlans.forEach(c -> {
                 SysOrg org = new SysOrg();
                 org.setType(Integer.valueOf(c.getOrgType()));
                 org.setPath(c.getOrgPath());
@@ -508,14 +511,14 @@ public class CoreEvaluatePlanServiceImpl extends ServiceImpl<CoreEvaluatePlanMap
     @Override
     public void yearTask() {
         //查询季度计划
-        CoreEvaluatePlan coreEvaluatePlan=new CoreEvaluatePlan();
+        CoreEvaluatePlan coreEvaluatePlan = new CoreEvaluatePlan();
         coreEvaluatePlan.setEvaluateCycle("2");
         coreEvaluatePlan.setIsDeleted("0");
         coreEvaluatePlan.setIsDistribute("1");
         coreEvaluatePlan.setStatus("0");
         List<CoreEvaluatePlan> coreEvaluatePlans = baseMapper.selectCoreEvaluatePlanList(coreEvaluatePlan);
-        if (CollectionUtils.isNotEmpty(coreEvaluatePlans)){
-            coreEvaluatePlans.forEach(c->{
+        if (CollectionUtils.isNotEmpty(coreEvaluatePlans)) {
+            coreEvaluatePlans.forEach(c -> {
                 SysOrg org = new SysOrg();
                 org.setType(Integer.valueOf(c.getOrgType()));
                 org.setPath(c.getOrgPath());

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/controller/SysRoleController.java

@@ -2,6 +2,7 @@ package com.xunmei.system.controller;
 
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.xunmei.common.core.domain.IdName;
+import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.vo.IdNameVo;
 import com.xunmei.common.core.web.controller.BaseController;
 import com.xunmei.common.core.web.domain.AjaxResult;
@@ -246,8 +247,8 @@ public class SysRoleController extends BaseController {
      */
     @InnerAuth
     @GetMapping(value = "/selectRoleNameByUserId")
-    public String selectRoleNameByUserId(Long userId) {
-        return roleService.selectRoleNameByUserId(userId);
+    public R<String> selectRoleNameByUserId(Long userId) {
+        return R.ok(roleService.selectRoleNameByUserId(userId));
     }
 
     @RequiresPermissions("system:role:query")
@@ -270,8 +271,8 @@ public class SysRoleController extends BaseController {
     }
 
     @GetMapping("/selectUserByRoleNameAndOrgId")
-    public List<SysUser> selectUserByRoleNameAndOrgId(@RequestParam(value = "roleName") String roleName, @RequestParam(value = "orgId") Long orgId,@RequestParam(value = "isLock") Integer isLock) {
-        return roleService.selectUserByRoleNameAndOrgId(roleName, orgId,isLock);
+    public List<SysUser> selectUserByRoleNameAndOrgId(@RequestParam(value = "roleName") String roleName, @RequestParam(value = "orgId") Long orgId, @RequestParam(value = "isLock") Integer isLock) {
+        return roleService.selectUserByRoleNameAndOrgId(roleName, orgId, isLock);
     }
 
     @GetMapping("/getRoles")