shilei
/
E10-secondev-new
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#E10人事自助门户-处理接口sql注入风险

Browse Source
main
wangjie 1 year ago
parent 8880ac0f5d
commit 6f14b4b336
15 changed files with 472 additions and 172 deletions
Show Stats Download Patch File Download Diff File

95
src/main/java/com/weaver/seconddev/jcldoor/cmd/DevCollaborationInfoCmd.java
Unescape Escape View File

@ -1,6 +1,8 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.framework.rpc.annotation.RpcReference;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
@ -100,22 +102,35 @@ public class DevCollaborationInfoCmd {
" from wfc_form_data l\n" +
" inner join fto_83 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.mutiresource='" + employeeId + "'\n" +
" and d.xsjfrq >='" + startday + "'" +
" and d.xsjfrq <='" + endday + "'" +
" and d.tenant_key='" + tenant_key + "'\n" +
" where d.mutiresource= ?\n" +
" and d.xsjfrq >= ?" +
" and d.xsjfrq <= ?" +
" and d.tenant_key= ?\n" +
" and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" +
" and l.tenant_key=?\n" +
" and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" +
" and p.tenant_key=?\n" +
" and p.delete_type=0\n" +
" order by d.id desc ";
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
log.info("DevDaysCountCmd sql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) {
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
devcou = String.valueOf(recordList.get(0).get("devcou"));
}
}
@ -157,22 +172,33 @@ public class DevCollaborationInfoCmd {
" from wfc_form_data l\n" +
" inner join fto_62 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.multiresource5='" + employeeId + "'\n" +
" and d.date2 >='" + startday + "'" +
" and d.date2 <='" + endday + "'" +
" and d.tenant_key='" + tenant_key + "'\n" +
" where d.multiresource5=?\n" +
" and d.date2 >=?" +
" and d.date2 <=?" +
" and d.tenant_key=?\n" +
" and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" +
" and l.tenant_key=?\n" +
" and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" +
" and p.tenant_key=?\n" +
" and p.delete_type=0\n" +
" order by d.id desc ";
log.info("DevQuestCountCmd dataSql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) {
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
devcou = String.valueOf(recordList.get(0).get("devcou"));
}
}
@ -196,30 +222,41 @@ public class DevCollaborationInfoCmd {
String sourceType = "LOGIC";
Map<String,Object> dataMap = new HashMap<String,Object>();
try{
try {
Calendar calendar = Calendar.getInstance();
int year = calendar.get(Calendar.YEAR);
if(StringUtils.isBlank(startday)){
startday = year+"-01-01";
if (StringUtils.isBlank(startday)) {
startday = year + "-01-01";
}
if(StringUtils.isBlank(endday)){
if (StringUtils.isBlank(endday)) {
endday = sdf.format(new Date());
}
if(StringUtils.isBlank(employeeId)){
if (StringUtils.isBlank(employeeId)) {
employeeId = String.valueOf(UserContext.getCurrentEmployeeId());
}
String sql = " select count(1) as count from cw_content " +
" where CREATOR='"+employeeId+"'\n" +
" and left(CREATE_TIME,10)>='"+startday+"' and left(CREATE_TIME,10) <= '"+endday+"'" ;
" where CREATOR=?\n" +
" and left(CREATE_TIME,10)>=? and left(CREATE_TIME,10) <= ?";
log.error("getInteractInfo sql:" + sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
log.error("getInteractInfo sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql, sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (recordList.size() > 0) {
dataMap = recordList.get(0);
}

31
src/main/java/com/weaver/seconddev/jcldoor/cmd/DevDaysCountCmd.java
Unescape Escape View File

@ -1,10 +1,9 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -65,22 +64,32 @@ public class DevDaysCountCmd {
" from wfc_form_data l\n" +
" inner join fto_83 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.mutiresource='" + employeeId + "'\n" +
" and d.xsjfrq >='" + startday + "'" +
" and d.xsjfrq <='" + endday + "'" +
" and d.tenant_key='" + tenant_key + "'\n" +
" where d.mutiresource=?\n" +
" and d.xsjfrq >=?" +
" and d.xsjfrq <=?" +
" and d.tenant_key=?\n" +
" and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" +
" and l.tenant_key=?\n" +
" and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" +
" and p.tenant_key=?\n" +
" and p.delete_type=0\n" +
" order by d.id desc ";
log.info("DevDaysCountCmd sql:" + dataSql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) {
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
devcou = String.valueOf(recordList.get(0).get("devcou"));
}
}

30
src/main/java/com/weaver/seconddev/jcldoor/cmd/DevQuestCountCmd.java
Unescape Escape View File

@ -1,6 +1,8 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -66,21 +68,33 @@ public class DevQuestCountCmd {
" from wfc_form_data l\n" +
" inner join fto_62 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.multiresource5='" + employeeId + "'\n" +
" and d.date2 >='" + startday + "'" +
" and d.date2 <='" + endday + "'" +
" and d.tenant_key='" + tenant_key + "'\n" +
" where d.multiresource5=?\n" +
" and d.date2 >=?" +
" and d.date2 <=?" +
" and d.tenant_key=?\n" +
" and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" +
" and l.tenant_key=?\n" +
" and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" +
" and p.tenant_key=?\n" +
" and p.delete_type=0\n" +
" order by d.id desc ";
log.info("DevQuestCountCmd dataSql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) {
devcou = String.valueOf(recordList.get(0).get("devcou"));
}

20
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalBirthdayWishesCmd.java
Unescape Escape View File

@ -3,6 +3,8 @@ package com.weaver.seconddev.jcldoor.cmd;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.seconddev.jcldoor.util.CommonUtils;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
@ -14,10 +16,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
/**
*
@ -71,13 +70,20 @@ public class PortalBirthdayWishesCmd {
" inner join eteams.position c on c.id = k.position\n" +
"where\n" +
" BIRTHDAY is not null\n" +
" and right(left(BIRTHDAY, 10), 5) = '"+day+"'\n" +
" and right(left(BIRTHDAY, 10), 5) = ?\n" +
" and k.status = 'normal'\n" +
" and k.type = 'inside'\n" +
" and k.tenant_key = '" + tenant_key + "'";
" and k.tenant_key = ?";
List<String> strlist = new ArrayList<>(100);
strlist.add(day);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
log.error("getuserIfo--dataSql:" + dataSql);
Map<String, Object> data = databaseUtils.execute(sourceType, groupId, dataSql);
Map<String, Object> data = databaseUtils.executeForQuery(sourceType, groupId, dataSql, sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(data);
if (CollectionUtils.isNotEmpty(recordList)) {
for(Map<String, Object> map:recordList){

47
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalCollaborationInfoCmd.java
Unescape Escape View File

@ -1,6 +1,8 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.framework.rpc.annotation.RpcReference;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
@ -107,16 +109,24 @@ public class PortalCollaborationInfoCmd {
String sql =" select count(1) as count\n" +
" from blog " +
" where creator='"+employeeId+"'\n" +
" and left(BLOG_TIME,10) >='"+startday+"'\n" +
" and left(BLOG_TIME,10) <='"+endday+"'\n" +
" where creator=?\n" +
" and left(BLOG_TIME,10) >=?\n" +
" and left(BLOG_TIME,10) <=?\n" +
" and type='blog'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" +
" and TENANT_KEY = ?\n" +
" and MODULE = 'blog'\n" +
" and DELETE_TYPE = 0\n" +
" and CONTENT is not null" ;
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
dataMap = recordList.get(0);
@ -159,11 +169,18 @@ public class PortalCollaborationInfoCmd {
}
String sql = " select count(1) as count from document " +
" where CREATOR='"+employeeId+"'\n" +
" and left(create_time,10)>='"+startday+"' and left(create_time,10) <= '"+endday+"'" ;
" where CREATOR=?\n" +
" and left(create_time,10)>=? and left(create_time,10) <= ?" ;
log.error("PortalDocCreateCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
dataMap = recordList.get(0);
@ -205,11 +222,19 @@ public class PortalCollaborationInfoCmd {
}
String sql = " select count(1) as count from cw_content " +
" where CREATOR='"+employeeId+"'\n" +
" and left(CREATE_TIME,10)>='"+startday+"' and left(CREATE_TIME,10) <= '"+endday+"'" ;
" where CREATOR=?\n" +
" and left(CREATE_TIME,10)>=? and left(CREATE_TIME,10) <= ?" ;
log.error("PortalInteractCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
dataMap = recordList.get(0);

19
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalDailyCountCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -60,17 +61,25 @@ public class PortalDailyCountCmd {
String sql =" select count(1) as count\n" +
" from blog " +
" where creator='"+employeeId+"'\n" +
" and left(BLOG_TIME,10) >='"+startday+"'\n" +
" and left(BLOG_TIME,10) <='"+endday+"'\n" +
" where creator=?\n" +
" and left(BLOG_TIME,10) >=?\n" +
" and left(BLOG_TIME,10) <=?\n" +
" and type='blog'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" +
" and TENANT_KEY = ?\n" +
" and MODULE = 'blog'\n" +
" and DELETE_TYPE = 0\n" +
" and CONTENT is not null" ;
log.error("PortalDailyCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
dataMap = recordList.get(0);

15
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalDocCreateCountCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -64,11 +65,19 @@ public class PortalDocCreateCountCmd {
}
String sql = " select count(1) as count from document " +
" where CREATOR='"+employeeId+"'\n" +
" and left(create_time,10)>='"+startday+"' and left(create_time,10) <= '"+endday+"'" ;
" where CREATOR=?\n" +
" and left(create_time,10)>=? and left(create_time,10) <= ?" ;
log.error("PortalDocCreateCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
dataMap = recordList.get(0);

15
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalInteractCountCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -63,11 +64,19 @@ public class PortalInteractCountCmd {
}
String sql = " select count(1) as count from cw_content " +
" where CREATOR='"+employeeId+"'\n" +
" and left(CREATE_TIME,10)>='"+startday+"' and left(CREATE_TIME,10) <= '"+endday+"'" ;
" where CREATOR=?\n" +
" and left(CREATE_TIME,10)>= ? and left(CREATE_TIME,10) <= ?" ;
log.error("PortalInteractCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
dataMap = recordList.get(0);

112
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalPerformanceInfoCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -80,17 +81,25 @@ public class PortalPerformanceInfoCmd {
String sql =" select left(k.real_period,10) as real_period,left(k.real_period,7) as period_month,k.kpi_scheme,k.score\n" +
" from (select real_period,kpi_scheme,score\n" +
" from hr_kpi_flow \n" +
" where kpi_user='"+employeeId+"' \n" +
" where kpi_user=? \n" +
" and module = 'kpiFlow' \n" +
" and date_type = 'month' \n" +
" and delete_type = '0' " +
" and tenant_key='"+tenant_key+"'\n" +
" and tenant_key=?\n" +
" and FLOW_STATUS in('noApprove','approve','finished')\n" +
" order by real_period desc\n" +
") k limit 1 ";
log.error("sql20-1:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(CollectionUtils.isNotEmpty(recordList)){
Map<String,Object> recordMap = recordList.get(0);
@ -116,14 +125,22 @@ public class PortalPerformanceInfoCmd {
if(StringUtils.isNotBlank(kpi_scheme)){
String sql =" select indicator_type,indicator_description,weight \n" +
" from hr_kpi_scheme_indicator " +
" where scheme_id='"+kpi_scheme+"' " +
" where scheme_id=? " +
" and indicator_mode='quantify'\n" +
" and status='on' " +
" and delete_type = '0'" +
" and tenant_key = '"+tenant_key+"'" ;
" and tenant_key = ?" ;
log.error("sql2:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(kpi_scheme);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
log.error("recordList:"+recordList.size());
@ -141,13 +158,13 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in( " +
" select id\n" +
" from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" +
" where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" +
" and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" +
" )\n" +
" and module = 'kpiSchemeSetting'\n" +
" and tenant_key = '"+tenant_key+"'\n" +
" and tenant_key = ?\n" +
" and delete_type = '0'\n" +
" and property in('weight', 'describe', 'type')\n" +
" and data_row in ( \n" +
@ -158,21 +175,34 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in ( " +
" select id\n" +
" from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" +
" where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" +
" and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" +
" )\n" +
" and PROPERTY = 'weight'\n" +
" and MODULE = 'kpiSchemeSetting'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" +
" and TENANT_KEY = ?\n" +
" and DELETE_TYPE = '0'\n" +
" order by name desc\n" +
" ) w limit 1 \n" +
" ) p\n" +
" )";
log.error("sql3:"+sql);
Map<String, Object> result2 = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist2 = new ArrayList<>(100);
strlist2.add(kpi_scheme);
strlist2.add(tenant_key);
strlist2.add(tenant_key);
strlist2.add(kpi_scheme);
strlist2.add(tenant_key);
strlist2.add(tenant_key);
List<SqlParamEntity> sqlparam2 = databaseUtils.getSqlParamEntity(strlist2);
Map<String, Object> result2 = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam2);
List<Map<String,Object>> recordList2 = databaseUtils.getDataSourceList(result2);
log.error("recordList2:"+recordList2.size());
for(int i=0;i<recordList2.size();i++){
@ -206,19 +236,28 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in( " +
" select id\n" +
" from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" +
" where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" +
" and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" +
" )\n" +
" and PROPERTY = 'weight'\n" +
" and MODULE = 'kpiSchemeSetting'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" +
" and TENANT_KEY = ?\n" +
" and DELETE_TYPE = '0'\n" +
" order by name desc\n" +
") w limit 2" ;
log.error("sql4:"+sql);
Map<String, Object> result3 = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist3 = new ArrayList<>(100);
strlist3.add(kpi_scheme);
strlist3.add(tenant_key);
strlist3.add(tenant_key);
List<SqlParamEntity> sqlparam3 = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result3 = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam3);
List<Map<String,Object>> recordList3 = databaseUtils.getDataSourceList(result3);
for(int k=0;k<recordList3.size();k++){
Map<String,Object> recordMap3 = recordList3.get(k);
@ -232,20 +271,29 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in( " +
" select id\n" +
" from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" +
" where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" +
" and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" +
" )\n" +
" and MODULE = 'kpiSchemeSetting'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" +
" and TENANT_KEY = ?\n" +
" and DELETE_TYPE = '0'\n" +
" and property in('weight', 'describe', 'type')\n" +
" and data_row in("+data_row+")" ;
" and data_row in(?)" ;
log.error("sql5:"+sql);
Map<String, Object> result2 = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist2 = new ArrayList<>(100);
strlist2.add(kpi_scheme);
strlist2.add(tenant_key);
strlist2.add(tenant_key);
strlist2.add(data_row);
List<SqlParamEntity> sqlparam2 = databaseUtils.getSqlParamEntity(strlist2);
Map<String, Object> result2 = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam2);
List<Map<String,Object>> recordList2 = databaseUtils.getDataSourceList(result2);
for(int i=0;i<recordList2.size();i++){
@ -299,20 +347,30 @@ public class PortalPerformanceInfoCmd {
}
String sql =" select score from hr_kpi_flow " +
" where kpi_user='"+employeeId+"' " +
" and left(real_period,10) >= '" +startDay+"'" +
" and left(real_period,10) <='" + endDay +"'" +
" where kpi_user=? " +
" and left(real_period,10) >= ?" +
" and left(real_period,10) <=?" +
" and module = 'kpiFlow'" +
" and date_type = 'month'" +
" and flow_status in('noApprove','approve','finished') \n" +
" and delete_type = '0'" +
" and tenant_key='"+tenant_key+"' " ;
" and tenant_key=? " ;
log.error("getWholeYearKpi2-sql:"+sql);
dataMap = new HashMap<String,String>();
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startDay+"");
strlist.add(endDay+"");
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(CollectionUtils.isNotEmpty(recordList)){
Map<String,Object> recordMap = recordList.get(0);

28
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalRiskInfoCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -12,6 +13,7 @@ import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.time.LocalDate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -83,16 +85,16 @@ public class PortalRiskInfoCmd {
" SELECT t.riskid,t.risk_value,t.tenant_key,t.userid\n" +
" FROM pr_indrisk_data t \n" +
" WHERE t.delete_type = 0 \n" +
" AND t.tenant_key = '"+tenant_key+"'\n" +
" AND t.risk_date >= '"+startDay+"'\n" +
" AND t.userid = '"+employeeId+"'\n" +
" AND t.tenant_key = ?\n" +
" AND t.risk_date >= ?\n" +
" AND t.userid = ?\n" +
" union all\n" +
" SELECT t.riskid,t.risk_value,t.tenant_key,t.userid \n" +
" FROM pr_indrisk_data t \n" +
" WHERE t.delete_type = 0 \n" +
" AND t.tenant_key = '"+tenant_key+"' \n" +
" AND t.risk_date >= '"+startDay+"' \n" +
" AND t.userid IN (select cid from eteams.emp_link where pid= '"+employeeId+"' and relation = 'senior') \n" +
" AND t.tenant_key = ? \n" +
" AND t.risk_date >= ? \n" +
" AND t.userid IN (select cid from eteams.emp_link where pid= ? and relation = 'senior') \n" +
" ) k \n" +
" GROUP BY k.riskid,\n" +
" k.risk_value,\n" +
@ -111,7 +113,19 @@ public class PortalRiskInfoCmd {
log.error("PortalRiskInfoCmd:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(tenant_key);
strlist.add(startDay+"");
strlist.add(employeeId+"");
strlist.add(tenant_key);
strlist.add(startDay+"");
strlist.add(employeeId+"");
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
for(int i=0;i<recordList.size();i++){
Map<String,Object> recordMap2 = recordList.get(i);

57
src/main/java/com/weaver/seconddev/jcldoor/cmd/ProjectAcceptanceInfoCmd.java
Unescape Escape View File

@ -1,6 +1,7 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -67,24 +68,48 @@ public class ProjectAcceptanceInfoCmd {
" CONVERT(ifnull(sum(cast(t1.htyxje as decimal(18,2))),0),CHAR) as htyxje," +
" CONVERT(ifnull(sum(cast(t1.sumsk as decimal(18,2))),0),CHAR) as sumsk " +
" from uf_jxhs_xmys t1 \n" +
" where t1.ysrq>='" +startday+"' and t1.ysrq<='"+endday+"' " +
" and ( t1.qyjl = '"+employeeId+"' "+
" or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.ysry = '"+employeeId+"'\n" +
" or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.dqfzr = '"+employeeId+"'\n" +
" or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.tdjl = '"+employeeId+"'\n" +
" or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.tdfzr = '"+employeeId+"'\n" +
" or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.jgfzr = '"+employeeId+"'\n" +
" or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.dqzj = '"+employeeId+"'\n" +
" or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"') " +
" where t1.ysrq>=? and t1.ysrq<=? " +
" and ( t1.qyjl = ? "+
" or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.ysry = ?\n" +
" or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqfzr = ?\n" +
" or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdjl = ?\n" +
" or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdfzr = ?\n" +
" or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.jgfzr = ?\n" +
" or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqzj = ?\n" +
" or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?) " +
" ) " ;
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
dataMap.put("datas",recordList.get(0));

96
src/main/java/com/weaver/seconddev/jcldoor/cmd/ProjectCollaborationInfoCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -82,24 +83,46 @@ public class ProjectCollaborationInfoCmd {
" CONVERT(ifnull(sum(cast(t1.htyxje as decimal(18,2))),0),CHAR) as htyxje," +
" CONVERT(ifnull(sum(cast(t1.sumsk as decimal(18,2))),0),CHAR) as sumsk " +
" from uf_jxhs_xmys t1 \n" +
" where t1.ysrq>='" +startday+"' and t1.ysrq<='"+endday+"' " +
" and ( t1.qyjl = '"+employeeId+"' "+
" or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.ysry = '"+employeeId+"'\n" +
" or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.dqfzr = '"+employeeId+"'\n" +
" or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.tdjl = '"+employeeId+"'\n" +
" or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.tdfzr = '"+employeeId+"'\n" +
" or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.jgfzr = '"+employeeId+"'\n" +
" or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" +
" or t1.dqzj = '"+employeeId+"'\n" +
" or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"') " +
" where t1.ysrq>=? and t1.ysrq<=? " +
" and ( t1.qyjl = ? "+
" or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.ysry = ?\n" +
" or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqfzr = ?\n" +
" or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdjl = ?\n" +
" or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdfzr = ?\n" +
" or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.jgfzr = ?\n" +
" or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqzj = ?\n" +
" or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?) " +
" ) " ;
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
dataMap.put("datas",recordList.get(0));
@ -152,34 +175,53 @@ public class ProjectCollaborationInfoCmd {
" LEFT JOIN ebdf_physical_data epd on t1.id = epd.form_data_id and epd.delete_type = 0 \n" +
" WHERE t1.skje != 0 \n" +
" and t1.skje IS NOT NULL " +
" and t1.xshsny >= '" + startday+"' and t1.xshsny <='"+endday+"' "+
" and t1.xshsny >= ? and t1.xshsny <=? "+
" and (" +
" '"+employeeId+"' IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" +
" ? IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" +
" or cast(t1.xsjl AS decimal(25,0)) in( \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" or cast(t1.kfry AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" or cast(t1.qdjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" or cast(t1.xmjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" )\n" +
" order by t1.id " ;
log.error("PorojectReceiptsInfoCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
;
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(!CollectionUtils.isEmpty(recordList)){
dataMap.put("datas",recordList.get(0));

42
src/main/java/com/weaver/seconddev/jcldoor/cmd/ProjectReceiptsInfoCmd.java
Unescape Escape View File

@ -1,6 +1,7 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext;
@ -76,34 +77,53 @@ public class ProjectReceiptsInfoCmd {
" LEFT JOIN ebdf_physical_data epd on t1.id = epd.form_data_id and epd.delete_type = 0 \n" +
" WHERE t1.skje != 0 \n" +
" and t1.skje IS NOT NULL " +
" and t1.xshsny >= '" + startday+"' and t1.xshsny <='"+endday+"' "+
" and t1.xshsny >= ? and t1.xshsny <=? "+
" and (" +
" '"+employeeId+"' IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" +
" ? IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" +
" or cast(t1.xsjl AS decimal(25,0)) in( \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" or cast(t1.kfry AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" or cast(t1.qdjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" or cast(t1.xmjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " +
" SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" +
" )\n" +
" order by t1.id " ;
log.error("PorojectReceiptsInfoCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
;
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(!CollectionUtils.isEmpty(recordList)){
dataMap.put("datas",recordList.get(0));

20
src/main/java/com/weaver/seconddev/jcldoor/cmd/UserInfoCmd.java
Unescape Escape View File

@ -1,6 +1,7 @@
package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.framework.rpc.annotation.RpcReference;
import com.weaver.seconddev.jcldoor.util.CommonUtils;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
@ -19,10 +20,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
/**
*
@ -83,13 +81,21 @@ public class UserInfoCmd {
" left join eteams.department b on a.department = b.id " +
" left join eteams.position c on c.id = a.position " +
"where " +
" a.id = '" + userid + "' " +
" and a.tenant_key = '" + tenant_key + "' " +
" a.id = ? " +
" and a.tenant_key = ? " +
" and a.status = 'normal' " +
" and a.type = 'inside'";
log.error("getuserIfo--dataSql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<String> strlist = new ArrayList<>(100);
strlist.add(userid);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) {
recordMap = recordList.get(0);

17
src/main/java/com/weaver/seconddev/jcldoor/util/DatabaseUtils.java
Unescape Escape View File

@ -4,6 +4,7 @@ import cn.hutool.core.codec.Base64;
import cn.hutool.core.collection.CollectionUtil;
import com.alibaba.fastjson.JSONObject;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.ebuilder.datasource.api.query.dto.dw.DynamicParamDto;
import com.weaver.ebuilder.datasource.api.query.dto.dw.FieldQuery;
import com.weaver.ebuilder.datasource.api.query.dto.dw.GroupQuery;
@ -273,4 +274,20 @@ public class DatabaseUtils {
return new StringBuffer().append(sql).append(
" LIMIT "+start+","+(end-start)).toString();
}
/**
* sql
* @param list
* @return
*/
public List<SqlParamEntity> getSqlParamEntity(List<String> list){
List<SqlParamEntity> sqlparam = new ArrayList<SqlParamEntity>();
for (String str : list){
SqlParamEntity sqlParamEntity = new SqlParamEntity();
sqlParamEntity.setParamType(SqlParamType.VARCHAR);
sqlParamEntity.setValue(str);
sqlparam.add(sqlParamEntity);
}
return sqlparam;
}
}

Write Preview
Loading…
Cancel
Save