shilei
/
E10-secondev-new
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#E10人事自助门户-处理接口sql注入风险

Browse Source
main
wangjie 1 year ago
parent 8880ac0f5d
commit 6f14b4b336
15 changed files with 472 additions and 172 deletions
Show Stats Download Patch File Download Diff File

95
src/main/java/com/weaver/seconddev/jcldoor/cmd/DevCollaborationInfoCmd.java
Unescape Escape View File

@ -1,6 +1,8 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.framework.rpc.annotation.RpcReference; import com.weaver.framework.rpc.annotation.RpcReference;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
@ -100,22 +102,35 @@ public class DevCollaborationInfoCmd {
" from wfc_form_data l\n" + " from wfc_form_data l\n" +
" inner join fto_83 d on d.id = l.dataid\n" + " inner join fto_83 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" + " inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.mutiresource='" + employeeId + "'\n" + " where d.mutiresource= ?\n" +
" and d.xsjfrq >='" + startday + "'" + " and d.xsjfrq >= ?" +
" and d.xsjfrq <='" + endday + "'" + " and d.xsjfrq <= ?" +
" and d.tenant_key='" + tenant_key + "'\n" + " and d.tenant_key= ?\n" +
" and d.is_delete='0'\n" + " and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" + " and l.tenant_key=?\n" +
" and l.delete_type=0\n" + " and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" + " and p.tenant_key=?\n" +
" and p.delete_type=0\n" + " and p.delete_type=0\n" +
" order by d.id desc "; " order by d.id desc ";
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
log.info("DevDaysCountCmd sql:" + dataSql); log.info("DevDaysCountCmd sql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql); Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) { if(recordList.size()>0){
devcou = String.valueOf(recordList.get(0).get("devcou")); devcou = String.valueOf(recordList.get(0).get("devcou"));
} }
} }
@ -157,22 +172,33 @@ public class DevCollaborationInfoCmd {
" from wfc_form_data l\n" + " from wfc_form_data l\n" +
" inner join fto_62 d on d.id = l.dataid\n" + " inner join fto_62 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" + " inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.multiresource5='" + employeeId + "'\n" + " where d.multiresource5=?\n" +
" and d.date2 >='" + startday + "'" + " and d.date2 >=?" +
" and d.date2 <='" + endday + "'" + " and d.date2 <=?" +
" and d.tenant_key='" + tenant_key + "'\n" + " and d.tenant_key=?\n" +
" and d.is_delete='0'\n" + " and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" + " and l.tenant_key=?\n" +
" and l.delete_type=0\n" + " and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" + " and p.tenant_key=?\n" +
" and p.delete_type=0\n" + " and p.delete_type=0\n" +
" order by d.id desc "; " order by d.id desc ";
log.info("DevQuestCountCmd dataSql:" + dataSql); log.info("DevQuestCountCmd dataSql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result); List<String> strlist = new ArrayList<>(100);
if (CollectionUtils.isNotEmpty(recordList)) { strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
devcou = String.valueOf(recordList.get(0).get("devcou")); devcou = String.valueOf(recordList.get(0).get("devcou"));
} }
} }
@ -196,30 +222,41 @@ public class DevCollaborationInfoCmd {
String sourceType = "LOGIC"; String sourceType = "LOGIC";
Map<String,Object> dataMap = new HashMap<String,Object>(); Map<String,Object> dataMap = new HashMap<String,Object>();
try{ try {
Calendar calendar = Calendar.getInstance(); Calendar calendar = Calendar.getInstance();
int year = calendar.get(Calendar.YEAR); int year = calendar.get(Calendar.YEAR);
if(StringUtils.isBlank(startday)){ if (StringUtils.isBlank(startday)) {
startday = year+"-01-01"; startday = year + "-01-01";
} }
if(StringUtils.isBlank(endday)){ if (StringUtils.isBlank(endday)) {
endday = sdf.format(new Date()); endday = sdf.format(new Date());
} }
if(StringUtils.isBlank(employeeId)){ if (StringUtils.isBlank(employeeId)) {
employeeId = String.valueOf(UserContext.getCurrentEmployeeId()); employeeId = String.valueOf(UserContext.getCurrentEmployeeId());
} }
String sql = " select count(1) as count from cw_content " + String sql = " select count(1) as count from cw_content " +
" where CREATOR='"+employeeId+"'\n" + " where CREATOR=?\n" +
" and left(CREATE_TIME,10)>='"+startday+"' and left(CREATE_TIME,10) <= '"+endday+"'" ; " and left(CREATE_TIME,10)>=? and left(CREATE_TIME,10) <= ?";
log.error("getInteractInfo sql:"+sql); log.error("getInteractInfo sql:" + sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql, sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (recordList.size() > 0) {
dataMap = recordList.get(0); dataMap = recordList.get(0);
} }

31
src/main/java/com/weaver/seconddev/jcldoor/cmd/DevDaysCountCmd.java
Unescape Escape View File

@ -1,10 +1,9 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -65,22 +64,32 @@ public class DevDaysCountCmd {
" from wfc_form_data l\n" + " from wfc_form_data l\n" +
" inner join fto_83 d on d.id = l.dataid\n" + " inner join fto_83 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" + " inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.mutiresource='" + employeeId + "'\n" + " where d.mutiresource=?\n" +
" and d.xsjfrq >='" + startday + "'" + " and d.xsjfrq >=?" +
" and d.xsjfrq <='" + endday + "'" + " and d.xsjfrq <=?" +
" and d.tenant_key='" + tenant_key + "'\n" + " and d.tenant_key=?\n" +
" and d.is_delete='0'\n" + " and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" + " and l.tenant_key=?\n" +
" and l.delete_type=0\n" + " and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" + " and p.tenant_key=?\n" +
" and p.delete_type=0\n" + " and p.delete_type=0\n" +
" order by d.id desc "; " order by d.id desc ";
log.info("DevDaysCountCmd sql:" + dataSql); log.info("DevDaysCountCmd sql:" + dataSql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql); List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) {
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){
devcou = String.valueOf(recordList.get(0).get("devcou")); devcou = String.valueOf(recordList.get(0).get("devcou"));
} }
} }

30
src/main/java/com/weaver/seconddev/jcldoor/cmd/DevQuestCountCmd.java
Unescape Escape View File

@ -1,6 +1,8 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -66,21 +68,33 @@ public class DevQuestCountCmd {
" from wfc_form_data l\n" + " from wfc_form_data l\n" +
" inner join fto_62 d on d.id = l.dataid\n" + " inner join fto_62 d on d.id = l.dataid\n" +
" inner join wfc_requestbase p on p.requestid = l.requestid\n" + " inner join wfc_requestbase p on p.requestid = l.requestid\n" +
" where d.multiresource5='" + employeeId + "'\n" + " where d.multiresource5=?\n" +
" and d.date2 >='" + startday + "'" + " and d.date2 >=?" +
" and d.date2 <='" + endday + "'" + " and d.date2 <=?" +
" and d.tenant_key='" + tenant_key + "'\n" + " and d.tenant_key=?\n" +
" and d.is_delete='0'\n" + " and d.is_delete='0'\n" +
" and l.tenant_key='" + tenant_key + "'\n" + " and l.tenant_key=?\n" +
" and l.delete_type=0\n" + " and l.delete_type=0\n" +
" and p.tenant_key='" + tenant_key + "'\n" + " and p.tenant_key=?\n" +
" and p.delete_type=0\n" + " and p.delete_type=0\n" +
" order by d.id desc "; " order by d.id desc ";
log.info("DevQuestCountCmd dataSql:" + dataSql); log.info("DevQuestCountCmd dataSql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql); List<String> strlist = new ArrayList<>(100);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result); strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
strlist.add(tenant_key);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) { if (CollectionUtils.isNotEmpty(recordList)) {
devcou = String.valueOf(recordList.get(0).get("devcou")); devcou = String.valueOf(recordList.get(0).get("devcou"));
} }

20
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalBirthdayWishesCmd.java
Unescape Escape View File

@ -3,6 +3,8 @@ package com.weaver.seconddev.jcldoor.cmd;
import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.seconddev.jcldoor.util.CommonUtils; import com.weaver.seconddev.jcldoor.util.CommonUtils;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
@ -14,10 +16,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/** /**
* *
@ -71,13 +70,20 @@ public class PortalBirthdayWishesCmd {
" inner join eteams.position c on c.id = k.position\n" + " inner join eteams.position c on c.id = k.position\n" +
"where\n" + "where\n" +
" BIRTHDAY is not null\n" + " BIRTHDAY is not null\n" +
" and right(left(BIRTHDAY, 10), 5) = '"+day+"'\n" + " and right(left(BIRTHDAY, 10), 5) = ?\n" +
" and k.status = 'normal'\n" + " and k.status = 'normal'\n" +
" and k.type = 'inside'\n" + " and k.type = 'inside'\n" +
" and k.tenant_key = '" + tenant_key + "'"; " and k.tenant_key = ?";
List<String> strlist = new ArrayList<>(100);
strlist.add(day);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
log.error("getuserIfo--dataSql:" + dataSql); log.error("getuserIfo--dataSql:" + dataSql);
Map<String, Object> data = databaseUtils.execute(sourceType, groupId, dataSql); Map<String, Object> data = databaseUtils.executeForQuery(sourceType, groupId, dataSql, sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(data); List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(data);
if (CollectionUtils.isNotEmpty(recordList)) { if (CollectionUtils.isNotEmpty(recordList)) {
for(Map<String, Object> map:recordList){ for(Map<String, Object> map:recordList){

47
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalCollaborationInfoCmd.java
Unescape Escape View File

@ -1,6 +1,8 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.framework.rpc.annotation.RpcReference; import com.weaver.framework.rpc.annotation.RpcReference;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
@ -107,16 +109,24 @@ public class PortalCollaborationInfoCmd {
String sql =" select count(1) as count\n" + String sql =" select count(1) as count\n" +
" from blog " + " from blog " +
" where creator='"+employeeId+"'\n" + " where creator=?\n" +
" and left(BLOG_TIME,10) >='"+startday+"'\n" + " and left(BLOG_TIME,10) >=?\n" +
" and left(BLOG_TIME,10) <='"+endday+"'\n" + " and left(BLOG_TIME,10) <=?\n" +
" and type='blog'\n" + " and type='blog'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" + " and TENANT_KEY = ?\n" +
" and MODULE = 'blog'\n" + " and MODULE = 'blog'\n" +
" and DELETE_TYPE = 0\n" + " and DELETE_TYPE = 0\n" +
" and CONTENT is not null" ; " and CONTENT is not null" ;
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){ if(recordList.size()>0){
dataMap = recordList.get(0); dataMap = recordList.get(0);
@ -159,11 +169,18 @@ public class PortalCollaborationInfoCmd {
} }
String sql = " select count(1) as count from document " + String sql = " select count(1) as count from document " +
" where CREATOR='"+employeeId+"'\n" + " where CREATOR=?\n" +
" and left(create_time,10)>='"+startday+"' and left(create_time,10) <= '"+endday+"'" ; " and left(create_time,10)>=? and left(create_time,10) <= ?" ;
log.error("PortalDocCreateCountCmd sql:"+sql); log.error("PortalDocCreateCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){ if(recordList.size()>0){
dataMap = recordList.get(0); dataMap = recordList.get(0);
@ -205,11 +222,19 @@ public class PortalCollaborationInfoCmd {
} }
String sql = " select count(1) as count from cw_content " + String sql = " select count(1) as count from cw_content " +
" where CREATOR='"+employeeId+"'\n" + " where CREATOR=?\n" +
" and left(CREATE_TIME,10)>='"+startday+"' and left(CREATE_TIME,10) <= '"+endday+"'" ; " and left(CREATE_TIME,10)>=? and left(CREATE_TIME,10) <= ?" ;
log.error("PortalInteractCountCmd sql:"+sql); log.error("PortalInteractCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){ if(recordList.size()>0){
dataMap = recordList.get(0); dataMap = recordList.get(0);

19
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalDailyCountCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -60,17 +61,25 @@ public class PortalDailyCountCmd {
String sql =" select count(1) as count\n" + String sql =" select count(1) as count\n" +
" from blog " + " from blog " +
" where creator='"+employeeId+"'\n" + " where creator=?\n" +
" and left(BLOG_TIME,10) >='"+startday+"'\n" + " and left(BLOG_TIME,10) >=?\n" +
" and left(BLOG_TIME,10) <='"+endday+"'\n" + " and left(BLOG_TIME,10) <=?\n" +
" and type='blog'\n" + " and type='blog'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" + " and TENANT_KEY = ?\n" +
" and MODULE = 'blog'\n" + " and MODULE = 'blog'\n" +
" and DELETE_TYPE = 0\n" + " and DELETE_TYPE = 0\n" +
" and CONTENT is not null" ; " and CONTENT is not null" ;
log.error("PortalDailyCountCmd sql:"+sql); log.error("PortalDailyCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){ if(recordList.size()>0){
dataMap = recordList.get(0); dataMap = recordList.get(0);

15
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalDocCreateCountCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -64,11 +65,19 @@ public class PortalDocCreateCountCmd {
} }
String sql = " select count(1) as count from document " + String sql = " select count(1) as count from document " +
" where CREATOR='"+employeeId+"'\n" + " where CREATOR=?\n" +
" and left(create_time,10)>='"+startday+"' and left(create_time,10) <= '"+endday+"'" ; " and left(create_time,10)>=? and left(create_time,10) <= ?" ;
log.error("PortalDocCreateCountCmd sql:"+sql); log.error("PortalDocCreateCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){ if(recordList.size()>0){
dataMap = recordList.get(0); dataMap = recordList.get(0);

15
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalInteractCountCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -63,11 +64,19 @@ public class PortalInteractCountCmd {
} }
String sql = " select count(1) as count from cw_content " + String sql = " select count(1) as count from cw_content " +
" where CREATOR='"+employeeId+"'\n" + " where CREATOR=?\n" +
" and left(CREATE_TIME,10)>='"+startday+"' and left(CREATE_TIME,10) <= '"+endday+"'" ; " and left(CREATE_TIME,10)>= ? and left(CREATE_TIME,10) <= ?" ;
log.error("PortalInteractCountCmd sql:"+sql); log.error("PortalInteractCountCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startday);
strlist.add(endday);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(recordList.size()>0){ if(recordList.size()>0){
dataMap = recordList.get(0); dataMap = recordList.get(0);

112
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalPerformanceInfoCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -80,17 +81,25 @@ public class PortalPerformanceInfoCmd {
String sql =" select left(k.real_period,10) as real_period,left(k.real_period,7) as period_month,k.kpi_scheme,k.score\n" + String sql =" select left(k.real_period,10) as real_period,left(k.real_period,7) as period_month,k.kpi_scheme,k.score\n" +
" from (select real_period,kpi_scheme,score\n" + " from (select real_period,kpi_scheme,score\n" +
" from hr_kpi_flow \n" + " from hr_kpi_flow \n" +
" where kpi_user='"+employeeId+"' \n" + " where kpi_user=? \n" +
" and module = 'kpiFlow' \n" + " and module = 'kpiFlow' \n" +
" and date_type = 'month' \n" + " and date_type = 'month' \n" +
" and delete_type = '0' " + " and delete_type = '0' " +
" and tenant_key='"+tenant_key+"'\n" + " and tenant_key=?\n" +
" and FLOW_STATUS in('noApprove','approve','finished')\n" + " and FLOW_STATUS in('noApprove','approve','finished')\n" +
" order by real_period desc\n" + " order by real_period desc\n" +
") k limit 1 "; ") k limit 1 ";
log.error("sql20-1:"+sql); log.error("sql20-1:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(CollectionUtils.isNotEmpty(recordList)){ if(CollectionUtils.isNotEmpty(recordList)){
Map<String,Object> recordMap = recordList.get(0); Map<String,Object> recordMap = recordList.get(0);
@ -116,14 +125,22 @@ public class PortalPerformanceInfoCmd {
if(StringUtils.isNotBlank(kpi_scheme)){ if(StringUtils.isNotBlank(kpi_scheme)){
String sql =" select indicator_type,indicator_description,weight \n" + String sql =" select indicator_type,indicator_description,weight \n" +
" from hr_kpi_scheme_indicator " + " from hr_kpi_scheme_indicator " +
" where scheme_id='"+kpi_scheme+"' " + " where scheme_id=? " +
" and indicator_mode='quantify'\n" + " and indicator_mode='quantify'\n" +
" and status='on' " + " and status='on' " +
" and delete_type = '0'" + " and delete_type = '0'" +
" and tenant_key = '"+tenant_key+"'" ; " and tenant_key = ?" ;
log.error("sql2:"+sql); log.error("sql2:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(kpi_scheme);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
log.error("recordList:"+recordList.size()); log.error("recordList:"+recordList.size());
@ -141,13 +158,13 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in( " + " where kpi_details in( " +
" select id\n" + " select id\n" +
" from hr_kpi_details " + " from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" + " where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" + " and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" + " and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" + " and DELETE_TYPE = 0" +
" )\n" + " )\n" +
" and module = 'kpiSchemeSetting'\n" + " and module = 'kpiSchemeSetting'\n" +
" and tenant_key = '"+tenant_key+"'\n" + " and tenant_key = ?\n" +
" and delete_type = '0'\n" + " and delete_type = '0'\n" +
" and property in('weight', 'describe', 'type')\n" + " and property in('weight', 'describe', 'type')\n" +
" and data_row in ( \n" + " and data_row in ( \n" +
@ -158,21 +175,34 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in ( " + " where kpi_details in ( " +
" select id\n" + " select id\n" +
" from hr_kpi_details " + " from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" + " where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" + " and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" + " and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" + " and DELETE_TYPE = 0" +
" )\n" + " )\n" +
" and PROPERTY = 'weight'\n" + " and PROPERTY = 'weight'\n" +
" and MODULE = 'kpiSchemeSetting'\n" + " and MODULE = 'kpiSchemeSetting'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" + " and TENANT_KEY = ?\n" +
" and DELETE_TYPE = '0'\n" + " and DELETE_TYPE = '0'\n" +
" order by name desc\n" + " order by name desc\n" +
" ) w limit 1 \n" + " ) w limit 1 \n" +
" ) p\n" + " ) p\n" +
" )"; " )";
log.error("sql3:"+sql); log.error("sql3:"+sql);
Map<String, Object> result2 = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist2 = new ArrayList<>(100);
strlist2.add(kpi_scheme);
strlist2.add(tenant_key);
strlist2.add(tenant_key);
strlist2.add(kpi_scheme);
strlist2.add(tenant_key);
strlist2.add(tenant_key);
List<SqlParamEntity> sqlparam2 = databaseUtils.getSqlParamEntity(strlist2);
Map<String, Object> result2 = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam2);
List<Map<String,Object>> recordList2 = databaseUtils.getDataSourceList(result2); List<Map<String,Object>> recordList2 = databaseUtils.getDataSourceList(result2);
log.error("recordList2:"+recordList2.size()); log.error("recordList2:"+recordList2.size());
for(int i=0;i<recordList2.size();i++){ for(int i=0;i<recordList2.size();i++){
@ -206,19 +236,28 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in( " + " where kpi_details in( " +
" select id\n" + " select id\n" +
" from hr_kpi_details " + " from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" + " where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" + " and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" + " and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" + " and DELETE_TYPE = 0" +
" )\n" + " )\n" +
" and PROPERTY = 'weight'\n" + " and PROPERTY = 'weight'\n" +
" and MODULE = 'kpiSchemeSetting'\n" + " and MODULE = 'kpiSchemeSetting'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" + " and TENANT_KEY = ?\n" +
" and DELETE_TYPE = '0'\n" + " and DELETE_TYPE = '0'\n" +
" order by name desc\n" + " order by name desc\n" +
") w limit 2" ; ") w limit 2" ;
log.error("sql4:"+sql); log.error("sql4:"+sql);
Map<String, Object> result3 = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist3 = new ArrayList<>(100);
strlist3.add(kpi_scheme);
strlist3.add(tenant_key);
strlist3.add(tenant_key);
List<SqlParamEntity> sqlparam3 = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result3 = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam3);
List<Map<String,Object>> recordList3 = databaseUtils.getDataSourceList(result3); List<Map<String,Object>> recordList3 = databaseUtils.getDataSourceList(result3);
for(int k=0;k<recordList3.size();k++){ for(int k=0;k<recordList3.size();k++){
Map<String,Object> recordMap3 = recordList3.get(k); Map<String,Object> recordMap3 = recordList3.get(k);
@ -232,20 +271,29 @@ public class PortalPerformanceInfoCmd {
" where kpi_details in( " + " where kpi_details in( " +
" select id\n" + " select id\n" +
" from hr_kpi_details " + " from hr_kpi_details " +
" where KPI_SCHEME='"+kpi_scheme+"'\n" + " where KPI_SCHEME=?\n" +
" and MODULE='kpiSchemeSetting'\n" + " and MODULE='kpiSchemeSetting'\n" +
" and TENANT_KEY='"+tenant_key+"'\n" + " and TENANT_KEY=?\n" +
" and DELETE_TYPE = 0" + " and DELETE_TYPE = 0" +
" )\n" + " )\n" +
" and MODULE = 'kpiSchemeSetting'\n" + " and MODULE = 'kpiSchemeSetting'\n" +
" and TENANT_KEY = '"+tenant_key+"'\n" + " and TENANT_KEY = ?\n" +
" and DELETE_TYPE = '0'\n" + " and DELETE_TYPE = '0'\n" +
" and property in('weight', 'describe', 'type')\n" + " and property in('weight', 'describe', 'type')\n" +
" and data_row in("+data_row+")" ; " and data_row in(?)" ;
log.error("sql5:"+sql); log.error("sql5:"+sql);
Map<String, Object> result2 = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist2 = new ArrayList<>(100);
strlist2.add(kpi_scheme);
strlist2.add(tenant_key);
strlist2.add(tenant_key);
strlist2.add(data_row);
List<SqlParamEntity> sqlparam2 = databaseUtils.getSqlParamEntity(strlist2);
Map<String, Object> result2 = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam2);
List<Map<String,Object>> recordList2 = databaseUtils.getDataSourceList(result2); List<Map<String,Object>> recordList2 = databaseUtils.getDataSourceList(result2);
for(int i=0;i<recordList2.size();i++){ for(int i=0;i<recordList2.size();i++){
@ -299,20 +347,30 @@ public class PortalPerformanceInfoCmd {
} }
String sql =" select score from hr_kpi_flow " + String sql =" select score from hr_kpi_flow " +
" where kpi_user='"+employeeId+"' " + " where kpi_user=? " +
" and left(real_period,10) >= '" +startDay+"'" + " and left(real_period,10) >= ?" +
" and left(real_period,10) <='" + endDay +"'" + " and left(real_period,10) <=?" +
" and module = 'kpiFlow'" + " and module = 'kpiFlow'" +
" and date_type = 'month'" + " and date_type = 'month'" +
" and flow_status in('noApprove','approve','finished') \n" + " and flow_status in('noApprove','approve','finished') \n" +
" and delete_type = '0'" + " and delete_type = '0'" +
" and tenant_key='"+tenant_key+"' " ; " and tenant_key=? " ;
log.error("getWholeYearKpi2-sql:"+sql); log.error("getWholeYearKpi2-sql:"+sql);
dataMap = new HashMap<String,String>(); dataMap = new HashMap<String,String>();
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(employeeId);
strlist.add(startDay+"");
strlist.add(endDay+"");
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(CollectionUtils.isNotEmpty(recordList)){ if(CollectionUtils.isNotEmpty(recordList)){
Map<String,Object> recordMap = recordList.get(0); Map<String,Object> recordMap = recordList.get(0);

28
src/main/java/com/weaver/seconddev/jcldoor/cmd/PortalRiskInfoCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -12,6 +13,7 @@ import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import java.time.LocalDate; import java.time.LocalDate;
import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
@ -83,16 +85,16 @@ public class PortalRiskInfoCmd {
" SELECT t.riskid,t.risk_value,t.tenant_key,t.userid\n" + " SELECT t.riskid,t.risk_value,t.tenant_key,t.userid\n" +
" FROM pr_indrisk_data t \n" + " FROM pr_indrisk_data t \n" +
" WHERE t.delete_type = 0 \n" + " WHERE t.delete_type = 0 \n" +
" AND t.tenant_key = '"+tenant_key+"'\n" + " AND t.tenant_key = ?\n" +
" AND t.risk_date >= '"+startDay+"'\n" + " AND t.risk_date >= ?\n" +
" AND t.userid = '"+employeeId+"'\n" + " AND t.userid = ?\n" +
" union all\n" + " union all\n" +
" SELECT t.riskid,t.risk_value,t.tenant_key,t.userid \n" + " SELECT t.riskid,t.risk_value,t.tenant_key,t.userid \n" +
" FROM pr_indrisk_data t \n" + " FROM pr_indrisk_data t \n" +
" WHERE t.delete_type = 0 \n" + " WHERE t.delete_type = 0 \n" +
" AND t.tenant_key = '"+tenant_key+"' \n" + " AND t.tenant_key = ? \n" +
" AND t.risk_date >= '"+startDay+"' \n" + " AND t.risk_date >= ? \n" +
" AND t.userid IN (select cid from eteams.emp_link where pid= '"+employeeId+"' and relation = 'senior') \n" + " AND t.userid IN (select cid from eteams.emp_link where pid= ? and relation = 'senior') \n" +
" ) k \n" + " ) k \n" +
" GROUP BY k.riskid,\n" + " GROUP BY k.riskid,\n" +
" k.risk_value,\n" + " k.risk_value,\n" +
@ -111,7 +113,19 @@ public class PortalRiskInfoCmd {
log.error("PortalRiskInfoCmd:"+sql); log.error("PortalRiskInfoCmd:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(tenant_key);
strlist.add(startDay+"");
strlist.add(employeeId+"");
strlist.add(tenant_key);
strlist.add(startDay+"");
strlist.add(employeeId+"");
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
for(int i=0;i<recordList.size();i++){ for(int i=0;i<recordList.size();i++){
Map<String,Object> recordMap2 = recordList.get(i); Map<String,Object> recordMap2 = recordList.get(i);

57
src/main/java/com/weaver/seconddev/jcldoor/cmd/ProjectAcceptanceInfoCmd.java
Unescape Escape View File

@ -1,6 +1,7 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -67,24 +68,48 @@ public class ProjectAcceptanceInfoCmd {
" CONVERT(ifnull(sum(cast(t1.htyxje as decimal(18,2))),0),CHAR) as htyxje," + " CONVERT(ifnull(sum(cast(t1.htyxje as decimal(18,2))),0),CHAR) as htyxje," +
" CONVERT(ifnull(sum(cast(t1.sumsk as decimal(18,2))),0),CHAR) as sumsk " + " CONVERT(ifnull(sum(cast(t1.sumsk as decimal(18,2))),0),CHAR) as sumsk " +
" from uf_jxhs_xmys t1 \n" + " from uf_jxhs_xmys t1 \n" +
" where t1.ysrq>='" +startday+"' and t1.ysrq<='"+endday+"' " + " where t1.ysrq>=? and t1.ysrq<=? " +
" and ( t1.qyjl = '"+employeeId+"' "+ " and ( t1.qyjl = ? "+
" or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.ysry = '"+employeeId+"'\n" + " or t1.ysry = ?\n" +
" or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqfzr = '"+employeeId+"'\n" + " or t1.dqfzr = ?\n" +
" or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdjl = '"+employeeId+"'\n" + " or t1.tdjl = ?\n" +
" or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdfzr = '"+employeeId+"'\n" + " or t1.tdfzr = ?\n" +
" or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.jgfzr = '"+employeeId+"'\n" + " or t1.jgfzr = ?\n" +
" or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqzj = '"+employeeId+"'\n" + " or t1.dqzj = ?\n" +
" or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"') " + " or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?) " +
" ) " ; " ) " ;
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
dataMap.put("datas",recordList.get(0)); dataMap.put("datas",recordList.get(0));

96
src/main/java/com/weaver/seconddev/jcldoor/cmd/ProjectCollaborationInfoCmd.java
Unescape Escape View File

@ -1,5 +1,6 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -82,24 +83,46 @@ public class ProjectCollaborationInfoCmd {
" CONVERT(ifnull(sum(cast(t1.htyxje as decimal(18,2))),0),CHAR) as htyxje," + " CONVERT(ifnull(sum(cast(t1.htyxje as decimal(18,2))),0),CHAR) as htyxje," +
" CONVERT(ifnull(sum(cast(t1.sumsk as decimal(18,2))),0),CHAR) as sumsk " + " CONVERT(ifnull(sum(cast(t1.sumsk as decimal(18,2))),0),CHAR) as sumsk " +
" from uf_jxhs_xmys t1 \n" + " from uf_jxhs_xmys t1 \n" +
" where t1.ysrq>='" +startday+"' and t1.ysrq<='"+endday+"' " + " where t1.ysrq>=? and t1.ysrq<=? " +
" and ( t1.qyjl = '"+employeeId+"' "+ " and ( t1.qyjl = ? "+
" or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.qyjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.ysry = '"+employeeId+"'\n" + " or t1.ysry = ?\n" +
" or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.ysry in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqfzr = '"+employeeId+"'\n" + " or t1.dqfzr = ?\n" +
" or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.dqfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdjl = '"+employeeId+"'\n" + " or t1.tdjl = ?\n" +
" or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.tdjl in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.tdfzr = '"+employeeId+"'\n" + " or t1.tdfzr = ?\n" +
" or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.tdfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.jgfzr = '"+employeeId+"'\n" + " or t1.jgfzr = ?\n" +
" or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"')\n" + " or t1.jgfzr in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?)\n" +
" or t1.dqzj = '"+employeeId+"'\n" + " or t1.dqzj = ?\n" +
" or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= '"+employeeId+"') " + " or t1.dqzj in (select cid from eteams.EMP_LINK where RELATION in ('othersenior','senior') and pid= ?) " +
" ) " ; " ) " ;
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql); List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
dataMap.put("datas",recordList.get(0)); dataMap.put("datas",recordList.get(0));
@ -152,34 +175,53 @@ public class ProjectCollaborationInfoCmd {
" LEFT JOIN ebdf_physical_data epd on t1.id = epd.form_data_id and epd.delete_type = 0 \n" + " LEFT JOIN ebdf_physical_data epd on t1.id = epd.form_data_id and epd.delete_type = 0 \n" +
" WHERE t1.skje != 0 \n" + " WHERE t1.skje != 0 \n" +
" and t1.skje IS NOT NULL " + " and t1.skje IS NOT NULL " +
" and t1.xshsny >= '" + startday+"' and t1.xshsny <='"+endday+"' "+ " and t1.xshsny >= ? and t1.xshsny <=? "+
" and (" + " and (" +
" '"+employeeId+"' IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" + " ? IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" +
" or cast(t1.xsjl AS decimal(25,0)) in( \n" + " or cast(t1.xsjl AS decimal(25,0)) in( \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" or cast(t1.kfry AS decimal(25,0)) in(\n" + " or cast(t1.kfry AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" or cast(t1.qdjl AS decimal(25,0)) in(\n" + " or cast(t1.qdjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" or cast(t1.xmjl AS decimal(25,0)) in(\n" + " or cast(t1.xmjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" )\n" + " )\n" +
" order by t1.id " ; " order by t1.id " ;
log.error("PorojectReceiptsInfoCmd sql:"+sql); log.error("PorojectReceiptsInfoCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
;
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(!CollectionUtils.isEmpty(recordList)){ if(!CollectionUtils.isEmpty(recordList)){
dataMap.put("datas",recordList.get(0)); dataMap.put("datas",recordList.get(0));

42
src/main/java/com/weaver/seconddev/jcldoor/cmd/ProjectReceiptsInfoCmd.java
Unescape Escape View File

@ -1,6 +1,7 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
import com.weaver.teams.domain.user.SimpleEmployee; import com.weaver.teams.domain.user.SimpleEmployee;
import com.weaver.teams.security.context.UserContext; import com.weaver.teams.security.context.UserContext;
@ -76,34 +77,53 @@ public class ProjectReceiptsInfoCmd {
" LEFT JOIN ebdf_physical_data epd on t1.id = epd.form_data_id and epd.delete_type = 0 \n" + " LEFT JOIN ebdf_physical_data epd on t1.id = epd.form_data_id and epd.delete_type = 0 \n" +
" WHERE t1.skje != 0 \n" + " WHERE t1.skje != 0 \n" +
" and t1.skje IS NOT NULL " + " and t1.skje IS NOT NULL " +
" and t1.xshsny >= '" + startday+"' and t1.xshsny <='"+endday+"' "+ " and t1.xshsny >= ? and t1.xshsny <=? "+
" and (" + " and (" +
" '"+employeeId+"' IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" + " ? IN ( 2, 27, 166, 10285, 11661, 300, 876, 3593, 1416, 1647, 1844,3044480226941419013,794508876297846787 ) \n" +
" or cast(t1.xsjl AS decimal(25,0)) in( \n" + " or cast(t1.xsjl AS decimal(25,0)) in( \n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" or cast(t1.kfry AS decimal(25,0)) in(\n" + " or cast(t1.kfry AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" or cast(t1.qdjl AS decimal(25,0)) in(\n" + " or cast(t1.qdjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" or cast(t1.xmjl AS decimal(25,0)) in(\n" + " or cast(t1.xmjl AS decimal(25,0)) in(\n" +
" SELECT cid AS id FROM eteams.emp_link WHERE pid = '"+employeeId+"' and RELATION in ('othersenior','senior') \n" + " SELECT cid AS id FROM eteams.emp_link WHERE pid = ? and RELATION in ('othersenior','senior') \n" +
" UNION " + " UNION " +
" SELECT id FROM eteams.employee WHERE id = '"+employeeId+"' " + " SELECT id FROM eteams.employee WHERE id = ? " +
" )\n" + " )\n" +
" )\n" + " )\n" +
" order by t1.id " ; " order by t1.id " ;
log.error("PorojectReceiptsInfoCmd sql:"+sql); log.error("PorojectReceiptsInfoCmd sql:"+sql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, sql);
List<String> strlist = new ArrayList<>(100);
strlist.add(startday);
strlist.add(endday);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
strlist.add(employeeId);
;
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, sql,sqlparam);
List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String,Object>> recordList = databaseUtils.getDataSourceList(result);
if(!CollectionUtils.isEmpty(recordList)){ if(!CollectionUtils.isEmpty(recordList)){
dataMap.put("datas",recordList.get(0)); dataMap.put("datas",recordList.get(0));

20
src/main/java/com/weaver/seconddev/jcldoor/cmd/UserInfoCmd.java
Unescape Escape View File

@ -1,6 +1,7 @@
package com.weaver.seconddev.jcldoor.cmd; package com.weaver.seconddev.jcldoor.cmd;
import com.weaver.common.base.entity.result.WeaResult; import com.weaver.common.base.entity.result.WeaResult;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.framework.rpc.annotation.RpcReference; import com.weaver.framework.rpc.annotation.RpcReference;
import com.weaver.seconddev.jcldoor.util.CommonUtils; import com.weaver.seconddev.jcldoor.util.CommonUtils;
import com.weaver.seconddev.jcldoor.util.DatabaseUtils; import com.weaver.seconddev.jcldoor.util.DatabaseUtils;
@ -19,10 +20,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import java.text.ParseException; import java.text.ParseException;
import java.text.SimpleDateFormat; import java.text.SimpleDateFormat;
import java.util.Date; import java.util.*;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/** /**
* *
@ -83,13 +81,21 @@ public class UserInfoCmd {
" left join eteams.department b on a.department = b.id " + " left join eteams.department b on a.department = b.id " +
" left join eteams.position c on c.id = a.position " + " left join eteams.position c on c.id = a.position " +
"where " + "where " +
" a.id = '" + userid + "' " + " a.id = ? " +
" and a.tenant_key = '" + tenant_key + "' " + " and a.tenant_key = ? " +
" and a.status = 'normal' " + " and a.status = 'normal' " +
" and a.type = 'inside'"; " and a.type = 'inside'";
log.error("getuserIfo--dataSql:" + dataSql); log.error("getuserIfo--dataSql:" + dataSql);
Map<String, Object> result = databaseUtils.execute(sourceType, groupId, dataSql);
List<String> strlist = new ArrayList<>(100);
strlist.add(userid);
strlist.add(tenant_key);
List<SqlParamEntity> sqlparam = databaseUtils.getSqlParamEntity(strlist);
Map<String, Object> result = databaseUtils.executeForQuery(sourceType, groupId, dataSql,sqlparam);
List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result); List<Map<String, Object>> recordList = databaseUtils.getDataSourceList(result);
if (CollectionUtils.isNotEmpty(recordList)) { if (CollectionUtils.isNotEmpty(recordList)) {
recordMap = recordList.get(0); recordMap = recordList.get(0);

17
src/main/java/com/weaver/seconddev/jcldoor/util/DatabaseUtils.java
Unescape Escape View File

@ -4,6 +4,7 @@ import cn.hutool.core.codec.Base64;
import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.collection.CollectionUtil;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity; import com.weaver.ebuilder.datasource.api.entity.SqlParamEntity;
import com.weaver.ebuilder.datasource.api.enums.SqlParamType;
import com.weaver.ebuilder.datasource.api.query.dto.dw.DynamicParamDto; import com.weaver.ebuilder.datasource.api.query.dto.dw.DynamicParamDto;
import com.weaver.ebuilder.datasource.api.query.dto.dw.FieldQuery; import com.weaver.ebuilder.datasource.api.query.dto.dw.FieldQuery;
import com.weaver.ebuilder.datasource.api.query.dto.dw.GroupQuery; import com.weaver.ebuilder.datasource.api.query.dto.dw.GroupQuery;
@ -273,4 +274,20 @@ public class DatabaseUtils {
return new StringBuffer().append(sql).append( return new StringBuffer().append(sql).append(
" LIMIT "+start+","+(end-start)).toString(); " LIMIT "+start+","+(end-start)).toString();
} }
/**
* sql
* @param list
* @return
*/
public List<SqlParamEntity> getSqlParamEntity(List<String> list){
List<SqlParamEntity> sqlparam = new ArrayList<SqlParamEntity>();
for (String str : list){
SqlParamEntity sqlParamEntity = new SqlParamEntity();
sqlParamEntity.setParamType(SqlParamType.VARCHAR);
sqlParamEntity.setValue(str);
sqlparam.add(sqlParamEntity);
}
return sqlparam;
}
} }

Write Preview
Loading…
Cancel
Save