qt
/
weaver-hrm-salary
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

人员属性扩展

This commit is contained in:
钱涛 2023-11-07 19:06:43 +08:00
parent 5f371a8e58
commit bcee3c5e5a
10 changed files with 123 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/com/engine/salary/entity/hrm/dto/EmployeeInfoExpandDTO.java
View File

@ -1,5 +1,8 @@
package com.engine.salary.entity.hrm.dto;
import com.engine.salary.util.valid.Modify;
import com.engine.salary.util.valid.ModifyTypeEnum;
import com.engine.salary.util.valid.ValueTypeEnum;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
@ -38,11 +41,13 @@ public class EmployeeInfoExpandDTO {
/**
* sql
*/
@Modify(modifyType = ModifyTypeEnum.RESTORE_SQL)
private String expandSql;
/**
* 字段设置
*/
@Modify(valueType = ValueTypeEnum.ARRAY)
private List<FieldSetting> fieldSettings;
}

2
src/com/engine/salary/entity/hrm/dto/FieldSetting.java
View File

@ -1,5 +1,6 @@
package com.engine.salary.entity.hrm.dto;
import com.engine.salary.util.valid.Modify;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
@ -14,6 +15,7 @@ public class FieldSetting {
/**
* 字段
*/
@Modify()
private String field;
/**

3
src/com/engine/salary/entity/salaryformula/param/SalaryFormulaSaveParam.java
View File

@ -2,6 +2,8 @@ package com.engine.salary.entity.salaryformula.param;
import com.engine.salary.entity.salaryformula.po.FormulaVar;
import com.engine.salary.util.valid.DataCheck;
import com.engine.salary.util.valid.Modify;
import com.engine.salary.util.valid.ModifyTypeEnum;
import com.engine.salary.util.valid.RuntimeTypeEnum;
import lombok.AllArgsConstructor;
import lombok.Builder;
@ -61,6 +63,7 @@ public class SalaryFormulaSaveParam {
* 公式内容
*/
@DataCheck(require = true,message = "公式内容为空")
@Modify(modifyType = ModifyTypeEnum.RESTORE_SQL)
private String formula;

5
src/com/engine/salary/report/wrapper/SalaryStatisticsDimensionWrapper.java
View File

@ -23,9 +23,9 @@ import com.engine.salary.service.SalaryItemService;
import com.engine.salary.service.impl.SalaryItemServiceImpl;
import com.engine.salary.util.JsonUtil;
import com.engine.salary.util.SalaryI18nUtil;
import com.engine.salary.util.XssSQL;
import com.engine.salary.util.page.PageInfo;
import com.engine.salary.util.page.SalaryPageUtil;
import com.engine.salary.util.valid.ValidUtil;
import com.google.common.collect.Lists;
import org.apache.commons.collections4.CollectionUtils;
import weaver.hrm.User;
@ -196,7 +196,8 @@ public class SalaryStatisticsDimensionWrapper extends Service {
* @return
*/
public void saveExpandFieldSettings(EmployeeInfoExpandDTO saveParam) {
saveParam.setExpandSql(XssSQL.handleXSSContent(saveParam.getExpandSql()));
ValidUtil.modify(saveParam);
// Optional.ofNullable(saveParam.getFieldSettings()).orElse(new ArrayList<>()).forEach(fieldSetting -> fieldSetting.setField(fieldSetting.getField().trim()));
salaryStatisticsDimensionService(user).saveExpandFieldSettings(saveParam);
}

19
src/com/engine/salary/service/impl/SalaryFormulaServiceImpl.java
View File

@ -119,24 +119,7 @@ public class SalaryFormulaServiceImpl extends Service implements SalaryFormulaSe
}
//将select因XSS过滤造成的异常字符转换回来
param.setFormula(param.getFormula().replaceAll("", "select"));
param.setFormula(param.getFormula().replaceAll("", "SELECT"));
param.setFormula(param.getFormula().replaceAll("", "join"));
param.setFormula(param.getFormula().replaceAll("", "JOIN"));
param.setFormula(param.getFormula().replaceAll("", "and"));
param.setFormula(param.getFormula().replaceAll("", "AND"));
param.setFormula(param.getFormula().replaceAll("", "or"));
param.setFormula(param.getFormula().replaceAll("", "OR"));
param.setFormula(param.getFormula().replaceAll("", "in"));
param.setFormula(param.getFormula().replaceAll("", "IN"));
param.setFormula(param.getFormula().replaceAll("", "like"));
param.setFormula(param.getFormula().replaceAll("", "like"));
param.setFormula(param.getFormula().replaceAll("", "exists"));
param.setFormula(param.getFormula().replaceAll("", "EXISTS"));
param.setFormula(param.getFormula().replaceAll("", "between"));
param.setFormula(param.getFormula().replaceAll("", "BETWEEN"));
param.setFormula(param.getFormula().replaceAll("", "union"));
param.setFormula(param.getFormula().replaceAll("", "UNION"));
ValidUtil.modify(param);
// 解析公式中的参数
if (ReferenceTypeEnum.parseByValue(param.getReferenceType()) == ReferenceTypeEnum.FORMULA) {

25
src/com/engine/salary/util/XssSQL.java
View File

@ -1,25 +0,0 @@
package com.engine.salary.util;
public class XssSQL {
public static String handleXSSContent(String xss) {
return xss.replace("", "select")
.replace("", "SELECT")
.replace("", "join")
.replace("", "JOIN")
.replace("", "and")
.replace("", "AND")
.replace("", "or")
.replace("", "OR")
.replace("", "in")
.replace("", "IN")
.replace("", "like")
.replace("", "like")
.replace("", "exists")
.replace("", "EXISTS")
.replace("", "between")
.replace("", "BETWEEN")
.replace("", "union")
.replace("", "UNION");
}
}

15
src/com/engine/salary/util/valid/Modify.java Normal file
View File

@ -0,0 +1,15 @@
package com.engine.salary.util.valid;
import java.lang.annotation.*;
/**
* 数据参数合法性注解
*/
@Target(ElementType.FIELD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Modify {
ModifyTypeEnum[] modifyType() default ModifyTypeEnum.TRIM;
ValueTypeEnum valueType() default ValueTypeEnum.STRING;
}

13
src/com/engine/salary/util/valid/ModifyTypeEnum.java Normal file
View File

@ -0,0 +1,13 @@
package com.engine.salary.util.valid;
/**
* 修改参数值
* <p>Copyright: Copyright (c) 2022</p>
* <p>Company: 泛微软件</p>
*
* @author qiantao
* @version 1.0
**/
public enum ModifyTypeEnum {
TRIM, RESTORE_SQL
}

68
src/com/engine/salary/util/valid/ValidUtil.java
View File

@ -139,6 +139,21 @@ public class ValidUtil {
return value;
}
private static <T> void setValue(T t, String fieldName, Object value) {
try {
BeanInfo beanInfo = Introspector.getBeanInfo(t.getClass());
PropertyDescriptor[] props = beanInfo.getPropertyDescriptors();
for (PropertyDescriptor property : props) {
if (fieldName.equals(property.getName())) {
Method method = property.getWriteMethod();
method.invoke(t, value);
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
private static boolean notNull(Object value) {
if (null == value) {
return false;
@ -184,4 +199,57 @@ public class ValidUtil {
return convertSuccess;
}
public static <T> void modify(T t) {
Class<?> clazz = t.getClass();
Field[] fields = clazz.getDeclaredFields();
for (Field field : fields) {
Modify rule = field.getDeclaredAnnotation(Modify.class);
if (null == rule) {
continue;
}
ModifyTypeEnum[] modifyTypeEnums = rule.modifyType();
ValueTypeEnum valueTypeEnum = rule.valueType();
for (int i = 0; i < modifyTypeEnums.length; i++) {
Object value = getValue(t, field.getName());
if (valueTypeEnum == ValueTypeEnum.STRING) {
String result = value.toString();
if (modifyTypeEnums[i] == ModifyTypeEnum.TRIM) {
result = result.trim();
}
if (modifyTypeEnums[i] == ModifyTypeEnum.RESTORE_SQL) {
result = result.replace("", "select")
.replace("", "SELECT")
.replace("", "join")
.replace("", "JOIN")
.replace("", "and")
.replace("", "AND")
.replace("", "or")
.replace("", "OR")
.replace("", "in")
.replace("", "IN")
.replace("", "like")
.replace("", "like")
.replace("", "exists")
.replace("", "EXISTS")
.replace("", "between")
.replace("", "BETWEEN")
.replace("", "union")
.replace("", "UNION");
}
setValue(t, field.getName(), result);
} else if (valueTypeEnum == ValueTypeEnum.OBJECT) {
modify(value);
} else if (valueTypeEnum == ValueTypeEnum.ARRAY) {
Collection list = (Collection) value;
list.forEach(l -> modify(l));
}
}
}
}
}

13
src/com/engine/salary/util/valid/ValueTypeEnum.java Normal file
View File

@ -0,0 +1,13 @@
package com.engine.salary.util.valid;
/**
* 值类型
* <p>Copyright: Copyright (c) 2022</p>
* <p>Company: 泛微软件</p>
*
* @author qiantao
* @version 1.0
**/
public enum ValueTypeEnum {
STRING, OBJECT,ARRAY
}