fg_v2.0.git - Gitblit

			@@ -5,7 +5,9 @@
			import com.whyc.dto.paramter.UserWorkAlarmParam;
			import com.whyc.mapper.UserWorkMapper;
			import com.whyc.mapper.WorkAlarmMapper;
			import com.whyc.pojo.UserInf;
			import com.whyc.pojo.UserWork;
			import com.whyc.util.ActionUtil;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.boot.system.ApplicationHome;
			import org.springframework.core.env.Environment;
			@@ -13,11 +15,14 @@
			import org.springframework.web.multipart.MultipartFile;

			import javax.annotation.Resource;
			import javax.servlet.http.HttpServletRequest;
			import java.io.*;
			import java.text.SimpleDateFormat;
			import java.util.ArrayList;
			import java.util.Date;
			import java.util.LinkedList;
			import java.util.List;
			import java.util.stream.Collectors;

			@Service
			public class UserWorkService {
			@@ -27,6 +32,9 @@
			private WorkAlarmMapper workAlarmMapper;
			@Autowired
			private Environment environment;

			@Autowired
			private BattGroupStationUserService battGroupStationUserService;

			public Response addOrUpdate(UserWork userWork){
			if (userWork.getId()==null \|\| userWork.getId()==0){
			@@ -61,11 +69,11 @@

			public Response searchByCondition(UserWork userWork){
			QueryWrapper<UserWork> queryWrapper = new QueryWrapper<>();
			queryWrapper.eq(userWork.getUserId()!=null\|\|userWork.getUserId()!=0,"userId",userWork.getUserId());
			queryWrapper.eq(userWork.getManagerId()!=null\|\|userWork.getManagerId()!=0,"managerId",userWork.getManagerId());
			queryWrapper.eq(userWork.getWorkId()!=null\|\|userWork.getWorkId()!=0,"workId",userWork.getWorkId());
			queryWrapper.eq(userWork.getUserId() != null && userWork.getUserId() != 0, "userId", userWork.getUserId());
			queryWrapper.eq(userWork.getManagerId() != null && userWork.getManagerId() != 0, "managerId", userWork.getManagerId());
			queryWrapper.eq(userWork.getWorkId() != null && userWork.getWorkId() != 0, "workId", userWork.getWorkId());
			List<UserWork> list = mapper.selectList(queryWrapper);
			return new Response().set(1,list,"查询成功");
			return new Response().set(1, list, "查询成功");
			}


			@@ -82,7 +90,7 @@
			//打包版
			fileDirName = jarFile.toString();
			}
			String root=fileDirName+"/stationsrc/alarm/"+ param.getStationId() + "/" + param.getAfterOrBefore() + "/";
			String root=fileDirName+"/fg_photo/stationsrc/alarm/"+ param.getStationId() + "/" + param.getAfterOrBefore() + "/";
			List<String> filePathList = new ArrayList<>();
			SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmss");
			boolean isSuccess = false;
			@@ -152,7 +160,24 @@
			}


			public Response deleteAlarmFile(String fileNames, int stationId, String afterOrBefore) {
			public Response deleteAlarmFile(String fileNames, int stationId, String afterOrBefore, HttpServletRequest request) {
			//校验传入的stationId是否为当前用户管理的
			UserInf user = (UserInf) request.getSession().getAttribute("user");
			if(user == null){
			user = new UserInf();
			user.setUName("未登录的用户账号");
			user.setUId(0L);
			user.setURole(0);
			}
			List<UserInf> userList = battGroupStationUserService.getUserList(stationId);
			List<Long> userIdList = userList.stream().map(UserInf::getUId).collect(Collectors.toList());
			if(!userIdList.contains(user.getUId())){
			return new Response().set(0, "删除失败,当前用户无权限删除传参站点的文件");
			}

			//过滤特殊字符,避免路径遍历攻击
			fileNames = ActionUtil.filterFileName(fileNames);
			afterOrBefore = ActionUtil.filterFileName(afterOrBefore);
			String names[] = fileNames.split(",");
			String fileDirName = "";
			int configType = Integer.parseInt(environment.getProperty("configFile.type"));
			@@ -165,7 +190,7 @@
			//打包版
			fileDirName = jarFile.toString();
			}
			String root = fileDirName + "/stationsrc/alarm/" + stationId + File.separator + afterOrBefore + File.separator;
			String root = fileDirName + "/fg_photo/stationsrc/alarm/" + stationId + File.separator + afterOrBefore + File.separator;
			for (String name : names) {
			String targetFilePath = root + name;
			File file = new File(targetFilePath);