fg_v2.0.git - Gitblit

			@@ -5,6 +5,7 @@
			import com.whyc.dto.paramter.UserWorkAlarmParam;
			import com.whyc.mapper.UserWorkMapper;
			import com.whyc.mapper.WorkAlarmMapper;
			import com.whyc.pojo.UserInf;
			import com.whyc.pojo.UserWork;
			import com.whyc.util.ActionUtil;
			import org.springframework.beans.factory.annotation.Autowired;
			@@ -14,11 +15,14 @@
			import org.springframework.web.multipart.MultipartFile;

			import javax.annotation.Resource;
			import javax.servlet.http.HttpServletRequest;
			import java.io.*;
			import java.text.SimpleDateFormat;
			import java.util.ArrayList;
			import java.util.Date;
			import java.util.LinkedList;
			import java.util.List;
			import java.util.stream.Collectors;

			@Service
			public class UserWorkService {
			@@ -28,6 +32,9 @@
			private WorkAlarmMapper workAlarmMapper;
			@Autowired
			private Environment environment;

			@Autowired
			private BattGroupStationUserService battGroupStationUserService;

			public Response addOrUpdate(UserWork userWork){
			if (userWork.getId()==null \|\| userWork.getId()==0){
			@@ -153,8 +160,23 @@
			}


			public Response deleteAlarmFile(String fileNames, int stationId, String afterOrBefore) {
			public Response deleteAlarmFile(String fileNames, int stationId, String afterOrBefore, HttpServletRequest request) {
			//校验传入的stationId是否为当前用户管理的
			UserInf user = (UserInf) request.getSession().getAttribute("user");
			if(user == null){
			user = new UserInf();
			user.setUName("未登录的用户账号");
			user.setUId(0L);
			user.setURole(0);
			}
			List<UserInf> userList = battGroupStationUserService.getUserList(stationId);
			List<Long> userIdList = userList.stream().map(UserInf::getUId).collect(Collectors.toList());
			if(!userIdList.contains(user.getUId())){
			return new Response().set(0, "删除失败,当前用户无权限删除传参站点的文件");
			}

			//过滤特殊字符,避免路径遍历攻击
			fileNames = ActionUtil.filterFileName(fileNames);
			afterOrBefore = ActionUtil.filterFileName(afterOrBefore);
			String names[] = fileNames.split(",");
			String fileDirName = "";