漏洞修复
This commit is contained in:
parent
aae65458d7
commit
61f8f72ebd
|
|
@ -21,12 +21,12 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
<result property="updateBy" column="update_by" />
|
||||
<result property="updateTime" column="update_time" />
|
||||
</resultMap>
|
||||
|
||||
|
||||
<sql id="selectDeptVo">
|
||||
select d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time
|
||||
select d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status, d.del_flag, d.create_by, d.create_time
|
||||
from sys_dept d
|
||||
</sql>
|
||||
|
||||
|
||||
<select id="selectDeptList" parameterType="SysDept" resultMap="SysDeptResult">
|
||||
<include refid="selectDeptVo"/>
|
||||
where d.del_flag = '0'
|
||||
|
|
@ -43,10 +43,10 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
AND status = #{status}
|
||||
</if>
|
||||
<!-- 数据范围过滤 -->
|
||||
${params.dataScope}
|
||||
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
|
||||
order by d.parent_id, d.order_num
|
||||
</select>
|
||||
|
||||
|
||||
<select id="selectDeptListByRoleId" resultType="Long">
|
||||
select d.dept_id
|
||||
from sys_dept d
|
||||
|
|
@ -57,34 +57,34 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
</if>
|
||||
order by d.parent_id, d.order_num
|
||||
</select>
|
||||
|
||||
|
||||
<select id="selectDeptById" parameterType="Long" resultMap="SysDeptResult">
|
||||
<include refid="selectDeptVo"/>
|
||||
where dept_id = #{deptId}
|
||||
</select>
|
||||
|
||||
|
||||
<select id="checkDeptExistUser" parameterType="Long" resultType="int">
|
||||
select count(1) from sys_user where dept_id = #{deptId} and del_flag = '0'
|
||||
</select>
|
||||
|
||||
|
||||
<select id="hasChildByDeptId" parameterType="Long" resultType="int">
|
||||
select count(1) from sys_dept
|
||||
where del_flag = '0' and parent_id = #{deptId} limit 1
|
||||
</select>
|
||||
|
||||
|
||||
<select id="selectChildrenDeptById" parameterType="Long" resultMap="SysDeptResult">
|
||||
select * from sys_dept where find_in_set(#{deptId}, ancestors)
|
||||
</select>
|
||||
|
||||
|
||||
<select id="selectNormalChildrenDeptById" parameterType="Long" resultType="int">
|
||||
select count(*) from sys_dept where status = 0 and del_flag = '0' and find_in_set(#{deptId}, ancestors)
|
||||
</select>
|
||||
|
||||
|
||||
<select id="checkDeptNameUnique" resultMap="SysDeptResult">
|
||||
<include refid="selectDeptVo"/>
|
||||
where dept_name=#{deptName} and parent_id = #{parentId} and del_flag = '0' limit 1
|
||||
</select>
|
||||
|
||||
|
||||
<insert id="insertDept" parameterType="SysDept">
|
||||
insert into sys_dept(
|
||||
<if test="deptId != null and deptId != 0">dept_id,</if>
|
||||
|
|
@ -112,7 +112,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
sysdate()
|
||||
)
|
||||
</insert>
|
||||
|
||||
|
||||
<update id="updateDept" parameterType="SysDept">
|
||||
update sys_dept
|
||||
<set>
|
||||
|
|
@ -129,7 +129,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
</set>
|
||||
where dept_id = #{deptId}
|
||||
</update>
|
||||
|
||||
|
||||
<update id="updateDeptChildren" parameterType="java.util.List">
|
||||
update sys_dept set ancestors =
|
||||
<foreach collection="depts" item="item" index="index"
|
||||
|
|
@ -142,16 +142,16 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
#{item.deptId}
|
||||
</foreach>
|
||||
</update>
|
||||
|
||||
|
||||
<update id="updateDeptStatusNormal" parameterType="Long">
|
||||
update sys_dept set status = '0' where dept_id in
|
||||
update sys_dept set status = '0' where dept_id in
|
||||
<foreach collection="array" item="deptId" open="(" separator="," close=")">
|
||||
#{deptId}
|
||||
</foreach>
|
||||
</update>
|
||||
|
||||
|
||||
<delete id="deleteDeptById" parameterType="Long">
|
||||
update sys_dept set del_flag = '2' where dept_id = #{deptId}
|
||||
</delete>
|
||||
|
||||
</mapper>
|
||||
</mapper>
|
||||
|
|
|
|||
|
|
@ -116,8 +116,8 @@
|
|||
AND (u.dept_id = #{deptId} OR u.dept_id IN ( SELECT t.dept_id FROM sys_dept t WHERE find_in_set(#{deptId},
|
||||
ancestors) ))
|
||||
</if>
|
||||
<!-- 数据范围过滤 -->
|
||||
${params.dataScope}
|
||||
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
|
||||
|
||||
</select>
|
||||
|
||||
<select id="selectAllocatedList" parameterType="SysUser" resultMap="SysUserResult">
|
||||
|
|
@ -134,7 +134,7 @@
|
|||
AND u.phonenumber like concat('%', #{phonenumber}, '%')
|
||||
</if>
|
||||
<!-- 数据范围过滤 -->
|
||||
${params.dataScope}
|
||||
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
|
||||
</select>
|
||||
|
||||
<select id="selectUnallocatedList" parameterType="SysUser" resultMap="SysUserResult">
|
||||
|
|
@ -153,7 +153,7 @@
|
|||
AND u.phonenumber like concat('%', #{phonenumber}, '%')
|
||||
</if>
|
||||
<!-- 数据范围过滤 -->
|
||||
${params.dataScope}
|
||||
<include refid="com.bonus.system.mapper.DataScopeMapper.dataScopeFilter"/>
|
||||
</select>
|
||||
|
||||
<select id="selectUserByUserName" parameterType="String" resultMap="SysUserResult">
|
||||
|
|
|
|||
Loading…
Reference in New Issue