bonus
/
cqdevicemgt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

VUL-009420 施工装备-结算信息月结记录导出明细表越权

This commit is contained in:
sxu 2024-10-10 10:34:08 +08:00
parent dd9ff8419f
commit 108299e461
2 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
View File

@ -62,10 +62,8 @@ public class PreAuthorizeAspect
//获取请求参数 //获取请求参数
boolean needPermission = true; boolean needPermission = true;
Object[] args = joinPoint.getArgs(); Object[] args = joinPoint.getArgs();
String argStr = JSON.toJSONString(args); for (int i = 0; i < args.length; i++) {
JSONArray jsonArray = JSONUtil.parseArray(argStr); Object obj = args[i];
for (int i = 0; i < jsonArray.size(); i++) {
Object obj = jsonArray.getObj(i);
if (Objects.nonNull(obj) && obj instanceof JSONObject) { if (Objects.nonNull(obj) && obj instanceof JSONObject) {
JSONObject jsonObject = (JSONObject) obj; JSONObject jsonObject = (JSONObject) obj;
if ("1".equals(jsonObject.getStr("skipPermission"))) { if ("1".equals(jsonObject.getStr("skipPermission"))) {

10
sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/material/controller/SltAgreementInfoController.java
View File

@ -21,6 +21,7 @@ import com.bonus.sgzb.material.service.SltAgreementInfoService;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource; import javax.annotation.Resource;
@ -99,7 +100,7 @@ public class SltAgreementInfoController extends BaseController {
} }
}*/ }*/
// @RequiresPermissions("cost:settlement:export") @RequiresPermissions("cost:settlement:export")
@ApiOperation(value = "月结明细导出") @ApiOperation(value = "月结明细导出")
@PostMapping("/exportSltInfoMonth") @PostMapping("/exportSltInfoMonth")
public void exportSltInfoMonth(HttpServletResponse response, @RequestBody List<AgreementInfo> list) throws IOException { public void exportSltInfoMonth(HttpServletResponse response, @RequestBody List<AgreementInfo> list) throws IOException {
@ -309,8 +310,11 @@ public class SltAgreementInfoController extends BaseController {
ExcelWriter excelWriter = EasyExcel.write(response.getOutputStream(), MonthRepairInfo.class).build(); ExcelWriter excelWriter = EasyExcel.write(response.getOutputStream(), MonthRepairInfo.class).build();
for (int i = 0; i < lists.size(); i++) { for (int i = 0; i < lists.size(); i++) {
WriteSheet writeSheet = EasyExcel.writerSheet(lists.get(i).get(0).getProjectName()).build(); List<MonthRepairInfo> monthRepairInfoList = lists.get(i);
excelWriter.write(lists.get(i), writeSheet); if (!CollectionUtils.isEmpty(monthRepairInfoList)) {
WriteSheet writeSheet = EasyExcel.writerSheet(monthRepairInfoList.get(0).getProjectName()).build();
excelWriter.write(monthRepairInfoList, writeSheet);
}
} }
// 关闭写入器 // 关闭写入器