VUL-009420 施工装备-结算信息月结记录导出明细表越权

2024-10-10 10:34:08 +08:00 · 2024-10-10 10:34:08 +08:00 · 108299e461
parent dd9ff8419f
commit 108299e461
2 changed files with 9 additions and 7 deletions
--- a/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
+++ b/sgzb-common/sgzb-common-security/src/main/java/com/bonus/sgzb/common/security/aspect/PreAuthorizeAspect.java
@ -62,10 +62,8 @@ public class PreAuthorizeAspect
        //获取请求参数
        boolean needPermission = true;
        Object[] args = joinPoint.getArgs();
-        String argStr = JSON.toJSONString(args);
-        JSONArray jsonArray = JSONUtil.parseArray(argStr);
-        for (int i = 0; i < jsonArray.size(); i++) {
-            Object obj = jsonArray.getObj(i);
+        for (int i = 0; i < args.length; i++) {
+            Object obj = args[i];
            if (Objects.nonNull(obj) && obj instanceof JSONObject) {
                JSONObject jsonObject = (JSONObject) obj;
                if ("1".equals(jsonObject.getStr("skipPermission"))) {
--- a/sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/material/controller/SltAgreementInfoController.java
+++ b/sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/material/controller/SltAgreementInfoController.java
@ -21,6 +21,7 @@ import com.bonus.sgzb.material.service.SltAgreementInfoService;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;

 import javax.annotation.Resource;
@ -99,7 +100,7 @@ public class SltAgreementInfoController extends BaseController {
        }
    }*/

-//    @RequiresPermissions("cost:settlement:export")
+    @RequiresPermissions("cost:settlement:export")
    @ApiOperation(value = "月结明细导出")
    @PostMapping("/exportSltInfoMonth")
    public void exportSltInfoMonth(HttpServletResponse response, @RequestBody List<AgreementInfo> list) throws IOException {
@ -309,8 +310,11 @@ public class SltAgreementInfoController extends BaseController {
            ExcelWriter excelWriter = EasyExcel.write(response.getOutputStream(), MonthRepairInfo.class).build();

            for (int i = 0; i < lists.size(); i++) {
-                WriteSheet writeSheet = EasyExcel.writerSheet(lists.get(i).get(0).getProjectName()).build();
-                excelWriter.write(lists.get(i), writeSheet);
+                List<MonthRepairInfo> monthRepairInfoList = lists.get(i);
+                if (!CollectionUtils.isEmpty(monthRepairInfoList)) {
+                    WriteSheet writeSheet = EasyExcel.writerSheet(monthRepairInfoList.get(0).getProjectName()).build();
+                    excelWriter.write(monthRepairInfoList, writeSheet);
+                }
            }

            // 关闭写入器