diff --git a/sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/app/controller/AppBackApplyController.java b/sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/app/controller/AppBackApplyController.java index 3a7d8ee..b8d7afa 100644 --- a/sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/app/controller/AppBackApplyController.java +++ b/sgzb-modules/sgzb-material/src/main/java/com/bonus/sgzb/app/controller/AppBackApplyController.java @@ -121,6 +121,7 @@ public class AppBackApplyController extends BaseController { */ @Log(title = "退料删除", businessType = BusinessType.QUERY) @PostMapping("del") + @RequiresPermissions("return:apply:del") public AjaxResult del(@RequestBody BackApplyInfo record) { try { int re = backApplyService.del(record); diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysFileController.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysFileController.java index 73d9994..d3b2158 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysFileController.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysFileController.java @@ -45,7 +45,7 @@ public class SysFileController { return AjaxResult.error("上传文件字数超出限制字数!"); } }catch (Exception e){ - e.printStackTrace(); + return AjaxResult.error(e.getMessage()); } if (file != null && file.getId() != 0){ return AjaxResult.success(file); diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/service/impl/SysFileServiceImpl.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/service/impl/SysFileServiceImpl.java index d13b322..f44d369 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/service/impl/SysFileServiceImpl.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/service/impl/SysFileServiceImpl.java @@ -1,6 +1,7 @@ package com.bonus.sgzb.system.service.impl; import cn.hutool.core.util.IdUtil; +import com.bonus.sgzb.common.core.constant.HttpStatus; import com.bonus.sgzb.common.core.utils.DateTimeHelper; import com.bonus.sgzb.common.core.utils.GlobalConstants; import com.bonus.sgzb.common.core.web.domain.AjaxResult; @@ -16,6 +17,7 @@ import org.apache.poi.xwpf.extractor.XWPFWordExtractor; import org.apache.poi.xwpf.usermodel.XWPFDocument; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Primary; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Service; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.support.StandardMultipartHttpServletRequest; @@ -43,6 +45,9 @@ public class SysFileServiceImpl implements SysFileService { @Value("${file.path}") private String localFilePath; + // 允许的文件格式 + private static final List ALLOWED_EXTENSIONS = Arrays.asList("jpg", "jpeg", "txt", "png", "pdf", "docx", "doc", "xlsx", "xls"); + @Resource private FileClient fileClient; @@ -62,6 +67,11 @@ public class SysFileServiceImpl implements SysFileService { HashMap map = getFile(req); List items = (List) map.get("filePath"); MultipartFile item = items.get(0); + // 获取文件后缀名 + String fileExtension = item.getOriginalFilename().substring(item.getOriginalFilename().lastIndexOf(".") + 1); + if (!ALLOWED_EXTENSIONS.contains(fileExtension.toLowerCase())) { + throw new Exception("不支持该文件格式"); + } try { String url = saveFile(request, item, photoType); //AjaxResult res = fileClient.uploadFile(item); @@ -94,7 +104,7 @@ public class SysFileServiceImpl implements SysFileService { * @throws Exception */ @Override - public FileInfo uploadHeadPic(MultipartFile item,String fileType) { + public FileInfo uploadHeadPic(MultipartFile item, String fileType) { FileInfo file = new FileInfo(); Long userId = SecurityUtils.getLoginUser().getUserid(); try {