班组注册列表字段回显和漏洞修复

src/main/java/com/bonus/gs/sub/evaluate/evaluate/controller/OrganizationalController.java

@@ -321,12 +321,12 @@ public class OrganizationalController extends BaseController<EvaluateBean> {
     /**
      * 班组注册
      *
-     * @param bean
+     * @param
      * @return
      */
     @RequestMapping(value = "registerTeamGroup", method = RequestMethod.POST)
     @ResponseBody
-    public AjaxRes registerTeamGroup(@RequestBody TeamGroupBean bean) {
+    public AjaxRes registerTeamGroup(@ModelAttribute TeamGroupBean bean) {
         AjaxRes ar = getAjaxRes();
         if (!UserUtil.isPhone(bean.getPhone())) {
             ar.setFailMsg("手机号格式错误");

src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/TeamGroupServiceImpl.java

@@ -255,8 +255,12 @@ public class TeamGroupServiceImpl implements TeamGroupService {
         for (TeamGroupBean groupBean : registerList) {
             TeamGroupBean teamLeader = teamGroupDao.getTeamLeader(groupBean);
             groupBean.setTeamLeader(teamLeader.getName());
-            groupBean.setPhone(teamLeader.getPhone());
+            if (StringUtils.isNotBlank(teamLeader.getPhone())) {
-            groupBean.setIdCard(teamLeader.getIdCard());
+                groupBean.setPhone(AesCbcUtils.encrypt(teamLeader.getPhone()));
+            }
+            if (StringUtils.isNotBlank(teamLeader.getIdCard())) {
+                groupBean.setIdCard(AesCbcUtils.encrypt(teamLeader.getIdCard()));
+            }
             groupBean.setPersonNum(teamLeader.getPersonNum());
         }
         return registerList;

src/main/java/com/bonus/gs/sub/evaluate/manager/config/SecurityHandlerConfig.java

@@ -15,9 +15,11 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
@@ -139,4 +141,28 @@ public class SecurityHandlerConfig {
 
     }
 
+/*    @Configuration
+    public class SecurityConfig {
+        @Bean
+        public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+            http.headers(headers -> headers
+                    .contentSecurityPolicy(csp -> csp
+                            .policyDirectives(
+                                    "default-src 'self'; " +
+                                            "script-src 'self' 'unsafe-inline' 'unsafe-eval'; " +
+                                            "style-src 'self' 'unsafe-inline'; " +
+                                            "img-src 'self' data: https:; " +
+                                            "font-src 'self'; " +
+                                            "connect-src 'self'; " +
+                                            "frame-src 'none'; " +
+                                            "object-src 'none'; " +
+                                            "base-uri 'self'; " +
+                                            "form-action 'self';"
+                            )
+                    )
+            );
+            return http.build();
+        }
+    }*/
+
 }

src/main/java/com/bonus/gs/sub/evaluate/manager/controller/UserController.java

@@ -140,6 +140,7 @@ public class UserController {
                 List<SysUser> list = userDao.list(request.getParams(), request.getOffset(), request.getLimit());
                 for (SysUser sysUser : list) {
                     String phone = sysUser.getPhone();
+                    sysUser.setPassword(null);
                     if (StringUtils.isNotBlank(phone)) {
                         sysUser.setPhone(AesCbcUtils.encrypt(phone));
                     }

src/main/resources/mappers/evaluate/TeamGroupMapper.xml

@@ -202,6 +202,7 @@
             poi.create_time createTime,
             poi.info_file_url infoFileUrl,
             poi.audit_status auditStatus,
+            su.username applyMan,
         CASE
                 WHEN poi.audit_status = 0 THEN '草稿'
                 WHEN poi.audit_status = 1 THEN '待事业部审核'
@@ -212,6 +213,7 @@
                 END AS auditStatusName
         FROM
             pm_org_info poi
+        left join sys_user su ON su.id = poi.apply_man
         WHERE
             poi.audit_status IS NOT NULL
           AND poi.LEVEL = 5

src/main/resources/mappers/user/NewUserMapper.xml

@@ -33,7 +33,6 @@
 		left join sys_role_user sru on t.id = sru.userId
 		left join sys_role sr on sru.roleId = sr.id
 		<include refid="where" />
-		${params.orderBy}
         limit #{offset}, #{limit}
 	</select>
     <select id="getUserRoles" resultType="java.lang.String">
@@ -96,4 +95,4 @@
 			evaluate_pass_word = #{password}
 		where TELPHONE = #{phone}
 	</update>
-</mapper>
+</mapper>

src/main/resources/static/js/evaluate/teamGroup/teamGroupRegister.js

@@ -64,7 +64,7 @@ function initTable() {
                     type: "numbers",
                 },
                 {field: "teamGroupName", align: "center", title: "注册班组名称"},
-                {field: "name", align: "center", title: "班组长姓名"},
+                {field: "teamLeader", align: "center", title: "班组长姓名"},
                 {
                     field: 'phone', title: '班长联系电话', width: '15%', align: "center",
                     templet: function (d) {
@@ -84,16 +84,16 @@ function initTable() {
                 },
                 {field: "personNum", align: "center", title: "注册骨干人员数量"},
                 {
-                    field: "informationReview",
+                    field: "infoFileUrl",
                     align: "center",
                     title: "信息评审表",
                     templet: function (d) {
-                        return '<a onclick="openTeamMemberPage(' + d.id + ')" style="color: #1E9FFF; cursor: pointer;">' + d.teamPersonNum + '</a>';
+                        return '<a onclick="openTeamMemberPage(' + d.infoFileUrl + ')" style="color: #1E9FFF; cursor: pointer;">' + '查看' + '</a>';
                     }
                 },
                 {field: "createTime", align: "center", title: "申请时间"},
-                {field: "creater", align: "center", title: "申请人"},
+                {field: "applyMan", align: "center", title: "申请人"},
-                {field: "auditStatus", align: "center", title: "审核状态"},
+                {field: "auditStatusName", align: "center", title: "审核状态"},
                 {
                     fixed: "right",
                     width: 180,
@@ -308,26 +308,8 @@ function initTable() {
 
 //班组人员列表
 function openTeamMemberPage(data) {
-    try {
+    const filePath = ctxPath +"/statics/"+ data.split('/upload/')[1]
-        const layerIndex = layer.open({
+    window.open(filePath)
-            type: 2,
-            title: '班组人员列表',
-            shade: 0.3,
-            area: ["80%", "90%"],
-            scrollbar: true,
-            move: true,
-            anim: 2,
-            shadeClose: false,
-            content:
-                './teamMemBer.html',
-            success: function (layero, index) {
-                let iframeWin = window["layui-layer-iframe" + index];
-                iframeWin.setParams(JSON.stringify(data), index);
-            },
-        });
-    } catch (error) {
-        console.error("openTeamMemberPage 错误:", error);
-    }
 }
 
 function addTeamGroup() {

src/main/resources/static/pages/evaluate/teamGroup/registerForm.html

@@ -260,4 +260,4 @@
 <script src="../../../layui/layui_ext/dtree/dtree.js"></script>
 <script src="../../../js/evaluate/teamGroup/registerForm.js?v=1"></script>
 
-</html>
+</html>