Skip to content

S
sv-springboot
Commit cd19c234 by Suvalue
Options

1.table导出excel接口 

2.接口参数防注入
parent 1931eaaf
Showing with 101 additions and 22 deletions
bsoft-api/src/main/java/com/bsoft/api/common/utils/SqlUtil.java 0 → 100644
package com.bsoft.api.common.utils;
public class SqlUtil {
public static String TransactSQLInjection(String str)
{
return str.replaceAll(".*([';]+|(--)+).*", " ");
}
}
bsoft-api/src/main/java/com/bsoft/api/controller/DimController.java
......@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;
import javax.validation.Valid;
import java.util.List;
@Api(tags = "维度数值Api")
......@@ -28,7 +29,7 @@ public class DimController {
@PostMapping("dimValue")
@Token
@ApiOperation("根据pageCode查询维度数值")
public Object getdimValueByPageCode(@RequestBody ReqDimValue reqDimValue) {
public Object getdimValueByPageCode(@RequestBody@Valid ReqDimValue reqDimValue) {
List<DimValue> dimValueList = dicDimService.getByPageCode(reqDimValue.getPageCode(), reqDimValue.getOrgId(), reqDimValue.getDate());
return Result.success(dimValueList);
}
......
bsoft-api/src/main/java/com/bsoft/api/controller/ExcelController.java
package com.bsoft.api.controller;
import com.bsoft.api.common.Result;
import com.bsoft.api.common.annotations.Token;
import com.bsoft.api.service.ExcelService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
......@@ -18,7 +19,8 @@ public class ExcelController {
@Autowired
private ExcelService excelService;
@PostMapping("xls")
@PostMapping("export")
@Token
@ApiOperation("将Table转换为Xls")
public Object tableToXls(HttpServletRequest request,@RequestBody String tableStr){
String realPath = request.getSession().getServletContext().getRealPath("/");
......
bsoft-api/src/main/java/com/bsoft/api/controller/SerDiseaseDocController.java
......@@ -22,7 +22,7 @@ public class SerDiseaseDocController {
private SerDiseaseDocService serDiseaseDocService;
@PostMapping("diseaseDoc")
// @Token
@Token
@ApiOperation("根据Code查询疾病关系信息")
public Object getDiseaseDoc(@RequestBody DiseaseDoc disease) throws InterruptedException {
List<SerDiseaseDocRs> list = serDiseaseDocService.getDiseaseDoc(disease.getDocCode(),disease.getMdcCode(),
......
bsoft-api/src/main/java/com/bsoft/api/mapper/SerDiseaseDocRsMapper.java
......@@ -18,5 +18,8 @@ public interface SerDiseaseDocRsMapper {
List<SerDiseaseDocRs> selectByCode(@Param("docCode") String docCode,@Param("mdcCode") String mdcCode,
@Param("deptCode") String deptCode,@Param("date") String date);
List<SerDiseaseDocRs> selectByRelation(@Param("docCode") String docCode,@Param("listMdcCode") String[] listMdcCode,
@Param("deptCode") String deptCode,@Param("date") String date);
int updateByPrimaryKey(SerDiseaseDocRs record);
}
bsoft-api/src/main/java/com/bsoft/api/mapper/SerPageMapper.java
......@@ -4,6 +4,7 @@ import com.bsoft.api.model.SerPage;
import org.apache.ibatis.annotations.Param;
import java.util.List;
import java.util.Set;
public interface SerPageMapper {
int deleteByPrimaryKey(Long id);
......@@ -17,4 +18,6 @@ public interface SerPageMapper {
int updateByPrimaryKey(SerPage record);
List<SerPage> selectByCodeAndDim(@Param("pageCode") Integer pageCode, @Param("inField") String inField, @Param("dimCount") int dimCount);
List<SerPage> selectByCodeAndDimList(@Param("pageCode") Integer pageCode, @Param("inFields") Set<String> inFields, @Param("dimCount") int dimCount);
}
\ No newline at end of file
bsoft-api/src/main/java/com/bsoft/api/model/reqmodel/ReqDimValue.java
......@@ -2,6 +2,8 @@ package com.bsoft.api.model.reqmodel;
import io.swagger.annotations.ApiModelProperty;
import javax.validation.constraints.NotNull;
public class ReqDimValue {
@ApiModelProperty(value = "pageCode",required = true)
......@@ -9,6 +11,7 @@ public class ReqDimValue {
@ApiModelProperty("机构id")
private Long orgId;
@ApiModelProperty("时间")
@NotNull
private String date;
public String getPageCode() {
......
bsoft-api/src/main/java/com/bsoft/api/service/Impl/BlockValuesServiceImpl.java
package com.bsoft.api.service.Impl;
import com.bsoft.api.common.exceptions.DBConfigurationError;
import com.bsoft.api.common.utils.SqlUtil;
import com.bsoft.api.mapper.BlockValuesMapper;
import com.bsoft.api.mapper.DicDimMapper;
import com.bsoft.api.mapper.SerPageBlockRsMapper;
......@@ -18,10 +19,7 @@ import org.springframework.scheduling.annotation.AsyncResult;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
......@@ -109,17 +107,19 @@ public class BlockValuesServiceImpl implements BlockValuesService {
*/
List<BlockValue> list = new ArrayList<>();
int count = 0;
String inField = "";
for (Map.Entry<String, String> entry : dim.entrySet()) {
inField += "'"+entry.getKey()+"',";
count++;
}
if(count > 0){
inField = inField.substring(0, inField.length()-1);
}
List<SerPage> pageList = serPageMapper.selectByCodeAndDim(pageCode, inField, count);
// int count = 0;
Set<String> inFields = dim.keySet();
// String inField = "";
// for (Map.Entry<String, String> entry : dim.entrySet()) {
// inField += "'"+ SqlUtil.TransactSQLInjection(entry.getKey())+"',";
// count++;
// }
// if(count > 0){
// inField = inField.substring(0, inField.length()-1);
// }
List<SerPage> pageList = serPageMapper.selectByCodeAndDimList(pageCode, inFields, inFields.size());
// List<SerPage> pageList = serPageMapper.selectByCodeAndDim(pageCode, inField, count);
if(pageList.size() == 0){
throw new DBConfigurationError("页面维度配置表错误,请联系管理员");
}
......
bsoft-api/src/main/java/com/bsoft/api/service/Impl/SerDiseaseDocServiceImpl.java
package com.bsoft.api.service.Impl;
import com.bsoft.api.common.utils.SqlUtil;
import com.bsoft.api.mapper.SerDiseaseDocRsMapper;
import com.bsoft.api.model.SerDiseaseDocRs;
import com.bsoft.api.service.SerDiseaseDocService;
import com.bsoft.common.utils.StringUtil;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.sql.Array;
import java.util.ArrayList;
import java.util.List;
@Service
......@@ -17,9 +20,11 @@ public class SerDiseaseDocServiceImpl implements SerDiseaseDocService {
@Override
public List<SerDiseaseDocRs> getDiseaseDoc(String docCode, String mdcCode, String deptCode,String date) throws InterruptedException {
docCode= StringUtil.isNullOrEmpty(docCode)?null:docCode;
mdcCode= StringUtil.isNullOrEmpty(mdcCode)?null:mdcCode;
mdcCode= StringUtil.isNullOrEmpty(mdcCode)?"":mdcCode;
deptCode= StringUtil.isNullOrEmpty(deptCode)?null:deptCode;
date= StringUtil.isNullOrEmpty(date)?null:date;
return serDiseaseDocRsMapper.selectByCode(docCode,mdcCode,deptCode,date);
String[] inField = mdcCode.split(",");
// return serDiseaseDocRsMapper.selectByCode(docCode,mdcCode,deptCode,date);
return serDiseaseDocRsMapper.selectByRelation(docCode,inField,deptCode,date);
}
}
bsoft-api/src/main/resources/application.properties
......@@ -14,4 +14,6 @@ config.path.exclude[0]=/login
spring.aop.auto=true
# Whether subclass-based (CGLIB) proxies are to be created (true)
spring.aop.proxy-target-class=false
spring.jmx.enabled=false
\ No newline at end of file
spring.jmx.enabled=false
#控制字段为null不返回的问题 True表示返回 False表示不返回
mybatis.configuration.call-setters-on-nulls=true
\ No newline at end of file
bsoft-api/src/main/resources/mapper/SerDiseaseDocRsMapper.xml
......@@ -64,4 +64,24 @@
and "DATE" = #{date,jdbcType=VARCHAR}
</if>
</select>
<select id="selectByRelation" resultMap="BaseResultMap">
select ID, ORG_ID, DOC_CODE, DOC_NAME, MDC_CODE, "DATE", DEPT_CODE, DEPT_NAME
from SER_DISEASE_DOC_RS
where 1=1
<if test="docCode!=null">
and DOC_CODE = #{docCode,jdbcType=VARCHAR}
</if>
<if test="listMdcCode.length > 0">
and MDC_CODE in
<foreach item="item" index="index" collection="listMdcCode" open="(" separator="," close=")">
#{item,jdbcType=VARCHAR}
</foreach>
</if>
<if test="deptCode!=null">
and DEPT_CODE = #{deptCode,jdbcType=VARCHAR}
</if>
<if test="date!=null">
and "DATE" = #{date,jdbcType=VARCHAR}
</if>
</select>
</mapper>
\ No newline at end of file
bsoft-api/src/main/resources/mapper/SerPageMapper.xml
......@@ -64,4 +64,33 @@
</if>
and f.count =#{dimCount,jdbcType=INTEGER}
</select>
<select id="selectByCodeAndDimList" resultType="com.bsoft.api.model.SerPage">
select d.* from SER_PAGE d,
<if test="dimCount != 0">
(select a.id,COUNT(b.ID) count
from SER_PAGE a
LEFT JOIN ser_page_dim_rs b on a.id = b.PAGE_ID and b.state = 1
LEFT JOIN DIC_DIM c on c.ID = b.DIM_ID
where a.state =1 and a.PAGE_CODE = #{pageCode,jdbcType=VARCHAR}
<if test="inFields.size() > 0">
and c.DIM_FIELD in
<foreach item="item" index="index" collection="inFields" open="(" separator="," close=")">
#{item,jdbcType=VARCHAR}
</foreach>
</if>
GROUP BY a.ID) e,
</if>
(select a.id,COUNT(b.ID) count
from SER_PAGE a
LEFT JOIN ser_page_dim_rs b on a.id = b.PAGE_ID and b.state = 1
LEFT JOIN DIC_DIM c on c.ID = b.DIM_ID
where a.state =1 and a.PAGE_CODE = #{pageCode,jdbcType=VARCHAR}
GROUP BY a.ID) f
where d.id = f.id
<if test="dimCount != 0">
and f.count = e.count
and d.Id = e.id
</if>
and f.count =#{dimCount,jdbcType=INTEGER}
</select>
</mapper>
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment