添加防止sql注入方法

gis_application/src/main/resources/application.properties

@@ -9,7 +9,7 @@ project.sc=\u56DB\u7EF4\u6587\u7269\u8D44\u6599\u5E93
 redis.prefix=${project.en}_token_
 
 # \u5141\u8BB8\u4E0A\u4F20\u6587\u4EF6\u540E\u7F00
-server.file.allow=.jpg,.gif,.png,.ico,.bmp,.jpeg,.zip,.zp,.rar,.mp3,.mp4,.avi,.mov,.4dage,.wav,.wma,.m4a,.obj,.pdf,audio
+server.file.allow=.jpg,.gif,.png,.ico,.bmp,.jpeg,.zip,.zp,.rar,.mp3,.mp4,.avi,.mov,.4dage,.wav,.wma,.m4a,.obj,.pdf,.audio,.ppt,.pptx,.xls,.doc,.docx,.txt
 
 
 

gis_cms/src/main/java/com/gis/cms/controller/DocController.java

@@ -1,17 +1,7 @@
 package com.gis.cms.controller;
 
-import com.gis.cms.entity.dto.DocDto;
-import com.gis.cms.entity.dto.GoodsDto;
-import com.gis.cms.entity.dto.GoodsPageDto;
-import com.gis.cms.entity.dto.ModelDto;
-import com.gis.cms.entity.po.GoodsEntity;
-import com.gis.cms.entity.po.SceneEntity;
-import com.gis.cms.entity.vo.NameVo;
-import com.gis.cms.mapper.MyBaseMapper;
+import com.gis.cms.entity.dto.EditDto;
 import com.gis.cms.service.DocService;
-import com.gis.cms.service.FileService;
-import com.gis.cms.service.GoodsService;
-import com.gis.common.base.aop.WebControllerLog;
 import com.gis.common.util.Result;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -20,15 +10,12 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 
-import javax.validation.Valid;
-import java.util.List;
-
 
 /**
  * Created by owen on 2021/11/17 0008 9:54
  */
 @Slf4j
-@Api(tags = "文物管理")
+@Api(tags = "文档管理")
 @RestController
 @RequestMapping("cms/doc")
 public class DocController {
@@ -48,11 +35,6 @@ public class DocController {
         return entityService.upload(file, null, null);
     }
 
-    @ApiOperation("编辑保存")
-    @PostMapping("edit")
-    public Result edit(@RequestBody DocDto param) {
-        return entityService.edit(param);
-    }
 
 
 

gis_cms/src/main/java/com/gis/cms/controller/GoodsController.java

@@ -54,7 +54,8 @@ public class GoodsController  {
     @ApiOperation("根据项目id获取详情")
     @GetMapping("project/detail/{projectId}")
     public Result<SceneEntity> projectDetail(@PathVariable Long projectId) {
-        return entityService.projectId(projectId);
+        List<GoodsEntity> list = entityService.findByProjectId(projectId);
+        return Result.success(list);
     }
 
     @ApiOperation("根据id获取详情")
@@ -71,11 +72,11 @@ public class GoodsController  {
         return entityService.saveModel(param);
     }
 
-    @ApiOperation("文物-保存文物id")
-    @GetMapping("modelBinding/{projectId}/{goodsIds}")
-    public Result modelBinding(@PathVariable String projectId, @PathVariable String goodsIds) {
-        return entityService.modelBinding(projectId, goodsIds);
-    }
+//    @ApiOperation("文物-保存文物id")
+//    @GetMapping("modelBinding/{projectId}/{goodsIds}")
+//    public Result modelBinding(@PathVariable String projectId, @PathVariable String goodsIds) {
+//        return entityService.modelBinding(projectId, goodsIds);
+//    }
 
 
     @ApiOperation("上传文件")
@@ -84,11 +85,11 @@ public class GoodsController  {
         return entityService.upload(file, "img", null);
     }
 
-    @ApiOperation("文物-上传文件")
-    @PostMapping("modelUpload/{projectId}")
-    public Result modelUpload(MultipartFile file, @PathVariable String projectId) {
-        return entityService.modelUpload(file, projectId);
-    }
+//    @ApiOperation("文物-上传文件")
+//    @PostMapping("modelUpload/{projectId}")
+//    public Result modelUpload(MultipartFile file, @PathVariable String projectId) {
+//        return entityService.modelUpload(file, projectId);
+//    }
 
     @ApiOperation("文物-设置封面图")
     @GetMapping("modelSetIndex/{fileId}")

gis_cms/src/main/java/com/gis/cms/controller/ProjectController.java

@@ -40,7 +40,7 @@ public class ProjectController {
     @WebControllerLog(description = "项目管理-新增", addDb = true)
     @ApiOperation(value = "新增")
     @PostMapping("add")
-    public Result add(ProjectAddDto param) {
+    public Result add(@RequestBody ProjectAddDto param) {
         return entityService.add(param);
     }
 
@@ -54,7 +54,7 @@ public class ProjectController {
     @WebControllerLog(description = "项目管理-编辑", addDb = true)
     @ApiOperation(value = "编辑")
     @PostMapping("edit")
-    public Result edit(ProjectEditDto param) {
+    public Result edit(@RequestBody ProjectEditDto param) {
         return entityService.edit(param);
     }
 
@@ -77,4 +77,25 @@ public class ProjectController {
 
 
 
+    @ApiOperation("编辑保存-文物")
+    @PostMapping("editGoods")
+    public Result editGoods(@RequestBody EditDto param) {
+        return entityService.editGoods(param);
+    }
+
+    @ApiOperation("编辑保存-网址&场景")
+    @PostMapping("editScene")
+    public Result editScene(@RequestBody SceneDto param) {
+        return entityService.editScene(param);
+    }
+
+    @ApiOperation("编辑保存-文档")
+    @PostMapping("editDoc")
+    public Result editDoc(@RequestBody EditDto param) {
+        return entityService.editDoc(param);
+    }
+
+
+
+
 }

gis_cms/src/main/java/com/gis/cms/controller/SceneController.java

@@ -35,11 +35,7 @@ public class SceneController {
 //    }
 
 
-    @ApiOperation("保存")
-    @GetMapping("save")
-    public Result save(@RequestBody SceneDto param) {
-        return entityService.save(param);
-    }
+
 
 
 

gis_cms/src/main/java/com/gis/cms/entity/dto/DocDto.java

@@ -10,13 +10,13 @@ import java.util.List;
  * Created by owen on 2021/10/20 0020 14:40
  */
 @Data
-public class DocDto {
+public class EditDto {
 
     @ApiModelProperty(value = "删除文档id, 多个以逗号分隔")
     private String removeIds;
 
     @ApiModelProperty(value = "编辑后全部文档id, 多个以逗号分隔")
-    private String docIds;
+    private String editIds;
 
     @NotBlank(message = "项目id不能为空")
     @ApiModelProperty(value = "项目ID", required = true)

gis_cms/src/main/java/com/gis/cms/entity/dto/ProjectAddDto.java

@@ -57,4 +57,6 @@ public class ProjectAddDto implements Serializable {
 
 
 
+
+
 }

gis_cms/src/main/java/com/gis/cms/entity/dto/SceneDto.java

@@ -11,7 +11,7 @@ import java.util.List;
 @Data
 public class SceneDto {
 
-    @ApiModelProperty(value = "需要保持的对象")
+    @ApiModelProperty(value = "需要保持的对象, 根据id判断是更新还是新增")
     private List<UrlDto> dto;
 
     @ApiModelProperty(value = "需要删除的对象Id, 多个以逗号分隔")

gis_cms/src/main/java/com/gis/cms/entity/dto/UrlDto.java

@@ -10,6 +10,9 @@ import lombok.Data;
 public class UrlDto {
 
     @ApiModelProperty(value = "名称" )
+    private Long id;
+
+    @ApiModelProperty(value = "名称" )
     private String name;
 
     @ApiModelProperty(value = "链接")

gis_cms/src/main/java/com/gis/cms/entity/po/ProjectEntity.java

@@ -39,11 +39,11 @@ public class ProjectEntity extends BaseEntity implements Serializable {
     @ApiModelProperty(value = "合作方")
     private String cooperation;
 
-    @ApiModelProperty(value = "文物id, 多个以逗号分隔")
-    private String goodsIds;
-
-    @ApiModelProperty(value = "文档id, 多个以逗号分隔")
-    private String docIds;
+//    @ApiModelProperty(value = "文物id, 多个以逗号分隔")
+//    private String goodsIds;
+//
+//    @ApiModelProperty(value = "文档id, 多个以逗号分隔")
+//    private String docIds;
 
     @Transient
     @ApiModelProperty(value = "项目分类名称")

gis_cms/src/main/java/com/gis/cms/mapper/GoodsMapper.java

@@ -1,22 +1,16 @@
 package com.gis.cms.mapper;
 
 
-import com.gis.cms.entity.bo.GoodsBo;
 import com.gis.cms.entity.dto.GoodsPageDto;
-import com.gis.cms.entity.dto.ScenePageDto;
 import com.gis.cms.entity.po.GoodsEntity;
-import com.gis.cms.entity.po.SceneEntity;
 import com.gis.cms.mapper.provider.GoodsProvider;
 import com.gis.common.base.mapper.IBaseMapper;
-import com.gis.cms.entity.dto.TypePageDateDto;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Select;
 import org.apache.ibatis.annotations.SelectProvider;
-import org.apache.ibatis.annotations.Update;
 import org.springframework.stereotype.Component;
 
 import java.util.List;
-import java.util.Set;
 
 @Component
 @Mapper
@@ -27,35 +21,9 @@ public interface GoodsMapper extends IBaseMapper<GoodsEntity, Long> {
     @SelectProvider(type = GoodsProvider.class, method = "search")
     List<GoodsEntity> search(GoodsPageDto param, Integer display);
 
+    @SelectProvider(type = GoodsProvider.class, method = "strSql")
+    void strSql(String strSql);
 
-//    @SelectProvider(type = GoodsProvider.class, method = "searchByCondition")
-//    List<GoodsEntity> searchByCondition(GoodsBo param);
-
-    @Select("select * from tb_goods where is_delete=0 and register_id=#{registerId}")
-    List<GoodsEntity> findByRegisterId(Long registerId);
-
-    @Update("update tb_goods set is_storage = #{isStorage} , update_time = NOW() where is_delete = 0 and id=#{id}")
-    void setIsStorage(String id, Integer isStorage);
-
-    @Update("update tb_goods set status = #{status} , update_time = NOW() where  id in (${goodsIds})")
-    void updateStatusByIds(int status, String goodsIds);
-
-    @Select("select id from tb_goods where is_delete=0 and is_storage=#{isStorage} and status=#{status}")
-    List<String> findIdsByIsStorageAndStatus(int isStorage, int status);
-
-    @Update("update tb_goods set out_path = #{path} , update_time = NOW() where is_delete = 0 and id=#{id}")
-    void updateOutPath(Long id, String path);
-
-    // 使用in时，需要用#
-    @Select("select status from tb_goods where is_delete=0 and is_storage=1 and id in ( #{goodsIds} )")
-    Set<Integer> getStatusByIds(String goodsIds);
-
-    @Update("update tb_goods set is_delete=1 , update_time = NOW() where is_delete=0 and id in (#{goodsIds})")
-    void delByIds(String goodsIds);
-
-    @Update("update tb_goods set storage_id = #{storageId} , update_time = NOW() where is_delete = 0 and status=0 and id=#{id}")
-    void updateStorageId(String id, String storageId);
-
-    @Select("select * from tb_goods where is_delete=0 and type=#{type} and project_id=#{projectId}")
-    List<GoodsEntity> findByTypeAndProjectId(String type, Long projectId);
+    @Select("select * from tb_goods where is_delete=0 and project_id=#{projectId}")
+    List<GoodsEntity> findByProjectId(Long projectId);
 }

gis_cms/src/main/java/com/gis/cms/mapper/ProjectMapper.java

@@ -5,6 +5,7 @@ import com.gis.cms.entity.po.ProjectEntity;
 import com.gis.cms.mapper.provider.ProjectProvider;
 import com.gis.common.base.mapper.IBaseMapper;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Select;
 import org.apache.ibatis.annotations.SelectProvider;
 import org.apache.ibatis.annotations.Update;
 import org.springframework.stereotype.Component;
@@ -23,6 +24,6 @@ public interface ProjectMapper extends IBaseMapper<ProjectEntity, Long> {
     @SelectProvider(type = ProjectProvider.class, method = "search")
     List<ProjectEntity> search(ProjectPageDto param);
 
-    @Update("update tb_project set goods_ids = #{goodsIds} , update_time = NOW() where is_delete=0 and id=#{id}")
-    void setGoodsIdsById(String id, String goodsIds);
+    @Select("select a.*, b.name as projectTypeName from tb_project a left join tb_project_type b on b.id=a.type_id where a.is_delete=0 and a.id=#{id}")
+    ProjectEntity mapperFindById(Long id);
 }

gis_cms/src/main/java/com/gis/cms/mapper/SceneMapper.java

@@ -3,6 +3,7 @@ package com.gis.cms.mapper;
 
 import com.gis.cms.entity.dto.ScenePageDto;
 import com.gis.cms.entity.po.SceneEntity;
+import com.gis.cms.mapper.provider.DocProvider;
 import com.gis.cms.mapper.provider.SceneProvider;
 import com.gis.common.base.mapper.IBaseMapper;
 import org.apache.ibatis.annotations.*;
@@ -22,12 +23,11 @@ public interface SceneMapper extends IBaseMapper<SceneEntity, Long> {
     @SelectProvider(type = SceneProvider.class, method = "search")
     List<SceneEntity> mapperSearch(ScenePageDto param);
 
-    @Update("update tb_register set reason = #{reason} , update_time = NOW() where is_delete = 0 and id=#{id}")
-    void setReason(Long id, String reason);
-
-    @Update("update tb_scene set is_delete=1 , update_time = NOW() where is_delete = 0 and id in (#{ids})")
-    void delByIds(String ids);
+    @SelectProvider(type = SceneProvider.class, method = "strSql")
+    void strSql(String strSql);
 
     @Select("select * from tb_scene where is_delete=0 and type=#{type} and project_id=#{projectId}")
     List<SceneEntity> findByTypeAndProjectId(String type, Long projectId);
-}
+
+
+}

gis_cms/src/main/java/com/gis/cms/mapper/provider/GoodsProvider.java

@@ -16,7 +16,8 @@ public class GoodsProvider {
         StringBuffer sql = new StringBuffer(
                 "select a.*,b.name as goodsTypeName, c.name as projectName, d.name as projectTypeName from tb_goods a " +
                         "left join tb_goods_type b on b.id=a.goods_type_id " +
-                        "left join tb_project c on c.id=a.project_id left join tb_project_type d on d.id=c.type_id where a.is_delete = '0' ");
+                        "left join tb_project c on c.id=a.project_id " +
+                        "left join tb_project_type d on d.id=c.type_id where a.is_delete=0 and a.project_id is not NULL ");
 
 //        if (StringUtils.isNotBlank(param.getStartTime()) && StringUtils.isNotBlank(param.getEndTime())) {
 //
@@ -32,7 +33,7 @@ public class GoodsProvider {
 
         Long projectTypeId = param.getProjectTypeId();
         if (projectTypeId != null){
-            sql.append(" and  c.project_id = ").append(projectTypeId);
+            sql.append(" and  c.type_id = ").append(projectTypeId);
         }
 
         Long goodsTypeId = param.getGoodsTypeId();
@@ -49,7 +50,10 @@ public class GoodsProvider {
     }
 
 
-
+    public String strSql(String strSql) {
+        log.info("sql: {}", strSql);
+        return strSql;
+    }
 
 }
 

gis_cms/src/main/java/com/gis/cms/mapper/provider/SceneProvider.java

@@ -41,6 +41,11 @@ public class SceneProvider {
         return sql.toString();
     }
 
+    public String strSql(String strSql) {
+        log.info("sql: {}", strSql);
+        return strSql;
+    }
+
 
 }
 

gis_cms/src/main/java/com/gis/cms/service/DocService.java

@@ -1,15 +1,13 @@
 package com.gis.cms.service;
 
 
-import com.gis.cms.entity.dto.DocDto;
+import com.gis.cms.entity.dto.EditDto;
 import com.gis.cms.entity.po.DocEntity;
-import com.gis.cms.entity.po.FileEntity;
 import com.gis.common.base.service.IBaseService;
 import com.gis.common.util.Result;
 import org.springframework.web.multipart.MultipartFile;
 
 import java.util.List;
-import java.util.Map;
 
 
 /**
@@ -24,7 +22,7 @@ public interface DocService extends IBaseService<DocEntity, Long> {
 
     List<DocEntity> findByProjectId(Long projectId);
 
-    Result edit(DocDto param);
+    Result edit(EditDto param);
 
     void bindingProjectId(String ids, Long projectId);
 }

gis_cms/src/main/java/com/gis/cms/service/GoodsService.java

@@ -25,21 +25,15 @@ public interface GoodsService extends IBaseService<GoodsEntity, Long> {
 
     Result detail(Long id);
 
-    Result removes(String ids);
+    void removes(String ids);
 
     Result setIndex(Long fileId);
 
-
-    Result<SceneEntity> projectId(Long projectId);
-
-    void saveAndUpload(Long projectId, String type, List<MultipartFile> files);
-
     Result saveModel(ModelDto param);
 
-    Result modelUpload(MultipartFile file, String projectId);
-
 
-    Result modelBinding(String projectId, String goodsIds);
+    void bindingProjectIdToEntity(Long projectId, String goodsIds);
 
 
+    List<GoodsEntity> findByProjectId(Long id);
 }

gis_cms/src/main/java/com/gis/cms/service/ProjectService.java

@@ -1,10 +1,7 @@
 package com.gis.cms.service;
 
 
-import com.gis.cms.entity.dto.ProjectAddDto;
-import com.gis.cms.entity.dto.ProjectEditDto;
-import com.gis.cms.entity.dto.ProjectPageDto;
-import com.gis.cms.entity.dto.StatusPageDataDto;
+import com.gis.cms.entity.dto.*;
 import com.gis.cms.entity.po.ProjectEntity;
 import com.gis.common.base.service.IBaseService;
 import com.gis.common.util.Result;
@@ -26,4 +23,12 @@ public interface ProjectService extends IBaseService<ProjectEntity, Long> {
     Result detail(Long id);
 
     Result edit(ProjectEditDto param);
+
+    ProjectEntity mapperFindById(Long id);
+
+    Result editGoods(EditDto param);
+
+    Result editScene(SceneDto param);
+
+    Result editDoc(EditDto param);
 }

gis_cms/src/main/java/com/gis/cms/service/impl/DocServiceImpl.java

@@ -3,16 +3,12 @@ package com.gis.cms.service.impl;
 import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.util.StrUtil;
-import com.gis.cms.entity.dto.DocDto;
+import com.gis.cms.entity.dto.EditDto;
 import com.gis.cms.entity.po.DocEntity;
-import com.gis.cms.entity.po.FileEntity;
 import com.gis.cms.entity.po.ProjectEntity;
 import com.gis.cms.mapper.DocMapper;
-import com.gis.cms.mapper.FileMapper;
 import com.gis.cms.service.DocService;
-import com.gis.cms.service.FileService;
 import com.gis.cms.service.ProjectService;
-import com.gis.common.base.exception.BaseRuntimeException;
 import com.gis.common.base.mapper.IBaseMapper;
 import com.gis.common.base.service.impl.IBaseServiceImpl;
 import com.gis.common.constant.TypeCode;
@@ -24,12 +20,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 
-import java.io.IOException;
 import java.time.LocalDateTime;
-import java.util.Arrays;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 
 /**
@@ -63,10 +55,10 @@ public class DocServiceImpl extends IBaseServiceImpl<DocEntity, Long> implements
         }
 
         // 判断类型合法性
-        String [] typeCheck = {"video","model","doc","audio","img"};
-        if (!Arrays.asList(typeCheck).contains(type)) {
-            return Result.failure("非法类型");
-        }
+//        String [] typeCheck = {"video","model","doc","audio","img"};
+//        if (!Arrays.asList(typeCheck).contains(type)) {
+//            return Result.failure("非法类型");
+//        }
 
         // 文件目录
         String fileName = file.getOriginalFilename();
@@ -119,25 +111,27 @@ public class DocServiceImpl extends IBaseServiceImpl<DocEntity, Long> implements
     }
 
     @Override
-    public Result edit(DocDto param) {
+    public Result edit(EditDto param) {
         // 删除文档
         String removeIds = param.getRemoveIds();
         if (StringUtils.isNotBlank(removeIds)){
             entityMapper.removes(removeIds);
         }
         // 绑定项目id
-        String docIds = param.getDocIds();
-        if (StringUtils.isNotBlank(docIds)){
-            ProjectEntity entity = projectService.findById(param.getProjectId());
-            entity.setDocIds(docIds);
-            projectService.update(entity);
-        }
+        this.bindingProjectId(param.getEditIds(), param.getProjectId());
+
         return Result.success();
     }
 
     @Override
     public void bindingProjectId(String ids, Long projectId){
-        String sql = String.format("update tb_doc set project_id={}, update_time=NOW() where is_delete=0 and id in ({})", projectId, ids);
+        if (StringUtils.isBlank(ids)){
+           log.warn("不需要更新");
+           return;
+        }
+        // 防止sql注入
+        RegexUtil.regSql(ids);
+        String sql = StrUtil.format("update tb_doc set project_id={}, update_time=NOW() where is_delete=0 and id in ({})", projectId, ids);
         entityMapper.strSql(sql);
     }
 

gis_cms/src/main/java/com/gis/cms/service/impl/GoodsServiceImpl.java

@@ -73,24 +73,15 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
     }
 
     @Override
-    public Result removes(String ids) {
-        String[] split = StrUtil.split(ids, ",");
-        for (String s : split) {
-            Long id = Long.valueOf(s);
-            GoodsEntity entity = this.findById(id);
-            if (entity != null) {
-                // 删除物理文件
-                List<FileEntity> files = fileService.findByModuleId(id, TypeCode.MODULE_GOODS);
-                for (FileEntity file : files) {
-                    fileService.remove(file.getId());
-                }
-
-                entity.setIsDelete(1);
-                this.update(entity);
-            }
+    public void removes(String ids) {
+        if (StringUtils.isBlank(ids)){
+            log.warn("参数为空，不需要更新");
+            return;
         }
-
-        return Result.success();
+        // 防止sql注入
+        RegexUtil.regSql(ids);
+        String sql = StrUtil.format("update tb_goods set is_delete=1, update_time=NOW() where is_delete=0 and id in ({})", ids);
+        entityMapper.strSql(sql);
     }
 
 
@@ -115,6 +106,7 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
     }
 
 
+
     @Override
     public Result detail(Long id) {
         GoodsEntity entity = this.findById(id);
@@ -136,10 +128,7 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
 
 
 
-    @Override
-    public Result<SceneEntity> projectId(Long projectId) {
-        return null;
-    }
+
 
 
     @Override
@@ -195,27 +184,7 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
 
 
 
-    /**
-     * 保存文件且保存文件信息
-     * @param projectId 项目id
-     * @param type 文物类型 doc, model
-     * @param files 文件
-     */
-    @Override
-    public void saveAndUpload(Long projectId, String type, List<MultipartFile> files) {
-        String savePath = PREFIX_PATH + "/" + projectId + "/" + type;
-        GoodsEntity entity;
-        String fileName;
-        for (MultipartFile file : files) {
-            fileName = fileUtils.upload(file, savePath, true);
-            entity = new GoodsEntity();
-            entity.setProjectId(projectId);
-            entity.setName(file.getOriginalFilename());
-            entity.setType(type);
-            entity.setFilePath(savePath + "/" + fileName);
-            this.save(entity);
-        }
-    }
+
 
     /**
      * 封面图默认是第一张(若果文件id没有index值时)，只有前端设置了封面，才会更新文件封面
@@ -256,25 +225,23 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
 
 
 
+    @Override
+    public void bindingProjectIdToEntity(Long projectId, String goodsIds) {
 
+        if (StringUtils.isBlank(goodsIds)){
+            log.warn("不需要更新");
+            return;
+        }
 
-
-    @Override
-    public Result modelUpload(MultipartFile file, String projectId) {
-        String savePath = PREFIX_PATH + "/" + projectId + "/" + TypeCode.GOODS_MODEL;
-        String newFileName = fileUtils.upload(file, savePath, true);
-        savePath = savePath + "/" + newFileName;
-        Long id = fileService.saveFile(savePath, file.getOriginalFilename(), TypeCode.MODULE_GOODS, TypeCode.GOODS_MODEL);
-        HashMap<Object, Object> result = new HashMap<>();
-        result.put("id", id);
-        result.put("filePath", savePath);
-        return Result.success(result);
+        // 防止sql注入
+        RegexUtil.regSql(goodsIds);
+            String sql = StrUtil.format("update tb_goods set project_id={}, update_time=NOW() where is_delete=0 and id in ({})", projectId, goodsIds);
+            entityMapper.strSql(sql);
     }
 
     @Override
-    public Result modelBinding(String projectId, String goodsIds) {
-        projectMapper.setGoodsIdsById(projectId, goodsIds);
-        return Result.success();
+    public List<GoodsEntity> findByProjectId(Long projectId) {
+        return entityMapper.findByProjectId(projectId);
     }
 
 
@@ -283,4 +250,9 @@ public class GoodsServiceImpl extends IBaseServiceImpl<GoodsEntity, Long> implem
 
 
 
+
+
+
+
+
 }

gis_cms/src/main/java/com/gis/cms/service/impl/ProjectServiceImpl.java

@@ -93,7 +93,7 @@ public class ProjectServiceImpl extends IBaseServiceImpl<ProjectEntity, Long> im
 
     @Override
     public Result detail(Long id) {
-        ProjectEntity entity = this.findById(id);
+        ProjectEntity entity = this.mapperFindById(id);
         if (entity == null) {
             return Result.failure("对象不存在");
         }
@@ -105,18 +105,11 @@ public class ProjectServiceImpl extends IBaseServiceImpl<ProjectEntity, Long> im
         List<SceneEntity> scenes = sceneMapper.findByTypeAndProjectId(TypeCode.SCENE_SENCE, id);
 
         // 文档
-        String docIds = entity.getDocIds();
-        List<DocEntity> docs = new ArrayList<>();
-        if (StringUtils.isNotBlank(docIds)){
-            docs = docService.findByIds(docIds);
-        }
+        List<DocEntity> docs = docService.findByProjectId(id);
 
         // 文物
-        String goodsIds = entity.getGoodsIds();
-        List<GoodsEntity> goods = new ArrayList<>();
-        if (StringUtils.isNotBlank(goodsIds)){
-            goods = goodsService.findByIds(goodsIds);
-        }
+        List<GoodsEntity> goods = goodsService.findByProjectId(id);
+
 
         HashMap<String, Object> result = new HashMap<>();
         result.put("entity", entity);
@@ -136,6 +129,31 @@ public class ProjectServiceImpl extends IBaseServiceImpl<ProjectEntity, Long> im
         return Result.success(entity);
     }
 
+    @Override
+    public ProjectEntity mapperFindById(Long id) {
+        return entityMapper.mapperFindById(id);
+    }
+
+    @Override
+    public Result editGoods(EditDto param) {
+        // 删除文物
+        goodsService.removes(param.getRemoveIds());
+
+        // 更新文物id到项目
+       goodsService.bindingProjectIdToEntity(param.getProjectId(), param.getEditIds());
+        return Result.success();
+    }
+
+    @Override
+    public Result editScene(SceneDto param) {
+        return sceneService.save(param);
+    }
+
+    @Override
+    public Result editDoc(EditDto param) {
+        return docService.edit(param);
+    }
+
 
     @Override
     public Result add(ProjectAddDto param) {
@@ -149,6 +167,12 @@ public class ProjectServiceImpl extends IBaseServiceImpl<ProjectEntity, Long> im
         // 保存场景信息
         this.saveSceneInfo(id, param.getScenes(), "scene");
 
+        // 绑定项目id到文档
+        docService.bindingProjectId(param.getDocIds(), id);
+
+        // 绑定项目id到文物
+        goodsService.bindingProjectIdToEntity(id, param.getGoodsIds());
+
         return Result.success();
     }
 

gis_cms/src/main/java/com/gis/cms/service/impl/SceneServiceImpl.java

@@ -1,7 +1,7 @@
 package com.gis.cms.service.impl;
 
 
-import com.gis.cms.entity.dto.RegisterDto;
+import cn.hutool.core.util.StrUtil;
 import com.gis.cms.entity.dto.SceneDto;
 import com.gis.cms.entity.dto.ScenePageDto;
 import com.gis.cms.entity.dto.UrlDto;
@@ -10,10 +10,12 @@ import com.gis.cms.mapper.SceneMapper;
 import com.gis.cms.service.SceneService;
 import com.gis.common.base.mapper.IBaseMapper;
 import com.gis.common.base.service.impl.IBaseServiceImpl;
+import com.gis.common.util.RegexUtil;
 import com.gis.common.util.Result;
 import com.github.pagehelper.PageInfo;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.junit.Test;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -51,21 +53,6 @@ public class SceneServiceImpl extends IBaseServiceImpl<SceneEntity, Long> implem
     }
 
 
-
-//    @Override
-//    public Result edit(RegisterDto param) {
-//        SceneEntity entity = this.findById(param.getId());
-//        if (entity == null) {
-//            return Result.failure("对象不存在");
-//        }
-//
-//        BeanUtils.copyProperties(param, entity);
-//        // 设置显示
-//        this.update(entity);
-//
-//        return Result.success();
-//    }
-
     @Override
     public Result save(SceneDto param) {
 
@@ -98,40 +85,16 @@ public class SceneServiceImpl extends IBaseServiceImpl<SceneEntity, Long> implem
     }
 
     private void delByIds(String ids){
-        if (StringUtils.isNotBlank(ids)){
-            entityMapper.delByIds(ids);
+        if (StringUtils.isBlank(ids)){
+            log.warn("不需要删除");
+            return;
         }
+        // 防止sql注入
+        RegexUtil.regSql(ids);
+        String strSql = StrUtil.format("update tb_scene set is_delete=1 , update_time = NOW() where is_delete = 0 and id in ({})", ids);
+        entityMapper.strSql(strSql);
     }
 
-//    private SceneEntity mapperFindById(Long id){
-//        return entityMapper.mapperFindById(id);
-//    }
-
-
-
-
-//    @Override
-//    public Result remove(Long id) {
-//        SceneEntity entity = this.findById(id);
-//        if (entity == null) {
-//            return Result.success();
-//        }
-//        // db数据软删除， 物理数据真删除
-//        entity.setIsDelete(1);
-//        this.update(entity);
-//        return  Result.success();
-//    }
-//
-//    @Override
-//    public Result<SceneEntity> detail(Long id) {
-//        SceneEntity entity = mapperFindById(id);
-//        if (entity == null) {
-//            return Result.failure("对象不存在");
-//        }
-//        return  Result.success(entity);
-//    }
-
-
 
 
 }

gis_common/src/main/java/com/gis/common/util/FileUtils.java

@@ -30,7 +30,7 @@ public class FileUtils {
         String suffixList = configConstant.serverFileFallow;
         // 获取文件后缀
         if(file == null){
-            log.info("文件流为空不可上传");
+            log.error("文件流为空不可上传");
             return false;
         }
         String fileName = file.getOriginalFilename();
@@ -40,7 +40,7 @@ public class FileUtils {
             log.info("无非法参数可以放行！！！");
             return true;
         }
-        log.info("存在非法参数不能放行！请核对上传文件格式，重新刷新页面再次上传！");
+        log.error("存在非法参数不能放行！请核对上传文件格式，重新刷新页面再次上传！输入文件后缀： {}", suffix);
         return false;
     }
 

gis_common/src/main/java/com/gis/common/util/RegexUtil.java

@@ -1,18 +1,19 @@
 package com.gis.common.util;
 
-import cn.hutool.core.collection.CollUtil;
 import cn.hutool.extra.pinyin.PinyinUtil;
-import cn.hutool.extra.tokenizer.Result;
-import cn.hutool.extra.tokenizer.TokenizerEngine;
-import cn.hutool.extra.tokenizer.TokenizerUtil;
-import cn.hutool.extra.tokenizer.Word;
+import com.gis.common.base.exception.BaseRuntimeException;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.junit.Test;
 
-import java.util.Iterator;
-
+import java.util.Arrays;
+import java.util.List;
+/**
+ * Created by owen on 2021/11/18 0011 16:16
+ * 字符串过滤
+ */
+@Slf4j
 public class RegexUtil {
-    //specific symbol
 
     /** 处理特殊符号，变空值*/
     public static String specificSymbol(String str){
@@ -34,7 +35,20 @@ public class RegexUtil {
     }
 
 
+    /**防止sql注入*/
+    public static void regSql(String str){
+        String key = "and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|;|or|-|+";
+        String[] split = StringUtils.split(key, "|");
+        List<String> list = Arrays.asList(split);
+        for (String s : list) {
+            if (str.toLowerCase().contains(s)){
+                String msg = "存在sql注入字符";
+                log.error(msg);
+                throw new BaseRuntimeException(msg);
+            }
+        }
 
+    }
 
 
 
@@ -44,6 +58,14 @@ public class RegexUtil {
     }
 
 
+    @Test
+    public void test(){
+        String regEx = "12,15,+ delete";
+        regSql(regEx);
+
+
+}
+
 
 }