修复漏洞

common/src/main/java/com/winsun/outSideSystem/IntelligenceSendOrders.java

@@ -606,7 +606,7 @@ public class IntelligenceSendOrders {
         } else if (businessType == 5) {
             order_data.put("业务类型", "单宽业务");  //业务类型
         } else if (businessType == 10) {
-            order_data.put("业务类型", "校园宽带提速");  //业务类型
+            order_data.put("业务类型", "增值业务");  //业务类型
         }
 
         if (businessType == 3 || businessType == 10) {
@@ -628,75 +628,76 @@ public class IntelligenceSendOrders {
         broadbandInstalledCapacity.put("宽带接入号", "新装");
         broadbandInstalledCapacity.put("订购类型", "新装");
         if (businessType == 10) {
-            broadbandInstalledCapacity.put("宽带接入号", "已有");
+            broadbandInstalledCapacity.put("宽带接入号", orderViewMap.get("dmt_number"));
             broadbandInstalledCapacity.put("订购类型", "已有");
         }
         order_data.put("宽带装机", broadbandInstalledCapacity);
 
-        HashMap<Object, Object> monthlyFeeItems = new HashMap<>();   //月租费用项
-        List<HashMap<String, Object>> expenseItemsList = new ArrayList<>(); //费用项列表
+        if (businessType != 10) {
+            HashMap<Object, Object> monthlyFeeItems = new HashMap<>();   //月租费用项
+            List<HashMap<String, Object>> expenseItemsList = new ArrayList<>(); //费用项列表
 //        List<HashMap<String, Object>> suipayPayment = new ArrayList<>(); //穗易付支付
-        HashMap<String, Object> expenseItemsMap = new HashMap<>();
+            HashMap<String, Object> expenseItemsMap = new HashMap<>();
 //        HashMap<String, Object> suipayPaymentMap = new HashMap<>();
-        expenseItemsMap.put("费用项名称", productName);
-        expenseItemsMap.put("费用项金额", "00.0000");
-        if (((String) orderViewMap.get("orderSetMeal")).contains("包月")) {
-            expenseItemsMap.put("费用项类型", "月租");
-        } else if (((String) orderViewMap.get("orderSetMeal")).contains("包年")) {
-            expenseItemsMap.put("费用项类型", "年租");
-        }
-        ORDERAMOUNT = ORDERAMOUNT.replace("元", "");
-        if (ORDERAMOUNT.equals("0.01") || ORDERAMOUNT.equals("0.02")) {
-            monthlyFeeItems.put("缴费方式", "现金支付");  // 缴费方式，必填（例：payType：1）；1：银行划账2：现金支付3：代理商打款4：穗易付5：原套餐缴费方式6：支付宝划扣8：装维上门收取
-        } else if ("xjzf".equals(orderViewMap.get("customerId"))) {
-            monthlyFeeItems.put("缴费方式", "现金支付");
-        } else {
-            monthlyFeeItems.put("缴费方式", "原套餐缴费方式");
-        }
-        expenseItemsList.add(expenseItemsMap);
-        monthlyFeeItems.put("费用项列表", expenseItemsList);
-        order_data.put("月租费用项", monthlyFeeItems);
-
-
-        HashMap<Object, Object> OneExpenseItems = new HashMap<>();   //一次性费用项
-        List<HashMap<String, Object>> OneExpenseItemsList = new ArrayList<>(); //费用项列表
-        List<HashMap<String, Object>> OneSuipayPayment = new ArrayList<>(); //穗易付支付
-        HashMap<String, Object> OneExpenseItemsMap = new HashMap<>();
-        HashMap<String, Object> OneSuipayPaymentMap = new HashMap<>();
-        OneExpenseItemsMap.put("费用项名称", productName);
-        OneExpenseItemsMap.put("费用项金额", ORDERAMOUNT + ".0000");
-        if (((String) orderViewMap.get("orderSetMeal")).contains("包月")) {
-            OneExpenseItemsMap.put("费用项类型", "月租");
-        } else if (((String) orderViewMap.get("orderSetMeal")).contains("包年")) {
-            OneExpenseItemsMap.put("费用项类型", "年租");
-        }
-        ORDERAMOUNT = ORDERAMOUNT.replace("元", "");
-        if (ORDERAMOUNT.equals("0.01") || ORDERAMOUNT.equals("0.02") || "0".equals(orderViewMap.get("webOrderAmount").toString())) {
-            OneExpenseItems.put("缴费方式", "现金支付");  // 缴费方式，必填（例：payType：1）；1：银行划账2：现金支付3：代理商打款4：穗易付5：原套餐缴费方式6：支付宝划扣8：装维上门收取
-        } else if ("xjzf".equals(orderViewMap.get("customerId"))) {
-            OneExpenseItems.put("缴费方式", "现金支付");
-        } else {
-            OneExpenseItems.put("缴费方式", "穗易付");
-            EasyPay easyPay = new EasyPay();
-            easyPay.set穗易付订单号(ORDERREQTRANSEQ);
-            String payPlatform = (String) orderViewMap.get("iPay");
-            if (StringUtils.isNotBlank(payPlatform)) {
-                if ("1".equals(payPlatform)) {
-                    easyPay.set穗易付支付平台("支付宝"); // 支付平台，缴费方式为“穗易付”时必填
+            expenseItemsMap.put("费用项名称", productName);
+            expenseItemsMap.put("费用项金额", "00.0000");
+            if (((String) orderViewMap.get("orderSetMeal")).contains("包月")) {
+                expenseItemsMap.put("费用项类型", "月租");
+            } else if (((String) orderViewMap.get("orderSetMeal")).contains("包年")) {
+                expenseItemsMap.put("费用项类型", "年租");
+            }
+            ORDERAMOUNT = ORDERAMOUNT.replace("元", "");
+            if (ORDERAMOUNT.equals("0.01") || ORDERAMOUNT.equals("0.02")) {
+                monthlyFeeItems.put("缴费方式", "现金支付");  // 缴费方式，必填（例：payType：1）；1：银行划账2：现金支付3：代理商打款4：穗易付5：原套餐缴费方式6：支付宝划扣8：装维上门收取
+            } else if ("xjzf".equals(orderViewMap.get("customerId"))) {
+                monthlyFeeItems.put("缴费方式", "现金支付");
+            } else {
+                monthlyFeeItems.put("缴费方式", "原套餐缴费方式");
+            }
+            expenseItemsList.add(expenseItemsMap);
+            monthlyFeeItems.put("费用项列表", expenseItemsList);
+            order_data.put("月租费用项", monthlyFeeItems);
+
+
+            HashMap<Object, Object> OneExpenseItems = new HashMap<>();   //一次性费用项
+            List<HashMap<String, Object>> OneExpenseItemsList = new ArrayList<>(); //费用项列表
+            List<HashMap<String, Object>> OneSuipayPayment = new ArrayList<>(); //穗易付支付
+            HashMap<String, Object> OneExpenseItemsMap = new HashMap<>();
+            HashMap<String, Object> OneSuipayPaymentMap = new HashMap<>();
+            OneExpenseItemsMap.put("费用项名称", productName);
+            OneExpenseItemsMap.put("费用项金额", ORDERAMOUNT + ".0000");
+            if (((String) orderViewMap.get("orderSetMeal")).contains("包月")) {
+                OneExpenseItemsMap.put("费用项类型", "月租");
+            } else if (((String) orderViewMap.get("orderSetMeal")).contains("包年")) {
+                OneExpenseItemsMap.put("费用项类型", "年租");
+            }
+            ORDERAMOUNT = ORDERAMOUNT.replace("元", "");
+            if (ORDERAMOUNT.equals("0.01") || ORDERAMOUNT.equals("0.02") || "0".equals(orderViewMap.get("webOrderAmount").toString())) {
+                OneExpenseItems.put("缴费方式", "现金支付");  // 缴费方式，必填（例：payType：1）；1：银行划账2：现金支付3：代理商打款4：穗易付5：原套餐缴费方式6：支付宝划扣8：装维上门收取
+            } else if ("xjzf".equals(orderViewMap.get("customerId"))) {
+                OneExpenseItems.put("缴费方式", "现金支付");
+            } else {
+                OneExpenseItems.put("缴费方式", "穗易付");
+                EasyPay easyPay = new EasyPay();
+                easyPay.set穗易付订单号(ORDERREQTRANSEQ);
+                String payPlatform = (String) orderViewMap.get("iPay");
+                if (StringUtils.isNotBlank(payPlatform)) {
+                    if ("1".equals(payPlatform)) {
+                        easyPay.set穗易付支付平台("支付宝"); // 支付平台，缴费方式为“穗易付”时必填
+                    } else {
+                        easyPay.set穗易付支付平台("微信"); // 支付平台，缴费方式为“穗易付”时必填
+                    }
                 } else {
-                    easyPay.set穗易付支付平台("微信"); // 支付平台，缴费方式为“穗易付”时必填
+                    easyPay.set穗易付支付平台("翼支付"); // 支付平台，缴费方式为“穗易付”时必填
                 }
-            } else {
-                easyPay.set穗易付支付平台("翼支付"); // 支付平台，缴费方式为“穗易付”时必填
+                easyPay.set穗易付支付金额(ORDERAMOUNT);
+                easyPay.set穗易付支付流水号(UPTRANSEQ);
+                OneExpenseItems.put("穗易付支付", easyPay);
             }
-            easyPay.set穗易付支付金额(ORDERAMOUNT);
-            easyPay.set穗易付支付流水号(UPTRANSEQ);
-            OneExpenseItems.put("穗易付支付", easyPay);
+            OneExpenseItemsList.add(OneExpenseItemsMap);
+            OneExpenseItems.put("费用项列表", OneExpenseItemsList);
+            order_data.put("一次性费用项", OneExpenseItems);
         }
-        OneExpenseItemsList.add(OneExpenseItemsMap);
-        OneExpenseItems.put("费用项列表", OneExpenseItemsList);
-        order_data.put("一次性费用项", OneExpenseItems);
-
 
         Map<String, Object> map1 = new HashMap<>();
         map1.put("order_data", order_data);
@@ -718,11 +719,11 @@ public class IntelligenceSendOrders {
         try {
             log.info("提交参数:" + order_dataJSON);
             Constant.trustEveryone();
-            responese = Unirest.put("http://132.97.20.20/function/id-generator-snowflake.prod-fn?turbo=1")
-                    .header("Content-Type", "application/json;charset=UTF-8")
-                    .header("X-Sign", sign)
-                    .body(order_dataJSON)
-                    .asString();
+//            responese = Unirest.put("http://132.97.20.20/function/id-generator-snowflake.prod-fn?turbo=1")
+//                    .header("Content-Type", "application/json;charset=UTF-8")
+//                    .header("X-Sign", sign)
+//                    .body(order_dataJSON)
+//                    .asString();
             if (businessType == 5) {
                 log.info("单宽带下单接口，返回信息:" + responese.getBody());
             } else {
@@ -974,7 +975,8 @@ public class IntelligenceSendOrders {
                     0);
         } else if (orderMap.get("user_type").equals("10")) {
 
-            String productName = "校园融合套餐";
+            String productName = "校园宽带提速";
+            orderViewMap.put("dmt_number",orderMap.get("dmt_number"));
             //	3、提交订单到智能平台
             submitOrderJsonObject = getOrderInfo(
                     schoolMap,          //宽带订单对应的学校信息
@@ -1100,7 +1102,7 @@ public class IntelligenceSendOrders {
             log.info("提交参数:" + data);
             Constant.trustEveryone();
             //responese = Unirest.get("http://132.97.20.21/query/query-order-info?" + url_data)
-            responese = Unirest.get("https://applet.mini189.cn/prod/query/query-order-info?" + url_data)
+                    responese = Unirest.get("https://applet.mini189.cn/prod/query/query-order-info?" + url_data)
                     .header("Content-Type", "application/json")
                     .header("X-Sign", sign)
                     .asString();

service-manager/src/main/java/com/winsun/aop/AuthorityAspect.java

+package com.winsun.aop;
+
+import com.alibaba.fastjson.JSONObject;
+import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.auth.core.shiro.ShiroUser;
+import com.winsun.auth.core.support.HttpKit;
+import com.winsun.auth.model.common.Menu;
+import com.winsun.interfaces.PermissionVerification;
+import com.winsun.mapper.SysUserMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * 基于服务层的权限切面
+ *
+ * @author Cocowwy
+ * @create 2021-11-11-13:59
+ */
+@Aspect
+@Component
+@Slf4j
+public class AuthorityAspect {
+
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
+    @Autowired
+    private SysUserMapper sysUserMapper;
+
+    private final static String PERMISSION_VERIFICATION = "permissionVerification:";
+
+    private final static Integer CACHE_TIME =  60;
+
+    /**
+     * 对接口进行权限校验
+     */
+    @Pointcut("@annotation(com.winsun.interfaces.PermissionVerification)")
+    private void pointcut() {
+    }
+
+    @Around("pointcut()")
+    public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
+        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
+        PermissionVerification permissionVerification = signature.getMethod().getDeclaredAnnotation(PermissionVerification.class);
+        if (permissionVerification != null) {
+            return apiIdempotent(joinPoint, signature);
+        }
+        Object proceed = joinPoint.proceed();
+        return proceed;
+    }
+
+    public Object apiIdempotent(ProceedingJoinPoint joinPoint, MethodSignature signature) throws Throwable {
+        ShiroUser user = getShiroUser();
+        /*if (user.getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员"))) {
+            Object proceed = joinPoint.proceed();
+            return proceed;
+        }*/
+        PermissionVerification permissionVerification = signature.getMethod().getDeclaredAnnotation(PermissionVerification.class);
+        if ("".equals(permissionVerification.value()[0]) || user == null) {
+            log.error("无权限");
+            return false;
+        }
+
+        List<Integer> roleList = user.getRoleList();
+        if (roleList.size() == 0) {
+            log.error("无权限");
+            return false;
+        }
+
+        String key = PERMISSION_VERIFICATION + getHttpServletRequest().getHeader("Authorization");
+        String[] values = permissionVerification.value();
+
+        String s = stringRedisTemplate.opsForValue().get(key);
+        List<Menu> roleMenu = null;
+        if (StringUtils.isNotBlank(s)) {
+            roleMenu = JSONObject.parseArray(s, Menu.class);
+        }else {
+            roleMenu = sysUserMapper.getRoleMenu(roleList);
+            stringRedisTemplate.opsForValue().set(key,
+                    JSONObject.toJSONString(roleMenu),
+                    CACHE_TIME, TimeUnit.SECONDS);
+        }
+
+        if (roleMenu == null || roleMenu.isEmpty()) {
+            return false;
+        }
+        for (String value : values) {
+            for (Menu menu : roleMenu) {
+                if (menu == null || StringUtils.isBlank(menu.getUrl())) {
+                    continue;
+                }
+
+                if (StringUtils.equals(menu.getUrl(), value)) {
+                    Object proceed = joinPoint.proceed();
+                    return proceed;
+                }
+            }
+
+        }
+        return ResponseData.error("无权限");
+    }
+
+    protected ShiroUser getShiroUser() {
+        HttpServletRequest httpServletRequest = this.getHttpServletRequest();
+        Object Attr = httpServletRequest.getAttribute("user");
+        ShiroUser user = (ShiroUser) JSONObject.parseObject(Attr.toString(), ShiroUser.class);
+        return user;
+    }
+
+    protected HttpServletRequest getHttpServletRequest() {
+        return HttpKit.getRequest();
+    }
+}
+

service-manager/src/main/java/com/winsun/utils/TreeNodeData.java

@@ -75,7 +75,7 @@ public class TreeNodeData {
 		TreeNode treeNode7 =new TreeNode(7, "区域","order_region", treeNode);
 		TreeNode treeNode8 =new TreeNode(8, "客户姓名","orderName", treeNode);
 		TreeNode treeNode9 =new TreeNode(9, "联系电话","orderPhone", treeNode);
-		TreeNode treeNode10 =new TreeNode(10, "订单状态","status", treeNode);
+		TreeNode treeNode10 =new TreeNode(10, "订单状态","order_status", treeNode);
 		TreeNode treeNode11 =new TreeNode(11, "备注","order_customer_remarks", treeNode);
 		TreeNode treeNode12 =new TreeNode(12, "创建时间","orderDate", treeNode);
 		TreeNode treeNode13 =new TreeNode(13, "支付平台","ipay", treeNode);