From 976e14ad95b0eb0ae2ee08a014c9b435f452b40f Mon Sep 17 00:00:00 2001
From: 潘志宝 <979469083@qq.com>
Date: 星期一, 20 一月 2025 09:28:11 +0800
Subject: [PATCH] sqlInject

---
 iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java |   17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java
index 9034a5e..d117c17 100644
--- a/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java
+++ b/iailab-module-data/iailab-module-data-biz/src/main/java/com/iailab/module/data/ind/data/controller/admin/IndDataSetController.java
@@ -3,6 +3,7 @@
 import com.iailab.framework.common.pojo.CommonResult;
 import com.iailab.framework.common.pojo.PageResult;
 import com.iailab.framework.common.util.object.BeanUtils;
+import com.iailab.module.data.common.xss.SQLFilter;
 import com.iailab.module.data.ind.data.entity.IndDataSetEntity;
 import com.iailab.module.data.ind.data.service.IndDataSetService;
 import com.iailab.module.data.ind.data.vo.IndDataSetPageReqVO;
@@ -18,6 +19,8 @@
 
 import javax.validation.Valid;
 
+import java.util.List;
+
 import static com.iailab.framework.common.pojo.CommonResult.success;
 
 /**
@@ -27,7 +30,7 @@
  */
 @Tag(name = "数据平台 - 指标数据集")
 @RestController
-@RequestMapping("/data/ind-data-set")
+@RequestMapping("/data/ind/data-set")
 @Validated
 public class IndDataSetController {
     @Autowired
@@ -45,6 +48,7 @@
     @Operation(summary = "创建指标数据集")
     @PreAuthorize("@ss.hasPermission('data:ind-data-set:create')")
     public CommonResult<Boolean> create(@Valid @RequestBody IndDataSetSaveReqVO createReqVO) {
+        SQLFilter.sqlInject(createReqVO.getQuerySql());
         indDataSetService.create(createReqVO);
         return success(true);
     }
@@ -53,6 +57,7 @@
     @Operation(summary = "修改指标数据集")
     @PreAuthorize("@ss.hasPermission('data:ind-data-set:update')")
     public CommonResult<Boolean> update(@Valid @RequestBody IndDataSetSaveReqVO updateReqVO) {
+        SQLFilter.sqlInject(updateReqVO.getQuerySql());
         indDataSetService.update(updateReqVO);
         return success(true);
     }
@@ -68,9 +73,17 @@
 
     @GetMapping("/get")
     @Operation(summary = "获取指标数据集信息")
-    @PreAuthorize("@ss.hasPermission('system:ind-data-set:query')")
+    @PreAuthorize("@ss.hasPermission('data:ind-data-set:query')")
     public CommonResult<IndDataSetRespVO> get(String id) {
         IndDataSetEntity entity = indDataSetService.get(id);
         return success(BeanUtils.toBean(entity, IndDataSetRespVO.class));
     }
+
+    @GetMapping("/list-all-simple")
+    @Operation(summary = "获取指标数据集列表", description = "用于【指标数据集】界面")
+    @PreAuthorize("@ss.hasPermission('data:ind-data-set:query')")
+    public CommonResult<List<IndDataSetRespVO>> list(IndDataSetPageReqVO reqVO) {
+        List<IndDataSetEntity> list = indDataSetService.list(reqVO);
+        return success(BeanUtils.toBean(list, IndDataSetRespVO.class));
+    }
 }
\ No newline at end of file

--
Gitblit v1.9.3