校验字段

boman-common/boman-common-core/src/main/java/com/boman/common/core/utils/obj/ObjectUtils.java

@@ -27,6 +27,14 @@ public class ObjectUtils {
         return input;
     }
 
+    public static  <T> boolean isEmpty(Collection<T> input){
+        return null == input || input.size() == 0;
+    }
+
+    public static  <T> boolean isNotEmpty(Collection<T> input){
+        return !isEmpty(input);
+    }
+
     public static long[] requireNonNull(long[] input, String... errorMsg){
         if (ArrayUtils.isEmpty(input)) {
             throw new IllegalArgumentException(errorMsg[0]);
@@ -219,17 +227,6 @@ public class ObjectUtils {
     }
 
 
-    public static <V> List<V> map(Map<String, V> input, Function<String, V> function) {
-        requireNonNull(input, "map is null");
-        List<V> result = new ArrayList<>(input.size());
-        for (Map.Entry<String, V> entry : input.entrySet()) {
-            result.add(entry.getValue());
-        }
-
-        return result;
-    }
-
-
     /**
      * 功能描述: 根据规则获取单个
      *

boman-web-core/src/main/java/com/boman/web/core/service/TableServiceCmdService.java

@@ -133,6 +133,8 @@ public class TableServiceCmdService {
         String pkName = context.getPkName();
         JSONObject commitData = context.getCommitData();
 
+        checkColumn(commitData, context.getColumns());
+
         // 新增
         if (ActionType.INSERT.equals(context.getActionType())) {
             Long maxId = IdUtils.getMaxId(dto.getTable(), pkName);
@@ -224,6 +226,7 @@ public class TableServiceCmdService {
         // 拿到每个字段对应的查询类型，=、 like、 >、 <
         GenTable genTable = getTableFromRedisByTableName(RedisKey.TABLE_INFO, dto.getTable());
         JSONObject fixedData = dto.getFixedData();
+        checkColumn(fixedData, genTable.getColumns());
         fixedData = ifNullSetEmpty(fixedData);
 
         // 查询条件
@@ -231,12 +234,15 @@ public class TableServiceCmdService {
         List<GenTableColumn> columns = genTable.getColumns();
         // 封装好以后的查询条件
         JSONObject packCondition = ifNullSetEmpty(packColCondition(columns, condition));
+        JSONArray jsonArray = fixedData.getJSONArray(SHOW_DATA);
+        checkColumn(jsonArray, genTable.getColumns());
         // 需要返回到前台的列, 需要判断是否是列表展示, 4为判断列表是否可见
-        JSONArray showData = filterData(columns, 4, fixedData.getJSONArray(SHOW_DATA), MaskConstant.LIST_VISIBLE::equals);
+        JSONArray showData = filterData(columns, 4, jsonArray, MaskConstant.LIST_VISIBLE::equals);
 
         JSONObject rows = new JSONObject();
         int total = selectService.countByCondition(genTable.getTableName(), condition, packCondition);
         rows.put(FormDataConstant.PAGE_TOTAL, total);
+        rows.put(TABLE_HEAD_LIST, getTableHeadList(genTable));
         if (total <= 0) {
             rows.put(FormDataConstant.PAGE_ROWS, null);
             return AjaxResult.success(rows);
@@ -256,7 +262,6 @@ public class TableServiceCmdService {
         result = isCustomized(dto.getTable(),result,"trigger_retrieve");
 
         rows.put(PAGE_ROWS, result);
-        rows.put(TABLE_HEAD_LIST, getTableHeadList(genTable));
         return AjaxResult.success(rows);
     }
 
@@ -559,15 +564,10 @@ public class TableServiceCmdService {
     }
 
     /**
-     * 功能描述: 获取表单按钮
+     * 功能描述:  单独获取按钮
      * 注意: 都是从redis中拿的，如果数据库和redis不一致，则需刷新一下redis
-     * 刷新的入口为 {@link MyController#loadTable(com.boman.gen.domain.GenTable)}
      *
-     *                    eg:{
-     *                          "table": "sys_config"
-     *                        }
-     *
-     * @param condition condition
+     * @param tableName tableName
      * @return com.boman.common.core.web.domain.AjaxResult
      */
     public String getButton(String tableName) {

boman-web-core/src/main/java/com/boman/web/core/service/select/BaseSelectServiceImpl.java

@@ -2,7 +2,11 @@ package com.boman.web.core.service.select;
 
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
+import com.boman.common.redis.RedisKey;
+import com.boman.gen.domain.GenTable;
 import com.boman.web.core.mapper.StandardlyMapper;
+import com.boman.web.core.service.TableServiceCmdService;
+import com.boman.web.core.utils.ColumnUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,6 +27,8 @@ public class BaseSelectServiceImpl implements IBaseSelectService {
 
     @Autowired
     private StandardlyMapper mapper;
+    @Autowired
+    private TableServiceCmdService cmdService;
 
 
     /**
@@ -58,7 +64,8 @@ public class BaseSelectServiceImpl implements IBaseSelectService {
         requireNonNull(tableName, "表名为空");
 
         // 判断condition中列是否都在此table中
-
+        GenTable gent = cmdService.getTableFromRedisByTableName(RedisKey.TABLE_INFO, tableName);
+        ColumnUtils.checkColumn(param, gent.getColumns());
         return mapper.getByMap(tableName, param);
     }
 

boman-web-core/src/main/java/com/boman/web/core/utils/ColumnUtils.java

@@ -3,9 +3,11 @@ package com.boman.web.core.utils;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import com.boman.common.core.utils.SecurityUtils;
+import com.boman.common.core.utils.obj.ObjectUtils;
 import com.boman.gen.domain.GenTableColumn;
 import com.boman.web.core.constant.FormDataConstant;
 import com.google.common.collect.Lists;
+import org.apache.commons.collections4.MapUtils;
 
 import java.sql.Timestamp;
 import java.util.List;
@@ -134,15 +136,45 @@ public class ColumnUtils {
         return variables.replaceAll("\\$", "");
     }
 
+    /**
+     * 功能描述: 前台传过来的列是否都在表中
+     *
+     * @param target 前台传过来的列
+     * @param origin 此表对应的所有的列
+     */
+    public static void checkColumn(Map<String, Object> target, List<GenTableColumn> origin) {
+        if (MapUtils.isEmpty(target) || ObjectUtils.isEmpty(origin)) {
+            return;
+        }
 
-    public <T> void checkColumn(Map<String, T> form, List<GenTableColumn> allColumns){
-        requireNonNull(form, "jsonObject is empty");
-        requireNonNull(allColumns, "allColumns is empty");
-
-
-        List<String> all = map(allColumns, GenTableColumn::getColumnName);
-//        map(form, );
+        String tableName = origin.get(0).getTableName();
+        List<String> all = map(origin, GenTableColumn::getColumnName);
+        for (Map.Entry<String, Object> entry : target.entrySet()) {
+            String columnName = entry.getKey();
+            if (!all.contains(columnName.toLowerCase()) || !all.contains(columnName.toUpperCase())) {
+                throw new IllegalArgumentException("此表 [" + tableName + "]中没有 [" + columnName + "] 字段");
+            }
+        }
+    }
 
+    /**
+     * 功能描述: 前台传过来的列是否都在表中, List中的泛型必须为String
+     *
+     * @param target 前台传过来的列
+     * @param origin 此表对应的所有的列
+     */
+    public static void checkColumn(List<Object> target, List<GenTableColumn> origin) {
+        if (ObjectUtils.isEmpty(target) || ObjectUtils.isEmpty(origin)) {
+            return;
+        }
 
+        String tableName = origin.get(0).getTableName();
+        List<String> all = map(origin, GenTableColumn::getColumnName);
+        for (Object obj : target) {
+            String columnName = (String) obj;
+            if (!all.contains(columnName.toLowerCase()) || !all.contains(columnName.toUpperCase())) {
+                throw new IllegalArgumentException("此表 [" + tableName + "]中没有 [" + columnName + "] 字段");
+            }
+        }
     }
 }