fix: 角色列表接口sql-inject

core/backend/src/main/java/io/dataease/plugins/server/XRoleServer.java

@@ -16,7 +16,7 @@ import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.dto.SysLogDTO;
 import io.dataease.listener.util.CacheUtils;
-import io.dataease.plugins.common.entity.XpackGridRequest;
+import io.dataease.plugins.common.request.KeywordRequest;
 import io.dataease.plugins.config.SpringContextUtil;
 import io.dataease.plugins.xpack.role.dto.request.RoleUserMappingRequest;
 import io.dataease.plugins.xpack.role.dto.request.RoleUserRequest;
@@ -31,12 +31,14 @@ import io.swagger.annotations.ApiOperation;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
-import static io.dataease.commons.constants.SysLogConstants.OPERATE_TYPE;
-import static io.dataease.commons.constants.SysLogConstants.SOURCE_TYPE;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
 
 import java.util.List;
+
+import static io.dataease.commons.constants.SysLogConstants.OPERATE_TYPE;
+import static io.dataease.commons.constants.SysLogConstants.SOURCE_TYPE;
+
 @Api(tags = "xpack：角色管理")
 @RequestMapping("/plugin/role")
 @RestController
@@ -53,7 +55,7 @@ public class XRoleServer {
             sourcetype = SysLogConstants.SOURCE_TYPE.ROLE,
             value = "roleId"
     )
-    public void create(@RequestBody XpackRoleDto role){
+    public void create(@RequestBody XpackRoleDto role) {
         RoleXpackService roleXpackService = SpringContextUtil.getBean(RoleXpackService.class);
         roleXpackService.save(role);
     }
@@ -66,7 +68,7 @@ public class XRoleServer {
             operatetype = SysLogConstants.OPERATE_TYPE.DELETE,
             sourcetype = SysLogConstants.SOURCE_TYPE.ROLE
     )
-    public void delete(@PathVariable("roleId") Long roleId){
+    public void delete(@PathVariable("roleId") Long roleId) {
         RoleXpackService roleXpackService = SpringContextUtil.getBean(RoleXpackService.class);
         extAuthService.clearRoleResource(roleId);
         roleXpackService.delete(roleId);
@@ -81,7 +83,7 @@ public class XRoleServer {
             sourcetype = SysLogConstants.SOURCE_TYPE.ROLE,
             value = "roleId"
     )
-    public void update(@RequestBody XpackRoleDto role){
+    public void update(@RequestBody XpackRoleDto role) {
         RoleXpackService roleXpackService = SpringContextUtil.getBean(RoleXpackService.class);
         roleXpackService.update(role);
     }
@@ -95,11 +97,10 @@ public class XRoleServer {
             @ApiImplicitParam(name = "request", value = "查询条件", required = true)
     })
     @SqlInjectValidator(value = {"create_time", "name"})
-    public Pager<List<XpackRoleDto>> roleGrid(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody XpackGridRequest request) {
+    public Pager<List<XpackRoleDto>> roleGrid(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody KeywordRequest request) {
         RoleXpackService roleXpackService = SpringContextUtil.getBean(RoleXpackService.class);
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
-        Pager<List<XpackRoleDto>> listPager = PageUtils.setPageInfo(page, roleXpackService.query(request));
+        return PageUtils.setPageInfo(page, roleXpackService.query(request));
-        return listPager;
     }
 
     @ApiIgnore
@@ -134,7 +135,7 @@ public class XRoleServer {
     })
     @PostMapping("/userGrid/{datasetId}")
     public Pager<List<RoleUserItem>> userGrids(@PathVariable String datasetId, @RequestBody RoleUserRequest request) {
-        return userGrid(0,0, request);
+        return userGrid(0, 0, request);
     }
 
     @RequiresPermissions({"role:edit", "user:edit"})
@@ -146,7 +147,7 @@ public class XRoleServer {
             request.getUserIds().forEach(userId -> {
                 SysLogDTO sysLogDTO = DeLogUtils.buildBindRoleUserLog(request.getRoleId(), userId, OPERATE_TYPE.BIND, SOURCE_TYPE.ROLE);
                 DeLogUtils.save(sysLogDTO);
-                CacheUtils.remove( AuthConstants.USER_CACHE_NAME, "user" + userId);
+                CacheUtils.remove(AuthConstants.USER_CACHE_NAME, "user" + userId);
             });
         }
         roleXpackService.addUser(request);
@@ -162,7 +163,7 @@ public class XRoleServer {
             request.getUserIds().forEach(userId -> {
                 SysLogDTO sysLogDTO = DeLogUtils.buildBindRoleUserLog(request.getRoleId(), userId, OPERATE_TYPE.UNBIND, SOURCE_TYPE.ROLE);
                 DeLogUtils.save(sysLogDTO);
-                CacheUtils.remove( AuthConstants.USER_CACHE_NAME, "user" + userId);
+                CacheUtils.remove(AuthConstants.USER_CACHE_NAME, "user" + userId);
             });
         }
         roleXpackService.batchDelUser(request);

sdk/dataease-plugin-interface/src/main/java/io/dataease/plugins/xpack/role/service/RoleXpackService.java

@@ -1,6 +1,6 @@
 package io.dataease.plugins.xpack.role.service;
 
-import io.dataease.plugins.common.entity.XpackGridRequest;
+import io.dataease.plugins.common.request.KeywordRequest;
 import io.dataease.plugins.common.service.PluginMenuService;
 import io.dataease.plugins.xpack.role.dto.request.RoleUserMappingRequest;
 import io.dataease.plugins.xpack.role.dto.request.RoleUserRequest;
@@ -14,14 +14,13 @@ import java.util.List;
 public abstract class RoleXpackService extends PluginMenuService {
 
 
-
     public abstract void save(XpackRoleDto dto);
 
     public abstract void delete(Long roleId);
 
     public abstract void update(XpackRoleDto dto);
 
-    public abstract List<XpackRoleDto> query(XpackGridRequest request);
+    public abstract List<XpackRoleDto> query(KeywordRequest request);
 
     public abstract List<XpackRoleItemDto> allRoles();