From 849f110f7f3f34790b2f1648c23e2a53e1c3f8c9 Mon Sep 17 00:00:00 2001
From: fit2cloud-chenyw <yawen.chen@fit2cloud.com>
Date: Mon, 11 Sep 2023 20:51:33 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E5=BA=94=E7=94=A8=E6=97=A5=E5=BF=97?=
 =?UTF-8?q?=E6=8E=A5=E5=8F=A3sql-inject?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/panel/AppLogController.java    |   4 +-
 .../request/panel/AppLogGridRequest.java      |  11 +
 .../controller/sys/SysPluginController.java   |   1 -
 .../controller/sys/base/BaseGridRequest.java  |  52 ---
 .../controller/sys/base/ConditionEntity.java  |  20 --
 .../sys/request/KeyGridRequest.java           |  13 -
 .../java/io/dataease/ext/ExtAppLogMapper.java |   5 +-
 .../java/io/dataease/ext/ExtAppLogMapper.xml  |  35 +-
 .../io/dataease/ext/ExtDataSourceMapper.java  |   6 +-
 .../io/dataease/ext/ExtDataSourceMapper.xml   |  47 +--
 .../java/io/dataease/ext/ExtDeptMapper.xml    |   2 +-
 .../io/dataease/ext/ExtPanelStoreMapper.java  |   1 -
 .../io/dataease/ext/ExtPanelStoreMapper.xml   |   2 +-
 .../io/dataease/ext/ExtSysMenuMapper.java     |   4 +-
 .../java/io/dataease/ext/ExtSysMenuMapper.xml |   6 +-
 .../io/dataease/ext/ExtSysUserMapper.java     |   1 -
 .../io/dataease/ext/query/GridExample.java    | 303 ------------------
 .../java/io/dataease/ext/query/GridSql.java   |   4 -
 .../java/io/dataease/ext/query/GridSql.xml    |  67 ----
 .../dataset/DataSetTableTaskLogService.java   |  50 ++-
 .../dataease/service/panel/ShareService.java  |   1 -
 .../panel/applog/AppLogQueryParam.java        |  12 -
 .../service/panel/applog/AppLogService.java   |  20 +-
 .../dataease/service/sys/SysUserService.java  |   1 -
 .../service/sys/log/LogQueryParam.java        |  12 -
 25 files changed, 70 insertions(+), 610 deletions(-)
 create mode 100644 core/backend/src/main/java/io/dataease/controller/request/panel/AppLogGridRequest.java
 delete mode 100644 core/backend/src/main/java/io/dataease/controller/sys/base/BaseGridRequest.java
 delete mode 100644 core/backend/src/main/java/io/dataease/controller/sys/base/ConditionEntity.java
 delete mode 100644 core/backend/src/main/java/io/dataease/controller/sys/request/KeyGridRequest.java
 delete mode 100644 core/backend/src/main/java/io/dataease/ext/query/GridExample.java
 delete mode 100644 core/backend/src/main/java/io/dataease/ext/query/GridSql.java
 delete mode 100644 core/backend/src/main/java/io/dataease/ext/query/GridSql.xml
 delete mode 100644 core/backend/src/main/java/io/dataease/service/panel/applog/AppLogQueryParam.java
 delete mode 100644 core/backend/src/main/java/io/dataease/service/sys/log/LogQueryParam.java

diff --git a/core/backend/src/main/java/io/dataease/controller/panel/AppLogController.java b/core/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
index 207cbbb05e..2cf2ca6ea4 100644
--- a/core/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
+++ b/core/backend/src/main/java/io/dataease/controller/panel/AppLogController.java
@@ -7,7 +7,7 @@ import io.dataease.auth.annotation.SqlInjectValidator;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
 import io.dataease.controller.handler.annotation.I18n;
-import io.dataease.controller.sys.request.KeyGridRequest;
+import io.dataease.controller.request.panel.AppLogGridRequest;
 import io.dataease.dto.appTemplateMarket.AppLogGridDTO;
 import io.dataease.service.panel.applog.AppLogService;
 import io.swagger.annotations.Api;
@@ -38,7 +38,7 @@ public class AppLogController {
     })
     @SqlInjectValidator(value = {"apply_time"})
     public Pager<List<AppLogGridDTO>> logGrid(@PathVariable int goPage, @PathVariable int pageSize,
-                                              @RequestBody KeyGridRequest request) {
+                                              @RequestBody AppLogGridRequest request) {
         Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
         return PageUtils.setPageInfo(page, appLogService.query(request));
     }
diff --git a/core/backend/src/main/java/io/dataease/controller/request/panel/AppLogGridRequest.java b/core/backend/src/main/java/io/dataease/controller/request/panel/AppLogGridRequest.java
new file mode 100644
index 0000000000..5196fdc14d
--- /dev/null
+++ b/core/backend/src/main/java/io/dataease/controller/request/panel/AppLogGridRequest.java
@@ -0,0 +1,11 @@
+package io.dataease.controller.request.panel;
+
+import io.dataease.plugins.common.request.KeywordRequest;
+import lombok.Data;
+
+@Data
+public class AppLogGridRequest extends KeywordRequest {
+    private Long[] applyTime;
+
+    private Long userId;
+}
diff --git a/core/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java b/core/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java
index 618a8a2872..782953a328 100644
--- a/core/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java
+++ b/core/backend/src/main/java/io/dataease/controller/sys/SysPluginController.java
@@ -6,7 +6,6 @@ import io.dataease.auth.annotation.SqlInjectValidator;
 import io.dataease.commons.utils.DeFileUtils;
 import io.dataease.commons.utils.PageUtils;
 import io.dataease.commons.utils.Pager;
-import io.dataease.controller.sys.base.BaseGridRequest;
 import io.dataease.plugins.common.base.domain.MyPlugin;
 import io.dataease.plugins.common.request.KeywordRequest;
 import io.dataease.service.sys.PluginService;
diff --git a/core/backend/src/main/java/io/dataease/controller/sys/base/BaseGridRequest.java b/core/backend/src/main/java/io/dataease/controller/sys/base/BaseGridRequest.java
deleted file mode 100644
index 003ac6dca7..0000000000
--- a/core/backend/src/main/java/io/dataease/controller/sys/base/BaseGridRequest.java
+++ /dev/null
@@ -1,52 +0,0 @@
-package io.dataease.controller.sys.base;
-
-import io.dataease.ext.query.GridExample;
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import org.apache.commons.collections.CollectionUtils;
-
-import java.io.Serializable;
-import java.util.List;
-
-
-
-@ApiModel("查询条件")
-public class BaseGridRequest implements Serializable {
-
-    @ApiModelProperty("条件集合")
-    private List<ConditionEntity> conditions;
-
-    public List<ConditionEntity> getConditions() {
-        return conditions;
-    }
-
-    public void setConditions(List<ConditionEntity> conditions) {
-        this.conditions = conditions;
-    }
-
-    public List<String> getOrders() {
-        return orders;
-    }
-
-    public void setOrders(List<String> orders) {
-        this.orders = orders;
-    }
-
-    @ApiModelProperty("排序描述")
-    private List<String> orders;
-
-    public GridExample convertExample(){
-        GridExample gridExample = new GridExample();
-        if (CollectionUtils.isNotEmpty(conditions)) {
-            GridExample.Criteria criteria = gridExample.createCriteria();
-            conditions.forEach(criteria::addCondition);
-        }
-
-        if (CollectionUtils.isNotEmpty(orders)){
-            String orderByClause = String.join(", ", orders);
-            gridExample.setOrderByClause(orderByClause);
-        }
-
-        return gridExample;
-    }
-}
diff --git a/core/backend/src/main/java/io/dataease/controller/sys/base/ConditionEntity.java b/core/backend/src/main/java/io/dataease/controller/sys/base/ConditionEntity.java
deleted file mode 100644
index 304cfcf588..0000000000
--- a/core/backend/src/main/java/io/dataease/controller/sys/base/ConditionEntity.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package io.dataease.controller.sys.base;
-
-import io.swagger.annotations.ApiModelProperty;
-import lombok.Data;
-
-import java.io.Serializable;
-
-@Data
-public class ConditionEntity implements Serializable {
-
-    @ApiModelProperty(value = "字段")
-    private String field;
-
-    @ApiModelProperty(value = "操作符")
-    private String operator;
-
-    @ApiModelProperty(value = "字段值")
-    private Object value;
-
-}
diff --git a/core/backend/src/main/java/io/dataease/controller/sys/request/KeyGridRequest.java b/core/backend/src/main/java/io/dataease/controller/sys/request/KeyGridRequest.java
deleted file mode 100644
index 42af480232..0000000000
--- a/core/backend/src/main/java/io/dataease/controller/sys/request/KeyGridRequest.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package io.dataease.controller.sys.request;
-
-import io.dataease.controller.sys.base.BaseGridRequest;
-import io.swagger.annotations.ApiModelProperty;
-import lombok.Data;
-
-import java.io.Serializable;
-
-@Data
-public class KeyGridRequest extends BaseGridRequest implements Serializable {
-    @ApiModelProperty("关键字")
-    private String keyWord;
-}
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.java b/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.java
index d27653a424..5b3dac97d3 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.java
+++ b/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.java
@@ -1,9 +1,10 @@
 package io.dataease.ext;
 
+import io.dataease.controller.request.panel.AppLogGridRequest;
 import io.dataease.dto.appTemplateMarket.AppLogGridDTO;
-import io.dataease.service.panel.applog.AppLogQueryParam;
+
 import java.util.List;
 
 public interface ExtAppLogMapper {
-    List<AppLogGridDTO> query(AppLogQueryParam example);
+    List<AppLogGridDTO> query(AppLogGridRequest request);
 }
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.xml b/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.xml
index 1360162dbb..d4a9b4c16b 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.xml
+++ b/core/backend/src/main/java/io/dataease/ext/ExtAppLogMapper.xml
@@ -14,7 +14,7 @@
         <result column="panel_privileges" property="panelPrivileges"/>
         <result column="datasource_privileges" property="datasourcePrivileges"/>
     </resultMap>
-    <select id="query" parameterType="io.dataease.service.panel.applog.AppLogQueryParam" resultMap="BaseResultMapDTO">
+    <select id="query" parameterType="io.dataease.controller.request.panel.AppLogGridRequest" resultMap="BaseResultMapDTO">
         select
         logInfo.*,
         get_auths(logInfo.dataset_group_id,'dataset',#{userId}) as `dataset_privileges`,
@@ -53,27 +53,34 @@
         left join panel_app_template on panel_app_template_log.app_template_id = panel_app_template.id
         ) t
         where 1=1
-        <if test="extendCondition != null">
+        <if test="keyword != null">
             and
             (
-            t.app_name like concat('%', #{extendCondition} , '%')
+            t.app_name like concat('%', #{keyword} , '%')
             or
-            t.panel_name like concat('%', #{extendCondition} , '%')
+            t.panel_name like concat('%', #{keyword} , '%')
             or
-            t.dataset_group_name like concat('%', #{extendCondition} , '%')
+            t.dataset_group_name like concat('%', #{keyword} , '%')
             or
-            t.datasource_name like concat('%', #{extendCondition} , '%')
+            t.datasource_name like concat('%', #{keyword} , '%')
             )
         </if>
         ) logInfo
-        <if test="_parameter != null">
-            <include refid="io.dataease.ext.query.GridSql.gridCondition"/>
-        </if>
-        <if test="orderByClause != null">
-            order by ${orderByClause}
-        </if>
-        <if test="orderByClause == null">
-            order by apply_time desc
+        <if test="applyTime != null and applyTime.length > 1">
+            and (apply_time between #{applyTime.[0]} and #{applyTime.[1]}
         </if>
+
+        <choose>
+            <when test="orders!=null and orders.size > 0">
+                order by
+                <foreach collection="orders" item="item" open='' separator=',' close=''>
+                    ${item}
+                </foreach>
+            </when>
+            <otherwise>
+                order by apply_time desc
+            </otherwise>
+        </choose>
+
     </select>
 </mapper>
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java b/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
index 2ea36a98bf..9855abbad7 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
+++ b/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.java
@@ -1,16 +1,14 @@
 package io.dataease.ext;
 
 import io.dataease.controller.request.DatasourceUnionRequest;
-import io.dataease.dto.RelationDTO;
 import io.dataease.dto.DatasourceDTO;
-import io.dataease.ext.query.GridExample;
+import io.dataease.dto.RelationDTO;
 import org.apache.ibatis.annotations.Param;
 
 import java.util.List;
 
 public interface ExtDataSourceMapper {
 
-    // List<DatasourceDTO> query(GridExample example);
 
     List<DatasourceDTO> queryUnion(DatasourceUnionRequest request);
 
@@ -20,5 +18,5 @@ public interface ExtDataSourceMapper {
 
     DatasourceDTO queryDetails(@Param("datasourceId") String datasourceId, @Param("userId") String userId);
 
-    List<RelationDTO> queryDatasourceRelation(@Param("datasourceId") String datasourceId, @Param("userId")Long userId);
+    List<RelationDTO> queryDatasourceRelation(@Param("datasourceId") String datasourceId, @Param("userId") Long userId);
 }
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.xml b/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.xml
index abb27c3635..077b0a3da7 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.xml
+++ b/core/backend/src/main/java/io/dataease/ext/ExtDataSourceMapper.xml
@@ -18,52 +18,7 @@
         </collection>
     </resultMap>
 
-    <select id="query" parameterType="io.dataease.ext.query.GridExample" resultMap="BaseResultMapDTO">
-        select datasource.*,
-        authInfo.privileges as `privileges`
-        from (select GET_V_AUTH_MODEL_ID_P_USE (#{extendCondition}, 'link') cids) t,datasource
-        left join (
-        SELECT
-        auth_source,
-        group_concat( DISTINCT sys_auth_detail.privilege_extend ) as `privileges`
-        FROM
-        (
-        `sys_auth`
-        LEFT JOIN `sys_auth_detail` ON ((
-        `sys_auth`.`id` = `sys_auth_detail`.`auth_id`
-        )))
-        WHERE
-        sys_auth_detail.privilege_value = 1
-        AND sys_auth.auth_source_type = 'link'
-        AND (
-        (
-        sys_auth.auth_target_type = 'dept'
-        AND sys_auth.auth_target IN ( SELECT dept_id FROM sys_user WHERE user_id = #{extendCondition} )
-        )
-        OR (
-        sys_auth.auth_target_type = 'user'
-        AND sys_auth.auth_target = #{extendCondition}
-        )
-        OR (
-        sys_auth.auth_target_type = 'role'
-        AND sys_auth.auth_target IN ( SELECT role_id FROM sys_users_roles WHERE user_id = #{extendCondition} )
-        )
-        )
-        GROUP BY
-        `sys_auth`.`auth_source`
-        ) authInfo
-        on datasource.id = authInfo.auth_source
-        <if test="_parameter != null">
-            <include refid="io.dataease.ext.query.GridSql.gridCondition"/>
-        </if>
-        and FIND_IN_SET(datasource.id,cids)
-        <if test="orderByClause != null">
-            order by ${orderByClause}
-        </if>
-        <if test="orderByClause == null">
-            order by update_time desc
-        </if>
-    </select>
+
 
     <select id="queryUnion" resultMap="BaseResultMapDTO">
         select datasource.*,
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtDeptMapper.xml b/core/backend/src/main/java/io/dataease/ext/ExtDeptMapper.xml
index cfacf1c99b..a3f17b04dd 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtDeptMapper.xml
+++ b/core/backend/src/main/java/io/dataease/ext/ExtDeptMapper.xml
@@ -12,7 +12,7 @@
     </select>
 
 
-    <select id="nodesByExample" parameterType="io.dataease.ext.query.GridExample" resultMap="simpleNode">
+    <select id="nodesByExample" parameterType="io.dataease.plugins.xpack.dept.dto.request.XpackDeptGridRequest" resultMap="simpleNode">
         select dept_id as id, pid from sys_dept where 1=1
         <if test="pid != null">
             and pid = #{pid}
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.java b/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.java
index 165d7e6fb6..bc5d5c0926 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.java
+++ b/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.java
@@ -1,6 +1,5 @@
 package io.dataease.ext;
 
-import io.dataease.ext.query.GridExample;
 import io.dataease.dto.panel.PanelStoreDto;
 import org.apache.ibatis.annotations.Param;
 
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.xml b/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.xml
index 2bf4a6d9b7..c3071241e9 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.xml
+++ b/core/backend/src/main/java/io/dataease/ext/ExtPanelStoreMapper.xml
@@ -10,7 +10,7 @@
     </resultMap>
 
 
-    <select id="query" parameterType="io.dataease.ext.query.GridExample" resultMap="panelStoreMap">
+    <select id="query" parameterType="java.lang.Long" resultMap="panelStoreMap">
         select s.store_id, s.panel_group_id, g.name, g.status
         from panel_store s
                  inner join panel_group g on g.id = s.panel_group_id
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.java b/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.java
index ce7c6b1a6a..62985c14cf 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.java
+++ b/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.java
@@ -1,8 +1,7 @@
 package io.dataease.ext;
 
-import io.dataease.plugins.common.base.domain.SysMenu;
-import io.dataease.ext.query.GridExample;
 import io.dataease.controller.sys.request.SimpleTreeNode;
+import io.dataease.plugins.common.base.domain.SysMenu;
 
 import java.util.List;
 
@@ -10,7 +9,6 @@ public interface ExtSysMenuMapper {
 
     List<SimpleTreeNode> allNodes();
 
-    List<SimpleTreeNode> nodesByExample(GridExample example);
 
     List<SysMenu> querySysMenu();
 }
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.xml b/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.xml
index 1e82ad6b8c..327df54984 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.xml
+++ b/core/backend/src/main/java/io/dataease/ext/ExtSysMenuMapper.xml
@@ -14,11 +14,7 @@
     </select>
 
 
-    <select id="nodesByExample" parameterType="io.dataease.ext.query.GridExample" resultMap="simpleNode">
-        select menu_id as id, pid from sys_menu
-        <include refid="io.dataease.ext.query.GridSql.gridCondition" />
-        and hidden != 1
-    </select>
+
 
 
     <select id="querySysMenu" resultMap="ExtBaseResultMap">
diff --git a/core/backend/src/main/java/io/dataease/ext/ExtSysUserMapper.java b/core/backend/src/main/java/io/dataease/ext/ExtSysUserMapper.java
index 953fd867d8..2aca5a89cf 100644
--- a/core/backend/src/main/java/io/dataease/ext/ExtSysUserMapper.java
+++ b/core/backend/src/main/java/io/dataease/ext/ExtSysUserMapper.java
@@ -1,7 +1,6 @@
 package io.dataease.ext;
 
 import io.dataease.controller.sys.request.UserGridRequest;
-import io.dataease.ext.query.GridExample;
 import io.dataease.controller.sys.response.SysUserGridResponse;
 
 import java.util.List;
diff --git a/core/backend/src/main/java/io/dataease/ext/query/GridExample.java b/core/backend/src/main/java/io/dataease/ext/query/GridExample.java
deleted file mode 100644
index 4efb43d2c2..0000000000
--- a/core/backend/src/main/java/io/dataease/ext/query/GridExample.java
+++ /dev/null
@@ -1,303 +0,0 @@
-package io.dataease.ext.query;
-
-import io.dataease.controller.sys.base.ConditionEntity;
-import org.apache.commons.lang3.StringUtils;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class GridExample {
-    protected String orderByClause;
-
-    protected boolean distinct;
-
-    protected List<Criteria> oredCriteria;
-
-    protected String extendCondition;
-
-    public GridExample() {
-        oredCriteria = new ArrayList<Criteria>();
-    }
-
-    public String getExtendCondition() {
-        return extendCondition;
-    }
-
-    public void setExtendCondition(String extendCondition) {
-        this.extendCondition = extendCondition;
-    }
-
-    public void setOrderByClause(String orderByClause) {
-        this.orderByClause = orderByClause;
-    }
-
-    public String getOrderByClause() {
-        return orderByClause;
-    }
-
-    public void setDistinct(boolean distinct) {
-        this.distinct = distinct;
-    }
-
-    public boolean isDistinct() {
-        return distinct;
-    }
-
-    public List<Criteria> getOredCriteria() {
-        return oredCriteria;
-    }
-
-    public void or(Criteria criteria) {
-        oredCriteria.add(criteria);
-    }
-
-    public Criteria or() {
-        Criteria criteria = createCriteriaInternal();
-        oredCriteria.add(criteria);
-        return criteria;
-    }
-
-    public Criteria createCriteria() {
-        Criteria criteria = createCriteriaInternal();
-        if (oredCriteria.size() == 0) {
-            oredCriteria.add(criteria);
-        }
-        return criteria;
-    }
-
-    protected Criteria createCriteriaInternal() {
-        Criteria criteria = new Criteria();
-        return criteria;
-    }
-
-    public void clear() {
-        oredCriteria.clear();
-        orderByClause = null;
-        distinct = false;
-    }
-
-    protected abstract static class GeneratedCriteria {
-        protected List<Criterion> criteria;
-
-        protected GeneratedCriteria() {
-            super();
-            criteria = new ArrayList<Criterion>();
-        }
-
-        public boolean isValid() {
-            return criteria.size() > 0;
-        }
-
-        public List<Criterion> getAllCriteria() {
-            return criteria;
-        }
-
-        public List<Criterion> getCriteria() {
-            return criteria;
-        }
-
-        protected void addCriterion(String condition) {
-            if (condition == null) {
-                throw new RuntimeException("Value for condition cannot be null");
-            }
-            criteria.add(new Criterion(condition));
-        }
-
-        protected void addNotNullCriterion(String condition) {
-            criteria.add(new Criterion(condition, null));
-        }
-
-        protected void addCriterion(String condition, Object value, String property) {
-            if (value == null) {
-                throw new RuntimeException("Value for " + property + " cannot be null");
-            }
-            criteria.add(new Criterion(condition, value));
-        }
-
-        protected void addSqlCriterion(String condition, Object value, String property) {
-            if (value == null) {
-                throw new RuntimeException("Value for " + property + " cannot be null");
-            }
-            Criterion criterion = new Criterion(condition, value);
-            criterion.sqlValue = true;
-            criteria.add(criterion);
-        }
-
-        protected void addCriterion(String condition, Object value1, Object value2, String property) {
-            if (value1 == null || value2 == null) {
-                throw new RuntimeException("Between values for " + property + " cannot be null");
-            }
-            criteria.add(new Criterion(condition, value1, value2));
-        }
-
-
-
-        public Criteria addCondition(ConditionEntity conditionEntity){
-            String field = conditionEntity.getField();
-            Object value = conditionEntity.getValue();
-            String operator = conditionEntity.getOperator();
-            if (StringUtils.isEmpty(operator))
-                operator = "like";
-            switch (operator){
-                case "eq":
-                    addCriterion(field+" = ", value, field);
-                    break;
-                case "ne":
-                    addCriterion(field+" <> ", value, field);
-                    break;
-                case "like":
-                    addCriterion(field+" like ", "%"+value+"%", field);
-                    break;
-                case "not like":
-                    addCriterion(field+" not like ", "%"+value+"%", field);
-                    break;
-                case "in":
-                    List<Object> invalues = (List<Object>)value;
-                    addCriterion(field+" in", invalues, field);
-                    break;
-                case "not in":
-                    List<Object> notinvalues = (List<Object>)value;
-                    addCriterion(field+" not in", notinvalues, field);
-                    break;
-                case "between":
-                    List<Object> values = (List<Object>)value;
-                    Object v1 = values.get(0);
-                    Object v2 = values.get(1);
-                    addCriterion(field+" between", v1, v2, field);
-                    break;
-                case "gt":
-                    addCriterion(field+" > ", value, field);
-                    break;
-                case "ge":
-                    addCriterion(field+" >= ", value, field);
-                    break;
-                case "lt":
-                    addCriterion(field+" < ", value, field);
-                    break;
-                case "le":
-                    addCriterion(field+" <= ", value, field);
-                    break;
-                case "not null":
-                    addNotNullCriterion(field + " is not null ");
-                    break;
-                case "extra":
-                    addCriterion(field);
-                    break;
-                case "sql in":
-                    addCriterion(field+" in ", value, field);
-                    break;
-            }
-            return (Criteria) this;
-        }
-
-
-
-
-
-    }
-
-    public static class Criteria extends GeneratedCriteria {
-
-        protected Criteria() {
-            super();
-        }
-    }
-
-    public static class Criterion {
-        private String condition;
-
-        private Object value;
-
-        private Object secondValue;
-
-        private boolean noValue;
-
-        private boolean singleValue;
-
-        private boolean betweenValue;
-
-        private boolean listValue;
-
-        public boolean isSqlValue() {
-            return sqlValue;
-        }
-
-        public void setSqlValue(boolean sqlValue) {
-            this.sqlValue = sqlValue;
-        }
-
-        private boolean sqlValue;
-
-        private String typeHandler;
-
-        public String getCondition() {
-            return condition;
-        }
-
-        public Object getValue() {
-            return value;
-        }
-
-        public Object getSecondValue() {
-            return secondValue;
-        }
-
-        public boolean isNoValue() {
-            return noValue;
-        }
-
-        public boolean isSingleValue() {
-            return singleValue;
-        }
-
-        public boolean isBetweenValue() {
-            return betweenValue;
-        }
-
-        public boolean isListValue() {
-            return listValue;
-        }
-
-        public String getTypeHandler() {
-            return typeHandler;
-        }
-
-        protected Criterion(String condition) {
-            super();
-            this.condition = condition;
-            this.typeHandler = null;
-            this.noValue = true;
-        }
-
-        protected Criterion(String condition, Object value, String typeHandler) {
-            super();
-            this.condition = condition;
-            this.value = value;
-            this.typeHandler = typeHandler;
-            if(value == null){
-                this.noValue = true;
-            }else if (value instanceof List<?>) {
-                this.listValue = true;
-            } else {
-                this.singleValue = true;
-            }
-        }
-
-        protected Criterion(String condition, Object value) {
-            this(condition, value, null);
-        }
-
-        protected Criterion(String condition, Object value, Object secondValue, String typeHandler) {
-            super();
-            this.condition = condition;
-            this.value = value;
-            this.secondValue = secondValue;
-            this.typeHandler = typeHandler;
-            this.betweenValue = true;
-        }
-
-        protected Criterion(String condition, Object value, Object secondValue) {
-            this(condition, value, secondValue, null);
-        }
-    }
-}
diff --git a/core/backend/src/main/java/io/dataease/ext/query/GridSql.java b/core/backend/src/main/java/io/dataease/ext/query/GridSql.java
deleted file mode 100644
index 6ef7d5b1b1..0000000000
--- a/core/backend/src/main/java/io/dataease/ext/query/GridSql.java
+++ /dev/null
@@ -1,4 +0,0 @@
-package io.dataease.ext.query;
-
-public interface GridSql {
-}
diff --git a/core/backend/src/main/java/io/dataease/ext/query/GridSql.xml b/core/backend/src/main/java/io/dataease/ext/query/GridSql.xml
deleted file mode 100644
index 45be1df8e0..0000000000
--- a/core/backend/src/main/java/io/dataease/ext/query/GridSql.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="io.dataease.ext.query.GridSql">
-
-    <sql id="gridCondition">
-        <where>
-            <foreach collection="oredCriteria" item="criteria" separator="or">
-                <if test="criteria.valid">
-                    <trim prefix="(" prefixOverrides="and" suffix=")">
-                        <foreach collection="criteria.criteria" item="criterion">
-                            <choose>
-                                <when test="criterion.noValue">
-                                    and ${criterion.condition}
-                                </when>
-                                <when test="criterion.singleValue">
-                                    and ${criterion.condition} #{criterion.value}
-                                </when>
-                                <when test="criterion.betweenValue">
-                                    and ${criterion.condition} #{criterion.value} and #{criterion.secondValue}
-                                </when>
-                                <when test="criterion.listValue">
-                                    and ${criterion.condition}
-                                    <foreach close=")" collection="criterion.value" item="listItem" open="(" separator=",">
-                                        #{listItem}
-                                    </foreach>
-                                </when>
-                            </choose>
-                        </foreach>
-                    </trim>
-                </if>
-            </foreach>
-        </where>
-    </sql>
-
-
-    <sql id="taskListGridCondition">
-        <where>
-            dataset_table.id in (SELECT `sys_auth`.`auth_source` FROM `sys_auth` LEFT JOIN `sys_auth_detail` ON `sys_auth`.`id` = `sys_auth_detail`.`auth_id` LEFT JOIN `dataset_table` ON `dataset_table`.`id` = `sys_auth`.`auth_source` WHERE `sys_auth_detail`.`privilege_type` = '1' and `sys_auth_detail`.`privilege_value` = '1'and `sys_auth`.`auth_source_type` = 'dataset' AND ((`sys_auth`.`auth_target_type` = 'dept' AND `sys_auth`.`auth_target` in ( SELECT dept_id FROM `sys_user` WHERE `sys_user`.`user_id` = #{extendCondition} )) OR (sys_auth.auth_target_type = 'user'AND sys_auth.auth_target = #{extendCondition} ) OR (sys_auth.auth_target_type = 'role' AND `sys_auth`.`auth_target` in ( SELECT role_id FROM `sys_users_roles` WHERE `sys_users_roles`.`user_id` = #{extendCondition} )) OR (1 = ( SELECT is_admin FROM `sys_user` WHERE `sys_user`.`user_id` = #{extendCondition} )))) and
-            <foreach collection="oredCriteria" item="criteria" separator="or">
-                <if test="criteria.valid">
-                    <trim prefix="(" prefixOverrides="and" suffix=")">
-                        <foreach collection="criteria.criteria" item="criterion">
-                            <choose>
-                                <when test="criterion.noValue">
-                                    and ${criterion.condition}
-                                </when>
-                                <when test="criterion.singleValue">
-                                    and ${criterion.condition} #{criterion.value}
-                                </when>
-                                <when test="criterion.betweenValue">
-                                    and ${criterion.condition} #{criterion.value} and #{criterion.secondValue}
-                                </when>
-                                <when test="criterion.listValue">
-                                    and ${criterion.condition}
-                                    <foreach close=")" collection="criterion.value" item="listItem" open="(" separator=",">
-                                        #{listItem}
-                                    </foreach>
-                                </when>
-                            </choose>
-                        </foreach>
-                    </trim>
-                </if>
-            </foreach>
-        </where>
-    </sql>
-
-</mapper>
diff --git a/core/backend/src/main/java/io/dataease/service/dataset/DataSetTableTaskLogService.java b/core/backend/src/main/java/io/dataease/service/dataset/DataSetTableTaskLogService.java
index a0ef633c0a..969461a17f 100644
--- a/core/backend/src/main/java/io/dataease/service/dataset/DataSetTableTaskLogService.java
+++ b/core/backend/src/main/java/io/dataease/service/dataset/DataSetTableTaskLogService.java
@@ -1,21 +1,16 @@
 package io.dataease.service.dataset;
 
 import cn.hutool.core.date.DateUtil;
-import io.dataease.commons.constants.SysLogConstants;
+import io.dataease.commons.utils.AuthUtils;
 import io.dataease.commons.utils.ServletUtils;
 import io.dataease.controller.dataset.request.DataSetTaskInstanceGridRequest;
-import io.dataease.exception.DataEaseException;
-import io.dataease.ext.ExtDataSetTaskMapper;
-import io.dataease.ext.query.GridExample;
-import io.dataease.commons.utils.AuthUtils;
-import io.dataease.controller.sys.base.BaseGridRequest;
-import io.dataease.controller.sys.base.ConditionEntity;
 import io.dataease.dto.dataset.DataSetTaskDTO;
 import io.dataease.dto.dataset.DataSetTaskLogDTO;
+import io.dataease.exception.DataEaseException;
+import io.dataease.ext.ExtDataSetTaskMapper;
 import io.dataease.i18n.Translator;
 import io.dataease.plugins.common.base.domain.DatasetTableTaskLog;
 import io.dataease.plugins.common.base.domain.DatasetTableTaskLogExample;
-import io.dataease.plugins.common.base.domain.SysLogWithBLOBs;
 import io.dataease.plugins.common.base.mapper.DatasetTableTaskLogMapper;
 import io.dataease.plugins.common.base.mapper.DatasetTableTaskMapper;
 import org.apache.commons.collections4.CollectionUtils;
@@ -34,7 +29,6 @@ import javax.annotation.Resource;
 import javax.servlet.http.HttpServletResponse;
 import java.io.OutputStream;
 import java.net.URLEncoder;
-import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
 import java.util.UUID;
@@ -54,7 +48,7 @@ public class DataSetTableTaskLogService {
     private DatasetTableTaskMapper datasetTableTaskMapper;
 
     public DatasetTableTaskLog save(DatasetTableTaskLog datasetTableTaskLog, Boolean hasTask) {
-        if(hasTask && datasetTableTaskMapper.selectByPrimaryKey(datasetTableTaskLog.getTaskId()) == null){
+        if (hasTask && datasetTableTaskMapper.selectByPrimaryKey(datasetTableTaskLog.getTaskId()) == null) {
             return datasetTableTaskLog;
         }
         if (StringUtils.isEmpty(datasetTableTaskLog.getId())) {
@@ -82,7 +76,7 @@ public class DataSetTableTaskLogService {
                 row[1] = item.getDatasetName();
                 row[2] = DateUtil.formatDateTime(new Date(item.getStartTime()));
                 row[3] = item.getEndTime() != null ? DateUtil.formatDateTime(new Date(item.getEndTime())) : "";
-                row[4] = Translator.get("I18N_TASK_LOG_" + item.getStatus().toUpperCase()) ;
+                row[4] = Translator.get("I18N_TASK_LOG_" + item.getStatus().toUpperCase());
                 return row;
             }).collect(Collectors.toList());
             String[] headArr = {Translator.get("I18N_TASK_NAME"), Translator.get("I18N_DATASET"), Translator.get("I18N_START_TIME"), Translator.get("I18N_END_TIME"), Translator.get("I18N_STATUS")};
@@ -128,7 +122,7 @@ public class DataSetTableTaskLogService {
             //文件名称
             String fileName = "DataEase " + Translator.get("I18N_SYNC_LOG");
             String encodeFileName = URLEncoder.encode(fileName, "UTF-8");
-            response.setHeader("Content-disposition", "attachment;filename="+encodeFileName+".xls");
+            response.setHeader("Content-disposition", "attachment;filename=" + encodeFileName + ".xls");
             wb.write(outputStream);
             outputStream.flush();
             outputStream.close();
@@ -139,21 +133,21 @@ public class DataSetTableTaskLogService {
 
 
     public List<DataSetTaskLogDTO> listTaskLog(DataSetTaskInstanceGridRequest request, String type) {
-        if(!type.equalsIgnoreCase("excel")){
+        if (!type.equalsIgnoreCase("excel")) {
             request.setExcludedIdList(List.of("初始导入", "替换", "追加"));
         }
-        if(AuthUtils.getUser().getIsAdmin()){
+        if (AuthUtils.getUser().getIsAdmin()) {
             List<DataSetTaskLogDTO> dataSetTaskLogDTOS = extDataSetTaskMapper.listTaskLog(request);
             dataSetTaskLogDTOS.forEach(dataSetTaskLogDTO -> {
-                if(StringUtils.isEmpty(dataSetTaskLogDTO.getName())){
+                if (StringUtils.isEmpty(dataSetTaskLogDTO.getName())) {
                     dataSetTaskLogDTO.setName(dataSetTaskLogDTO.getTaskId());
                 }
             });
             return dataSetTaskLogDTOS;
-        }else {
+        } else {
             List<DataSetTaskLogDTO> dataSetTaskLogDTOS = extDataSetTaskMapper.listUserTaskLog(request);
             dataSetTaskLogDTOS.forEach(dataSetTaskLogDTO -> {
-                if(StringUtils.isEmpty(dataSetTaskLogDTO.getName())){
+                if (StringUtils.isEmpty(dataSetTaskLogDTO.getName())) {
                     dataSetTaskLogDTO.setName(dataSetTaskLogDTO.getTaskId());
                 }
             });
@@ -162,38 +156,38 @@ public class DataSetTableTaskLogService {
 
     }
 
-    public void deleteByTaskId(String taskId){
+    public void deleteByTaskId(String taskId) {
         DatasetTableTaskLogExample datasetTableTaskLogExample = new DatasetTableTaskLogExample();
         DatasetTableTaskLogExample.Criteria criteria = datasetTableTaskLogExample.createCriteria();
         criteria.andTaskIdEqualTo(taskId);
         datasetTableTaskLogMapper.deleteByExample(datasetTableTaskLogExample);
     }
 
-    public List<DatasetTableTaskLog> getByTableId(String datasetId){
+    public List<DatasetTableTaskLog> getByTableId(String datasetId) {
         DatasetTableTaskLogExample datasetTableTaskLogExample = new DatasetTableTaskLogExample();
         DatasetTableTaskLogExample.Criteria criteria = datasetTableTaskLogExample.createCriteria();
         criteria.andTableIdEqualTo(datasetId);
         return datasetTableTaskLogMapper.selectByExampleWithBLOBs(datasetTableTaskLogExample);
     }
 
-    public List<DatasetTableTaskLog> select(DatasetTableTaskLog datasetTableTaskLog){
+    public List<DatasetTableTaskLog> select(DatasetTableTaskLog datasetTableTaskLog) {
         DatasetTableTaskLogExample example = getDatasetTableTaskLogExample(datasetTableTaskLog);
         example.setOrderByClause("create_time desc");
         return datasetTableTaskLogMapper.selectByExampleWithBLOBs(example);
     }
 
-    public DataSetTaskDTO lastExecStatus(DataSetTaskDTO dataSetTaskDTO){
+    public DataSetTaskDTO lastExecStatus(DataSetTaskDTO dataSetTaskDTO) {
         DatasetTableTaskLogExample example = new DatasetTableTaskLogExample();
         DatasetTableTaskLogExample.Criteria criteria = example.createCriteria();
-        if(StringUtils.isNotEmpty(dataSetTaskDTO.getTableId())){
+        if (StringUtils.isNotEmpty(dataSetTaskDTO.getTableId())) {
             criteria.andTableIdEqualTo(dataSetTaskDTO.getTableId());
         }
-        if(StringUtils.isNotEmpty(dataSetTaskDTO.getId())){
+        if (StringUtils.isNotEmpty(dataSetTaskDTO.getId())) {
             criteria.andTaskIdEqualTo(dataSetTaskDTO.getId());
         }
         example.setOrderByClause("create_time desc");
-        List<DatasetTableTaskLog>  datasetTableTaskLogs = datasetTableTaskLogMapper.selectByExampleWithBLOBs(example);
-        if(CollectionUtils.isNotEmpty(datasetTableTaskLogs)){
+        List<DatasetTableTaskLog> datasetTableTaskLogs = datasetTableTaskLogMapper.selectByExampleWithBLOBs(example);
+        if (CollectionUtils.isNotEmpty(datasetTableTaskLogs)) {
             dataSetTaskDTO.setLastExecStatus(datasetTableTaskLogs.get(0).getStatus());
             dataSetTaskDTO.setLastExecTime(datasetTableTaskLogs.get(0).getCreateTime());
             dataSetTaskDTO.setMsg(datasetTableTaskLogs.get(0).getInfo());
@@ -204,13 +198,13 @@ public class DataSetTableTaskLogService {
     private DatasetTableTaskLogExample getDatasetTableTaskLogExample(DatasetTableTaskLog datasetTableTaskLog) {
         DatasetTableTaskLogExample example = new DatasetTableTaskLogExample();
         DatasetTableTaskLogExample.Criteria criteria = example.createCriteria();
-        if(StringUtils.isNotEmpty(datasetTableTaskLog.getStatus())){
+        if (StringUtils.isNotEmpty(datasetTableTaskLog.getStatus())) {
             criteria.andStatusEqualTo(datasetTableTaskLog.getStatus());
         }
-        if(StringUtils.isNotEmpty(datasetTableTaskLog.getTableId())){
+        if (StringUtils.isNotEmpty(datasetTableTaskLog.getTableId())) {
             criteria.andTableIdEqualTo(datasetTableTaskLog.getTableId());
         }
-        if(StringUtils.isNotEmpty(datasetTableTaskLog.getTaskId())){
+        if (StringUtils.isNotEmpty(datasetTableTaskLog.getTaskId())) {
             criteria.andTaskIdEqualTo(datasetTableTaskLog.getTaskId());
         }
         return example;
diff --git a/core/backend/src/main/java/io/dataease/service/panel/ShareService.java b/core/backend/src/main/java/io/dataease/service/panel/ShareService.java
index a9b1901a55..1d5e3f17d3 100644
--- a/core/backend/src/main/java/io/dataease/service/panel/ShareService.java
+++ b/core/backend/src/main/java/io/dataease/service/panel/ShareService.java
@@ -13,7 +13,6 @@ import io.dataease.controller.request.panel.PanelShareFineDto;
 import io.dataease.controller.request.panel.PanelShareRemoveRequest;
 import io.dataease.controller.request.panel.PanelShareRequest;
 import io.dataease.controller.request.panel.PanelShareSearchRequest;
-import io.dataease.controller.sys.base.BaseGridRequest;
 import io.dataease.dto.panel.PanelShareDto;
 import io.dataease.dto.panel.PanelShareOutDTO;
 import io.dataease.dto.panel.PanelSharePo;
diff --git a/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogQueryParam.java b/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogQueryParam.java
deleted file mode 100644
index 0abc975811..0000000000
--- a/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogQueryParam.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package io.dataease.service.panel.applog;
-
-import io.dataease.ext.query.GridExample;
-import lombok.Data;
-
-import java.util.List;
-
-@Data
-public class AppLogQueryParam extends GridExample {
-    private String userId;
-
-}
diff --git a/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogService.java b/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogService.java
index 7fd1ac2577..20808ad721 100644
--- a/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogService.java
+++ b/core/backend/src/main/java/io/dataease/service/panel/applog/AppLogService.java
@@ -1,12 +1,9 @@
 package io.dataease.service.panel.applog;
 
-import com.google.gson.Gson;
 import io.dataease.commons.utils.AuthUtils;
-import io.dataease.controller.sys.request.KeyGridRequest;
-import io.dataease.dto.SysLogDTO;
+import io.dataease.controller.request.panel.AppLogGridRequest;
 import io.dataease.dto.appTemplateMarket.AppLogGridDTO;
 import io.dataease.ext.ExtAppLogMapper;
-import io.dataease.ext.query.GridExample;
 import io.dataease.plugins.common.base.mapper.PanelAppTemplateLogMapper;
 import io.dataease.service.dataset.DataSetGroupService;
 import io.dataease.service.datasource.DatasourceService;
@@ -21,7 +18,6 @@ import java.util.List;
 @Service
 public class AppLogService {
 
-    private Gson gson = new Gson();
     @Resource
     private PanelAppTemplateLogMapper appLogMapper;
     @Resource
@@ -34,17 +30,9 @@ public class AppLogService {
     private DatasourceService datasourceService;
 
 
-    public List<AppLogGridDTO> query(KeyGridRequest request) {
-        GridExample gridExample = request.convertExample();
-        gridExample.setExtendCondition(request.getKeyWord());
-        AppLogQueryParam logQueryParam = gson.fromJson(gson.toJson(gridExample), AppLogQueryParam.class);
-        logQueryParam.setUserId(String.valueOf(AuthUtils.getUser().getUserId()));
-        List<AppLogGridDTO> voLogs = extAppLogMapper.query(logQueryParam);
-        return voLogs;
-    }
-
-    public void saveLog(SysLogDTO sysLogDTO) {
-
+    public List<AppLogGridDTO> query(AppLogGridRequest request) {
+        request.setUserId(AuthUtils.getUser().getUserId());
+        return extAppLogMapper.query(request);
     }
 
 
diff --git a/core/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/core/backend/src/main/java/io/dataease/service/sys/SysUserService.java
index c492c5b59d..4344846e09 100644
--- a/core/backend/src/main/java/io/dataease/service/sys/SysUserService.java
+++ b/core/backend/src/main/java/io/dataease/service/sys/SysUserService.java
@@ -12,7 +12,6 @@ import io.dataease.controller.sys.request.*;
 import io.dataease.controller.sys.response.SysUserGridResponse;
 import io.dataease.controller.sys.response.SysUserRole;
 import io.dataease.ext.ExtSysUserMapper;
-import io.dataease.ext.query.GridExample;
 import io.dataease.i18n.Translator;
 import io.dataease.plugins.common.base.domain.*;
 import io.dataease.plugins.common.base.mapper.SysUserAssistMapper;
diff --git a/core/backend/src/main/java/io/dataease/service/sys/log/LogQueryParam.java b/core/backend/src/main/java/io/dataease/service/sys/log/LogQueryParam.java
deleted file mode 100644
index 13c5e9736f..0000000000
--- a/core/backend/src/main/java/io/dataease/service/sys/log/LogQueryParam.java
+++ /dev/null
@@ -1,12 +0,0 @@
-package io.dataease.service.sys.log;
-
-import io.dataease.ext.query.GridExample;
-import lombok.Data;
-
-import java.util.List;
-
-@Data
-public class LogQueryParam extends GridExample {
-
-    private List<String> unionIds;
-}