TASK:导出数据时添加校验

src/main/java/com/ai/da/service/impl/AccountServiceImpl.java

@@ -51,6 +51,7 @@ import org.springframework.web.client.RestTemplate;
 import org.springframework.web.multipart.MultipartFile;
 
 import javax.annotation.Resource;
+import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -2489,6 +2490,9 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
 
     private Boolean updateSubAccount(AddSubAccountDTO addSubAccountDTO, Account adminAcc, int subUserRole) {
         Account exAccountInfo = baseMapper.selectById(addSubAccountDTO.getId());
+        if (!exAccountInfo.getParentId().equals(adminAcc.getId())){
+            throw new BusinessException("Access denied. Insufficient permissions.");
+        }
 
         // 校验用户名是否同名
         if (!StringUtil.isNullOrEmpty(addSubAccountDTO.getUserName())
@@ -3348,85 +3352,66 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
 
     @Override
     public void exportAccountsToExcel(HttpServletResponse response) {
-        Workbook workbook = null;
-        try {
-            // 1. 查询数据
-            Account adminAcc = baseMapper.selectById(UserContext.getUserHolder().getId());
-            int subUserRole = getSubUserRole(adminAcc.getSystemUser());
+        // 1. 查询数据
+        Account adminAcc = baseMapper.selectById(UserContext.getUserHolder().getId());
+        int subUserRole = getSubUserRole(adminAcc.getSystemUser());
 
-            List<Account> accounts = accountMapper.selectList(new QueryWrapper<Account>()
-                    .eq("organization_name", adminAcc.getOrganizationName())
-                    .eq("system_user", subUserRole )
-                    .select("user_name", "user_email", "user_password", "credits_usage_limit"));
+        List<Account> accounts = accountMapper.selectList(new QueryWrapper<Account>()
+                .eq("organization_name", adminAcc.getOrganizationName())
+                .eq("system_user", subUserRole)
+                .select("user_name", "user_email", "user_password", "credits_usage_limit"));
 
-            // 2. 创建Excel工作簿
-            workbook = new XSSFWorkbook();
+        String fileName = "subAccount_export.xlsx";
+
+        // 2. 创建Excel工作簿
+        try (Workbook workbook = new XSSFWorkbook()) {
             Sheet sheet = workbook.createSheet("subAccounts");
 
-            // 3. 创建标题行
+            // 3. 标题行
             Row headerRow = sheet.createRow(0);
             String[] headers = {"name", "email", "password", "creditsUsageLimit"};
 
-            // 设置标题样式
             CellStyle headerStyle = workbook.createCellStyle();
             Font headerFont = workbook.createFont();
             headerFont.setBold(true);
             headerStyle.setFont(headerFont);
 
-            // 写入标题
             for (int i = 0; i < headers.length; i++) {
                 Cell cell = headerRow.createCell(i);
                 cell.setCellValue(headers[i]);
                 cell.setCellStyle(headerStyle);
             }
 
-            // 4. 写入数据
+            // 4. 数据
             int rowNum = 1;
             for (Account account : accounts) {
                 Row row = sheet.createRow(rowNum++);
                 row.createCell(0).setCellValue(account.getUserName() != null ? account.getUserName() : "");
                 row.createCell(1).setCellValue(account.getUserEmail() != null ? account.getUserEmail() : "");
                 row.createCell(2).setCellValue(account.getUserPassword() != null ? account.getUserPassword() : "");
-
-                // 更安全的数据类型处理
-                if (account.getCreditsUsageLimit() != null) {
-                    row.createCell(3).setCellValue(String.valueOf(account.getCreditsUsageLimit()));
-                } else {
-                    row.createCell(3).setCellValue(""); // 空字符串
-                }
+                row.createCell(3).setCellValue(account.getCreditsUsageLimit() != null
+                        ? String.valueOf(account.getCreditsUsageLimit())
+                        : "");
             }
 
-            // 5. 自动调整列宽
             for (int i = 0; i < headers.length; i++) {
                 sheet.autoSizeColumn(i);
             }
 
-            // 6. 重置响应（重要！）
+            // 5. 设置响应头
             response.reset();
             response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
-            response.setCharacterEncoding("UTF-8");
+            response.setHeader("Content-Disposition", "attachment;filename=" + fileName);
+//            response.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");
 
-            // 设置文件名（处理特殊字符）
-            String fileName = "subAccount_export.xlsx";
-            String encodedFileName = URLEncoder.encode(fileName, "UTF-8").replace("+", "%20");
-            response.setHeader("Content-Disposition", "attachment; filename*=UTF-8''" + encodedFileName);
-
-            // 7. 写入响应流
-            OutputStream outputStream = response.getOutputStream();
-            workbook.write(outputStream);
-            outputStream.flush();
-        } catch (IOException e) {
-            log.error(e.getMessage()); // 记录异常信息
-            throw new BusinessException("导出文件失败");
-        } finally {
-            // 确保资源关闭
-            if (workbook != null) {
-                try {
-                    workbook.close();
-                } catch (IOException e) {
-                    log.error(e.getMessage()); // 记录异常信息
-                }
+            // 6. 输出流写入
+            try (ServletOutputStream outputStream = response.getOutputStream()) {
+                workbook.write(outputStream);
+                outputStream.flush();
             }
+        } catch (IOException e) {
+            log.error("导出Excel失败", e);
+            throw new BusinessException("导出文件失败");
         }
     }