TASK:导出数据时添加校验

2025-08-27 17:40:05 +08:00
parent 7005b75e11
commit 9e2ea2de62
1 changed files with 30 additions and 45 deletions
--- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
+++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java
@@ -51,6 +51,7 @@ import org.springframework.web.client.RestTemplate;
 import org.springframework.web.multipart.MultipartFile;

 import javax.annotation.Resource;
+import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
@@ -2489,6 +2490,9 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl

    private Boolean updateSubAccount(AddSubAccountDTO addSubAccountDTO, Account adminAcc, int subUserRole) {
        Account exAccountInfo = baseMapper.selectById(addSubAccountDTO.getId());
+        if (!exAccountInfo.getParentId().equals(adminAcc.getId())){
+            throw new BusinessException("Access denied. Insufficient permissions.");
+        }

        // 校验用户名是否同名
        if (!StringUtil.isNullOrEmpty(addSubAccountDTO.getUserName())
@@ -3348,8 +3352,6 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl

    @Override
    public void exportAccountsToExcel(HttpServletResponse response) {
-        Workbook workbook = null;
-        try {
        // 1. 查询数据
        Account adminAcc = baseMapper.selectById(UserContext.getUserHolder().getId());
        int subUserRole = getSubUserRole(adminAcc.getSystemUser());
@@ -3359,74 +3361,57 @@ public class AccountServiceImpl extends ServiceImpl<AccountMapper, Account> impl
                .eq("system_user", subUserRole)
                .select("user_name", "user_email", "user_password", "credits_usage_limit"));

+        String fileName = "subAccount_export.xlsx";
+
        // 2. 创建Excel工作簿
-            workbook = new XSSFWorkbook();
+        try (Workbook workbook = new XSSFWorkbook()) {
            Sheet sheet = workbook.createSheet("subAccounts");

-            // 3. 创建标题行
+            // 3. 标题行
            Row headerRow = sheet.createRow(0);
            String[] headers = {"name", "email", "password", "creditsUsageLimit"};

-            // 设置标题样式
            CellStyle headerStyle = workbook.createCellStyle();
            Font headerFont = workbook.createFont();
            headerFont.setBold(true);
            headerStyle.setFont(headerFont);

-            // 写入标题
            for (int i = 0; i < headers.length; i++) {
                Cell cell = headerRow.createCell(i);
                cell.setCellValue(headers[i]);
                cell.setCellStyle(headerStyle);
            }

-            // 4. 写入数据
+            // 4. 数据
            int rowNum = 1;
            for (Account account : accounts) {
                Row row = sheet.createRow(rowNum++);
                row.createCell(0).setCellValue(account.getUserName() != null ? account.getUserName() : "");
                row.createCell(1).setCellValue(account.getUserEmail() != null ? account.getUserEmail() : "");
                row.createCell(2).setCellValue(account.getUserPassword() != null ? account.getUserPassword() : "");
-
-                // 更安全的数据类型处理
-                if (account.getCreditsUsageLimit() != null) {
-                    row.createCell(3).setCellValue(String.valueOf(account.getCreditsUsageLimit()));
-                } else {
-                    row.createCell(3).setCellValue(""); // 空字符串
-                }
+                row.createCell(3).setCellValue(account.getCreditsUsageLimit() != null
+                        ? String.valueOf(account.getCreditsUsageLimit())
+                        : "");
            }

-            // 5. 自动调整列宽
            for (int i = 0; i < headers.length; i++) {
                sheet.autoSizeColumn(i);
            }

-            // 6. 重置响应（重要！）
+            // 5. 设置响应头
            response.reset();
            response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
-            response.setCharacterEncoding("UTF-8");
+            response.setHeader("Content-Disposition", "attachment;filename=" + fileName);
+//            response.setHeader("Access-Control-Allow-Origin", "http://localhost:3000");

-            // 设置文件名（处理特殊字符）
-            String fileName = "subAccount_export.xlsx";
-            String encodedFileName = URLEncoder.encode(fileName, "UTF-8").replace("+", "%20");
-            response.setHeader("Content-Disposition", "attachment; filename*=UTF-8''" + encodedFileName);
-
-            // 7. 写入响应流
-            OutputStream outputStream = response.getOutputStream();
+            // 6. 输出流写入
+            try (ServletOutputStream outputStream = response.getOutputStream()) {
                workbook.write(outputStream);
                outputStream.flush();
+            }
        } catch (IOException e) {
-            log.error(e.getMessage()); // 记录异常信息
+            log.error("导出Excel失败", e);
            throw new BusinessException("导出文件失败");
-        } finally {
-            // 确保资源关闭
-            if (workbook != null) {
-                try {
-                    workbook.close();
-                } catch (IOException e) {
-                    log.error(e.getMessage()); // 记录异常信息
-                }
-            }
        }
    }